Security Target Mobile PayPass 1.0 on Orange
Contents
1. Release 1 01p gemalt x Reference ROR2 1486 00 1 CCD ASE Printed copy not controlled verify the O version before using Classification level Public Pages 133 Table of Figures Figure MEO zuo aaia 14 Figure 2 Mode T PIN TAP c r E rS 16 Figure 3 Mode 2 TAP PIN TAP sccscdcucteedenesiteracaieedescoctitenccceltedeteaiteddennetedectmesltaxacdbetes ENNA 17 Figure 4 TOE physical scope like in PAP tt ln ee menn 20 Figure 5 TOE logical bo ndaties 2 rer ricette rire acu etae ther a ue Ua e kno nana Eg ana ursa aa DE ERES 21 Figure 6 Major TOE items and SCOPC ccc ell rer ei ee ease nnn en nnne nnne innen nnn nn nnne nna 22 Figure 7 PAP Module neto nno Enna scien ane desde accession nne RAEE REDE Dn nen ER Do den Ya PI ay ane R RS 24 Figure 8 LOE life Cycle uiii te eo emen riui tesa ci EDU etae i a EE sae Naaa 26 Figure 9 Contactless life cycle states 0 lr HH Un nnn ee nn nc nnne nnn nnne nnn 29 Figure 10 GP standard life cycle states cec tee eer ene nennen nnne nnne nnn nnn nnn na 30 Figure 11 Conformance and Composition ssssseee nennen nnns 33 ST Applicable on February 2012 Page 5 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemalt x Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the O version before using Clas2. 5 3 1 3 FRAUDULENT PAYMENT T STEALING This threat is countered by O RISK MNGT which diminishes payment temptations by limiting the number of transactions without authorisation O APP BLOCK which provides the Issuing Bank means to block the PAP through OTA bearer on the user s demand O USER AUTH which ensures that the customer is authenticated for each payment transaction above the Personal Code Entry Limit OE TOE USAGE which ensures that the Issuing Bank provides to the customer the rules to securely use his TOE OE CUSTOMER PC CONFID which guarantees that the mobile handset never keeps the customer s Personal Code in its memory OE CERTIFICATES MNGT that contributes in covering this threat by avoiding the usage of a stolen authentication certificates by providing updates T MERCHANT ACCOMPLICE This threat is covered by the security objective O SIM UNLOCK which requires unlocking the U SIM card by means of the PIN code for each payment transaction The security objective O APP BLOCK provides the means to authorised users to block the PAP in order to prevent from such attacks The security objective on the environment OE MERCHANT AUTH ensure that merchant shall subscribe for a contract that guarantees his authenticity The security objectives for the environment OE POS DEACTIVATION OE POS APPROVAL and OE POS APPLICATIONS ensure respectively that the POS may be rendered inoperative remotely by the POS purchaser or the Acquirer th
3. Release 1 01p gemal x Reference ROR2 1486 001 CCD ASE Printed copy not controlled verify the O version before using Classification level Public Pages 133 Security Target Mobile PayPass 1 0 on Orange NFC V2 G1 ST Applicable on February 2012 Page 1 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemalt x Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the O version before using Classification level Public Pages 133 Table of Contents 1 INTRODUCTION EE 7 Ded ST udizo c 7 Ee T diem 7 1 3 REFERENCE MATERIAES iieri ioo aaia espere io Fee x Ra DU a an YR RR aa UR Da se Ko eR RR aa iai au ard RR US 8 LA DEFINITION Em 10 1 5 ACRONYMS AND ABBREVIATIONS 00 ttt i i i i i i i i nln i i i i i i i i i i ili ilies 11 LO TOR OVERVIEW me 13 1 6 1 TOE 7 p 13 16 2 Usage and major security features of the TOE seien nnn nnne 14 1 6 2 1 Mode E PIN TAP M M 16 1 6 2 2 Mode 2 TAP PIN TAPS isxeesesex ke denn aa en RENS re ae A aAA SAA Anai TAESTEN ARE 16 1 6 2 3 SOCUNLY TOALUNES ainsa a aE AE E 17 1 6 3 Required non TOE hardware software firmWare eise eee essa aan ana hanh aa aa anna 17 1 6 3 1 Payez Mobile Application AEPM CREL Application eeeen 18 1 6 3 2 Proximity Payment System Environment PPSE application EMV
4. T SID 1 An applet impersonates another application or even the Java Card RE in order to gain illegal access to some resources of the card or with respect to the end user or the terminal T INTEG_SEL_ACT_PARAM T SID 2 The attacker modifies the TOE s attribution of a privileged role e g default applet and currently selected applet which allows illegal impersonation of this role T INTEG_KEYS T INTEG_REG_PC T INTEG_SEL_ACT_PARAM T EXE CODE 1 An applet performs an unauthorized execution of a method EAP wed T EXE CODE 2 An applet performs an execution of a method PAP code fragment or arbitrary data T EXE CODE REMOTE The attacker performs an unauthorized PAP code remote execution of a method from the CAD T NATIVE An applet executes a native method to bypass a TOE Security Function such as the firewall No contradiction T RESOURCES An attacker prevents correct operation of the Java Card System through consumption of some resources of the card RAM or NVRAM No contradiction T DELETION The attacker deletes an applet or a package already in use on the card or uses the deletion functions to pave the way for further attacks putting the TOE in an insecure state PAP code T INTEG_SEL_ACT_PARAM T INSTALL The attacker fraudulently installs post issuance of an applet on the card This concerns either the installation of an unverified applet or an attempt to induce a malfunction
