prEN 419111-2
(Main)Protection profiles for signature creation and verification application - Signature creation application - Part 2: Core PP
Protection profiles for signature creation and verification application - Signature creation application - Part 2: Core PP
This document is a Protection Profile that defines the security requirements for a Signature Creation Application. This is the core document, which means that only the security functions that are mandatory are included. The ST writer can include other security functions in his TOE. For this purpose, he can include some of those described in prEN 419111-3:2013.
Schutzprofile für eine Anwendung zum Erzeugen und Prüfen von Signaturen - Signatur Kreation Anwendung - Teil 2: Core PP
Profils de protection pour application de création et de vérification de signature - Application de création de signature - Partie 2: Profils PP de base
Le présent document est un profil de protection (PP) qui définit les exigences de sécurité applicables à une application de création de signature (ou SCA, pour Signature Creation Application). Il s’agit d’un document de base, ce qui signifie qu’il n’inclut que les fonctions de sécurité obligatoires. Le rédacteur de la cible de sécurité (ou ST, pour Security Target) peut inclure d’autres fonctions dans sa cible d’évaluation (ou TOE, pour Target Of Évaluation). A cette fin, il peut inclure certaines extensions parmi celles décrites dans le prEN 419111 3:2013 [2].
Zaščitni profili za uporabo pri oblikovanju in preverjanju podpisov - Aplikacija oblikovanja podpisa - 2. del: Jedrni PP
General Information
Standards Content (Sample)
SLOVENSKI STANDARD
01-julij-2013
=DãþLWQLSURILOL]DXSRUDERSULREOLNRYDQMXLQSUHYHUMDQMXSRGSLVRY$SOLNDFLMD
REOLNRYDQMDSRGSLVDGHO-HGUQL33
Protection profiles for signature creation and verification application - Signature creation
application - Part 2: Core PP
Schutzprofile für eine Anwendung zum Erzeugen und Prüfen von Signaturen - Signatur
Kreation Anwendung - Teil 2: Core PP
Profils de protection pour application de création et de vérification de signature -
Application de création de signature - Partie 2: Profils PP de base
Ta slovenski standard je istoveten z: prEN 419111-2
ICS:
35.240.15 Identifikacijske kartice in Identification cards and
sorodne naprave related devices
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
EUROPEAN STANDARD
DRAFT
NORME EUROPÉENNE
EUROPÄISCHE NORM
February 2013
ICS 35.240.15 Will supersede CWA 14170:2004
English Version
Protection profiles for signature creation and verification
application - Signature creation application - Part 2: Core PP
Profils de protection pour application de création et de Schutzprofile für eine Anwendung zum Erzeugen und
vérification de signature - Application de création de Prüfen von Signaturen - Signatur Kreation Anwendung -
signature - Partie 2: Profils PP de base Teil 2: Core PP
This draft European Standard is submitted to CEN members for enquiry. It has been drawn up by the Technical Committee CEN/TC 224.
If this draft becomes a European Standard, CEN members are bound to comply with the CEN/CENELEC Internal Regulations which
stipulate the conditions for giving this European Standard the status of a national standard without any alteration.
This draft European Standard was established by CEN in three official versions (English, French, German). A version in any other language
made by translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management
Centre has the same status as the official versions.
CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,
Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United
Kingdom.
Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of which they are aware and to
provide supporting documentation.
Warning : This document is not a European Standard. It is distributed for review and comments. It is subject to change without notice and
shall not be referred to as a European Standard.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION
EUROPÄISCHES KOMITEE FÜR NORMUNG
Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2013 CEN All rights of exploitation in any form and by any means reserved Ref. No. prEN 419111-2:2013: E
worldwide for CEN national Members.
Contents Page
Foreword .5
1 Scope .6
2 Normative references .6
3 Terms and definitions .6
4 Symbols and abbreviations .6
5 TOE overview .7
5.1 TOE Type .7
5.2 TOE Usage .7
5.3 TOE Environment.7
5.3.1 Overview .7
5.3.2 External entities .8
5.3.3 Other Entities .8
5.4 TOE operations .8
5.4.1 Introduction .8
5.4.2 Pre-signature operations .8
5.4.3 Signature computation .8
5.5 TOE-environment operations .9
6 Conformance claims .9
6.1 CC Conformance Claim .9
6.2 PP Claim .9
6.3 Package Claim .9
6.4 Conformance Rationale .9
6.5 Conformance Statement .9
7 Security problem definition . 10
7.1 Assets . 10
7.1.1 Document . 10
7.1.2 Certificate . 10
7.1.3 Certificate path . 10
7.1.4 Signature policy . 10
7.1.5 Signature attribute . 10
7.2 Threats . 10
7.2.1 T.Document . 10
7.2.2 T.Signature_Policy. 10
7.2.3 T.Certificate . 11
7.2.4 T.Signer_consent . 11
7.2.5 T.Digital_Signature . 11
7.3 Organisational security policies . 11
7.4 Assumptions . 11
7.4.1 A.Platform . 11
7.4.2 A.SSCD . 12
7.4.3 A.Signer . 12
7.4.4 A.CSP . 12
8 Security objectives . 12
8.1 Security objectives for the TOE . 12
8.1.1 OT.Signer_Control . 12
8.1.2 OT.Document . 12
8.1.3 OT.Certificate . 12
8.1.4 OT.Signature_Attributes . 13
8.1.5 OT.Signature_Policy . 13
8.1.6 OT.Crypto . 13
8.1.7 OT.Sig_Verify . 13
8.2 Security objectives for the operational environment . 13
8.2.1 OE.Platform . 13
8.2.2 OE.SSCD. 14
8.2.3 OE.SSCD_communication_protected . 14
8.2.4 OE.Signer_Presence . 14
8.2.5 OE.Output_Device . 14
8.2.6 OE.Checker . 14
8.2.7 OE.Signer . 14
8.2.8 OE.CSP . 15
8.3 Rationale for Security objectives . 15
9 Extended component definition . 16
10 Security requirements . 16
10.1 General . 16
10.2 Security requirements for the TOE . 17
10.2.1 Introduction . 17
10.3 Security assurance requirements for the TOE . 35
10.4 Security Requirement rationales . 36
10.4.1 Security Functional Requirement rationale . 36
10.4.2 Rationale for SFR Dependencies . 38
10.4.3 Security Assurance Requirements Rationale . 40
10.4.4 Security requirements – internal consistency . 40
Bibliography . 41
Index .
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.