Identity Applet V3.4 / QSCD on NXP JCOP 4

Identity Applet V3.4 / QSCD on NXP JCOP 4

Ministero dello Sviluppo Economico Direzione generale per le tecnologie delle comunicazioni e la sicurezza informatica Istituto Superiore delle Comunicazioni e delle Tecnologie dell'Informazione Schema nazionale per la valutazione e certificazione della sicurezza di sistemi e prodotti ICT (DPCM del 30 ottobre 2003 - G.U. n. 93 del 27 aprile 2004) Certificato n. 11/20 (Certification No.) Prodotto: IDentity Applet v3.4/QSCD on NXP JCOP 4 P71 (Product) Sviluppato da: ID&Trust Ltd. (Developed by) Il prodotto indicato in questo certificato è risultato conforme ai requisiti dello standard ISO/IEC 15408 (Common Criteria) v. 3.1 per il livello di garanzia: The product identified in this certificate complies with the requirements of the standard ISO/IEC 15408 (Common Criteria) v. 3.1 for the assurance level: EAL4+ (AVA_VAN.5) Il Direttore (Dott.ssa Eva Spina) [ORIGINAL DIGITALLY SIGNED] Roma, 28 ottobre 2020 Fino a EAL2 (Up to EAL2) Fino a EAL4 (Up to EAL4) This page is intentionally left blank Page 2 of 31 OCSI/CERT/SYS/07/2016/RC Ver. 1.0 Ministero dello Sviluppo Economico Direzione generale per le tecnologie delle comunicazioni e la sicurezza informatica Istituto Superiore delle Comunicazioni e delle Tecnologie dell'Informazione Certification Report IDentity Applet v3.4/QSCD on NXP JCOP 4 P71 OCSI/CERT/SYS/07/2016/RC Version 1.0 28 October 2020 Page 3 of 31 OCSI/CERT/SYS/07/2016/RC Ver. 1.0 Courtesy translation Disclaimer: this translation in English language is provided for informational purposes only; it is not a substitute for the official document and has no legal value. The original Italian language version of the document is the only approved and official version. Page 4 of 31 OCSI/CERT/SYS/07/2016/RC Ver. 1.0 1 Document revisions Version Author Information Date 1.0 OCSI First issue 28/10/2020 Page 5 of 31 OCSI/CERT/SYS/07/2016/RC Ver. 1.0 2 Table of contents 1 Document revisions ........................................................................................................ 5 2 Table of contents ............................................................................................................ 6 3 Acronyms ........................................................................................................................ 8 4 References.................................................................................................................... 10 4.1 Criteria and regulations ........................................................................................ 10 4.2 Technical documents ........................................................................................... 11 5 Recognition of the certificate ........................................................................................ 12 5.1 European Recognition of CC Certificates (SOGIS-MRA) ................................... 12 5.2 International Recognition of CC Certificates (CCRA) ......................................... 12 6 Statement of Certification ............................................................................................. 13 7 Summary of the evaluation .......................................................................................... 15 7.1 Introduction ........................................................................................................... 15 7.2 Executive summary .............................................................................................. 15 7.3 Evaluated product ................................................................................................ 15 7.3.1 TOE Architecture ............................................................................................. 17 7.3.2 TOE security features...................................................................................... 18 7.4 Documentation ..................................................................................................... 20 7.5 Protection Profile conformance claims ................................................................ 20 7.6 Functional and assurance requirements ............................................................. 20 7.7 Evaluation conduct ............................................................................................... 20 7.8 General considerations about the certification validity ........................................ 21 8 Evaluation outcome ...................................................................................................... 22 8.1 Evaluation results ................................................................................................. 22 8.2 Additional assurance activities ............................................................................. 