Trusted Labs has developed a protection profile for (U)SIM Java cards
February 2008 by Marc Jacob
Trusted Labs, a security services ranging from risk analysis to evaluation, today announces that it has developed a Common Criteria Protection Profile for open (U)SIM Java™ cards designed to host third-party securitysensitive applications, in a joint effort with other companies including French mobile operators Bouygues Telecom, Orange and SFR. The Protection Profile will soon be available for application providers and platform developers.
Common Criteria Protection Profiles specify the security requirements that need to be addressed by a given product, expressing the needs of a community of users. This Protection Profile defines the security requirements of the whole (U)SIM card platform and marks the first milestone in the scalable composition scheme initiated last year by Trusted Labs and SFR with the help of DCSSI, the French certification body. The Protection Profile addresses the issues involved in downloading security-sensitive applications on a card platform in a secure environment. Prior to any card loading, nonsensitive applications will be validated by independent third parties, whereas sensitive applications will be evaluated by an ITSEF in composition with the card platform. Both types of applications will require signature verification by a trusted third party prior to any loading on the card.
This Protection Profile facilitates the security certification of (U)SIM cards – the target being high assurance of EAL4+ type. As a result, application providers can access a dedicated and secure area on the cards. The Protection Profile thus contributes to the launch of multiapplication (U)SIM cards, by increasing confidence in the security model.