DOCSLIB.ORG

Idmove V4 on Infineon in PACE Configuration with AA And/Or CA in Option Product

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Idmove V4 on Infineon in PACE Configuration with AA And/Or CA in Option Product IDmove v4 on Infineon in PACE configuration with AA and/or CA in option Public Security Target Public PUBLIC About IDEMIA OT-Morpho is now IDEMIA, the global leader in trusted identities for an increasingly digital world, with the ambition to empower citizens and consumers alike to interact, pay, connect, travel and vote in ways that are now possible in a connected environment. Securing our identity has become mission critical in the world we live in today. By standing for Augmented Identity, we reinvent the way we think, produce, use and protect this asset, whether for individuals or for objects. We ensure privacy and trust as well as guarantee secure, authenticated and verifiable transactions for international clients from Financial, Telecom, Identity, Security and IoT sectors. With close to €3bn in revenues, IDEMIA is the result of the merger between OT (Oberthur Technologies) and Safran Identity & Security (Morpho). This new company counts 14,000 employees of more than 80 nationalities and serves clients in 180 countries. | For more information, visit www.idemia.com / Follow @IdemiaGroup on Twitter © IDEMIA. All rights reserved. Specifications and information are subject to change without notice. The products described in this document are subject to continuous development and improvement. All trademarks and service marks referred to herein, whether registered or not in specific countries, are the properties of their respective owners. - Printed versions of this document are uncontrolled - 2/115 Security Target Public PUBLIC APPROVAL Name Position Date - Signature CRON-SILVY, Julien Author Approuver FQR 110 9128 Issue 2 par Julien CRON-SILVY le 15-07-2019.msg BOUDINEAU, Jérôme Product Manager Approuver FQR 110 9128 Issue 2 par Jerome BOUDINEAU le 18-07-2019.msg 3/115 Security Target PUBLIC DOCUMENT REVISION Date Revision Modification Modified by 2019/03/21 0.1 Creation CRON-SILVY Julien 2019/03/26 1.0 Approve Issue 1 of the document CRON-SILVY Julien 2019/05/24 1.1 §2.1.2: Update OS Commercial Version to 090804 and CRON-SILVY Julien OS Unique Identifier to 3C1D. §10: Update [IC_ST] reference 2019/06/20 1.2 §10: Update [TR_03111], [IC_ST], [IC_CERT] & CRON-SILVY Julien [IC_PPM] references §10: Add [ISO_9796_2] §7.1.2.3: Update FCS_COP.1.1/SIG_GEN referenced standards 2019/07/18 2 Approve Issue 2 of the document CRON-SILVY Julien 4/115 Security Target PUBLIC TABLE OF CONTENT 1 GENERAL ............................................................................................................13 1.1 Introduction ........................................................................................................ 13 1.2 Product overview ................................................................................................ 13 2 ST INTRODUCTION ..............................................................................................14 2.1 ST reference and TOE reference ............................................................................ 14 2.1.1 ST reference ................................................................................................. 14 2.1.2 TOE reference ............................................................................................... 14 2.1.3 IC identification............................................................................................. 14 2.1.4 TOE Delivered Parts ....................................................................................... 15 2.2 TOE overview ...................................................................................................... 16 2.2.1 Usage and major security features of the TOE .................................................. 16 2.2.2 TOE type ...................................................................................................... 19 2.2.3 TOE life cycle ................................................................................................ 20 2.2.3.1 Life cycle overview ..................................................................................................... 20 2.2.3.2 Life cycle phases ........................................................................................................ 22 2.2.4 Required non-TOE hardware/Software/firmware ............................................. 24 2.3 TOE description ................................................................................................... 25 2.3.1 TOE Architecture ........................................................................................... 25 2.3.2 Integrated Circuit .......................................................................................... 26 2.3.3 Low layer ..................................................................................................... 27 2.3.3.1 IDEMIA Basic Input/Output System (BIOS) ................................................................... 27 2.3.3.2 IDEMIA Cryptographic library (Crypto) ........................................................................ 27 2.3.4 Platform layer ............................................................................................... 27 2.3.4.1 Services .................................................................................................................... 27 2.3.5 Authentication Protocols ............................................................................... 28 2.3.5.1 Terminal Authentication (TA) ...................................................................................... 28 2.3.5.2 Chip Authentication (CA) ............................................................................................ 