Markets

IoT
Payment
Content Protection
Access Control
Biometrics
On-Demand

contact us

Phone: + 86 755 8695 0263 Fax: + 86 755 8695 0263 Email: info@opsefy.com

IoT (Internet of Things)


The world of interconnected devices is booming around the world, with numbers predicted to reach up to 30 billions of devices by 2020. Smart locks, thermostat, home appliance or cars are now connected to a network or to other devices instead.

From a security analyst perspective, this is seen as a giant warning sign. Open user-device or device-device communication is most likely to present security vulnerabilities and open the door to attackers exploits.

In a perfect world, product designers would take security into account right from the first product sketch. Unfortunately, anticipating attacker behavior requires a very specific set of skills and mindset.

Hardware and software reverse engineering, protection against side-channel and fault injection attack, code hardening, rating of vulnerabilities or even just the risk management attached to such vulnerabilities are very complex topics to master and integrate in a design.

Hardware and software reverse engineering, protection against side-channel and fault injection attack, code hardening, rating of vulnerabilities or even just the risk management attached to such vulnerabilities are very complex topics to master and integrate in a design.

connected home devices (fridge, robot, monitoring devices, wearables), autonomous cars, UAV (drones), Industrial IoT devices and sensors, gateways.connected home devices (fridge, robot, monitoring devices, wearables), autonomous cars, UAV (drones), Industrial IoT devices and sensors, gateways.

Payment


When talking about security and how to evaluate security of a product, the payment industry has been one of the catalyzer since a few decades now.

Today, a user has access to a multitude of form factors to execute a payment transaction. Banking cards, smartphones, wearables or just biometric features are some of the transaction channel available.

Where hardware based security is still considered as the most protective, we do see since few years the emergence or mixed (HW & SW) solutions such as Trusted Excution Environment (TEE), Host Card Emulation (HCE) relying on new tools that are code obfuscation, white-box crypto or others.

To cope with such diverse range of products, the payment industry benefits from a very robust security evaluation ecosystem. Entities like payment schemes (VISA, Mastercard, …), EMVCo, Common Criteria (CC) or Global Platform (GP) established all guidelines, requirements and rating providing security laboratories with the framework to evaluate the robustness of your product.

OSR-Lab can support you to anticipate your payment security evaluation not only after your development but already during the design phase.

Smartcard IC, Systems on Chip (SoC), Secure Element (SE), Trusted Execution Environment (TEE), Mobile Payment Application, Payment Biometric Sensors.

Content Protection


It is often considered, with payment market, as the leading industry for asset protection. Content protection, as we consider it here, focuses on the evaluation of solutions securing digital content used for Pay-TV. In particular SoC or other chip-based devices.

OSR-Lab offers what we call ‘pre-test’ service for content protection. Our goal is to work with you to filter obvious vulnerabilities by performing similar penetration testing as well as preparing evaluation pre-requisites before you go for a formal evaluation with an accredited lab.

Systems on Chip (SoC), Secure Element (SE), Trusted Execution Environment (TEE), Set-top box, Smart TV, USB key or other content enabler.

Access Control


One aspect that comes to mind is usually physical access control. Securing access to facilities using entry devices, smartcards, biometric data, pattern recognition is a common field. In addition, access to digital space and data is becoming more and more important.

Think about a virtual office for example. A remote worker, connecting to his corporate profile using a vpn connection to access / manipulate / save and send confidential data.

Where login and password are a common tool, it should also be re-enforced by other mechanisms such as FIDO devices, fingerprinting, secure chip technologies (SE, TPM) or software hardening.

OSR-Lab has the capacity to evaluate the strength of your whole access control chain, physical or digital, for you to identify, manage and improve your risks.

any device with authentication functionality such as door access reader, fingerprint reader, secure printer, embedded secure chip (SE, TPM), FIDO token and protocols, car key.

Biometric


It is already a few decades that biometric technology is supposed to bring the ultimate security to authentication. It has been implemented in physical access control since many years already but we also see this technology being pushed in the mobile landscape too. Fingerprint sensors and authenticators are fully embedded in smartphones and heavily used for transactions. Facial / retina recognition is also being rolled out for similar user experience.

As expected, biometric mechanisms does involve the use of cryptographic algorithms to prevent the corruption of security assets (biometric template) and the data they protect.

Biometric security implementation often follow proprietary or local standards. Where the security evaluation scope may differ form one to another, OSR-Lab can apply its knowledge to evaluate your implementation against your requirements or industry best practice.

biometric sensor and authenticator embedded in reader, smartphone, printer or other biometric feature used for authentication purpose.

On-demand Evaluation


because we can’t describe all applications we can work on, and because new ones are created every day, we also proposed fully customized evaluation to our clients.