BS EN 419211-2-2013 Protection profiles for secure signature creation device Device with key generation《安全签名创造设备的保护 带密钥生成的设备》.pdf

上传人:towelfact221 文档编号:574420 上传时间:2018-12-13 格式:PDF 页数:46 大小:1.21MB
下载 相关 举报
BS EN 419211-2-2013 Protection profiles for secure signature creation device Device with key generation《安全签名创造设备的保护 带密钥生成的设备》.pdf_第1页
第1页 / 共46页
BS EN 419211-2-2013 Protection profiles for secure signature creation device Device with key generation《安全签名创造设备的保护 带密钥生成的设备》.pdf_第2页
第2页 / 共46页
BS EN 419211-2-2013 Protection profiles for secure signature creation device Device with key generation《安全签名创造设备的保护 带密钥生成的设备》.pdf_第3页
第3页 / 共46页
BS EN 419211-2-2013 Protection profiles for secure signature creation device Device with key generation《安全签名创造设备的保护 带密钥生成的设备》.pdf_第4页
第4页 / 共46页
BS EN 419211-2-2013 Protection profiles for secure signature creation device Device with key generation《安全签名创造设备的保护 带密钥生成的设备》.pdf_第5页
第5页 / 共46页
点击查看更多>>
资源描述

1、BSI Standards PublicationBS EN 419211-2:2013Protection profiles for securesignature creation devicePart 2: Device with key generationBS EN 419211-2:2013 BRITISH STANDARDNational forewordThis British Standard is the UK implementation of EN 419211-2:2013.The UK participation in its preparation was ent

2、rusted to TechnicalCommittee IST/17, Cards and personal identification.A list of organizations represented on this committee can beobtained on request to its secretary.This publication does not purport to include all the necessaryprovisions of a contract. Users are responsible for its correctapplica

3、tion. The British Standards Institution 2013. Published by BSI StandardsLimited 2013ISBN 978 0 580 70180 1ICS 03.160; 35.040; 35.240.15Compliance with a British Standard cannot confer immunity fromlegal obligations.This British Standard was published under the authority of theStandards Policy and St

4、rategy Committee on 31 July 2013.Amendments issued since publicationDate Text affectedBS EN 419211-2:2013EUROPEAN STANDARD NORME EUROPENNE EUROPISCHE NORM EN 419211-2 July 2013 ICS 03.160; 35.040; 35.240.15 Supersedes CWA 14169:2004English Version Protection profiles for secure signature creation de

5、vice - Part 2: Device with key generation Profils de protection des dispositifs scuriss de cration de signature - Partie 2: Dispositif avec gnration de cl Schutzprofile fr sichere Signaturerstellungseinheiten - Teil 2: Gerte mit Schlsselerzeugung This European Standard was approved by CEN on 8 May 2

6、013. CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained

7、 on application to the CEN-CENELEC Management Centre or to any CEN member. This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CEN member into its own language and notified to the CEN-CE

8、NELEC Management Centre has the same status as the official versions. CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, It

9、aly, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG Management Centre: Avenue Marnix

10、17, B-1000 Brussels 2013 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. EN 419211-2:2013: EBS EN 419211-2:2013EN 419211-2:2013 (E) 2 Contents Page Foreword 3 1 Scope 4 2 Normative references 4 3 Conventions and terminology 4 4 PP int

11、roduction 4 5 Conformance claims 11 6 Security problem definition . 11 7 Security objectives . 13 8 Extended components definition 20 9 Security requirements 21 Bibliography . 42 BS EN 419211-2:2013EN 419211-2:2013 (E) 3 Foreword This document (EN 419211-2:2013) has been prepared by Technical Commit

12、tee CEN/TC 224 “Personal identification, electronic signature and cards and their related systems and operations”, the secretariat of which is held by AFNOR. This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the

13、latest by January 2014, and conflicting national standards shall be withdrawn at the latest by January 2014. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN and/or CENELEC shall not be held responsible for identifying any or a

