Developers of security products need to show that their products do indeed provide the promised security functionality. Formalised security evaluation and certification provides users with trust that a product is indeed secure, and developers with a way to distinguish their secure products.

Developers also need the evaluation and certification process to be predictably short: the time the product is waiting for a certificate, is not only wasted time to market and lost sales. This time needlessly lost in paperwork is also time that attackers will use to improve their attacks, while the product is frozen. Therefore, unpredictably long certification times are very costly to developers and reduce security for all.

TrustCB provides this trust-worthy certification, within a predictably short time to certification.

Our approach to achieving these benefits, is to (co-)create and operate dedicated certification schemes, such as the global ticketing schemes. We build these schemes on the basis of the high assurance methodology and decades-long experience of the smartcard security evaluation domain. Naturally there is some encoding in specialised language (ISO/IEC 15408 and ISO/IEC 18045, better known as the Common Criteria), specific terms and common approaches of this domain that sound complex, but the essence is this: In tight co-operation with the active stakeholders, TrustCB distills the security requirements for a specific domain down to their core essence. At the same time solid methodology is described, in a way that will make the evaluations efficient. Together this becomes a dedicated scheme that TrustCB designs and operates on behalf of the stakeholders.

We use a mutually supporting combination of strategies to design such an efficient, dedicated scheme:

  • We build and leverage trust with all parties, especially between the certifiers and evaluators, and the evaluators and developers.
  • We ensure the trust is well founded, by also ensuring verification is built in.
  • We define the deliverables of all parties such that they have to show the right assurance is gained, not to show busywork.
  • We focus evaluation and certification activities on making the assurance judgements, not on hiding behind paperwork.
  • We re-use and leverage existing solid assurance already in place, even if it is not invented here.
  • We standardise the certification processes at TrustCB and move them out of the critical path wherever possible, so that we can minimise all certification overhead.
  • We standardise the way the evaluation activities are reported, not the way they are performed, so that evaluators can optimise for each project.
  • We define the requirements for the products in ways that are compatible and comparable between the schemes, enabling re-use and optimisation for developers, evaluators and certifiers.

During the operation of these dedicated schemes, TrustCB maintains them: We are constantly looking for signs of needless friction as they point to optimisations that are possible in procedures, interpretations and approaches. There is a designated “scheme lead” certifier for this activity, for each of the dedicated schemes. This scheme lead also keeps in good contact with the stake holders, supports and trains the certifiers, and guides the new developments in the dedicated scheme.

Any generalised improvements and learnings are shared and aligned with the other dedicated schemes. All dedicated schemes also have a (non-TrustCB) representative in the Advisory board of TrustCB. With all the dedicated schemes operated by TrustCB equally represented, this board provides a balanced anchor to extra ensure the impartiality and fairness of TrustCB in its operation of the schemes.

In the end, it all comes down to the dedicated focus of TrustCB to efficiently trust and verify.