ImageVerifierCode 换一换
格式:PDF , 页数:44 ,大小:1.06MB ,
资源ID:674677      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-674677.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(DIN EN 419211-2-2013 Protection profiles for secure signature creation device - Part 2 Device with key generation German version EN 419211-2 2013《安全签名创造设备的保护 第2部分 带密钥生成的设备 德文版本EN 4.pdf)为本站会员(deputyduring120)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

DIN EN 419211-2-2013 Protection profiles for secure signature creation device - Part 2 Device with key generation German version EN 419211-2 2013《安全签名创造设备的保护 第2部分 带密钥生成的设备 德文版本EN 4.pdf

1、December 2013 Translation by DIN-Sprachendienst.English price group 18No part of this translation may be reproduced without prior permission ofDIN Deutsches Institut fr Normung e. V., Berlin. Beuth Verlag GmbH, 10772 Berlin, Germany,has the exclusive right of sale for German Standards (DIN-Normen).I

2、CS 03.160; 35.040; 35.240.15!%*z9“2078722www.din.deDDIN EN 419211-2Protection profiles for secure signature creation device Part 2: Device with key generation;English version EN 419211-2:2013,English translation of DIN EN 419211-2:2013-12Schutzprofile fr sichere Signaturerstellungseinheiten Teil 2:

3、Einheiten mit Schlsselerzeugung;Englische Fassung EN 419211-2:2013,Englische bersetzung von DIN EN 419211-2:2013-12Profils de protection des dispositifs scuriss de cration de signature Partie 2: Dispositif avec gnration de cl;Version anglaise EN 419211-2:2013,Traduction anglaise de DIN EN 419211-2:2

4、013-12www.beuth.deDocument comprises 44 pagesIn case of doubt, the German-language original shall be considered authoritative.12.13DIN EN 419211-2:2013-12 2 A comma is used as the decimal marker. National foreword This document (EN 419211-2:2013) has been prepared by Technical Committee CEN/TC 224 “

5、Personal identification, electronic signature and cards and their related systems and operations” (Secretariat: AFNOR, France). The responsible German body involved in its preparation was the Normenausschuss Informationstechnik und Anwendungen (Information Technology and selected IT Applications Sta

6、ndards Committee), Working Committee NA 043-01-17-04 UA Austauschprotokolle bei Chip-Karten. EUROPEAN STANDARD NORME EUROPENNE EUROPISCHE NORM EN 419211-2 July 2013 ICS 03.160; 35.040; 35.240.15 Supersedes CWA 14169:2004English Version Protection profiles for secure signature creation device - Part

7、2: Device with key generation Profils de protection des dispositifs scuriss de cration de signature - Partie 2: Dispositif avec gnration de cl Schutzprofile fr sichere Signaturerstellungseinheiten - Teil2: Einheiten mit Schlsselerzeugung This European Standard was approved by CEN on 8 May 2013. CEN

8、members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on appli

9、cation to the CEN-CENELEC Management Centre or to any CEN member. This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Man

10、agement Centre has the same status as the official versions. CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latv

11、ia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG Management Centre: Avenue Marnix 17, B-100

12、0 Brussels 2013 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. EN 419211-2:2013: EEN 419211-2:2013 (E) 2 Contents Page Foreword 3 1 Scope 4 2 Normative references 4 3 Conventions and terminology 4 4 PP introduction 4 5 Conformance cl

13、aims 11 6 Security problem definition . 11 7 Security objectives . 13 8 Extended components definition 20 9 Security requirements 21 Bibliography . 42 DIN EN 419211-2:2013-12 EN 419211-2:2013 (E) 3 Foreword This document (EN 419211-2:2013) has been prepared by Technical Committee CEN/TC 224 “Persona

14、l identification, electronic signature and cards and their related systems and operations”, the secretariat of which is held by AFNOR. This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by January 2014,

15、 and conflicting national standards shall be withdrawn at the latest by January 2014. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN and/or CENELEC shall not be held responsible for identifying any or all such patent rights.

