Certification Report: SERTIT-041 CR Toshiba TOSMART-P080

Certification Report: SERTIT-041 CR Toshiba TOSMART-P080
Sertifiseringsmyndigheten for IT-sikkerhet Norwegian Certification Authority for IT Security
SERTIT-041 CR Certification Report
Issue 0.1 15.03.2012
Toshiba TOSMART-P080-AAJePassport version 01.07.05 + NVM
Ver.01.00.00
CERTIFICATION REPORT - SERTIT STANDARD REPORT TEMPLATE SD 009 VERSION 2.0 13.09.2007
SERTIT, P.O. Box 14, N-1306 Bærum postterminal, NORWAY
Phone: +47 67 86 40 00 Fax: +47 67 86 40 09 E-mail: post@sertit.no Internet: www.sertit.no
Toshiba TOSMART -P080-AAJePassport
Version 01.07.05 + NV M Ver.01.00.00
EAL4 augmented with AVA_VAN.5,
ALC_DVS.2 and ASE_TSS.2
ARRANGEMENT ON THE RECOGNITION OF COMMON CRITERIA CERTIFICATES IN
THE FIELD OF INFORM ATION TECHNOLOGY SECURITY
SERTIT, the Norwegian Certification Authorit y for IT Sec urity, is a member of the
above Arrangement and as such this confirms that the Common Criteria certificate
has been issued by or under the authority of a Party to this Arrangement and is the
Party’s cla im that the certificate has been issued in accordance with the terms of
this Arrangement
The judgements contained in the cert ificate and Cert ification Report are those of
SERTIT which issued it and the Norwegian evaluation facility (EVIT) which carried
out the evaluation. There is no implication of acceptance by other Members of the
Agreement Group of liability in respect of those judgements or for loss sustained as
a result of reliance pla ced upon those judgements by a third party. [*]
* Mutual Recognition under the CC recognit ion arrangement applies to EAL 4 but not
to AVA_VAN.5, ALC_DV S.2 and ASE_TSS.2 .
Page 2 of 17
SERTIT-041 CR Issue 0. 1
15.03.2012
Toshiba TOSMART -P080-AAJePassport
Version 01.07.05 + NV M Ver.01.00.00
EAL4 augmented with AVA_VAN.5,
ALC_DVS.2 and ASE_TSS.2
Contents
1
Certification Statement
5
2
Abbreviations
6
3
References
7
4
4.1
4.2
4.3
4.4
4.5
4.6
4.7
4.8
4.9
4.10
4.11
4.12
4.13
4.14
4.15
4.16
4.17
Executive Summary
Introduction
Evaluated Product
TOE scope
Protection Profile Conformance
Assurance Level
Security Policy
Security Claims
Threats Countered
Threats Countered by the TOE’s environment
Threats and Attacks not Countered
Environmental Assumptions and Dependencies
IT Security Objectives
Non-IT Security Objectives
Security Functional Requirements
Security Function Policy
Evaluation Conduct
General Points
8
8
8
8
10
10
10
10
10
11
11
11
11
11
11
11
12
13
5
5.1
5.2
5.3
5.4
5.5
5.6
5.7
Evaluation Findings
Introduction
Delivery
Installation and Guidance Documenta tion
Misuse
Vulnerability Analysis
Developer’s Tests
Evaluators’ Tests
14
15
15
15
15
15
15
16
6
6.1
6.2
Evaluation Outcome
Certifica tion Result
Recommendations
16
16
16
Annex A: Evaluated Configuration
TOE Identification
TOE Documenta tion
TOE Configuration
SERTIT-041 CR Issue 0.1
15.03.2012
17
17
17
17
Page 3 of 17
Toshiba TOSMART -P080-AAJePassport
Version 01.07.05 + NV M Ver.01.00.00
Page 4 of 17
EAL4 augmented with AVA_VAN.5,
ALC_DVS.2 and ASE_TSS.2
SERTIT-041 CR Issue 0. 1
15.03.2012
Toshiba TOSMART -P080-AAJePassport
Version 01.07.05 + NV M Ver.01.00.00
EAL4 augmented with AVA_VAN.5,
ALC_DVS.2 and ASE_TSS.2
