ImageVerifierCode 换一换
格式:PDF , 页数:84 ,大小:1.65MB ,
资源ID:574429      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-574429.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(BS EN 419251-3-2013 Security requirements for device for authentication Additional functionality for security targets《身份验证装置的安全要求 为实现安全目标的补充功能》.pdf)为本站会员(brainfellow396)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

BS EN 419251-3-2013 Security requirements for device for authentication Additional functionality for security targets《身份验证装置的安全要求 为实现安全目标的补充功能》.pdf

1、raising standards worldwideNO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAWBSI Standards PublicationBS EN 419251-3:2013Security requirements for device for authenticationPart 3: Additional functionality for security targetsBS EN 419251-3:2013 BRITISH STANDARDNational forewordTh

2、is British Standard is the UK implementation of EN 419251-3:2013. The UK participation in its preparation was entrusted to T e c h n i c a l Committee IST/17, Cards and personal identification.A list of organizations represented on this committee can be obtained on request to its secretary.This publ

3、ication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. The British Standards Institution 2013. Published by BSI Standards Limited 2013.ISBN 978 0 580 74078 7 ICS 35.240.15 Compliance with a British Standard cannot confer imm

4、unityfrom legal obligations.This British Standard was published under the authority of the Standards Policy and Strategy Committee on 30 April 2013.Amendments issued since publicationDate T e x t a f f e c t e dBS EN 419251-3:2013EUROPEAN STANDARD NORME EUROPENNE EUROPISCHE NORM EN 419251-3 March 20

5、13 ICS 35.240.15 English Version Security requirements for device for authentication - Part 3: Additional functionality for security targets Profils de protection pour dispositif dauthentification - Partie 3: Fonctionnalits additionnelles Sicherheitsanforderungen fr Gerte zur Authentisierung - Teil

6、3: Zustzliche Funktionalitten fr Sicherheitsziele This European Standard was approved by CEN on 7 December 2012. CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any al

7、teration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN member. This European Standard exists in three official versions (English, French, German). A version in any other language m

8、ade by translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management Centre has the same status as the official versions. CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Est

9、onia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE FOR STA

10、NDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG Management Centre: Avenue Marnix 17, B-1000 Brussels 2013 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. EN 419251-3:2013: EBS EN 419251-3:2013EN 419251-3:201

11、3 (E) 2 Contents Page Foreword . 5 1 Scope 6 2 Normative references . 6 3 Conformance 6 3.1 CC Conformance Claim . 6 3.2 PP Claim . 6 3.3 Package Claim 6 3.4 Conformance Rationale . 6 3.5 Conformance Statement 7 4 Terms and definitions 7 5 Symbols and abbreviations . 9 6 Overview of the target of ev

12、aluation . 9 6.1 TOE Type 9 6.2 TOE Usage 9 6.3 Security Features of the TOE . 10 6.4 Required non-TOE Hardware and Software 10 6.5 Protection Profile Usage 10 6.6 Groups 10 6.6.1 General . 10 6.6.2 Main groups 10 6.6.3 Environment groups 11 6.7 Configurations 13 6.7.1 General . 13 6.7.2 Rules . 13

13、6.7.3 Possible Configurations 14 6.8 TOE Environment . 15 6.8.1 Overall view 15 6.8.2 Personalisation application . 16 6.8.3 Administration application 17 6.8.4 Authentication application . 18 6.8.5 Verifier 19 6.8.6 Key Generator 19 6.8.7 Certification Authority 20 6.8.8 Examples of applications. 2

14、0 6.9 Life Cycle 22 6.9.1 Overview . 22 6.9.2 Pre-Personalisation phase . 23 6.9.3 Personalisation phase . 23 6.9.4 Usage phase . 24 7 Security problem definition . 26 7.1 Assets . 26 7.1.1 General . 26 7.1.2 Core group 26 7.1.3 KeyGen group 26 7.1.4 Admin group . 27 7.2 Users . 27 7.2.1 Core group

15、27 7.2.2 KeyImp group . 28 BS EN 419251-3:2013EN 419251-3:2013 (E) 3 7.2.3 KeyGen group 28 7.2.4 Admin group . 28 7.3 Threats 28 7.3.1 General . 28 7.3.2 Core group 29 7.3.3 KeyGen group 30 7.3.4 Admin group . 30 7.4 Organisational security policies 30 7.4.1 Core group 30 7.4.2 KeyGen group 31 7.4.3

16、 Admin group . 31 7.5 Assumptions 31 7.5.1 Core group 31 7.5.2 KeyGen group 32 7.5.3 Admin group . 32 8 Security objectives . 32 8.1 General Transfer of sensitive data . 32 8.2 Security objectives for the TOE . 33 8.2.1 Core group 33 8.2.2 KeyImp group . 34 8.2.3 KeyGen group 34 8.2.4 Admin group .

