Guido Abate, Chair of the Trusted Connectivity Alliance Board
Over recent years, exclusive market data from Trusted Connectivity Alliance (TCA) has highlighted how eSIM technology is being harnessed across the global digital economy to offer flexible connectivity, advanced security and enhanced experiences.
And as eSIM adoption continues to build, so too does industry demand for using the technology’s proven security capabilities to host the applets that enable various value-added mobile services. These include highly sensitive use-cases where security is paramount, including payments, identity management and IoT services.
The Critical Importance of Applet Security
Yet to maintain the highest level of security, applets must be developed correctly. This has become even more critical with the evolution to eSIM.
A single eSIM can host several profiles, each containing third-party applets that must securely share the resources of the eSIM and the mobile device. If one of these applets contains malicious software or can be used as a backdoor by hackers, other applets could be compromised and the security and privacy of the communication with that device could be at risk.
The good news for Java Card developers is that clear, industry-recognised guidance already exists to support the development of secure, high-quality applets that enable the delivery of powerful eSIM-based value-added services.
Stepping Stones for Java Card Applet Developers
In 2024, Trusted Connectivity Alliance (TCA) published Stepping Stones for Java Card Applet Developers. It marked the latest release in its acclaimed ‘Stepping Stones’ series, which provides recommendations and guidelines to support the development and deployment of SIM-based technologies.
The latest edition addresses the unique considerations presented by Java Card technology, offering harmonised best practices and security recommendations to maximise interoperability and ensure eSIM applet assets are sufficiently protected.
The guidance includes security measures applicable to all applets, such as ensuring Java Card applets pass byte code verification to confirm code integrity before execution, as well as using standard APIs. Additional recommendations for protecting sensitive applets are also provided.
Importantly, the recommendations are widely recognised as industry best-practice. For instance, in response to a recent vulnerability disclosure related to a malicious Java Card application where researchers described how Test Profiles could be misused to install malicious Java Card applications within eSIM profiles, GSMA released guidance stating: “Java Card Application developers should comply with “TCA Stepping Stones for Java Card Applet Developers” recommendations.”
A Checklist for Secure Applet Development
To provide developers with practical guidance and to promote compliance, Stepping Stones for Java Card Applet Developers consolidates all security recommendations into a comprehensive, accessible checklist. This enables developers – particularly those who are newer to the eSIM market – to more effectively address common challenges.
The checklist can also be used by quality and test engineers, as well as end customers, to verify proper implementations. This can help identify issues prior to deployment and promote increased trust across the ecosystem.
Maximising eSIM Security and Interoperability
As the eSIM ecosystem continues to expand to encompass new use-cases and participants, TCA is committed to engaging with stakeholders across the industry on initiatives to maximise eSIM security and interoperability.
For example, TCA recently participated in a joint session with the Java Card Forum to provide a technical deep-dive into how developers can utilise the recommendations and best-practices within ‘Stepping Stones for Java Card Applet Developers’ to advance the security of eSIM deployments. The session also explained how security can be bolstered by the TCALoader tool, which enables mobile operators and application developers to download, install and manage applications on the UICC / eUICC to test interoperability across different deployments.
Looking ahead – and as eSIM technology emerges as a key enabler of the global digital economy – TCA is exploring opportunities to bridge gaps across current standards and testing infrastructure to promote safe, reliable and consistent IoT deployments.
‘Stepping Stones for Java Card Applet Developers’ is available to download here. To learn more about how TCA is advancing eSIM security, watch TCA’s webinar with the Java Card Forum here.
Trusted Connectivity Alliance (TCA) has published new guidance to enable Java Card applet developers to maximise interoperability and security across eSIM deployments.
‘Stepping Stones for Java Card Applet Developers’ is the latest release in TCA’s acclaimed ‘Stepping Stones’ series, which provides recommendations and guidelines to support the development and deployment of SIM-based technologies.
TCA’s new guidance addresses emerging interoperability considerations presented by the growing adoption of eSIM technology. It provides an analysis of key recent Java Card technology updates, along with the impact of broader ecosystem developments from 3GPP, ETSI and GSMA. A series of best practices and security recommendations are also detailed to maximise interoperability and ensure applet assets are sufficiently protected. For developers seeking practical guidance, recommendations are collated into a comprehensive ‘interoperability checklist’ to help address common challenges and deliver high-quality applets.
Amedeo Veneroso, Chair of the TCA Interoperability Working Group, comments: “To ensure seamless integration and simplify eSIM deployments across the highly complex mobile ecosystem, it is imperative that applets are compatible and secure. By addressing the unique considerations presented by Java Card technology, TCA’s latest guidance will support developers – particularly those who are new to the eSIM market – in delivering robust and interoperable solutions that enable the delivery of powerful eSIM-based value-added services.”
Bertrand Moussel, Chair of the TCA Board, adds: “TCA’s various Stepping Stones documents have played an important role in guiding industry stakeholders as part of our decades-long commitment to identifying and promoting the need for strong interoperability. This latest guidance from TCA marks another important milestone in our mission to promote trust and simplicity across the secure connectivity ecosystem.”
