1、PD CEN/TS 419221-1:2016 Protection Profiles for TSP cryptographic modules Part 1: Overview BSI Standards Publication WB11885_BSI_StandardCovs_2013_AW.indd 1 15/05/2013 15:06PD CEN/TS 419221-1:2016 PUBLISHED DOCUMENT National foreword This Published Document is the UK implementation of CEN/TS 419221-
2、1:2016. The UK participation in its preparation was entrusted to Technical Committee IST/17, Cards and personal identification. A list of organizations represented on this committee can be obtained on request to its secretary. This publication does not purport to include all the necessary provisions
3、 of a contract. Users are responsible for its correct application. The British Standards Institution 2016. Published by BSI Standards Limited 2016 ISBN 978 0 580 92182 7 ICS 35.040; 35.240.30 Compliance with a British Standard cannot confer immunity from legal obligations. This Published Document wa
4、s published under the authority of the Standards Policy and Strategy Committee on 31 July 2016. Amendments issued since publication Date Text affectedPD CEN/TS 419221-1:2016TECHNICAL SPECIFICATION SPCIFICATION TECHNIQUE TECHNISCHE SPEZIFIKATION CEN/TS 419221-1 July 2016 ICS 35.040; 35.240.30 Superse
5、des CWA 14167-1:2003 English Version Protection Profiles for TSP cryptographic modules - Part 1: Overview Profils de protection pour modules cryptographiques utiliss par les prestataires de services de confiance - Partie 1 : Vue densemble Schutzprofile fr kryptographische Module von vertrauenswrdige
6、n Dienstanbietern - Teil 1: berblick This Technical Specification (CEN/TS) was approved by CEN on 8 May 2016 for provisional application. The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to submit their comments, particul
7、arly on the question whether the CEN/TS can be converted into a European Standard. CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS available promptly at national level in an appropriate form. It is permissible to keep conflicting
8、national standards in force (in parallel to the CEN/TS) until the final decision about the possible conversion of the CEN/TS into an EN is reached. CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav
9、 Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE
10、NORMALISATION EUROPISCHES KOMITEE FR NORMUNG CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels 2016 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. CEN/TS 419221-1:2016 EPD CEN/TS 419221-1:2016 CEN/TS 419221-1:2016 (E)
11、2 Contents Page European foreword . 3 Introduction 4 1 Scope 5 2 Normative references 5 3 Terms and definitions . 5 4 Protection profiles specified in CEN/TS 419221 10 4.1 General . 10 4.2 CEN/TS 419221-2: Cryptographic module for CSP signing operations with backup 10 4.3 CEN/TS 419221-3: Cryptograp
12、hic module for CSP key generation services 10 4.4 CEN/TS 419221-4: Cryptographic module for CSP signing operations without backup 10 4.5 CEN/TS 419221-5: Cryptographic Module for Trust Services . 10 Bibliography . 12 PD CEN/TS 419221-1:2016 CEN/TS 419221-1:2016 (E) 3 European foreword This document
13、(CEN/TS 419221-1:2016) has been prepared by Technical Committee CEN/TC 224 “Personal identification and related personal devices with secure element, systems, operations and privacy in a multi sectorial environment”, the secretariat of which is held by AFNOR. This document supersedes CWA 14167-1:200
14、3. This document has been prepared under a mandate given to CEN by the European Commission and the European Free Trade Association. CEN/TS 419221, Protection Profiles for TSP cryptographic modules, is currently composed of the following parts: Part 1: Overview; Part 2: Cryptographic module for CSP s
15、igning operations with backup; Part 3: Cryptographic module for CSP key generation services; Part 4: Cryptographic module for CSP signing operations without backup. According to the CEN/CENELEC Internal Regulations, the national standards organisations of the following countries are bound to announc
16、e this Technical Specification: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Roman
17、ia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. PD CEN/TS 419221-1:2016 CEN/TS 419221-1:2016 (E) 4 Introduction This multi-part standard specifies protection profiles for trust service provider cryptographic modules, as per common criteria (ISO/IEC 15408 series). T
18、arget applications include signing by certification service providers, as specified in Directive 1999/93, as well as supporting cryptographic services for use by trust service providers. PD CEN/TS 419221-1:2016 CEN/TS 419221-1:2016 (E) 5 1 Scope This Technical Specification provides an overview of t
