Secure Element for Developers (Java Card) Training Program

Many data sensitive industries, such as payments, identity, automotive and telecoms, rely on secure elements and smart card technology to ensure that billions of devices worldwide can communicate securely and reliably. To successfully create applications and services across these industries, developers need to become experts in Java Card technology, secure element architecture and GlobalPlatform Specifications.

GlobalPlatform offers a three day training course that specifically supports developers in gaining the knowledge they need. The course covers foundational subjects, such as architecture, runtime environment, and basic APIs, as well as advanced topics like secure coding, cryptographic APIs, and certification expectations.

Please note that while GlobalPlatform may run open training sessions throughout 2026, this course can be delivered on-site, on request. Please contact secretariat@globalplatform.org.

Key Learnings for Course Attendees

Over the three day program, students of this course will:

• Gain a comprehensive understanding of Java Card technology and GlobalPlatform specifications.
• Learn about SE architecture, security domains, and secure channels.
• Pick up practical skills related to developing, deploying, and testing secure and certifiable Java Card applications.
• Gain hands-on experience with Java Card development tools and sample projects.
• Use Java Card Oracle tools including the GlobalPlatform simulator.
• Become familiar with secure-by-design principles, including cryptographic APIs, secure coding practices, and evaluation lab expectations.
• Learn about evaluation and certification processes (e.g., EUCC, GP SE Protection Profile).

Who Should Attend?

The course is designed for new and experienced developers working across industries that rely on secure elements and smart card technology. Relevant industries include payments and financial services, governments and identity (e.g. ePassports, national ID, digital wallets), automotive (secure car access, digital keys), telecoms (SIM cards, eSIMs), IoT and embedded systems.

The course supports development of the following applications / services:

• Electronic purse applications (e.g. prepaid cards, transit cards)
• PIN code management systems (e.g. authentication modules)
• Cryptogram generation and verification (e.g. secure messaging, transaction signing)
• Logical channel management (e.g. multi-session applet execution)
• Shareable interfaces and GP services (e.g. inter-applet communication)
• Secure applications for certification (e.g. EUCC-compliant products)

Course Outline: Three Day Training Program

Day One:

• Introduction to GlobalPlatform
• Introduction to SE Specifications:
  • GlobalPlatform Card Specification; SE architecture; security domains; secure channels; markets and applications; applet management (load, install, select)
• Smart card basics:
  • Different types of smart card
  • Chip providers, card manufacturers, application developers, evangelist organizations
  • T=0, T=1, Contactless, APDU commands
• Oracle Java Card:
  • Technology overview
  • Java Card basics for application developers (architecture, runtime environment and API)
  • Platform architecture – JCRE, JCVM and API
  • Application model and structure of an application (memory model, security model)
  • Java Card cryptography and security related API
  • Solution providers, product examples
• Java Card Development Kit:
  • Development kit components (tools, simulator, Eclipse Plugin, VS Code)
  • Target platform and tools: Windows, Linux, Eclipse, VS Code
  • Supported Java Card and GlobalPlatform features
  • Installation of SDK on students’ machines
  • Set up of the Java Card Development Kit and environment variables settings
  • Testing and examples: running the samples
  • GlobalPlatform features supported by the simulator (e.g. CIC with SCP03)

Days Two and Three:

• Development tools overview
  • Java Card applet basics, processAPDU method
  • CAP file converter, loader, verifier
  • Java Card Assembly .jca, Export files .exp
• Demo project using development kit
  • Setup of Java Card Sample Projects (Create new Java Card Project)
  • How to build, run and debug samples
  • Use of cryptography API
  • Deploy, personalize, and delete application using GlobalPlatform commands
  • How to test an application
• Hands-on programming (customizable)
  • Step 1: Electronic purse
    • => GP API commands, processAPDU, buffer mngt…
  • Step 2: PIN code management
    • => VerifyPIN, GP CVM Management, OwnerPIN, GlobalPIN
  • Step 3: Cryptogram generation and verification
    • => Discovering cryptographic functions
  • Step 4: Logical channels
    • => Running applets
  • Step 5: Shareable Interface & GP Services
    • => Information sharing between applets
  • Secure-by-design development of an Applet /Security issues & certification expectations
    • Intro to physical and logical attacks at application level & chip level
    • EUCC basics, GP SE Protection Profile, Security targets, JIL guidance
    • Side channel attacks, fault(s) injection, buffer overflow
    • Attacker’s targeted functions and data
    • Impact of time on the security of long-lasting products
    • Secure Coding best practices & Evaluation Labs expectations at code audit
    • Constant time execution, secure branching, “magic values”, process flow control, random generation
    • Optimizations versus security, “cost” of security implementation
    • GP secure functions & Crypto Service Provider