1、PD CEN/TS 419221-1:2016Protection Profiles for TSPcryptographic modulesPart 1: OverviewBSI Standards PublicationWB11885_BSI_StandardCovs_2013_AW.indd 1 15/05/2013 15:06PD CEN/TS 419221-1:2016 PUBLISHED DOCUMENTNational forewordThis Published Document is the UK implementation of CEN/TS419221-1:2016.T
2、he UK participation in its preparation was entrusted to TechnicalCommittee IST/17, Cards and personal identification.A list of organizations represented on this committee can beobtained on request to its secretary.This publication does not purport to include all the necessaryprovisions of a contract
3、. Users are responsible for its correctapplication. The British Standards Institution 2016. Published by BSI StandardsLimited 2016ISBN 978 0 580 92182 7ICS 35.040; 35.240.30Compliance with a British Standard cannot confer immunity fromlegal obligations.This Published Document was published under the
4、 authority of theStandards Policy and Strategy Committee on 31 July 2016.Amendments issued since publicationDate Text affectedPD CEN/TS 419221-1:2016TECHNICAL SPECIFICATION SPCIFICATION TECHNIQUE TECHNISCHE SPEZIFIKATION CEN/TS 419221-1 July 2016 ICS 35.040; 35.240.30 Supersedes CWA 14167-1:2003Engl
5、ish Version Protection Profiles for TSP cryptographic modules - Part 1: Overview Profils de protection pour modules cryptographiques utiliss par les prestataires de services de confiance - Partie 1 : Vue densemble Schutzprofile fr kryptographische Module von vertrauenswrdigen Dienstanbietern - Teil
6、1: berblick This Technical Specification (CEN/TS) was approved by CEN on 8 May 2016 for provisional application. The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to submit their comments, particularly on the question whet
7、her the CEN/TS can be converted into a European Standard. CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS available promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in for
8、ce (in parallel to the CEN/TS) until the final decision about the possible conversion of the CEN/TS into an EN is reached. CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, F
9、rance, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES
10、 KOMITEE FR NORMUNG CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels 2016 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. CEN/TS 419221-1:2016 EPD CEN/TS 419221-1:2016CEN/TS 419221-1:2016 (E) 2 Contents Page European f
11、oreword . 3 Introduction 4 1 Scope 5 2 Normative references 5 3 Terms and definitions . 5 4 Protection profiles specified in CEN/TS 419221 10 4.1 General . 10 4.2 CEN/TS 419221-2: Cryptographic module for CSP signing operations with backup 10 4.3 CEN/TS 419221-3: Cryptographic module for CSP key gen
12、eration services 10 4.4 CEN/TS 419221-4: Cryptographic module for CSP signing operations without backup 10 4.5 CEN/TS 419221-5: Cryptographic Module for Trust Services . 10 Bibliography . 12 PD CEN/TS 419221-1:2016CEN/TS 419221-1:2016 (E) 3 European foreword This document (CEN/TS 419221-1:2016) has
13、been prepared by Technical Committee CEN/TC 224 “Personal identification and related personal devices with secure element, systems, operations and privacy in a multi sectorial environment”, the secretariat of which is held by AFNOR. This document supersedes CWA 14167-1:2003. This document has been p
14、repared under a mandate given to CEN by the European Commission and the European Free Trade Association. CEN/TS 419221, Protection Profiles for TSP cryptographic modules, is currently composed of the following parts: Part 1: Overview; Part 2: Cryptographic module for CSP signing operations with back
15、up; Part 3: Cryptographic module for CSP key generation services; Part 4: Cryptographic module for CSP signing operations without backup. According to the CEN/CENELEC Internal Regulations, the national standards organisations of the following countries are bound to announce this Technical Specificat
16、ion: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spa
17、in, Sweden, Switzerland, Turkey and the United Kingdom. PD CEN/TS 419221-1:2016CEN/TS 419221-1:2016 (E) 4 Introduction This multi-part standard specifies protection profiles for trust service provider cryptographic modules, as per common criteria (ISO/IEC 15408 series). Target applications include s
18、igning by certification service providers, as specified in Directive 1999/93, as well as supporting cryptographic services for use by trust service providers. PD CEN/TS 419221-1:2016CEN/TS 419221-1:2016 (E) 5 1 Scope This Technical Specification provides an overview of the protection profiles specif