28 2.3.5.3 Password Authenticated Connection Establishment (PACE v2) ...................................... 28 2.3.5.4 Active Authentication (AA) ......................................................................................... 28 2.3.6 Application layer ........................................................................................... 29 2.3.6.1 Start-Up and Applications Manager (Boot) .................................................................. 29 2.3.6.2 Application Creation Engine (ACRE) ............................................................................. 29 2.3.6.3 Resident Application (RA) ........................................................................................... 29 5/115 Security Target PUBLIC 2.3.6.4 Machine Readable Travel Document (MRTD) ............................................................... 29 3 CONFORMANCE CLAIMS ......................................................................................30 3.1 Common Criteria conformance ............................................................................. 30 3.2 Protection Profile conformance ............................................................................ 31 3.2.1 Overview...................................................................................................... 31 3.2.2 Assumptions ................................................................................................. 31 3.2.3 Threats ........................................................................................................ 32 3.2.4 Organizational Security Policies ...................................................................... 32 3.2.5 Security Objectives ........................................................................................ 33 4 SECURITY PROBLEM DEFINITION ..........................................................................34 4.1 Assets ................................................................................................................. 34 4.1.1 Overview...................................................................................................... 34 4.1.2 User data stored on the TOE........................................................................... 34 4.1.2.1 Personal Data ............................................................................................................ 34 4.1.2.2 EF.COM ..................................................................................................................... 34 4.1.3 User data transferred between the TOE and the terminal connected .................. 35 4.1.4 MRTD tracing data ........................................................................................ 35 4.1.5 Accessibility to the TOE functions and data only for authorised subjects ............. 35 4.1.6 Genuineness of the TOE ................................................................................. 35 4.1.7 TOE intrinsic secret cryptographic keys ............................................................ 35 4.1.7.1 Chip Authentication Private Key (CA_SK) ..................................................................... 35 4.1.7.2 Active Authentication Private Key (AA_SK) ................................................................... 35 4.1.7.3 Secure Messaging session keys (Session_K).................................................................. 35 4.1.7.4 PACE session keys (PACE-Kmac, PACE-Kenc) ................................................................ 35 4.1.7.5 Ephemeral private key PACE (ephem-Skpicc-PACE) ....................................................... 35 4.1.8 TOE intrinsic non secret cryptographic material ................................................ 36 4.1.8.1 EF.SOD ...................................................................................................................... 36 4.1.8.2 Chip Authentication
Load more

Recommended publications
  • SIGMA RANGE Contact Fingerprint Access Control Devices
    SIGMA RANGE Contact fingerprint access control devices IGMA RANGE is a multi-device family for fingerprint access control and time & attendance recording. Building upon S IDEMIA’s successes in biometrics, SIGMA devices offer unprecedented accuracy, reliability and cost-effective solutions for leveraging biometric security within private or public organizations. SIGMA Lite SIGMA Lite+ Benefits Designed for access control, Engineered with the same form SIGMA Lite is a slim and powerful factor as SIGMA Lite, SIGMA fingerprint reader that fits to Lite+ includes an additional Cutting-edge door and window frames, server 2.8” touchscreen for extended technology rack doors or turnstiles. This cost- features such as recording time & effective version guides users with attendance, In & Out function keys, Consistently achieving top-tier a simple LED indicator. PIN code, intuitive icons and live performance in NIST evaluations, messages. IDEMIA provides customers with a wealth of expertise in biometrics combining high-speed processing SIGMA Wide SIGMA Extreme devices that can support large Offering the best user experience Designed for harsh environments databases. with a 5” touchscreen, SIGMA Wide and weather conditions, this is optimized for time & attendance ruggedized version provides an IK09 protection for outdoors management. It is undoubtedly installation at labor-intensive sites the most flexible fingerprint device such as industrial plants, mines, Security and privacy for displaying company content (vi- seaports and airports. SIGMA Our devices provide fake finger deos, wallpapers), and proactively Extreme offers a larger fingerprint detection and prevent duress promoting corporate branding. sensor with unique and patented finger authentication for fake fingerprint detection. maximum access control security.
