Protection profiles for secure signature creation device - Part 6: Extension for device with key import and trusted channel to signature creation application

This European standard specifies a protection profile for a secure signature creation device that may generate signing keys internally and export the public key in protected manner: Secure Signature-creation Device with key generation and trusted communication with certificate generation application.

Schutzprofile für sichere Signaturerstellungseinheiten - Teil 6: Erweiterung für Einheiten mit Schlüsselimport und vertrauenswürdigem Kanal zur Signaturerstellungsanwendung

Diese Europäische Norm legt ein Schutzprofil für eine sichere Signaturerstellungseinheit fest, die Signatur-schlüssel intern erzeugen und den öffentlichen Schlüssel in geschützter Weise exportieren kann: Sichere Signaturerstellungseinheit mit Schlüsselerzeugung und vertrauenswürdigem Kanal zur Zertifikaterzeugungs-anwendung.

Profils de protection pour dispositif sécurisé de création de signature électronique - Partie 6: Extension pour un dispositif avec import de clé et communication sécurisée avec l'application de création de signature

La présente Norme européenne spécifie un profil de protection pour un dispositif sécurisé de création de signature électronique pouvant importer des clés de signature et communiquer avec l'application de création de signature électronique d'une manière protégée : Dispositif sécurisé de création de signature électronique avec importation de clé et communication sécurisée avec l'application de création de signature électronique (SSCD KI TCSCA).

Profil zaščite sredstva za varno elektronsko podpisovanje - 6. del: Podaljšek za sredstvo, ki z vnosom ključa in zaupnim komuniciranjem z aplikacijo s podpisovanjem

Ta evropski standard določa profil zaščite sredstva za varno elektronsko podpisovanje, ki lahko v notranjosti tvori ključe in zaščiteno izvozi javni ključ: sredstvo za varno elektronsko podpisovanje s tvorjenjem ključa in zaupno komuniciranje z aplikacijo s tvorjenjem potrdila.

General Information

Status
Published
Public Enquiry End Date
31-Oct-2010
Publication Date
09-Nov-2014
Technical Committee
Current Stage
6060 - National Implementation/Publication (Adopted Project)
Start Date
20-Oct-2014
Due Date
25-Dec-2014
Completion Date
10-Nov-2014

Buy Standard

Standard
EN 419211-6:2014
English language
24 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.SRGSLVRYDQMHPSchutzprofile für sichere Signaturerstellungseinheiten - Teil 6: Erweiterung für Einheiten mit Schlüsselimport und vertrauenswürdigem Kanal zur SignaturerstellungsanwendungProfils de protection pour dispositif sécurisé de création de signature électronique - Partie 6: Extension pour un dispositif avec import de clé et communication sécurisée avec l'application de création de signatureProtection profiles for secure signature creation device - Part 6: Extension for device with key import and trusted channel to signature creation application35.100.05UHãLWYHMultilayer applications35.040Nabori znakov in kodiranje informacijCharacter sets and information coding03.160Pravo. UpravaLaw. AdministrationICS:Ta slovenski standard je istoveten z:EN 419211-6:2014SIST EN 419211-6:2014en,de01-december-2014SIST EN 419211-6:2014SLOVENSKI
STANDARD



SIST EN 419211-6:2014



EUROPEAN STANDARD NORME EUROPÉENNE EUROPÄISCHE NORM
EN 419211-6
October 2014 ICS 03.160; 35.040; 35.240.15 Supersedes CWA 14169:2004English Version
Protection profiles for secure signature creation device - Part 6: Extension for device with key import and trusted channel to signature creation application
Profils de protection pour dispositif sécurisé de création de signature électronique - Partie 6: Extension pour un dispositif avec import de clé et communication sécurisée avec l'application de création de signature
Schutzprofile für sichere Signaturerstellungseinheiten - Teil 6: Erweiterung für Einheiten mit Schlüsselimport und vertrauenswürdigem Kanal zur Signaturerstellungsanwendung This European Standard was approved by CEN on 25 July 2014.
CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management Centre has the same status as the official versions.
CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION EUROPÄISCHES KOMITEE FÜR NORMUNG
CEN-CENELEC Management Centre:
Avenue Marnix 17,
B-1000 Brussels © 2014 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. EN 419211-6:2014 ESIST EN 419211-6:2014



