Gemalto First and Only Company in the World to Receive Eal7 Certification for Smart Card Embedded Software
Gemalto (Euronext NL0000400653), the world leader in digital security, today announced that its Sealys ID Motion smart card software dedicated to national government programs has received “Common Criteria EAL7 certification”. EAL7, or Evaluation Assurance Level 7, represents the highest level of security assurance within the international security evaluation scheme, also known as Common Criteria.
By achieving this independent and government-recognized security certification, Gemalto has set a new landmark for government smart card security. It is the first time a smart card embedded software provides such a level of assurance. With Sealys ID Motion, clients will also benefit from a portfolio of applications, built from Gemalto’s experience in over 80 government programs, to modernize public services and speed up the technical design phase with ready-made proven solutions.
Gemalto’s Sealys ID Motion is a new turnkey end-to-end solution for advanced multi-issuer government projects with highly secured post-issuance capabilities. ID Motion offers the potential to deliver convenient and efficient access to numerous eGovernment services via a single card.
Furthermore, with ID Motion it is now possible to add new applications, such as healthcare and payment, to existing electronic ID cards after they are already deployed in the field, thereby protecting governments’ investments and budgets.
“This certification represents a major milestone, as we intend ID Motion to be a significant step forward in securing eGovernment services,” said Frédéric Trojani, Senior Vice President of the Government Programs Business Unit at Gemalto. “Sealys ID Motion brings together convenience, security and trust, which are the three critical success factors for the broad adoption of these services. It is a clear answer to governments’ interest in multiservice platforms that can support different central and local authorities, be eServices ready and host third parties applications, such as transport, eSignatures and others.”
*The EAL international scale of security assurance ranges from 0 (no assurance) to 7 (the highest level of assurance). Typically, EAL7 is granted to applications which require an extremely high level of security, such as homeland security applications. Banking-grade smart cards are typically evaluated at EAL level 4, sometimes EAL level 5, due to cost, development time and risk management requirements. Conventional mobile communications SIM cards were in the past typically not designed to be evaluated for security assurance, unless they also provided for a specific banking or electronic signature functionality. With the development of mobile communications multi-function multi-issuer capable UICC cards, used in particular in modern NFC applications, which may have during their life cycle to load or activate financial institutions applications, it is recommended that UICC cards be evaluated at banking-grade.