ImageVerifierCode 换一换
格式:PDF , 页数:30 ,大小:1.07MB ,
资源ID:716521      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-716521.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(EN 419211-4-2013 en Protection profiles for secure signature creation device - Part 4 Extension for device with key generation and trusted channel to certificate generation applica.pdf)为本站会员(boatfragile160)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

EN 419211-4-2013 en Protection profiles for secure signature creation device - Part 4 Extension for device with key generation and trusted channel to certificate generation applica.pdf

1、BSI Standards PublicationBS EN 419211-4:2013Protection profiles for securesignature creation devicePart 4: Extension for device with keygeneration and trusted channel tocertificate generation applicationBS EN 419211-4:2013 BRITISH STANDARDNational forewordThis British Standard is the UK implementati

2、on of EN 419211-4:2013.The UK participation in its preparation was entrusted to TechnicalCommittee IST/17, Cards and personal identification.A list of organizations represented on this committee can beobtained on request to its secretary.This publication does not purport to include all the necessary

3、provisions of a contract. Users are responsible for its correctapplication. The British Standards Institution 2013. Published by BSI StandardsLimited 2013ISBN 978 0 580 71698 0ICS 03.160; 35.040; 35.240.15Compliance with a British Standard cannot confer immunity fromlegal obligations.This British St

4、andard was published under the authority of theStandards Policy and Strategy Committee on 31 December 2013.Amendments issued since publicationDate Text affectedBS EN 419211-4:2013EUROPEAN STANDARD NORME EUROPENNE EUROPISCHE NORM EN 419211-4 November 2013 ICS 03.160; 35.040; 35.240.15 Supersedes CWA

5、14169:2004English Version Protection profiles for secure signature creation device - Part 4: Extension for device with key generation and trusted channel to certificate generation application Profils de protection pour dispositif scuris de cration de signature lectronique - Partie 4: Extension pour

6、un dispositif avec gnration de cl et communication scurise avec lapplication de gnration de certificats Schutzprofile fr sichere Signaturerstellungseinheiten - Teil 4: Erweiterung fr Einheiten mit Schlsselerzeugung und vertrauenswrdigem Kanal zur Zertifikaterzeugungsanwendung This European Standard

7、was approved by CEN on 12 October 2013. CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such

8、 national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN member. This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CEN member into its own

9、language and notified to the CEN-CENELEC Management Centre has the same status as the official versions. CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Gr

10、eece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUN

11、G CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels 2013 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. EN 419211-4:2013 EBS EN 419211-4:2013EN 419211-4:2013 (E) 2 Contents Page Foreword 3 Introduction . 4 1 Scope 5 2

12、Normative references 5 3 Conventions and terminology 5 3.1 Conventions . 5 3.2 Terms and definitions 5 4 PP introduction 5 4.1 PP reference . 5 4.2 PP overview 6 4.3 TOE overview . 6 5 Conformance claims 9 5.1 CC conformance claim 9 5.2 PP claim, Package claim . 9 5.3 Conformance rationale 9 5.4 Con

13、formance statement 10 6 Security problem definition 10 6.1 Assets, users and threat agents . 10 6.2 Threats 10 6.3 Organizational security policies . 11 6.4 Assumptions 11 7 Security objectives 11 7.1 Security objectives for the TOE 11 7.2 Security objectives for the operational environment . 11 7.3

14、 Security objectives rationale 12 8 Extended components definition . 15 8.1 Definition of the family FPT_EMS . 15 8.2 Definition of the family FIA_API . 15 9 Security requirements . 16 9.1 Security functional requirements . 16 9.2 Security assurance requirements 18 9.3 Security requirements rational

15、e . 19 Bibliography 25 BS EN 419211-4:2013EN 419211-4:2013 (E) 3 Foreword This document (EN 419211-4:2013) has been prepared by Technical Committee CEN/TC 224 “Personal identification, electronic signature and cards and their related systems and operations”, the secretariat of which is held by AFNOR

