Java Card System - Open Configuration

Others / Smart Card

Certification Body

Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI)


Oracle Inc

Point of Contact

[email protected]

Certification ID

ANSSI-CC-PP-2010/03-M01 which updates


PP Version

version 3.0

CC Version

3.1 Revision 3

CC Conformance Claim

CC part 2 extended
CC part 3 conformant
EAL 4 augmented by ALC_DVS.2 and AVA_VAN.5
Conformance claims to this protection profile requires demonstrable conformance

Certification status

Maintained 29 May 2012
Certified 25 June 2010




The Java Card System - Open Configuration Protection Profile defines the security requirements for Java Card platforms as specified in versions 2.2.x and 3.0.x Classic Edition of Java Card Platform specifications. This Protection Profile applies to evaluations of open Java Card Platforms (JCP), that is, smart cards or similar devices enabled with Java Card technology that support post-issuance downloading of applets. This PP mandates applets to be verified before being installed on the card.

The Java Card technology combines a subset of the Java programming language with a runtime environment optimized for smart cards and similar small-memory embedded devices.

The main security goal of the Java Card platform is to counter the unauthorized disclosure or modification of the code and data (keys, PINs, biometric templates, etc) of applications and platform.

In order to achieve this goal, the Java Card System provides strong security features such as the firewall mechanism, dedicated API for security services, etc.

Relation to other PPs

The Protection Profile is an update of the following Protection Profile:

  • v2.6 (ANSSI-CC-PP-2010/03)

The Protection Profile is an update of the Protection Profile certified under PP/0303 in order to comply to Common Criteria Version 3.1.