1、June 2013 Translation by DIN-Sprachendienst.English price group 27No part of this translation may be reproduced without prior permission ofDIN Deutsches Institut fr Normung e. V., Berlin. Beuth Verlag GmbH, 10772 Berlin, Germany,has the exclusive right of sale for German Standards (DIN-Normen).ICS 3
2、5.240.15!%NM“2024342www.din.deDDIN EN 419251-2Security requirements for device for authentication Part 2: Protection profile for extension for trusted channel to certificategeneration application;English version EN 419251-2:2013,English translation of DIN EN 419251-2:2013-06Sicherheitsanforderungen
3、fr Gerte zur Authentisierung Teil 2: Schutzprofil fr Erweiterung fr vertrauenswrdigen Kanal zurZertifikaterzeugungsanwendung;Englische Fassung EN 419251-2:2013,Englische bersetzung von DIN EN 419251-2:2013-06Profils de protection pour dispositif dauthentification Partie 2: Dispositif avec import de
4、cl, gnration de cl et administration; Communicationscurise vers lapplication de gnration de certificats et lapplication dadministration;Version anglaise EN 419251-2:2013,Traduction anglaise de DIN EN 419251-2:2013-06www.beuth.deDocument comprises 73 pagesIn case of doubt, the German-language origina
5、l shall be considered authoritative.06.13 DIN EN 419251-2:2013-06 2 A comma is used as the decimal marker. National foreword This document (EN 419251-2:2013) has been prepared by Technical Committee CEN/TC 224 “Personal identification, electronic signature and cards and their related systems and ope
6、rations” (Secretariat: AFNOR, France). The responsible German body involved in its preparation was the Normenausschuss Informationstechnik und Anwendungen (Information Technology and selected IT Applications Standards Committee), Working Committee NA 043-01-17 AA Karten und persnliche Identifikation
7、. EUROPEAN STANDARD NORME EUROPENNE EUROPISCHE NORM EN 419251-2 March 2013 ICS 35.240.15 English Version Security requirements for device for authentication - Part 2: Protection profile for extension for trusted channel to certificate generation application Profils de protection pour dispositif daut
8、hentification - Partie 2: Dispositif avec import de cl, gnration de cl et administration; Communication scurise vers lapplication de gnration de certificats et lapplication dadministrationSicherheitsanforderungen fr Gerte zur Authentisierung - Teil 2: Schutzprofil fr Erweiterung fr vertrauenswrdigen
9、 Kanal zur Zertifikaterzeugungsanwendung This European Standard was approved by CEN on 7 December 2012. CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.
10、 Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN member. This European Standard exists in three official versions (English, French, German). A version in any other language made by tr
11、anslation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management Centre has the same status as the official versions. CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Fin
12、land, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZAT
13、ION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG Management Centre: Avenue Marnix 17, B-1000 Brussels 2013 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. EN 419251-2:2013: EEN 419251-2:2013 (E) 2 Contents Page Forewo
14、rd . 5 1 Scope 6 2 Normative references . 6 3 Conformance 6 3.1 CC Conformance Claim . 6 3.2 PP Claim . 6 3.3 Package Claim 6 3.4 Conformance Rationale . 6 3.5 Conformance Statement 6 4 Terms and definitions 7 5 Symbols and abbreviations . 9 6 Overview of the target of evaluation . 9 6.1 TOE Type 9
15、6.2 TOE Usage 9 6.3 Security Features of the TOE . 9 6.4 Examples of applications. 11 6.4.1 E-government . 11 6.4.2 Multiple applications 11 6.5 Required non-TOE Hardware and Software 12 6.6 Protection Profile Usage 12 7 TOE Environment . 13 7.1 Overall view 13 7.2 Personalisation application . 14 7
16、.2.1 General . 14 7.2.2 Functionalities 14 7.2.3 Communication 14 7.3 Administration application 15 7.3.1 General . 15 7.3.2 Functionalities 15 7.3.3 Communication 15 7.4 Authentication application . 16 7.4.1 General . 16 7.4.2 Functionalities 16 7.4.3 Communication 16 7.5 Verifier 17 7.5.1 Function
17、alities 17 7.5.2 Communication 17 7.6 Key Generator 17 7.6.1 Functionalities 17 7.6.2 Communication 17 7.7 Certification Authority 18 7.7.1 Functionalities 18 7.7.2 Communication 18 8 Life Cycle 19 8.1 Overview . 19 8.2 Pre-Personalisation phase . 20 8.3 Personalisation phase . 20 8.3.1 General . 20
