CEN/TS 419221-3:2016

SLOVENSKI STANDARD
01-januar-2017
=DãþLWQLSURILOL]D763NULSWRJUDIVNHPRGXOHGHO.ULSWRJUDIVNLPRGXO]D&63
VWRULWYHJHQHULUDQMDNOMXþD
Protection Profiles for TSP Cryptographic modules - Part 3: Cryptographic module for
CSP key generation services
Sicherheitsanforderungen für vertrauenswürdige Systeme zur Verwaltung von
Zertifikaten für elektronische Signaturen - Teil 3: Kryptographisches Modul für CSP
Schlüsselgenerierungsdienste - Schutzprofil (CMCKG-PP)
Exigences de sécurité concernant les systèmes fiables gérant des certificats de
signatures électroniques . Partie 3 : Module cryptographique utilisé par le fournisseur de
service de certification pour la création de clés - Profil de protection (CMCKG-PP)
Ta slovenski standard je istoveten z: CEN/TS 419221-3:2016
ICS:
35.040.01 Kodiranje informacij na Information coding in general
splošno
35.100.05 9HþVORMQHXSRUDEQLãNH Multilayer applications
UHãLWYH
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

CEN/TS 419221-3
TECHNICAL SPECIFICATION
SPÉCIFICATION TECHNIQUE
July 2016
TECHNISCHE SPEZIFIKATION
ICS 35.040; 35.240.30 Supersedes CWA 14167-3:2004
English Version
Protection Profiles for TSP Cryptographic modules - Part
3: Cryptographic module for CSP key generation services
Profils de protection pour modules cryptographiques Schutzprofile für kryptographische Module von
utilisés par les prestataires de services de confiance - vertrauenswürdigen Dienstanbietern - Teil 3:
Partie 3 : Module cryptographique utilisé par le Kryptographisches Modul für CSP
prestataire de services de certification pour la Schlüsselgenerierungsdienste
génération de clés
This Technical Specification (CEN/TS) was approved by CEN on 8 May 2016 for provisional application.

The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to
submit their comments, particularly on the question whether the CEN/TS can be converted into a European Standard.

CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS
available promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in
parallel to the CEN/TS) until the final decision about the possible conversion of the CEN/TS into an EN is reached.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,
Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and
United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2016 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN/TS 419221-3:2016 E
worldwide for CEN national Members.

Contents Page
European foreword . 3
0 Introduction . 4
0.1 General . 4
0.2 Document Structure . 5
1 Scope . 6
2 Normative references . 6
3 Terms and definitions . 6
4 General . 6
4.1 PP reference . 6
4.2 TOE overview . 6
4.2.1 TOE usage and major security features . 6
4.2.2 TOE type . 8
4.2.3 Available non-TOE hardware/firmware/software . 8
5 Conformance Claims . 8
5.1 CC conformance claim . 8
5.2 PP claim . 9
5.3 Conformance rationale . 9
5.4 Conformance statement . 9
6 Security Problem Definition . 9
6.1 TOE assets . 9
6.2 Threats . 10
6.3 Organizational security policies . 12
6.4 Assumptions . 13
7 Security Objectives . 13
7.1 General . 13
7.2 Security objectives for the TOE . 13
7.3 Security objectives for the operational environment . 15
7.4 Security objectives rationale . 16
8 Security Requirements . 21
8.1 Security functional requirements . 21
8.1.1 Subjects, objects, security attributes and operations . 21
8.1.2 Security requirements operations . 22
8.1.3 Security Audit (FAU) . 23
8.1.4 Cryptographic Support (FCS) . 24
8.1.5 User Data Protection (FDP) . 25
8.1.6 Identification and Authentication (FIA) . 28
8.1.7 Security Management (FMT) . 29
8.1.8 Privacy (FPR) . 30
8.1.9 Protection of the TSF (FPT) . 31
8.1.10 Trusted path/channels (FTP) . 33
8.2 Security assurance requirements . 33
8.3 Security requirements rationale . 34
8.3.1 Security functional requirements rationale . 34
8.3.2 Security assurance requirements rationale . 40
Bibliography . 41
European foreword
This document (CEN/TS 419221-3:2016) has been prepared by Technical Committee CEN/TC 224
“Personal identification and related personal devices with secure element, systems, operations and
privacy in a multi sectorial environment”, the secretariat of which is held by AFNOR.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
This document supersedes CWA 14167-3:2004.
This document has been prepared under a mandate given to CEN by the European Commission and the
European Free Trade Association.
CEN/TS 419221, Protection Profiles for TSP cryptographic modules, is currently composed of the
following parts:
— Part 1: Overview;
— Part 2: Cryptographic module for CSP signing operations with backup;
— Part 3: Cryptographic module for CSP key generation services;
— Part 4: Cryptographic module for CSP signing operations without backup.
According to the CEN/CENELEC Internal Regulations, the national standards organisations of the
following countries are bound to announce this Technical Specification: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia,
France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta,
Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and the United Kingdom.
Introduction
0.1 General
This CEN Technical Standard specifying a Protection Profile for Cryptographic Module for CSP Key
Generation Services is issued by the European Committee for Standardization.
The document is for use by the European Commission in accordance with the procedure laid down in
Article 9 of the Directive 1999/93/EC of the European parliament and of the council of 13 December
1999 on a Community framework for electronic signatures [1], referred to as the ‘Directive’ in the
remainder of the Protection Profile, as generally recognized standard for electronic-signature products
in the Official Journal of the European Communities.
The Directive states in Annex II that certification-service-providers must:
(f) use trustworthy systems and products which are protected against modification and ensure the
technical and cryptographic security of the process supported by them;
(g) take measures against forgery of certificates, and, in cases where the certification-service-provider
generates signature-creation data, guarantee confidentiality during the process of generating such data.
In the supporting ETSI Technical Specification “Policy Requirements for Certification Authorities (CA)
1)
issuing Qualified Certificates” (ETSI/TS 101 456), it is stated that the CA needs to ensure that:
any subject keys, that it generates, are generated securely and the secrecy of the subject's private key is
ensured (see the Directive [1], Annex II (f) and (j)).
And, if the CA generates the subject keys:
a) CA-generated subject keys shall be generated using an algorithm recognized as being fit for the
purposes of qualified electronic signatures during the validity of the certificate;
b) CA-generated subject keys shall be of a key length and for use with a public key algorithm which is
recognized as being fit for the purposes of qualified electronic signatures during the validity time of the
certificate;
c) CA-generated subject keys shall be generated and stored securely before delivery to the subject.
d) The subject's private key shall be delivered to the subject, if required via the subscriber, in a manner
such that the secrecy and the integrity of the key is not compromised and, once delivered to the subject, the
private key can be maintained under the subject's sole control.
e) Once delivered to the subject any copies of the subject's private key held by the CA shall be destroyed.
This Protection Profile (PP) defines the security requirements of a Cryptographic Modu
...