5. The security objective O TRANSACTION BYPASS covers this threat by preventing from bypassing a mandatory step of the transaction flow model as defined by the PM 1 amp PM 2 specifications and though ensuring the integrity of PAP counters The security objectives O USER_AUTH O GUIS_AUTH and O ISSUING BANK AUTH contribute in covering this threat by ensuring that only authorised users can get access to the TOE T TEMPORARY DATA This threat is covered by the security objectives O DATA INTEGRITY and O TRANSACTION INTEGRITY which prevent from unauthorised modification of transactions and related temporary data The security objectives O USER AUTH O GUIS_AUTH and O ISSUING BANK AUTH contribute in covering this threat by ensuring that only authorised users can get access to the TOE T INTEG SEL ACT PARAM This threat is covered by the security objective O DATA INTEGRITY which prevents from unauthorised modification of selection and activation parameters stored in the TOE The security objectives O USER AUTH O GUIS AUTH and O ISSUING BANK AUTH contribute in covering this threat by ensuring that only authorised users can get access to the TOE ST Applicable on February 2012 Page 65 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal X Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the Q version before using 133 Classification level Public Pages
6. FIA UAU 1 PAP Online Transaction FIA UAU 1 Post lssuance Bank Management FIA UAU 1 Payment Transaction FIA UID 1 PAP Online Transaction FIA UID 1 Payment Transaction FIA UID 1 Post lssuance Bank Management FIA_AFL 1 Customer FIA AFL 1 Issuing Bank which enforce users identification and authentication to perform some actions as defined in the PM 1 amp PM 2 specifications The PAP Online Transaction in Payment mode does nt need Issuing Bank authentication the online approval is handled by POS terminal The PAP Online Transaction in Manamgent mode Counter Reset Issuer Script needs Issuing Bank authentication ST Applicable on February 2012 Page 108 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemalt X Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the Q version before using Classification level Public Pages 133 O TRANSACTION REPLAY This security objective is covered by the following SFRs FPT RPL 1 which ensures that all transactions are protected against replay the TSF can detect it and react to such attack FIA SOS 2 which ensures the TOE can generate random value to enforce the protection against replay attacks FIA UAU 4 guarantees that authentication data cannot be reused FCS CKM 1 Session Keys and FCS CKM 4 Session keys ensures that session keys generation and destruction meet the requirements o
7. PAP Reference Personal Code State PAP Reference Personal Code Integrity PAP Personal Code State Security attributes of the subject S PAP Contactless Life Cycle State Security attributes of the object PAP Log File Log File Reading Status Security attributes of the object PAP Keys PAP Keys Integrity Security attributes of the object PAP Counters PAP Counters Integrity PAP Counters State FDP ACF 1 2 PAP Administration Management The TSF shall enforce the following rules to determine if an operation among controlled subjects and controlled objects is allowed Systematic Personal Code Activation Deactivation is allowed only if PAP Reference Personal Code Integrity is VERIFIED PAP Personal Code State is VERIFIED Reference Personal Code Change Unblock is allowed only if PAP Reference Personal Code Integrity is VERIFIED PAP Personal Code State is VERIFIED PAP Reference Personal Code State is UNBLOCKED Log Reading is allowed only if Contactless Life Cycle State is ACTIVATED or DEACTIVATED Log File Reading Status is PERMITTED Log entry data is present PAP Activation Deactivation is allowed only if Contactless Life Cycle State is ACTIVATED or DEACTIVATED PAP Reference Personal Code State Integrity is VERIFIED PAP Personal Code State is VERIFIED PAP Locking Unlocking is allowed only if PAP Issuing Bank Keys Integrity is VERIFIED PAP Issuing Bank secure script Counters Integrity is VERIFIED PAP Issuing Bank sec
8. e Pre enter PIN not allowed by issuer depends on issuer configuration e Transaction Context conflict e After completion of one payment transaction depends on issuer configuration and card holder option e After card reset e Upon reception of SET RESET PARAMETERS with P1P2 Reset CVM FIA UID 1 PAP Online Transaction Timing of identification FIA UID 1 1 PAP Online Transaction The TSF shall allow all TSF mediated actions listed in FIA UAU 1 PAP Online Transaction on behalf of the user to be performed before the user is identified FIA UID 1 2 PAP Online Transaction The TSF shall require each user to be successfully identified before allowing any other TSF mediated actions on behalf of that user FIA UID 1 Post Issuance Bank Management Timing of identification FIA UID 1 1 Post Issuance Bank Management The TSF shall allow all TSF mediated actions listed in FIA UAU 1 Post Issuance Bank Management on behalf of the user to be performed before the user is identified FIA UID 1 2 Post Issuance Bank Management The TSF shall require each user to be successfully identified before allowing any other TSF mediated actions on behalf of that user FIA UID 1 Payment Transaction Timing of identification FIA UID 1 1 Payment Transaction The TSF shall allow all TSF mediated actions listed in FIA UAU 1 Payment Transaction on behalf of the user to be performed before the user is identified FIA UID 1 2 Pa