18、 DIN EN 419251-2:2013-06 EN 419251-2:2013 (E) 3 8.3.2 Personalisation application . 21 8.4 Usage phase . 21 8.4.1 Authentication application . 21 8.4.2 Administration application . 22 8.4.3 Verifier 23 9 Security problem definition . 23 9.1 Assets . 23 9.1.1 General . 23 9.1.2 Assets protected by th
19、e TOE . 23 9.1.3 Sensitive assets of the TOE . 23 9.2 Users . 24 9.3 Threats 25 9.4 Organisational security policies 27 9.4.1 Provided services . 27 9.4.2 Other services 27 9.5 Assumptions 28 10 Security objectives . 29 10.1 General . 29 10.2 Security objectives for the TOE . 29 10.2.1 Provided serv
20、ice . 29 10.2.2 Authentication to the TOE 29 10.2.3 TOE management . 30 10.3 Security objectives for the operational environment 31 10.4 Rationale for Security objectives . 33 11 Extended component definition Definition of the Family FCS_RNG . 38 12 Security requirements 39 12.1 General . 39 12.2 In
21、troduction 40 12.2.1 Subjects Objects and security attributes 40 12.2.2 Operations 40 12.3 Security functional requirements 41 12.3.1 General . 41 12.3.2 Core 41 12.3.3 KeyImp 49 12.3.4 KeyGen . 52 12.3.5 Admin 55 12.3.6 Untrusted CA 59 12.3.7 Untrusted AdminAppli 60 12.4 Security assurance requirem
22、ents 61 12.5 SFR / Security objectives . 61 12.6 SFR Dependencies . 67 12.7 Rationale for the Assurance Requirements 69 Bibliography 70 Index 71 Figures Figure 1 TOE Security Features 13 Figure 2 Personalisation application environment 14 Figure 3 Administration application environment 15 Figure 4 A
23、uthentication application environment 16 Figure 5 TOE Life Cycle 19 DIN EN 419251-2:2013-06 EN 419251-2:2013 (E) 4 Tables Table 1 protection of sensitive data 29 Table 2 Security objectives vs problem definition rationale 34 Table 3 Security attributes 40 Table 4 Core security attributes 44 Table 5
24、Core operations . 44 Table 6 Core security attributes - operation. 46 Table 7 Core security attributes - initial value 46 Table 8 Core security attributes updates 47 Table 9 TSF data updates . 47 Table 10 KeyImp security attributes 49 Table 11 KeyImp security attributes - operations . 50 Table 12 Ke
25、yImp security attributes update authorised roles 51 Table 13 KeyImp security attributes update values 52 Table 14 KeyGen operations 53 Table 15 KeyGen security attributes . 53 Table 16 KeyGen operation rules . 54 Table 17 KeyGen security attributes update authorised roles . 54 Table 18 KeyGen securi
26、ty attributes initial values 55 Table 19 KeyGen security attributes update values 55 Table 20 Admin security attributes update authorised roles 58 Table 21 Admin security attributes initial values . 58 Table 22 Admin security attributes update values 58 Table 23 Admin TSF data operations . 59 Table
27、24 SFR vs Security objectives rationale 62 Table 25 SFR dependencies 67 DIN EN 419251-2:2013-06 EN 419251-2:2013 (E) 5 Foreword This document (EN 419251-2:2013) has been prepared by Technical Committee CEN/TC 224 “Personal identification, electronic signature and cards and their related systems and
28、operations”, the secretariat of which is held by AFNOR. This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by September 2013, and conflicting national standards shall be withdrawn at the latest by Septe
29、mber 2013. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN and/or CENELEC shall not be held responsible for identifying any or all such patent rights. EN 419251 contains the following parts: EN 419251-1, Security requirements
30、for device for authentication Part 1: Protection profile for core functionality; EN 419251-2, Security requirements for device for authentication Part 2: Protection profile for extension for trusted channel to certificate generation application (the present document); EN 419251-3, Security requireme
31、nts for device for authentication Part 3: Additional functionality for security targets. The present document was submitted to the Enquiry under the reference prEN 16248-2. According to the CEN/CENELEC Internal Regulations, the national standards organisations of the following countries are bound to
32、 implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Ro
33、mania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. DIN EN 419251-2:2013-06 EN 419251-2:2013 (E) 6 1 Scope This European Standard is a Protection Profile that defines the security requirements for an authentication device. 2 Normative references The following docume