16、. This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by May 2014 and conflicting national standards shall be withdrawn at the latest by May 2014. Attention is drawn to the possibility that some of the e

17、lements of this document may be the subject of patent rights. CEN and/or CENELEC shall not be held responsible for identifying any or all such patent rights. This document supersedes CWA 14169:2004. This series of European Standards, Protection profiles for secure signature creation device consists

18、of the following parts: Part 1: Overview Part 2: Device with key generation Part 3: Device with key import Part 4: Extension for device with key generation and trusted channel to certificate generation application Part 5: Extension for device with key generation and trusted channel to signature crea

19、tion application Part 6: Extension for device with key import and trusted channel to signature creation application According to the CEN-CENELEC Internal Regulations, the national standards organizations of the following countries are bound to implement this European Standard: Austria, Belgium, Bulg

20、aria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Tu

21、rkey and the United Kingdom. BS EN 419211-4:2013EN 419211-4:2013 (E) 4 Introduction This series of European Standards specifies Common Criteria protection profiles for secure signature creation devices and is issued by the European Committee for Standardization, Information Society Standardization S

22、ystem (CEN/ISSS) as update of the Electronic Signatures (E-SIGN) CEN/ISSS workshop agreement (CWA) 14169:2004, Annex B and Annex C on the protection profile secure signature creation devices, “EAL 4+”. Preparation of this document as a protection profile (PP) follows the rules of the Common Criteria

23、 version 3.1 2, 3 and 4. BS EN 419211-4:2013EN 419211-4:2013 (E) 5 1 Scope This European Standard specifies a protection profile for a secure signature creation device that may generate signing keys internally and export the public key in protected manner: secure signature creation device with key g

24、eneration and trusted communication with certificate generation application (SSCD KG TCCGA). 2 Normative references The following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applie

25、s. For undated references, the latest edition of the referenced document (including any amendments) applies. prEN 419211-1:2011, Protection profiles for secure signature creation device Part 1: Overview1)3 Conventions and terminology 3.1 Conventions This document is drafted in accordance with the CE

26、N/CENELEC Internal Regulations Part 3 and content and structure of this document follow the rules and conventions laid out in Common Criteria 3.1. Normative aspects of content in this European Standard are specified according to the Common Criteria rules and not specifically identified by the verbs

27、“shall” or “must”. 3.2 Terms and definitions For the purposes of this document, the acronyms, terms and definitions given in prEN 419211-1:2011 apply. 4 PP introduction 4.1 PP reference Title: Protection profiles for secure signature creation device Part 4: Extension for device with key generation a

28、nd trusted communication with certificate generation application Version: 1.0.1 Author: CEN/TC 224 (WG17) Publication date: 2013-11-27 Registration: BSI-CC-PP-0071 CC version: 3.1 Revision 4 Editor: Arnold Abromeit, TV Informationstechnik GmbH General status: final Keywords: secure signature creatio

29、n device, electronic signature, digital signature, key generation, trusted communication with certificate generation application 1) To be published. This document was submitted to the Enquiry procedure under reference prEN 14169-1. BS EN 419211-4:2013EN 419211-4:2013 (E) 6 4.2 PP overview This Prote

30、ction Profile is established by CEN as a European Standard for products to create electronic signatures. It fulfils requirements of Directive2)1999/93/EC of the European parliament and of the council of 13 December 1999 on a community framework for electronic signatures. In accordance with Article 9

31、 of this European Directive this standard can be indicated by the European Commission in the Official Journal of the European Communities as generally recognized standard for electronic signature products. This protection profile defines security functional requirements and security assurance requir

32、ements that comply with those defined in Annex III of the Directive for a secure signature creation device (SSCD). This secure signature creation device is the target of evaluation (TOE) for this protection profile. European Union Member States may presume that there is compliance with the requireme

33、nts laid down in Annex III of the Directive when an electronic signature product is evaluated to a Security Target (ST) that is compliant with this Protection Profile (PP). This Protection Profile about secure signature creation device with key generation and trusted communication with certificate g

