Trusted Labs has developed a Common Criteria Protection Profile for open (U)SIM Java(tm) cards designed to host third-party security-sensitive applications, in a joint effort with other companies including French mobile operators Bouygues Telecom, Orange and SFR. The Protection Profile will soon be available for application providers and platform developers.
Common Criteria Protection Profiles specify the security requirements that need to be addressed by a given product, expressing the needs of a community of users. This Protection Profile defines the security requirements of the whole (U)SIM card platform and marks the first milestone in the scalable composition scheme initiated last year by Trusted Labs and SFR with the help of DCSSI, the French certification body.
The Protection Profile addresses the issues involved in downloading security-sensitive applications on a card platform in a secure environment. Prior to any card loading, non-sensitive applications will be validated by independent third parties, whereas sensitive applciations will be evaluated by an ITSEF in composition with the card platform. Both types of applications will require signature verification by a trusted third party prior to any loading on the card.
This Protection Profile facilitates the security certification of (U)SIM cards – the target being high assurance of EAL4+ type. As a result, application providers can access a dedicated and secure area on the cards. The Protection PRofile thus contributes to the launch of multi-application (U)SIM cards, by increasing confidence in the security model.
More info: Trusted Labs