EN 419211-6:2014 (E) 2 Contents Page Foreword . 3 Introduction . 4 1 Scope . 5 2 Normative references . 5 3 Conventions and terminology . 5 3.1 Conventions . 5 3.2 Terms and definitions . 5 4 PP introduction . 6 4.1 PP reference . 6 4.2 PP overview . 6 4.3 TOE overview. 7 5 Conformance claims . 9 5.1 CC conformance claim . 9 5.2 PP claim, Package claim . 9 5.3 Conformance rationale . 9 5.4 Conformance statement . 10 6 Security problem definition . 10 6.1 Assets, users and threat agents . 10 6.2 Threats . 11 6.3 Organizational security policies . 11 6.4 Assumptions. 11 7 Security objectives . 11 7.1 Security objectives for the TOE . 11 7.2 Security objectives for the operational environment . 12 7.3 Security objectives rationale . 12 8 Extended components definition . 15 9 Security requirements . 15 9.1 Security functional requirements. 15 9.2 Security assurance requirements . 18 9.3 Security requirements rationale . 19 Bibliography . 24
SIST EN 419211-6:2014



EN 419211-6:2014 (E) 3 Foreword This document (EN 419211-6:2014) has been prepared by Technical Committee CEN/TC 224 “Personal identification, electronic signature and cards and their related systems and operations”, the secretariat of which is held by AFNOR. This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by April 2015 and conflicting national standards shall be withdrawn at the latest by April 2015. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN [and/or CENELEC] shall not be held responsible for identifying any or all such patent rights. This document supersedes CWA 14169:2004. In comparison with CWA 14169, the entire document has been revised. Refer to EN 419211-1:2014, Annex A for more details. This document has been prepared under a mandate given to CEN by the European Commission and the European Free Trade Association. According to the CEN-CENELEC Internal Regulations, the national standards organizations of the following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. SIST EN 419211-6:2014



EN 419211-6:2014 (E) 4 Introduction This series of European Standards specifies Common Criteria protection profiles for secure signature creation devices and is issued by the European Committee for Standardization (CEN) as an update of the Electronic Signatures (E-SIGN) CEN workshop agreement, CWA 14169:2004, Annex B and Annex C on the protection profile secure signature creation devices, "EAL 4+". This series of European Standards consists of the following parts: — Part 1: Overview — Part 2: Device with key generation — Part 3: Device with key import — Part 4: Extension for device with key generation and trusted channel to certificate generation application — Part 5: Extension for device with key generation and trusted channel to signature creation application — Part 6: Extension for device with key import and trusted channel to signature creation application Preparation of this document as a protection profile (PP) follows the rules of ISO/IEC 15408. SIST EN 419211-6:2014



EN 419211-6:2014 (E) 5 1 Scope This European Standard specifies a protection profile for a secure signature creation device that may import signing keys and communicate with the signature creation application in protected manner: secure signature creation device with key import and trusted communication with signature creation application (SSCD KI TCSCA). 2 Normative references The following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. EN 419211-1:2014, Protection profiles for secure signature creation device — Part 1: Overview ISO/IEC 15408-1, Information technology — Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general model1) ISO/IEC 15408-2, Information technology — Security techniques — Evaluation criteria for IT security — Part 2: Security functional components ISO/IEC 15408-3, Information technology — Security techniques — Evaluation criteria for IT security — Part 3: Security assurance components 3 Conventions and terminology 3.1 Conventions This document is drafted in accordance with the CEN/CENELEC directive and content and structure of this document follow the rules and conventions laid out in ISO/IEC 15408. Normative aspects of content in this European Standard are specified according to the Common Criteria rules and not specifically identified by the verbs “shall” or “must”. 3.2 Terms and definitions For the purposes of this document, the acronyms, terms and definitions given in EN 419211-1 apply.
1) ISO/IEC 15408-1, ISO/IEC 15408-2 and ISO/IEC 15408-3 respectively correspond to Common Criteria for Information Technology Security Evaluation, Parts 1, 2 and 3.
SIST EN 419211-6:2014



