1、Standard ECMA-2712ndEdition - December 1999Standardizing Information and Communication SystemsPhone: +41 22 849.60.00 - Fax: +41 22 849.60.01 - URL: http:/www.ecma.ch - Internet: helpdeskecma.chExtended Commercially OrientedFunctionality Class for SecurityEvaluation (E - COFC).Standard ECMA-271Decem
2、ber 1999Standardizing Information and Communication SystemsPhone: +41 22 849.60.00 - Fax: +41 22 849.60.01 - URL: http:/www.ecma.ch - Internet: helpdeskecma.chLL ECMA-271.DOC 25-01-00 09,30Extended CommerciallyOriented Functionality Class forSecurity Evaluation (E - COFC)Brief HistoryECMA published
3、Standard ECMA-205 “Commercially Oriented Functionality Class for Security Evaluation (COFC)“ inDecember 1993. This standard was a contribution to the ongoing harmonization process for internationally accepted securityevaluation criteria, called Common Criteria.Standard ECMA-205 provided a set of fun
4、ctional criteria, which was based on commercial requirements with the additionalintention in mind to make security evaluation easier and therefore more economical. Many world wide operating computermanufacturers supported this approach.After completion of Standard ECMA-205, ECMA TC36 (IT Security) c
5、ontinued its work to extend the Standard into the areaof interconnected systems. This work had to consider network security as well as commercial requirements for secureelectronic business and secure electronic shopping and services.This new standard is based on the COFC and provides additional func
6、tionalities for an enterprise internal network ofinterconnected systems, for secure electronic business within a closed user group, and for secure electronic shopping andservices via a communication line or network. The standard takes aspects of protection against misuse, espionage, fraud etc.into a
7、ccount, but also legal aspects to secure business operations against denial of actually performed business actions.Standard ECMA-271 is called “Extended Commercially Oriented Functionality Class for Security Evaluation (E - COFC)“.The standard is based on ECMA-205 (COFC) and then hierarchically buil
8、t up with the Enterprise Business class as first layer,the Contract Business Class as second layer and the Public Business Class as third layer.After completion of Standard ECMA-271 (E-COFC) ECMA TC36 improved the E-COFC Standard to an E-COFC Version 2(Standard ECMA-271 Second Edition). This new ver
9、sion addresses the usage of the INTERNET in all three sub-classes andincorporates a number of corrections and improvements. The changes were mostly a result of the development of a ProtectionProfile for the E-COFC Standard. The E-COFC Protection Profile allows the binding of the E-COFC Functional Cr
10、iteria to theAssurance Criteria of the ISO/IEC/SC27 Common Criteria Standard. The motivation to develop the E-COFC ProtectionProfile was based on the fact that international mutual acceptance agreements are presently being negotiated. Once theseagreements are made, evaluations on the basis of E-COFC
11、 and the Common Criteria can be made and the results will beaccepted in all countries.The E-COFC Protection Profile for the Public Business Class is published as an ECMA Technical Report (ECMA TR/78).This second edition of Standard ECMA-271 has been adopted by the ECMA General Assembly of December 1
12、999.- i -Table of contents1Scope 12 Conformance 13 References 14 Definitions 14.1 Terms defined in this Standard 14.1.1 EB-class 14.1.2 CB-class 24.1.3 PB-class 24.1.4 Regulatory Board 24.1.5 Business action 24.1.6 Originator 24.1.7 Destination 24.1.8 Qualification of Originator and Destination 24.1
13、.9 Attestation of submission 24.1.10 Attestation of delivery 24.1.11 Attestation of reception by Destination 24.1.12 Commitment of Originator 24.1.13 Customer 24.1.14 Provider 24.2 Terms defined in Standard ECMA-205 (COFC) 24.2.1 Access right 24.2.2 Administration 24.2.3 Customer-specifiable 24.2.4
14、Identification 34.2.5 User identifier, user ID 34.3 Terms defined in other documents 35 Acronyms 36E - COFC 36.1 Overview 36.2 The TOE environment 46.3 Hierarchical subclasses 56.4 Usage of the INTERNET 67 The Enterprise Business class (EB-class) 67.1 The model 67.2 Commercial security requirements
15、77.2.1 Secure user authentication 7- ii -7.2.2 Secure client/server communication 77.2.3 Software integrity 77.2.4 Availability and reliability 77.2.5 Accountability and audit 77.3 Threat analysis 77.4 Security functionalities 97.4.1 Identification and authentication 97.4.2 Access Control 107.4.3 Cl
16、ient / server communication 117.4.4 Accountability and audit 117.4.5 Object reuse 137.4.6 Accuracy 137.4.7 Availability and reliability of service 137.4.8 Key management (if cryptographic means are applied by the TOE) 148 The Contract Business class (CB-class) 148.1 The model 148.1.1 Exchange of inf
17、ormation 158.1.2 Regulatory Board 158.1.3 Closed User Group Contract 158.2 Commercial security requirements 168.2.1 Authorization of Originator and Destination 168.2.2 Attestation of submission 178.2.3 Attestation of delivery 178.2.4 Attestation of reception by Destination 178.2.5 Commitment of Orig
18、inator and Destination 178.2.6 Chronology of events 178.2.7 Accountability and audit 178.2.8 Document integrity 178.2.9 Document confidentiality 178.3 Threat analysis 178.4 Security functionalities 188.4.1 Access control (user authorization) 188.4.2 Accountability and audit 189 The Public Business c
