Services
Evaluation Services
Evaluation is expert review supported by document review, analysis and product testing in the laboratory. It is a process that results in the implementation of the determined standards and the submission of the evaluation report to the Certification Authority. As OKTEM Laboratory Evaluation Services;
- Common Criteria (ISO/IEC 15408, ISO/IEC 18045),
- Security Requirements for Cryptographic Modules (ISO/IEC 19790, ISO/IEC 24759),
- Secure Card Access Devices for Electronic Identity Cards (TS 13582, TS 13583, TS 13584, TS 13585)
- Electronic Authentication System (TS 13678, TS 13679, TS 13680, TS 13681)
- Basic Level Security Assessment (TSE K 505)
It carries out testing and evaluation activities in accordance with its standards. OKTEM is a licensed laboratory for these standards from the Turkish Standards Institute (TSE). In addition, the Vice Presidency of Testing and Evaluation, to which OKTEM is affiliated, is accredited by TÜRKAK under ISO/IEC 17025 (AB-0053-T).
The evaluation process starts with the application to the TSE Cyber Security Certification Directorate and OKTEM Laboratory for product evaluation. The following process is followed for applications to OKTEM Laboratory:
- The product developer fills out the Test and Evaluation Application Form (TDBY-TSG-FORM-01) completely and this form is forwarded to the BİLGEM Business Development Unit.
- The form is examined and the offer is prepared and the offer is sent to the product developer.
- When the offer is accepted, the process continues with TSE and OKTEM. The "Evaluation Statement" and "Business Plan" documents requested by TSE during the application process will be taken from our laboratory.
Common Criteria Evaluation
OKTEM Laboratory has been successfully conducting Common Criteria Evaluations since its establishment. It has the ability to evaluate all kinds of product groups and Protection Profile documents at all evaluation levels from EAL1 to EAL7. Our evaluations include software and hardware that are critical for our country. In addition, contributions are made to the International Working Groups formed for the development and implementation of the Common Criteria standard, and developments are followed closely.
Our Test and Evaluation services include testing modules that perform cryptographic operations with the internationally recognized ISO/IEC 19790 standard. The first and only crypto module testing activity in our country is carried out in our laboratory with the National Hardware Security Module.
The tests of Electronic Authentication System and Secure Card Access Devices, which are parts of the Republic of Turkey Identity Card project, are among our services that can only be performed in OKTEM Laboratory. These test activities are carried out with TSE license.
The task of testing the compliance of the New Generation Payment Recording Devices with the Technical Guidelines and communiqués published by the Revenue Administration has also been assigned to our laboratory. The software and hardware tests of each model for which approval application is made for use in our country are carried out in detail.
Apart from the activities briefly mentioned above, training and consultancy activities are also provided.
For detailed information about the Common Criteria and other services or to apply, please contact go ahead.
Security Requirements for Cryptographic Modules
The TS ISO/IEC 19790 standard specifies security requirements for encryption modules that protect sensitive information in IT infrastructures.
Security requirements cover areas related to the design and implementation of a module. These fields are encryption module properties; interfaces; roles, services and authentication; software / firmware security; operational environment; physical security; non-disruptive security; precise security parameter management; self-test; lifecycle guarantee and mitigation of other attacks.
This standard has set four levels of qualitative security to cover a wide range of potential applications and environments. The overall security rating of a module is determined by the requirements of the application and the environment in which it will be used, and the security services provided by the module.
Our laboratory started testing processes by obtaining the license for TS ISO/IEC 19790-24759 standards, which is the test standard and test requirement for Cryptographic Modules, from TSE in 2016.
Encryption Module tests for Turkey's first TS ISO/IEC 19790-24759 standards are carried out in our laboratory.
For detailed information about this test service or to apply, please contact go ahead.
Basic Level Security Assessment
TSE K 505 Basic Level Security Evaluation was created by the Turkish Standards Institute for simple, fast and effective evaluation of IT products.The goal of the standard, in which minimum safety requirements are defined, is to determine the compliance and effectiveness of the security functions provided by the product.
The aim of this standard, which is also considered to be the equivalent of low level Common Criteria evaluations, is to reduce the document load and to provide faster results.
For detailed information about TSE K 505 Basic Level Security Assessment or to apply, please contactswitch.
Electronic Authentication System
Electronic Authentication System is used with Secure Card Access Devices for the following services:
- T.R. Authentication with Identity Card (TCKK)
- Access to data in TCKK with role verification
- Uploading e-signature to TCKK
Electronic Authentication System; It consists of Authentication Server(KDS), Authentication Policy Server(KDPS) and Role Server(RS):
Authentication Server (KDS): It is the server where the authenticity of the authentication notifications created by KEC is checked.
Authentication Policy Server (KDPS): It is the server where the authentication policies of institutions are defined.
From Role Server (RS): It is the server used to process (read/write) data that can be accessed by role authentication on the ID card.
The standards for secure card access devices for electronic ID cards are divided into four parts:
- TS 13678 Electronic Authentication System – Part 1: Overview
- TS 13679 Electronic Authentication System – Part 2: Authentication server
- TS 13680 Electronic Authentication System – Part 3: Authentication policy server
- TS 13681 Electronic Authentication System – Part 4: Role Server
OKTEM Laboratory “T.C. It is the only authorized laboratory accepted by TSE for "Electronic Authentication System" tests as well as "Secure Card Access Devices for Identity Card" tests.
