BS EN 419241-2:2019

$215.11

Trustworthy Systems Supporting Server Signing – Protection profile for QSCD for Server Signing

Published By	Publication Date	Number of Pages
BSI	2019	78

Guaranteed Safe Checkout

Category: BSI

If you have any questions, feel free to reach out to our online customer service team by clicking on the bottom right corner. We’re here to assist you 24/7.
Email:[email protected]

Description

The scope of proposed 419 241 part 2 (PP TSCM) covers security requirements to reach compliance with Annex II of Regulation No 910/2014 of the remote (qualified TSP operated) parts of the system, other than those relating to Signature Activation Data (SAD) management and the operation of the Signature Activation Protocol (SAP), assuming use of a cryptographic module conforming to EN 419 221-5. EN 419 241 part 2 will be balloted simultaneously with EN 419241 Part 3 Protection profile for Signature Activation Data management and Signature Activation Protocol(PP-SAD+SAP). These two new parts of EN 419 241, used in conjunction with the protection for PP for Cryptographic Module for Trust Services (EN 419 221-5), will contain security requirements for level 2 (sole control) as specified in TS 419 241 in a formal manner aligned with common criteria. These two new parts of EN 419 241, with EN 419 221-5, will support the certification of a system for remote qualified electronic signature or seal creation devices (remote QSCD) which meet the requirements of EU Regulation No 910/2014: The electronic signature creation data can be reliably protected by the legitimate signatory (sole control) against use by others, where the generation and management of the signature creation data is carried out by a qualified trust service provider on behalf of a signatory. The scope of proposed 419 241 part 3 (PP-SAD+SAP) covers security requirements to reach compliance with Annex II of Regulation No 910/2014 on the management of the SAD and the operation of the SAP used to provide sole control of the signatory or seal creator for the remote QSCD signing or sealing functions. The proposed parts 2 and 3 are to be independent of specific authentication mechanism and signature activation protocol to allow maximum flexibility with respect to future solutions and to allow supporting several authentication mechanisms. The proposed part 3 is to take into account: a) potential implementations that require dedicated functional components, owned by the signatory or seal creator, which are for the purposes of ensuring sole control, and b) potential implementations that do not require such dedicated functional components but still ensuring sole control of the signatory or seal creator. The proposed part 3 covers requirements up to the interface to the signatory or seal creator needed for authentication and the interface to the signature creation application for selection, checking and display of data to be signed (e. g. a signature creation application as defined in EN 419 111) while requirements on the signature creation application itself are out of scope. It is proposed that part 3 (PP-SAD+SAP) forms the prime reference for server signing that may be certified according to Regulation No 910/2014 including Annex II, and that this part requires components certified according to part 2 (PP TSCM) and EN 419221-5.

PDF Catalog

PDF Pages	PDF Title
2	undefined
8	1 Scope 2 Normative references 3 Terms, definitions, symbols and abbreviations 3.1 Terms and definitions
9	3.2 Symbols and abbreviations 4 Introduction 4.1 General 4.2 Protection Profile Reference 4.3 Protection Profile Overview 4.3.1 European Legislation 4.4 TOE Overview 4.4.1 General
11	4.4.2 TOE type 4.4.3 TOE life cycle
12	4.4.4 Usage and major security features of the TOE
13	4.4.5 TOE Environment general overview 4.4.6 Available non-TOE hardware/software/firmware 4.4.7 Options 5 Conformance Claim 5.1 CC Conformance Claim
14	5.2 PP Claim 5.3 Conformance Rationale 5.4 Conformance Statement 6 Security Problem Definition 6.1 Assets
16	6.2 Subjects
17	6.3 Threats 6.3.1 General 6.3.2 Enrolment
18	6.3.3 Signer Management 6.3.4 Usage
19	6.3.5 System
20	6.4 Relation between threats and assets
21	6.5 Organisational Security Policies
22	6.6 Assumptions
23	7 Security Objectives 7.1 General 7.2 Security objectives for the TOE 7.2.1 Enrolment 7.2.2 User Management
24	7.2.3 Usage
25	7.2.4 System 7.3 Security Objectives for the Operational Environment
27	7.4 Security Problem Definition and Security Objectives
32	7.5 Rationale for the security objectives 7.5.1 General 7.5.2 Threats and objectives
34	7.5.3 Organizational security policies and objectives 7.5.4 Assumptions and objectives
35	8 Extended Components Definitions 8.1 Class FCS: Cryptographic Support 8.1.1 General 8.1.2 Generation of Random Numbers (FCS_RNG)
36	9 Security Requirements 9.1 Typographical Conventions
37	9.2 Subjects, Objects and Operations
38	9.3 SFRs overview
41	9.4 Security Functional Requirements 9.4.1 Security Audit (FAU)
42	9.4.2 Cryptographic Support (FCS)
44	9.4.3 User Data Protection (FDP)
57	9.4.4 Identification and Authentication (FIA)
59	9.4.5 Security Management (FMT)
63	9.4.6 Protection of the TSF (FPT)
65	9.4.7 Trusted Paths/Channels (FTP)
66	9.5 Security Assurance Requirements
67	10 Rationale 10.1 Security Requirements Rationale
74	10.2 SFR Dependencies 10.2.1 General
76	10.3 Rationales for SARs

Additional information

Status	Under Review
Pages	78
Publication Date	2019-03-07
ISBN	978 0 580 97779 4
Standard Number	BS EN 419241-2:2019
Title	Trustworthy Systems Supporting Server Signing – Protection profile for QSCD for Server Signing
Identical National Standard Of	EN 419241-2:2019
Descriptors	Certification (approval), Cryptography, Algorithms, Computer terminals, Information exchange, Data processing, Data storage protection, Electronic signatures, Data security
Publisher	BSI
Committee	IST/17
ICS Codes	35.030 - IT Security

Preview PDF


PDF Format	Searchable	Printable	Preview Now

BS EN 419241-2:2019

PDF Catalog

Related products