23 8.3 Recommendations ............................................................................................... 24 9 Annex A – Guidelines for the secure usage of the product ......................................... 25 9.1 TOE Delivery ........................................................................................................ 25 9.2 Installation, initialization and secure usage of the TOE ...................................... 25 10 Annex B – Evaluated configuration .............................................................................. 27 11 Annex C – Test activity ................................................................................................. 28 Page 6 of 31 OCSI/CERT/SYS/07/2016/RC Ver. 1.0 11.1 Test configuration ................................................................................................. 28 11.2 Functional tests performed by the Developer...................................................... 28 11.2.1 Testing approach ............................................................................................. 28 11.2.2 Test coverage .................................................................................................. 29 11.2.3 Test results ...................................................................................................... 29 11.3 Functional and independent tests performed by the Evaluators ........................ 29 11.4 Vulnerability analysis and penetration tests ........................................................ 29 Page 7 of 31 OCSI/CERT/SYS/07/2016/RC Ver. 1.0 3 Acronyms AES Advanced Encryption Standard API Application Programming Interface CC Common Criteria CCRA Common Criteria Recognition Arrangement CEM Common Evaluation Methodology CGA Certificate Generation Application CRS Certificate Request Signature CSP Certification Service Provider DES Data Encryption Standard DPCM Decreto del Presidente del Consiglio dei Ministri DTBS/R Data To Be Signed / Representation EAL Evaluation Assurance Level ECC Elliptic Curve Cryptography ECDSA Elliptic Curve Digital Signature Algorithm eIDAS electronic IDentification Authentication and Signature eMRTD Electronic Machine Readable Travel Document ETR Evaluation Technical Report GP Global Platform HW Hardware ICAO International Civil Aviation Organization IC Integrated Circuit IT Information Technology JCOP Java Card Open Platform JCRE Java Card Runtime Environment JCVM Java Card Virtual Machine Page 8 of 31 OCSI/CERT/SYS/07/2016/RC Ver. 1.0 LGP Linea Guida Provvisoria LVS Laboratorio per la Valutazione della Sicurezza MMU Memory Management Unit NIS Nota Informativa dello Schema OCSI Organismo di Certificazione della Sicurezza Informatica OS Operating System PIN Personal Identification Number PKCC Public Key Crypto Coprocessor PP Protection Profile QSCD Qualified Signature Creation Device QTSP Qualified Trust Service Provider RAD Reference Authentication Data RAM Random Access Memory RSA Rivest, Shamir, Adleman SAR Security Assurance Requirement SCA Signature Creation Application SCD Signature Creation Data SFR Security Functional Requirement SOGIS Senior Officials Group Information Systems Security ST Security Target SVD Signature Verification Data SW Software TOE Target of Evaluation TSF TOE Security Functionality TSFI TSF Interface Page 9 of 31 OCSI/CERT/SYS/07/2016/RC Ver. 1.0 4 References 4.1 Criteria and regulations [CC1] CCMB-2017-04-001, “Common Criteria for Information Technology Security Evaluation, Part 1 – Introduction and general model”, Version 3.1, Revision 5, April 2017 [CC2] CCMB-2017-04-002, “Common Criteria for Information Technology Security Evaluation, Part 2 – Security functional components”, Version 3.1, Revision 5, April 2017 [CC3] CCMB-2017-04-003, “Common Criteria for Information Technology Security Evaluation, Part 3 – Security assurance components”, Version 3.1, Revision 5, April 2017 [CCRA] “Arrangement on the Recognition of Common Criteria Certificates In the field of Information Technology Security”, July 2014 [CEM] CCMB-2017-04-004, “Common Methodology for Information Technology Security Evaluation – Evaluation methodology”, Version 3.1, Revision 5, April 2017 [eIDAS] Regulation (EU) No. 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC, Official Journal of the European Union L 257, 28 August 2014 [LGP1] Schema nazionale per la valutazione e certificazione della sicurezza di sistemi e prodotti nel settore della tecnologia dell’informazione - Descrizione Generale dello Schema Nazionale - Linee Guida Provvisorie - parte 1 – LGP1 versione 1.0, Dicembre 2004 [LGP2] Schema nazionale per la valutazione e certificazione

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    31 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us