1、BSI Standards PublicationBS EN 419211-6:2014Protection profiles for securesignature creation devicePart 6: Extension for device with key importand trusted channel to signature creationapplicationBS EN 419211-6:2014 BRITISH STANDARDNational forewordThis British Standard is the UK implementation of EN
2、 419211-6:2014.The UK participation in its preparation was entrusted to TechnicalCommittee IST/17, Cards and personal identification.A list of organizations represented on this committee can beobtained on request to its secretary.This publication does not purport to include all the necessaryprovisio
3、ns of a contract. Users are responsible for its correctapplication. The British Standards Institution 2014. Published by BSI StandardsLimited 2014ISBN 978 0 580 71700 0ICS 03.160; 35.040; 35.240.15Compliance with a British Standard cannot confer immunity fromlegal obligations.This British Standard w
4、as published under the authority of theStandards Policy and Strategy Committee on 31 October 2014.Amendments issued since publicationDate Text affectedBS EN 419211-6:2014EUROPEAN STANDARD NORME EUROPENNE EUROPISCHE NORM EN 419211-6 October 2014 ICS 03.160; 35.040; 35.240.15 Supersedes CWA 14169:2004
5、English Version Protection profiles for secure signature creation device - Part 6: Extension for device with key import and trusted channel to signature creation application Profils de protection pour dispositif scuris de cration de signature lectronique - Partie 6: Extension pour un dispositif avec
6、 import de cl et communication scurise avec lapplication de cration de signature Schutzprofile fr sichere Signaturerstellungseinheiten - Teil 6: Erweiterung fr Einheiten mit Schlsselimport und vertrauenswrdigem Kanal zur Signaturerstellungsanwendung This European Standard was approved by CEN on 25 J
7、uly 2014. CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obt
8、ained on application to the CEN-CENELEC Management Centre or to any CEN member. This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CEN member into its own language and notified to the C
9、EN-CENELEC Management Centre has the same status as the official versions. CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Irelan
10、d, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG CEN-CENELEC Management Centr
11、e: Avenue Marnix 17, B-1000 Brussels 2014 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. EN 419211-6:2014 EBS EN 419211-6:2014EN 419211-6:2014 (E) 2 Contents Page Foreword . 3 Introduction . 4 1 Scope . 5 2 Normative references . 5 3
12、 Conventions and terminology 5 3.1 Conventions . 5 3.2 Terms and definitions . 5 4 PP introduction . 6 4.1 PP reference 6 4.2 PP overview . 6 4.3 TOE overview. 7 5 Conformance claims 9 5.1 CC conformance claim . 9 5.2 PP claim, Package claim . 9 5.3 Conformance rationale . 9 5.4 Conformance statemen
13、t . 10 6 Security problem definition . 10 6.1 Assets, users and threat agents 10 6.2 Threats . 11 6.3 Organizational security policies . 11 6.4 Assumptions. 11 7 Security objectives . 11 7.1 Security objectives for the TOE . 11 7.2 Security objectives for the operational environment 12 7.3 Security
14、objectives rationale 12 8 Extended components definition 15 9 Security requirements 15 9.1 Security functional requirements 15 9.2 Security assurance requirements 18 9.3 Security requirements rationale . 19 Bibliography 24 BS EN 419211-6:2014EN 419211-6:2014 (E) 3 Foreword This document (EN 419211-6
15、:2014) has been prepared by Technical Committee CEN/TC 224 “Personal identification, electronic signature and cards and their related systems and operations”, the secretariat of which is held by AFNOR. This European Standard shall be given the status of a national standard, either by publication of
16、an identical text or by endorsement, at the latest by April 2015 and conflicting national standards shall be withdrawn at the latest by April 2015. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN and/or CENELEC shall not be he
17、ld responsible for identifying any or all such patent rights. This document supersedes CWA 14169:2004. In comparison with CWA 14169, the entire document has been revised. Refer to EN 419211-1:2014, Annex A for more details. This document has been prepared under a mandate given to CEN by the European
18、 Commission and the European Free Trade Association. According to the CEN-CENELEC Internal Regulations, the national standards organizations of the following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finlan
19、d, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. BS EN 419211-6:2014EN 419211-6:201
20、4 (E) 4 Introduction This series of European Standards specifies Common Criteria protection profiles for secure signature creation devices and is issued by the European Committee for Standardization (CEN) as an update of the Electronic Signatures (E-SIGN) CEN workshop agreement, CWA 14169:2004, Anne
21、x B and Annex C on the protection profile secure signature creation devices, “EAL 4+“. This series of European Standards consists of the following parts: Part 1: Overview Part 2: Device with key generation Part 3: Device with key import Part 4: Extension for device with key generation and trusted ch
22、annel to certificate generation application Part 5: Extension for device with key generation and trusted channel to signature creation application Part 6: Extension for device with key import and trusted channel to signature creation application Preparation of this document as a protection profile (
23、PP) follows the rules of ISO/IEC 15408. BS EN 419211-6:2014EN 419211-6:2014 (E) 5 1 Scope This European Standard specifies a protection profile for a secure signature creation device that may import signing keys and communicate with the signature creation application in protected manner: secure sign
24、ature creation device with key import and trusted communication with signature creation application (SSCD KI TCSCA). 2 Normative references The following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only
25、the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. EN 419211-1:2014, Protection profiles for secure signature creation device Part 1: Overview ISO/IEC 15408-1, Information technology Security techniques Evaluation crit
26、eria for IT security Part 1: Introduction and general model1)ISO/IEC 15408-2, Information technology Security techniques Evaluation criteria for IT security Part 2: Security functional components ISO/IEC 15408-3, Information technology Security techniques Evaluation criteria for IT security Part 3:
27、Security assurance components 3 Conventions and terminology 3.1 Conventions This document is drafted in accordance with the CEN/CENELEC directive and content and structure of this document follow the rules and conventions laid out in ISO/IEC 15408. Normative aspects of content in this European Stand
