Thales first to reach highest level of certification possible for mobile ID security software

  • Thales has achieved a major breakthrough in software security technology by reaching the highest level of Common Criteria certification in mobile software history.
  • Following the acquisition of Gemalto by Thales, this achievement further strengthens Thales as the undisputed world leader in digital security.
  • Governments selecting Thales for their mobile ID initiatives will be able to provide their citizens with best-in-class mobile identity security protecting them against ID theft and guaranteeing data protection and privacy.

Thales, world leader in digital security, is the first company to achieve the highest level (1) of the international security standard ‘Common Criteria’ for their mobile ID software solution. The Gemalto Mobile ID software has demonstrated a level of resistance to the most advanced security penetration tests against mobile applications. This security breakthrough confirms that Thales uses the most innovative and disruptive technologies to protect its mobile ID solutions.

Thales portfolio of digital identities, including “Mobile ID Smart App” and “Digital ID Wallet”, will benefit from the same security by design approach. This means that governments selecting Thales’ digital identity solutions for their mobile and digital ID schemes, will offer their citizens and residents the highest level of software security and protection against ID thief.

The Common Criteria certifications enable an objective evaluation to validate that a particular product or system satisfies a defined level of robustness. It not only provides assurance that the Thales process of specification and implementation of a secure solution has been rigorously conducted, but also that the solution has reached the expected level of trust for final use.

Security tests on the Gemalto mobile ID software were performed by the internationally renowned testing laboratory “Brightsight” under the supervision of the NSCIB (2) (Netherlands Scheme for Certification in the Area of IT Security), in cooperation with of The Netherlands Ministry of Interior and Kingdom Relations.

“By achieving this independent and government-recognized security certification, Thales has set a new landmark for government mobile ID software security. Our mobile-based digital ID solutions are already entrusted and deployed in more than 20 countries around the world. They enable citizens to securely log on to public and private eServices and to smoothly prove who they are online while guaranteeing data protection and privacy.” Youzec Kurp – SVP Identity & Biometric Solutions at Thales

1 Thales Mobile ID Solution reaches Evaluation Assurance Level – EAL 3 augmented with AVA_VAN.3, ADV_FSP.4, ADV_TDS.3, ADV_IMP.1, ALC_TAT.1. The EAL scale enables to verify that products meet the security claims made by vendors and AVA_VAN3 refers to the level of vulnerability analysis.

2 NSCIB is member of the SOG-IS. SOG-IS qualified bodies are one of the most stringent security bodies and benefit from a highly established recognition worldwide. The laboratory “Brightsight” was supervised by TÜV Rheinland Nederland B.V., on behalf of the NSCIB Certification Body.