BS EN 419211-1-2014 Protection profiles for secure signature creation device Overview《安全签名生成设备的保护配置 综述》.pdf

上传人:towelfact221 文档编号:574419 上传时间:2018-12-13 格式:PDF 页数:26 大小:1.85MB
下载 相关 举报
BS EN 419211-1-2014 Protection profiles for secure signature creation device Overview《安全签名生成设备的保护配置 综述》.pdf_第1页
第1页 / 共26页
BS EN 419211-1-2014 Protection profiles for secure signature creation device Overview《安全签名生成设备的保护配置 综述》.pdf_第2页
第2页 / 共26页
BS EN 419211-1-2014 Protection profiles for secure signature creation device Overview《安全签名生成设备的保护配置 综述》.pdf_第3页
第3页 / 共26页
BS EN 419211-1-2014 Protection profiles for secure signature creation device Overview《安全签名生成设备的保护配置 综述》.pdf_第4页
第4页 / 共26页
BS EN 419211-1-2014 Protection profiles for secure signature creation device Overview《安全签名生成设备的保护配置 综述》.pdf_第5页
第5页 / 共26页
点击查看更多>>
资源描述

1、BSI Standards PublicationBS EN 419211-1:2014Protection profiles for securesignature creation devicePart 1: OverviewBS EN 419211-1:2014 BRITISH STANDARDNational forewordThis British Standard is the UK implementation of EN 419211-1:2014.The UK participation in its preparation was entrusted to Technica

2、lCommittee IST/17, Cards and personal identification.A list of organizations represented on this committee can beobtained on request to its secretary.This publication does not purport to include all the necessaryprovisions of a contract. Users are responsible for its correctapplication. The British

3、Standards Institution 2014. Published by BSI StandardsLimited 2014ISBN 978 0 580 74075 6ICS 35.240.15Compliance with a British Standard cannot confer immunity fromlegal obligations.This British Standard was published under the authority of theStandards Policy and Strategy Committee on 31 October 201

4、4.Amendments issued since publicationDate Text affectedBS EN 419211-1:2014EUROPEAN STANDARD NORME EUROPENNE EUROPISCHE NORM EN 419211-1 October 2014 ICS 35.240.15 Supersedes CWA 14169:2004English Version Protection profiles for secure signature creation device - Part 1: Overview Profils de protectio

5、n pour dispositif scuris de cration de signature lectronique - Partie 1: Prsentation gnrale Schutzprofile fr sichere Signaturerstellungseinheiten - Teil 1: berblick This European Standard was approved by CEN on 25 July 2014. CEN members are bound to comply with the CEN/CENELEC Internal Regulations w

6、hich stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN member. This

7、European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management Centre has the same status as the official versions. CEN member

8、s are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal

9、, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels 2014 CEN All rights of exploitation in any form

10、and by any means reserved worldwide for CEN national Members. Ref. No. EN 419211-1:2014 EBS EN 419211-1:2014EN 419211-1:2014 (E) 2 Contents Page Foreword 3 Introduction .4 1 Scope 5 2 Normative references 5 3 Terminology .5 3.1 Legislative references .5 3.2 Technical terms5 4 Abbreviated terms .8 5

11、Protection Profile Overview 8 6 Target of Evaluation 9 6.1 General 9 6.2 Functions of an SSCD 10 6.3 TOE life cycle 12 6.4 Operations of the TOE 14 7 TOE definitions . 15 7.1 General . 15 7.2 TOE with key generation 15 7.3 TOE with key import . 16 7.4 TOE with key generation and trusted channel to c

12、ertificate generation application 16 7.5 TOE with trusted channel to signature creation application . 16 Annex A (informative) Comparison with CWA 14169:2004, Annex C . 20 A.1 General . 20 A.2 Technical Differences . 20 Bibliography . 21 BS EN 419211-1:2014EN 419211-1:2014 (E) 3 Foreword This docume

