Project: A certified Security Core that will enable deployment of a wide range of secure applications and services across Europe.

Secure communication is an essential requirement for any modern organization. In practical terms, this means sending authentic, non-repudiable and confidential information across the Internet (e.g., electronic mails, documents and forms, file transfers, secure web transactions, telephony, etc). Security technologies, such as digital signatures, enable the development of electronic services for verification and integrity protection._x000D_The CESeCore project aims to produce an open source security core product by establishing a new security architecture. This architecture implies gathering all security functions into a security core and the isolation of all security functions and Common Criteria (CC) EAL-certifiable parts of the application into relatively static modules. These core modules would rarely change therefore, do not require re-certification whenever there is a change in the embedding applications. Functionalities existing around this security core will be able to use the CC EAL certified security services offered. These embedding applications will easily incorporate new functionality and bug fixes without requiring re-certification of the CC EAL. The security core architecture will primarily apply to security related software products, but will not be limited to such usage._x000D_The software applications which require security in the context that they are used will also be able to make use the security functions of the certified security core. These security functions will include digital signature creation, integrity protection and verification of the operational logs and validation of signed data received from an external source by the software. _x000D_An essential part of the project consists of Common Criteria evaluation of the Security Core. CC is an internationally recognized security evaluation and certification scheme. The benefits of acquiring such a certification are numerous. These are listed below as follows:_x000D_1. The CC is an International Standard. Successful CC evaluations are recognized worldwide. There are currently 25 countries that have signed the mutual recognition agreement (CCRA – Common Criteria Recognition Agreement) – COly EU countries and the United States. Additional countries are invited to sign the CCRA as the participation with Common Criteria increases. It is also accepted worldwide in countries outside the CCRA._x000D_2. Consumers are aware that certified products have received an independent third party endorsement of the security functionality by having been subject to a rigorous evaluation._x000D_3. CC evaluations are conducted in comparatively less time than TCSEC evaluations. The developer is able to provide an evaluated version of the product that better suits its release cycle._x000D_4. A successful CC evaluation will ease entry and acceptability in specialized markets such as US government and private industries._x000D_5. The evaluation process will help to refine and improve the product’s security functionality._x000D_6. Evaluation of the product demonstrates the Developer’s commitment to security. The Developer’s claims are verified by an independent party._x000D_ The project consortium consists of highly reputable PKI and security companies operating both in the EU and over the world. The companies of the consortium have a vast experience in the electronic security field and they are core technology developers and services providers. PrimeKey Solutions, based in Sweden, is a security software development company specialized on PKI and related components software. PrimeKey provides it services to EU countries, US and other parts of the world. E-imza, based in Turkey, is a software development company which COly serves strategic government agencies with their state of the art security software COly on voice recognition and processing area. MULTICERT, based in Portugal, is a digital security services company, operating PKI trust centers, providing security services to government agencies and private sector companies and offering a wide range of solutions such as Electronic Passports, eID, two-factor authentication, e-invoicing, e-voting and digital notary. CommFides (based in Norway) is an eID services company which operates a trust center and produces qualified electronic certificates as well as secure web server certificates (SSL) to public. Detailed information for each participant is available in the Ps section. _x000D_For more information regarding Overview of the Project please visit http://ccsecore.eu_x000D_

Acronym CESECORE (Reference Number: 4759)
Duration 02/03/2009 - 01/03/2012
Project Topic This project aims to develop an open source Security Core product that will secure a wide range of applications/services. The core will be certified against Common Criteria EAL 4+ and handle all security aspects, allowing certification to be easily extended to products and services using it.
Network Eurostars
Call Eurostars Cut-Off 2

Project partner

Number Name Role Country
4 E-IMZA Bilisim Iletisim Bilgi Güvenligi Hizmetleri Partner Turkey
4 PRIMEKEY Solutions AB Coordinator Sweden
4 COMMFIDES NORGE AS Partner Norway
4 MULTICERT - Serviços de Certificação Electrónica S.A. Partner Portugal