Get the latest news, features, and updates from ECOMI
The Secure Wallet provides world-leading security in a device that is truly portable. With private keys that never leave the device and a secure element with a higher security rating than those used by banks and government level deployments, hodling onto your crypto has never been easier, or safer. So have you ever wondered what CC EAL5+ actually means, and why it is important?
What is CC EAL5+?
First and foremost, let’s understand the acronym CC EAL5+.
In it’s simplest explanation, this is verification that a product has been security tested, and held to a particular standard.
CC: Stands for common criteria for Information Technology Security Evaluation. This is based on an international standard (ISO/IEC 15408) for computer security certification. When it comes to a particular product, it must meet the base standards of the common criteria.
EAL: The Evaluation Assurance Level is a category ranking assigned to an IT product or system, after a Common Criteria security evaluation. The EAL levels are:
- EAL1 — functionally tested
- EAL2 — structurally tested
- EAL3 — methodically tested and checked
- EAL4 — methodically designed, tested and reviewed
- EAL5 — semi-formally designed and tested
- EAL6 — semi-formally verified design and tested
- EAL7 — formally verified design and tested
As it implies, the ‘+’ or suffix after the EAL rating refers to one or more additions to the EAL base level rating.
Breaking Down the Security Implications
There are a few key things to note when referring to the security of a product or design.
- The security/safety of a product isn’t an absolute value. That is, the necessity of a particular security ranking is dependant upon the product itself, its purpose/use cases, and what you are testing it for.
- Although it may appear that a higher numerical EAL rating would also mean better security, this isn’t necessarily the case. Rather it is a measure of the level of testing the product has been put through, based on the needs of the said product.
A key component of the EAL is the security target document, which details the purpose of the product, it’s functions, intended use cases, the hardware/software involved, as well as the security and functional requirements of the product (known as the target of evaluation).
- The security target also takes into account security threats, assumptions and functional requirements to perform the tasks it has been designed for. This is known as the ‘security assurance requirements,’ which, when met result in the evaluation assurance level (EAL) rating.
- The EAL rating determines the extent of the testing and the confidence that security is as claimed. You cannot simply compare EALs numerically, as the number can only be properly understood in the context of the Security Target.
“Although assurance requirements for each product and system are the same, functional requirements differ.
Functional features are created in the Security Target document, which is specifically tailored for each product’s evaluation.
A higher EAL does not indicate a higher level of security than a lower EAL because they may have different functional features in the Security Targets.”
— Margaret Rouse
What Does This Mean for the Secure Wallet?
One of the key design and security features of the ECOMI Secure Wallet is the hardware secure element.
This chip, the Smart MXTM secure element (SE), is a state-of-the-art security crypto-controller. It is designed specifically for high-performance security chip card management and applications, allowing for contactless interactions and multi-factor authentication requirements. Without going too deep, some of the SE’s genetics include:
- Data retention time: 25 years
- Endurance: 500 000 cycles minimum
-Contact interface according to ISO/IEC 7816
-Contactless interface according to ISO/IEC 14443 A
- Memory Management Unit (MMU)
- High-speed 3-DES coprocessor (64-bit parallel)
- High-speed AES coprocessor (128-bit parallel)
- PKI (RSA, ECC) coprocessor FameXE (32-bit parallel)
- Certified CC EAL 5+
The main takeaway from the secure element is to understand that it has been rigorously tested for its use cases (securing your private keys) and has therefore met the international standards and requirements of the EAL 5+ security rating.
This is not only the highest security level available for government level deployments, it also means that the secure element (and therefore the Secure Wallet) have undergone the required testing and evaluation to provide you- the consumer- with the levels of security that we claim to provide.
Moreover, by implementing Bitcoins ECDSA algorithm with parameter secp256k1 the element can generate and digitally sign transactions without the private keys ever leaving the chip.
Of course, the Secure Element, and it’s associated rating and evaluation is only one security feature of the Secure Wallet. For more information about the Secure Wallet’s security parameters, including connectivity, hosting, transactions and confirmations, please see this security overview.
For more information about the Secure Wallet, or to purchase your own, check out our online store at https://securewallet.shop/
ECOMI’s mission is to create the world’s best platform to purchase, trade and collect premium licensed digital collectibles. With user friendly products and applications, ECOMI delivers the freedom to secure and control your digital assets, data, and cryptocurrencies from one user-friendly interface.