Press Release
Paris,
November 4, 2008
SFR, DCSSI, Trusted Labs and Trusted
Logic
demonstrate the industrial feasibility of hosting banking type
applications on the SIM card
In
a joint demo at Cartes 2008 in hall 3, booth C021
- This technology breakthrough confirms the SIM
card suitability as a
secure element hosting on trust any kind of application and allows in
particular pursuing the NFC mobile payment pilots.
Key elements of this press
release are:
-
Achievement for a smart card
application of the Common Criteria EAL4 augmented (EAL4+) assurance
level
-
Achievement of this security
assurance level on a multi-application and scalable smart card
-
According to the security
requirements of the NFC mobile payment
-
Ability to host any kind of
services on the same support, whatever their security requirements.
The demonstration at Cartes
2008 showcases a Java
Card™ platform, the Trusted Logic jTOP® platform, developed and
evaluated according to the Common Criteria* EAL5+ assurance level,
together with an electronic signature application evaluated at CC
EAL4+. The card and the application are evaluated by composition and
according to the protection profiles issued by "Payez mobile" working
group and answering the security requirements defined by the banks and
the competent certification authorities.
The composition principle,
adopted by the
protection profile, allows keeping the validity of certificates
obtained for the loading of new certified applications. It allows as
well hosting non certified applications, such as e-ticketing transport
applications or loyalty applications. These applications are validated
by an independent third party laboratory and downloaded on a certified
Java Card™ platform, without questioning the previous certifications.
Jean-Louis
Mounier, SFR Innovation, Services and Factory Executive VP, explains
"to be delighted for such an achievement in less than 4 months in
cooperation with Trusted Logic and Trusted Labs. This demonstrates the
industrial viability of the SIM card as the support of any kind of
dematerialized services including banking services. The composition
scheme that has been used here, allows a significant reduction of the
time required to host secure services onto the SIM cards. This also
means that it is possible under certain conditions for third parties to
use and manage a secure space on all the SIM cards that will adopt this
profile. The SIM card allows simplifying the mobile transactions
ecosystem while demonstrating its ability to be a universal secure
element. SFR is convinced that the mobile phone can play a key
role in the upgrade of trust and security required by online business.
It should be noticed that the importance of such an upgrade has been
underlined by the Besson report, recently issued by the French
Government. The mobile phone is already an important tool in everyday
life of 85% of French people; the developments we announce today
clearly show its ability, in combination with the SIM card, to match
the highest security standards of the industry."
The
DCSSI, Central Information Systems Security Division, considers that
the new requirements following the development of mobile phones secure
applications will impose the use of new-generation SIM cards. These
cards will need to obtain a security level comparable to that of
banking cards. DCSSI has, from the very beginning, promoted the
principle of composition in smart card security evaluations, which has
since been adopted internationally. This project shows how flexible
this scheme really is, reducing the delays for such evaluations to
levels acceptable by the market. This evaluation is a good example and
we hope others will adopt this scheme.
Dominique
Bolignano, President & CEO of Trusted Logic, says: "Thanks to
the
CC EAL5+ evaluation of our multi-application jTOP® platform, Trusted
Logic can now securely host all kinds of applications: telecom,
e-signature, identity, and banking."
Claire
Loiseaux, CEO of Trusted Labs, says: "Trusted Labs is proud to have
steered SFR and Trusted Logic to the successful completion of this
project, with the help of DCSSI. It demonstrates the feasibility of
efficient security for security-sensitive applications in mobile
phones. We hope this project will stimulate others in the embedded
systems community to go further along this path."
*http://www.commoncriteriaportal.org/
About
SFR: www.sfr.com
Following the merger between
SFR and Neuf Cegetel,
the new SFR has now become Europe's largest alternative operator, with
a revenue of more than 12 billion euros and a customer base of nearly
half of all French people.
As a global operator,
SFR is capable of satisfying the mobile, Internet, fixed and service
needs of the mass market and of business and wholesale customers. SFR
has a total of 19.3 million mobile customers, including 5 million
3G/3G+ customers (July 2008) and 2 million business lines, as well as
3.8 million broadband Internet customers and 184 000 business sites
connected.
With its own mobile and fixed
infrastructures and major expertise in IP areas, the new SFR will have
all the resources necessary to create a new-generation operator. As a
leader in terms of innovation and quality of customer relations, SFR is
supported by the assets and skills at its disposal, enabling it to
offer seamless services. SFR also stands for a committed and open
operator, working with the best partners.
With
10000 employees, SFR benefits from a stable ownership structure, with
two major shareholders, Vivendi (56%) and Vodafone (44%).
About
DCSSI
The DCSSI (Central
Information Systems Security
Division) has succeeded the Central Information Systems Security
Service, the State's focal centre for Information Systems Security, and
was instituted by decree on 31 July 2001. It is under the authority of
the General Secretary for National Defense and Contributes to
Inter-ministerial definition and expression of government policy in
terms of information systems security. In this context, one of its
missions is to operate the French Evaluation and Certification Scheme,
instituted by decree on 18 April 2002.
For more information
about DCSSI, visit http://www.ssi.gouv.fr.
About
Trusted Logic
Trusted Logic is a pioneer in
security solutions
for digital services - from mobile payment to e-ticketing, from
identification to access control - enabling end-users to access
services anywhere, anytime, securely.
A leading
provider of open, secure software for smart cards, terminals and
consumer devices, Trusted Logic creates the foundations for converging
digital services at the crossroads of telecom, banking, transport, and
government.
With operations in France,
Ireland, and Singapore, Trusted Logic today serves customers worldwide.
Its
subsidiary,
Trusted Labs, offers consulting and security evaluation services and
helps customers design and deploy their next digital services.
For more information, visit http://www.trusted-logic.com.
About
Trusted Labs
Trusted Labs specializes in
security consulting and
evaluation of embedded systems such as smart cards, terminals, and
mobile phones. Its consulting activity covers security architecture,
formal methods, and certification methodology such as FIPS140-2 or
Common Criteria. Its evaluation activity includes security evaluations
of smart cards and terminals, testing services and tools, and automated
validation of applet security and interoperability.
Trusted
Labs consults and evaluates the products and services of large telecom
operators, financial institutions and card and terminal manufacturers.
Trusted
Labs has already obtained international recognition of its expertise
thanks to its participation in various evaluation schemes (Common
Criteria, MasterCard CAST) and its contribution to several Protection
Profiles for DCSSI, the French certification body, and for Sun
Microsystems (Java Card™ Protection Profile).
For more information about
Trusted Labs, visit http://www.trusted-labs.com.
Back to the top
