This part of EN 419221 specifies a Protection Profile for cryptographic modules suitable for use by trust service providers supporting electronic signature and electronic sealing operations, certificate issuance and revocation, time stamp operations, and authentication services, as identified by the (EU) No 910\/2014 regulation of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market (eIDAS) in [Regulation]. The Protection Profile also includes optional support for protected backup of keys. The document follows the rules and conventions laid out in Common Criteria part 1 [CC1], Annex B “Specification of Protection Profiles”.<\/p>\n
| PDF Pages<\/th>\n | PDF Title<\/th>\n<\/tr>\n | ||||||
|---|---|---|---|---|---|---|---|
| 2<\/td>\n | undefined <\/td>\n<\/tr>\n | ||||||
| 9<\/td>\n | 1 Scope 2 Normative references <\/td>\n<\/tr>\n | ||||||
| 10<\/td>\n | 3 Terms and definitions 3.1 Terms and definitions <\/td>\n<\/tr>\n | ||||||
| 11<\/td>\n | 3.2 Abbreviations 4 Protection Profile 4.1 General <\/td>\n<\/tr>\n | ||||||
| 12<\/td>\n | 4.2 Protection Profile Reference 4.3 Protection Profile Overview 4.3.1 General <\/td>\n<\/tr>\n | ||||||
| 13<\/td>\n | 4.3.2 EU Qualified Electronic Signature \/ Seal Creation Device 4.4 TOE Overview 4.4.1 TOE type 4.4.1.1 General <\/td>\n<\/tr>\n | ||||||
| 16<\/td>\n | 4.4.1.2 Cryptographic Functions <\/td>\n<\/tr>\n | ||||||
| 17<\/td>\n | 4.4.1.3 Key Management <\/td>\n<\/tr>\n | ||||||
| 19<\/td>\n | 4.4.1.4 Cryptographic Algorithms 4.4.1.5 Backup 4.4.1.6 Audit <\/td>\n<\/tr>\n | ||||||
| 20<\/td>\n | 4.4.2 Usage and major security features of the TOE 4.4.2.1 General 4.4.2.2 Use Case 1: Local signing <\/td>\n<\/tr>\n | ||||||
| 21<\/td>\n | 4.4.2.3 Use Case 2: Support for Remote Server Signing 4.4.3 Available non-TOE hardware\/software\/firmware 5 Conformance Claim 5.1 CC Conformance Claim 5.2 PP Claim 5.3 Conformance Rationale <\/td>\n<\/tr>\n | ||||||
| 22<\/td>\n | 5.4 Conformance Statement 6 Security Problem Definition 6.1 Assets 6.2 Subjects 6.3 Threats 6.3.1 General <\/td>\n<\/tr>\n | ||||||
| 23<\/td>\n | 6.3.2 T.KeyDisclose \u2014 Unauthorised disclosure of secret\/private key 6.3.3 T.KeyDerive \u2014 Derivation of secret\/private key 6.3.4 T.KeyMod \u2014 Unauthorised modification of a key 6.3.5 T.KeyMisuse \u2014 Misuse of a key 6.3.6 T.KeyOveruse \u2014 Overuse of a key 6.3.7 T.DataDisclose \u2014 Disclosure of sensitive client application data 6.3.8 T.DataMod \u2014 Unauthorised modification of client application data <\/td>\n<\/tr>\n | ||||||
| 24<\/td>\n | 6.3.9 T.Malfunction \u2014 Malfunction of TOE hardware or software 6.4 Organisational Security Policies 6.4.1 P.Algorithms \u2014 Use of approved cryptographic algorithms 6.4.2 P.KeyControl \u2014 Support for control of keys 6.4.3 P.RNG \u2014 Random Number Generation <\/td>\n<\/tr>\n | ||||||
| 25<\/td>\n | 6.4.4 P.Audit \u2014 Audit trail generation 6.5 Assumptions 6.5.1 A.ExternalData \u2014 Protection of data outside TOE control 6.5.2 A.Env \u2014 Protected operating environment 6.5.3 A.DataContext \u2014 Appropriate use of TOE functions <\/td>\n<\/tr>\n | ||||||
| 26<\/td>\n | 6.5.4 A.UAuth \u2014 Authentication of application users 6.5.5 A.AuditSupport \u2014 Audit data review 6.5.6 A.AppSupport \u2014 Application security support 7 Security Objectives 7.1 General 7.2 Security Objectives for the TOE 7.2.1 General 7.2.2 OT.PlainKeyConf \u2014 Protection of confidentiality of plaintext secret keys 7.2.3 OT.Algorithms \u2014 Use of approved cryptographic algorithms <\/td>\n<\/tr>\n | ||||||
