Beruflich Dokumente
Kultur Dokumente
EU Directive 1999/93/EC
! Advanced Electronic Signatures, based
on a Qualified Certificate, created by a
Secure-signature-creation device
! satisfy the legal requirements in relation to data
in electronic form in the same manner as handwritten signature satisfies those requirements
in relation to paper-based data, and
! are admissable as evidence in legal
proceedings
SSCD in context
Qualified
certificate
SVD
Alice
SCA
DTBS
AES
SSCD
SIGN
SCD
SDO
SSCD assets
!
!
!
!
!
!
SCD confidentiality
SVD integrity when exported
DTBS and DTBS representation integrity
VAD Confidentiality and authenticity
RAD Integrity and confidentiality
Signature-creation function using SCD
SFR for
EID Applet
Trusted ICC
Trusted JCVM
Trusted EID Applet
Integration
SFR for
JCVM
EAL4 Augmented
Composite
Java-based
SSCD
Assume
ICC
COS
Applet
Key
Management
RNG
CE
API
AC
Cryptography
CE
API
AC
non-std paddings
Applet
Separation
MMU
FIREWALL
Shareable
Interface
Secure
Messaging
DES
CE
API
SM
MMU
API
PIN
PUK
Identification &
Authentication
ICC
JCVM
FCS_CKM.1
RNG, CE
FCS_CKM.4
MMU
(X)
FDP_RIP.1
MMU
APDU
FDP_SDI.2/
persistent
atomic write
atomic write
FPT_FLS.1
sensors, SW CRC
checksums, ATR
exception
handling
FPT_TST.1
CE
(X)
FPT_EMSEC.1
FPT_PHP.1, .3
Applet
ICC
JCVM
Applet
(X)
FCS_COP.1/
Signing
CE
(padding,
hashing)
FCS_COP.1/
Correspondence
CE
(X)
atomic write,CRC
atomic write
self test
FPT_FLS.1
sensors, SW CRC
checksums, ATR
exception
handling
FPT_TST.1
CE
(X)
FCS_COP.1/ DES,
RSA, SHA-1
FDP_SDI.2/ DTBS
FIA_AMT.1
FPT_EMSEC.1
FPT_PHP.1, .3
ICC
JCVM
Applet
(MMU)
(X)
FDP_ACC.2/ FW
MMU
SI
FDP_ACF.1/ FW,
JCRE, Transient,
SSCD
MMU
SI
FDP_RIP.1
(MMU)
APDU
FPT_SEP.1
MMU, MED
FDP_ACC.1/ SSCD
FPT_RVM.1
FDP_SDI.2/
Persistent
atomic write
atomic write
FPT_FLS.1
sensors, SW CRC
checksums, ATR
(X)
FPT_PHP.1, .3
exception
handling
ICC
JCVM
Applet
API
FDP_ACF/ACC
for SM
MMU
Firewall
FPT_EMSEC.1
FDP_ITC.1,
FDP_ETC.1
API
FPT_TRP.1
CE, DES
API
FCS_COP.1/
DES, RSA,
SHA-1
ICC
JCVM
atomic write
atomic write
Applet
FIA_AFL.1
FIA_ATD.1
(X)
FIA_UAU, UID
FMT_MOF,
FMT_MSA,
FMT_MTD,
FMT_SMR
Setec implementation
! Organization
! Developer and sponsor: Setec Oy
! Evaluation Facility: T-Systems ISS GmbH
! Certification Facility: BSI Germany
! Components
! ICC Platform: Infineon SLE88
! JCVM/JCRE Component: SetCOS Java
! EID Applet: Not included in the current
evaluation
SetCOS Java
! JCVM/JCRE/VOP component for a SSCD
! CC EAL4+{AVA_MSU.3, AVA_VLA.4} SOF
High
! Development completed 06/2002
! Evaluation completed by 10/2002
! Certification completed by 12/2002
! Final certificate dependant on SLE88
! An evaluated EID Applet required for SSCD
conformance
Infineon SLE88CX720P
!
!
!
!
!
!
!
Conclusions
! Flexibility of modern smart card operating
systems complicates evaluations
! Monolithic PPs can be dealt with as
components
! Co-operation and communication at early
stages essential
! Pay attention to component interfaces
! Carefull with the conformance claims!
http://www.setec.com
http://www.t-systems-iss.com
http://www.infineon.com/88controller
http://www.cenorm.be/isss
http://www.cenorm.be/isss/CWAs/cwalist.htm
Thank you!
Jussipekka Leiwo, Ph.D.
Senior System Architect, IT Security
Jussipekka.Leiwo@setec.com