Get to Know the Secure Wallet- CC EAL5+

ECOMI
ECOMI
Published in
5 min readNov 21, 2018

The Secure Wallet provides world-leading security in a device that is truly portable. With private keys that never leave the device and a secure element with a higher security rating than those used by banks and government level deployments, hodling onto your crypto has never been easier, or safer. So have you ever wondered what CC EAL5+ actually means, and why it is important?

What is CC EAL5+?

First and foremost, let’s understand the acronym CC EAL5+.
In it’s simplest explanation, this is verification that a product has been security tested, and held to a particular standard.

CC: Stands for common criteria for Information Technology Security Evaluation. This is based on an international standard (ISO/IEC 15408) for computer security certification. When it comes to a particular product, it must meet the base standards of the common criteria.

EAL: The Evaluation Assurance Level is a category ranking assigned to an IT product or system, after a Common Criteria security evaluation. The EAL levels are:

  • EAL1 — functionally tested
  • EAL2 — structurally tested
  • EAL3 — methodically tested and checked
  • EAL4 — methodically designed, tested and reviewed
  • EAL5 — semi-formally designed and tested
  • EAL6 — semi-formally verified design and tested
  • EAL7 — formally verified design and tested

As it implies, the ‘+’ or suffix after the EAL rating refers to one or more additions to the EAL base level rating.

Breaking Down the Security Implications

There are a few key things to note when referring to the security of a product or design.

  1. The security/safety of a product isn’t an absolute value. That is, the necessity of a particular security ranking is dependant upon the product itself, its purpose/use cases, and what you are testing it for.
  2. Although it may appear that a higher numerical EAL rating would also mean better security, this isn’t necessarily the case. Rather it is a measure of the level of testing the product has been put through, based on the needs of the said product.
    A key component of the EAL is the security target document, which details the purpose of the product, it’s functions, intended use cases, the hardware/software involved, as well as the security and functional requirements of the product (known as the target of evaluation).
  3. The security target also takes into account security threats, assumptions and functional requirements to perform the tasks it has been designed for. This is known as the ‘security assurance requirements,’ which, when met result in the evaluation assurance level (EAL) rating.
  4. The EAL rating determines the extent of the testing and the confidence that security is as claimed. You cannot simply compare EALs numerically, as the number can only be properly understood in the context of the Security Target.

“Although assurance requirements for each product and system are the same, functional requirements differ.

Functional features are created in the Security Target document, which is specifically tailored for each product’s evaluation.

A higher EAL does not indicate a higher level of security than a lower EAL because they may have different functional features in the Security Targets.”
Margaret Rouse

What Does This Mean for the Secure Wallet?

One of the key design and security features of the ECOMI Secure Wallet is the hardware secure element.

This chip, the Smart MXTM secure element (SE), is a state-of-the-art security crypto-controller. It is designed specifically for high-performance security chip card management and applications, allowing for contactless interactions and multi-factor authentication requirements. Without going too deep, some of the SE’s genetics include:

  • Data retention time: 25 years
  • Endurance: 500 000 cycles minimum
  • Interfaces:
    -Contact interface according to ISO/IEC 7816
    -Contactless interface according to ISO/IEC 14443 A
  • Memory Management Unit (MMU)
  • High-speed 3-DES coprocessor (64-bit parallel)
  • High-speed AES coprocessor (128-bit parallel)
  • PKI (RSA, ECC) coprocessor FameXE (32-bit parallel)
  • Certified CC EAL 5+
The Secure Wallet offers world leading crypto-security features

The main takeaway from the secure element is to understand that it has been rigorously tested for its use cases (securing your private keys) and has therefore met the international standards and requirements of the EAL 5+ security rating.

This is not only the highest security level available for government level deployments, it also means that the secure element (and therefore the Secure Wallet) have undergone the required testing and evaluation to provide you- the consumer- with the levels of security that we claim to provide.

Moreover, by implementing Bitcoins ECDSA algorithm with parameter secp256k1 the element can generate and digitally sign transactions without the private keys ever leaving the chip.

Of course, the Secure Element, and it’s associated rating and evaluation is only one security feature of the Secure Wallet. For more information about the Secure Wallet’s security parameters, including connectivity, hosting, transactions and confirmations, please see this security overview.

For more information about the Secure Wallet, or to purchase your own, check out our online store at https://securewallet.shop/

About ECOMI

ECOMI is a technology company based in Singapore and is leading the way in the emerging digital collectibles space. ECOMI offers a one-stop-shop for digital collectibles through the ECOMI Collect app bringing pop culture and entertainment into the 21st century.

The Collect app allows users to experience true ownership of premium digital collectibles. Through the app marketplace, users can obtain common, rare, or one-of-a-kind digital collectibles, share these across the social network service, and exchange them with the Collect community, all from the palm of their hand.

ECOMI sees digital collectibles as a new asset class which offers intellectual property owners the opportunity for new revenue streams in the digital landscape. Digital streaming, gaming, and in-app purchasing have become a multibillion-dollar market and the next to join this digital trend is the pop culture and collectibles industry.

For more information please see the ECOMI Collect Whitepaper or join the community on Telegram, Twitter and Facebook.

--

--