Sensitive applications
Java Cards typically host multiple applets. These are provided in binary CAP files, containing library code or applets. The CAP files may or may not be security sensitive. Typically owners of sensitive applications (e.g. payment applets), would like assurance that other applications, referred to as basic applets, are not harmful.
While a full evaluation of all applets on a card would be technically possible, there are practical hurdles. This is because the java card vendor, who seeks certification of the product for payment purposes, may not have access to all code an issuer may wish to load. A reason for this could be because the issuer gets code through alternative channels (application providers), or because the code is not yet available and might be added later in the product life cycle (post-issuance). On top of that, application providers are not eager to provide source code of their product in order to protect their IP.
An alternative approach would be to have a (partially) automated verification of binary code that may even be done outside the certification process and would not necessarily require expert level security knowledge. This could help payment schemes and other owners of sensitive applications to gain confidence that their assets are secure. This document explains how Riscure can support this approach and help mitigate risk.