Gemplus, the world’s number one provider of solutions
empowered by smart cards, announced that its Java Card technology-
based GemXplore `Xpresso, is the first to be certified Evaluation Assurance
Level (EAL)5+ by the Common Criteria security standards body. This far exceeds
current legal requirements. Common Criteria is rapidly becoming standard
security for sensitive data; European digital signature laws currently require
EAL4, while following September 11, the US National Security Agency and NIST
(National Institute of Standards and Technology) are considering basing their
security specifications around Common Criteria.
By being awarded this exclusive level of smart card security, Gemplus has
once again proven its technology leadership use of Java Card technology for
smart cards. This major technological step will open new possibilities for
trusted services in areas such as banking, government ID and e-commerce from
both wireless and wired devices.
From a Secure Mobile Experience …
The SIM is already the preferred platform for many mobile commerce
services, such as banking, betting, stock brokering and billing. Now that
GemXplore `Xpresso has achieved this unprecedented security certification it
will become a key enabler for the growth of trusted services.
Mobile operators have long understood the SIM’s key role in securing their
subscribers’ mobile experience, ensuring that private data, such as bank
account details, never fall into the wrong hands. As the wireless application
market starts to take on a more open, Internet-like look, operators look
towards proven security standards. This will become increasingly important in
a 3G environment where digital rights, such as music copyright, need to be
“We are currently developing a mobile banking service with Banksys for the
Belgian Market,” states Martin Willems, Technical Security Manager at
Mobistar, Belgium. “When Gemplus told us that their SIM would reach common
criteria we had increased confidence that their products would provide the
level of security required for protecting financial details. GemXplore
`Xpresso will give our customers the required level of trust in our services.”
“This certification reconfirms the importance of Java Card technology for
security and privacy protection. Java technology has been a major enabler for
the end-to-end delivery of secure service solutions,” said Rich Green, Vice
President Java Technologies, Sun Microsystems. “We are pleased with Gemplus’
continued commitment to our Java Card platform and their achievement as one of
the first smart card companies to offer this level of security certification
to the market. This will pave the way for even more customers to take
advantage of open and secure data services.”
With secure applet download, services such as mobile banking can be
delivered safely to the end users’ mobile phone whenever the operator or
subscriber wants. Once the customer subscribes to a particular service, the
operator needs to be assured that it is stored securely and doesn’t interfere
with their subscriber’s data or applications. EAL5+ ensures that appropriate
firewalls and download infrastructure are in place.
Subscribers worldwide will see the benefits as GemXplore `Xpresso exists
for GSM, CDMA and 3G.
… To Identity Services
Gemplus’ government and military smart card, GemXpresso Pro 64k, is also
based on Java Card technology and has the same security level as GemXplore
`Xpresso, providing the level of security appropriate for governments and
military organizations in Europe and the United States.
Throughout a nation, state or city, a government’s various departments and
agency offices need a rapid, secure and efficient way in order to not only
identify citizens and their rights, but also to offer relevant services and
benefits. As a highly secure portable identification and communication
medium, solutions incorporating GemXpresso Pro 64K are optimal for providing
both reliable, physical and logical identification of individuals, while
securing the privacy and integrity of electronic transactions.
Common Criteria is an international certification that evaluates the
security of IT products. It originated in the European, US and Canadian
banking sectors. It has recently been adopted as an ISO standard (ISO/ISEC
15408). EAL represents the level of confidence of an IT security product or
system evaluated by Common Criteria.
Gemplus helps its clients offer an exceptional range of portable,
personalized solutions that bring security and convenience to people’s lives.
These include mobile Internet access, inter-operable banking facilities,
e-commerce and a wealth of other applications. Gemplus is the only completely
dedicated, truly global player in the Smart Card industry, with the largest
R&D team, unrivalled experience, and an outstanding track record of
technological innovation. Gemplus trades its shares on Euronext Paris S.A.
First Market and on the Nasdaq Stock Market as GEMP in the form of ADSs. Its
revenue in 2000 was 1.205 Billion Euros. It employs 6721 people in
37 countries throughout the world.