16、This document supersedes CWA 14169:2004. This document was submitted to the Enquiry procedure under reference prEN 14169-2. The EN 419211 series consists of the following parts: Part 1: Overview Part 2: Device with key generation Part 3: Device with key import Part 4: Extension for device with key g

17、eneration and trusted channel to certificate generation application Part 5: Extension for device with key generation and trusted channel to signature creation application Part 6: Extension for device with key import and trusted channel to signature creation application Preparation of this document a

18、s a protection profile (PP) follows the rules of ISO/IEC 15408-1. Correspondence and comments regarding this protection profile about secure signature creation device with key generation (PP SSCD KG) can be referred to the CEN/TC 224 Secretary. According to the CEN-CENELEC Internal Regulations, the

19、national standards organisations of the following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia,

20、 Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. DIN EN 419211-2:2013-12 EN 419211-2:2013 (E) 4 1 Scope This European Standard specifies a protection profile for a secure signature creation d

21、evice that may generate signing keys internally: secure signature creation device with key generation (SSCD KG). 2 Normative references The following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the

22、edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. prEN 419211-1, Protection profiles for secure signature creation device Part 1: Overview1)ISO/IEC 15408-1:20092)Information technology Security techniques Evaluation crite

23、ria for IT security Part 1: Introduction and general model ISO/IEC 15408-22), Information technology Security techniques Evaluation criteria for IT security Part 2: Security functional components ISO/IEC 15408-32), Information technology Security techniques Evaluation criteria for IT security Part 3

24、: Security assurance components 3 Conventions and terminology 3.1 Conventions The content and structure of this document follow the rules and conventions laid out in ISO/IEC 15408-1. Normative aspects of content in this European Standard are specified according to the Common Criteria rules and not s

25、pecifically identified by “shall”. 3.2 Terms and definitions For the purposes of this document, the acronyms, terms and definitions given in prEN 419211-1 apply. 4 PP introduction 4.1 PP reference Title: Protection profiles for secure signature creation device Part 2: Device with key generation Vers

26、ion: 2.0.1. Author: CEN (TC224/WG17) Publication date: 2013 Registration: BSI-CC-PP-0059-2009-MA-01 CC version: 3.1 Revision 3 1) To be published. This document was submitted to the Enquiry procedure under reference prEN 14169-1. 2) ISO/IEC 15408-1, -2 and -3 respectively correspond to Common Criter

27、ia for Information Technology Security Evaluation, Parts 1, 2 and 3. DIN EN 419211-2:2013-12 EN 419211-2:2013 (E) 5 Editor: Arnold Abromeit, TV Informationstechnik GmbH General status: final draft Keywords: secure signature creation device, electronic signature, digital signature 4.2 PP overview Thi

28、s Protection Profile is established by CEN as a European standard for products to create electronic signatures. It fulfils requirements of Directive 1999/93/EC3)of the European Parliament and of the Council of 13 December 1999 on a community framework for electronic signatures. In accordance with Ar

29、ticle 9 of this European Directive, this standard can be indicated by the European Commission in the Official Journal of the European Union as a generally recognised standard for electronic signature products. This protection profile defines security functional requirements and security assurance re

30、quirements that comply with those defined in Annex III of the directive for a secure signature creation device (SSCD). This secure signature creation device is the target of evaluation (TOE) for this protection profile. European Union Member States may presume that there is compliance with the requi

31、rements laid down in Annex III of the directive when an electronic signature product is evaluated to a Security Target (ST) that is compliant with this Protection Profile (PP). This Protection Profile describes core security requirements for a secure device that can generate a signing key4)(signatur

32、e creation data, SCD) and operates to create electronic signatures with the generated key. A device evaluated according to this protection profile and used in the specified environments can be trusted to create any type of digital signature. As such, this PP can be used for any device that has been

33、configured to create a digital signature. Specifically this PP allows the qualification of a product as a device for creating an advanced electronic signature as defined in the directive. After an SSCD has generated a signing key, the corresponding public key (signature verification data, SVD) has t

