1、December 2014 Translation by DIN-Sprachendienst.English price group 13No part of this translation may be reproduced without prior permission ofDIN Deutsches Institut fr Normung e. V., Berlin. Beuth Verlag GmbH, 10772 Berlin, Germany,has the exclusive right of sale for German Standards (DIN-Normen).I
2、CS 03.160; 35.040; 35.240.15!%e“2276625www.din.deDDIN EN 419211-6Protection profiles for secure signature creation device Part 6: Extension for device with key import and trusted channel tosignature creation application;English version EN 419211-6:2014,English translation of DIN EN 419211-6:2014-12S
3、chutzprofile fr sichere Signaturerstellungseinheiten Teil 6: Erweiterung fr Einheiten mit Schlsselimport und vertrauenswrdigem Kanal zurSignaturerstellungsanwendung;Englische Fassung EN 419211-6:2014,Englische bersetzung von DIN EN 419211-6:2014-12Profils de protection pour dispositif scuris de crat
4、ion de signature lectronique Partie 6: Extension pour un dispositif avec import de cl et communication scurise aveclapplication de cration de signature;Version anglaise EN 419211-6:2014,Traduction anglaise de DIN EN 419211-6:2014-12www.beuth.deDocument comprises 26 pagesIn case of doubt, the German-
5、language original shall be considered authoritative.11.14DIN EN 419211-6:2014-12 2 A comma is used as the decimal marker. National foreword This document (EN 419211-6:2014) has been prepared by Technical Committee CEN/TC 224 “Personal identification, electronic signature and cards and their related
6、systems and operations” (Secretariat: AFNOR, France). The responsible German body involved in its preparation was the DIN-Normenausschuss Informationstechnik und Anwendungen (DIN Standards Committee Information Technology and selected IT Applications), Subcommittee NA 043-01-17-04 UA Austauschprotok
7、olle bei Chipkarten of Working Committee NA 043-01-17 AA Karten und persnliche Identifikation. EUROPEAN STANDARD NORME EUROPENNE EUROPISCHE NORM EN 419211-6 October 2014 ICS 03.160; 35.040; 35.240.15 Supersedes CWA 14169:2004English Version Protection profiles for secure signature creation device -
8、Part 6: Extension for device with key import and trusted channel to signature creation application Profils de protection pour dispositif scuris de cration de signature lectronique - Partie 6: Extension pour un dispositif avec import de cl et communication scurise avec lapplication de cration de sign
9、ature Schutzprofile fr sichere Signaturerstellungseinheiten - Teil 6: Erweiterung fr Einheiten mit Schlsselimport und vertrauenswrdigem Kanal zur Signaturerstellungsanwendung This European Standard was approved by CEN on 25 July 2014. CEN members are bound to comply with the CEN/CENELEC Internal Reg
10、ulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN mem
11、ber. This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management Centre has the same status as the official versions.
12、CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland
13、, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels 2014 CEN All rights of exploitation in
14、 any form and by any means reserved worldwide for CEN national Members. Ref. No. EN 419211-6:2014 EEN 419211-6:2014 (E) 2 Contents Page Foreword . 3 Introduction . 4 1 Scope . 5 2 Normative references . 5 3 Conventions and terminology 5 3.1 Conventions . 5 3.2 Terms and definitions . 5 4 PP introduc
15、tion . 6 4.1 PP reference 6 4.2 PP overview . 6 4.3 TOE overview. 7 5 Conformance claims 9 5.1 CC conformance claim . 9 5.2 PP claim, Package claim . 9 5.3 Conformance rationale . 9 5.4 Conformance statement . 10 6 Security problem definition . 10 6.1 Assets, users and threat agents 10 6.2 Threats .
