Security assessment lab
We support our customers on the path to security certification
The laboratory annually evaluates more than 200 complex security products, ranging from electronic chips to complete hardware systems. It has numerous public or private accreditations (Common Criteria, EMVCo, GlobalPlatform, PCI PTS, FIPS 140-3, SESIP (pending), SBMP, etc.)
From initial design to certification, our teams of experts have been supporting you for 25 years in securing your products and solutions. Our security assessment laboratory is independent of any publisher or manufacturer. We belong to a totally independent group from the industry.
Our customers are public organizations or private companies, mostly international, operating in all areas where security is a concern.
Our test capacities are extensive and adaptable according to your needs and your product constraints:
- Fault injection (Laser, EM, Power)
- Listening station, protocol analyzers, capture Probing and micro probing
- Opening of parts (chemical, mechanical)
Backed by an electronic group, we have advanced tools for hardware evaluation (X-Ray, FIB, microscopy, chemistry). Constantly evolving, we develop our own software and hardware attack tools, allowing us to carry out comprehensive expertise.
Our laboratory is constantly evolving and benefits from significant investment in equipment, software and R&D, allowing us to maintain ourselves at the state of the art.
We offer all of the following services:
Consulting
Training : preparation for certification
- Common Criteria, ITSEF
- PCI / FIPS
- Site audit
Design and conception: assistance in securing products and architectures
- Secure coding
- Hardware
Hardware documentation writing: help with certification
- Security target, CC documents
- Product guide
- Architecture documentation
Accompaniement
- Site audit
- Certification preparation
Expertise
Pre-assessment : préparation for certification
-
Preparatory expertise for certification (CSPN, CC, FIPS, PCI, etc.)
Penetration tests
- Hardware and software (White, gray or black box)
- Stress tests
Audit
- Code review
- Documentation
- Technical architecture
Cryptography
- Cryptanalysis
- Cryptographic attacks (SideChannel)
- Protocol evaluation
Evaluation
Site audit
- Common Criteria
- EMVCo
State schemes
- ITSEF : CC under approval ANSSI
- FIPS, under approval NIST (NVLAP200977-0)
Bank schemes
- EMVCo, Visa, Mastercard, Discover, Amex, GIE-CB
- NSPK, EFTPOS, NAPAS, ELO
Private schemes
- Global Platform – SE
- GSMA eSA (pending)
- MIFARE 3.1 & Felica
- PCI : PCI-PTS, PCI-SPoC (in progress)
- PAYCERT ( GIE-CB) : SAFIRE (evaluation of firmware HSM)
- PSA certified