Composite Evaluation Approach Derived from Decades of Experience in Smart Card Evaluations for HSM and SAM (C22c)
Mandated in 2018, eIDAS (electronic IDentification, Authentication and trust Services) is an EU regulation defining standards for electronic signatures, qualified digital certificates, electronic seals, timestamps and other proof of authentication for electronic transactions among EU member states. As part of an eIDAS compliant solution, an HSM (platform) and a SAM (Secure Application Module) must be Common Criteria certified against EAL4+ Protection Profiles EN 419221-5 â€œCryptographic Modules for Trust Servicesâ€ and EN 419241-2 â€œProtection Profile for QSCD for Server Signing”.
In 2018, Brightsight accomplished the certification of the first eIDAS compliant HSM and is currently involved in a number of SAM and HSM evaluations. By leveraging on a composite evaluation approach derived from decades of experience in smartcard evaluations, Brightsight delivers comprehensive, pragmatic and reliable evaluation strategies that suit the needs of developers and certification authorities.
This presentation briefly covers the basics of the eIDAS regulation and the opportunities it offers to HSM and application developers. Afterwards, the highlights and challenges encountered during the first eIDAS HSM evaluation and the approach to composition will be discussed.