14、ll such patent rights. This document supersedes CWA 14169:2004. This document was submitted to the Enquiry procedure under reference prEN 14169-2. The EN 419211 series consists of the following parts: Part 1: Overview Part 2: Device with key generation Part 3: Device with key import Part 4: Extensio

15、n for device with key generation and trusted channel to certificate generation application Part 5: Extension for device with key generation and trusted channel to signature creation application Part 6: Extension for device with key import and trusted channel to signature creation application Prepara

16、tion of this document as a protection profile (PP) follows the rules of ISO/IEC 15408-1. Correspondence and comments regarding this protection profile about secure signature creation device with key generation (PP SSCD KG) can be referred to the CEN/TC 224 Secretary. According to the CEN-CENELEC Int

17、ernal Regulations, the national standards organisations of the following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland,

18、Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. BS EN 419211-2:2013EN 419211-2:2013 (E) 4 1 Scope This European Standard specifies a protection profile for a secure si

19、gnature creation device that may generate signing keys internally: secure signature creation device with key generation (SSCD KG). 2 Normative references The following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated ref

20、erences, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. prEN 419211-1, Protection profiles for secure signature creation device Part 1: Overview1)ISO/IEC 15408-1:20092)Information technology Security technique

21、s Evaluation criteria for IT security Part 1: Introduction and general model ISO/IEC 15408-22), Information technology Security techniques Evaluation criteria for IT security Part 2: Security functional components ISO/IEC 15408-32), Information technology Security techniques Evaluation criteria for

22、IT security Part 3: Security assurance components 3 Conventions and terminology 3.1 Conventions The content and structure of this document follow the rules and conventions laid out in ISO/IEC 15408-1. Normative aspects of content in this European Standard are specified according to the Common Criter

23、ia rules and not specifically identified by “shall”. 3.2 Terms and definitions For the purposes of this document, the acronyms, terms and definitions given in prEN 419211-1 apply. 4 PP introduction 4.1 PP reference Title: Protection profiles for secure signature creation device Part 2: Device with k

24、ey generation Version: 2.0.1. Author: CEN (TC224/WG17) Publication date: 2013 Registration: BSI-CC-PP-0059-2009-MA-01 CC version: 3.1 Revision 3 1) To be published. This document was submitted to the Enquiry procedure under reference prEN 14169-1. 2) ISO/IEC 15408-1, -2 and -3 respectively correspon

25、d to Common Criteria for Information Technology Security Evaluation, Parts 1, 2 and 3. BS EN 419211-2:2013EN 419211-2:2013 (E) 5 Editor: Arnold Abromeit, TV Informationstechnik GmbH General status: final draft Keywords: secure signature creation device, electronic signature, digital signature 4.2 PP

26、 overview This Protection Profile is established by CEN as a European standard for products to create electronic signatures. It fulfils requirements of Directive 1999/93/EC3)of the European Parliament and of the Council of 13 December 1999 on a community framework for electronic signatures. In accor

27、dance with Article 9 of this European Directive, this standard can be indicated by the European Commission in the Official Journal of the European Union as a generally recognised standard for electronic signature products. This protection profile defines security functional requirements and security

28、 assurance requirements that comply with those defined in Annex III of the directive for a secure signature creation device (SSCD). This secure signature creation device is the target of evaluation (TOE) for this protection profile. European Union Member States may presume that there is compliance w

29、ith the requirements laid down in Annex III of the directive when an electronic signature product is evaluated to a Security Target (ST) that is compliant with this Protection Profile (PP). This Protection Profile describes core security requirements for a secure device that can generate a signing k

30、ey4)(signature creation data, SCD) and operates to create electronic signatures with the generated key. A device evaluated according to this protection profile and used in the specified environments can be trusted to create any type of digital signature. As such, this PP can be used for any device t

31、hat has been configured to create a digital signature. Specifically this PP allows the qualification of a product as a device for creating an advanced electronic signature as defined in the directive. After an SSCD has generated a signing key, the corresponding public key (signature verification dat