Other key interoperability initiatives from TCA include the release of the new, free-to-use TCALoader tool, which enables mobile operators and application developers to download, install and manage applications on the UICC / eUICC to test interoperability across different deployments.
TCA has also reported growing industry momentum for its eSIM Interoperability Testing Service – delivered by COMPRION. The service enables mobile operators, mobile virtual network operators (MVNOs), IoT connectivity providers and eSIM profile developers to test how eSIM profiles interact with an extensive range of consumer eSIM devices such as smartphones, wearables, tablets and laptops. This helps to proactively identify and address individual interoperability issues prior to deployment.
‘Stepping Stones for Java Card Applet Developers’ is available to download here. For further information on the eSIM Interoperability Service and TCALoader, contact info@trustedconnectivityalliance.org and visit the TCA and COMPRION websites.
– ENDS –
For further TCA media information, please contact Yash Raveendra – Tel: +44(0)113 3501922 or email: yash@iseepr.co.uk
About Trusted Connectivity Alliance
Trusted Connectivity Alliance (TCA) is a global industry association working to enable trust in a connected future.
The organisation evolved from the SIMalliance, reflecting the continued expansion of the global SIM industry and the need for broader collaboration. Its members are leading providers of secure connectivity solutions for consumer, IoT and M2M devices. This spans Tamper Resistant Element (TRE) technologies including SIM, eSIM, integrated SIM, embedded Secure Element (eSE) and integrated Secure Element (iSE), as well as hardware and software provisioning and other personalisation services.
TCA members are: Card Centric, COMPRION, Eastcompeace, Giesecke+Devrient, IDEMIA, Kigen, Linxens, Monty Mobile, NXP Semiconductors, Oasis Smart SIM, STMicroelectronics, Thales, Valid, Workz Group, Wuhan Tianyu and XH Smart Card.
www.trustedconnectivityalliance.org | News | Blog | X | LinkedIn | YouTube
We are entering a new age of global connectivity, fuelled by a continually expanding IoT ecosystem transforming the way we live and work. Yet at the same time, threat levels are increasing, with Accenture reporting a 125% increase in cyberattacks in 2021. This means that the need for truly trusted mobile connectivity has never been higher.
This is where TCA enters, with its focus on a number of key initiatives that enable stakeholders across the connected industries to unlock the benefits of Tamper Resistant Elements (TREs), including SIM, eSIM and integrated SIM.
Key priorities include:
- Driving eSIM interoperability and expanding eSIM benefits to emerging IoT market segments.
- Enabling IoT device security by leveraging the benefits of TREs.
- Educating the industry with the practical deployment considerations for integrated SIM technologies.
- Optimising 5G SIM technology for private networks, 5G network slicing use cases, and 5G device security.
Driving these initiatives are TCA’s dedicated Working Groups, which are responsible for anticipating market needs and developing associated, enabling specifications that leverage our members’ unparalleled technical and industry expertise. Our working groups also engage and collaborate extensively with other associations and stakeholders to support new business models.
This technical update marks the first of our quarterly reports providing insight into the activities of each working group and demonstrating how they are shaping the future of trusted connectivity.
TCA’s new guidance addresses emerging interoperability considerations presented by the growing adoption of eSIM technology. It provides an analysis of key recent Java Card technology updates, along with the impact of broader ecosystem developments from 3GPP, ETSI and GSMA. A series of best practices and security recommendations are also detailed to maximise interoperability and ensure applet assets are sufficiently protected. For developers seeking practical guidance, recommendations are collated into a comprehensive ‘interoperability checklist’ to help address common challenges and deliver high-quality applets.
TCA’s new guidance addresses emerging interoperability considerations presented by the growing adoption of eSIM technology. It provides an analysis of key recent Java Card technology updates, along with the impact of broader ecosystem developments from 3GPP, ETSI and GSMA. A series of best practices and security recommendations are also detailed to maximise interoperability and ensure applet assets are sufficiently protected. For developers seeking practical guidance, recommendations are collated into a comprehensive ‘interoperability checklist’ to help address common challenges and deliver high-quality applets.
Version 1.0 April 2024
DownloadThis document makes it easier for mobile network operators (MNOs), service and solution providers to deploy Mobile Connect services which use an authentication application provisioned on the user’s SIM card.
This document makes it easier for mobile network operators (MNOs), service and solution providers to deploy Mobile Connect services which use an authentication application provisioned on the user’s SIM card.
This document provides interoperability-focused technical considerations, recommendations and specification extracts needed to simplify the development, deployment and support of NFC services across UICC and embedded SE (eSE).
This document provides interoperability-focused technical considerations, recommendations and specification extracts needed to simplify the development, deployment and support of NFC services across UICC and embedded SE (eSE).
A set of interoperability collaterals containing detailed specifications, standardisation considerations and pragmatic tips to simplify the development, implementation and support of NFC contactless services and applications.
A set of interoperability collaterals containing detailed specifications, standardisation considerations and pragmatic tips to simplify the development, implementation and support of NFC contactless services and applications.
This document is a practical guide to interoperability with tips and suggestions to help service developers design applications that will work with any USIM card.
This document is a practical guide to interoperability with tips and suggestions to help service developers design applications that will work with any USIM card.