Key Industry Projects

- Test and Evaluation Services
- Security Architecture Consulting
- Common Criteria Consulting

Test and Evaluation Services

  • GIE Sesam Vitale

    • Security audit (technical and organizational).

    • Design, implementation and execution of the functional compliance tests for the next generation of Vitale 2, the French health smart card, with Trusted Labs specific test methodology and tools (TL CAT).

    • Security and functional analysis of the personalization profile of Vitale 2.

       
  • MasterCard International

    • Security evaluation (black box or white box) of most vendors' Java Card™ platforms. Methodology licensed to MasterCard as the foundation of its Java Card™ risk management program (CAST process).

    • Security evaluation of payment applications (M/Chip 4, Paypass, M/Chip2.1) within the CAST process.

    • Static analysis technology: supply of TL Application Diagnosis Tool with banking rules to be used in CAST process.

    • Contribution to the set-up and implementation of a certification scheme of mobile payment solutions.

    • Security evaluation of mobile payment solutions.

  • BMS / Carte Bleue / Crédit Agricole / GIE Sesam-Vitale / GIP CPS

    • Assistance in definition of security scope for new Java product strategy.
  • BAROC / GIE Cartes Bancaires / Texas Instruments / Viaccess
    • Security evaluation (white box) of software and hardware security architectures.
  • SIMalliance
    • Static analysis technology: first license of TL Application Diagnosis Tool with STK rules (Steppint Stones for Interoperability).
  • Pay TV operators

    • Design, development and execution of functional tests.

    • Java Card™ security evaluation support.

    • TL CAT test tool licensing.

  • Mobile operators

    • Set-up and implementation of a certification scheme for MIDP, Java Card™, Symbian (proof of concept), Linux and WinCE (advanced research) applications based on static analysis. Full execution of certifications.

    • Consulting in evaluation and certification before market launch of new services and applications.

Security Architecture Consulting

  • RATP (French transport operator)

    • Consulting for the implementation of Navigo, the transport application, in a Java Card™ and in mobile equipment.

    • Java Card™ security implementation guidelines.

  • Visa International

    • First Visa Smart Star Award in 2002, acknowledging our key contributions to the enhancement of overall Open Platform system security (e.g. VSAM: Verification Security Application Module).

    • Security guidelines for VSDC applications (both contact and contactless), for developers and evaluators.

  • GIE Cartes Bancaires / Viaccess / Gemalto (terminals)

    • Security analyses taking into account usage scenarii as well as the related standard and industry specifications.

    • Definition of security requirements for open systems.

  • EMVCo

    • Contribution to the security implementation guidelines of the CPA (Common Payment Application), part of the CPA certification process.

  • MasterCard International

    • Contribution to security guidelines for MasterCard member banks and vendors, to be used in the CAST process.

      • Applet security guidelines
      • Java Card™ security guidelines
      • GlobalPlatform security guidelines
      • M/Chip4 (debit/credit application) security guidelines.

    • Contribution to security analyses and security guidelines for mobile payment.

  • BMS / Texas Instruments / Mobile operators / Ministère des Finances (French government)

    • Security analysis about mobile equipment.

  • Pay TV operators / Mobile operators

    • Java Card™ security analysis and security policy, open SIM cards (multi-application SIM cards), MVNO (Mobile Virtual Network Operator) application certifications, new services on mobile phones, embedded devices.

    • Risk analyses following the EBIOS methodology.

    • Java Card™ security implementation guides, GlobalPlatform security guides.


Common Criteria Consulting

  • DCSSI

    • Definition of Protection Profiles with TL SET, the security editing tool, for the following systems:

      • authentication devices
      • electronic signature applications (creation and validation)
      • time-stamping modules
      • VPN gateway encryption modules, VPN client
      • on-the-fly encryption for hard drives.

  • BMS / Carte Bleue / Crédit Agricole / GIE Sesam-Vitale / GIP CPS / Gemalto (terminals)

    • Security target definition and support in evaluation process concerning several national projects, such as Vocable, Moneo, French healthcare card project (doctor side), APACS.

  • GIE Cartes Bancaires

    • Protection Profile for payment terminals inside the CAS (Common Approval Scheme), integrating multiple security levels.

  • Atmel / Way Systems / SST (Emosyn) / Trusted Logic 

    • Support for Common Criteria documentation and project piloting.

  • Gemalto

    • Common Criteria EAL7 methodology evaluation concerning JCVM level (interpreter, linker, loader, verifier) certified by the DCSSI in July 2003.

  • Sun Microsystems

    • Definition of Java Card™ System Protection Profile.

    • Common Criteria documentation of the TCK (Test Compatibility Kit).

  • SFR

    • Definition of a Common Criteria composition scheme for Java Card™ (U)SIM card platforms and applications.