1、March 2014 Translation by DIN-Sprachendienst.English price group 13No part of this translation may be reproduced without prior permission ofDIN Deutsches Institut fr Normung e. V., Berlin. Beuth Verlag GmbH, 10772 Berlin, Germany,has the exclusive right of sale for German Standards (DIN-Normen).ICS
2、03.160; 35.040; 35.240.15!%,k“2097292www.din.deDDIN EN 419211-4Protection profiles for secure signature creation device Part 4: Extension for device with key generation and trusted channel tocertificate generation application;English version EN 419211-4:2013,English translation of DIN EN 419211-4:20
3、14-03Schutzprofile fr sichere Signaturerstellungseinheiten Teil 4: Erweiterung fr Einheiten mit Schlsselerzeugung und vertrauenswrdigem Kanalzur Zertifikaterzeugungsanwendung;Englische Fassung EN 419211-4:2013,Englische bersetzung von DIN EN 419211-4:2014-03Profils de protection pour dispositif scur
4、is de cration de signature lectronique Partie 4: Extension pour un dispositif avec gnration de cl et communication scuriseavec lapplication de gnration de certificats;Version anglaise EN 419211-4:2013,Traduction anglaise de DIN EN 419211-4:2014-03www.beuth.deIn case of doubt, the German-language ori
5、ginal shall be considered authoritative.Document comprises 27 pages 02.14 DIN EN 419211-4:2014-03 2 A comma is used as the decimal marker. National foreword This document (EN 419211-4:2013) has been prepared by Technical Committee CEN/TC 224 “Personal identification, electronic signature and cards a
6、nd their related systems and operations” (Secretariat: AFNOR, France). The responsible German body involved in its preparation was the Normenausschuss Informationstechnik und Anwendungen (Information Technology and selected IT Applications Standards Committee), Working Committee NA 043-01-17-04 UA A
7、ustauschprotokolle bei Chip-Karten. EUROPEAN STANDARD NORME EUROPENNE EUROPISCHE NORM EN 419211-4 November 2013 ICS 03.160; 35.040; 35.240.15 Supersedes CWA 14169:2004English Version Protection profiles for secure signature creation device - Part 4: Extension for device with key generation and trust
8、ed channel to certificate generation application Profils de protection pour dispositif scuris de cration de signature lectronique - Partie 4: Extension pour un dispositif avec gnration de cl et communication scurise avec lapplication de gnration de certificats Schutzprofile fr sichere Signaturerstel
9、lungseinheiten - Teil 4: Erweiterung fr Einheiten mit Schlsselerzeugung und vertrauenswrdigem Kanal zur Zertifikaterzeugungsanwendung This European Standard was approved by CEN on 12 October 2013. CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the condition
10、s for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN member. This European Standard exists in
11、three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management Centre has the same status as the official versions. CEN members are the national standards
12、 bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Sloveni
13、a, Spain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels 2013 CEN All rights of exploitation in any form and by any means reserved wo
14、rldwide for CEN national Members. Ref. No. EN 419211-4:2013 EEN 419211-4:2013 (E)2 Contents Page Foreword 3 Introduction . 4 1 Scope 5 2 Normative references 5 3 Conventions and terminology 5 3.1 Conventions . 5 3.2 Terms and definitions 5 4 PP introduction 5 4.1 PP reference . 5 4.2 PP overview 6 4
15、.3 TOE overview . 6 5 Conformance claims 9 5.1 CC conformance claim 9 5.2 PP claim, Package claim . 9 5.3 Conformance rationale 9 5.4 Conformance statement 10 6 Security problem definition 10 6.1 Assets, users and threat agents . 10 6.2 Threats 10 6.3 Organizational security policies . 11 6.4 Assump
16、tions 11 7 Security objectives 11 7.1 Security objectives for the TOE 11 7.2 Security objectives for the operational environment . 11 7.3 Security objectives rationale 12 8 Extended components definition . 15 8.1 Definition of the family FPT_EMS . 15 8.2 Definition of the family FIA_API . 15 9 Secur
17、ity requirements . 16 9.1 Security functional requirements . 16 9.2 Security assurance requirements 18 9.3 Security requirements rationale . 19 Bibliography 25 DIN EN 419211-4:2014-03 EN 419211-4:2013 (E) 3 Foreword This document (EN 419211-4:2013) has been prepared by Technical Committee CEN/TC 224
18、 “Personal identification, electronic signature and cards and their related systems and operations”, the secretariat of which is held by AFNOR. This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by May
19、2014 and conflicting national standards shall be withdrawn at the latest by May 2014. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN and/or CENELEC shall not be held responsible for identifying any or all such patent rights.
