Abstract
Manufacturers and producers of smart card systems are all beginning to climb on the certification bandwagon. In this paper, we analyse the current state of smart card certifications and present arguments as to why smart card certifications may not be all they seem. We discuss certifications issued under the ITSEC and Common Criteria and analyse shortcomings and inconsistencies that appear to exist in the certifications. Specific examples are presented to justify our arguments.
Chapter PDF
Similar content being viewed by others
References
UK IT Security Evaluation and Certification Scheme - Certification Body, UK ITSEC Scheme Certification report No. P129 Mondex Purse Release 2.0 on MULTOS Version3 and Hitachi H8/3112 integrated circuit card., UK ITSEC, September 1999.
UK IT Security Evaluation and Certification Scheme - Certification Body, UK ITSEC Scheme Certification report No. P130 MULTOS Version3 on Hitachi H8/3112 integrated circuit card., UK ITSEC, September 1999.
ITSEC, Information Technology Security Evaluation Criteria Version 1. 2, June 1991.
ITSEC, ITSEC Joint Interpretation Library (ITSEC JIL) Version 2. 0, November 1998.
TCSEC, Trusted Computer Systems Evaluation Criteria DOD 5200.28-STD, Department of Defence, United States of America, December 1985.
Common Criteria, Common Criteria for Information Technology Security Evaluation [CEM] Part 1, Version 2. 1, August 1999.
ITSEM, Information Technology Security Evaluation Manual, Version 1. 0 September 1993.
Kuhn, M G, Kommerling, O, Design Principles for Tamper-Resistant Smartcard Processors, USENIX Workshop on Smartcard Technology, Chicago, Illinois, USA, May 10–11, 1999.
Organisme de Certification SCSSI, Schéma Français de la Sécurité des Technologies de l’Information d’Évaluation et de Certification Rapport de certification 99/09 Porte-monnaie électronique Mondex Purse 2 version 0203 (composant SLE66CX160S, système d’exploitation MULTOS V4. 1N ), SCSSI, November 1999.
Die Zertifizierungsstelle der TUV Informationstechnik, Zertifizierungsbericht SLE66CX160S Der Infineon Technologies TUVITDSZ-ITSEC-9102–1999, TUV Informationstechnik, March 1999.
Organisme de Certification SCSSI, Schéma Français de la Sécurité des Technologies de l’Information d’Évaluation et de Certification Rapport de certification 99/07 Plate-forme Javacard/VOP GemXpresso 211 (microcircuit Philips P8WE5032/MPH02) avec applets Oberthur BO’ v0.32 et Visa VSDC v1. 08, SCSSI, December 1999.
Bundesamt für Sicherheit in der Informationstechnik, Certification Report BSI-DSZ-CC-0153–1999 for Philips Smart Card Controller P8WE5032VOB, BSI, Nov 1999.
Organisme de Certification SCSSI, Schéma Français d’Évaluation et de Certification de la Sécurité des Technologies de l’Information. Evaluation et Certification Française CERTIFICAT 99/04 Application bancaire B4/B0’ V2 de la carte mixte MONEO/CB (référence: ST19SF16B RCL version B303/B002), SCSSI, September 1999.
Organisme de Certification SCSSI, Schéma Français de la Sécurité des Technologies de l’Information d’Évaluation et de Certification Rapport de certification 98/01 Composant ST16SF44A masqué pour l’application SCOT400 Version 1 (référence ST16SF44ARHQ), SCSSI, April 1998.
Organisme de Certification SCSSI, Schéma Français de la Sécurité des Technologies de l’Information d’Évaluation et de Certification Rapport de certification 97/04 Composant ST16601 H/SKG masqué pour l’application bancaire B4/B0’ V2, SCSSI, December 1997
Smart Card Security User Group, Smart Card Protection Profile - Draft, Version 2.0, May 1 2000.
Common Criteria, Common Criteria for Information Technology Security Evaluation [CEM] Part 3 - Security Assurance Requirements, Version 2. 1, August 1999.
Common Criteria, Common Criteria for Information Technology Security Evaluation [CEM] Part 2 - Security Functional Requirements, Version 2. 1, August 1999
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Reid, J., Looi, M. (2000). Making Sense of Smart Card Security Certifications. In: Domingo-Ferrer, J., Chan, D., Watson, A. (eds) Smart Card Research and Advanced Applications. IFIP — The International Federation for Information Processing, vol 52. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35528-3_13
Download citation
DOI: https://doi.org/10.1007/978-0-387-35528-3_13
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-6526-7
Online ISBN: 978-0-387-35528-3
eBook Packages: Springer Book Archive