19、ied in other parts of CEN/TS 419221. 2 Normative references The following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the ref
20、erenced document (including any amendments) applies. CEN/TS 419241, Security Requirements for Trustworthy Systems Supporting Server Signing ISO/IEC 15408 (all parts)1, Information technology Security techniques Evaluation criteria for IT security 3 Terms and definitions For the purposes of this docu
21、ment, the following terms and definitions apply. 3.1 administrator CSP user role that performs TOE initialization or other TOE administrative functions Note 1 to entry: These tasks are mapped to the Crypto-officer role of the TOE. 3.2 advanced electronic signature electronic signature which meets th
22、e following requirements (defined in Directive 1999/93/EC 1, Article 2.2): a) it is uniquely linked to the signatory; b) it is capable of identifying the signatory; c) it is created using means that the signatory can maintain under his sole control, and d) it is linked to the data to which it relate
23、s in such a manner that any subsequent change of the data are detectable 3.3 authentication data information used to verify the claimed identity of a user 1The following are equivalent to the aforementioned ISO/IEC 15408 standards: Common Criteria for Information Technology Security Evaluation, Part
24、 1: Introduction and General Model; Version 3.1, Revision 3. CCMB-2009-07-001, July 2009; Common Criteria for Information Technology Security Evaluation, Part 2: Security Functional Components; Version 3.1, Revision 3. CCMB-2009-07-002, July 2009; Common Criteria for Information Technology Security
25、Evaluation, Part 3: Security Assurance Components; Version 3.1, Revision 3. CCMB-2009-07-003, July 2009. PD CEN/TS 419221-1:2016CEN/TS 419221-1:2016 (E) 6 3.4 auditor user exporting the TOE audit data and reviewing the audit data with tools in the TOE environment 3.5 backup export of the CSP_SCD, th
26、e TSF data and the system data (backup data) sufficient to recreate the state of the TOE at the time the backup was created Note 1 to entry: Backup is the only function which is allowed to export CSP_SCD and only if backup package is implemented. 3.6 certificate electronic attestation which links th
27、e SVD to a person and confirms the identity of that person (defined in Directive 1999/93/EC 1, Article 2.9) 3.7 certificate generation application CGA collection of application elements which requests the SVD from the device generating the SCD/SVD pair for generation of the qualified certificate Not
28、e 1 to entry: The CGA stipulates the generation of a correspondent SCD/SVD pair, if the requested SVD has not been generated by the SCD/SVD generation device yet. The CGA verifies the authenticity of the SVD by means of (a) the SSCD proof of correspondence between SCD and SVD and (b) checking the se
29、nder and integrity of the received SVD. 3.8 certification-service-provider CSP entity or a legal or natural person who issues certificates or provides other services related to electronic signatures (defined in Directive 1999/93/EC 1, Article 2.11) Note 1 to entry: In common usage this is often refe
30、rred to as Certification Authority (CA). A CSP is a type of TSP. 3.9 cryptographic module set of hardware, software and firmware used to generate the Subscriber-SCD/Subscriber-SVD pair and which represents the TOE 3.10 CSP signature creation data CSP_SCD SCD which is used by the CSP, e.g. for the cr
31、eation of advanced electronic signatures in qualified certificates or for signing certificate status information 3.11 CSP signature verification data CSP_SVD SVD which corresponds to the CSP_SCD and which is used to verify the advanced electronic signature in the qualified certificate or the certifi
32、cate status information PD CEN/TS 419221-1:2016CEN/TS 419221-1:2016 (E) 7 3.12 data to be signed DTBS complete electronic data to be signed, such as QC content data or certificate status information 3.13 data to be signed representation DTBS-representation data sent to the TOE for signing which is:
33、a) a hash-value of the DTBS or b) an intermediate hash-value of a first part of the DTBS and a remaining part of the DTBS or c) the DTBS itself Note 1 to entry: The client indicates to the TOE the case of DTBS-representation, unless implicitly indicated. The hash-value in Case a) or the intermediate
34、 hash-value in Case b) is calculated by the client. The final hash-value in Case b) or the hash-value in Case c) is calculated by the TOE. 3.14 digital signature data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integ
