Siemens provides top-level security for digital signatures: smart card operating system CardOS certified for 2048-bit signatures

Munich 08 July 2005HiPath SIcurity CardOS is the Siemens operating system for smart cards, the foundation for chip-based access, identification and encryption solutions. The current Version 4.3 of the HiPath SIcurity CardOS has now been certified as compliant with CC EAL 4+ (Common Criteria Assurance Level 4+) for digital signature applications. It supports cryptographic operations with RSA keys up to 2048 bits in length. This means Siemens already meets the technical security standard which legislation is to make mandatory for legally binding digital signatures by the year 2010, and offers its customers a future-oriented investment in addition to top-level security standards.


With this certification, the current Version 4.3 of HiPath SIcurity CardOS already complies with the technical security standard for 2048-bit RSA keys which legislators are set to make mandatory by the year 2010. Certification according to CC EAL4+ was approved by the accredited certification facility of T-Systems, and was performed in compliance with the stipulations of the BSI, the German Federal Office for Security in Information Technology.

Qualified electronic signatures are used in legally binding transactions, for example in electronic business carried out between companies, in electronic communications between citizens and public authorities, and in the sector of telematics applications in the public health service. The signatures guarantee the identity of all the involved parties, as well as the validity and integrity of the data transmitted, and as such constitute the fundamental basis for e-business, e-government and e-health. With this new security standard, legislators intend to bring these important legal transactions into line with cutting-edge technological standards and make them secure. For Siemens customers the high security standard of HiPath SIcurity CardOS ensures that theirs is a reliable long-term investment in a future-oriented technology.

The RSA encryption procedure - the name comes from the initials of the inventors Rivest, Shamir, and Adlema - includes the following. The RSA algorithm enables data to be encrypted and decrypted with a pair of matching keys, one of which is kept secret as the private key, and the other made accessible to the public as the public key. Whatever is encrypted with one key can only be decrypted again with the other.

The RSA procedure makes it considerably easier to distribute the keys to all the communication partners involved ahead of encryption, which is crucial for safeguarding transactions on the Internet. At the present time RSA is the most important example of the asymmetrical encryption procedure. It is used worldwide in Internet security protocols such as IPSec and SSL. Until RSA was developed, encrypted communications were dominated by symmetrical procedures with only one secret key.

The "Common Criteria" are the basis for describing IT security complying with ISO-IEC 15408. They were developed from, among other things, European ITSEC and American TCSEC standards, and are graded according to different "Assurance Levels".

The HiPath SIcurity CardOS V4.3 is the smart card operating system from Siemens for the highest requirements in data security. Software packages can be loaded to expand or adapt the operating system to specific applications. The CardOS functionality is contained almost entirely on the ROM, so the complete EEPROM area remains available for applications. Patented personalization and initialization procedures ensure not only that mass production of the cards is cost-efficient, but also that modification of existing applications and the addition of new ones in the field is highly secure. With its smartcard-based solutions from the HiPath SIcurity portfolio, Siemens provides the foundation for a range of chipcard-based application scenarios such as personnel badges, student cards, identity cards, electronic ID cards, social security cards, health cards, and signature cards.

HiPath is the Enterprise Convergence Architecture from Siemens. A comprehensive solution and service portfolio enables companies to further expand their existing voice and data infrastructures, safeguard their existing capital investment, and implement second generation IP (2gIP) applications. 2gIP applications optimize company processes and lead to a sustained improvement in productivity for the corporation.

Thanks to the continuous further development of its products and software, Siemens Communications is an innovation expert on the path to a seamless integration of realtime communication in the IT world. According to analysts, HiPath has ensured that Siemens is the world's number one supplier of VoIP connections. With a market share of 38.6 percent. Siemens aims to further expand this position. Over 70 percent of the Fortune 500 corporations have selected a HiPath solution. Customers include BMW, DaimlerChrysler, Deutsche Bank, Ford, IBM, Kodak, SAP, BP and Volvo.

Siemens Communications is one of the largest players in the global telecommunications industry. Siemens is the only provider in the market that offers its customers a full-range portfolio, from devices for end users to complex network infrastructures for enterprises and carriers as well as related services. Siemens Communications is the world's innovation expert in convergent technologies, products and services for wireless, fixed and enterprise networks. It is the largest Group within Siemens and operates in more than 160 countries around the world. In fiscal 2004, year-end September 30, its 60.000-strong workforce posted sales of approximately 18 billion euros.

Leslie Versweyveld

[Medical IT News][Calendar][Virtual Medical Worlds Community][News on Advanced IT]