GENEVA-STMicroelectronics here announced today it has become the first company to be certified under a new security standard for smart cards, the ISO15408 standard, also known as the Common Criteria.
The standard was developed to reconcile three similar but separately developed security evaluation criteria in the United States, Canada and Europe. ISO15408 security evaluations are performed by independent, accredited evaluation facilities licensed by an appropriate certification body.
STMicroelectronics was awarded the certification for its ST19 platform, a family of microcomputer-based smart-card ICs being used in GSM, banking, health card and other applications. The certification was granted to a level of EAL4 Augmented, and the TOE(Target Of Evaluation) for the first certification included both a specific circuit and the complete development environment.
STMicro said the ST19 devices have an outstanding resistance to the attack known as differential power analysis (DPA). ISO15408 defines seven assurance levels. The next step for ST, for future products now in the final stages of development, is to target level EAL5 ("semiformally designed and tested"), equivalent to the previous European-standard (ITSEC) level E4.
"ST firmly believes that Smartcards have a key role to play in e-commerce, where security is the paramount consideration," said Maurizio Felici, group vice-president and general manager of ST's smartcard division. "The high level of security demonstrated by the ST19 platform's ISO15408 certification means that customers can adopt it with confidence as an essential part of a more secure Internet for e-commerce applications."