13、nt (EN 419211-1:2014) has been prepared by Technical Committee CEN/TC 224 “Personal identification, electronic signature and cards and their related systems and operations”, the secretariat of which is held by AFNOR. This European Standard shall be given the status of a national standard, either by

14、publication of an identical text or by endorsement, at the latest by April 2015 and conflicting national standards shall be withdrawn at the latest by April 2015. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN and/or CENELEC

15、shall not be held responsible for identifying any or all such patent rights. This document supersedes CWA 14169:2004. Significant changes between this edition and CWA 14169:2004 can be found in Annex A. This document has been prepared under a mandate given to CEN by the European Commission and the E

16、uropean Free Trade Association. According to the CEN-CENELEC Internal Regulations, the national standards organizations of the following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Re

17、public of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. BS EN 419211-1:2014EN 419211-1:2014 (E) 4 Introduction

18、This series of European Standards specifies Protection Profiles for Secure Signature Creation Devices and is issued by the European Committee for Standardization (CEN) as an update of the Electronic Signatures (E-SIGN) CEN workshop agreement (CWA) 14169:2004, Annex C on the protection profile secure

19、 signature creation devices, “EAL 4+”. This series of European Standards consists of the following parts: Part 1: Overview Part 2: Device with key generation Part 3: Device with key import Part 4: Extension for device with key generation and trusted communication with certificate generation applicat

20、ion Part 5: Extension for device with key generation and trusted communication with signature creation application Part 6: Extension for device with key import and trusted communication with signature creation application Preparation of the documents in this series of European Standards as protectio

21、n profiles follows the rules of the Common Criteria version 3.1 (2, 3 and 4). BS EN 419211-1:2014EN 419211-1:2014 (E) 5 1 Scope This European Standard: specifies terms used in specifying protection profiles for secure signature creation devices, specifies functional and operational requirements for

22、secure signature creation devices, describes the targets of evaluation for these protection profiles. 2 Normative references Not applicable. 3 Terminology For the purposes of this document, the following terms and definitions apply. 3.1 Legislative references This European Standard reflects the requ

23、irement of a European Directive in the technical terms of a protection profile. The following terms are used in the text to reference this Directive: 3.1.1 the Directive Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on “a Community framework for electronic si

24、gnatures” 1 Note 1 to entry: References in this document to a specific article and paragraph of Directive 1999/93/EC are of the form “(the Directive: n.m)”. 3.1.2 annex one of the annexes, Annex I, Annex II or Annex III of the Directive 3.2 Technical terms 3.2.1 administrator user who performs TOE i

25、nitialization, TOE personalization, or other TOE administrative functions 3.2.2 advanced electronic signature digital signature which meets specific requirements in the Directive: 2.2 Note 1 to entry: According to the Directive a digital signature qualifies as an advanced electronic signature if it:

26、 is uniquely linked to the signatory; is capable of identifying the signatory; is created using means that the signatory can maintain under their sole control; and is linked to the data to which it relates in such a manner that any subsequent change of the data are detectable. BS EN 419211-1:2014EN

27、419211-1:2014 (E) 6 3.2.3 authentication data information used to verify the claimed identity of a user 3.2.4 certificate digital signature used as electronic attestation binding signature verification data to a person confirming the identity of that person as legitimate signer (the directive: 2.9)

28、3.2.5 certificate info information associated with an SCD/SVD pair that may be stored in a secure signature creation device Note 1 to entry: Certificate info may include: a signers public key certificate, or one or more hash values of a signers public key certificate together with an identifier of t

29、he hash function used to compute the hash values, or a public key certificate as defined in X.509. Note 2 to entry: Certificate info may contain information to allow the user to distinguish between several certificates. 3.2.6 certificate generation application CGA collection of application component

30、s that receive the SVD from the SSCD to generate a certificate obtaining data to be included in the certificate and to create a digital signature of the certificate 3.2.7 certification service provider CSP entity that issues certificates or provides other services related to electronic signatures (t

31、he Directive: 2.11) 3.2.8 data to be signed DTBS all of the electronic data to be signed including a user message and signature attributes 3.2.9 data to be signed or its unique representation DTBS/R data received by a secure signature creation device as input in a single signature creation operation

