6 Replies Latest reply: May 8, 2012 7:14 PM by safarmer RSS

    Is JC 3.0 Connected Edition a myth?

      The Java Card 3.0 Connected Edition specs bring a really interesting features, but does anyone know if such a card really exist in the market? If yes, what are the manufacturers?

      Last but not least, what is the average price for a high purchase volume (>200.000)?

        • 1. Re: Is JC 3.0 Connected Edition a myth?
          I have only recently seen samples of JC 3.0 classic edition. I have not even heard of JC 3 connected cards.

          I would not expect to see these any time soon either. I have heard some JC OS engineers talk about it being vapourware. It could also be to do with the rise of popularity of NFC enabled smart phones. Since the phone is generally always connected, so is the secure element embedded in the phone (or SIM). This is just speculation though.

          • 2. Re: Is JC 3.0 Connected Edition a myth?
            Uh Shane is back and answered all the interesting questions before me. :)

            JC 3.0 Connected Edition is available from Gemalto for telco UICC, but to my knowledge not really sold in mass volume. Sun/Oracle also runs SunSpot sensors with Java Card Connected :). So I tend to agree it's a cool technology not needed in the market (yet?).
            • 3. Re: Is JC 3.0 Connected Edition a myth?
              @lexdabear I might have gotten the first answer but you had more factual information :)

              Would it be fair to say that Connected Edition is like dotnet cards? An interesting idea, but not really going anywhere and only sold by Gemalto?

              I think the real use case is for embedded connected hardware (like sensors etc) and not for general smart card hardware (or even secure elements embedded in phones). It could provide the security protections we get from a smart card and also give more flexibility in monitoring without writing embedded C code.

              • 4. Re: Is JC 3.0 Connected Edition a myth?
                I think also Oberthur and G&D have Connected implementations, but it's not visible commercially. Seems to me like dotnet, yes.
                • 5. Re: Is JC 3.0 Connected Edition a myth?
                  I've been trying to encourage a few big iron HSM vendors to implement the connected version. I really want to be able to wrap policy around cryptography and for now I'm stuck with smart cards. The vendors I've talked to are at least considering it.
                  • 6. Re: Is JC 3.0 Connected Edition a myth?
                    I thought it was already possible to do this with firmware modules on HSM's? I know it is on some. I have even heard of a complete rewrite of HSM software to run financial software on the secure hardware. Given that some network connected HSM's are a secure Linux server wit tamper resistent features you should be able to do something to enhance the policy enforcement.