Press Release
Versailles, February 11, 2008
TRUSTED LABS DEVELOPS A PROTECTION PROFILE FOR (U)SIM JAVA™ CARDS
Defining security requirements for Java Card™ platform (U)SIM cards
– Trusted Labs, a leader in security services ranging from risk
analysis to evaluation, today announces it has developed a Common
Criteria Protection Profile for open (U)SIM Java™ cards designed to
host third-party security-sensitive applications, in a joint effort
with other companies including French mobile operators Bouygues
Telecom, Orange and SFR. The Protection Profile will soon be available
for application providers and platform developers.
Common Criteria Protection Profiles specify the security requirements
that need to be addressed by a given product, expressing the needs of a
community of users. This Protection Profile defines the security
requirements of the whole (U)SIM card platform and marks the first
milestone in the scalable composition scheme initiated last year by
Trusted Labs and SFR with the help of DCSSI, the French certification
body.
The
Protection Profile addresses the issues involved in downloading
security-sensitive applications on a card platform in a secure
environment. Prior to any card loading, non-sensitive applications will
be validated by independent third parties, whereas sensitive
applications will be evaluated by an ITSEF in composition with the card
platform. Both types of applications will require signature
verification by a trusted third party prior to any loading on the card.
This
Protection Profile facilitates the security certification of (U)SIM
cards - the target being high assurance of EAL4+ type. As a result,
application providers can access a dedicated and secure area on the
cards. The Protection Profile thus contributes to the launch of
multi-application (U)SIM cards, by increasing confidence in the
security model.
« With this Protection Profile, the card platform can be certified
separately from the applications it is to host. Expected to become a de
facto industry standard, the Protection Profile should spur the
deployment of security-sensitive applications - such as banking, pay
TV, e-signature and transport applications - on (U)SIM cards, bringing
about true multi-application, » said Claire Loiseaux, CEO of Trusted
Labs.
About Trusted Labs
Trusted
labs specializes in security consulting and evaluation of embedded
systems such as smart cards, terminals and mobile phones. Its
consulting activity covers security architecture, formal methods and
certification methodology such as FIPS140-2 or Common Criteria. Its
evaluation activity includes security evaluations of smart cards and
terminals, testing services and tools, and automated validation of
applet security and interoperability.
Trusted Labs consults for,
and evaluates the products and services of, large telecom operators,
financial institutions and card and terminal manufacturers. Trusted
Labs has already obtained international recognition of its expertise
thanks to its participation in various evaluation schemes (Common
Criteria, MasterCard CAST) and its contribution to several Protection
Profiles for DCSSI, the French certification body, and for Sun
Microsystems (Java Card™ Protection Profile).
Editorial contact
Silvia Candido
Tel.: +33 1 30 97 26 26
Back to the top