2 Abbreviations
AA
Active Authentication
APDU
Applicat ion Data Unit
BAC
Basic Access Control
CC
Common Criteria for Information Technology Security Evaluat ion
(ISO/IEC 15408)
CCRA
Arrangement on the Recognition of Common Criteria Cert ificates in the
Field of Information Technology Securit y
CEM
Common Methodology for Information Technology Securit y Evaluation
CRC
Cyclic Redundancy Check
EAL
Evaluation Assurance Level
EOR
Evaluation Observation Report
ETR
Evaluation Technica l Report
EVIT
Evaluation Facility under the Norwegian Certification S cheme for IT
Security
ICAO
International Civil Avia tion Organization
MRTD
Machine Readable Travel Document
NVM
Non Volatile Memory ( =EEPROM)
PA
Passive Authent ication
POC
Point of Contact
QP
Qualified Participant
RSA
Rives, Shamir and Ableman (encry ption scheme)
SERTIT
Norwegian Certification Authority for IT Security
SPM
Security Policy Model
ST
Security Target
TOE
Target of Evaluation
TSF
TOE Security Functions
TSP
TOE Security Policy
IC
Integrated Circuit
Page 6 of 17
SERTIT-041 CR Issue 0. 1
15.03.2012
Toshiba TOSMART -P080-AAJePassport
Version 01.07.05 + NV M Ver.01.00.00
EAL4 augmented with AVA_VAN.5,
ALC_DVS.2 and ASE_TSS.2
3 References
[1]
TOSMART-P080 -AAJePassport Security Target , December 14, 2011 Version
01.00.07 Public ST Version 01.00.0 0.
[2]
Common Criteria Part 1, CCMB -2009-07-001, Version 3.1 R3, July 2009.
[3]
Common Criteria Part 2, CCMB -2009-07-002, Version 3.1 R3, July 2009.
[4]
Common Crite ria Part 3, CCMB -2009-07-003, Version 3.1 R3, July 2009.
[5]
The Norwegian Cert ification Scheme, SD001E, Version 8.0, 20 August 2010 .
[6]
Common Methodology for Information Technology Securit y Evaluation,
Evaluation Methodology, CCMB -2009 -07-004, Version 3.1 R3, July 2009.
[7]
Evaluation Technica l Report Common Criteria EAL4+ Evaluation of Toshiba
TOSMART-P080 -AAJePassport, v0.4, 08/03/2012
[8]
Guidance Document for Personalization agent , v. MC -SJ0046-08
[9]
Preparative guidance, v. MC -SJ0045-02
[10]
Applicat ion Specification, v. MC-SM0914 -07
[11]
Personalization Manua l, v. MC -SJ0047 -07
[12]
AA Personalization Manual, v. MC -SJ0048 -07
[13]
Authentication Manual, v. MC -SJ0049-07
[14]
Authentication Manual using MUTUAL AU THE NTICATE command, v. MC SJ0050-07
[15]
Authentication Manual using BAC, v. MC -SJ0051-07
[16]
Personalization Specification, v. MC -SM0812-06
[17]
Procedural Request of Security Products Delivery and Receipt, v. MB ICCARD -W471
[18]
Protect ion Profile for ePassport IC with Active Authenticat ion [PPC0247EN ]
[19]
CCIMB-2004 -02-009 Assurance Cont inuity
SERTIT-041 CR Issue 0.1
15.03.2012
Page 7 of 17
Toshiba TOSMART -P080-AAJePassport
Version 01.07.05 + NV M Ver.01.00.00
EAL4 augmented with AVA_VAN.5,
ALC_DVS.2 and ASE_TSS.2
4 Executive Summary
4.1 Introduction
This Cert ification Report states the outcome of the Common Criteria securit y
evaluation of Toshiba TOSMART -P080-AAJePassport version 01.07.05 + NVM
Ver.01.00.00 t o the Sponsor, TOSHIBA CO RPO RATION Social Infrastructure Systems
Company, and is intended to assist prospective consumers when judging the
suitabilit y of the IT security of the product for their part icular requ irements.
