欢迎来到麦多课文档分享! | 帮助中心 海量文档,免费浏览,给你所需,享你所想!
麦多课文档分享
全部分类
  • 标准规范>
  • 教学课件>
  • 考试资料>
  • 办公文档>
  • 学术论文>
  • 行业资料>
  • 易语言源码>
  • ImageVerifierCode 换一换
    首页 麦多课文档分享 > 资源分类 > PDF文档下载
    分享到微信 分享到微博 分享到QQ空间

    BS PD CEN TS 419221-3-2016 Protection Profiles for TSP Cryptographic modules Cryptographic module for CSP key generation services《TSP密码模块的保护配置 CSP密匙生成服务用密码模块》.pdf

    • 资源ID:397546       资源大小:3.99MB        全文页数:46页
    • 资源格式: PDF        下载积分:5000积分
    快捷下载 游客一键下载
    账号登录下载
    微信登录下载
    二维码
    微信扫一扫登录
    下载资源需要5000积分(如需开发票,请勿充值!)
    邮箱/手机:
    温馨提示:
    如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
    如需开发票,请勿充值!如填写123,账号就是123,密码也是123。
    支付方式: 支付宝扫码支付    微信扫码支付   
    验证码:   换一换

    加入VIP,交流精品资源
     
    账号:
    密码:
    验证码:   换一换
      忘记密码?
        
    友情提示
    2、PDF文件下载后,可能会被浏览器默认打开,此种情况可以点击浏览器菜单,保存网页到桌面,就可以正常下载了。
    3、本站不支持迅雷下载,请使用电脑自带的IE浏览器,或者360浏览器、谷歌浏览器下载即可。
    4、本站资源下载后的文档和图纸-无水印,预览文档经过压缩,下载后原文更清晰。
    5、试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。

    BS PD CEN TS 419221-3-2016 Protection Profiles for TSP Cryptographic modules Cryptographic module for CSP key generation services《TSP密码模块的保护配置 CSP密匙生成服务用密码模块》.pdf

    1、PD CEN/TS 419221-3:2016 Protection Profiles for TSP Cryptographic modules Part 3: Cryptographic module for CSP key generation services BSI Standards Publication WB11885_BSI_StandardCovs_2013_AW.indd 1 15/05/2013 15:06PD CEN/TS 419221-3:2016 PUBLISHED DOCUMENT National foreword This Published Documen

    2、t is the UK implementation of CEN/TS 419221-3:2016. The UK participation in its preparation was entrusted to Technical Committee IST/17, Cards and personal identification. A list of organizations represented on this committee can be obtained on request to its secretary. This publication does not pur

    3、port to include all the necessary provisions of a contract. Users are responsible for its correct application. The British Standards Institution 2016. Published by BSI Standards Limited 2016 ISBN 978 0 580 92179 7 ICS 35.040; 35.240.30 Compliance with a British Standard cannot confer immunity from l

    4、egal obligations. This Published Document was published under the authority of the Standards Policy and Strategy Committee on 31 July 2016. Amendments issued since publication Date Text affectedPD CEN/TS 419221-3:2016TECHNICAL SPECIFICATION SPCIFICATION TECHNIQUE TECHNISCHE SPEZIFIKATION CEN/TS 4192

    5、21-3 July 2016 ICS 35.040; 35.240.30 Supersedes CWA 14167-3:2004 English Version Protection Profiles for TSP Cryptographic modules - Part 3: Cryptographic module for CSP key generation services Profils de protection pour modules cryptographiques utiliss par les prestataires de services de confiance

    6、- Partie 3 : Module cryptographique utilis par le prestataire de services de certification pour la gnration de cls Schutzprofile fr kryptographische Module von vertrauenswrdigen Dienstanbietern - Teil 3: Kryptographisches Modul fr CSP Schlsselgenerierungsdienste This Technical Specification (CEN/TS)

    7、 was approved by CEN on 8 May 2016 for provisional application. The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to submit their comments, particularly on the question whether the CEN/TS can be converted into a European S

    8、tandard. CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS available promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in parallel to the CEN/TS) until the final de

    9、cision about the possible conversion of the CEN/TS into an EN is reached. CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland

    10、, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG CEN-CENELEC Management Centre

    11、: Avenue Marnix 17, B-1000 Brussels 2016 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. CEN/TS 419221-3:2016 EPD CEN/TS 419221-3:2016 CEN/TS 419221-3:2016 (E) 2 Contents Page European foreword . 3 0 Introduction 4 0.1 General 4 0.2 D

    12、ocument Structure . 5 1 Scope 6 2 Normative references 6 3 Terms and definitions . 6 4 General 6 4.1 PP reference 6 4.2 TOE overview 6 4.2.1 TOE usage and major security features 6 4.2.2 TOE type . 8 4.2.3 Available non-TOE hardware/firmware/software . 8 5 Conformance Claims 8 5.1 CC conformance cla

