Common Criteria Protection Profile for (U)SIM Java Cards

Posted by Ken Cheung in Wireless on Tuesday, April 1, 2008
EDA News - 2008.04.02 »
« EDA News - 2008.04.01 Late Edition

Trusted Labs has developed a Common Criteria Protection Profile for open (U)SIM Java(tm) cards designed to host third-party security-sensitive applications, in a joint effort with other companies including French mobile operators Bouygues Telecom, Orange and SFR. The Protection Profile will soon be available for application providers and platform developers.

Common Criteria Protection Profiles specify the security requirements that need to be addressed by a given product, expressing the needs of a community of users. This Protection Profile defines the security requirements of the whole (U)SIM card platform and marks the first milestone in the scalable composition scheme initiated last year by Trusted Labs and SFR with the help of DCSSI, the French certification body.

The Protection Profile addresses the issues involved in downloading security-sensitive applications on a card platform in a secure environment. Prior to any card loading, non-sensitive applications will be validated by independent third parties, whereas sensitive applciations will be evaluated by an ITSEF in composition with the card platform. Both types of applications will require signature verification by a trusted third party prior to any loading on the card.

This Protection Profile facilitates the security certification of (U)SIM cards - the target being high assurance of EAL4+ type. As a result, application providers can access a dedicated and secure area on the cards. The Protection PRofile thus contributes to the launch of multi-application (U)SIM cards, by increasing confidence in the security model.

More info: Trusted Labs

If you found this page useful, bookmark and share it on:

EDA News - 2008.04.02 »
« EDA News - 2008.04.01 Late Edition

Possibly of Interest

 
EDA Blog Newsletter
Don't have time to visit EDA Blog everyday? Then sign up for our free newsletter. We'll send you an email when we have something to share with you. Your email address will be kept confidential and we will not share, sell, or rent it to anyone. You can unsubscribe at any time by clicking a link in the email.

Enter your email address to sign up for our free newsletter:   

If you are familiar with RSS feeds, you can also sign up for our free blog feed. Our RSS feed is updated in real-time while our newsletter is updated daily.