34、eneration application (PP SSCD KG TCCGA) defines the security requirements for SSCD generating signature creation data (SCD) and creating advanced electronic signatures, which if based on valid qualified certificates are qualified electronic signatures, as described in the core PP SSCD KG 6. Additio

35、nally the TOE of this PP supports its authentication as SSCD by the certificate generation application (CGA) of the Certification service provider (CSP) and a trusted communication with this CGA for protection of signature verification data (SVD) generated and exported by the TOE and imported by CGA

36、. These security features allow a changed lifecycle of the TOE. This PP conforms to the core PP SSCD KG 6. The implication of this conformance claim is explained in 0 hereinafter. The assurance level for this PP is EAL4 augmented with AVA_VAN.5. 4.3 TOE overview 4.3.1 Operation of the TOE This subcl

37、ause presents a functional overview of the TOE in its distinct operational environments: The preparation environment, where it interacts with a certification service provider through a certificate generation application (CGA) to obtain a certificate for the signature validation data (SVD) correspond

38、ing with the signature creation data (SCD) the TOE has generated. The TOE exports the SVD through a trusted channel allowing the CGA to check the authenticity of the SVD. The initialization environment interacts further with the TOE to personalize it with the initial value of the reference authentic

39、ation data (RAD). The signing environment where it interacts with a signer through a signature creation application (SCA) to sign data after authenticating the signer as its signatory. The signature creation application provides the data to be signed or a unique representation thereof (DTBS/R) as in

40、put to the TOE signature creation function and obtains the resulting electronic signature3). 2) This European Directive is referred to in this PP as “the Directive”. 3) At a pure functional level the SSCD creates an electronic signature; for an implementation of the SSCD, in that meeting the require

41、ments of this PP and with the key certificate generated as specified in the directive, Annex I, the result of the signing process can be used as to create a qualified electronic signature. BS EN 419211-4:2013EN 419211-4:2013 (E) 7 The management environments where it interacts with the user or an SS

42、CD-provisioning service provider to perform management operations, e.g. for the signatory to reset a blocked RAD. A single device, e.g. a smart card terminal, may provide the required secure environment for management and signing. The signing environment, the management environment and the preparati

43、on environment are secure and protect data exchanged with the TOE. Figure 4 in prEN 419211-1:2011 illustrates the operational environment. The TOE stores signature creation data and reference authentication data. The TOE may store multiple instances of SCD. In this case the TOE provides a function t

44、o identify each SCD and the signature creation application (SCA) can provide an interface to the signer to select an SCD for use in the signature creation function of the SSCD. The TOE protects the confidentiality and integrity of the SCD and restricts its use in signature creation to its signatory.

45、 The electronic signature created with the TOE is a qualified electronic signature as defined in the Directive if the certificate for the SVD is a qualified certificate (Annex I). Determining the state of the certificate as qualified is beyond the scope of this standard. The SCA is assumed to protec

46、t the integrity of the input it provides to the TOE signature creation function as being consistent with the user data authorized for signing by the signatory. Unless implicitly known to the TOE, the SCA indicates the kind of the signing input (as DTBS/R) it provides and computes any hash values req

47、uired. The TOE may augment the DTBS/R with signature parameters it stores and then computes a hash value over the input as needed by the kind of input and the used cryptographic algorithm. The TOE stores signatory reference authentication data to authenticate a user as its signatory. The RAD is a pa

48、ssword e.g. PIN, a biometric template or a combination of these. The TOE protects the confidentiality and integrity of the RAD. The TOE may provide a user interface to directly receive verification authentication data (VAD) from the user, alternatively, the TOE receive the VAD from the signature cre

49、ation application. If the signature creation application handles, is requesting or obtaining a VAD from the user, it is assumed to protect the confidentiality and integrity of this data. A certification service provider and a SSCD-provisioning service provider interact with the TOE in the secure preparation environment to perform any preparation function of the TOE required before control of the TOE is given to the legitimate user. These functions may include: initializing the RAD; generating a key pair; storing personal informa

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1