9. FDP_IFC 2 PAP Online Transaction FDP IFC 2 Post Issuance Bank Management Page 128 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal x Reference ROR2 1486_001_CCD_ASE Printed copy not controlled verify the Q version before using Classification level Public Pages 133 Requirements Es Satisfied Dependencies Dependencies FDP ACC 2 PAP Application FDP_ACC 2 PAP Activation FDP _ACC 2 PAP Administration Management FDP_ACC 2 PAP Payment Transaction Management FDP Acer ACA Fon laante Bank FDP ITC 1 FDP TFC 1 and Management FDP ACC 2 PAP Offline FMT MSA 3 Authentication FDP ACC 2 PAP Transaction FDP IFC 2 PAP Offline Authentication FDP IFC 2 PAP Offline Transaction FDP IFC 2 PAP Online Transaction FDP IFC 2 Post Issuance Bank Management FMT MSA 3 FDP_ACC 1 or FDP IFC 2 PAP Offline Transaction FDP IFC 1 and FDP IFC 2 PAP Online Transaction FTP ITC 1 or FDP IFC 2 Post Issuance Bank FTP TRP 1 Management FTP ITC 1 FTP ITC 1 No Dependencies FPR_UNO 1 No Dependencies FPT TDC 1 No Dependencies Table 15 SFRs Dependencies FDP UIT 1 ST Applicable on February 2012 Page 129 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal t x Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the O version before using
10. N 2741 SGDN DCSSI SDS LCR Version 1 10 Mobile Paypass 1 0 on NFC V2 G1 Preparation Guidance Ref ROR21486 009 CCD AGD PRE 1 01 Mobile Paypass 1 0 on NFC V2 G1 Guidance for administration GUIDE Ref ROR21486 008 CCD AGD OPE 1 01 Mobile MasterCard Paypass Card Applications V1 0 Installation Guide Ref D2148603 MobilePayPassInstallGuide pdf ST Applicable on February 2012 Page 9 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal x Reference ROR2 1486_001_CCD_ASE Printed copy not controlled verify the O version before using 133 Classification level Public Pages Mobile MasterCard Paypass Card Applications V1 0 Administration Guide Ref D2148601 MobilePayPassAdminGuide pdf Mobile MasterCard Paypass Card Applications V1 0 Developing Client Applications Guide Ref D2148602 MobilePayPassDevClientAppsGuide pdf Orange NFC V2 G1 card Security Target Ref D1226479p 1 3p Orange NFC V2 G1 card Preparation Guidance Ref PRE D1226480 1 1 Orange NFC V2 G1 card Guidance for Administration Ref OPE D1226483 1 2 Guidance for Verification Authority of Orange NFC V2 G1 card Ref OPE D1226483v 1 4 Rules for applications on a Upteq M NFC certified product Ref D1186227 A09 Guidance for secure application development on Upteq mNFC Ref D1188231 A07 UpTeq Card Architecture Guide with GP2 2 NFC GUIDE Ref D1189324 UpTeq Card APDU Guide
11. O ISSUING BANK AUTH This objective is covered by FIA UAU 1 Post Issuance Bank Management which require a successful authentication of the Issuing Bank to the TOE to perform a transaction FIA UAU 3 which prevents against use of forged authentication data FIA UAU 4 which prevents against reuse of authentication data FIA SOS 2 which ensures the TOE can generate random value to perform authentication processes FIA AFL 1 Issuing Bank that detects unauthorised authentications events FIA ATD 1 guarantees that security attributes belonging to the Issuing Bank are securely maintained FIA USB 1 ensures that the appropriate security attributes are associated to the Issuing Bank authentication FDP ACC 2 Post sssuance Bank Management FDP ACF 1 Post lssuance Bank Management FDP_ACC 2 PAP Application FDP ACF 1 PAP Application FDP_ACF 1 PAP Administration Management FDP_ACF 1 PAP Payment Transaction Management ST Applicable on February 2012 Page 109 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal t X Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the O version before using 133 Classification level Public Pages FDP_ACC 2 PAP Administration Management FDP ACC 2 PAP Activation FDP ACC 2 PAP Payment Transaction Management FDP ACF 1 PAP Activation that define access controls to the TOE for the Issuing Bank FDP_ETC 1 F
12. O USER AUTH O ISSUING BANK AUTH O AUTHORISATION CONTROL O DATA DISCLOSURE O DATA INTEGRITY O APP BLOCK O TRANSACTION UNIQUENESS O TRANSACTION INTEGRITY O TRANSACTION BYPASS O USER AUTH O ISSUING BANK AUTH O AUTHORISATION CONTROL O DATA DISCLOSURE O DATA INTEGRITY O TRANSACTION UNIQUENESS O TRANSACTION INTEGRITY O TRANSACTION BYPASS O ISSUING BANK AUTH O DATA DISCLOSURE O DATA INTEGRITY O RISK MNGT O TRANSACTION UNIQUENESS O TRANSACTION INTEGRITY O TRANSACTION BYPASS O DATA DISCLOSURE O DATA INTEGRITY O TRANSACTION UNIQUENESS O TRANSACTION INTEGRITY O TRANSACTION BYPASS O AUTHORISATION CONTROL O DATA DISCLOSURE O DATA INTEGRITY O RISK MNGT O TRANSACTION UNIQUENESS O TRANSACTION INTEGRITY O TRANSACTION BYPASS O USER AUTH O ISSUING BANK AUTH O AUTHORISATION CONTROL O DATA DISCLOSURE O DATA INTEGRITY O TRANSACTION UNIQUENESS O TRANSACTION INTEGRITY O TRANSACTION BYPASS O ISSUING BANK AUTH Page 119 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal X Reference ROR2 1486_001_CCD_ASE Printed copy not controlled verify the O version before using Classification level Public Pages 133 Security Functional F EE Requirements Security Objectives O AUTHORISATION CONTROL O DATA DISCLOSURE O DATA INTEGRITY ST Applicable on February 2012 Page 120 133 No disclosure to a third par
13. OSP QUOTAS Security domains are subject to quotas of memory at creation No contradiction OSP PRODUCTION Production and personalization environment has to be secured as the TOE delivery occurs after Phase 6 No contradiction OSP PERSONALIZER The personalizer under an Operator s Contract is in charge of the TOE personalization process before card issuance He ensures the security of the keys he loads on the U SIM cards e Mobile operator keys including OTA keys telecom keys either generated by the personalizer or by the mobile operator and delegated management token keys ST Applicable on February 2012 No disclosure to a third party without prior written consent of Gemalto No contradiction Page 37 133 Release 1 01p gemal x Reference ROR2 1486_001_CCD_ASE Printed copy not controlled verify the Q version before using 133 Classification level Public Pages e Issuer Security Domain keys ISD keys or Card issuer keys e Application Provider Security Domains keys APSD keys e Controlling Authority Security Domain keys CASD keys e Verification Authority Security Domain keys VASD keys OSP KEY ESCROW The key escrow is a trusted actor in charge of the secure storage of the initial AP keys generated by the TOE personalizer during initial personalization He ensures the security of the keys No contradiction DSP VERIFICATION Mobile Paypass 1 0 appli