    [Show full text]
  • Who's Behind ICE: Tech and Data Companies Fueling Deportations
    Who’s Behind ICE? The Tech Companies Fueling Deportations Tech is transforming immigration enforcement. As advocates have known for some time, the immigration and criminal justice systems have powerful allies in Silicon Valley and Congress, with technology companies playing an increasingly central role in facilitating the expansion and acceleration of arrests, detentions, and deportations. What is less known outside of Silicon Valley is ​ the long history of the technology industry’s “revolving door” relationship with federal agencies, how the technology industry and its products and services are now actually circumventing city- and state-level protections for vulnerable communities, and what we can do to expose and hold these actors accountable. Mijente, the National Immigration Project, and the Immigrant Defense Project — immigration and ​ ​ ​ ​ ​ Latinx-focused organizations working at the intersection of new technology, policing, and immigration — commissioned Empower LLC to undertake critical research about the multi-layered technology ​ ​ infrastructure behind the accelerated and expansive immigration enforcement we’re seeing today, and the companies that are behind it. The report opens a window into the Department of Homeland Security’s (DHS) plans for immigration policing through a scheme of tech and database policing, the mass scale and scope of the tech-based systems, the contracts that support it, and the connections between Washington, D.C., and Silicon Valley. It surveys and investigates the key contracts that technology companies have with DHS, particularly within Immigration and Customs Enforcement (ICE), and their success in signing new contracts through intensive and expensive lobbying. Targeting Immigrants is Big Business Immigrant communities and overpoliced communities now face unprecedented levels of surveillance, detention and deportation under President Trump, Attorney General Jeff Sessions, DHS, and its sub-agency ICE.
    [Show full text]
  • Morphowave™ Compact Contactless Access Everywhere
    MorphoWave™ Compact Contactless access everywhere MorphoWave™ Compact is a unique solution for frictionless fingerprint access control. This masterpiece of engineering delivers the award- winning, field-proven performance of MorphoWave™ contactless 3D WINNER fingerprint scanning technology in a stylish and compact casing, suitable 2018 ISC WEST for any location. Benefits Convenience & security Users are positively identified with a simple, hygienic contactless wave of the hand. The patented touchless sensor performs a 3D scan and verification of 4 fingers in less than 1 second up to 100,000 users, ensuring the most accurate and reliable fingerprint matching, for maximum security. High throughput The speed of the touchless scan and verification, allowed by the use of advanced algorithms leveraging AI, enables users to remain in motion while being identified. The unrivaled throughput (up to 50 people per minutes) provides more user convenience and increased productivity, as employees will not have to spend time queuing for access or time/attendance. Versatile, easy deployment IP65 rated and PoE+ powered, this compact reader ensures that MorphoWave™ technology can be deployed at every Why IDEMIA? location, indoor or outdoor, on a turnstile, a door or a speedgate. With more than 40 years of expertise, make us the par- MorphoWave™ Compact is already experience in biometrics tner of choice for the most integrated with more than 25 of the and over 4 billion fingerprints prestigious organizations. industry’s leading access control systems managed worldwide, IDEMIA and speedgates/turnstiles vendors. gets top-tier performance in IDEMIA’s solutions, encompas- independent tests worldwide sing contact and contactless (such as NIST1 evaluations) fingerprint, hybrid vein/print Multifactor authentication and is thus the undisputed and facial recognition readers, leader in biometric techno- have been deployed in more In addition to biometrics, MorphoWave™ logies.
    [Show full text]
  • Morphotablet™ 2I by IDEMIA
    MorphoTablet™ 2i BY IDEMIA Harnessing the power of 3 biometrics for mobile enrolment, authentication and identification 8” touchscreen tablet 13 MP camera with 2MP infrared camera Contact smart with incorporated FBI dual LED for face with dual infrared card reader PIV IQS and STQC capture, 1D/2D LED for iris capture certified optical barcode and MRZ fingerprint sensor reading Contactless smart Signature Embedded security 4G, Wi-Fi and card and e-passport capture features Bluetooth reader MORPHOtaBLET™ 2 i BY IDEMIA Harnessing the power Biometrics is by far the most convenient and reliable means to identify and authenticate people. For law enforcement, border control, civil enrolment and elections, or firms that of 3 biometrics for want to check employee/visitor IDs, the use of mobile devices for fingerprint and facial mobile enrolment, recognition has already proved invaluable. authentication and Today, IDEMIA has taken that solution to a new level. MorphoTablet™ 2i by IDEMIA identification enables improved universality and security by including all three biometrics in one mobile terminal: fingerprint, facial, and now iris. The 8” touchscreen Android tablet draws on IDEMIA’s leadership in iris recognition algorithms, ranked #1 for their accuracy and speed (NIST – IREX IV), to ensure seamless enrolment, ID verification and identification on the spot. Typical use cases REGISTRATION ELECTIONS ID DOCUMENT ISSUANCE On site capture of citizens’ data to build Voter’s authentication to check his/her Citizen’s authentication to issue or civil registry, electoral database, etc. presence in the list of electors and renew his/her e-documents ensure one single vote per person e-KYC TIME & ATTENDANCE ACCESS CONTROL Customer identity verification Paperless clock in/out in temporary/ Employees’ ID checks by mobile for digital on-boarding (mobile phone moving environments (construction site, security staff (e.g.