34、o be provided as input to a certificate generation application (CGA). Security requirements for export of the SVD are described in a protection profile that extends this PP (prEN 419211-4, Protection profiles for secure signature creation device Part 4: Extension for device with key generation and t

35、rusted channel to certificate generation application)5)and not in this document. When operated in a secure environment for signature creation a signer may use an SSCD that fulfils only these core security requirements to create an advanced electronic signature.6)Security requirements for an SSCD use

36、d in environments where the communication between SSCD and the signature creation application (SCA) is assumed to be protected by the SSCD and the SCA are described in a separate protection profile that extend this PP (prEN 419211-5, Protection profiles for secure signature creation device Part 5: E

37、xtension for device with key generation and trusted channel to signature creation application)7)and not in this document. These extended Protection Profiles claim conformance to this PP. 3) This European Directive is referred to in this PP as “the directive”. 4) An SSCD that can generate its own SCD

38、/SVD was defined in the previous version of this PP (CWA 14169) as a Type 3 SSCD. The notion of types does not exist anymore in this series of ENs. In order to refer to the same functionality, a reference to EN 419211-2 (i.e. Part 2) should be used. 5) This document was submitted to the Enquiry proc

39、edure under reference prEN 14169-4. 6) An advanced electronic signature is defined as an electronic signature created by an SSCD using a public key with a public key certificate created as specified in the directive. 7) This document was submitted to the Enquiry procedure under reference prEN 14169-

40、5. DIN EN 419211-2:2013-12 EN 419211-2:2013 (E) 6 The assurance level for this PP is EAL4 augmented with AVA_VAN.5. 4.3 TOE overview 4.3.1 Operation of the TOE This section presents a functional overview of the TOE in its distinct operational environments: The preparation environment, where it inter

41、acts with a certification service provider through a certificate generation application (CGA) to obtain a certificate for the signature validation data (SVD) corresponding with the SCD the TOE has generated. The initialisation environment interacts further with the TOE to personalise it with the ini

42、tial value of the reference authentication data (RAD). The signing environment where it interacts with a signer through a signature creation application (SCA) to sign data after authenticating the signer as its signatory. The signature creation application provides the data to be signed (DTBS), or a

43、 unique representation thereof (DTBS/R) as input to the TOE signature creation function and obtains the resulting digital signature8). The management environments where it interacts with the user or an SSCD-provisioning service provider to perform management operations, e.g. for the signatory to res

44、et a blocked RAD. A single device, e.g. a smart card terminal, may provide the required secure environment for management and signing. The signing environment, the management environment and the preparation environment are secure and protect data exchanged with the TOE. Figure 2 in Part 1 of this st

45、andard illustrates the operational environment. The TOE stores signature creation data and reference authentication data. The TOE may store multiple instances of SCD. In this case, the TOE provides a function to identify each SCD and the SCA can provide an interface to the signer to select an SCD fo

46、r use in the signature creation function of the SSCD. The TOE protects the confidentiality and integrity of the SCD and restricts its use in signature creation to its signatory. The digital signature created by the TOE may be used to create an advanced electronic signature as defined in Article 5.1

47、of the directive. Determining the state of the certificate as qualified is beyond the scope of this standard. The signature creation application is assumed to protect the integrity of the input it provides to the TOE signature creation function as being consistent with the user data authorised for s

48、igning by the signatory. Unless implicitly known to the TOE, the SCA indicates the kind of the signing input (as DTBS/R) it provides and computes any hash values required. The TOE may augment the DTBS/R with signature parameters it stores and then computes a hash value over the input as needed by th

49、e kind of input and the used cryptographic algorithm. The TOE stores signatory reference authentication data to authenticate a user as its signatory. The RAD is a password, e.g. PIN, a biometric template or a combination of these. The TOE protects the confidentiality and integrity of the RAD. The TOE may provide a user interface to directly receive verification authentication data (VAD) from the user; alternatively, the TOE receive the VAD from the signature creation application. If the signature creation applicatio

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1