Assurance Requirements

Within the Common Criteria, assurance requirements define the measures that need to be taken to make sure that the product will behave as described. For example, an assurance requirement could be that the product should be tested, or that the code should be kept in a change management system so that we know it was not tampered with during development.



Card Composition Model

This model allows individual components of a system to be certified separately within the Common Criteria, without losing the validity of this certification when the components are put together as a whole. For example, a smart card with a certified Java Card platform would be able to host a certified application added later, without having to undergo a new certification for the composite platform + application.

Trusted Labs was instrumental in defining this scheme.


The Cloud is the delivery of shared resources, software, and data to individual computers or devices. This is done over a network (usually the Internet). Users of the Cloud consume their computing resources as a service rather than a product – like a utility.

Commercial Product Assurance (CPA)

CPA is a security certification scheme designed to replace the Common Criteria for UK government use.

Common Criteria (CC)

The Common Criteria is an international standard (ISO/IEC 15408) for certifying the security of IT products. It enables users to specify security requirements (see PP), vendors to implement these requirements and make security claims about their products, and evaluation laboratories to check if these claims are true.



Evaluation Assurance Level (EAL)

Within the Common Criteria, the EAL ranges from 1 to 7, and tells us how rigorously the security claims for a product have been checked. EAL1 is the most basic level; EAL7 the most stringent. Each level includes a package of pre-defined requirements, and a PP or an ST generally chooses one of these packages. Sometimes a few requirements are taken from a higher level, and this is indicated by a “+” next to the EAL number. The banking industry generally requires EAL5+.

Note that this does not mean that a product that is certified at EAL7 is necessarily more secure than a product certified at EAL1. It simply means that we are more sure that it meets its security claims, but to know what the security claims are – which make the product secure or not – we need to look at the PP or the ST.


Formal Methods

Formal methods are techniques based on mathematics which can be used to specify, develop, and verify software and hardware systems. Formal methods make it possible to produce higher-quality products, and to prove mathematically that these products comply with their specifications. Formal methods are required to achieve the highest levels of Common Criteria certification (i.e. EAL6 and EAL7).

Functional Requirements

The functional requirements define the behavior that is required of a product. For example, a functional requirement could be that the product will not allow access to certain areas unless the correct PIN code has been presented.




Internet of Things

When devices are uniquely identified (i.e. they have an IP address) and connected to the Internet, they are part of the Internet of Things. The devices can be anything that has computing power, including chips implanted to monitor the heart, chips on farm animals, and sensors in cars. The Internet of Things enables remote monitoring and control.





Machine-to-Machine (M2M)

M2M refers to the communication between machines (including wireless, personal and unattended devices), and is an integral part of the Internet of Things. It has a wide range of applications, including industrial automation, smart grid, and smart cities.


Near Field Communication (NFC)

NFC is a set of standards for wireless devices to communicate with each other when they touch or are in close proximity (usually within a few centimeters). It can be used for contactless transactions and data exchange.



Protection Profile (PP)

Within the Common Criteria, a Protection Profile is a document that defines which security requirements a product must meet in order to get Common Criteria certification. Each kind of product must strive to meet its own specific Protection Profile – for example there is a Protection Profile for SIM cards and one for Trusted Execution Environments.




Secure Element (SE)

A Secure Element is a tamper-resistant chip that only communicates in protected mode with other hardware elements. This chip is usually part of a larger system – e.g. a SIM card or a Micro SD card inserted in a mobile phone. Some secure elements are removable; others are directly integrated into the mobile board – therefore called “Embedded Secure Elements” (eSE) – often stacked with an NFC controller.

Secure Elements are used to host and execute sensitive applications, and to protect sensitive information, such as the master key for encryption/decryption.

Security Target (ST)

Within the Common Criteria, a Security Target is a document that defines how security will be implemented in one particular product. It takes the security requirements defined in the Protection Profile, and defines how these requirements will be met. It is the necessary first step towards getting a Common Criteria certification.


Target of Evaluation (TOE)

The Target of Evaluation defines what exactly is being evaluated in a Common Criteria certification. For example, if a smart card is certified at CC EAL5+, does that mean that the OS is certified, or the OS + the applications, or the OS + the hardware, or the OS + the applications + the hardware? The TOE clarifies the scope of the certification and is defined in the Security Target.

Test vehicle

Certification authorities use test vehicles to qualify evaluation laboratories that wish to be accredited for their certification scheme. A test vehicle introduces security holes into a product; candidate laboratories must find these security holes to prove their competence.

Trusted Execution Environment (TEE)

A TEE is a protected environment in a connected device that enables security-sensitive services on-the-go. Examples of such services include mobile financial services, video-on-demand, and corporate mobility.

More technically, a TEE is a programmable environment in a connected device that stores, processes, and protects sensitive data in a dedicated zone which is isolated from the device’s main operating system.

Trusted Service Manager (TSM)

NFC applications involve many actors: service providers, MNOs, and the issuers of the Secure Element where the NFC application will be stored. All these actors must communicate, trust each other, and agree on how to do business together. This creates the need for yet another party: the TSM, which is a trusted third-party that acts as a broker between these actors, setting up business agreements and technical connections between them, and enabling service providers to manage their application life-cycle by allowing remote access to the secure element.