14. PAP Transaction Parameters Integrity ST Applicable on February 2012 Page 86 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal t x Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the O version before using 133 Classification level Public Pages Security attributes of the object Issuing Bank Transaction Data Issuing Bank Transaction Data Integrity and Origin Issuing Bank Transaction Data Confidentiality Integrity and Origin FDP ACF 1 2 Post lssuance Bank Management The TSF shall enforce the following rules to determine if an operation among controlled subjects and controlled objects is allowed Post Issuance Bank Management operations are allowed only if PAP Issuing Bank Keys Integrity is VERIFIED PAP Issuing Bank secure script Counters Integrity is VERIFIED PAP Issuing Bank secure script Counters State is NOT BLOCKED Issuing Bank Transaction Data Integrity and Origin is VERIFIED Issuing Bank Transaction Data Confidentiality Integrity and Origin is VERIFIED PAP Transaction Parameters Integrity is VERIFIED FDP ACF 1 3 Post Issuance Bank Management The TSF shall explicitly authorise access of subjects to objects based on the following additional rules None FDP ACF 1 4 Post Issuance Bank Management The TSF shall explicitly deny access of subjects to objects based on the following additional rules following rule If o
15. Public Pages 133 Classification level 6 3 Security Requirements Rationale 6 3 1 Objectives 6 3 1 1 Security Objectives for the TOE TRANSACTION PROTECTION O TRANSACTION_UNIQUENESS This security objective is met by the following SFRs FCS_COP 1 Application Cryptogram FCS_CKM 1 Session Keys FCS_CKM 4 Session keys which guarantees that transaction cryptograms are generated in accordance with the PM 1 amp PM 2 specifications access and information flow control SFPs FDP_ACC 2 PAP Application FDP_ACF 1 PAP Application FDP_IFC 2 PAP Offline Authentication FDP_IFF 1 PAP Offline Authentication FDP_ACC 2 PAP Activation FDP_ACF 1 PAP Activation FDP_ACF 1 PAP Administration Management FDP_ACF 1 PAP Payment Transaction Management FDP_ACF 1 PAP Offline Authentication FDP_ACF 1 Post Issuance Bank Management FDP_ACF 1 PAP Transaction FDP_IFC 2 PAP Offline Transaction FDP_IFC 2 PAP Online Transaction FDP_IFC 2 Post lssuance Bank Management FDP_IFF 1 PAP Offline Transaction FDP_IFF 1 PAP Online Transaction FDP IFF 1 Post Issuance Bank Management FDP_ACC 2 PAP Administration Management FDP_ACC 2 PAP Payment Transaction Management FDP_ACC 2 Post lssuance Bank Management FDP ACC 2 PAP Offline Authentication FDP ACC 2 PAP Transaction FDP ETC 1 and FDP ITC 1 are enforced for cryptogram generation and thus help in preserving the uniqueness of a transaction FDP UIT 1 which guarantees the integrity of
16. ASE Printed copy not controlled verify the O version before using Public Pages 133 OTA Interface QA Mobile NS AA Network Payment Application Package PAP HCI Communication Protocol between UICC and NFC Controller 7 Contactless Interface ISO 14443 m Contactless Device Figure 1 TOE type The PAP application shall be compliant to the MasterCard PM 6 Payez Mobile Implementation Guide For MasterCard PAP is composed of e the Contactless Mobile Payment application or CMP application defined section 1 7 1 1 e the Payez Mobile Customization Package 1 6 2 Usage and major security features of the TOE Refer to the 81 3 2 of NFC ST for usage of the platform Payez Mobile introduces an innovative Contactless Mobile Payment CMP solution that enables CMP transactions via radio frequency with the payment function located on a mobile handset supporting NFC technologies ST Applicable on February 2012 Page 14 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal t x Reference ROR2 1486 00 1 CCD ASE Printed copy not controlled verify the O version before using 133 Classification level Public Pages One or more PAP can be installed in the U SIM card To execute a CMP customers simply hold their mobile handset close to a contactless reader to exchange payment information Authorization and clearing are proc
17. All applications are associated at load time to a Verification Authority signature Mandated DAP that is verified on card by the on card representative of the VA prior to the completion of the application loading operation and prior to the instantiation of any applet defined in the loaded application Controlling Authority 7 TSM means Trusted Services for Mobile NFC by linking MNO with the NFC world managing services for banks and transport operators and always on services backed by banking grade security Several TSM exist the TSM SP acting on behalf the Service Provider ie Bank and TSM MNO acting on behalf the MNO ie Orange The Verification Authority VA trusted third party represented on the U SIM card acting on behalf of the MNO and responsible for the verification of applications signatures mandated DAP during the loading process These applications shall be validated for the standard applications or certified for the secure ones The Controlling Authority CA entity independent from the MNO represented on the U SIM card and responsible for securing the keys creation and personalization of the Application Provider Security Domain APSD ST Applicable on February 2012 Page 27 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal t x Reference ROR2 1486 00 1 CCD ASE Printed copy not controlled verify the O version before using 133 Classi
