Thales, world leader in digital security, is the first company to achieve the highest level (1) of the international security standard ‘Common Criteria’ for their mobile ID software solution. The Gemalto Mobile ID software has demonstrated a level of resistance to the most advanced security penetration tests against mobile applications. This security breakthrough confirms that Thales uses the most innovative and disruptive technologies to protect its mobile ID solutions.
Thales portfolio of digital identities, including “Mobile ID Smart App” and “Digital ID Wallet”, will benefit from the same security by design approach. This means that governments selecting Thales’ digital identity solutions for their mobile and digital ID schemes, will offer their citizens and residents the highest level of software security and protection against ID thief.
The Common Criteria certifications enable an objective evaluation to validate that a particular product or system satisfies a defined level of robustness. It not only provides assurance that the Thales process of specification and implementation of a secure solution has been rigorously conducted, but also that the solution has reached the expected level of trust for final use.
Security tests on the Gemalto mobile ID software were performed by the internationally renowned testing laboratory “Brightsight” under the supervision of the NSCIB (2) (Netherlands Scheme for Certification in the Area of IT Security), in cooperation with of The Netherlands Ministry of Interior and Kingdom Relations.
1 Thales Mobile ID Solution reaches Evaluation Assurance Level – EAL 3 augmented with AVA_VAN.3, ADV_FSP.4, ADV_TDS.3, ADV_IMP.1, ALC_TAT.1. The EAL scale enables to verify that products meet the security claims made by vendors and AVA_VAN3 refers to the level of vulnerability analysis.
2 NSCIB is member of the SOG-IS. SOG-IS qualified bodies are one of the most stringent security bodies and benefit from a highly established recognition worldwide. The laboratory “Brightsight” was supervised by TÜV Rheinland Nederland B.V., on behalf of the NSCIB Certification Body.