35、rity of that unit and protect against forgery e.g. by the recipient 3.15 Directive Directive 1999/93/EC of the European parliament and of the council of 13 December 1999 on a Community framework for electronic signatures 1, which is also referred to as the “Directive” in the remainder of the PP 3.16
36、 dual person control special form of access control of a task which requires at least two users with different identities to be authenticated and authorized to the defined roles at the time this task is to be performed 3.17 hardware security module HSM cryptographic module used to generate the advan
37、ced signature in qualified certificates and which represents the TOE 3.18 list of approved algorithms and parameters approved cryptographic algorithms and parameters for secure signature-creation devices that needs to be in accordance with national guidance, and subject to each Certification Body No
38、te 1 to entry: Notwithstanding, recommendations for algorithms and parameters for secure electronic signatures are given in ETSI/TS 119 312 2. PD CEN/TS 419221-1:2016CEN/TS 419221-1:2016 (E) 8 3.19 qualified certificate QC certificate which meets the requirements laid down in Annex I of the Directiv
39、e 1 and is provided by a CSP who fulfils the requirements laid down in Annex II of the Directive 1 (defined in the Directive 1, Article 2.10) 3.20 reference authentication data RAD data persistently stored by the TOE for verification of the authentication attempt as authorized user 3.21 restore impo
40、rt of the backup data to recreate the state of the TOE at the time the backup was created 3.22 secure signature-creation device SSCD configured software or hardware which is used to implement the SCD and which meets the requirements laid down in Annex III of the Directive 1. (defined in the Directiv
41、e 1, Articles 2.5 and 2.6) 3.23 side-channel illicit information flow in result of the physical behaviour of the technical implementation of the TOE Note 1 to entry: Side-channels are limited to interfaces not intended for data output like power consumption, timing of any signals and radiation. Side
42、-channels might be enforced by influencing the TOE behaviour from outside. 3.24 signature-creation data SCD unique data, such as codes or private cryptographic keys, which are used by the signatory to create an electronic signature (defined in the Directive 1, Article 2.4) 3.25 signature-verificatio
43、n data SVD data, such as codes or public cryptographic keys, which are used for the purpose of verifying an electronic signature (defined in the Directive 1, Article 2.7) 3.26 split knowledge procedure for key import process by which a cryptographic key is split into multiple key components, individ
44、ually sharing no knowledge of the original key, that can be subsequently input into, or output from, a cryptographic module by separate entities and combined to recreate the original cryptographic key 3.27 SSCD provision service service that prepares and provides a SSCD to subscribers PD CEN/TS 4192
45、21-1:2016CEN/TS 419221-1:2016 (E) 9 3.28 subject entity identified in a certificate as the holder of the private key associated with the public key given in the certificate (defined in ETSI EN 319 411-2 3) Note 1 to entry: The subject may be a subscriber acting on its own behalf. 3.29 subscriber ent
46、ity subscribing with a trust service provider who is legally bound to any subscriber obligations (defined in ETSI EN 319 401 4) 3.30 subscriber Signature-Creation Data subscriber-SCD SCD which is used by the Subscriber (the signatory) for the creation of qualified electronic signatures by means of a
47、 SSCD 3.31 subscriber Secure Signature-Creation Device subscriber-SSCD SSCD that contains the Subscriber-SCD (imported from the TOE) and which is used by the Subscriber (the signatory) for the creation of qualified electronic signatures 3.32 subscriber Signature-Verification Data subscriber-SVD SVD
48、which corresponds to the Subscriber-SCD and which is used to verify the qualified electronic signature 3.33 system auditor of the CSP role in the IT environment of the TOE (certification service provider) authorized to view archives and audit logs of trustworthy systems 3.34 Target of Evaluation TOE
49、 set of software, firmware and/or hardware possibly accompanied by guidance (as defined in ISO/IEC 15408-1) 3.35 trust service electronic services which enhances trust and confidence in electronic transactions 3.36 trust service provider provider of electronic services which enhances trust and confidence in electronic transactions 3.37 user entity (human user or external IT entity) outside the TOE that interacts with the TOE PD CEN/TS 419221-1:2016CEN/TS 419221-1:2016 (E) 10 3.38 user data data created by and for the user that does n