| 27<\/td>\n | 7.2.4 OT.KeyIntegrity \u2014 Protection of integrity of keys 7.2.5 OT.Auth \u2014 Authorization for use of TOE functions and data 7.2.6 OT.KeyUseConstraint \u2014 Constraints on use of keys 7.2.7 OT.KeyUseScope \u2014 Defined scope for use of a key after authorization <\/td>\n<\/tr>\n | ||||||
| 28<\/td>\n | 7.2.8 OT.DataConf \u2014 Protection of confidentiality of sensitive client application data 7.2.9 OT.DataMod \u2014 Protection of integrity of client application data 7.2.10 OT.ImportExport \u2014 Secure import and export of keys 7.2.11 OT.Backup \u2014 Secure backup of user data <\/td>\n<\/tr>\n | ||||||
| 29<\/td>\n | 7.2.12 OT.RNG \u2014 Random number quality 7.2.13 OT.TamperDetect \u2014 Tamper Detection 7.2.14 OT.FailureDetect \u2014 Detection of TOE hardware or software failures 7.2.15 OT.Audit \u2014 Generation of audit trail 7.3 Security Objectives for the Operational Environment 7.3.1 General 7.3.2 OE.ExternalData \u2014 Protection of data outside TOE control <\/td>\n<\/tr>\n | ||||||
| 30<\/td>\n | 7.3.3 OE.Env \u2014 Protected operating environment 7.3.4 OE.DataContext \u2014 Appropriate use of TOE functions 7.3.5 OE.Uauth \u2014 Authentication of application users 7.3.6 OE.AuditSupport \u2014 Audit data review <\/td>\n<\/tr>\n | ||||||
| 31<\/td>\n | 7.3.7 OE.AppSupport \u2014 Application security support 8 Extended Components Definitions 8.1 Generation of random numbers (FCS_RNG) 8.1.1 General 8.1.2 Family behaviour 8.1.3 Component levelling <\/td>\n<\/tr>\n | ||||||
| 32<\/td>\n | 8.2 Basic TSF Self Testing (FPT_TST_EXT.1) 8.2.1 General 8.2.2 Family behaviour 8.2.3 Component levelling <\/td>\n<\/tr>\n | ||||||
| 33<\/td>\n | 9 Security Requirements 9.1 General 9.2 Typographical Conventions 9.3 SFR Architecture 9.3.1 SFR Relationships <\/td>\n<\/tr>\n | ||||||
| 35<\/td>\n | 9.3.2 SFRs and the Key Lifecycle <\/td>\n<\/tr>\n | ||||||
| 37<\/td>\n | 9.4 Security Functional Requirements 9.4.1 General 9.4.2 Cryptographic Support (FCS) <\/td>\n<\/tr>\n | ||||||
| 40<\/td>\n | 9.4.3 Identification and authentication (FIA) <\/td>\n<\/tr>\n | ||||||
| 43<\/td>\n | 9.4.4 User data protection (FDP) <\/td>\n<\/tr>\n | ||||||
| 49<\/td>\n | 9.4.5 Trusted path\/channels (FTP) <\/td>\n<\/tr>\n | ||||||
| 51<\/td>\n | 9.4.6 Protection of the TSF (FPT) <\/td>\n<\/tr>\n | ||||||
| 53<\/td>\n | 9.4.7 Security management (FMT) <\/td>\n<\/tr>\n | ||||||
| 60<\/td>\n | 9.4.8 Security audit data generation (FAU) <\/td>\n<\/tr>\n | ||||||
| 62<\/td>\n | 9.5 Security Assurance Requirements 9.5.1 General <\/td>\n<\/tr>\n | ||||||
| 63<\/td>\n | 9.5.2 Refinements of Security Assurance Requirements <\/td>\n<\/tr>\n | ||||||
| 67<\/td>\n | 10 Rationales 10.1 Security Objectives Rationale 10.1.1 Security Objectives Coverage <\/td>\n<\/tr>\n | ||||||
| 68<\/td>\n | 10.1.2 Security Objectives Sufficiency 10.1.2.1 General 10.1.2.2 Threats <\/td>\n<\/tr>\n | ||||||
| 69<\/td>\n | 10.1.2.3 Organisational Security Policies <\/td>\n<\/tr>\n | ||||||
| 70<\/td>\n | 10.1.2.4 Assumptions 10.2 Security Requirements Rationale 10.2.1 Security Requirements Coverage <\/td>\n<\/tr>\n | ||||||
| 72<\/td>\n | 10.2.2 SFR Dependencies <\/td>\n<\/tr>\n | ||||||
| 74<\/td>\n | 10.2.3 Rationale for SARs <\/td>\n<\/tr>\n | ||||||
| 75<\/td>\n | 10.2.4 AVA_VAN.5 Advanced methodical vulnerability analysis <\/td>\n<\/tr>\n | ||||||
| 76<\/td>\n | Annex A (informative)Mapping to Regulation (EU) 910\/2014 <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":" Protection Profiles for TSP Cryptographic Modules – Cryptographic Module for Trust Services<\/b><\/p>\n |