BS/EN 419221-5-2018 pdf download.Protection Profiles for TSP Cryptographic Modules Part 5: Cryptographic Module for Trust Services.
single domain under a common infrastructure, but the nature of this combination and common infrastructure is beyond the scope of this Protection Profile.
The threat environment the TOE is designed for is one of high threat of network compromise, and low threat of physical compromise (for example, a Certification Authority facility with a high degree of physical protection, but an operational requirement to be connected to an untrusted network such as the internet).
The environment is assumed to prevent prolonged unauthorised physical access to the TOE (including theft). The TOE provides physical protection mechanisms to deter undetected compromise of its security functions by low attack potential individuals that do have physical access to the TOE (for example disgruntled employees with legitimate access to the TOE).
The TOE is responsible for protecting the keys against logical attacks that would result in disclosure, compromise and unauthorised modification, and for ensuring that the TOE services are only used in an authorized way.
Client applications request cryptographic functions from the TOE, typically using a key managed by the TOE10, once the appropriate authorization has been provided.
Two distinct use cases for the deployment of a cryptographic module conforming to this Protection Profile are described below. These are not necessarily the only use cases for which a cryptographic module certified against the PP will be suitable, but these are the ones that have been considered in developing this PP.
4.4.2.2 Use Case 1: Local signing
This use case is aimed at trust service providers applying its own electronic signatures or seals. Examples include TSPs issuing certificates and time-stamps, as well as TSPs supporting application services such as e-lnvoicing and registered e-mail where the TSP applies its own seal / signature.
The TOE performs local cryptographic operations, and associated key management, which can be used by a client application to create qualified electronic signatures and qualified electronic seals for a natural or legal person representing a TSP. The same TSP is responsible for the security of the environment in which the TOE is used and managed (including the client application, which is outside the TOE). The signing / sealing request is passed from a signature / seal creation client application under control of the TSP and executing on an appliance in the same local operational environment as the TOE (i.e. all communications involved in creating, receiving and executing the signing / sealing request take place within the network environment controlled by the TSP, and do nor involve uncontrolled networks). Apart from its support keys (e.g. to protect local secure channels to the signature creation application), the TOE generates, stores and uses only keys that belong to and represent the TSP (e.g. for signing other keys). In this use case the TOE by itself is intended to be used as a qualified electronic signature creation, or seal, device compliant to Annex II of Regulation EU 910/2014 [7]. See Annex A for further details.
4.4.2.3 Use Case 2: Support for Remote Server Signing
This use case is aimed at TSPs supporting requirements for remote signing, or sealing, as specified in Regulation 910/2014. In this case the TOE on its own is not intended to meet the requirements for QSCDs in the context of remote signing set out in Annex II of (EU) No 910/2014. It is expected that the TOE would be used in conjunction with the Protection Profile to be defined in EN 419241-2 [10], and any other related Protection Profiles, to meet the requirements for Sole Control Assurance Level 2 as defined in EN 419241-1 191. These security requirements may govern aspects such as the definition of specific user identification and authentication methods (e.g. multi-factor authentication) used within the signing system and may affect the type and form of the authorization data that is passed to the cryptographic module in order to authorize use of a key.
The TOE performs local cryptographic operations, and associated key management, which can be used by an application using server signing, as defined in EN 419241-1 191. to create qualified electronic signatures and qualified electronic seals on behalf of a legal or natural person which is distinct from and remote from the TSP which manages the TOE. The TOE generates, stores and uses signing / seating keys in a way that maintains the remote control of an identified signatory or seal creator who operates through the use of a client application. The TOE deals with ensuring the security of keys and their use for signature or seal creation. Non-cryptographic functionality concerned with assuring sole control of these keys, for example authentication, is provided by other ensured functionality outside the scope of the TOE.
4.4.3 Available non-TOE hardware/software/firmware
The TOE is a Cryptographic Module comprising its own hardware and software, though it may be supported by additional non-TOE hardware (e.g. a surrounding hardware appliance, physical authentication factors) and non-TOE software (e.g. utilities, management software or interface libraries).
5 Conformance Claim
5.1 CC Conformance Claim
This Protection Profile is conformant to Common Criteria version 3.1 revision 4. More precisely, this Protection Profile is:
— CCPart1ICC1];
— CC Part 2 extended (CC2];
— CC Part 3 conformant [CC3].BS/EN 419221-5-2018 pdf download.
BS/EN 419221-5-2018 pdf download
PS:Thank you for your support!