32、a, SVD) has to be provided as input to a certificate generation application (CGA). Security requirements for export of the SVD are described in a protection profile that extends this PP (prEN 419211-4, Protection profiles for secure signature creation device Part 4: Extension for device with key gen

33、eration and trusted channel to certificate generation application)5)and not in this document. When operated in a secure environment for signature creation a signer may use an SSCD that fulfils only these core security requirements to create an advanced electronic signature.6)Security requirements fo

34、r an SSCD used in environments where the communication between SSCD and the signature creation application (SCA) is assumed to be protected by the SSCD and the SCA are described in a separate protection profile that extend this PP (prEN 419211-5, Protection profiles for secure signature creation dev

35、ice Part 5: Extension for device with key generation and trusted channel to signature creation application)7)and not in this document. These extended Protection Profiles claim conformance to this PP. 3) This European Directive is referred to in this PP as “the directive”. 4) An SSCD that can generat

36、e its own SCD/SVD was defined in the previous version of this PP (CWA 14169) as a Type 3 SSCD. The notion of types does not exist anymore in this series of ENs. In order to refer to the same functionality, a reference to EN 419211-2 (i.e. Part 2) should be used. 5) This document was submitted to the

37、 Enquiry procedure under reference prEN 14169-4. 6) An advanced electronic signature is defined as an electronic signature created by an SSCD using a public key with a public key certificate created as specified in the directive. 7) This document was submitted to the Enquiry procedure under referenc

38、e prEN 14169-5. BS EN 419211-2:2013EN 419211-2:2013 (E) 6 The assurance level for this PP is EAL4 augmented with AVA_VAN.5. 4.3 TOE overview 4.3.1 Operation of the TOE This section presents a functional overview of the TOE in its distinct operational environments: The preparation environment, where

39、it interacts with a certification service provider through a certificate generation application (CGA) to obtain a certificate for the signature validation data (SVD) corresponding with the SCD the TOE has generated. The initialisation environment interacts further with the TOE to personalise it with

40、 the initial value of the reference authentication data (RAD). The signing environment where it interacts with a signer through a signature creation application (SCA) to sign data after authenticating the signer as its signatory. The signature creation application provides the data to be signed (DTB

41、S), or a unique representation thereof (DTBS/R) as input to the TOE signature creation function and obtains the resulting digital signature8). The management environments where it interacts with the user or an SSCD-provisioning service provider to perform management operations, e.g. for the signator

42、y to reset a blocked RAD. A single device, e.g. a smart card terminal, may provide the required secure environment for management and signing. The signing environment, the management environment and the preparation environment are secure and protect data exchanged with the TOE. Figure 2 in Part 1 of

43、 this standard illustrates the operational environment. The TOE stores signature creation data and reference authentication data. The TOE may store multiple instances of SCD. In this case, the TOE provides a function to identify each SCD and the SCA can provide an interface to the signer to select a

44、n SCD for use in the signature creation function of the SSCD. The TOE protects the confidentiality and integrity of the SCD and restricts its use in signature creation to its signatory. The digital signature created by the TOE may be used to create an advanced electronic signature as defined in Arti

45、cle 5.1 of the directive. Determining the state of the certificate as qualified is beyond the scope of this standard. The signature creation application is assumed to protect the integrity of the input it provides to the TOE signature creation function as being consistent with the user data authoris

46、ed for signing by the signatory. Unless implicitly known to the TOE, the SCA indicates the kind of the signing input (as DTBS/R) it provides and computes any hash values required. The TOE may augment the DTBS/R with signature parameters it stores and then computes a hash value over the input as need

47、ed by the kind of input and the used cryptographic algorithm. The TOE stores signatory reference authentication data to authenticate a user as its signatory. The RAD is a password, e.g. PIN, a biometric template or a combination of these. The TOE protects the confidentiality and integrity of the RAD

48、. The TOE may provide a user interface to directly receive verification authentication data (VAD) from the user; alternatively, the TOE receive the VAD from the signature creation application. If the signature creation application handles, is requesting or obtaining a VAD from the user, it is assume