    [Show full text]
  • Digitization of ID Documents for the Republic of Albania .Pdf
    Public Security Digitization of & Identity ID Documents for the Republic of Albania The Albanian government chose IDEMIA, the leader in Augmented Identity, to provide a modern identity management system and deliver secure biometric passports and national ID cards to its citizens. IDEMIA’s 40 years of expertise in identity management and biometrics have enabled Albanians to enter the EU Schengen Area without a visa. ALBANIA Population (2019 est.): 2.8 million Land surface: 728,748 km2 Total nominal GDP (2018 est.): 15.1 billion USD Independence: November 1912 Key industries: The strongest industries in Albania are metallurgy, energy, tourism, agriculture, and textile. Interesting fact: Eight different languages are spoken in Albania, with Albanian being the official language. Background and First Contract The implementation of electronic ID documents such as passports and ID cards help governments create a safer environment for their citizens. Albania wants the most secure and modern ID system, especially as Albanian ID cards are compulsory for citizens over the age of 16. Furthermore, secure ID documents are needed for the country’s discussions with the EU. Albania is awaiting the green light to open the discussion before becoming a potential EU member. Being an EU member would facilitate its economic and cultural exchanges. In 2008, the Albanian government signed a concession contract with IDEMIA for an end-to-end identity management solution, from the design and personalization to the management of citizen enrollment and identity document distribution. IDEMIA established Aleat – a joint venture with AAEF (Albanian-American Enterprise Fund) in order to meet the precise project demands and timeline.
    [Show full text]
  • The Role of Security and Defence Companies in EU Migration And
    The role of security and defence companies in EU migration and border control and the impact on the protection of the rights of refugees, migrants and asylum seekers 1 Contemporary border control and migration management policies and practices of the European Union are structured within a framework characterised by an intimate collaboration between public and private interests, with public interests broadly represented by EU agencies and member states, and private interests by security and defence companies, lobbying consultancies, law firms, universities and research institutes. Particularly defining about the public-private collaboration is the increased reliance on advanced and innovative border technologies which are developed and deployed with the dual aim of controlling irregular migration, and simultaneously, sealing off and securing the European borders. These advanced and innovative border technologies range from pre-screening technologies like biometrics comprising of facial features and fingerprints, to land and maritime surveillance by technologically advanced systems like early warning radar systems and unmanned aerial vehicles (UAVs) that can detect suspicious movements or vessels from a certain distance. This has created a market for technologically advanced software, technologies and equipment that is shaped, supported and provided primarily by major security and defence companies such as Airbus (formerly known as EADS and henceforth Airbus/EADS), Finmeccanica (now known as Leonardo), Thales, BAE Systems, and Safran, in collaboration with software companies, universities, research centres and think-tanks making migration control a profitable and viable option. With the War on Terror having translated into a War on Immigrants there is a conflation of security with migration and border control.
    [Show full text]
  • Case Study of Iraq and Afghanistan
    BIOMETRICS AND COUNTER-TERRORISM Case study of Iraq and Afghanistan May 2021 privacyinternational.org Biometrics for counter-terrorism: Case study of the US military in Iraq and Afghanistan Author This report was compiled by Nina Toft Djanegara, PhD Student, Department of Anthropology, Stanford University, in collaboration with Privacy International 1 Biometrics for counter-terrorism: Case study of the US military in Iraq and Afghanistan ABOUT PRIVACY INTERNATIONAL Governments and corporations are using technology to exploit us. Their abuses of power threaten our freedoms and the very things that make us human. That’s why Privacy International campaigns for the progress we all deserve. We’re here to protect democracy, defend people’s dignity, and demand accountability from the powerful institutions who breach public trust. After all, privacy is precious to every one of us, whether you’re seeking asylum, fighting corruption, or searching for health advice. So, join our global movement today and fight for what really matters: our freedom to be human. Open access. Some rights reserved. Privacy International wants to encourage the circulation of its work as widely as possible while retaining the copyright. Privacy International has an open access policy which enables anyone to access its content online without charge. Anyone can download, save, perform or distribute this work in any format, including translation, without written permission. This is subject to the terms of the Creative Commons Licence Deed: Attribution-Non- Commercial-No Derivative Works 2.0 UK: England & Wales. Its main conditions are: • You are free to copy, distribute, display and perform the work; • You must give the original author (‘Privacy International’) credit; • You may not use this work for commercial purposes; You are welcome to ask Privacy International for permission to use this work for purposes other than those covered by the licence.