17、34 8.2.5 Untrusted PersoAppli . 35 8.2.6 Untrusted AuthAppli 35 8.2.7 Untrusted Verifier . 35 8.2.8 Untrusted CA 35 8.2.9 Untrusted AdminAppli 35 8.3 Security objectives for the operational environment 36 8.3.1 Core group 36 8.3.2 KeyImp group . 36 8.3.3 Admin group . 37 8.3.4 Trusted PersoAppli 37

18、8.3.5 Trusted AuthAppli 37 8.3.6 Trusted Verifier . 37 8.3.7 Trusted CA 37 8.3.8 Trusted AdminAppli . 37 8.4 Rationale for Security objectives . 38 9 Extended component definition Definition of the Family FCS_RNG . 43 10 Security requirements 43 10.1 General . 43 10.2 Introduction 44 10.2.1 Subjects

19、 Objects and security attributes 44 10.2.2 Operations 45 10.3 Security functional requirements 46 10.3.1 General . 46 10.3.2 Core group 47 10.3.3 KeyImp group . 55 10.3.4 KeyGen group 58 10.3.5 Admin group . 61 10.3.6 Untrusted PersoAppli . 65 10.3.7 Untrusted AuthAppli 66 10.3.8 Untrusted Verifier

20、. 66 10.3.9 Untrusted CA 67 10.3.10 Untrusted AdminAppli 68 10.4 Security assurance requirements 68 10.5 SFR / Security objectives . 69 10.6 SFR Dependencies . 74 10.7 Rationale for the Assurance Requirements 76 BS EN 419251-3:2013EN 419251-3:2013 (E) 4 Bibliography 78 Index 79 Figures Figure 1 TOE

21、Security Features . 15 Figure 2 Personalisation application environment . 16 Figure 3 Administration application environment . 17 Figure 4 Authentication application environment . 18 Figure 5 TOE Life Cycle . 22 Tables Table 1 Basic configurations . 14 Table 2 IdTrusted configurations 14 Table 3 Pro

22、tection of sensitive data 33 Table 4 Security objectives vs problem definition rationale 38 Table 5 Security attributes 45 Table 6 Core security attributes 50 Table 7 Core operations . 50 Table 8 Core security attributes Operation . 51 Table 9 Core security attributes - initial value 52 Table 10 Cor

23、e security attributes Updates . 53 Table 11 TSF data updates . 53 Table 12 KeyImp security attributes 55 Table 13 KeyImp security attributes - operations . 56 Table 14 KeyImp security attributes update authorised roles 57 Table 15 KeyImp security attributes update values 58 Table 16 KeyGen operation

24、s 59 Table 17 KeyGen security attributes . 59 Table 18 KeyGen operation rules . 60 Table 19 KeyGen security attributes update authorised roles . 60 Table 20 KeyGen security attributes initial values 61 Table 21 KeyGen security attributes update values 61 Table 22 Admin security attributes update aut

25、horised roles 64 Table 23 Admin security attributes initial values . 64 Table 24 Admin security attributes update values 64 Table 25 Admin TSF data operations . 65 Table 26 SFR vs Security objectives retionale 69 Table 27 SFR dependencies 74 BS EN 419251-3:2013EN 419251-3:2013 (E) 5 Foreword This do

26、cument (EN 419251-3:2013) has been prepared by Technical Committee CEN/TC 224 “Personal identification, electronic signature and cards and their related systems and operations”, the secretariat of which is held by AFNOR. This European Standard shall be given the status of a national standard, either

27、 by publication of an identical text or by endorsement, at the latest by September 2013, and conflicting national standards shall be withdrawn at the latest by September 2013. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN an

28、d/or CENELEC shall not be held responsible for identifying any or all such patent rights. EN 419251 contains the following parts: EN 419251-1, Security requirements for device for authentication Part 1: Protection profile for core functionality; EN 419251-2, Security requirements for device for auth

29、entication Part 2: Protection profile for extension for trusted channel to certificate generation application; EN 419251-3, Security requirements for device for authentication Part 3: Additional functionality for security targets (the present document). The present document was submitted to the Enqu

30、iry under the reference prEN 16248-3. According to the CEN/CENELEC Internal Regulations, the national standards organisations of the following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugos

31、lav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. BS EN 419251-3:2013EN 419251-3:2013 (E) 6 1 Scope

32、 This European Standard contains packages that define security requirements for an authentication device. This document is Part 3. Part 1 and Part 2 are Protections Profiles PP based on the packages defined in this document. Packages contained in this document can be added in a Security Target ST- c