32、 Note 1 to entry: Examples of DTBS/R are: a hash value of the data to be signed (DTBS), or an intermediate hash value of a first part of the DTBS complemented with a remaining part of the DTBS, or the DTBS. 3.2.10 legitimate user user of a secure signature creation device who gains possession of it

33、from an SSCD-provisioning service provider and who can be authenticated by the SSCD as its signatory BS EN 419211-1:2014EN 419211-1:2014 (E) 7 3.2.11 qualified certificate public key certificate that meets the requirements laid down in Annex I and that is provided by a CSP that fulfils the requireme

34、nts laid down in Annex II (the Directive: 2.10) 3.2.12 qualified electronic signature an advanced electronic signature which is based on a qualified certificate and which is created by an SSCD 3.2.13 reference authentication data RAD data persistently stored by the TOE for authentication of the sign

35、atory 3.2.14 secure signature creation device SSCD a signature-creation device which meets the requirements laid down in Annex III Note 1 to entry: An SSCD may be evaluated according to the security target conforming to a PP as defined in the series of European Standards. 3.2.15 signatory a person w

36、ho holds (and is a legitimate user) of an SSCD and acts either on their own behalf or on behalf of the natural or legal person or entity they represent 3.2.16 signature creation application SCA application complementing an SSCD with a user interface with the purpose to create an electronic signature

37、 3.2.17 signature creation data SCD unique data, such as codes or private cryptographic keys, which are used by the signatory to create an electronic signature Note 1 to entry: For the PPs of this standard the SCD is held in the SSCD. 3.2.18 signature creation system SCS complete system that creates

38、 an electronic signature consisting of an SCA and an SSCD 3.2.19 signature verification data SVD data, such as codes or public cryptographic keys, which are used for the purpose of verifying an electronic signature 3.2.20 SSCD-provisioning service service to prepare and provide an SSCD to a subscrib

39、er and to support the signatory with certification of generated keys and administrative functions of the SSCD BS EN 419211-1:2014EN 419211-1:2014 (E) 8 3.2.21 user entity (human user or external IT entity) outside the TOE that interacts with the TOE 3.2.22 user message data determined by the signato

40、ry as the correct input for signing 3.2.23 verification authentication data VAD data input to an SSCD for authentication of the signatory 4 Abbreviated terms CC Common Criteria aCGA certificate generation application DTBS data to be signed DTBS/R data to be signed or its unique representation EAL ev

41、aluation assurance level aIT information technology PP protection profile aRAD reference authentication data SCA signature creation application SCD signature creation data SCS signature creation system SDO signed data object SFP security Function Policy SSCD secure signature creation device ST secur

42、ity Target aSVD signature verification data TOE target of evaluation aTSF TOE security functionality aVAD verification authentication data aSee Bibliography 2, 3, 4 for details on the specification of Common Criteria. 5 Protection Profile Overview This series of documents constitutes a suite of prot

43、ection profiles, which are established by CEN as European Standards for products to create electronic signatures. They fulfil requirements of Directive1)1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures. 1) This European D

44、irective is referred to in this series of protection profiles as “the Directive”. BS EN 419211-1:2014EN 419211-1:2014 (E) 9 In accordance with Article 9 of this European Directive these standards can be indicated by the European Commission in the Official Journal of the European Communities as gener

45、ally recognized standards for electronic signature products. These protection profiles formally specify the security functional and assurance requirements defined in Annex III of the Directive for a secure signature creation device (SSCD). This secure signature creation device is the target of evalu

46、ation (TOE) for the protection profiles. European Union Member States may presume that there is compliance with the requirements laid down in Annex III of the Directive when an electronic signature product is evaluated to a Security Target (ST) that is compliant with one or more of the Protection Pr

47、ofiles (PPs) of this standard. For an electronic signature product that has been evaluated according to Common Criteria (version 3.1) as conforming to a Security Target (ST) that is compliant with one or more of these Protection Profiles (PP) this European Standard implies that European Union Member