16、 11 6.3 Organizational security policies . 11 6.4 Assumptions. 11 7 Security objectives . 11 7.1 Security objectives for the TOE . 11 7.2 Security objectives for the operational environment 12 7.3 Security objectives rationale 12 8 Extended components definition 15 9 Security requirements 15 9.1 Sec
17、urity functional requirements 15 9.2 Security assurance requirements 18 9.3 Security requirements rationale . 19 Bibliography 24 DIN EN 419211-6:2014-12 EN 419211-6:2014 (E) 3 Foreword This document (EN 419211-6:2014) has been prepared by Technical Committee CEN/TC 224 “Personal identification, elec
18、tronic signature and cards and their related systems and operations”, the secretariat of which is held by AFNOR. This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by April 2015 and conflicting national
19、 standards shall be withdrawn at the latest by April 2015. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN and/or CENELEC shall not be held responsible for identifying any or all such patent rights. This document supersedes CW
20、A 14169:2004. In comparison with CWA 14169, the entire document has been revised. Refer to EN 419211-1:2014, Annex A for more details. This document has been prepared under a mandate given to CEN by the European Commission and the European Free Trade Association. According to the CEN-CENELEC Interna
21、l Regulations, the national standards organizations of the following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Irel
22、and, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. DIN EN 419211-6:2014-12 4 Introduction This series of European Standards specifies Common Criteria protection profiles for
23、secure signature creation devices and is issued by the European Committee for Standardization (CEN) as an update of the Electronic Signatures (E-SIGN) CEN workshop agreement, CWA 14169:2004, Annex B and Annex C on the protection profile secure signature creation devices, “EAL 4+“. This series of Eur
24、opean Standards consists of the following parts: Part 1: Overview Part 2: Device with key generation Part 3: Device with key import Part 4: Extension for device with key generation and trusted channel to certificate generation application Part 5: Extension for device with key generation and trusted
25、channel to signature creation application Part 6: Extension for device with key import and trusted channel to signature creation application Preparation of this document as a protection profile (PP) follows the rules of ISO/IEC 15408. DIN EN 419211-6:2014-12 EN 419211-6:2014 (E) EN 419211-6:2014 (E)
26、 5 1 Scope This European Standard specifies a protection profile for a secure signature creation device that may import signing keys and communicate with the signature creation application in protected manner: secure signature creation device with key import and trusted communication with signature
27、creation application (SSCD KI TCSCA). 2 Normative references The following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the re
28、ferenced document (including any amendments) applies. EN 419211-1:2014, Protection profiles for secure signature creation device Part 1: Overview ISO/IEC 15408-1, Information technology Security techniques Evaluation criteria for IT security Part 1: Introduction and general model1)ISO/IEC 15408-2, I
29、nformation technology Security techniques Evaluation criteria for IT security Part 2: Security functional components ISO/IEC 15408-3, Information technology Security techniques Evaluation criteria for IT security Part 3: Security assurance components 3 Conventions and terminology 3.1 Conventions Thi
30、s document is drafted in accordance with the CEN/CENELEC directive and content and structure of this document follow the rules and conventions laid out in ISO/IEC 15408. Normative aspects of content in this European Standard are specified according to the Common Criteria rules and not specifically i
31、dentified by the verbs “shall” or “must”. 3.2 Terms and definitions For the purposes of this document, the acronyms, terms and definitions given in EN 419211-1 apply. 1) ISO/IEC 15408-1, ISO/IEC 15408-2 and ISO/IEC 15408-3 respectively correspond to Common Criteria for Information Technology Securit
32、y Evaluation, Parts 1, 2 and 3. DIN EN 419211-6:2014-12 6 4 PP introduction 4.1 PP reference Title: Protection profiles for secure signature creation device Part 6: Extension for device with key import and trusted communication with signature creation application Version: 1.0.4 Author: CEN / CENELEC
33、 (TC224/WG17) Publication date: 2013-04-03 Registration: BSI-CC-PP-0076 CC version: 3.1 Revision 4 Editor: Arnold Abromeit, TV Informationstechnik GmbH General status: final Keywords: secure signature creation device, electronic signature, digital signature, key import, trusted communication with si