18. PAP Activation FDP ACF 1 PAP Activation FDP ACF 1 PAP Administration Management FDP ACF 1 PAP Payment Transaction Management FDP ACF 1 PAP Offline Authentication FDP ACF 1 Post Issuance Bank Management FDP ACF 1 PAP Transaction FDP IFC 2 PAP Offline Transaction FDP IFC 2 PAP Online Transaction FDP IFC 2 Post Issuance Bank Management FDP ITC 1 FDP ACC 2 PAP Administration Management FDP _ACC 2 PAP Payment Transaction Management FDP_ACC 2 Post Issuance Bank Management FDP_ACC 2 PAP Offline Authentication FDP ACC 2 PAP Transaction FDP IFF 1 PAP Offline Authentication FDP IFF 1 PAP Offline Transaction FDP IFF 1 PAP Online Transaction FDP IFF 1 Post Issuance Bank Management FDP ITC 2 PAP Transaction FMT MOF 1 Parameters FMT MSA 1 Issuing Bank FMT MSA 3 FDP UIT 1 FPT_TDC 1 FDP ACC 2 PAP Application FDP_ACF 1 PAP ee Application FDP_ETC 1 FDP_IFC 2 PAP Offline O TRANSACTION INTEGRITY ST Applicable on February 2012 Page 113 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal x Reference ROR2 1486_001_CCD_ASE Printed copy not controlled verify the Q version before using Classification level Public Pages 133 Security Functional Requirements Rationale Authentication FDP IFF 1 PAP Offline Authentication FDP ITC 2 Post Issuance Bank Management FIA UAU 1 PAP Online Transaction FDP ACC 2 PAP Activa
19. Post Issuance Bank Management as well as FIA AFL 1 1 Customer and FIA AFL 1 1 Issuing Bank which ensures the Customer and Issuing Bank authentication Note that the MNO authentication is ensured by the Platform according to composition Applicable on February 2012 Page 111 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal X Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the Q version before using 133 Classification level Public Pages RISK MANAGEMENT O RISK MNGT This security objective is met by the following SFRs FDP ACC 2 PAP Transaction and FDP ACF 1 PAP Transaction FDP IFC 2 PAP Offline Transaction and FDP IFF 1 PAP Offline Transaction and FDP IFC 2 PAP Online Transaction and FDP IFF 1 PAP Online Transaction which ensure number of transactions without authorization does not exceed maximum values of risk management counters FDP UIT 1 which ensures that data are protected during transmission from and to the TOE Unauthorised modification and replay attacks are detected FMT MSA 2 which guarantees that only secure values are accepted for security attributes O APP BLOCK This security objective is met by the following SFRs FDP ACC 2 PAP Administration Management and FDP ACF 1 PAP Administration Management which grant an authorized user the Issuing Bank the privilege to block the PAP and its data FIA UID 1 Po
20. ROR2 1486 00 1 CCD ASE Printed copy not controlled verify the O version before using 133 Classification level Public Pages 1 7 2 Logical scope of the TOE the logical security features offered by the TOE Refer to the 1 3 8 of NFC ST for description of platform security features This section describes the security features offered by the PAP These are structured in several modules see Figure 7 For a detailed description about these modules refer to PM 6 section 2 1 Contactless Detect GUI Counter Reset HCI Events Availability Presence process Manager OTA Transaction Script Counter Capabilities Log Processing Management Figure 7 PAP Module 1 7 2 1 Contactless Availability The contactless availability is responsible for e the CMP activation by using the activation interface of the CRS API the contactless life cycle state will be updated to the value ACTIVATED in the GP Registry e the CMP deactivation by using the deactivation interface of the CRS API the contactless life cycle state will be updated to the value DEACTIVATED in the GP Registry e the CMP blocking by setting up the contactless life cycle state to the value NON ACTIVATABLE in the GP Registry using the CRS API 1 7 2 2 Script Processing Module This is a functional module allowing the Issuing Bank to update some parameters of the application and strictly compliant with the payment scheme specifications This module supports Person
21. Ref D1189337 UpTeq Applet Development Guide Ref D1110140 Connection Over CAT TP BIP v2 0 1 Technical Specifications Guide Ref D1111478 UpTeq OTA Messaging Guide Ref D1172819 UpTeq m NFC 2 0 User s Guide Ref D1187335 Gemalto Orange profile description vA2 1 4 Definitions Please refer to Part I Product Definition PM 1 Section 2 5 ST Applicable on February 2012 Page 10 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal t x Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the O version before using ngs 133 Classification level Public Pages 1 5 Acronyms and Abbreviations Please refer to Part I Product Definition PM 1 Section 2 6 Ca RN ST Applicable on February 2012 Page 11 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemalt x Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the O version before using Classification level Public Pages 133 e Jee ST Applicable on February 2012 Page 12 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal t X Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the O version before using 133 Classification level Public Pages 1 6 TOE overview This section briefly desc
