Pol Matamoros, Bitwise Security Analyst
We have been conducting CC evaluations and consultancy since 2006 working with international clients. We can help Common Criteria labs to face the workload peaks as external evaluators. We can also provide a working framework to help developers to intermediate between labs and generate a CC compliant documentation in order to speed-up the evaluation process.
Some of the evaluations that we have been involved in are: national ID card, e-Passport, HSM or signature devices.
Our engineers have a wide experience leading technical VISA, MasterCard, AMEX, Discover, EMV (including platforms) evaluations. Bitwise can provide services to accredited laboratories to conduct the source code review, filling the assets table and the vulnerability analysis, as well as performing side-channel attacks.
Our knowledge in these evaluations makes our services very valuable for smart card manufacturers to help them to integrate the required protection in their products from the very beginning of the developing lifecycle.
Our team has experience working in HSM and smart card manufacturers company and also in security labs conducting payment and CC certification.
It provides a high added value to embedded device developers since we have a global vision and knowledge of the lifecycle of embedded devices.
We can help you at any phase of the process.
We offer a wide range of training options for any company interested in acquiring knowledge in embedded security, Common Criteria or technologies like Javacard.
Understanding our clients needs encourages us to be open and flexible in order to provide the best fitted solution for our clients.
See more details in the Training section.
We are planning to embark on a new project. Can you help us define its security requirements?
Bitwise can help you to produce a design that complies with the most demanding security standards.
We have designed a product but we do not know how to implement its security requirements. Can you help us?
Bitwise can be your development partner. Our developers create easy-to-read high-quality source code that you can include in your products.
We want to certify a product. Can you advise us on how to proceed?
Bitwise can execute a gap analysis to detect gaps in your product, site and procedures. We can thereby help you effectively to reduce the gap and deal with the certification laboratories.
We want to begin the certification process but the laboratory has asked us to send them great deal of documentation that we do not have. Can you do it for us?
Bitwise can draw up all the documentation for you and deal with any questions from the laboratories.
Our development team has never heard anything about secure coding or certification. Can you train them?
Bitwise has a complete set of training options: secure coding, Java Card, Common Criteria, EMV, etc. We can also prepare customised training programmes in line with your specific needs.
Sergi Casanova, Bitwise Security Analyst
This training focuses on the implementation and evaluation of the Security Assurance Requirements (SARs) from the evaluator point of view.
The training introduces the following concepts:
The training explores in detail the following advanced topics:
The training provides a methodology to find and analyse security flaws and countermeasures at applet level. At the same time, several tools to make this task easier are also explained.
The training provides a methodology to find and analyse security flaws and countermeasures at Javacard platform level. It explains the differences between a defensive and a non-defensive Javacard platform implementation.
The training introduces the different types of malicious applets: