Abstract: JavaCard is the most prevalent platform for cryptographic smartcards nowadays. Despite having more than 20 billion smartcards shipped with it and thirteen revisions since the JavaCard API specification was first published more than two decades ago, uptake of newly added features, cryptographic algorithms or their parameterizations, and systematic analysis of overall activity is missing. We fill this gap by mapping the activity of the JavaCard ecosystem from publicly available sources with a focus on 1) security certification documents available under Common Criteria and FIPS140 schemes and 2) activity and resources required by JavaCard applets released in an open-source domain (Paper supplementary materials, full results of analysis and open tools are available at https://crocs.fi.muni.cz/papers/cardis2023).
Authors: Lukas Zaoral, Antonin Dufka, and Petr Svenda
Published: Smart Card Research and Advanced Applications. CARDIS 2023. Lecture Notes in Computer Science, vol 14530. Springer, Cham.