en_US English
en_US English es_ES Español

Financial Application Areas

EAL4+

Security Certification

EMV

Global Compliance

PBOC 3.0

China Standard

OTA

Remote App Management

CORE APPLICATION SCENARIOS

Four Pillars of Financial
Smart Card Deployment

Java smart cards are the technology behind the cards in your wallet and the payments on your phone — here is where and how they are used.

Bank Payment Cards

Java smart cards support running multiple financial applications on a single card simultaneously — debit, credit, and electronic cash functions combined. EMV standard certification ensures transaction compatibility and security across the globe.

NFC Mobile Payment

SIM cards and embedded secure elements (eSE) built on the Java Card platform enable contactless mobile payment experiences such as Apple Pay and Huawei Pay. All sensitive information is encrypted by the secure chip during transactions, preventing data leakage.

Dynamic Identity Verification

For online banking transfers and large payments, Java cards can generate One-Time Passwords (OTP) or perform challenge-response authentication, significantly enhancing transaction security. Bank USB security keys (U-Shield) widely adopt this technical architecture.

Cross-Border Financial Interoperability

Because Java Card adheres to ISO 7816 and Visa Open Platform industry standards, financial institutions across different countries can develop interoperable products on a unified platform, driving the convergence of global financial services.

Technical Advantages

Why Java Card Leads
in Financial Security

Three foundational capabilities that make Java Card the preferred platform for financial institutions worldwide.

Security Model

EAL4+ Certified Protection

Integrates Elliptic Curve Cryptography (ECC) and atomic transaction mechanisms. Hardware-level defenses against side-channel attacks and data tampering ensure that sensitive keys and transaction data are never exposed.

Dynamic Management

Post-Issuance App Updates

New applications can still be remotely loaded or updated after card issuance, enabling banks to rapidly roll out new services — such as temporary credit limit adjustments, coupon distribution, or new loyalty programs — without recalling cards.

Cross-Platform Compatibility

"Write Once, Run Anywhere"

The Java Card “write once, run anywhere” characteristic dramatically reduces development and maintenance costs. Applications developed for one chip vendor’s platform can run on other certified hardware with minimal modification.

Architecture

Core Architecture Components

Four tightly integrated layers form the foundation of every DCCO Java Card financial product.

01

‌Java Card Runtime(JCVM)

The JCVM embedded in the smart card chip supports only a limited subset of the Java language. It is responsible for loading, executing, and isolating multiple financial applets, providing memory management, exception handling, and a security sandbox mechanism.

02

Financial Applet
Independent applications deployed on the card. Each applet has a unique AID (Application Identifier) and implements a specific function. Applets are isolated by firewall to ensure data cannot be accessed beyond its authorization.
  • Debit / credit card transaction processing
  • Electronic cash balance management
  • PIN verification and OTP generation
  • Dynamic key updates

03

Secure Element (SE)
The physical hardware layer integrates CPU, cryptographic co-processor, and tamper-resistant storage. Supports EAL4+ security certification, executes ECC operations, random number generation, and secure key storage — the physical root of transaction security.
  • CPU + crypto co-processor integrated
  • Tamper-evident physical protection
  • ECC · AES · 3DES acceleration

04

APDU Communication Layer
Defines the data exchange format between terminals and cards. Every financial command is encapsulated as a structured APDU frame carrying instruction codes, parameters, transaction data, and status responses.
  • CLA – Command class · INS – Instruction code
  • P1/P2 – Parameters · LC/LE – Data lengths
  • DATA – Transaction data (amount, time, MAC)
  • SW1/SW2 – Status codes (9000 = Success)
stepDirectionAPDU Command ExamplesFunctional Description
1Terminal → Card00 A4 04 00 0E 32 50 41 59 2E 53 59 53 2E 44 44 46 30 31Select the PPSE (Payment System Environment) to locate the financial application directory.
2Terminal → Card00 A4 04 00 07 A0 00 00 03 33 01 01Select a specific AID (e.g., China UnionPay Debit Card).
3Terminal → Card80 50 01 02 0B 01 00 00 10 00 00 11 22 33 44 55Send a transaction initialization request, prompting the card to generate a random number.
4Card → TerminalReturns Random Number + Card Public KeyThe card verifies the legitimacy of the terminal and establishes an encrypted channel.
5Terminal → Card80 54 01 00 0F 00 00 00 01 20 11 12 21 21 48 22 3A 84 5B F0Transmit transaction data (amount, timestamp, and MAC).
6Card → TerminalReturns Transaction Signature + Balance UpdateThe Applet executes an offline debit, updates the internal wallet, and generates a TC (Transaction Certificate).
7Terminal → Bank BackendUpload Transaction Log (including TC and MAC)Perform online clearing, verify the signature, and complete the accounting processing.

Standards & Compliance

Technical Standards
Supporting Framework

Every DCCO financial card is designed and certified to the full stack of international and regional standards.

Standard Issuing Body Role & Scope
ISO/IEC 7816-4
🌐 ISO / IEC
International Standards Organization
Geneva, Switzerland · 1987–present
Defines the APDU command structure, file system layout, and secure communication protocols between smart cards and terminals — the foundational layer underpinning all smart card communication worldwide.
APDU Format File System Secure Messaging T=0 / T=1 Protocol
EMV® 3DS
💳 EMVCo
EMVCo
Visa · Mastercard · Amex · JCB · UnionPay · Discover
Specifies the full authentication process for contact and contactless payments, covering Dynamic Data Authentication (DDA), Application Key Generation (AKG), and cardholder verification methods (CVM).
DDA / CDA Contactless NFC CVM (PIN/Sig) Risk Management
PBOC 3.0
🏦 PBoC
People's Bank of China
Superseded PBOC 2.0 · 2015–present
China's national financial IC card standard — governs debit/credit transaction processing, dual-interface (contact + contactless) integration, security mechanisms, and applet management for UnionPay-branded cards.
UnionPay IC Offline Deduction Electronic Cash Dual Interface
Java Card 3.0.5
☕ Oracle
Oracle Corporation
Formerly Sun Microsystems · 1996–present
Defines the applet lifecycle, Shareable Interface mechanism, transaction atomicity model, and core cryptographic APIs for the Java Card Virtual Machine — enabling vendor-neutral multi-application deployments.
Applet Lifecycle JCVM API Atomic Transactions GP-compatible

Advanced Capabilities

Dynamic Management &
Security Enhancement

Four tightly integrated layers form the foundation of every DCCO Java Card financial product.

Remote Application Loading

New applets are injected into the card via secure channels (such as SCTP), allowing banks to dynamically issue coupons, apply temporary credit limit adjustments, and deploy new services — without recalling a single card.

Transaction Atomicity
The JCSystem supports transaction rollback, ensuring that “debit + balance update” is an indivisible atomic operation. A power interruption mid-transaction will never leave the card in an inconsistent state.
Side-Channel Attack Protection
Hardware-integrated random delays and noise injection resist power analysis (SPA/DPA) and electromagnetic analysis (EMA) attacks, ensuring that physical observation of the card cannot reveal secret key material.

Related Products

Recommended Products

Products in the DCCO portfolio best matched to financial application deployments.

NXP JCOP 4 P71 J3R180 180K

Recommended Products (2)

NXP JCOP 4 P71 J3R150

HDSC9872B-01

Recommended Products (4)

TMC THD89 Java Card