EN 419211-6:2014 (E) 6 4 PP introduction 4.1 PP reference Title: Protection profiles for secure signature creation device — Part 6: Extension for device with key import and trusted communication with signature creation application Version: 1.0.4 Author: CEN / CENELEC (TC224/WG17) Publication date: 2013-04-03 Registration: BSI-CC-PP-0076 CC version: 3.1 Revision 4 Editor: Arnold Abromeit, TÜV Informationstechnik GmbH General status: final Keywords: secure signature creation device, electronic signature, digital signature, key import, trusted communication with signature creation application 4.2 PP overview This Protection Profile is established by CEN as a European Standard for products to create electronic signatures. It fulfils requirements of Directive 1999/93/EC2) of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures. In accordance with Article 9 of this European Directive this standard can be indicated by the European Commission in the Official Journal of the European Communities as a generally recognized standard for electronic signature products. This protection profile defines security functional requirements and security assurance requirements that comply with those defined in Annex III of the Directive for a secure signature creation device (SSCD). This secure signature creation device is the target of evaluation (TOE) for this protection profile. European Union Member States may presume that there is compliance with the requirements laid down in Annex III of the Directive when an electronic signature product is evaluated to a Security Target (ST) that is compliant with this Protection Profile (PP). This Protection Profile about secure signature creation device with key import and trusted communication with signature creation application (PP SSCD KI TCSCA) includes the security requirements for SSCD with key import importing signature creation data (SCD) and creating digital signature to be used for (qualified or advanced) electronic signatures as described in the core PP [3]. Additionally, the TOE of this PP supports a trusted communication with a signature creation application for protection of authentication data and data to be signed. These security features allow using the TOE in a more complex operational environment. It conforms to the core PP SSCD KI [3]. The implication of this conformance claim is explained in 5.3 hereinafter.
2) This European Directive is referred to in this PP as “the Directive”. SIST EN 419211-6:2014



EN 419211-6:2014 (E) 7 The assurance level for this PP is EAL4 augmented with AVA_VAN.5. 4.3 TOE overview 4.3.1 Operation of the TOE This section presents a functional overview of the TOE in its distinct operational environments: — The preparation environment, where it interacts with a certification service provider through a SCD/SVD generation application to import the signature creation data (SCD) and a certificate generation application (CGA) to obtain a certificate for the signature validation data (SVD) corresponding with the signature creation data (SCD) the certification service provider has generated. The initialization environment interacts further with the TOE to personalize it with the initial value of the reference-authentication data (RAD). — The signing environment where it interacts with a signer through a signature creation application (SCA) to sign data after authenticating the signer as its signatory. The signature creation application provides the data to be signed (DTBS), or a unique representation thereof (DTBS/R) as input to the TOE signature creation function and obtains the resulting electronic signature3). The TOE and the SCA communicate through a trusted channel to ensure the integrity of the DTBS respective DTBS/R. — The management environments where it interacts with the user or an SSCD-provisioning service provider to perform management operations, e.g. for the signatory to reset a blocked RAD. A single device, e.g. a smart card terminal, may provide the required secure environment for management and signing. The signing environment, the management environment and the preparation environment are secure and protect data exchanged with the TOE. Figure 5 in EN 419211-1:2014 illustrates the operational environment. The TOE stores signature creation data and reference authentication data. The TOE may store multiple instances of SCD. In this case, the TOE provides a function to identify each SCD and the signature creation application (SCA) can provide an interface to the signer to select an SCD for use in the signature creation function of the SSCD. The TOE protects the confidentiality and integrity of the SCD and restricts its use in signature creation to its signatory. The electronic signature created with the TOE is a qualified electronic signature as defined in the Directive if the certificate for the SVD is a qualified certificate (Annex I). Determining the state of the certificate as qualified is beyond the scope of this standard. The SCA is assumed to protect the integrity of the input it provides to the TOE signature creation function as being consistent with the user data authorized for signing by the signatory. Unless implicitly known to the TOE, the SCA indicates the kind of the signing input (as DTBS/R) it provides and computes any hash values required. The TOE may augment the DTBS/R with signature parameters it stores and then computes a hash value over the input as needed by the kind of input and the used cryptographic algorithm. The TOE and the SCA communicate through a trusted channel in order to protect the integrity of the DTBS/R. The TOE stores signatory reference authentication data to authenticate a user as its signatory. The RAD is a password, e.g. PIN, a biometric template or a combination of these. The TOE protects the confidentiality and integrity of the RAD. The TOE may provide a user interface to directly receive verification authentication data (VAD) from the user, alternatively, the TOE receive the VAD from the signature creation application. If the signature creation application handles requesting obtaining a VAD from the user, it is assumed to protect the confidentiality and integrity of this data.
3) At a pure functional level the SSCD creates an electronic signature; for an implementation of the SSCD, in that meeting the requirements of this PP and with the key certificate generated as specified in the Directive, Annex I, the result of the signing process can be used as to create a qualified electronic signature. SIST EN 419211-6:2014