Prospective consumers are advised to rea d this report in conjunct ion with the
Security Target [1] which specifies the functional, environmental and assuranc e
evaluation requirement s.
4.2 Evaluated Product
The version of the product evaluated was Toshiba TOSMART -P080 -AAJePassport and
version 01.07.05 + NV M Ver.01.00.00 .
This product is a lso described in this report a s the Target of Evaluation ( TOE). The
developer was TOSHIBA CORPO RATION Social Infrastructure Systems Company .
The TOE is a composite security IC, consist ing of the hardware T6ND1, which is used
as the evaluated underlying platform and the Machine Readable Travel Document (OS
and application) software, which is built on t his hardware platform. The T6ND1 is a
secure single chip microcontroller with a RF type communication int erface compliant
to ISO-14443 type B. It consists of a central processing unit (CPU), memory elements
(ROM, RAM, NV memory), and circuitry for the RF externa l interface that have been
integrated with consideration given t o tamper resistance. The software that is
incorporat ed in t he memory element is ca pable of providing security functions for
the Machine Readable Travel Document (MRTD)
The MRTD consist s of a secure operating system and application on t op of the T6ND1.
The operating system contains the embedded software functions used by the MRTD
application.
The MRTD a pplication provides Act ive Authentication, Basic Access Control, and
facilitates Passive Authentication. The TOE consists of the security functions:
Memory access control, Sensit ive data with CRC checksum, encrypted key data on
NVM.
Details of the evaluated configuration, including the TOE’s supporting guidance
documentation, are given in Annex A.
4.3 TOE scope
The TOE is a composite product comprising an integrated circuit (IC) and an
ePassport application with a card operating system.
The IC, Toshiba T6ND1 is a secure single chip micro controller with a RF type
communication interfa ce compliant to ISO -14443 type B. It consists of a central
processing unit (CPU), memory elements (RO M, RAM, NVM), and circuitry for the RF
Page 8 of 17
SERTIT-041 CR Issue 0. 1
15.03.2012
Toshiba TOSMART -P080-AAJePassport
Version 01.07.05 + NV M Ver.01.00.00
EAL4 augmented with AVA_VAN.5,
ALC_DVS.2 and ASE_TSS.2
external interfa ce. The IC enables that embedded software can run securely. The
T6ND1 is compliant to the IC platform protect ion profile [PP -0035].
The ePassport application with the operating system form the Machine Readable
Travel Document (MRTD). The MRTD a pplication provides Active Aut hentication (AA),
Basic Access Control ( BAC), and facilitates Passive Auth entication ( PA). The TOE
consists of the securit y funct ions: Memory a ccess control, Sensitive data with CRC
checksum, encrypted key data on Non Volatile Memory (=EEPROM). The TOE follows
the international guidelines of ICAO for MRTD as defined in [ICAO_930 3].
The figure below presents the TOE. The red line denotes the composite TOE boundary.
The blue line denotes t he part that was added on the T6ND1.
Architectural view on t he TOE
Logica lly the TOE consists of the following subsystems:
1. The Card OS, providing services to the applica tions with the subsystems:
a. Protocol management, which handles the ISO 14443 type B T=CL
protocol, sends the REQB, sets up the communication protocol as
defined in ISO14443, and contains the funct ion ality to send/receive
APDUs handling management;
b. Dispatcher, which transfers the control to the application and provides
soft patching funct ionality to that application;
SERTIT-041 CR Issue 0.1
Page 9 of 17
15.03.2012
A r c h it e c tu r a l v i e w o n th e T O E
Toshiba TOSMART -P080-AAJePassport
Version 01.07.05 + NV M Ver.01.00.00
EAL4 augmented with AVA_VAN.5,
ALC_DVS.2 and ASE_TSS.2
c. Low level control, a set of modules that directly control hardware
registers.
d. File management, which provides ISO file syst em primitives (MF, DFs,
EFs with write and read operations) to applications;
e. Phase management, which checks the card life cycle management da ta
in NV memory and sets a phase flag in RAM;
f. Security management, consisting of genera l routines with security
services, such as comparison with securit y fla gs;
g. Common API, containing genera l rout ines (without specific security
services);
2. The Initialisation commands subsystem, cont aining t he APDU commands only
used in the manufact u ring phase;
3. The Persona lization commands subsystem, containing the ADPU commands
only used in the personalizat ion phase;
4. The Operation (LDS) commands subsystem, containing the remaining APDU
commands.
