Main Index
| Company | Tech Writing | Problem Solving | Contact |
| Biometrics | Smart Cards | Common Criteria | Web Site Development | Photography |

COMMON CRITERIA

Common Criteria is the nickname for ISO 15403, Information Technology - Security Techniques - Evaluation Criteria for IT Security. Common Criteria provides a mechanism for the mutual recognition of product evaluations in order to achieve improved world-wide availability of Information Technology security-capable products. One of the most useful parts of the CC methodology is the ability (and requirement) to precisely define the environment and operational requirements for a piece of IT security equipment as part of the specification of what the product is expected to do.

The following activities represent some of the Common Criteria related output of RMTCI.
  • Technical Editor for preparation and certification of the Smart Card Security Users Group Smart Card Protection Profile. This effort involved a consortium of the major payment associations (Visa, MasterCard, American Express, and JCB) as well as multiple government representatives (US, Canada, Great Britain, France, Germany, and Japan). The Protection Profile (written according to the requirements of the Common Criteria ISO 15408) was certified in the US, Canada , Germany, and France in September, 2001.

  • Author of EMV Integrated Circuit Card Credit and Debit Application Protection Profile draft (submitted to EMVCo for review in 2001).

  • Adjunct Technical Consultant for Authenti-Corp. Contributed to:
    • Government Smart Card Interoperability Specification - Smart Card Application Protection Profile, DRAFT 2003.
    • Biometric Verification Mode Protection Profile DRAFT 2003.

  • Author of Monograph for Smart Card Industry Association (SCIA is now part of the Smart Card Alliance).
    • Common Criteria and Smart Card Security Evaluations, May 2000.

  • Provided training in Common Criteria to various industrial groups.

  • Provided technical writing services for various customers to generate papers on Common Criteria Protection Profiles, Common Criteria threats and vulnerabilities, definition of Targets of Evaluation (TOE), and general CC support.

  • Successfully completed NIAP course on Designing a Protection Profile, January, 1999.

  • Professional Contributions:
    • "SCSUG-SCPP Lessons Learned", Proceedings, 3rd International Common Criteria Conference, presented at the Conference, Ottawa Canada, May 13-14, 2002.
    • "Common Criteria and the Smart Card Security Users Group Smart Card Protection Profile", presented at the SMPTE Study Group DC28.4, Los Angeles, CA, May 22, 2001.
    • "Developing Protection Profiles - Getting Started", Proceedings, 16th Annual Computer Security Applications Conference, presented at the Conference, New Orleans, LA, December 11-15, 2000.
    • "The Smart Card Security Users Group Smart Card Protection Profile", Proceedings, 23rd National Information Systems Security Conference, presented at the Conference, Baltimore, Maryland, October 16-19, 2000.
    • "Smart Card Protection Profile", Proceedings, 1st International Common Criteria Conference, presented at the Conference, Baltimore, Maryland, May 23-25, 2000.
    • Introduction to the SCSUG Protection Profile at CarteS '99 Workshop, November, 1999.
    • Panelist on Protection Profiles at 22nd National Information Systems Security Conference, October, 1999.
    • Participant in NIST Workshop on Databases of Threats and Countermeasures, March 1999.