AFOM and Trusted Labs develop Protection Profile for open USIM cards
within Composite Evaluation Model
Defining security standard to certify applications once for all platforms
Paris-Nord Villepinte – November 17th, 2009 – AFOM, the Association of French Mobile Operators,
and Trusted Labs, a leader in security services, announce they have developed a new version of the
USIM Protection Profile (PP) for the Composite Evaluation Model.
This follows last year’s demonstration of a USIM card that was certified by composition (Cartes’08):
the application and the platform, which were certified separately, each kept their Common Criteria
certification when assembled in one product.
The new PP brings this principle of composition to the whole industry, defining a standard to allow
any certified application to be hosted securely on any Java Card™ USIM platform compliant with the
The Composite Evaluation Model is a scheme designed to allow applications to be Common-Criteria
certified once only, for all platforms. Going beyond the functional interoperability brought by
industry standards, it aims to bring security interoperability, to enable true multi-application –
including post-issuance deployment of applications.
The USIM PP being announced today – designed as part of the Composite Evaluation Model – defines
Java Card USIM platforms’ security interfaces, creating a de facto security standard. By complying
with the USIM PP, platforms designed by different companies will present the exact same security
interfaces to applications added on top.
The USIM PP also ensures isolation between the various applications hosted on the same card – so
that, for example, a loyalty application cannot access information held in a banking application,
This new version of the PP has been evaluated for Common Criteria level EAL4+, and is compliant
with both GlobalPlatform 2.2 specifications and with Sun’s Java Card System Protection Profile,