22. SECURITY DOMAINS Security domains can be dynamically created deleted and blocked No contradiction during usage phase in post issuance mode OE QUOTAS Security domains are subject to quotas of memory at creation OE PRODUCTION Production and personalization environment if the TOE delivery No contradiction occurs before Phase 6 of the TOE life cycle must be trusted and secure OE PERSONALIZER The personalizer shall be a trusted actor in charge of the personalization process He must ensure the security of the keys it manages and loads into the card e Mobile operator keys including OTA keys telecom keys either generated by the personalizer or by the mobile operator e Issuer Security Domain keys ISD keys e Application Provider Security Domain keys APSD keys e Controlling Authority Security Domain keys CASD keys No contradiction No contradiction OE KEY ESCROW The key escrow shall be a trusted actor in charge of the secure No contradiction storage of the AP initial keys generated by the personalizer ST Applicable on February 2012 Page 46 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p Printed copy not controlled verify the version before using Classification level Public Ito Reference ROR21486 001 CCD ASE Pages 133 OE APPLET No applet loaded post issuance shall contain native m
23. SIM UNLOCK Transaction FIA UAU 3 O USER AUTH O ISSUING BANK AUTH O TRANSACTION REPLAY O USER AUTH EB UAUA O ISSUING BANK AUTH FIA UAU 6 Customer O USER AUTH FIA UD PAF Uning O TRANSACTION BYPASS Transaction FIA UID 1 Post Issuance O TRANSACTION BYPASS Bank Management FIA UID 1 Payment O TRANSACTION BYPASS O SIM UNLOCK Transaction FIA USB 1 O USER AUTH O ISSUING BANK AUTH O TRANSACTION REPLAY O USER AUTH E DU O ISSUING BANK AUTH FDP DAU 1 O DATA INTEGRITY O TRANSACTION INTEGRITY FDP ITC 2 Post Issuance O TRANSACTION BYPASS Bank Management O ISSUING BANK AUTH O DATA DISCLOSURE O DATA INTEGRITY O TRANSACTION INTEGRITY FDP ITC 2 PAP Transaction O TRANSACTION BYPASS O DATA DISCLOSURE O DATA INTEGRITY O TRANSACTION UNIQUENESS O TRANSACTION INTEGRITY FDP ETC 1 O TRANSACTION BYPASS O ISSUING BANK AUTH O DATA DISCLOSURE O DATA INTEGRITY O TRANSACTION UNIQUENESS O TRANSACTION INTEGRITY O TRANSACTION BYPASS O ISSUING BANK AUTH O AUTHORISATION CONTROL O DATA DISCLOSURE O DATA INTEGRITY O TRANSACTION UNIQUENESS FEDES O TRANSACTION REPLAY ST Applicable on February 2012 Page 124 133 Security Objectives FDP ITC 1 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal x Reference ROR2 1486_001_CCD_ASE Printed copy not controlled verify the O version before using Public Pages 133 Classification level Sec
24. T INTEG USER DATA The attacker through a malicious applet All T INTEG T TEMPORARY_DATA T COM EXPLOIT An attacker remotely exploits the communication channel USB ISO 7816 NFC BIP or SMS established between the mobile phone and the U SIM card in order to modify or disclose confidential data All T T UNAUTHORIZED CARD MNGT The attacker performs unauthorized card management operations for instance impersonates one of the actor represented on the card in order to take benefit of the privileges or services granted to this actor on the card such as fraudulent actions on package file applet or security domain All T DISCLOSURE All T INTEG T TEMPORARY DATA All T TRANSACTION T APPLICATION DOS All T xxx USURPATION T LIFE CYCLE An attacker accesses to an application outside of its expected availability range thus violating irreversible life cycle phases of the application for instance an attacker re personalizes the application No contradiction T UNAUTHORIZED ACCESS By using the shareable object mechanism on which relies the communication between two applets the attacker uses an applet on card to get access or to modify data from another applet that he should not have access to No contradiction T CONFID APPLI DATA The attacker executes an application to disclose data belonging to another application All T DISCLOSURE T CONFID JCS CODE The attacker executes an application to disclose the
25. Upon a new activation request this application is responsible for managing the deactivation of the current activated payment application The Payez Mobile application is the single application except the CMP application itself that can modify the CMP contactless life cycle state from ACTIVATED to DEACTIVATED This application does not apply its business logic if the new application to be activated and the current activated application are members of the same application group or in case of one shot payment 1 6 3 2 Proximity Payment System Environment PPSE application EMVCo CREL Application The PPSE application is a CREL Contactless Registry Event Listener application according to GlobalPlatform Amendment C GP 5 This application is present in the Issuer Security Domain Therefore it is under the MNO s responsibility Its role is to e read the GP Registry in order to check the ACTIVATED CMP application Only one CMP application is in the state ACTIVATED at a time Therefore the PPSE contains only one CMP application AID e build the SELECT PPSE response The PPSE response is updated each time an activation or deactivation notification is received from the CRS API Contactless Registry Service Application Programming Interface e upon reception of a SELECT PPSE command the PPSE application returns the PPSE response built previously 1 6 3 3 Payment Bridge application The Payment Bridg
