EN 419211-4:2013
(Main)Protection profiles for secure signature creation device - Part 4: Extension for device with key generation and trusted channel to certificate generation application
Protection profiles for secure signature creation device - Part 4: Extension for device with key generation and trusted channel to certificate generation application
This European Standard specifies a protection profile for a secure signature creation device that may generate signing keys internally and export the public key in protected manner: secure signature creation device with key generation and trusted communication with certificate generation application (SSCD KG TCCGA).
Schutzprofile für sichere Signaturerstellungseinheiten - Teil 4: Erweiterung für Einheiten mit Schlüsselerzeugung und vertrauenswürdigem Kanal zur Zertifikaterzeugungsanwendung
Diese Europäische Norm legt ein Schutzprofil für eine sichere Signaturerstellungseinheit fest, die Signaturschlüssel intern erzeugen und den öffentlichen Schlüssel in geschützter Art und Weise exportieren kann: Sichere Signaturerstellungseinheit mit Schlüsselerzeugung und vertrauenswürdigem Kanal zur Zertifikaterzeugungsanwendung (SSCD KG TCCGA).
Profils de protection des dispositifs sécurisés de création de signature - Partie 4 : Extension pour un dispositif avec génération de clé et communication sécurisée avec l'application de génération de certificats
La présente Norme européenne spécifie un profil de protection des dispositifs sécurisés de création de signature pouvant générer de manière interne des clés de signature et exporter la clé publique d'une manière protégée : Dispositif sécurisé de création de signature électronique avec génération de clé et communication sécurisée avec l'application de génération de certificat (SSCD KG TCCGA).
Profil zaščite sredstva za varno elektronsko podpisovanje - 4. del: Podaljšek za sredstvo, ki generira ključ in zaupno komunicira prek aplikacije z generiranjem certifikatov
General Information
Overview
EN 419211-4:2013 is a CEN protection profile that extends the SSCD (Secure Signature Creation Device) family to cover devices that generate signing keys internally and export signature verification data (public key / SVD) over a trusted channel to a Certificate Generation Application (CGA). It is a Common Criteria (CC) v3.1-based profile intended for evaluation of products (the TOE - Target of Evaluation) used to create electronic signatures, including those that can support qualified electronic signatures under Directive 1999/93/EC when paired with a qualified certificate.
Key topics and technical requirements
- Protection profile scope: Secure signature creation device with key generation and trusted communication to certificate generation application (SSCD KG TCCGA).
- Assurance level: EAL4 augmented with AVA_VAN.5 (as specified in the PP).
- Core security functions:
- Internal generation and secure storage of signature creation data (SCD).
- Protection of reference authentication data (RAD) such as PINs or biometric templates.
- Export of signature verification data (SVD) / public key in a protected and authenticated manner to a CGA via a trusted channel.
- Controlled use of SCD so only the authorized signatory can create signatures.
- Interfaces for interaction with a Signature Creation Application (SCA), Certificate Generation Application (CGA), and management/provisioning services.
- Operational environments: defined secure preparation, signing, and management environments protecting data exchanges with the TOE.
- Conformance and standards alignment: Follows Common Criteria 3.1 conventions, aligns with Annex III requirements of Directive 1999/93/EC for SSCDs.
Applications and who uses it
- Device manufacturers (smart cards, secure elements, HSM vendors) seeking CC-based evaluation for devices that generate keys and need to export public keys securely.
- Certificate Service Providers (CSPs) and certificate authorities that operate CGAs and require trusted import of SVDs from devices.
- System integrators and solution architects implementing secure signing workflows (e.g., qualified signature issuance).
- Evaluation and testing laboratories performing CC evaluations against the PP.
- Typical deployments include smart cards, USB tokens, secure mobile elements, and HSM-backed appliances used in regulated signature issuance.
Related standards
- EN 419211 series (Parts 1–6): core PP overview and extensions (key generation, key import, trusted channels to SCA/CGA).
- Common Criteria (CC) v3.1 for evaluation and assurance methodology.
- Directive 1999/93/EC - legal framework for electronic signatures in the EU.
