To help creators of products based on Java Card technology meet the demand by banks, governments, and other card issuers for security evaluations that comply with a rigorous, widely accepted standard, the Java Card Protection Profile provides a modular set of security requirements designed specifically for the characteristics of the Java Card platform. It reduces the time and cost for developers of Java Card-based products to complete security evaluations under the Common Criteria for IT Security Evaluation. This work is part of Oracle's global initiative on Common Criteria.

A profile defines a set of security requirements for the Java Card Runtime Environment, the Java Card Virtual Machine, the Java Card API Framework, and the on-card Installer components. It provides guidelines to develop a secure Java Card platform and obtain high-level security certifications.

The design strategy behind protection profiles represents a breakthrough in the world of security evaluations, as it specifically accommodates the flexible, modular, and open characteristics of Java Card technology. In particular, it is intended to complement existing protection profiles available for Java Card technology-based smart cards.
The Java Card Protection Profile, Version 3.0, is aligned with the Java Card specifications versions 2.2.x and 3.0.1. This version of the Protection Profile has been certified by ANSSI (the French certification body) to a certification level of CC EAL4+ and can be used to reach certification levels of EAL4+ and above for Java Card products. This version of the Protection Profile relies on CC version 3.1, revisions 3 and 4.

The Open Configuration in version 3.0 replaces the Standard Configuration from version 1.1. The Closed Configuration in version 3.0 replaces the Minimal Configuration from version 1.1.
download Download version 3.0 Open Configuration
download Download version 3.0 Closed Configuration