26. bearer the ability to perform complete personnalisation of its dedicated payment application through OTA bearer Assumptions A MERCHANT AUTH Merchant contract subscription guarantees the authenticity of the Merchant ST Applicable on February 2012 Page 59 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemalt X Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the Q version before using Classification level Public Pages 133 5 Security Objectives 5 1 Security Objectives for the TOE 5 1 1 TRANSACTION PROTECTION O TRANSACTION UNIQUENESS The TOE shall preserve the uniqueness of a transaction by limiting the probability of generating two identical copies of transactions certificates O TRANSACTION INTEGRITY The TOE shall preserve the integrity of transactions and the integrity of all certified terms of the transactions O TRANSACTION BYPASS The TOE shall prevent from bypassing a mandatory step of the transaction flow model as defined by the PM 1 and PM 2 specifications O TRANSACTION REPLAY The TOE shall detect and reject replayed transactions 5 1 2 AUTHENTICATION O USER AUTH The TOE shall provide customer authentication means for Personal Code change unblock and for each payment transaction above the Personal Code Entry Limit Application Note No further customer authentication attempts shall be possible
27. behalf of the user to be performed before the user is authenticated Refinement User authentication stands for the authentication of the user to the U SIM card by mean of the PAP PIN code FIA UAU 1 2 Payment Transaction The TSF shall require each user to be successfully authenticated before allowing any other TSF mediated actions on behalf of that user Application Note This authentication shall be handled by the U SIM platform The PAP shall be able to verify the state of the customer authentication by the U SIM platform FIA UAU 3 Unforgeable authentication FIA UAU 3 1 The TSF shall detect use of authentication data that has been forged by any user of the TSF FIA UAU 3 2 The TSF shall detect use of authentication data that has been copied from any other user of the TSF FIA UAU 4 Single use authentication mechanisms FIA UAU 4 1 The TSF shall prevent reuse of authentication data related to PAP Offline Data Authentication PAP Issuing Bank and MNO Authentication ST Applicable on February 2012 Page 101 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal t x Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the Q version before using 133 Classification level Public Pages FIA UAU 6 Customer Re authenticating FIA UAU 6 1 Customer The TSF shall re authenticate the user under the conditions
28. channel with the U SIM to tunnel MNO s management functions and data 42 2 SUBJECTS Subjects are active entities in the U SIM S PAP The PAP subject is the Payment Application Package ST Applicable on February 2012 Page 54 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemalt X Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the Q version before using Classification level Public Pages 133 S BANK TSM The Bank TSM allows the Issuing Bank to submit PAP management operations installation selection activation block counter reset etc S MNO ISD The MNO Issuer Security Domain allows the MNO to verify the Issuing Bank management operations in a Delegated Management privilege mode token verification 4 3 Threats A threat agent wishes to abuse the assets by physical or logical attacks or by any other type of attacks Any user may act as a threat agent 4 3 1 DISCLOSURE Unauthorised disclosure of assets T DISCLOSURE KEYS An attacker may perform attacks leading to unauthorised knowledge of the keys Assets threatened PAP keys T DISCLOSURE REF PC An attacker may perform attacks leading to unauthorised knowledge of the Reference Personal Code Assets threatened Reference Personal Code 4 3 2 INTEGRITY Unauthorised modification of assets T INTEG LOG FILE Unauthorised modification of stored log files an a
29. consent of Gemalto Release 1 01p Printed copy not controlled verify the version before using Ito Reference ROR21486 001 CCD ASE Public Classification level Pages 133 2 Conformance Claim 2 1 CC conformance claim This Security Target is written using CC version 3 1 release 3 This ST is CC Part 2 conformant and CC Part 3 conformant 2 2 PP and Package claim The evaluation assurance level of this security target is EAL4 augmented with e ALC DVS2 Sufficiency of security measures e AVA VAN 5 Advanced methodical vulnerability analysis ST Applicable on February 2012 No disclosure to a third party without prior written consent of Gemalto Page 32 133 Release 1 01p gemal X Reference ROR2 1486 001 CCD ASE Printed copy not controlled verify the O version before using 133 Classification level Public Pages 3 Statement of compatibility This section presents the statement of compatibility of the composite TOE the PAP upon the U SIM platform This statement stands as developer evidence of the composite evaluation activity ASE_COMP 1 defined in CPESC The aim of this activity is to determine whether the Security Target of the PAP does not contradict the Security Target of the underlying platform Figure 11 Conformance and Composition The platform ST is the Orange NFC V2 G1 platform using ST33F1M given in NFC ST compliant to the U SIM Protection
30. gemalt x Reference ROR2 1486 00 1 CCD ASE Printed copy not controlled verify the O version before using Classification level Public Pages 133 5 3 2 4 BANK seaca A E 70 VES MEE COUR EE 71 5 34 SPD and Security Objectives esesusececennnnnnnnensenscennnnnnenennenscenannnnanennesseenennanannnesssnsenss 71 6 SECURITY REQUIREMENTS cscsccssseccsssecesseeseaseeneseeenaseeneseeanaseeneneeaeaeesneneeneaeenoas 78 6 1 SECURITY FUNCTIONAL REQUIREMENTS ccescceeecseecueecueesueesueeseeeseeeaueeeeseeeseeesaeeseeseetsagtsgsesagens 78 6 11 ACCESS CONTROL POLICY ersa eaa a aar pri RR RR S RERRR OEIRAS REEE 80 6 1 2 ACCESS CONTROL FUNCTIONS iiiies eain ahhh haha aha h aa aa ERR EE MERE RR EE EE LERRA EE HERR EAE HERR 248 83 6 1 3 INFORMATION FLOW CONTROL POLICY susssssscsennsssesennansessnsansessnsansessnsansessnsanssssssags 89 6 14 SECURITY AUDEE iier Guanes RR vs EENET RRXRAEER Dianova EE EY RUE ERROR these 94 6 1 5 CRYPTOGRAPHIC SUPPORT eeeess esee eese nna ahhh aa aa RR EE EE E EE EE HERR SEE HERR AE EE HERR EAE HERR 444 95 6 L6 PROTECTION i ERA YR RE 2 LEM YN RR DR RYE RE RSEN YREL ANE ER REA OEE CREE 97 6 17 MANAGEMENT iiit etr a dae o TER ERA RENE NRAR ERA ERR ities ia DERE ERU E 98 6 1 8 IDENTIFICATION AUTHENTIFICATION esee eese eser a rena ahhh hahaha anna aa aa anna aa oon 100 6 1 9 ACCESS and INFORMATION FLOW CONTROL SFP ssssccsseessccsneesscssneesssssneessssane
