Welcome to the official website of ESTL!

Current location: Home > News > Certification news > Technical information

Hot Search:

IEC62133 GB31241 UL1642 UL2056
News
Company news
Certification information
Technical information
Certification case
International
CEC Certification UN38.3 International CB International IEC
America
UL2272 Certification Brazilian ANATEL Certification Electric Vehicle UL2849 WERCSmart US UL US ETL US TÜVus US CTIA
Europe
ECE R136 Part 2 ECE R136 Part 2 (EU) 2023/1542 Russia GOST-R EU CE EU WEEE EU ROHS EU REACH EU PAHS ECE R136
Asia
Japan JC-STAR Japan METI China Taiwan NCC China Compulsory Certification Korea KC China CQC Japanese PSE China Taiwan BSMI Indian BIS China Quality Inspection Report Thailand TISI
Contact us

Service Hotline

+86 13925582920

Phone: +86-0769-85075888 to 6617

Fax: +86-0769-85075898

Mailbox: net03@gtggroup.com

Address: 2st floor, B Area, Jinbaisheng Industrial Park, Headquarters 2 Road, Songshan Lake Hi-tech Industrial Development Zone, Dongguan City, Guangdong Pr., China.

JC-STAR Testing Process: 5 Core Steps Fully Explained

Editor:ESTL Category:Technical information Release time:2026-04-21 Click volume:6

When many manufacturers first encounter JC-STAR, they all ask the same questions:“How does the process actually work? Will there be repeated revisions? How will the lab test the product?”

This guide breaks down the entire JC-STAR testing workflow in just 5 core steps.After reading, you’ll know exactly what to prepare, where bottlenecks most often happen, and how to avoid unnecessary detours.

I. Pre-Launch: Documentation Matters More Than the Device

The first step of JC-STAR is not powering on the product — it’s reviewing documents.The lab will first confirm your full product architecture:

  • System architecture diagram (device – app – cloud)
  • Network provisioning and device binding flow
  • User account system
  • OTA update process
  • Key management scheme
  • Version numbering rules
  • Threat Model (extremely important)

If these are unclear, the testing engineer will have to verify every detail, causing major delays.

In one sentence: Better preparation upfront means smoother formal testing.

II. Device-Side Testing: Default State Sets Your Security Baseline

As soon as devices arrive at the lab, the first check is their out-of-box state.

Key inspection points:

  • Default passwords and initialization mechanism
  • Secure broadcasting of Wi‑Fi / BLE signals
  • Exposure of UART, Telnet, or engineering mode
  • Firmware signing and anti-tampering capability
  • Integrity verification for OTA updates

This phase most often reveals design-level security flaws.Many manufacturers discover their devices can be easily rooted straight out of the box during their first JC-STAR test.

III. App Testing: Login, Provisioning, and Binding Are the Three Big Hurdles

App testing is more granular than most manufacturers expect.

The lab will focus on verifying:

  • Security of login, registration, and password reset
  • Password policy, account lockout, and token lifecycle
  • Whether provisioning uses plaintext or is vulnerable to man-in-the-middle attacks
  • Whether a device can be taken over using only SN or QR code
  • Packet capture to check API authentication
  • Permission abuse and privacy leakage risks

The app is one of the most common areas for rework, especially products with overly lightweight binding logic.

IV. Cloud Platform Testing: The Most Hidden Bottleneck

The cloud platform is the core of JC-STAR, and Japan’s cloud requirements are more detailed than those in Europe or the U.S.

Key focus areas:

  • Account system (strong passwords, lockout, MFA)
  • API authentication (token security, privilege escalation, replay attacks)
  • OTA version release and deployment process
  • Certificate management and TLS configuration
  • Logging, key management, and vulnerability response procedures

70% of first-time JC-STAR failures occur on the cloud platform.

V. Rectification & Retesting: The Final Critical Stage

The typical process:

  1. Initial test → issue list generated
  2. Manufacturer fixes issues → submits new version and documents
  3. Lab performs retesting
  4. All items pass → report review → assessment completed

Most projects finish within 1–2 rounds of retesting.If there are significant design flaws, a third round may be needed.

How to improve pass rate?Simple: keep your Threat Model, provisioning/binding documentation, OTA process, and key management clear and complete.

JC-STAR is not mysterious or overly nitpicky.It focuses on the overall security of IoT products.With early planning and clear processes, testing can be very straightforward.

Label: IoT security certification Japan JC-STAR device app cloud test JC-STAR rectification retest JC-STAR testing process JC-STAR lab test steps Threat Model JC-STAR
Prev: JC‑STAR Explained Simply: Full Framework for Manufacturers & Certification Managers
Next: None
NEWS/ Relevant information
logo
Product
Consumer battery
Power battery
IT/AV products
Power supply
Lighting products
Wireless products
Certification
UN38.3
International CB
International IEC
US UL
US TÜVus
China CQC
Service Hotline+86 13925582920
Address: 2st floor, B Area, Jinbaisheng Industrial Park, Headquarters 2 Road, Songshan Lake Hi-tech Industrial Development Zone, Dongguan City, Guangdong Pr., China. Telephone: +86-0769-85075888 to 6617 Fax: +86-0769-85075898 Mailbox: net03@gtggroup.com
Wechat Public Number

Focus on Wechat
Public Number

@ 2019 Guangdong ESTL Technology Co., Ltd. all rights reserved Record No. 粤ICP备19109311号-1粤公网安备 44190002004183号

Hotline

+86 13925582920
+86-0769-85075888 to 6617
+86 13925582920 7*24-hour service hotline

QQ

Wechat
二维码Focus on Wechat
TOP