19、he protection profiles specified in other parts of CEN/TS 419221. 2 Normative references The following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references,
20、the latest edition of the referenced document (including any amendments) applies. CEN/TS 419241, Security Requirements for Trustworthy Systems Supporting Server Signing ISO/IEC 15408 (all parts) 1 , Information technology Security techniques Evaluation criteria for IT security 3 Terms and definition
21、s For the purposes of this document, the following terms and definitions apply. 3.1 administrator CSP user role that performs TOE initialization or other TOE administrative functions Note 1 to entry: These tasks are mapped to the Crypto-officer role of the TOE. 3.2 advanced electronic signature elec
22、tronic signature which meets the following requirements (defined in Directive 1999/93/EC 1, Article 2.2): a) it is uniquely linked to the signatory; b) it is capable of identifying the signatory; c) it is created using means that the signatory can maintain under his sole control, and d) it is linked
23、 to the data to which it relates in such a manner that any subsequent change of the data are detectable 3.3 authentication data information used to verify the claimed identity of a user 1The following are equivalent to the aforementioned ISO/IEC 15408 standards: Common Criteria for Information Techn
24、ology Security Evaluation, Part 1: Introduction and General Model; Version 3.1, Revision 3. CCMB-2009-07-001, July 2009; Common Criteria for Information Technology Security Evaluation, Part 2: Security Functional Components; Version 3.1, Revision 3. CCMB-2009-07-002, July 2009; Common Criteria for I
25、nformation Technology Security Evaluation, Part 3: Security Assurance Components; Version 3.1, Revision 3. CCMB-2009-07-003, July 2009. PD CEN/TS 419221-1:2016 CEN/TS 419221-1:2016 (E) 6 3.4 auditor user exporting the TOE audit data and reviewing the audit data with tools in the TOE environment 3.5
26、backup export of the CSP_SCD, the TSF data and the system data (backup data) sufficient to recreate the state of the TOE at the time the backup was created Note 1 to entry: Backup is the only function which is allowed to export CSP_SCD and only if backup package is implemented. 3.6 certificate elect
27、ronic attestation which links the SVD to a person and confirms the identity of that person (defined in Directive 1999/93/EC 1, Article 2.9) 3.7 certificate generation application CGA collection of application elements which requests the SVD from the device generating the SCD/SVD pair for generation
28、of the qualified certificate Note 1 to entry: The CGA stipulates the generation of a correspondent SCD/SVD pair, if the requested SVD has not been generated by the SCD/SVD generation device yet. The CGA verifies the authenticity of the SVD by means of (a) the SSCD proof of correspondence between SCD
29、 and SVD and (b) checking the sender and integrity of the received SVD. 3.8 certification-service-provider CSP entity or a legal or natural person who issues certificates or provides other services related to electronic signatures (defined in Directive 1999/93/EC 1, Article 2.11) Note 1 to entry: In
30、 common usage this is often referred to as Certification Authority (CA). A CSP is a type of TSP. 3.9 cryptographic module set of hardware, software and firmware used to generate the Subscriber-SCD/Subscriber-SVD pair and which represents the TOE 3.10 CSP signature creation data CSP_SCD SCD which is
31、used by the CSP, e.g. for the creation of advanced electronic signatures in qualified certificates or for signing certificate status information 3.11 CSP signature verification data CSP_SVD SVD which corresponds to the CSP_SCD and which is used to verify the advanced electronic signature in the qual
32、ified certificate or the certificate status information PD CEN/TS 419221-1:2016 CEN/TS 419221-1:2016 (E) 7 3.12 data to be signed DTBS complete electronic data to be signed, such as QC content data or certificate status information 3.13 data to be signed representation DTBS-representation data sent
33、to the TOE for signing which is: a) a hash-value of the DTBS or b) an intermediate hash-value of a first part of the DTBS and a remaining part of the DTBS or c) the DTBS itself Note 1 to entry: The client indicates to the TOE the case of DTBS-representation, unless implicitly indicated. The hash-val
34、ue in Case a) or the intermediate hash-value in Case b) is calculated by the client. The final hash-value in Case b) or the hash-value in Case c) is calculated by the TOE. 3.14 digital signature data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data u