33、laiming PP of Part 1 or Part 2. 2 Normative references The following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenc

34、ed document (including any amendments) applies. ISO/IEC 10181-2:1996, Information technology Open Systems Interconnection Security frameworks for open systems: Authentication framework ISO/IEC 15408-1:20091), Information technology Security techniques Evaluation criteria for IT security Part 1: Intr

35、oduction and general model ISO/IEC 15408-21), Information technology Security techniques Evaluation criteria for IT security Part 2: Security functional components ISO/IEC 15408-31), Information technology Security techniques Evaluation criteria for IT security Part 3: Security assurance components

36、ISO/IEC 18045, Information technology Security techniques Methodology for IT security evaluation 3 Conformance 3.1 CC Conformance Claim These packages are CC Part 2 extended and CC Part 3 conformant and written according to ISO/IEC 15408-1, -2, -3 and ISO/IEC 18045. 3.2 PP Claim These packages do no

37、t claim conformance to any other Protection Profile. 3.3 Package Claim The evaluation assurance level for these packages is EAL4-augmented with the assurance components AVA_VAN.5 and ALC_DVS.2. 3.4 Conformance Rationale Since these packages do not claim conformance to any other protection profile, n

38、o rationale is necessary here. 1) ISO/IEC 15408-1, -2 and -3 respectively correspond to Common Criteria for Information Technology Security Evaluation, Parts 1, 2 and 3. BS EN 419251-3:2013EN 419251-3:2013 (E) 7 3.5 Conformance Statement The conformance required by these packages is the demonstrable

39、-PP conformance. This would facilitate conformance claim to both the PP “Authentication device” and other PPs for Security Target (ST) authors. 4 Terms and definitions For the purposes of this document, the following terms and definitions apply. 4.1 Administrator person who is allowed administration

40、 operations on the authentication device Note 1 to entry: See 7.2 for more details. 4.2 Authentication Protocol sensitive data data used in the process of authentication of the TOE by the external entity Note 1 to entry: These data are linked to the Authentication private key, e.g. Authentication Ce

41、rtificate or APuK. Note 2 to entry: Authentication Protocol sensitive data may be empty if the environment is trusted, and the holder public key known to the system. 4.3 Certificate attestation, which links the APuK to a person and confirms the identity of that person (as defined in the Directive 8,

42、 article 2, Clause 9) 4.4 Certificate Info information associated with an Authentication key pair that consists either: a signers public key certificate; or one or more hash values of a signers public key certificate together the identifier of the hash function used to compute these hash values, and

43、 some information which allows the signer to disambiguate between several signers certificates 4.5 Configuration set of groups Note 1 to entry: Each configuration corresponds to one PP. It has its own rationale. See the rest of the document. 4.6 Group set Assets, threats, objectives, and Requirement

44、s, addressing a specific function Note 1 to entry: See the rest of the document. 4.7 Holder legitimate holder of the authentication device Note 1 to entry: See 7.2 for more details. BS EN 419251-3:2013EN 419251-3:2013 (E) 8 4.8 Issuer user of the authentication device during personalisation Note 1 t

45、o entry: See 7.2 for more details. 4.9 Protection Profile PP implementation-independent statement of security needs for a TOE SOURCE: ISO/IEC 15408-1:2009, Clause 4 “Terms and definitions“, modified in ISO/IEC 15408-1, the protection profile refers to a TOE type instead of a TOE in this document 4.1

46、0 PP collection document defining groups and configurations 4.11 Reference Authentication Data usually called RAD, data stored inside the TOE and used as a reference to which the VAD will be compared Note 1 to entry: This RAD can be biometrics data, a PIN, or a symmetric key. It can also be a combin

47、ation of these factors. The RAD is not an Asset, it is TSF data. 4.12 Trusted channel means by which a TSF and a remote trusted IT product can communicate with necessary confidence SOURCE: ISO/IEC 15408-1:2009, Clause 4 “Terms and definitions“ 4.13 Trusted Environment environment that ensures the pr

48、otection of sensitive data transfers between the TOE and a remote trusted IT product (resp. a user) Note 1 to entry: A trusted (or untrusted) environment relates to the whole communication channel between the TOE and the remote trusted IT product (resp. the user). 4.14 Untrusted Environment environm

49、ent that does not ensure the protection of sensitive data transfers between the TOE and a remote trusted IT product (resp. a user) Note 1 to entry: This protection should be ensured by the TOE with a Trusted Channel (resp. a Trusted Path). An untrusted (or trusted) environment relates to the whole communication channel between the TOE and the remote trusted IT product (resp. the user). 4.15 User current User of the TOE Note 1 to

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1