EN 419211-6:2014 (E) 8 A certification service provider and a SSCD-provisioning service provider interact with the TOE in the secure preparation environment to perform any preparation function of the TOE required before control of the TOE is given to the legitimate user. These functions may include: — initializing the RAD, — generating a key pair, — storing personal information of the legitimate user. A typical example of an SSCD is a smart card. In this case a smart card terminal may be deployed that provides the required secure environment to handle a request for signatory authorization. A signature can be obtained on a document prepared by a signature creation application component running on personal computer connected to the card terminal. The signature creation application, after presenting the document to the user and after obtaining the authorization PIN initiates the electronic signature creation function of the smart card through the terminal. 4.3.2 Target of evaluation The TOE is a combination of hardware and software configured to securely import, use and manage signature creation data (SCD). The SSCD protects the SCD during its lifecycle beginning with import as to be used in a signature creation process solely by its signatory. The TOE comprises all IT security functionality necessary to ensure the secrecy of the SCD and the security of the electronic signature. The TOE provides the following functions: a) to import signature creation data (SCD) and the correspondent signature verification data (SVD), b) to, optionally, receive and store certificate info, c) to switch the TOE from a non-operational state to an operational state, and d) if in an operational state, to create electronic signatures for data with the following steps:
1) select a set of SCD if multiple sets are present in the SSCD,
2) authenticate the signatory and determine its intent to sign,
3) receive data to be signed or a unique representation thereof (DTBS/R) through a trusted channel with SCA,
4) apply an appropriate cryptographic signature creation function using the selected SCD to the DTBS/R. The TOE may implement its function for electronic signature creation to also conform to the specifications in ETSI/TS 101 733 (CAdES) [4], ETSI/TS 101 903 (XAdES) [5] and ETSI/TS 102 778 (PAdES) [6]. The TOE is prepared for the signatory's use by: a) importing at least one set of SCD, and b) personalizing for the signatory by storing in the TOE:
1) the signatory’s reference authentication data (RAD), SIST EN 419211-6:2014