35、nit to prove the source and integrity of that unit and protect against forgery e.g. by the recipient 3.15 Directive Directive 1999/93/EC of the European parliament and of the council of 13 December 1999 on a Community framework for electronic signatures 1, which is also referred to as the “Directive
36、” in the remainder of the PP 3.16 dual person control special form of access control of a task which requires at least two users with different identities to be authenticated and authorized to the defined roles at the time this task is to be performed 3.17 hardware security module HSM cryptographic
37、module used to generate the advanced signature in qualified certificates and which represents the TOE 3.18 list of approved algorithms and parameters approved cryptographic algorithms and parameters for secure signature-creation devices that needs to be in accordance with national guidance, and subj
38、ect to each Certification Body Note 1 to entry: Notwithstanding, recommendations for algorithms and parameters for secure electronic signatures are given in ETSI/TS 119 312 2. PD CEN/TS 419221-1:2016 CEN/TS 419221-1:2016 (E) 8 3.19 qualified certificate QC certificate which meets the requirements la
39、id down in Annex I of the Directive 1 and is provided by a CSP who fulfils the requirements laid down in Annex II of the Directive 1 (defined in the Directive 1, Article 2.10) 3.20 reference authentication data RAD data persistently stored by the TOE for verification of the authentication attempt as
40、 authorized user 3.21 restore import of the backup data to recreate the state of the TOE at the time the backup was created 3.22 secure signature-creation device SSCD configured software or hardware which is used to implement the SCD and which meets the requirements laid down in Annex III of the Dir
41、ective 1. (defined in the Directive 1, Articles 2.5 and 2.6) 3.23 side-channel illicit information flow in result of the physical behaviour of the technical implementation of the TOE Note 1 to entry: Side-channels are limited to interfaces not intended for data output like power consumption, timing
42、of any signals and radiation. Side-channels might be enforced by influencing the TOE behaviour from outside. 3.24 signature-creation data SCD unique data, such as codes or private cryptographic keys, which are used by the signatory to create an electronic signature (defined in the Directive 1, Artic
43、le 2.4) 3.25 signature-verification data SVD data, such as codes or public cryptographic keys, which are used for the purpose of verifying an electronic signature (defined in the Directive 1, Article 2.7) 3.26 split knowledge procedure for key import process by which a cryptographic key is split int
44、o multiple key components, individually sharing no knowledge of the original key, that can be subsequently input into, or output from, a cryptographic module by separate entities and combined to recreate the original cryptographic key 3.27 SSCD provision service service that prepares and provides a
45、SSCD to subscribers PD CEN/TS 419221-1:2016 CEN/TS 419221-1:2016 (E) 9 3.28 subject entity identified in a certificate as the holder of the private key associated with the public key given in the certificate (defined in ETSI EN 319 411-2 3) Note 1 to entry: The subject may be a subscriber acting on
46、its own behalf. 3.29 subscriber entity subscribing with a trust service provider who is legally bound to any subscriber obligations (defined in ETSI EN 319 401 4) 3.30 subscriber Signature-Creation Data subscriber-SCD SCD which is used by the Subscriber (the signatory) for the creation of qualified
47、electronic signatures by means of a SSCD 3.31 subscriber Secure Signature-Creation Device subscriber-SSCD SSCD that contains the Subscriber-SCD (imported from the TOE) and which is used by the Subscriber (the signatory) for the creation of qualified electronic signatures 3.32 subscriber Signature-Ve
48、rification Data subscriber-SVD SVD which corresponds to the Subscriber-SCD and which is used to verify the qualified electronic signature 3.33 system auditor of the CSP role in the IT environment of the TOE (certification service provider) authorized to view archives and audit logs of trustworthy sy
49、stems 3.34 Target of Evaluation TOE set of software, firmware and/or hardware possibly accompanied by guidance (as defined in ISO/IEC 15408-1) 3.35 trust service electronic services which enhances trust and confidence in electronic transactions 3.36 trust service provider provider of electronic services which enhances trust and confidence in electronic transactions 3.37 user entity (human user or external IT entity) outside the TOE that interacts with the TOE PD CEN/TS 419221-1:2016 CEN/TS 419221-1:2016 (E) 10 3.38 user data data crea