JavaCard 3 in real world?

Question

I\'m currently working on my diploma work. Part of the work includes development of JavaCard applet for regular SIM cards. First option is to u

Answer 1

It's 2018 when I am writing this and I think this question needs a new answer.

Java Card 3 Connected Edition is dead in the water. It requires a large amount of RAM, which is still expensive even in the latest editions of the chips. SRAM takes large amounts of memory, and high end chips often still contain 8-10KiB of RAM max.

Furthermore, it was generated with the idea that web-developers would easily connect with it. This doesn't seem to have happened and it is questionable if a security device should be programmed by web-devs at all.

The additional overhead of the TLS protocol adds a heavy overhead without apparent benefit. The TLS protocol also requires a weird connection with the browser / end user. The idea that you can enter a PIN or password on a chip generated web page certainly has failed.

The idea of adding hardware support for browsers in general has failed. Before there were Java applets running in the browser, and the browser largely depended on add-ons. This has all gone away and it is very unlikely to return.

So even if RAM (or FRAM, MRAM, XCross or whatever hybrid memory solution will exist) ever comes cheap on a secure smart card processor, it is unlikely that JC 3 Connected will again see the light of day. Meanwhile Java Card Classic is still going strong although it is far from sexy at the moment - the OTN forum on Java Card is as good as dead (although OTN and sexy themselves are so far apart that they might as well exist on different poles, I certainly prefer SO).