The Smart Cards industry has evolved drastically in the last years and now is more appropriate to talk about embedded devices that may be integrated in different form factors such as a Smart Card, a wearable or in a mobile handset.
Chip-based solutions are used for very different purposes: payment, identification, e-passport, digital signature, eHealth, eSIM, transport ticketing, etc…
This industry is one of the most mature in terms of cybersecurity certification.
For the Payment industry, EMVCo and specific payment brand certifications are required by the industry.
For e-government related applications such as identification, e-passport, digital signature and eHealth, Common Criteria is de facto standard.
For Transport Ticketing, different proprietary schemes exist such as Felica or Mifare.
jtsec provides a turnkey Smart Card consultancy services. jtsec has experience in supporting customers in IC, Java Card Platform, Native Operating Systems, Java Card Applets and Native apps.
jtsec is member of Eurosmart – the voice of the digital industry. jtsec is very active in Smart Card Common Criteria Standardization being an active member of ISCI WG1.
Do not hesitate to call us to get more information about our Smart Card services. Our expert team will support you using the most suitable certification scheme or will help you to identify the security requirements applicable to your product considering the standard against you want to be evaluated.
EMVCo and Specific Payment Brand Certification
EMVCo certification is required for ICs and Java Card Platforms. EMVCo certification focuses on penetration testing and security throughout the life cycle of the product.
Each Payment Brand (Visa, MasterCard, JCB, American Express and Discover) has its own certification requirements for the application/Applet to verify the correctness of the implementation.
Transport Ticketing Certification
Felica and Mifare certifications are private schemes that are mandatory in Felica and Mifare products.
Common Criteria Certification
There are different type of products that may undergo a CC certification as mentioned before. In most of the cases, the product claims conformance to a protection profile. These are the most common Protection Profiles:
- Integrated Circuits:
- PP-0084 - Security IC Platform Protection Profile with Augmentation Packages
- Java Card Platforms:
- PP-0099 - Java Card Protection Profile - Open Configuration
- PP-0055 - Protection Profile for Machine Readable Travel Document with "ICAO Application", Basic Access Control
- PP-0056 - Machine Readable Travel Document with ICAO Application Extended Access Control with PACE
- PP-0068 - Machine Readable Travel Document using Standard Inspection Procedure with PACE (PACE_PP)
- Tachograph Card:
- Digital Tachograph – Tachograph Card (TC PP)
- Secure Signature Creation Device:
- Protection Profile for Secure Signature Creation Device - Part 2: Device with Key Generation
- Protection profiles for secure signature creation device - Part 3: Device with key import
- Protection profiles for secure signature creation device — Part 4: Extension for device with key generation and trusted communication with certificate generation application
- Protection profiles for secure signature creation device — Part 5: Extension for device with key generation and trusted communication with signature creation application
- Protection profiles for secure signature creation device — Part 6: Extension for device with key import and trusted communication with signature creation application
- Embedded UICC – eSIM:
- Embedded UICC for Consumer Devices Protection Profile
- Trusted Platform Module:
- Protection Profile PC Client Specific TPM
- V2X communication module:
- Protection Profile CAR 2 CAR Communication Consortium V2X Hardware Security Module
They already trusted us. Let's talk!
What we offer
Common Criteria Consultancy
jtsec may support in your Common Criteria projects. We have experience in evaluations with all the protection profiles mentioned above for any kind of Smart Cards products.
Moreover, we have experience in unique products that do not match to any protection profile such as Winbond Secure Flash.
jtsec may also support you to smooth the certification of your IP product. we are specialized in IP Common Criteria Package creation and IP integration in SoC Architecture.
Working with jtsec, ensures you a smooth certification process saving your time and money.
Further information of the CC consultancy service may be found here.
Payment and Transport Ticketing Schemes
jtsec may guide you through the process supporting you to meet the established requirements and obtaining better fees through their partner labs.
jtsec may support you to overcome the site audit required in Common Criteria certifications and in payment/transport schemes.
jtsec has a great expertise applying Minimum Site Security Requirements. In fact, jtsec members participate in the development of the supporting document.
Avoid surprises and prepare yourself for a smooth certification process.
Source Code Review
jtsec may carry out source code review of your Smart Card SW and support you to increase the security countermeasures.
jtsec experts have a great expertise in evaluation of Smart Card Implementations.