20、This document supersedes CWA 14169:2004. This series of European Standards, Protection profiles for secure signature creation device consists of the following parts: Part 1: Overview Part 2: Device with key generation Part 3: Device with key import Part 4: Extension for device with key generation an
21、d trusted channel to certificate generation application Part 5: Extension for device with key generation and trusted channel to signature creation application Part 6: Extension for device with key import and trusted channel to signature creation application According to the CEN-CENELEC Internal Regu
22、lations, the national standards organizations of the following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, I
23、taly, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. DINEN 419211-4:2014-03EN 419211-4:2013 (E) 4 Introduction This series of European Standards specifies Common Criteria protection
24、profiles for secure signature creation devices and is issued by the European Committee for Standardization, Information Society Standardization System (CEN/ISSS) as update of the Electronic Signatures (E-SIGN) CEN/ISSS workshop agreement (CWA) 14169:2004, Annex B and Annex C on the protection profil
25、e secure signature creation devices, “EAL 4+”. Preparation of this document as a protection profile (PP) follows the rules of the Common Criteria version 3.1 2, 3 and 4. DINEN 419211-4:2014-03EN 419211-4:2013 (E)5 1 Scope This European Standard specifies a protection profile for a secure signature c
26、reation device that may generate signing keys internally and export the public key in protected manner: secure signature creation device with key generation and trusted communication with certificate generation application (SSCD KG TCCGA). 2 Normative references The following documents, in whole or
27、in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. prEN 419211-1:2011, Protection profiles for
28、secure signature creation device Part 1: Overview1)3 Conventions and terminology 3.1 Conventions This document is drafted in accordance with the CEN/CENELEC Internal Regulations Part 3 and content and structure of this document follow the rules and conventions laid out in Common Criteria 3.1. Normat
29、ive aspects of content in this European Standard are specified according to the Common Criteria rules and not specifically identified by the verbs “shall” or “must”. 3.2 Terms and definitions For the purposes of this document, the acronyms, terms and definitions given in prEN 419211-1:2011 apply. 4
30、PP introduction 4.1 PP reference Title: Protection profiles for secure signature creation device Part 4: Extension for device with key generation and trusted communication with certificate generation application Version: 1.0.1 Author: CEN/TC 224 (WG17) Publication date: 2013-11-27 Registration: BSI-
31、CC-PP-0071 CC version: 3.1 Revision 4 Editor: Arnold Abromeit, TV Informationstechnik GmbH General status: final Keywords: secure signature creation device, electronic signature, digital signature, key generation, trusted communication with certificate generation application 1) To be published. This
32、 document was submitted to the Enquiry procedure under reference prEN 14169-1. DINEN 419211-4:2014-03EN 419211-4:2013 (E) 6 4.2 PP overview This Protection Profile is established by CEN as a European Standard for products to create electronic signatures. It fulfils requirements of Directive2)1999/93
33、/EC of the European parliament and of the council of 13 December 1999 on a community framework for electronic signatures. In accordance with Article 9 of this European Directive this standard can be indicated by the European Commission in the Official Journal of the European Communities as generally
34、 recognized standard for electronic signature products. This protection profile defines security functional requirements and security assurance requirements that comply with those defined in Annex III of the Directive for a secure signature creation device (SSCD). This secure signature creation devi
35、ce is the target of evaluation (TOE) for this protection profile. European Union Member States may presume that there is compliance with the requirements laid down in Annex III of the Directive when an electronic signature product is evaluated to a Security Target (ST) that is compliant with this Pr
36、otection Profile (PP). This Protection Profile about secure signature creation device with key generation and trusted communication with certificate generation application (PP SSCD KG TCCGA) defines the security requirements for SSCD generating signature creation data (SCD) and creating advanced ele
37、ctronic signatures, which if based on valid qualified certificates are qualified electronic signatures, as described in the core PP SSCD KG 6. Additionally the TOE of this PP supports its authentication as SSCD by the certificate generation application (CGA) of the Certification service provider (CS
38、P) and a trusted communication with this CGA for protection of signature verification data (SVD) generated and exported by the TOE and imported by CGA. These security features allow a changed lifecycle of the TOE. This PP conforms to the core PP SSCD KG 6. The implication of this conformance claim i
39、s explained in 0 hereinafter. The assurance level for this PP is EAL4 augmented with AVA_VAN.5. 4.3 TOE overview 4.3.1 Operation of the TOE This subclause presents a functional overview of the TOE in its distinct operational environments: The preparation environment, where it interacts with a certif
40、ication service provider through a certificate generation application (CGA) to obtain a certificate for the signature validation data (SVD) corresponding with the signature creation data (SCD) the TOE has generated. The TOE exports the SVD through a trusted channel allowing the CGA to check the auth
41、enticity of the SVD. The initialization environment interacts further with the TOE to personalize it with the initial value of the reference authentication data (RAD). The signing environment where it interacts with a signer through a signature creation application (SCA) to sign data after authentic
42、ating the signer as its signatory. The signature creation application provides the data to be signed or a unique representation thereof (DTBS/R) as input to the TOE signature creation function and obtains the resulting electronic signature3). 2) This European Directive is referred to in this PP as “
43、the Directive”. 3) At a pure functional level the SSCD creates an electronic signature; for an implementation of the SSCD, in that meeting the requirements of this PP and with the key certificate generated as specified in the directive, Annex I, the result of the signing process can be used as to cr
44、eate a qualified electronic signature. DIN EN 419211-4:2014-03 EN 419211-4:2013 (E)7 The management environments where it interacts with the user or an SSCD-provisioning service provider to perform management operations, e.g. for the signatory to reset a blocked RAD. A single device, e.g. a smart ca
45、rd terminal, may provide the required secure environment for management and signing. The signing environment, the management environment and the preparation environment are secure and protect data exchanged with the TOE. Figure 4 in prEN 419211-1:2011 illustrates the operational environment. The TOE
46、 stores signature creation data and reference authentication data. The TOE may store multiple instances of SCD. In this case the TOE provides a function to identify each SCD and the signature creation application (SCA) can provide an interface to the signer to select an SCD for use in the signature
47、creation function of the SSCD. The TOE protects the confidentiality and integrity of the SCD and restricts its use in signature creation to its signatory. The electronic signature created with the TOE is a qualified electronic signature as defined in the Directive if the certificate for the SVD is a
48、 qualified certificate (Annex I). Determining the state of the certificate as qualified is beyond the scope of this standard. The SCA is assumed to protect the integrity of the input it provides to the TOE signature creation function as being consistent with the user data authorized for signing by the signatory. Unless implicitly known to the TOE, the SCA indicates the kind of the signing input (as DTBS/R) it provides and computes any hash values required. The TOE may augment the DTBS/R with s