    [Show full text]
  • Idemia Travel Documents Solutions
    IDEMIA Travel Public Documents Security & Identity Solutions 2 IDEMIA TRAVEL DOCUMENTS SOLUTIONS IDEMIA’s vision IDEMIA for new generation ePassports 21st century governments worldwide must meet the challenges of border security. They must guarantee high security whilst smoothing traveler flow and reducing queues. In recent ePassport years, ePassports have become increasingly popular with 138 governments adopting this innovative ID technology. In 2018, 85% of all passports issued were electronic. Solution This is a problem for the infrastructure needed to process ePassport holders securely and smoothly. Automated document inspection is the key to this but reader capacity and speed cause bottlenecks. Universally machine-readable travel documents are needed on a large scale and these need to provide the security and privacy demanded by ICAO specifications and primarily by citizens. A solution is needed now. The answer to the Border Control Challenges IDEMIA ePassport Solution is an The result is that 3 vital questions will be technology approach to automated electronic document that offers answered in that time: document verification and answers unique features. Incorporating data › Is the document authentic? to many of the challenges facing busy storage for a fully ICAO compliant travel › Has the document been altered? border crossings. IDEMIA ePassport document, it is the ultimate medium › Is the person presenting the Solution provides state-of-the-art for a truly secure, contactless, biometric document its authorized holder? electronic security documents with ePassport. ICAO PACE mechanism. IDEMIA’s ePassport Solution can be IDEMIA ePassport Solution enables verified rapidly, securely and without electronic document readers to perform compromising any personal privacy verification in less than 3 seconds.
    [Show full text]
  • Morphomanager User Manual.Pdf
    version: 11.2.0 User Manual MorphoManager User Manual Contents Introduction ...................................................................................................................................... 6 Support ............................................................................................................................................. 6 Overview ........................................................................................................................................... 7 What is a client? .......................................................................................................................................... 7 What is a server? ......................................................................................................................................... 7 What is a fingerprint enrollment device? .................................................................................................... 7 What is a Biometric Device? ........................................................................................................................ 8 Setting up MorphoManager ............................................................................................................. 9 Computer hardware requirements: ............................................................................................................ 9 Supported Operating Systems: .................................................................................................................... 9 Installation
    [Show full text]
  • 2017 REGISTRATION DOCUMENT Including the Annual Financial Report CONTENTS
    2017 REGISTRATION DOCUMENT including the Annual Financial Report CONTENTS MESSAGE FROM THE CHAIRMAN OF THE BOARD 5 CORPORATE SOCIAL RESPONSIBILITY 191 OF DIRECTORS AND THE CHIEF EXECUTIVE OFFICER 2 Introduction: CSR policies and corporate strategy 193 GROUP PROFILE 4 5.1 Social information 196 5.2 Human resources information 206 5.3 Environmental information 214 1 PRESENTATION OF THE GROUP 9 5.4 CSR reporting methodology and 1.1 Safran overview 11 independent third-party report 218 1.2 Group strategy 16 1.3 Group businesses 17 6 CORPORATE GOVERNANCE 225 1.4 Competitive position 31 6.1 Safran's corporate governance structure 227 1.5 Research and development 31 6.2 Membership structure of the Board 1.6 Industrial investments 36 of Directors 229 1.7 Sites and production plants 38 6.3 Operating procedures and work of the Board of Directors and the Board 1.8 Group purchasing policy 39 Committees 255 1.9 Safran quality performance and policy 40 6.4 Application of the AFEP-MEDEF Corporate Governance Code 264 2 REVIEW OF OPERATIONS IN 2017 6.5 Directors’ interests in the Company’s share capital 265 AND OUTLOOK FOR 2018 43 6.6 Compensation policy for corporate 2.1 Comments on the Group’s performance officers and Directors and compensation in 2017 based on adjusted data 45 and benefits awarded 266 Comments on the consolidated financial 2.2 6.7 Cross-reference table for the corporate statements 61 governance report prepared in accordance 2.3 Comments on the parent company with Article L.225-37 of the French financial tatementss 64 Commercial Code
    [Show full text]