Delft, 29th of May 2019: Brightsight is proud to announce that MagicCube has received the first ever EMVCo SBMP (Software-Based Mobile Payment) security evaluation certificate for their vTEE (virtual Trusted Execution Environment). This also marks the first time that EMVCo approved a vTEE implementation under the SBMP evaluation process.
EMVCo established a Security Evaluation Process for Software-Based Mobile Payments to provide an efficient, flexible offering for product providers and promote a robust security foundation for SBMP solutions.
Brightsight is honored of having been selected by MagicCube as the security laboratory for conducting this world-wide very first SBMP security evaluation. Brightsight leveraged on its experienced teams on both hardware-based and software-based complex security evaluations, to successfully have carried out this first ever SBMP security evaluation for EMVCo.
The certified product consists of a virtualized Trusted Execution Environment executed in a mobile device platform and a connected centralized attestation and management service (miniCloud™). This vTEE solution enables execution of virtual Trusted Applications. These trusted applications can be used to implement a wide range of mobile solutions that need a high level of security like mobile payment implementations. The virtual Execution Environment provides security services such as cryptographic primitives, secure storage functionalities and strict domain isolation.
With the SBMP approval process, MagicCube is granted a security evaluation certificate for their Software-Based Mobile Payment components or solutions (e.g. TEE, CDCVM, Attestation, Software Protection Tools). Customers of MagicCube can make use of the certified product to develop innovative mobile payment solutions.
“This certification was one of the biggest goals of MagicCube since its founding: to create a new software based category in an industry where standards have been dominated by hardware” said Nancy Zayed Co-founder and CTO of MagicCube. “We are proud to lead a category that will shift the security of mobile and IoT devices into a whole new paradigm we like to call Software Defined Trust (SDT).”
“Being the first to get a Software TEE certified was a huge undertaking. The Brightsight’s team’s approach, knowledge, and attention to detail played a big part in making this a successful endeavor. This certification provides recognition and third-party technical validation, which will facilitate widespread adoption and deployment of our products globally,” said Sam Shawki, MagicCube’s co-founder and CEO.
Brightsight has several years of experience in conducting SBMP evaluations on various products and has been an EMVCo-approved security evaluator for years. Dirk-Jan Out, CEO at Brightsight, says: “We are very happy to contribute to the payment industry evolution with this first vTEE evaluation for MagicCube. This recognition shows both our customers and payment brands trust in our services. We will continue to expand our portfolio to support our customers in obtaining the approvals they need.”
Brightsight is the number one independent security lab in the world and has over 35 years of experience in evaluating IT products against a variety of security requirements. We offer security evaluations to developers and manufacturers of security products and applications, such as smart cards, ICs, HSMs, System on Chips, Payment terminals, Mobile Payment solutions, IoT solutions, Automotive solutions and Biometric solutions.
The results of Brightsight security evaluations are broadly recognized and accepted by major international organizations in the information security industry and particularly those in the verticals of the payment industry (EMVCo, PCI, payment brands, etc.).
In addition to security evaluations, Brightsight offers customized training courses to equip valued customers with the knowledge and skills necessary to take on future challenges in their business. Brightsight is located in Delft, the Netherlands (HQ), Barcelona, Spain and Beijing, China.