The German Federal Office for Information Security (BSI) has certified the "Secure Sub-System in System-on-Chip (3S in SoC) Protection Profile" according to Common Criteria (ISO/IEC 15408). With the certification identifier BSI-CC-PP-0117, mobile end devices such as smartphones have a security platform - for example for e-SIM.
The protection profile was developed by the chip manufacturers and test centers organized in the European industry association EUROSMART: Brightsight, Deutsche Telekom Security, Giesecke+Devrient, Infineon, Internet of Trust, JTSec, NXP, Qualcomm, Samsung, STMicroelectronics, Synopsys, Thales, Tiempo-Secure, TrustCB, TÜViT, Winbond and Xilinx.
Secure Sub-System in a System-on-Chip
It specifies requirements for secure chip platforms that are integrated into larger ICs as a subsystem (Secure Sub-System in a System-on-Chip). The manufacturer of such a chip platform can now apply to the BSI for product certification with reference to this protection profile. PP-0117 builds on and extends the protection profile BSI-CC-PP-0084-2014, which is established as the de facto standard for secure chip platforms.
Mobile devices as a secure platform
With the development of PP-0117, the industry follows the trend of concentrating more and more functions on a single chip (system on a chip). While security elements have so far mostly been implemented as individual smart card chips - such as SIM cards - in the future they will increasingly be an integral part of larger chips, such as those built into smartphones, for example.
Mobile end devices such as smartphones, smartwatches or tablets that are equipped with a security element certified according to PP-0117 have a secure execution platform for a wide variety of security applications. These include, for example, eSIM, eID, ticketing or authentication.
More at BSI.Bund.de
About the Federal Office for Information Security (BSI) The Federal Office for Information Security (BSI) is the federal cyber security authority and the creator of secure digitization in Germany. The guiding principle: As the federal cyber security authority, the BSI designs information security in digitization through prevention, detection and reaction for the state, economy and society.