EN 419211-6:2014 (E) 9
2) optionally, certificate info for at least one SCD in the TOE. After import, the SCD is in a non-operational state. Upon receiving a TOE the signatory shall verify its non-operational state and change the SCD state to operational. After preparation, the intended legitimate user should be informed of the signatory’s verification authentication data (VAD) required for use of the TOE in signing. If the VAD is a password or PIN, the means of providing this information is expected to protect the confidentiality and the integrity of the corresponding RAD. If the use of an SCD is no longer required, then it should be destroyed (e.g. by erasing it from memory) as well as the associated certificate info, if any exists. 4.3.3 TOE lifecycle The TOE lifecycle is the same as defined in the PP SSCD KI [3], 4.3.3. 5 Conformance claims 5.1 CC conformance claim This PP uses ISO/IEC 15408-1. This PP is conforming to ISO/IEC 15408-2. This PP is conforming to ISO/IEC 15408-3. 5.2 PP claim, Package claim This PP is strictly conforming to the core PP SSCD KI [3] version 1.0.2 as dated of 2012-07-24. This PP is conforming to assurance package EAL4 augmented with AVA_VAN.5 defined in ISO/IEC 15408-3. 5.3 Conformance rationale This PP SSCD KI TCSCA conforms to the core PP SSCD KI [3]. This implies for this PP: a) The TOE type of this PP SSCD KI TCSCA is the same as the TOE type of the core PP SSCD KI: the TOE is a combination of hardware and software configured to securely create, use and manage signature creation data. b) The security problem definition (SPD) of this PP SSCD KI TCSCA contains the security problem definition of the core PP SSCD KI. The SPD for the SSCD KI TCSCA is described by the same threats, organisational security policies and assumptions as for the TOE in core PP SSCD KI. c) The security objectives for the TOE in this PP SSCD KI TCSCA include all the security objectives for the TOE of the core PP SSCD KI and add the security objective OT.TOE_TC_VAD_Imp (Trusted channel of TOE for VAD import) and OT.TOE_TC_DTBS_Imp (Trusted channel for DTBS). d) The security objectives for the operational environment in this PP SSCD KI TCSCA include all security objectives for the operational environment of the core PP SSCD KI except OE.HI_VAD and OE.DTBS_Protect. This PP adapts OE.HI_VAD and OE.DTBS_Protect to the support provided by the TOE by new security functionality (cf. OT.TOE_TC_VAD_Imp, OT.TOE_TC_DTBS_Imp) provided by the TOE and changes them into OE.HID_TC_VAD_Exp and OE.SCA_TC_DTBS_Exp (cf. 7.2 for details). SIST EN 419211-6:2014



EN 419211-6:2014 (E) 10 e) The SFRs specified in this PP SSCD KI TCSCA includes all security functional requirements (SFRs) specified in the core PP SSCD KI. Additional SFRs address trusted channel between the TOE and the SCA: FDP_UIT.1/DTBS, FTP_ITC.1/VAD and FTP_ITC.1/DTBS. f) This PP SSCD KI TCSCA does not provide completion of all operations left to the ST writer in the core PP SSCD KI. This PP provides refinements for the SFR FIA_UAU.1 of the core PP. g) The SARs specified in this PP SSCD KI TCSCA includes all SAR as specified in the core PP SSCD KI. It does not include additional SAR not included in the core PP SSCD KI. Further information about the relation of this PP and the core PP are given in 6.2, 6.3, 6.4, 7.1.1 and 7.2.1. 5.4 Conformance statement This PP requires strict conformance of the ST or PP claiming conformance to this PP. 6 Security problem definition 6.1 Assets, users and threat agents ISO/IEC 15408 defines assets as entities that the owner of the TOE presumably places value upon. The term “asset” is used to describe the threats in the operational environment of the TOE. The assets of this PP SSCD KI TCSCA are the same as of the core PP SSCD KI [3]. Assets and objects: 1. SCD: private key used to perform an electronic signature operation. The confidentiality, integrity and signatory’s sole control over the use of the SCD shall be maintained. 2. SVD: public key linked to the SCD and used to perform electronic signature verification. The integrity of the SVD when it is exported shall be maintained. 3. DTBS and DTBS/R: set of data, or its representation, which the signatory intends to sign. Their integrity and the unforgeability of the link to the signatory provided by the electronic signature shall be maintained. Users and subjects acting for users: 1. User: End user of the TOE who can be identified as administrator or signatory. The subject S.User may act as S.Admin in the role R.Admin or as S.Sigy in the role R.Sigy. 2. Administrator: User who is in charge to perform the TOE initialisation, TOE personalisation or other TOE administrative functions. The subject S.Admin is acting in the role R.Admin for this user after successful authentication as administrator. 3. Signatory: User who hold the TOE and use it on their own behalf or on behalf of the natural or legal person or entity they represent. The subject S.Sigy is acting in the role R.Sigy for this user after successful authentication as signatory. Threat agents: 1. Attacker: Human or process acting on their behalf located outside the TOE. The main goal of the attacker is to access the SCD or to falsify the electronic signature. The attacker has got a high attack potential and knows no secret. SIST EN 419211-6:2014



