Product security evaluation services for Integrated Circuits, smart cards and smart card related devices
- Card consumer devices (e.g. bank cards)
- NFC-integrated circuits (ICs)
- Software based mobile payment products, such as Consumer Device Cardholder Verification Methods (CDCVM)
- IoT ICs: MCU, SoC, SE, secure memory, hard macro, soft-IP, NPU, MPU, GPU
Brightsight has developed an evaluation approach in which service packages are combined and presented to take our customers through the certification processes of Common Criteria, EMVCo, and specific payment brands smoothly while minimising risks, overall costs, evaluation time and time to market.
Product security evaluation services for Soft IP
Security correctness is a challenge for hardware designers, software and application developers. At the same time, the market demands rapid development of secure products, cost effective, and greater visibility of security capability for compliance, liability and accountability purposes. That’s why security needs to start at the core, with a secure, trusted, third-party certified design: Soft IP.
Certifying secure Soft IP
- Reduces time to market for high-security products, as the security is measured by design
- Increases product security assurance, as the Soft IP is delivered "evaluation-ready"
- Allows for better risk management due to proof of Soft IP integrity
- Builds trust in Soft IP suppliers
- Supports SoC developers in security offloading
- Composition / allows for re-use in other security evaluations
Brightsight services for Soft IP evaluation
In addition to Soft IP security evaluation, Brightsight offers evaluation related developer support services for Soft IP developers and SoC integrators, targeted at SoC integration to be certified for particular applications. We can help you evaluate, define and/or specify the details needed to build a high level of assurance.
System-on-Chip (SoC) security evaluations
Systems on Chip (SoCs) are the latest trend in the integration and miniaturisation of electronics. They are used in mobile phones, payment terminals, automotive systems, IoT devices and many other products. Because of the many shared resources on SoCs, their security implementation and its verification require special attention.
Brightsight has more than thirty-five years of experience working with Common Criteria for IC evaluations. This expertise is applied to SoC evaluations. Brightsight supports developers with the latest security requirements and guides them on what to expect during the security evaluation. This allows developers to already address any pitfalls that might have been found later in the evaluation process.
The guidelines for SoC security evaluation are dictated by the JIL Hardware-related Attacks Subgroup (JHAS). JHAS requires developers to make dedicated samples for attack testing in order to identify potential product vulnerabilities. Making these kinds of samples can be an expensive undertaking. Brightsight has in-house capabilities for building and preparing dedicating samples, and saving SoC developers the effort of providing them and shortening certification timelines while reducing evaluation costs.
As an active JHAS member, Brightsight collaborated on shaping the requirements for Hard Macro integration. Brightsight applies this expertise in SoC security evaluations, helping developers understand the test requirements, minimising risk during the evaluation, and helping developers at a later stage by making it easy for them to reuse the results of the evaluation.
Integrated Circuit standards and recognitions