19、lass (PB-class) 189.1 The model 189.2 Commercial security requirements 199.2.1 Multistage identification and authentication 199.2.2 Interrelated commitments 199.2.3 Protection against unlawful multiple use of unique data 199.2.4 Unauthorized building of user profiles from business data 199.2.5 Inter
20、related accountability 199.3 Threat analysis 20- iii -9.4 Security functionalities 219.4.1 Identification and authentication 219.4.2 Access control 219.4.3 Accountability and audit 219.4.4 Communication of commitment data 219.4.5 Trust Center security functionalities (key management) 21Annex A (info
21、rmative) Examples for the Contract Business class (CB-class) 23Example 1: Sending a Contract 23Example 2: Order placement 24Example 3: Submitting an offer 24Example 4: Public call for tender 24Example 5: Financial order 25Annex B (informative) Examples of Customer/Provider based business (PB-class)
22、27Scenario 1: Customer/Provider public business 27Scenario 2: Customer/Provider public business via a credit card organization (CCO) 28Scenario 3: Customer/Provider public business with pay-card 29Scenario 4: Electronic advertising 30Annex C (informative) Terms defined in other documents 31.- 1 -1Sc
23、opeThe Extended Commercially Oriented Functionality Class (E - COFC) extends the application of ECMAs class ofcommercial security functions (Standard ECMA-205), to an environment of network based systems. The identifiedsecurity requirements specify a minimal set of security functions for interconnec
24、ted IT systems.COFCE-COFCFigure 1 - The ECMA security functionality classes2 ConformanceA TOE conforms to the requirements of this Standard if it conforms to Standard ECMA-205 and to the securityfunctionalities of at least one of the identified classes of this Standard (EB-Class, CB-Class, or PB-Cla
25、ss).3 References ECMA-205:1993 - Commercially Oriented Functionality Class for Security Evaluation (COFC) “Trusted Computer Systems Evaluation Criteria“, DoD 5200.28-STD, Department of Defense, United States ofAmerica, December 1985 “Information Technology Security Evaluation Criteria (ITSEC) - Harm
26、onized Criteria of France, Germany, theNetherlands, and the United Kingdom“, Version 1.2, June 1991 “Information Technology Security Evaluation Manual (ITSEM)“, Provisional Harmonized Methodology,European Commission, Directorate-General XIII, telecommunications, Information Market and Exploitation o
27、fResearch, September 1993 “The Canadian Trusted Computer Product Evaluation Criteria“, Canadian System Security Center,Communications Security Establishment, Government of Canada, Version 3.0e, January 1993 “Federal Criteria for Information Technology Security“, Volume 1 and Volume 2, National Insti
28、tute of Standardsand Technology & National Security Agency, December 1992 “Common Criteria for Information Technology Security Evaluation“, Version 1.0, CCEB, 1996 “Requirements for Security during Electronic Information Exchange“, R. Barzel, AFNOR, 1995 “SET, Secure Electronic Transactions Specific
29、ation by Visa/Mastercard“ V. 1.0, 1997 “rfc2196 Network Working Group“, B. Fraser, September 19974 DefinitionsFor the purpose of this document the following definitions apply.4.1 Terms defined in this Standard4.1.1 EB-classEnterprise business class, a class of security requirements for network based
30、 electronic business relevant to anenterprise (one legal entity).- 2 -4.1.2 CB-classContract business class, a class of security requirements for network based electronic business relevant to adefined number of enterprises (closed user group) who operate under a contract.4.1.3 PB-classPublic busines
31、s class, a class of security requirements for public electronic business.4.1.4 Regulatory BoardAn impartial notary in a closed user group, which mediates or intervenes in conflict situations between thebusiness partners.4.1.5 Business actionThe sending or receiving of information for performing a bu
32、siness (e.g. sending of an order).4.1.6 OriginatorA person sending business information.4.1.7 DestinationA person receiving business information.4.1.8 Qualification of Originator and DestinationThe company authorization of a person for specific business actions.4.1.9 Attestation of submissionA notif
33、ication that business information was submitted.4.1.10 Attestation of deliveryA notification that business information was delivered.4.1.11 Attestation of reception by DestinationA notification that the Destination had received the business information.4.1.12 Commitment of OriginatorThe Originators
34、company authority for specific business actions.4.1.13 CustomerA business partner buying goods or services.4.1.14 ProviderA merchant selling goods or services.4.2 Terms defined in Standard ECMA-205 (COFC)The following terms are used with the meanings defined in Standard ECMA-205. The definitions are
35、 repeated forconvenience.4.2.1 Access rightThe ability of a user to access an object.4.2.2 AdministrationThe process of controlling security relevant objects. This process is based on the relevant access rights andguided by one or several users.NOTE:These users are sometimes called administrators.4.
