We have a long history in evaluating cryptographic devices of all kinds. Our experience in evaluating the security aspects of specialized IT products, coupled with our many accreditations, gives us a unique position in the evaluation of:
  • Host Security Modules
  • Encrypted PIN pads
  • Cryptographic libraries
  • Hardware design and implementations
  • Software implementations
  • (Cryptographic) Algorithms and solutions
  • Transaction infrastructures

We have successfully performed Common Criteria evaluations of Host Security Modules, one of which was the world's first approval under the PCI program for HSM's. We have the knowledge and experience required to certify devices at all EAL levels. Of course, this implies we can cover security claims up to and including resistance against attackers with a high attack potential, which is the highest level possible in CC. We have evaluated devices containing all currently popular cryptographic algorithms such as AES, RSA, DES, ECC, SHA, RIPEMD, as well as proprietary algorithms.

Our evaluation approach is very practical: in our labs, we analyze the susceptibility of devices to many state-of-the-art attack scenarios such as:
  • Optical fault injection
  • Side channel analysis
  • Physical tampering
  • Logical attacks
  • Environmental stress testing.

Using these scenarios, we work to determine the type of cryptographic algorithms present in the device, and to extract assets, such as cryptographic keys, passphrases, PIN codes, transaction counters, et cetera. We have developed many custom tools to facilitate our evaluations. This allows us to efficiently and accurately assess potential vulnerabilities and their remedies.

Evaluations can be performed either under a specific scheme, such as Common Criteria or PCI-PTS, or they can, on request, be tailored to customer requirements.