4.4 Protection Profile Conformance
The Security Target [1] claimed conformance t o the protection profile:
Protect ion Profile for ePassport IC with Active Authenticat ion [PP -C0247EN]
4.5 Assurance Level
The Security Target [1] specified the assurance requirements for the evaluation. The
assurance incorporated predefined evaluation assurance level E AL4 a ugmented with
AVA_VAN.5, ALC_DVS.2 and ASE_TSS.2 . Common Criteria Part 3 [4] describes the scale
of assurance given by predefined assurance levels EAL1 to EAL7 . An overview of CC is
given in CC Part 1 [2].
4.6 Security Policy
The TOE security policies are detailed in Protection Profile for ePassport IC with
Active Authenticatio n [PP -C0247EN], the Organisationa l Security Policies defined in
section 3.2 of the Prot ection Profile are valid for this TOE.
4.7 Security Claims
The Security Target [1] and the PP [18] fully specifies the TOE’s security objectives,
the threats, Organisational securit y Policies which these object ives meet and security
functional requirement s and security funct ions to elaborate the objectives. All of the
SFR’s are taken from CC Part 2 [3]; use of this standard facilitates comparison with
other evaluated products.
4.8 Threats Countered
The threats countered by the TOE are detailed in Protection Profile for ePassport IC
with Act ive Authentication [PP -C0247EN].
Page 10 of 17
SERTIT-041 CR Issue 0. 1
15.03.2012
Toshiba TOSMART -P080-AAJePassport
Version 01.07.05 + NV M Ver.01.00.00
EAL4 augmented with AVA_VAN.5,
ALC_DVS.2 and ASE_TSS.2
4.9 Threats Countered by the TOE’s environment
The threats countered by the TOE’s environment are detailed in Prot ection Profile for
ePassport IC with Active Authenticat ion [PP -C0247EN].
4.10 Threats and Attacks not Countered
No threats or attacks t hat are not countered are described.
4.11 Environmental Assumptions and Dependencies
The environmental assumptions and dependencies are detailed in Protection Profile
for ePassport IC with Active Authentication [PP -C0247EN].
4.12 IT Security Objectives
The TOE security objectives are detailed in Protection Prof ile for ePassport IC with
Active Authentication [PP -C0247EN], the Security Objectives for the TOE defined in
the Protect ion Profile are valid for this TOE.
4.13 Non-IT Security Objectives
The Non-IT TOE securit y objectives are detailed in Protect ion Profile for ePassport IC
with Act ive Authentication [PP -C0247EN], the Security Objectives for the operat ional
environment defined in the Protect ion Profile are valid for this TOE.
4.14 Security Functional Requirements
The securit y functional requirements are detailed in Protect ion Profile for ePassport
IC with Active Authentication [PP -C0247EN], Security Functional Requirements in the
Protect ion Profile are valid for this TOE.
4.15 Security Function Policy
The ICAO defines the baseline security methods Passive Authentica tion and the
optional advanced security methods Basic Access Control to the logical MRTD, Active
Authentication of the MRTD’s chip t o and the Data Encryption of sensitive biometrics
as optional security measure in the ICAO DOC 9303[ICAO_9303]. The Passive
Authentication Mechanism and t he Data Encryption are performed completely and
independent ly of the TOE by the TOE environment.
