Java Card System - Closed Configuration

Others / Smart Card

Certification Body

Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI)


SUN Microsystems

Point of Contact

[email protected]

Certification ID


PP Version


CC Version

3.1 Revision 3

CC Conformance Claim

CC part 2 extended
CC part 3 conformant
EAL 4 augmented by ALC_DVS.2 and AVA_VAN.5
Conformance claims to this protection profile requires demonstrable conformance

Certification status

Certified 16 December 2010




The Java Card System - Closed Configuration Protection Profile defines the security requirements for Java Card platforms as specified in versions 2.2.x and 3.0.x Classic Edition of Java Card Platform specifications. This Protection Profile applies to evaluations of closed Java Card Platforms (JCP), that is, smart cards or similar devices enabled with Java Card technology that does not support post issuance downloading of applets.

The Java Card technology combines a subset of the Java programming language with a runtime environment optimized for smart cards and similar small-memory embedded devices.

The main security goal of the Java Card platform is to counter the unauthorized disclosure or modification of the code and data (keys, PINs, biometric templates, etc) of applications and platform.

In order to achieve this goal, the Java Card System provides strong security features such as the firewall mechanism, dedicated API for security services, etc.

Relation to other PPs

The Protection Profile is an update of the Protection Profile certified under PP/0303 in order to comply to Common Criteria Version 3.1.