As a result, the solution was certified under the terms of the Common Criteria program with the highest achievable level of assurance.The scale and complexity of such evaluations are constantly growing due to multiple functionalities being merged into a single product which often becomes a challenge for a vendor, security lab and certification body. This cutting edge certification was efficiently handled by Riscure, proving the lab’s capability to test the security with the minimal overhead on the vendor side.
The subject of the security evaluation was an embedded Secure Element with Crypto Library and Java Card operating system. An evaluation process for this modern implementation of a secure enclave includes both software and hardware testing against the requirements prescribed in PP0084. Different attack scenarios need to be involved, to ensure that the solution is robust and meets strict Common Criteria requirements. Riscure was also able to apply its extensive expertise in SoC security to this unique development.
Pascal van Gimst, VP of Global Services Sales and Business Development at Riscure, comments: “A complex evaluation project like this requires a lot of experience and out-of-the-box thinking from a lab team. Building a bridge between certification requirements and the threat landscape is a complex task. As a lab, we have met the requirements of a scheme, the vendor needs in terms of project duration, at the same time conducting thorough security tests according to our highest standards. I’m extremely pleased with our strong evaluation team whose performance earned the praise of our client”.
Riscure has extensive knowledge and resources to conduct even the most sophisticated evaluations in cooperation with the Dutch Common Criteria certification body, NSCIB. If you are interested in evaluating your solution according to Common Criteria, please feel free to get in touch with us via inforequest@riscure.com. You can view the full list of our accreditations on the website.