This profile is critical for vendors and CSPs who must demonstrate that devices generating signing keys and exporting public keys do so with provable, standardized security guarantees. Keywords: SSCD, key generation, trusted channel, certificate generation application, EN 419211-4, protection profile, electronic signature, qualified electronic signature.
Frequently Asked Questions
EN 419211-4:2013 is a standard published by the European Committee for Standardization (CEN). Its full title is "Protection profiles for secure signature creation device - Part 4: Extension for device with key generation and trusted channel to certificate generation application". This standard covers: This European Standard specifies a protection profile for a secure signature creation device that may generate signing keys internally and export the public key in protected manner: secure signature creation device with key generation and trusted communication with certificate generation application (SSCD KG TCCGA).
This European Standard specifies a protection profile for a secure signature creation device that may generate signing keys internally and export the public key in protected manner: secure signature creation device with key generation and trusted communication with certificate generation application (SSCD KG TCCGA).
EN 419211-4:2013 is classified under the following ICS (International Classification for Standards) categories: 03.160 - Law. Administration; 35.030 - IT Security; 35.040 - Information coding; 35.100.05 - Multilayer applications; 35.240.15 - Identification cards. Chip cards. Biometrics. The ICS classification helps identify the subject area and facilitates finding related standards.
EN 419211-4:2013 is associated with the following European legislation: EU Directives/Regulations: 910/2014; Standardization Mandates: M/460. When a standard is cited in the Official Journal of the European Union, products manufactured in conformity with it benefit from a presumption of conformity with the essential requirements of the corresponding EU directive or regulation.
You can purchase EN 419211-4:2013 directly from iTeh Standards. The document is available in PDF format and is delivered instantly after payment. Add the standard to your cart and complete the secure checkout process. iTeh Standards is an authorized distributor of CEN standards.
Standards Content (Sample)
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.FHUWLILNDWRYSchutzprofile für sichere Signaturerstellungseinheiten - Teil 4: Erweiterung für Einheiten mit Schlüsselgenerierung und vertrauenswürdigem Kanal zur Zertifizierung von GenerierungsanwendungenProfils de protection pour dispositif sécurisé de création de signature électronique - Partie 4: Extension pour un dispositif avec génération de clé et communication sécurisée avec l'application de génération de certificatsProtection profiles for secure signature creation device - Part 4: Extension for device with key generation and trusted communication with certificate generation application35.100.05UHãLWYHMultilayer applications35.040Nabori znakov in kodiranje informacijCharacter sets and information coding03.160Pravo. UpravaLaw. AdministrationICS:Ta slovenski standard je istoveten z:EN 419211-4:2013SIST EN 419211-4:2014en,de01-marec-2014SIST EN 419211-4:2014SLOVENSKI
STANDARD
EUROPEAN STANDARD NORME EUROPÉENNE EUROPÄISCHE NORM
EN 419211-4
November 2013 ICS 03.160; 35.040; 35.240.15 Supersedes CWA 14169:2004English Version
Protection profiles for secure signature creation device - Part 4: Extension for device with key generation and trusted channel to certificate generation application
Profils de protection pour dispositif sécurisé de création de signature électronique - Partie 4: Extension pour un dispositif avec génération de clé et communication sécurisée avec l'application de génération de certificats
Schutzprofile für sichere Signaturerstellungseinheiten - Teil 4: Erweiterung für Einheiten mit Schlüsselerzeugung und vertrauenswürdigem Kanal zur Zertifikaterzeugungsanwendung This European Standard was approved by CEN on 12 October 2013.
CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management Centre has the same status as the official versions.
CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION EUROPÄISCHES KOMITEE FÜR NORMUNG
CEN-CENELEC Management Centre:
Avenue Marnix 17,
B-1000 Brussels © 2013 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. EN 419211-4:2013 ESIST EN 419211-4:2014
Foreword . 3 Introduction . 4 1 Scope . 5 2 Normative references . 5 3 Conventions and terminology . 5 3.1 Conventions . 5 3.2 Terms and definitions . 5 4 PP introduction . 5 4.1 PP reference . 5 4.2 PP overview . 6 4.3 TOE overview . 6 5 Conformance claims . 9 5.1 CC conformance claim . 9 5.2 PP claim, Package claim . 9 5.3 Conformance rationale . 9 5.4 Conformance statement . 10 6 Security problem definition . 10 6.1 Assets, users and threat agents . 10 6.2 Threats . 10 6.3 Organizational security policies . 11 6.4 Assumptions . 11 7 Security objectives . 11 7.1 Security objectives for the TOE . 11 7.2 Security objectives for the operational environment . 11 7.3 Security objectives rationale . 12 8 Extended components definition . 15 8.1 Definition of the family FPT_EMS . 15 8.2 Definition of the family FIA_API . 15 9 Security requirements . 16 9.1 Security functional requirements . 16 9.2 Security assurance requirements . 18 9.3 Security requirements rationale . 19 Bibliography . 25
2013-11-27 Registration: BSI-CC-PP-0071 CC version: 3.1 Revision 4 Editor: Arnold Abromeit, TÜV Informationstechnik GmbH General status:
final Keywords: secure signature creation device, electronic signature, digital signature, key generation, trusted communication with certificate generation application
1) To be published. This document was submitted to the Enquiry procedure under reference prEN 14169-1. SIST EN 419211-4:2014
2) This European Directive is referred to in this PP as “the Directive”. 3) At a pure functional level the SSCD creates an electronic signature; for an implementation of the SSCD, in that meeting the requirements of this PP and with the key certificate generated as specified in the directive, Annex I, the result of the signing process can be used as to create a qualified electronic signature. SIST EN 419211-4:2014
Authentication proof as SSCD The TOE shall hold unique identity and authentication data as SSCD and provide security mechanisms to identify and to authenticate itself as SSCD. 7.1.3 OT.TOE_TC_SVD_Exp TOE trusted channel for SVD export The TOE shall provide a trusted channel to the CGA to protect the integrity of the SVD exported to the CGA. The TOE shall enable the CGA to detect alteration of the SVD exported by the TOE. 7.2 Security objectives for the operational environment 7.2.1 Relation to core PP SSCD KG This PP includes the following security objectives for the operational environment as defined in the core PP SSCD KG [6]: OE.SVD_Auth, OE.CGA_Qcert, OE.HID_VAD, OE.DTBS_Intend, OE.DTBS_Protect, and OE.Signatory. This PP substitutes OE.SSCD_Prov_Service from the core PP by OE.Dev_Prov_Service and adds security objectives for the operational environment OE.CGA_SSCD_Auth and OE.CGA_TC_SVD_Imp in order to address the additional method of use as SCD/SVD pair generation after delivery to the signatory and outside
...
記事タイトル:EN 419211-4:2013 - セキュアな署名作成装置用の保護プロファイル - 第4部: キー生成と証明書生成アプリケーションへの信頼性のあるチャネル拡張 記事内容: この欧州規格は、セキュアな署名作成装置のための保護プロファイルを指定しています。この装置は内部で署名キーを生成し、公開キーを保護された方法でエクスポートすることができます。これは、キー生成と証明書生成アプリケーションとの信頼性のある通信を持つセキュアな署名作成装置(SSCD KG TCCGA)として知られています。
기사 제목: EN 419211-4:2013 - 안전한 서명 생성 장치용 보호 프로필 - 파트 4: 키 생성 및 인증서 생성 애플리케이션에 대한 신뢰할 수 있는 채널을 가진 장치의 확장 기사 내용: 이 유럽 표준은 안전한 서명 생성 장치에 대한 보호 프로필을 명시한다. 이 장치는 내부적으로 서명 키를 생성하고 공개 키를 보호된 방식으로 내보낼 수 있는 기능을 갖추고 있다. 이는 키 생성과 인증서 생성 애플리케이션과의 신뢰할 수 있는 통신을 지원하는 안전한 서명 생성 장치로 알려져 있다(SSCD KG TCCGA).
The article discusses the EN 419211-4:2013 European Standard, which sets out a protection profile for a secure signature creation device. This device is capable of generating signing keys internally and is able to export the public key in a protected manner. It is known as a secure signature creation device with key generation and trusted communication with a certificate generation application (SSCD KG TCCGA).
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.
Loading comments...