36、2.3 Customer-specifiableA characteristic set of relevant parameters for which a customer can specify different values.- 3 -4.2.4 IdentificationThe process of recognizing a user by the TOE. The user provides specific credentials to the TOE that is knownby the TOE and associated with the user. Ref.: I
37、TSEC4.2.5 User identifier, user IDA string of characters that uniquely identifies a user.4.3 Terms defined in other documentsAnnex C lists applied terms defined in other standardization documents.5 AcronymsThe following acronyms are used in this document:CA Certification AuthorityCB-class Contract B
38、usiness classCCO Credit Card OrganizationCOFC Commercially Oriented Functionality ClassE - COFC Extended - Commercially Oriented Functionality ClassEB-class Enterprise Business classISO International Organization for StandardizationIT Information TechnologyITSEC Information Technology Security Evalu
39、ation CriteriaPB-class Public Business classRA Registration AuthorityRB Regulatory BoardSET Secure Electronic Transactions SpecificationTCSEC Trusted Computer System Evaluation CriteriaTOE Target of Evaluation ITSEC6E - COFCThe Extended Commercially Oriented Functionality Class (E - COFC) is an ECMA
40、 standard, which specifies securityevaluation criteria for interconnected IT systems. The systems are interconnected through a communication network, whichis considered priori not trusted. The systems may be located at different sites, cities or countries, and are connectedthrough leased lines, publ
41、ic networks or private networks.6.1 OverviewThe E - COFC Standard applies to the security of data processing in a commercial business environment,independent of hardware and software platforms of the participating systems. Its functions are selected to satisfythe minimal set of security requirements
42、 for typical business applications of interconnected systems.The E - COFC is based on an IT Security Policy of a commercial enterprise taking typical environmental andorganizational constraints into account. As in reality the IT Security Policy is based on a Confidentiality Policy, anIntegrity Polic
43、y, an Accountability Policy and an Availability Policy (see figure 2). These dedicated policies areenforced by an appropriate IT security architecture which is decomposed into different domains, such as networksecurity, systems security and application security. This IT security architecture provide
44、s a specific set of securityservices and the associated security management. The security services and the security management are based on aspecific set of protocols and mechanisms (security enforcing functions) which may be realized by non-cryptographic (access control) and cryptographic means (sy
45、mmetric methods, public key methods). For consistencyand ease of operation, a specific key management may be an integral part of the security management, supportingspecific security services and security mechanisms. With respect to the various system services applied, thesecurity management system a
46、ctivates the adequate security enforcing functions. If cryptographic means areapplied, the associated keys and parameters are protected, distributed, and revocated such that unauthorizedpersons cant have access to them.- 4 -IT Security PolicyConfidentialityPolicyIntegrityPolicyAccountabilityPolicyAv
47、ailabilityPolicyIT Security ArchitectureNetworkSecurityApplicationSecurityOperating System / PlatformSecuritySecurity MechanismsNon-cryptographicMeansCryptographicMeansSymmetricMethodsPublic KeyMethodsServices and ManagementFigure 2 - The different levels of the IT security policy6.2 The TOE environ
48、mentThe TOE (Target of Evaluation) is a commercial environment, which consists of several interconnected IT systems.These systems provide on the basis of the installed operating systems different applications and communicationfacilities for the users and the applications respectively. The installed
49、systems, the communication network and theadditionally installed business applications or hardware devices constitute the TOE. The communication network isconsidered priori as not secure. The identified minimal security requirements of this standard shall be supportedby the TOE but not necessarily by each individual system. The support of the security enforcing functions within asystem may be based on the Operating System (OS) or on the combination of the OS and secure hardware orsoftware products.i0i0i0i0i0i0i0i0i0i0i0i0i0i0i0i0i0i0i0i0i0i0i0i0i0i0i0i0i0i0i0i0i0i0i0i0