    13、im . 8 5.2 PP claim 9 5.3 Conformance rationale . 9 5.4 Conformance statement 9 6 Security Problem Definition 9 6.1 TOE assets 9 6.2 Threats . 10 6.3 Organizational security policies . 12 6.4 Assumptions . 13 7 Security Objectives 13 7.1 General . 13 7.2 Security objectives for the TOE . 13 7.3 Secu

    14、rity objectives for the operational environment . 15 7.4 Security objectives rationale . 16 8 Security Requirements . 21 8.1 Security functional requirements 21 8.1.1 Subjects, objects, security attributes and operations . 21 8.1.2 Security requirements operations . 22 8.1.3 Security Audit (FAU) . 2

    15、3 8.1.4 Cryptographic Support (FCS) . 24 8.1.5 User Data Protection (FDP) 25 8.1.6 Identification and Authentication (FIA) 28 8.1.7 Security Management (FMT) 29 8.1.8 Privacy (FPR) . 30 8.1.9 Protection of the TSF (FPT) 31 8.1.10 Trusted path/channels (FTP) 33 8.2 Security assurance requirements 33

    16、8.3 Security requirements rationale 34 8.3.1 Security functional requirements rationale . 34 8.3.2 Security assurance requirements rationale . 40 Bibliography . 41 PD CEN/TS 419221-3:2016 CEN/TS 419221-3:2016 (E) 3 European foreword This document (CEN/TS 419221-3:2016) has been prepared by Technical

    17、 Committee CEN/TC 224 “Personal identification and related personal devices with secure element, systems, operations and privacy in a multi sectorial environment”, the secretariat of which is held by AFNOR. Attention is drawn to the possibility that some of the elements of this document may be the s

    18、ubject of patent rights. CEN shall not be held responsible for identifying any or all such patent rights. This document supersedes CWA 14167-3:2004. This document has been prepared under a mandate given to CEN by the European Commission and the European Free Trade Association. CEN/TS 419221, Protect

    19、ion Profiles for TSP cryptographic modules, is currently composed of the following parts: Part 1: Overview; Part 2: Cryptographic module for CSP signing operations with backup; Part 3: Cryptographic module for CSP key generation services; Part 4: Cryptographic module for CSP signing operations witho

    20、ut backup. According to the CEN/CENELEC Internal Regulations, the national standards organisations of the following countries are bound to announce this Technical Specification: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedo

    21、nia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. PD CEN/TS 419221-3:2016 CEN/TS 419221-3:2016 (E) 4 Introduction 0.1 Gen

    22、eral This CEN Technical Standard specifying a Protection Profile for Cryptographic Module for CSP Key Generation Services is issued by the European Committee for Standardization. The document is for use by the European Commission in accordance with the procedure laid down in Article 9 of the Directi

    23、ve 1999/93/EC of the European parliament and of the council of 13 December 1999 on a Community framework for electronic signatures 1, referred to as the Directive in the remainder of the Protection Profile, as generally recognized standard for electronic-signature products in the Official Journal of

    24、 the European Communities. The Directive states in Annex II that certification-service-providers must: (f) use trustworthy systems and products which are protected against modification and ensure the technical and cryptographic security of the process supported by them; (g) take measures against for

    25、gery of certificates, and, in cases where the certification-service-provider generates signature-creation data, guarantee confidentiality during the process of generating such data. In the supporting ETSI Technical Specification “Policy Requirements for Certification Authorities (CA) issuing Qualifi

    26、ed Certificates” (ETSI/TS 101 456), it is stated that the CA 1)needs to ensure that: any subject keys, that it generates, are generated securely and the secrecy of the subjects private key is ensured (see the Directive 1, Annex II (f) and (j). And, if the CA generates the subject keys: a) CA-generat

    27、ed subject keys shall be generated using an algorithm recognized as being fit for the purposes of qualified electronic signatures during the validity of the certificate; b) CA-generated subject keys shall be of a key length and for use with a public key algorithm which is recognized as being fit for

    28、 the purposes of qualified electronic signatures during the validity time of the certificate; c) CA-generated subject keys shall be generated and stored securely before delivery to the subject. d) The subjects private key shall be delivered to the subject, if required via the subscriber, in a manner

    29、 such that the secrecy and the integrity of the key is not compromised and, once delivered to the subject, the private key can be maintained under the subjects sole control. e) Once delivered to the subject any copies of the subjects private key held by the CA shall be destroyed. This Protection Pro

    30、file (PP) defines the security requirements of a Cryptographic Module (CM) used by CSP as part of its trustworthy system to provide key generation services. The Cryptographic Module, which is the Target of Evaluation (TOE), is used for the creation of subscriber private keys, and loading them into s

    31、ecure signature creation devices (SSCD) as part of a subscriber device provision service. Such keys are referred to in this PP as subscriber signature creation data. A cryptographic module for CSP key generation services is needed particularly to import such key into the SSCD 8. The subscriber signa

    32、ture creation data generated by the TOE may be used to produce qualified electronic signatures, as defined by the Directive, or electronic signatures not necessarily qualified (e.g. advanced electronic signatures, digital signatures for other purposes different than authentication, etc.). The TOE ma