The securit y target addresses the protection of the logica l MR TD


in integrity by write -only-once access control and by physical means, and
in confidentiality by the Basic Access Control Mechanism
The Security Target addresses the opt iona l Active Authent ication sta ted in
[ICAO_9303]
The TOE implements Ba sic Access Co ntrol. The inspection system
SERTIT-041 CR Issue 0.1
15.03.2012
Page 11 of 17
Toshiba TOSMART -P080-AAJePassport
Version 01.07.05 + NV M Ver.01.00.00



EAL4 augmented with AVA_VAN.5,
ALC_DVS.2 and ASE_TSS.2
reads optically the MTRD
Authenticates itself as an inspection system by means of Document Access
Keys.
An access control by t he TOE to allow reading data (except for the sensitive
biometric data) only to successfully authent icated authorized inspection
systems
The TOE also optionally implements Active Aut hentication (described in
[ICAO_9303]). By means of a cha llenge -response protocol between t he inspection
system and the TOE, is ensured that the chip has not been cloned. For this purpose
the TOE contains its own Active Authentication RSA key pair. A hash representation
of Data Group 15 Public key is st ored in the Document Security Object (SOD) and
therefore authent icated by the issuer’s digita l signature. The corresponding Pr ivate
Key is kept in the TOE’s secure memory and never disclosed.
The following functionality is provided by the software building upon what was
already provided by th e hardware on which the software builds.
In addit ion t o the T6ND1 hardware platform and crypto library, the TOE -Software
implements a file system and the functionalit y as described in section 4.14,
furthermore it implements funct ionality that protects t he data in files and uses the
data stored in files.
The TOE Software sat isfies the following requirements of the underlying certified
hardware platform T6ND1 and crypto library.


Destruction of the cryptographic keys after usage
Implementation of the T6N D1 user guidance with respect to:
 Enabling the hardware countermeasures
 Anti-perturbation countermeasures
4.16 Evaluation Conduct
The eva luation was carried out in accordance with the requirements of the
Norwegian Certification Scheme for IT Security as described in SERTIT Document
SD001[5]. The Scheme is managed by the Norwegian Certification Authorit y for IT
Security (SERTIT). As st ated on page 2 of this Certification Report, SERTIT is a
member of the Arrangement on the Recognition of Common Criteria Certificates in
the Field of Informatio n Technology Securit y (CCRA), and the evalua tion was
conducted in accordance with the terms of this Arrangement.
The purpose of the eva luation wa s to provide assurance about the effectiveness of
the TOE in meet ing its Security Target [1], which prospective consumers are advised t o
read. To ensure that the Security Target [1] gave an appropriate baseline for a CC
evaluation, it was first evaluated it self. The TOE was then evaluated against this
baseline. Both parts of the evaluation were performed in accordance with CC Part
3[4] and the Common Evaluation Methodology (CEM) [6].
This evaluation is a re -evaluation of the TOSMART -P080 -AAJePassport epassport as
evaluated in SERTIT -021.
Page 12 of 17
SERTIT-041 CR Issue 0. 1
15.03.2012
Toshiba TOSMART -P080-AAJePassport
Version 01.07.05 + NV M Ver.01.00.00
EAL4 augmented with AVA_VAN.5,
ALC_DVS.2 and ASE_TSS.2
Toshiba has created an Impact Ana lysis Report according to the CCIMB -2004-02-009
Assurance Continuity [19] CCRA Requirements. Based on this report SERTIT has
assessed that the change is ‘major’.
The re-evaluation was carried out by the Brightsight B.V. Commercial Evaluation
Facility ( CLEF/EVIT). The evaluation was completed when the EVIT submitted the fina l
Evaluation Technica l Report (ETR) [7] to SERTIT 08.03.2012. SERTIT t hen produced this
Certification Report.
4.17 General Points
The eva luation a ddressed the security funct ionality claimed in the Security Target [1]
with reference to the a ssumed operating environment specified by the Security
Target[1]. The eva luated configuration was that specified in Annex A . Prospect ive
consumers are advised to check that this matches their identified requirements and
give due consideration to the recommendations and caveats of this report.