49、d to protect the confidentiality and integrity of this data. A certification service provider and a SSCD-provisioning service provider interact with the TOE in the secure preparation environment to perform any preparation function of the TOE required before control of the TOE is given to the legitimate user. These functions may include: 8) At a pure functional level the SSCD creates a digital signature; for an implementation of the SSCD, in that meeting the requirements of this PP and with the key certificate created as specifie

展开阅读全文
相关资源
  • BS ISO IEC 29150-2011 Information technology Security techniques Signcryption《信息技术 安全技术 签密》.pdfBS ISO IEC 29150-2011 Information technology Security techniques Signcryption《信息技术 安全技术 签密》.pdf
  • BS ISO IEC 15408-1-2009 Information technology - Security techniques - Evaluation criteria for IT Security - Introduction and general model《信息技术 安全技术 IT安全评价准则 一.pdfBS ISO IEC 15408-1-2009 Information technology - Security techniques - Evaluation criteria for IT Security - Introduction and general model《信息技术 安全技术 IT安全评价准则 一.pdf
  • BS ISO 7295-1988+A1-2014 Tyre valves for aircraft Interchangeability dimensions《飞机轮胎汽门嘴 互换性尺寸》.pdfBS ISO 7295-1988+A1-2014 Tyre valves for aircraft Interchangeability dimensions《飞机轮胎汽门嘴 互换性尺寸》.pdf
  • BS ISO 15118-1-2013 Road vehicles Vehicle to grid communication interface General information and use-case definition《道路车辆 车辆到电力通讯接口 通用信息和使用案例定义》.pdfBS ISO 15118-1-2013 Road vehicles Vehicle to grid communication interface General information and use-case definition《道路车辆 车辆到电力通讯接口 通用信息和使用案例定义》.pdf
  • BS ISO 13765-2-2004 Refractory mortars - Determination of consistency using the reciprocating flow table method《耐熔灰浆 使用往复流动表法测定一致性》.pdfBS ISO 13765-2-2004 Refractory mortars - Determination of consistency using the reciprocating flow table method《耐熔灰浆 使用往复流动表法测定一致性》.pdf
  • BS ISO 10998-2008+A1-2014 Agricultural tractors Requirements for steering《农业拖拉机 操纵要求》.pdfBS ISO 10998-2008+A1-2014 Agricultural tractors Requirements for steering《农业拖拉机 操纵要求》.pdf
  • BS Z 9-1998 Space data and information transfer systems - Advanced orbiting systems - Networks and data links - Architectural specification《空间数据和信息传输系统 高级轨道系统 网络和数据链接 结构规范》.pdfBS Z 9-1998 Space data and information transfer systems - Advanced orbiting systems - Networks and data links - Architectural specification《空间数据和信息传输系统 高级轨道系统 网络和数据链接 结构规范》.pdf
  • BS Z 7-1998 Space data and information transfer systems - ASCII encoded English《空间数据和信息传输系统 ASCII 编码英语》.pdfBS Z 7-1998 Space data and information transfer systems - ASCII encoded English《空间数据和信息传输系统 ASCII 编码英语》.pdf
  • BS Z 5-1997 Space data and information transfer systems - Standard formatted data units - Control authority procedures《航天数据和信息发送系统 标准格式数据单元 控制授权程序》.pdfBS Z 5-1997 Space data and information transfer systems - Standard formatted data units - Control authority procedures《航天数据和信息发送系统 标准格式数据单元 控制授权程序》.pdf
  • BS Z 4-1997 Space data and information transfer systems - Standard formatted data units - Structure and construction rules《航天数据和信息传输系统 标准格式数据单元 结构和构造规则》.pdfBS Z 4-1997 Space data and information transfer systems - Standard formatted data units - Structure and construction rules《航天数据和信息传输系统 标准格式数据单元 结构和构造规则》.pdf
  • 猜你喜欢
    相关搜索

    当前位置:首页 > 标准规范 > 国际标准 > BS

    copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
    备案/许可证编号:苏ICP备17064731号-1