28、ard are specified according to the Common Criteria rules and not specifically identified by the verbs “shall” or “must”. 3.2 Terms and definitions For the purposes of this document, the acronyms, terms and definitions given in EN 419211-1 apply. 1) ISO/IEC 15408-1, ISO/IEC 15408-2 and ISO/IEC 15408-
29、3 respectively correspond to Common Criteria for Information Technology Security Evaluation, Parts 1, 2 and 3. BS EN 419211-6:2014EN 419211-6:2014 (E) 6 4 PP introduction 4.1 PP reference Title: Protection profiles for secure signature creation device Part 6: Extension for device with key import and
30、 trusted communication with signature creation application Version: 1.0.4 Author: CEN / CENELEC (TC224/WG17) Publication date: 2013-04-03 Registration: BSI-CC-PP-0076 CC version: 3.1 Revision 4 Editor: Arnold Abromeit, TV Informationstechnik GmbH General status: final Keywords: secure signature crea
31、tion device, electronic signature, digital signature, key import, trusted communication with signature creation application 4.2 PP overview This Protection Profile is established by CEN as a European Standard for products to create electronic signatures. It fulfils requirements of Directive 1999/93/
32、EC2)of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures. In accordance with Article 9 of this European Directive this standard can be indicated by the European Commission in the Official Journal of the European Communities as a general
33、ly recognized standard for electronic signature products. This protection profile defines security functional requirements and security assurance requirements that comply with those defined in Annex III of the Directive for a secure signature creation device (SSCD). This secure signature creation de
34、vice is the target of evaluation (TOE) for this protection profile. European Union Member States may presume that there is compliance with the requirements laid down in Annex III of the Directive when an electronic signature product is evaluated to a Security Target (ST) that is compliant with this
35、Protection Profile (PP). This Protection Profile about secure signature creation device with key import and trusted communication with signature creation application (PP SSCD KI TCSCA) includes the security requirements for SSCD with key import importing signature creation data (SCD) and creating di
36、gital signature to be used for (qualified or advanced) electronic signatures as described in the core PP 3. Additionally, the TOE of this PP supports a trusted communication with a signature creation application for protection of authentication data and data to be signed. These security features all
37、ow using the TOE in a more complex operational environment. It conforms to the core PP SSCD KI 3. The implication of this conformance claim is explained in 5.3 hereinafter. 2) This European Directive is referred to in this PP as “the Directive”. BS EN 419211-6:2014EN 419211-6:2014 (E) 7 The assuranc
38、e level for this PP is EAL4 augmented with AVA_VAN.5. 4.3 TOE overview 4.3.1 Operation of the TOE This section presents a functional overview of the TOE in its distinct operational environments: The preparation environment, where it interacts with a certification service provider through a SCD/SVD g
39、eneration application to import the signature creation data (SCD) and a certificate generation application (CGA) to obtain a certificate for the signature validation data (SVD) corresponding with the signature creation data (SCD) the certification service provider has generated. The initialization e
40、nvironment interacts further with the TOE to personalize it with the initial value of the reference-authentication data (RAD). The signing environment where it interacts with a signer through a signature creation application (SCA) to sign data after authenticating the signer as its signatory. The si
41、gnature creation application provides the data to be signed (DTBS), or a unique representation thereof (DTBS/R) as input to the TOE signature creation function and obtains the resulting electronic signature3). The TOE and the SCA communicate through a trusted channel to ensure the integrity of the D
42、TBS respective DTBS/R. The management environments where it interacts with the user or an SSCD-provisioning service provider to perform management operations, e.g. for the signatory to reset a blocked RAD. A single device, e.g. a smart card terminal, may provide the required secure environment for m
43、anagement and signing. The signing environment, the management environment and the preparation environment are secure and protect data exchanged with the TOE. Figure 5 in EN 419211-1:2014 illustrates the operational environment. The TOE stores signature creation data and reference authentication dat
44、a. The TOE may store multiple instances of SCD. In this case, the TOE provides a function to identify each SCD and the signature creation application (SCA) can provide an interface to the signer to select an SCD for use in the signature creation function of the SSCD. The TOE protects the confidentia
45、lity and integrity of the SCD and restricts its use in signature creation to its signatory. The electronic signature created with the TOE is a qualified electronic signature as defined in the Directive if the certificate for the SVD is a qualified certificate (Annex I). Determining the state of the
46、certificate as qualified is beyond the scope of this standard. The SCA is assumed to protect the integrity of the input it provides to the TOE signature creation function as being consistent with the user data authorized for signing by the signatory. Unless implicitly known to the TOE, the SCA indic
47、ates the kind of the signing input (as DTBS/R) it provides and computes any hash values required. The TOE may augment the DTBS/R with signature parameters it stores and then computes a hash value over the input as needed by the kind of input and the used cryptographic algorithm. The TOE and the SCA
48、communicate through a trusted channel in order to protect the integrity of the DTBS/R. The TOE stores signatory reference authentication data to authenticate a user as its signatory. The RAD is a password, e.g. PIN, a biometric template or a combination of these. The TOE protects the confidentiality
49、 and integrity of the RAD. The TOE may provide a user interface to directly receive verification authentication data (VAD) from the user, alternatively, the TOE receive the VAD from the signature creation application. If the signature creation application handles requesting obtaining a VAD from the user, it is assumed to protect the confidentiality and integrity of this data. 3) At a pure functional level the SSCD creates an electronic signature; for an implementation of the SSCD, in that meeting the requirements of this PP
