EN 419211-6:2014

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.SRGSLVRYDQMHPSchutzprofile für sichere Signaturerstellungseinheiten - Teil 6: Erweiterung für Einheiten mit Schlüsselimport und vertrauenswürdigem Kanal zur SignaturerstellungsanwendungProfils de protection pour dispositif sécurisé de création de signature électronique - Partie 6: Extension pour un dispositif avec import de clé et communication sécurisée avec l'application de création de signatureProtection profiles for secure signature creation device - Part 6: Extension for device with key import and trusted channel to signature creation application35.100.05UHãLWYHMultilayer applications35.040Nabori znakov in kodiranje informacijCharacter sets and information coding03.160Pravo. UpravaLaw. AdministrationICS:Ta slovenski standard je istoveten z:EN 419211-6:2014SIST EN 419211-6:2014en,de01-december-2014SIST EN 419211-6:2014SLOVENSKI
STANDARD
EUROPEAN STANDARD NORME EUROPÉENNE EUROPÄISCHE NORM
EN 419211-6
October 2014 ICS 03.160; 35.040; 35.240.15 Supersedes CWA 14169:2004English Version
Protection profiles for secure signature creation device - Part 6: Extension for device with key import and trusted channel to signature creation application
Profils de protection pour dispositif sécurisé de création de signature électronique - Partie 6: Extension pour un dispositif avec import de clé et communication sécurisée avec l'application de création de signature
Schutzprofile für sichere Signaturerstellungseinheiten - Teil 6: Erweiterung für Einheiten mit Schlüsselimport und vertrauenswürdigem Kanal zur Signaturerstellungsanwendung This European Standard was approved by CEN on 25 July 2014.
CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management Centre has the same status as the official versions.
CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION EUROPÄISCHES KOMITEE FÜR NORMUNG
CEN-CENELEC Management Centre:
Avenue Marnix 17,
B-1000 Brussels © 2014 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. EN 419211-6:2014 ESIST EN 419211-6:2014

1) ISO/IEC 15408-1, ISO/IEC 15408-2 and ISO/IEC 15408-3 respectively correspond to Common Criteria for Information Technology Security Evaluation, Parts 1, 2 and 3.
2) This European Directive is referred to in this PP as “the Directive”. SIST EN 419211-6:2014

3) At a pure functional level the SSCD creates an electronic signature; for an implementation of the SSCD, in that meeting the requirements of this PP and with the key certificate generated as specified in the Directive, Annex I, the result of the signing process can be used as to create a qualified electronic signature. SIST EN 419211-6:2014

1) select a set of SCD if multiple sets are present in the SSCD,
2) authenticate the signatory and determine its intent to sign,
3) receive data to be signed or a unique representation thereof (DTBS/R) through a trusted channel with SCA,
4) apply an appropriate cryptographic signature creation function using the selected SCD to the DTBS/R. The TOE may implement its function for electronic signature creation to also conform to the specifications in ETSI/TS 101 733 (CAdES) [4], ETSI/TS 101 903 (XAdES) [5] and ETSI/TS 102 778 (PAdES) [6]. The TOE is prepared for the signatory's use by: a) importing at least one set of SCD, and b) personalizing for the signatory by storing in the TOE:
1) the signatory’s reference authentication data (RAD), SIST EN 419211-6:2014

2) optionally, certificate info for at least one SCD in the TOE. After import, the SCD is in a non-operational state. Upon receiving a TOE the signatory shall verify its non-operational state and change the SCD state to operational. After preparation, the intended legitimate user should be informed of the signatory’s verification authentication data (VAD) required for use of the TOE in signing. If the VAD is a password or PIN, the means of providing this information is expected to protect the confidentiality and the integrity of the corresponding RAD. If the use of an SCD is no longer required, then it should be destroyed (e.g. by erasing it from memory) as well as the associated certificate info, if any exists. 4.3.3 TOE lifecycle The TOE lifecycle is the same as defined in the PP SSCD KI [3], 4.3.3. 5 Conformance claims 5.1 CC conformance claim This PP uses ISO/IEC 15408-1. This PP is conforming to ISO/IEC 15408-2. This PP is conforming to ISO/IEC 15408-3. 5.2 PP claim, Package claim This PP is strictly conforming to the core PP SSCD KI [3] version 1.0.2 as dated of 2012-07-24. This PP is conforming to assurance package EAL4 augmented with AVA_VAN.5 defined in ISO/IEC 15408-3. 5.3 Conformance rationale This PP SSCD KI TCSCA conforms to the core PP SSCD KI [3]. This implies for this PP: a) The TOE type of this PP SSCD KI TCSCA is the same as the TOE type of the core PP SSCD KI: the TOE is a combination of hardware and software configured to securely create, use and manage signature creation data. b) The security problem definition (SPD) of this PP SSCD KI TCSCA contains the security problem definition of the core PP SSCD KI. The SPD for the SSCD KI TCSCA is described by the same threats, organisational security policies and assumptions as for the TOE in core PP SSCD KI. c) The security objectives for the TOE in this PP SSCD KI TCSCA include all the security objectives for the TOE of the core PP SSCD KI and add the security objective OT.TOE_TC_VAD_Imp (Trusted channel of TOE for VAD import) and OT.TOE_TC_DTBS_Imp (Trusted channel for DTBS). d) The security objectives for the operational environment in this PP SSCD KI TCSCA include all security objectives for the operational environment of the core PP SSCD KI except OE.HI_VAD and OE.DTBS_Protect. This PP adapts OE.HI_VAD and OE.DTBS_Protect to the support provided by the TOE by new security functionality (cf. OT.TOE_TC_VAD_Imp, OT.TOE_TC_DTBS_Imp) provided by the TOE and changes them into OE.HID_TC_VAD_Exp and OE.SCA_TC_DTBS_Exp (cf. 7.2 for details). SIST EN 419211-6:2014

Trusted channel of TOE for VAD import The TOE shall provide a trusted channel for the protection of the confidentiality and integrity of the VAD received from the HID as needed by the authentication method employed. Application note 1: This security objective for the TOE is partly covering OE.HID_VAD from the core PP. While OE.HID_VAD in the core PP requires only the operational environment to protect VAD, this PP requires the HID and the TOE to implement a trusted channel for the protection of the VAD: the HID exports the VAD and e
...