34、gnature creation application 4.2 PP overview This Protection Profile is established by CEN as a European Standard for products to create electronic signatures. It fulfils requirements of Directive 1999/93/EC2)of the European Parliament and of the Council of 13 December 1999 on a Community framework
35、for electronic signatures. In accordance with Article 9 of this European Directive this standard can be indicated by the European Commission in the Official Journal of the European Communities as a generally recognized standard for electronic signature products. This protection profile defines secur
36、ity functional requirements and security assurance requirements that comply with those defined in Annex III of the Directive for a secure signature creation device (SSCD). This secure signature creation device is the target of evaluation (TOE) for this protection profile. European Union Member State
37、s may presume that there is compliance with the requirements laid down in Annex III of the Directive when an electronic signature product is evaluated to a Security Target (ST) that is compliant with this Protection Profile (PP). This Protection Profile about secure signature creation device with ke
38、y import and trusted communication with signature creation application (PP SSCD KI TCSCA) includes the security requirements for SSCD with key import importing signature creation data (SCD) and creating digital signature to be used for (qualified or advanced) electronic signatures as described in th
39、e core PP 3. Additionally, the TOE of this PP supports a trusted communication with a signature creation application for protection of authentication data and data to be signed. These security features allow using the TOE in a more complex operational environment. It conforms to the core PP SSCD KI
40、3. The implication of this conformance claim is explained in 5.3 hereinafter. 2) This European Directive is referred to in this PP as “the Directive”. DIN EN 419211-6:2014-12 EN 419211-6:2014 (E) EN 419211-6:2014 (E) 7 The assurance level for this PP is EAL4 augmented with AVA_VAN.5. 4.3 TOE overvie
41、w 4.3.1 Operation of the TOE This section presents a functional overview of the TOE in its distinct operational environments: The preparation environment, where it interacts with a certification service provider through a SCD/SVD generation application to import the signature creation data (SCD) and
42、 a certificate generation application (CGA) to obtain a certificate for the signature validation data (SVD) corresponding with the signature creation data (SCD) the certification service provider has generated. The initialization environment interacts further with the TOE to personalize it with the
43、initial value of the reference-authentication data (RAD). The signing environment where it interacts with a signer through a signature creation application (SCA) to sign data after authenticating the signer as its signatory. The signature creation application provides the data to be signed (DTBS), o
44、r a unique representation thereof (DTBS/R) as input to the TOE signature creation function and obtains the resulting electronic signature3). The TOE and the SCA communicate through a trusted channel to ensure the integrity of the DTBS respective DTBS/R. The management environments where it interacts
45、 with the user or an SSCD-provisioning service provider to perform management operations, e.g. for the signatory to reset a blocked RAD. A single device, e.g. a smart card terminal, may provide the required secure environment for management and signing. The signing environment, the management enviro
46、nment and the preparation environment are secure and protect data exchanged with the TOE. Figure 5 in EN 419211-1:2014 illustrates the operational environment. The TOE stores signature creation data and reference authentication data. The TOE may store multiple instances of SCD. In this case, the TOE
47、 provides a function to identify each SCD and the signature creation application (SCA) can provide an interface to the signer to select an SCD for use in the signature creation function of the SSCD. The TOE protects the confidentiality and integrity of the SCD and restricts its use in signature crea
48、tion to its signatory. The electronic signature created with the TOE is a qualified electronic signature as defined in the Directive if the certificate for the SVD is a qualified certificate (Annex I). Determining the state of the certificate as qualified is beyond the scope of this standard. The SC
49、A is assumed to protect the integrity of the input it provides to the TOE signature creation function as being consistent with the user data authorized for signing by the signatory. Unless implicitly known to the TOE, the SCA indicates the kind of the signing input (as DTBS/R) it provides and computes any hash values required. The TOE may augment the DTBS/R with signature parameters it stores and then computes a hash value over the input as needed by the kind of input and the used cryptographic algorithm.
