By Markus Moesenbacher, Infineon Technologies.
The ID market growth is mainly driven by electronic identification, electronic health cards and electronic driving licenses with strong variations to reflect local flavors. In addition, the request for multi-application is increasing for electronic ID cards. To meet these demands a flexible product is required which allows the customization of the application according to local requirements.
Java Card technology is based on JAVA which was invented by SUN (now Oracle Corporation). Java Card only uses a sub set of JAVA and is enriched with security functions and with communication protocols, which are relevant for the Smart Card industry.
It has been invented and patented by engineers of Schlumberger (later GemPlus, Gemalto and now Thales) in 2003. To be allowed to use JAVA technology SUN claimed a Java Card license for the usage of Java Card technology which is still the case today with Oracle. Java Card is used for SIM cards, credit cards and Government ID cards and now more and more relevant for Internet of Things (IoT)
The latest version which is relevant for Smart Cards is Java Card version 3.0.5 Classic.
Java Card version 3.1 includes additional features, which are relevant for IoT.
The evolution of Java Card technology is driven by the Java Card Forum1, which is a collaboration of key contributors from the smart card industry. The Java Card Forum provides recommendations for the Java Card specification to Oracle, which publishes the specification on the Oracle homepage2.
Oracle provides the specification for implementating JavaCard as well as the protection profile, which allows a security certification according to Common Criteria.
Claims to the Java Card specification are security, certifiability, compactness and standardization. All this is enabled by the Java Card technology.
Compactness means that a highly complex security application needs to fit in a security controller with low memory and comparable low performance (about 12kByte RAM and about 500kByte NVM and a CPU with about 50MHz). Compared to a state-of-the-art personal computer, which has a CPU frequency which is about 60 times higher with the overall performance even higher, this is a challenge. Security controllers though, are experts for cryptographic calculations, as they are equipped with coprocessors for symmetric and asymmetric calculations.
The certifiability is granted by the protection profile, which is part of the Java Card specification framework.
Java Card Forum
Key technology companies come together to specify and develop the security platform for a variety of advanced digital services – from traditional to IoT use cases in the Java Card Forum. Any Java Card licensee can be a member of the Java Card Forum. In terms of SIM card applications that are based on Java Card, figures show approx. 65% market share in 2019 (3.6bn of 5.5bn total market),3 while 43% of the whole security chip controller IC market (mostly Government applications and credit cards and an increasing volume of IoT devices) are based on Java Card technology with an increasing volume.4
Infineon SECORA™ brand – how it started
In 2017 Infineon launched the product SECORA™ Pay, which is designed for EMVCo compliant credit cards to support different payment brands. Based on SECORA™ Pay, in addition SECORA™ W has been introduced, which is used for wearable use cases (e.g. wrist-bands, watches and other form factors).5
SECORA™ ID is the Infineon solution allowing easy eID introduction
SECORA™ ID is a new flavor of the SECORA™ brand. Infineon developed SECORA™ ID on the code base of SECORA™ Pay, extended by the additional features, which are required for Identification solutions. SECORA™ ID is an enablement platform that allows security printers and card manufacturers to continue their path towards digitalization. The solution supports contact based, dual interface, as well as contactless applications to allow a smooth migration from contact-based to contactless reader infrastructures.
Infineon Technologies has developed all the components of SECORA™ ID: The chip hardware, the packages, the OS platform, as well as the Applets. Consequently, the OS is implemented in a way to reach maximum performance. In addition, Infineon can offer best in class support for each card component.
SECORA™ ID is designed based on the latest Java Card standard for chip cards, JC Standard version 3.0.5 Classic and compliant to GP (Global Platform) version 2.3.1.
The Solution components
- Chip Hardware: SECORA™ is based on the SLC52G platform which is a sophisticated real 16 bit Intel platform with the Infineon double CPU security technology (Integrity Guard) SOLID FLASHTM and VHBR (Very High Bit Rate) up to 6.8 Mbit/ sec. SLC52 is CC EAL 6+ high certified according to Common Criteria. The security controller has been developed by Infineon Technologies in Munich and in the contactless competence center in Graz.
- Package (Module): Infineon Technologies provides a comprehensive packaging offering. The most innovative package technology is Coil on Module based on flip chip technology, which allows easy integration of contactless and dual interface inlays in cards, as well as in electronic passports. Coil on Module is based on inductive coupling. Inductive coupling between card antenna and module antenna does not require a mechanical contact connection between antenna and module, which increases durability and robustness of smart cards.6
- OS Platform: SECORA™ ID
- Applets: Applets from Infineon and several vendors.
SECORA™ ID Offering
SECORA™ ID is a lean operating system with planned security certification CC EAL 6+ with two configurations:
- With SECORA™ ID, Infineon offers comprehensive Applet choices for the major eID applications from different well- known and acknowledged vendors: The Infineon in house developed “Infineon Applet Collection”, the “ePasslet Suite by cryptovision GmbH” as well as the “Applet Collection by Masktech GmbH”. The Applets will be CC EAL 5+ certified according to the relevant protection profiles.
- For maximum customization, Infineon provides Java Card development tools based on Eclipse to enable the customer to implement their own Applets according to proprietary or local requirements. The development tools contain a simulator, as well as personalization scripts for standardized applications like eMRTD according to ICAO 9303.
SECORA™ ID portfolio comprises the S and X variants.
- SECORA™ ID S is designed for use cases like e.g. electronic ID cards, electronic passports, digital signature, electronic driving license, health card.
- SECORA™ ID X, the high-performance version for ID applications is optimized for use cases with multi-application, as well as for the support of LDS 2.0.7
Use Case Examples
eID (electronic Identification) with ICAO 9303 eMRTD:
A basic eID which is used to store personal data consisting of personal information, facial image and optional fingerprints can be used for local identification and border crossing between dedicated countries, which have a common travel agreement.
This use case can be enabled with SECORA™ ID in combination with the ready to go Infineon Applet Collection.
eID with ICAO 9303 eMRTD and digital signature:
An eID based on an ICAO 9303 eMRTD Applet, which is used to store identification data. In addition, digital signature is used for authentication, which could be applied, for example to authenticate at a governmental web service.
This use case could be supported with SECORA™ ID S in combination with the ready to go Applet Collection by Masktech GmbH.
eDL (electronic driving license) based on ISO 18013:
The electronic driving license contains personal information and the license for the different vehicles the user is allowed to use.
This use case can be supported by SECORA™ ID S in combination with the Infineon Applet Collection.
High end multi-application electronic ID card with post issuance:
Requirements for this use case are as follows:
- eID card for identification and authentication, which can be extended during its life time with an e-health card application once the specification is in place.
- The ePasslet Suite by cryptovision GmbH could support this use case as this solution is optimized for multi-application. The Java Card platform allows post issuance, which is necessary to extend the functionality of the card in the field after issuance of the card.
SECORA™ ID is a flexible solution for eID applications, which allows maximized customization for local needs. All components of the solution, like chip hardware, packages and software, comes from one vendor, which simplifies the process and enables a rapid eID project realization.
SECORA™ ID will be launched by Infineon Technologies at the Trustech event in Cannes in November 2019 (https://www. trustech-event.com).