Certification does not guarantee that the IT product is free from security
vulnera bil ities. This Certification Report and the belonging Certifica te only reflect
the view of SE RTIT at t he time of cert ification. It is furthermore the responsibility of
users (both exist ing and prospective) to check whether any security vulnera bilities
have been discovered since the date shown in this report. This Certification Report is
not an endorsement of the IT product by SERTIT or any other organization that
recognizes or gives effect to this Cert ification Report, and no warra nty of the IT
product by SE RTIT or any other organizat ion t hat recognizes or gives effect to this
Certification Report is either expressed or implied.
SERTIT-041 CR Issue 0.1
15.03.2012
Page 13 of 17
Toshiba TOSMART -P080-AAJePassport
Version 01.07.05 + NV M Ver.01.00.00
EAL4 augmented with AVA_VAN.5,
ALC_DVS.2 and ASE_TSS.2
5 Evaluation Findings
The eva luators examined the following assurance classes and components taken from
CC Part 3[4]. These cla sses comprise the E AL 4 assurance package a ugmented with
AVA_VAN.5, ALC_DVS.2 and ASE_TSS.2 .
Assurance class
Development
Guidance documents
Life -cycle support
Security Target
evaluation
Tests
Vulnerabilit y assessment
Assurance components
ADV_ARC.1
Security architecture description
ADV_FSP.4
Complete functional specification
ADV_IMP.1
Implementation representation of t he
TSF
ADV_TDS.3
Basic modular design
AGD_OPE.1
Operational user guida nce
AGD_PRE.1
Preparative procedures
ALC_CMC.4
Production support, acceptance
procedures and automation
ALC_CMS.4
Problem tracking CM coverage
ALC_DEL.1
Delivery procedures
ALC_DVS.2
Sufficiency of securit y measures
ALC_LCD.1
Developer defined life -cycle model
ALC_TAT.1
Well-defined development tools
ASE_CCL.1
Conformance cla ims
ASE_ECD.1
Extended components definition
ASE_INT.1
ST introduct ion
ASE_OBJ.2
Security objectives
ASE_REQ.2
Derived security requirements
ASE_SPD.1
Security problem definition
ASE_TSS.2
TOE summary specifica tion with
architectura l design summary
ATE_COV.2
Analysis of coverage
ATE_DPT.1
Testing: basic design
ATE_FUN.1
Functional test ing
ATE_IND.2
Independent testing – sample
AVA_VAN.5
Advanced methodical vulnerability
analysis
All assurance classes were found to be satisfa ctory and were awarded an overall
“pass” verdict.
Page 14 of 17
SERTIT-041 CR Issue 0. 1
15.03.2012
Toshiba TOSMART -P080-AAJePassport
Version 01.07.05 + NV M Ver.01.00.00
EAL4 augmented with AVA_VAN.5,
ALC_DVS.2 and ASE_TSS.2
5.1 Introduction
The eva luation a ddressed the requirements specified in the Securit y Target [1]. The
results of this work were reported in the ETR [7] under the CC Part 3 [4] headings. The
following sections not e considerations that a re of part icular relevance to either
consumers or those involved with subsequent assu rance ma intenance and re evaluation of the TOE.
5.2 Delivery
On receipt of the TOE, the consumer is recommended t o check that t he evaluated
version has been supplied, and to check that the security of the TOE has not been
compromised in delivery.
The TOE is delivered t o a Persona lisation orga nisation as a sheeted product (Inlay,
Inlet), Chip, Sawn Wafer or Module. There the TOE is personalised t o come in its
evaluated configuration after the card lifecycle state has been set to “Operation”.
5.3 Installation and Guidance Documentation
The Preparative guidance [9] gives the procedures necessary for the secure
installation of the TOE and the secure preparation of the operational environment are
in accordance with the ST .
5.4 Misuse
There is always a risk of intentional and unint entional misconfigurations that could
possibly compromise confidential information. Administrators should follow the
guidance[8][9][11][12] for the TOE in order t o ensure that the TOE operates in a
secure manner.
The guidance documents adequately the mode of operation of the TOE, all
assumptions a bout the intended environment and all requirements for external
securit y. Sufficient guidance is provided for t he consumer t o effect ively administer
and use the TOE’s security functions.
