Expertise

Other expertises

For several years, due to their particular constraints in terms of security and time-to-market, major international payment schemes have set up their own security evaluation programs. Other industrial actors also request customized assessment of their new product designs or protection techniques. Our ITSEF has worked in close collaboration with them and enforced all required processes internally in order to answer all these specific needs.

MasterCard CAST

Our laboratory has been accredited by MasterCard Worldwide for security expertises within the CAST program (contact and contactless smart cards). Based on the results of the expertise of a product, MasterCard Worldwide provides the product vendor with a specific reference authorising the branding of the product.

As for CC, we offer full CAST expertises to developers or vendors of MasterCard applications (M/Chip, Paypass, ...). Such expertises include a detailed code review, vulnerability analysis and hardware semi-invasive tests.

EMVCo

EMVCo was created by the three major international payment schemes (JCB, Visa International and MasterCard Worldwide). EMVCo manages, maintains and enhances the EMV™ Integrated Circuit Card Specifications for Payment Systems.

Our ITSEF has also been approved by EMVCo as Full Service Laboratory in the context of its new security evaluation program for Integrated Circuits and Integrated Circuits Cards.

VISA VCSP

Previously called the ‘RISK’ program, our laboratory has been accredited by VISA International for security expertises within VCSP (VISA Chip Security Program) for contact and contactless smart cards.

CSPN ("First Level Security Certification" in English)

Our laboratory has been accredited by ANSSI for security expertises within the CSPN program. This program intents to offer to the administration, companies and the general public IT products whose security has been assessed.

A CSPN evaluation checks that the product is compliant with its security specification; it rates the security mechanisms, identifies the vulnerabilities known from similar products, and tests the product in a limited time frame. This scheme allows to certify free licensed software in limited time and cost.

Independant expertises

Fully independent expertises of a product can be led in order for a developer to get a technical assessment of some security functions he wants to offer. They allow the developer to get an independent insight

Our ITSEF proposes such services in three main activity domains:

• hardware : secured PC external components (such as external data storage devices), independent standalone secured devices…

• cryptography : test of random number generator quality, evaluation of strength of proprietary algorithms and protocols, ...

• software : code security review of applications, Java Card platforms or applets…

Site audits

Our experts perform security or quality audits on development and production sites, in order to help vendors improve their (physical and logical) security measures or to check whether they correctly enforce their quality procedures on production lines. This activity can be part of a full evaluation or expertise work, but it can also be an independent task.

Pre-evaluation

The ITSEF offers pre-evaluation support and assistance to the companies that want to improve its product and its documentation before starting the complete official evaluation or certification process.