All MasterCard-branded cards must have a CAST certificate (Compliance Assessment & Security Testing).
Trusted Labs: the CAST Expert
Trusted Labs has been performing CAST evaluations since 2001 - and actually helped MasterCard define the procedures and tools to be used in the evaluations.
Trusted Labs offers 2 services to help you obtain your CAST certificate.
1) We make sure your evaluation runs as smoothly as possible, by helping you:
- understand state-of-the-art security requirements and CAST requirements;
- understand the security mechanisms referred to in the CAST security guidelines;
- analyze the security level of your smart card, before the actual CAST evaluation.
2) We perform the CAST evaluation which will get you the official certificate from MasterCard.
The standard in the industry is simple source code analysis. We go further, and analyze security on 3 levels:
1. We diagnose your specifications and design;
2. We review your source code;
3. We test your product on emulators, using:
- robustness tests
- ill-formed applications - a leading expertise in Trusted Labs.
This optimizes coverage, ensuring an exhaustive identification of vulnerabilities.
Unique Methodology for Multi-Application Cards
Trusted Labs is also an expert in multi-application cards - and has developed a methodology to assess all the security issues specific to these.
We check that:
- the platform guarantees that a sensitive application can use the platform’s services safely;
- all other applications on the card have no security impact on the sensitive application.
- Our TL SAT tool for fast and reliable Java Card™ application analysis;
- The Test Manager of our TL CAT test execution environment - for exhaustive automated testing;
- Robustness test suites for banking applications;
- Robustness test suites for Java Card™ platform;
- Suite of malicious applets for Java Card™ platform.
- Evaluated the security of multi-application smart cards;
- Evaluated the security of a mobile payment solution (NFC phone with EMV payment application);
- Defined implementation guides and security policy (multi-application environment, mobile payment, mobile phone, and smart card applications);
- Set up the MasterCard CAST certification scheme.
We respect our clients’ confidentiality and do not divulge their names.