    33、y implement additional functions and security requirements, e.g. for CSP Signing Operations. However, these additional functions and security requirements are not subject of this PP. 1) In the remainder of this PP the term “Certificate Service Provider (CSP)“ is used instead of the commonly used ter

    34、m “Certification Authority (CA)“, as the former is employed by the Directive 1 this PP aims to support. PD CEN/TS 419221-3:2016 CEN/TS 419221-3:2016 (E) 5 In Article 3.5, the Directive further states that: The Commission may, in accordance with the procedure laid down in Article 9, establish and pub

    35、lish reference numbers of generally recognized standards for electronic-signature products in the Official Journal of the European Communities. Member States shall presume that there is compliance with the requirements laid down in Annex II, point (f), and Annex III when an electronic signature prod

    36、uct meets those standards. This PP is for use by the European Commission, with reference to Annex II (f) and Annex III, in accordance with this procedure. The document has been prepared as a Protection Profile following the rules and formats of the Common Criteria version 3.1 R3 2 3 4. This PP has b

    37、een evaluated, and the corresponding Common Criteria certificate can be found in Bibliographical Reference 5. The set of algorithms and parameters for secure signature-creation devices shall be in accordance with national guidance, and subject to each Certification Body. Notwithstanding, recommendat

    38、ions for algorithms and parameters for secure electronic signatures are given in ETSI/TS 102 176 6. Correspondence and comments to this Cryptographic Module for CSP Key Generation Services - Protection Profile (CMCKG-PP) should be referred to: Editor: Dr. Jorge Lpez Hernndez-Ardieta Email: jlhardiet

    39、aindra.es 0.2 Document Structure Clause 1 provides the scope of the Protection Profile. Clause 2 provides normative references of applicability to this Protection Profile. Clause 3 provides the terms and definitions used along the document. Clause 4 contains the Introduction of the Protection Profil

    40、e, including the PP reference and the TOE overview. Clause 5 includes the conformance claims for this Protection Profile. Clause 6 contains the security problem definition, including the set of TOE assets to protect, the expected threats to those assets, the organizational security policies in place

    41、 and the assumptions made on the TOE. Clause 7 contains the security objectives for the TOE and the TOE operational environment, and which address the threats, organizational security policies and assumptions considered. This section also includes a rational of correspondence between the security ob

    42、jectives and the threats, organizational security policies and assumptions. Clause 8 contains the security functional requirements (SFR) and security assurance requirements (SAR) derived from the Common Criteria (CC) Part 2 3 and Part 3 4, respectively, and that need to be satisfied by the TOE and d

    43、eveloper. This clause introduces first the formalism used to describe the operations (refinement, selection, assignment and iteration) applied along the SFR descriptions. After the SFR and SAR have been described, this section provides the rationale to explicitly demonstrate that the set of SFR are

    44、complete with respect to the objectives, and that each security objective is addressed by one or more SFR. Arguments are provided for the coverage of each objective. The rational part also provides a justification for the selection of EAL4+ AVA_VAN.5 as the assurance level. Finally, a Bibliography i

    45、s given. PD CEN/TS 419221-3:2016 CEN/TS 419221-3:2016 (E) 6 1 Scope This Technical Standard specifies a protection profile for cryptographic module for CSP key generation services. 2 Normative references The following documents, in whole or in part, are normatively referenced in this document and ar

    46、e indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. CEN/TS 419221-1:2016, Protection Profiles for TSP cryptographic modules Part 1: Overview ETSI/TS 101 45

    47、6, Electronic Signatures and Infrastructures (ESI); Policy requirements for certification authorities issuing qualified certificates, V1.4.3, May 2007 3 Terms and definitions For the purposes of this document, the terms and definitions contained in CEN/TS 419221-1:2016 apply. 4 General 4.1 PP refere

    48、nce Title: Cryptographic module for CSP key generation services protection profile CMCKG- PP Author: Jorge Lpez Hernndez-Ardieta Version: 0.20 Publication date: 27th January 2015 4.2 TOE overview 4.2.1 TOE usage and major security features The TOE is a Cryptographic Module (CM) used for the generati

    49、on of subscribers Signature Creation Data (Subscriber-SCD) and Signature Verification Data (Subscriber-SVD) and their export to the subscribers Secure Signature Creation Devices (SSCD), in a manner that: the confidentiality and integrity of the Subscriber-SCD are maintained both when managed by the TOE and during transfer from the TOE to an external entity (i.e. the Subscriber-SSCD); the integrity of the Subscriber-SVD is maintained both when managed by the TOE and during transfer from the TOE to an external entity (i.e. the Sub


    注意事项

    本文(BS PD CEN TS 419221-3-2016 Protection Profiles for TSP Cryptographic modules Cryptographic module for CSP key generation services《TSP密码模块的保护配置 CSP密匙生成服务用密码模块》.pdf)为本站会员(ideacase155)主动上传,麦多课文档分享仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文档分享(点击联系客服),我们立即给予删除!




    关于我们 - 网站声明 - 网站地图 - 资源地图 - 友情链接 - 网站客服 - 联系我们

    copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
    备案/许可证编号:苏ICP备17064731号-1 

    收起
    展开