This page contains links and instructions to download the latest Java Card Protection Profile.
To help creators of products based on Java Card technology meet the demand by banks, governments, and other card issues for security evaluations that comply with rigorous, widely accepted standards, the Java Card Protection Profile provides a modular set of security requirements designed specifically for the characteristics of the Java Card platform. It reduces the time and cost for developers of Java Card-based products to complete security evaluations under the Common Criteria for IT Security Evaluation. This work is part of Oracle's Global Initiative on Common Criteria (CC).
A profile defines a set of security requirements for the Java Card Runtime Environment, the Java Card Virtual Machine, the Java Card API Framework, and the on-card Installer components. It provides guidelines to develop a secure Java Card platform and obtain high-level security certifications.
The design strategy behind protection profiles represents a breakthrough in the world of security evaluations, as it specifically accommodates the flexible, modular, and open characteristics of Java Card technology. In Particular, it is intended to complement existing protection profiles available for Java Card technology-based smart cards.
Java Card Protection Profile version 3.1
The Java Card Protection Profile 3.1 is aligned with the Java Card Specifications version 2.2.x, 3.0.x and 3.1.
It has been certified by BSI (Bundesamt für Sicherheit in der Informationstechnik) to a certification level of CC EAL4 augmented by ALC_DVS.2 and AVA_VAN.5, and can be used to reach certification levels of EAL4+ and above for Java Card products. It relies on CC version 3.1 revision 5.
Past Protection Profile Releases
Java Card Protection Profile version 3.0.5
Java Card Protection Profile version 3.0
Java Card Protection Profile version 1.1