Posted by jonathank
(188.8.131.52) on October 06, 2009 at 12:39:13:
This question is directed to the Zeit team:
Has there been any independent third-party cryptographic analysis down against the Zeit cyrptocards by an ISO 17025 evaluator or some other well respected third party? For example, NIST FIPS 140-2 level 2, Common Criteria EAL4, or ITSEC? I'm especially interested in the ZC6.5 and ZC7.5 processors.
Failing that, are there large financial institutions that are using the ZC6.5 and ZC7.5?
I realize that NIST or Common Criteria certificate does not guarantee a product is secure (just look at Microsoft Windows XP and its EAL4+ rating), but to use the card in a production environment it is necessary to complete some level of due diligence. Since most agencies and companies lack the resources and skills to perform their own cryptanalysis of new devices, I need to rely upon the integrity of third parties.