Security approval and certification for smartcard/secure element

Why choose FIME?

FIME can help you improve the security of your smartcard/Secure Element, including your NFC application, platform and Integrated Circuit. Thanks to our partnership with a Security laboratory, FIME can also help you with security testing and evaluation against AFSCM, Common Criteria, GlobalPlatform, GSMA, payment scheme or bespoke security requirements.

Service description

Thanks to FIME’s partnership with a Security laboratory, we provide support for security evaluation, to demonstrate your product’s compliance with recognized security standards. It includes both software and hardware penetration testing.

FIME security testing support services cover well known standards as well as private schemes:

  • AFSCM (French Contactless Mobile Association)
  • American Express
  • Common Criteria
  • Discover
  • EMVCo
  • French Government First-grade Security Certification (CSPN)
  • GlobalPlatform
  • GSMA
  • JCB
  • MasterCard Compliance Assessment and Security Testing (CAST)
  • Visa Chip Security Program (VCSP).

Leveraging our partnership with an approved Security Laboratory, we provide our customer with support for security evaluation* services. The Security laboratory also supplies detailed evaluation results to the customer, especially where security flaws have been detected, in order to help customers update their products. In addition, FIME optimizes the time spent on a delta evaluation of the new version of the product.

FIME is accredited by the French Mobile Contactless Services Association (AFSCM) to carry out security expertise on cardlets, as well as Android and Windows Phone applications, to ensure that they have the required security level. This offer is targeted at MNOs and NFC service providers.

In addition, mobile network operators (MNO) and NFC service providers need to validate the security of their NFC applications in a fast and cost-effective way.

Sensitive applications, such as mobile payments, e-identity and e-signatures, have to achieve security certification. Basic applications, such as loyalty, rewards and couponing are less sensitive, but any weakness in these applications can threaten the security of the platform and / or other apps. It is best practice to ensure that basic applications enforce some security rules, some of which can be derived from the platform security guidance, especially once the platform is certified.

FIME also provides monitoring tools to record and analyze communications between cards and readers (Smartspy™ Contact, Smartspy™ Contactless).

In addition, we also provide security evaluation* services for Host Card Emulation (HCE) applications on behalf of application developers, service providers and banks, and security evaluation services for Trusted Execution Environments (TEE) on behalf of chip manufacturers and handset manufacturers.

* Official Common Criteria and payment scheme security evaluation services are provided by an accredited partner. For EMVCo and Visa security testing, FIME will help with the administrative aspects related to working with the accredited partner.

Secure Element