34、nts, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO/IEC 10181-2:1996, Infor
35、mation technology Open Systems Interconnection Security frameworks for open systems: Authentication framework ISO/IEC 15408-1:20091), Information technology Security techniques Evaluation criteria for IT security Part 1: Introduction and general model ISO/IEC 15408-21), Information technology Securi
36、ty techniques Evaluation criteria for IT security Part 2: Security functional components ISO/IEC 15408-31), Information technology Security techniques Evaluation criteria for IT security Part 3: Security assurance components ISO/IEC 18045, Information technology Security techniques Methodology for I
37、T security evaluation 3 Conformance 3.1 CC Conformance Claim This Protection Profile (PP) is CC Part 2 extended and CC Part 3 conformant and written according to ISO/IEC 15408-1, -2, -3 and ISO/IEC 18045. 3.2 PP Claim This PP does not claim conformance to any other Protection Profile. 3.3 Package Cl
38、aim The evaluation assurance level for this PP is EAL4-augmented with the assurance components AVA_VAN.5 and ALC_DVS.2. 3.4 Conformance Rationale Since this PP is not claiming conformance to any other protection profile, no rationale is necessary here. 3.5 Conformance Statement The conformance requi
39、red by this PP is the demonstrable-PP conformance. This would facilitate conformance claim to both the PP “Authentication device” and other PPs for Security Target (ST) authors. 1) ISO/IEC 15408-1, -2 and -3 respectively correspond to Common Criteria for Information Technology Security Evaluation, P
40、arts 1, 2 and 3. DIN EN 419251-2:2013-06 EN 419251-2:2013 (E) 7 4 Terms and definitions For the purposes of this document, the following terms and definitions apply. 4.1 Administrator person who is allowed administration operations on the authentication device Note 1 to entry: See 9.2 for more detai
41、ls. 4.2 Authentication Protocol sensitive data data used in the process of authentication of the TOE by the external entity Note 1 to entry: These data are linked to the Authentication private key, e.g. Authentication Certificate or APuK. Note 2 to entry: Authentication Protocol sensitive data may b
42、e empty if the environment is trusted, and the holder public key known to the system. 4.3 Certificate electronic attestation, which links the APuK to a person and confirms the identity of that person (as defined in Directive 8, article 2, Clause 9) 4.4 Certificate Info information associated with an
43、 Authentication key pair that consists of either: a signers public key certificate; or one or more hash values of a signers public key certificate together the identifier of the hash function used to compute these hash values, and some information which allows the signer to disambiguate between seve
44、ral signers certificates 4.5 Configuration set of groups Note 1 to entry: Each configuration corresponds to one PP. It has its own rationale. See 2. 4.6 Group set of Assets, threats, objectives, and Requirements, addressing a specific function Note 1 to entry: See 2. 4.7 Holder legitimate holder of
45、the authentication device Note 1 to entry: See 9.2 for more details. 4.8 Issuer user of the authentication device during personalisation Note 1 to entry: See 9.2 for more details. DIN EN 419251-2:2013-06 EN 419251-2:2013 (E) 8 4.9 Protection Profile PP implementation-independent statement of securit
46、y needs for a TOE SOURCE: ISO/IEC 15408-1:2009, Clause 4 “Terms and definitions“, modified in ISO/IEC 15408-1, the protection profile refers to a TOE type instead of a TOE in this document 4.10 PP collection document defining groups and configurations 4.11 Reference Authentication Data usually calle
47、d RAD, data stored inside the TOE and used as a reference to which the VAD will be compared Note 1 to entry: This RAD can be biometrics data, a PIN, or a symmetric key. It can also be a combination of these factors. The RAD is not an Asset, it is TSF data. 4.12 Trusted channel means by which a TSF a
48、nd a remote trusted IT product can communicate with necessary confidence SOURCE: ISO/IEC 15408-1:2009, Clause 4 “Terms and definitions“ 4.13 Trusted Environment environment that ensures the protection of sensitive data transfers between the TOE and a remote trusted IT product (resp. a user) Note 1 to entry: A trusted (or untrusted) environment relates to the whole communication channel
