sb-eu logo
Story image

Oracle Java Card update boosts security for IoT devices

17 Jan 2019

Oracle has announced general availability of its Java Card 3.1, the open application platform for IoT device security. The technology has gone through extensive updates that provide existing and emerging IoT technologies more flexible ways to meet hardware and security requirements.

Those updates include new features that address use cases across markets for industries ranging from telecommunications and payments, to cars and wearables.

Java Card technology provides a secured environment for applications that run on smart cards and other trusted devices with limited memory and processing capabilities,” Oracle explains. 

"The 3.1 release enables the rollout of security and SIM applications on the same chip, allowing those services to be used on a large spectrum of networks from NB-IoT to 5G, and on a wide range of devices,” adds Oracle’s senior director for Java Card, Florian Tournier.

Almost six billion Java Card-based devices are deployed each year. These devices rely on Java Card to run security services on smart cards and secure elements, which are chips used to protect smartphones, banking cards and government services.

The company says there are a number of emerging use cases for Java Card. These include smart meters and industrial IoT for smart city and corporate services; as well as cloud connected devices that can enable access to 5G and offer strong authentication for IoT cloud.

Oracle also claims that automotive manufacturers could use the technology as part of security protections that defend vehicle systems and sensitive data from physical and network attacks.

"Connected devices' volumes are expected to increase in the upcoming years, posing an increasingly complex challenge as growth adds system complexity to the infrastructure handling device data," says Java Card Forum president and chair Volker Gerstenberger.

"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."

New features and capabilities include:

•    Deployment of edge security services at IoT speed – Java Card 3.1 allows the development of security services that are portable across a wide range of IoT security hardware, helping reduce the risk and complexity of evolving IoT hardware and standards. A new extensible I/O model enables applications to exchange sensitive data directly with connected peripherals, over a variety of physical layers and application protocols.

•    Dedicated IoT features – Java Card 3.1 introduces new APIs and updated cryptography functions to help address the security needs of IoT and facilitate the design of security applications such as device attestation. Uniquely, Java Card in IoT devices enables deployment of security and connectivity services on the same chip. Multiple applications can be deployed on a single card and new ones can be added to it even after it has been deployed.

•    Developer enhancements – Java Card includes a set of unique tools for developing new services and applications. An extended file format simplifies application deployment, code upgrade and maintenance. API enhancements boost developer productivity and the memory efficiency of applications in secure devices.

Story image
SMBs seeking service providers in face of rising cyber threats
SMBs are struggling with their cybersecurity solutions, with three quarters worried about being the target of a cyberattack in the next six months, and 91% considering using or switching to a new IT service provider if offered a better option.More
Story image
Jamf extends Microsoft collaboration with iOS Device Compliance
Organisations will soon be able to use Jamf for Apple ecosystem management while using Azure Active Directory and Microsoft Endpoint manager to maintain conditional access.More
Story image
Report: 151% increase in DDoS attacks compared to 2019
It comes as the security risk profile for organisations around the world increased in large part thanks to the COVID-19 pandemic, forcing greater reliance on cloud technology and thrusting digital laggards into quick and unsecured migrations.More
Story image
Gartner predicts 75% of CEOs to be liable for cyber-physical security incidents by 2024
The nature of CPSs means incidents can quickly lead to physical harm to people, destruction of property or environmental disasters – and Gartner’s new research indicates that these incidents will increase drastically in the next few years if the lack of spending on these assets continues.More
Story image
Exabeam and Code42 partner up to launch insider threat solution
The solution will give customers a fuller picture of their environment, and will leverage automated incident response to obstruct insider threat before data loss occurs.More
Story image
Kaspersky finds red tape biggest barrier against cybersecurity initiatives
The most common obstacles that inhibit or delay the implementation of industrial cybersecurity projects include the inability to stop production (34%), and bureaucratic steps, such as a lengthy approval process (31%) and having too many decision-makers (23%). More