48、 States shall presume compliance with the requirements in Annex III of the Directive for that product. Part 2 of this series of European Standards specifies a protection profile for an SSCD that performs its core operations including the generation of signature keys in the device. An SSCD that fulfi

49、ls only the security requirements in this protection profile shall be operated by the signatory in a secure environment to create either an advanced electronic signature or a qualified electronic signature. The target of evaluation for this protection profile is defined in 7.2 and shown in Figure 2. Part 3 of this series of European Standards specifies a protection profile for an SSCD that performs its core operations including import of the signature key generated in a trusted manner outside the device. An SSCD that fulfils

展开阅读全文
相关资源
  • BS ISO IEC 29150-2011 Information technology Security techniques Signcryption《信息技术 安全技术 签密》.pdfBS ISO IEC 29150-2011 Information technology Security techniques Signcryption《信息技术 安全技术 签密》.pdf
  • BS ISO IEC 15408-1-2009 Information technology - Security techniques - Evaluation criteria for IT Security - Introduction and general model《信息技术 安全技术 IT安全评价准则 一.pdfBS ISO IEC 15408-1-2009 Information technology - Security techniques - Evaluation criteria for IT Security - Introduction and general model《信息技术 安全技术 IT安全评价准则 一.pdf
  • BS ISO 7295-1988+A1-2014 Tyre valves for aircraft Interchangeability dimensions《飞机轮胎汽门嘴 互换性尺寸》.pdfBS ISO 7295-1988+A1-2014 Tyre valves for aircraft Interchangeability dimensions《飞机轮胎汽门嘴 互换性尺寸》.pdf
  • BS ISO 15118-1-2013 Road vehicles Vehicle to grid communication interface General information and use-case definition《道路车辆 车辆到电力通讯接口 通用信息和使用案例定义》.pdfBS ISO 15118-1-2013 Road vehicles Vehicle to grid communication interface General information and use-case definition《道路车辆 车辆到电力通讯接口 通用信息和使用案例定义》.pdf
  • BS ISO 13765-2-2004 Refractory mortars - Determination of consistency using the reciprocating flow table method《耐熔灰浆 使用往复流动表法测定一致性》.pdfBS ISO 13765-2-2004 Refractory mortars - Determination of consistency using the reciprocating flow table method《耐熔灰浆 使用往复流动表法测定一致性》.pdf
  • BS ISO 10998-2008+A1-2014 Agricultural tractors Requirements for steering《农业拖拉机 操纵要求》.pdfBS ISO 10998-2008+A1-2014 Agricultural tractors Requirements for steering《农业拖拉机 操纵要求》.pdf
  • BS Z 9-1998 Space data and information transfer systems - Advanced orbiting systems - Networks and data links - Architectural specification《空间数据和信息传输系统 高级轨道系统 网络和数据链接 结构规范》.pdfBS Z 9-1998 Space data and information transfer systems - Advanced orbiting systems - Networks and data links - Architectural specification《空间数据和信息传输系统 高级轨道系统 网络和数据链接 结构规范》.pdf
  • BS Z 7-1998 Space data and information transfer systems - ASCII encoded English《空间数据和信息传输系统 ASCII 编码英语》.pdfBS Z 7-1998 Space data and information transfer systems - ASCII encoded English《空间数据和信息传输系统 ASCII 编码英语》.pdf
  • BS Z 5-1997 Space data and information transfer systems - Standard formatted data units - Control authority procedures《航天数据和信息发送系统 标准格式数据单元 控制授权程序》.pdfBS Z 5-1997 Space data and information transfer systems - Standard formatted data units - Control authority procedures《航天数据和信息发送系统 标准格式数据单元 控制授权程序》.pdf
  • BS Z 4-1997 Space data and information transfer systems - Standard formatted data units - Structure and construction rules《航天数据和信息传输系统 标准格式数据单元 结构和构造规则》.pdfBS Z 4-1997 Space data and information transfer systems - Standard formatted data units - Structure and construction rules《航天数据和信息传输系统 标准格式数据单元 结构和构造规则》.pdf
  • 猜你喜欢
  • BS ISO TR 11552-1998 Lasers and laser-related equipment - Laser materials-processing machines - Performance specifications and benchmarks for cutting of metals《激光和与激光相关的设备.pdf BS ISO TR 11552-1998 Lasers and laser-related equipment - Laser materials-processing machines - Performance specifications and benchmarks for cutting of metals《激光和与激光相关的设备.pdf
  • BS ISO TR 11696-2-2000 Uses of reaction to fire test results - Fire hazard assessment of construction products《着火试验结果在防火技术中的应用 建筑产品的火灾评定》.pdf BS ISO TR 11696-2-2000 Uses of reaction to fire test results - Fire hazard assessment of construction products《着火试验结果在防火技术中的应用 建筑产品的火灾评定》.pdf
  • BS ISO TR 11761-1996 Light-gauge metal containers - Round open-top cans - Classification of can sizes by construction type《薄壁金属容器 顶部开口的圆罐头盒 根据结构型式对罐头盒规格的分类》.pdf BS ISO TR 11761-1996 Light-gauge metal containers - Round open-top cans - Classification of can sizes by construction type《薄壁金属容器 顶部开口的圆罐头盒 根据结构型式对罐头盒规格的分类》.pdf
  • BS ISO TR 11762-1996 Light-gauge metal containers - Round open-top cans for liquid products with added gas - Classification of can sizes by construction type《薄壁金属容器 用于充气液体.pdf BS ISO TR 11762-1996 Light-gauge metal containers - Round open-top cans for liquid products with added gas - Classification of can sizes by construction type《薄壁金属容器 用于充气液体.pdf
  • BS ISO TR 11776-1996 Light gauge metal containers - Non-round open-top cans - Cans defined by their nominal capacities《薄壁金属容器 非圆形顶开口罐 根据其标称容量规定的罐头盒》.pdf BS ISO TR 11776-1996 Light gauge metal containers - Non-round open-top cans - Cans defined by their nominal capacities《薄壁金属容器 非圆形顶开口罐 根据其标称容量规定的罐头盒》.pdf
  • BS ISO TR 11925-1-1999 Reaction to fire tests - Ignitability of building products subjected to direct impingement of flame - Guidance on ignitability《对火焰试验的反应 直接接触火焰的建筑产品的.pdf BS ISO TR 11925-1-1999 Reaction to fire tests - Ignitability of building products subjected to direct impingement of flame - Guidance on ignitability《对火焰试验的反应 直接接触火焰的建筑产品的.pdf
  • BS ISO TR 11991-1997 Guidance on airway management during laser surgery of upper airway《上导气管激光外科手术时导气管的管理指南》.pdf BS ISO TR 11991-1997 Guidance on airway management during laser surgery of upper airway《上导气管激光外科手术时导气管的管理指南》.pdf
  • BS ISO TR 12031-2000 Micrographics - Inspection of silver-gelatin microforms for evidence of deterioration《缩微照相 对胶合银缩微品进行的衰变证据检验》.pdf BS ISO TR 12031-2000 Micrographics - Inspection of silver-gelatin microforms for evidence of deterioration《缩微照相 对胶合银缩微品进行的衰变证据检验》.pdf
  • BS ISO TR 12391-1-2002 Gas cylinders - Refillable seamless steel - Performance tests - Philosophy background and conclusions《气瓶 可再充填的无缝钢瓶 性能试验 基本原理、背景和结论》.pdf BS ISO TR 12391-1-2002 Gas cylinders - Refillable seamless steel - Performance tests - Philosophy background and conclusions《气瓶 可再充填的无缝钢瓶 性能试验 基本原理、背景和结论》.pdf
  • 相关搜索

    当前位置:首页 > 标准规范 > 国际标准 > BS

    copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
    备案/许可证编号:苏ICP备17064731号-1