Trusted Labs, a provider of security services, announced it has developed three sets of protection profiles covering a range of smart card platforms – from native to Java Card. With these Protection Profiles, the industry has tools necessary to evaluate platforms for smart cards or similar devices, in compliance with the latest version of the Common Criteria.
The company also announced that its e-passport solution received common criteria certification.
The three Protection Profiles comply with Common Criteria version 3.1, revision 3, and are currently under certification by French certification body ANSSI at EAL4+.
Java Card System – both Open Configuration and Closed Configuration – for Java Card v2.2 and Java Card 3 Classic Edition open and closed platforms, respectively. These Protection Profiles, developed for Sun Microsystems, are the evolution of the Java Card System Protection Profile Collection, and have been approved by the Common Criteria task force of the Java Card Forum.
ESforSSD (Embedded Software for Smart Secure Devices) – both Basic Configuration and Extended Configuration, for native smart card platforms. These Protection Profiles, which replace the “Smart Card Integrated Circuit with Embedded Software Protection Profile” were developed for ANSSI in a working group led by Trusted Labs and including several actors from both the smart card industry and specialized evaluation laboratories.
USIM – both Basic Configuration and Smart Card Web Server Configuration. These Protection Profiles were developed for the Association of French Mobile Operators and are based on the Java Card System Protection Profile, Open configuration. This means that the results of a Java Card platform evaluation can be re-used when evaluating the USIM platform – resulting in savings of time and money.
The protection profiles were developed as part of the EPOMI project – which groups together telcos, card manufacturers, and service providers to define how to guarantee the security of mobile contactless projects.
Trusted Logic also announced that its latest jTOT ID – a Java Card e-passport solution – has been certified at Common Criteria EAL5+ with ref. ANSSI-CC-2009/34.
With this certificate, jTOP ID goes beyond government EAL4+ requirements, providing both physical and mathematical proof of its security. It also creates a precedent in the personal identity market by implementing an open certification scheme – meaning it allows post-issuance download of applications while maintaining both the product’s security and its certification.
The certified platform referenced JCLX80jTOP20IDv2 is masked on Infineon’s SLE66CLX800PE (80kE²) and SLE66CLX360PE (36kE²) chips, and hosts an ICAO application in ROM that has been evaluated by composition at CC EAL4+ level, benefitting from the open certification scheme. This multi-purpose LDS application naturally serves ePassport but also a number of eID markets, such as personal identification, social security and driver licenses.