5.5 Vulnerability Analysis
The eva luators’ assessment of pot entia l exploitable vulnerabilit ies in the TOE has
been addressed and shows that the vulnerability analysis is complet e, and that the
TOE in its intended environment is resistant to attackers with a high attack
potential.
5.6 Developer’s Tests
The eva luators’ a ssessments of the developers’ tests shows that the developer testing
requirements is extensive and that the TSF sat isfies the TOE securit y functional
requirements. The test ing performed on the TOE by both the developer and evaluat or
SERTIT-041 CR Issue 0.1
15.03.2012
Page 15 of 17
Toshiba TOSMART -P080-AAJePassport
Version 01.07.05 + NV M Ver.01.00.00
EAL4 augmented with AVA_VAN.5,
ALC_DVS.2 and ASE_TSS.2
showed that the EAL 4 a ssurance components augmented with AVA_VAN.5,
ALC_DVS.2 and ASE_TSS.2 are fulfilled.
5.7 Evaluators’ Tests
The eva luator have independent ly tested the TSFs and verified that the TOE behaves
as specified in the design documentation and confidence in the develop er's test
results is ga ined by performing a sample of the developer's tests.
6 Evaluation Outcome
6.1 Certification Result
After due consideration of the ETR [7], produced by the E valuators, and the conduct
of the evaluation, as witnessed by the Cert ifier, SERTIT has determined that Toshiba
TOSMART-P080 -AAJePassport vers ion 01.07.05 + NVM Ver.01.00.00 running on T6ND1
meet the Common Crit eria Part 3 conformant requirements of Evaluation Assurance
Level EAL4 augmented with AVA_V AN.5, ALC_DVS.2 and ASE_TSS.2 for the specified
Common Criteria Part 2 conformant functionality and Protection Profile for ePassport
IC with Active Authentication [PP -C0247EN], in the specified environment, when
running on t he T6ND1.
6.2 Recommendations
Prospect ive consumers of Toshiba TOSMART-P080-AAJePassport version 01.07.05 +
NVM Ver.01.00.00 should understand t he specific scope of the cert ification by
reading this report in conjunction with t he Security Target [1]. The TOE should be
used in accordance wit h a number of environmental considerations as specified in
the Security Target.
Only the evaluated TOE configurat ion should be installed. This is specified in Annex A
with further relevant information given above under Section 4.3 “TOE Scope” and
Section 5 “Evaluation Findings”.
The TOE should be used in accordance with the supp orting guidance documentation
included in the evaluat ed configuration.
Page 16 of 17
SERTIT-041 CR Issue 0. 1
15.03.2012
Toshiba TOSMART -P080-AAJePassport
Version 01.07.05 + NV M Ver.01.00.00
EAL4 augmented with AVA_VAN.5,
ALC_DVS.2 and ASE_TSS.2
Annex A: Evaluated Configuration
TOE Identification
The TOE consists of:
Item
Hardware
Software
Identifier
T6ND1 Integrated Circuit
TOSMART-P080 -AAJePassport
Version
5.0
Ver. 01.07.05 + NVM
Ver.01.00.00
TOE Documentation
The supporting guidance documents evaluated were:
Item
Manuals
Identifier
Guidance Document for
Personalization agent
Preparative guidance
Applicat ion Specification
Personalization Manua l
AA Personalization Manual
Authentication Manual
Authentication Manual using MUTUAL
AUTHENTICATE comma nd
Authentication Manual using BAC
Personalization Specification
Procedural Request of Security
Products Delivery and Receipt
Version
MC-SJ0046 -08
MC-SJ0045 -02
MC-SM0914 -07
MC-SJ0047 -07
MC-SJ0048 -07
MC-SJ0049 -07
MC-SJ0050 -07
MC-SJ0051 -07
MC-SM0812 -06
MB-ICCARD-W471
TOE Configuration
The following configuration was used for test ing:
The TOE is tested on a set -up with


Contact less card reader
PC with Brightsight ePassport test t ool
The configuration of the TOE samples where a s follows:


Operational phase: BAC
Operational phase and Personalization phase BAC + AA
SERTIT-041 CR Issue 0.1
15.03.2012
Page 17 of 17
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising