Navigation und Service

BSI-CC-PP-0076-2013

Protection profiles for secure signature creation device - Part 6: Extension for device with key import and trusted channel to signature creation application

Herausgeber / Issuer

CEN/ISSS - Information Society Standardization System

Rue de Stassart 36
1050 Brussels
Belgium

Prüfstelle / Evaluation Facility

SRC Security Research & Consulting GmbH

Prüftiefe des Produktes / Assurance of the TOE

EAL4+, AVA_VAN.5

Version der CC / CC Version

3.1 R4

Ausstellungsdatum / Certification Date

30.06.2016

PP Anwendungshinweis und Interpretation für Produktzertifizierungen / PP application note and interpretation for product certification

Das Schutzprofil wurde von der Arbeitsgruppe CEN/TC 224 erstellt. Es ist referenziert im Durchführungsbeschluss (EU) 2016/650 der Kommission vom 25. April 2016 zur Festlegung von Normen für die Sicherheitsbewertung qualifizierter Signatur- und Siegelerstellungseinheiten gemäß Artikel 30 Absatz 3 und Artikel 39 Absatz 2 der Verordnung (EU) Nr. 910/2014 des Europäischen Parlaments und des Rates über elektronische Identifizierung und Vertrauensdienste für elektronische Transaktionen im Binnenmarkt.

The Protection Profile (PP) has been provided by the Technical Committee CEN/TC 224. It is referenced by the Commission Implementing Decision (EU) 2016/650 of 25 April 2016 laying down standards for the security assessment of qualified signature and seal creation devices pursuant to Articles 30(3) and 39(2) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market.

The intent of the Protection Profile is to specify functional and assurance requirements defined in the Directive for a secure signature-creation device (SSCD) which is the target of evaluation (TOE). The Protection Profile describes core security requirements for a secure device that can import a signing key (signature-creation data, SCD) and operates to create electronic signatures with the imported key. The data to be signed or a unique representation thereof (DTBS/R) are sent via a trusted channel between the Signature Creation Application (SCA) and the SSCD.

After an SSCD has imported a signing key, the corresponding public key (signature verification data, SVD) has to be provided as input to a certificate generation application (CGA).

When operated in a secure environment for signature creation a signer may use an SSCD that fulfils only these core security requirements to create an advanced electronic signature. Security requirements for an SSCD used in other environments are not subject of this Protection Profile.

This Protection Profile is strictly conforming to the core PP certified under the certification ID BSI-CC-PP-0075 and takes in comparison to this PP the trusted channel to the SCA into account.