For detailed information about the electronic authentication system test service or to apply, please contact .
Secure Card Access Devices for Electronic ID Cards
Electronic identity cards with smart card technology are used in many fields such as e-government, banking, health and telecommunication. The fact that identity verification can be done securely in the electronic environment will enable many services to be provided over the electronic environment. With the new generation ID cards developed by TÜBİTAK BİLGEM, card readers are required for electronic authentication. If authentication will be made using the biometric information inside the cards, a secure card reader approved by the Turkish Standards Institute (TSE) must be used for confidentiality reasons. For this purpose, TSE and TÜBİTAK BİLGEM “T.C. A new standard has been prepared with the name of “Secure Card Access Devices for Identity Cards” consisting of four parts:
- TS 13582 Secure Card Access Devices for ID Card – Part 1: Overview
- TS 13583 Secure Card Access Devices for ID Card – Part 2: Interfaces and features
- TS 13584 T.C. Secure Card Access Devices for ID Card – Part 3: Security features
- TS 13585 Secure Card Access Devices for ID Card – Part 4: KEC application software features
OKTEM Laboratory “T.C. It is the only authorized laboratory accepted by TSE for "Secure Card Access Devices for Identity Card" tests.
T.R. For detailed information about the Secure Card Access Devices testing service for the ID Card or to apply, please get in touch .
New Generation Cash Register Technical Guide Compliance Test
New Generation Payment Recording Devices (YN ÖKC) are computer-based devices that can securely transfer data by connecting to the Revenue Administration via the internet. EFT-POS Feature, which includes bank POS, and 2 types, Simple / Computer Connected, which do not contain bank POS but can be connected to an external POS device.
In our laboratory, conformity tests of these devices are carried out in line with the guidelines published by the Revenue Administration.
Our institution does not give any approval, permission or certificate of achievement for YN ÖKCs, and the results of the tests carried out within the scope of the YN ÖKC Technical Guide Tests are submitted to the Revenue Administration.
To access the guide prepared by the Revenue Administration, click.
To access YN ÖKC Regulations and Guidelines, click.. strong>
For detailed information about our tests or to apply, please contact go ahead.
Training
Training services are provided within the scope of Test and Evaluation activities by our TSE certified Common Criteria Expert Evaluator personnel.
We are able to provide the following training services in line with the needs of our customers under the headings of Common Criteria, Security Requirements for Cryptographic Modules, Secure Card Access Devices for Electronic Identity Cards, Electronic Authentication System and Basic Level Security Assessment, which our laboratory is licensed from TSE.
- Training services can be provided at all levels of the Common Criteria (EAL1 – EAL7).
- Preparation of the Protection Profile document
- Preparation of the Security Objective document
- Common Criteria compliance in product design
- Preparation of Design Documents, Lifecycle, User Manuals and Test Documentation for Common Criteria
- Process Management for Common Criteria
- ISO/IEC 19790 compliant design for Cryptographic Modules
- Preparation of Security Policy and Design Document for Cryptographic Modules
- Test items preparation for Cryptographic Modules (ISO 24759)
- Compliance with Secure Card Access Devices standards for Electronic ID Cards
- Compliance with Electronic Authentication System standards
- Compliance with the Baseline Security Assessment standard
To contact us about your training needs, click.
Consulting Activities
Necessary consultancy services, including the preparation process, are provided within the scope of Test and Evaluation activities by our TSE certified Expert Evaluator personnel. With the advice of our experienced experts, you can quickly and cost-effectively overcome the assessments and easily obtain certification in the Common Criteria and other standards.
We are able to provide the following consultancy services in line with the needs of our customers, under the headings of Common Criteria, Security Requirements for Cryptographic Modules, Secure Card Access Devices for Electronic Identity Cards, Electronic Authentication System and Basic Level Security Evaluation, which our laboratory is licensed from TSE.
- Consultancy services can be provided at all levels of the Common Criteria (EAL1 – EAL7).
- Preparation of the Protection Profile document
- Preparation of the Security Objective document
- Common Criteria compliance in product design
- Preparation of Design Documents, Lifecycle, User Manuals and Test Documentation for Common Criteria
- Process management for Common Criteria
- ISO/IEC 19790 compliant design for Cryptographic Modules
- Process management for Common Criteria
- Test items preparation for Cryptographic Modules (ISO 24759)
- Secure Card Access Devices tests for Electronic ID Cards
- Electronic Authentication System tests
- Baseline Security Assessment preparation
click. to contact us about your consultancy needs.
Software and Hardware Security
Training and testing activities can be performed in the following subjects at OKTEM Laboratory:
- Hardware Tests
- Reverse Engineering
- Microprobing
- Physical Security Analysis
- Code Analysis and Design Review
- Side Channel Attacks
- Time Analysis Attacks
- Power Analysis Attacks
- Electromagnetic Analysis Attacks
- Şablon Saldırıları
- Hata Enjeksiyonu
- Lazer Hata Enjeksiyonu
- Gerilim ve Frekans Manipülasyonu
- Farksal Hata Analizi
- Elektromanyetik Hata Enjeksiyonu
- Software Tests
- Code Analysis and Design Review
- Injecting Malicious Code
- Protocol Attacks
- Vulnerability analysis, penetration tests