EN 419211-6:2014 (E) 11 6.2 Threats This PP includes all threats of the core PP SSCD KI [3]: T.SCD_Divulg, T.SCD_Derive, T.Hack_Phys, T.SVD_Forgery, T.SigF_Misuse, T.DTBS_Forgery and T.Sig_Forgery. This PP does not define any additional threats. 6.3 Organizational security policies This PP includes all organizational security policies of the core PP SSCD KI [3]: P.CSP_Qcert, P.Qsign, P.Sigy_SSCD and P.Sig_Non-Repud. This PP does not define any additional organisational security policies. 6.4 Assumptions This PP includes all assumptions of the core PP SSCD KI [3]: A.CGA, A.SCA and A.CSP. This PP does not define any additional assumptions about the operational environment. 7 Security objectives 7.1 Security objectives for the TOE 7.1.1 Relation to core PP This PP SSCD KI TCSCA includes all security objectives for the TOE as defined in the core PP SSCD KI [3]: OT.Lifecycle_Security, OT.SCD_Auth_Imp, OT.SCD_Secrecy, OT.Sig_Secure, OT.Sigy_SigF, OT.DTBS_Integrity_TOE, OT.EMSEC_Design, OT.Tamper_ID and OT.Tamper_Resistance. This PP defines the following additional security objectives for the TOE: 7.1.2 OT.TOE_TC_VAD_Imp
Trusted channel of TOE for VAD import The TOE shall provide a trusted channel for the protection of the confidentiality and integrity of the VAD received from the HID as needed by the authentication method employed. Application note 1: This security objective for the TOE is partly covering OE.HID_VAD from the core PP. While OE.HID_VAD in the core PP requires only the operational environment to protect VAD, this PP requires the HID and the TOE to implement a trusted channel for the protection of the VAD: the HID exports the VAD and establishes one end of the trusted channel according to OE.HID_TC_VAD_Exp, the TOE imports VAD at the other end of the trusted channel according to OT.TOE_TC_VAD_Imp. Therefore this PP re-assigns partly the VAD protection from the operational environment as described by OE.HID_VAD to the TOE as described by OT.TOE_TC_VAD_Imp and leaves only the necessary functionality by the HID. 7.1.3 OT.TOE_TC_DTBS_Imp Trusted channel of TOE for DTBS import The TOE shall provide a trusted channel to the SCA to detect alteration of the DTBS/R received from the SCA. The TOE shall not generate electronic signatures with the SCD for altered DTBS. Application note 2: This security objective for the TOE is partly covering OE.DTBS_Protect from the core PP. While OE.DTBS_Protect in the core PP requires only the operational environment to protect DTBS, this PP requires the SCA and the TOE to implement a trusted channel for the protection of the DTBS: the SCA exports the DTBS and establishes one end of the trusted channel according to SIST EN 419211-6:2014



EN 419211-6:2014 (E) 12 OE.SCA_TC_DTBS_Exp, the TOE imports DTBS at the other end of the trusted channel according to OT.TOE_TC_DTBS_Imp. Therefore this PP re-assigns partly the DTBS protection from the operational environment as described by OE.DTBS_Protect to the TOE as described by OT.TOE_TC_DTBS_Imp and leaves only the necessary functionality by the SCA. 7.2 Security objectives for the operational environment 7.2.1 Relation to core PP This PP SSCD KI TCSCA includes the security objectives for the operational environment as defined in the core PP SSCD KI [3]: OE.SCD/SVD_Auth_Gen, OE.SCD_Se
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.