31. in the TOE through the installation process T INTEG_SEL_ACT_PARAM T OBJ DELETION The attacker keeps a reference to a garbage collected object in order to force the TOE to execute an unavailable method to make it to crash or to gain access to a memory containing data that is now being used by another application T UNAUTHORIZED_ACCESS_TO_SERVICE An attacker may gain direct access to an optional platform service without authorization by bypassing access control to service activation All T DISCLOSURE All T INTEG T TEMPORARY_DATA No contradiction Table 1 Compatibility of threats ST Applicable on February 2012 No disclosure to a third party without prior written consent of Gemalto Page 35 133 Release 1 01p gemal t x Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the Q version before using Classification level Public Pages 133 3 2 Compatibility of OSP OSP SECURE APPS CERTIFICATION Secure applications must be certified according to the Common Criteria at an EAL equal to the one of the current Protection Profile The composition of these applications with the current PP must follow the rules defined in the document CPESC These applications are associated to a digital signature which will be checked by a VA during the loading into the TOE See Secure APP for more details on the evaluation validation process No contradiction Mobil
32. in which the application is activated and can be selected by a terminal application e DEACTIVATED state in which the application is deactivated but still can be selected by a terminal application to receive appropriate commands For instance in this state the customer is authorized to view his transactions log or change the Personal Code e NON ACTIVATABLE state in which the application cannot be activated and its services are blocked either by the Issuing Bank or as a result of several above the Personal Code Entry Limit wrong Personal Code entry by the customer When the life cycle status of the Head Application of an application group is NON ACTIVATABLE then the members of 1 The Application Provider AP of PAP financial institution a bank responsible for the applications and their associated services 11 The Mobile Network Operator MNO or mobile operator issuer of the U SIM Java Card platform and proprietary of the U SIM The platform guarantees that the issuer once authenticated could manage the loading instantiation or deletion of applications ST Applicable on February 2012 Page 28 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal x Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the O version before using 133 Classification level Public Pages the application group are automatically deactivated application life cycl
33. is partially handled by the U SIM platform regarding physical attacks and unobservability of secrets O DATA_INTEGRITY The TOE shall avoid unauthorised modification of user data and TSF data managed or manipulated by the TOE O DATA_USERS The TOE shall ensure that user data are only accessed by authorised users 5 1 5 RISK MANAGEMENT O RISK_MNGT The TOE security functions behavior is limited by maximum values of risk management counters number of transactions without authorisation the aggregated amount without authorisation that trigger an online authorisation request These mechanisms are valid regardless the amount of the payment transaction O APP_BLOCK The TOE shall grant an authorised user the privilege to block the PAP and its data in a way to prohibit a positive response to payment authorisation requests This is remotely operated through OTA bearer O SIM_UNLOCK The TOE shall require unlocking the U SIM card by means of the PIN code for each payment transaction Application Note Handled by the U SIM platform see O COMM_AUTH in PP USIM O AUDIT The TOE shall record transactions to support effective security management O CHANNELS The TOE shall provide the means to identify the origin of a communication request intended to be routed by a specific communication channel e g SWP for communications between the U SIM and the NFC Controller O AUDIT_ACCESS The TOE shall grant the customer access to
34. loaded does not impersonate the AID known by another application on the card for the use of shareable services No contradiction Mobile Paypass 1 0 application is Secure APP PPSE Payez Mobile and Payment Bridge applications are Standard APP OSP OTA LOADING Application code validated or certified depending on the application is loaded Over The Air OTA onto U SIM Platform using OTA servers of the mobile operator If needed the Card issuer can pre authorize content loading operation through delegated management privilege to individual on card representative of APs In that case the application code is loaded in the APSD Once loaded the application is personalized using the appropriate SD keys No contradiction Mobile Paypass 1 0 application is Secure APP PPSE Payez Mobile and Payment Bridge applications are Standard APP ST Applicable on February 2012 No disclosure to a third party without prior written consent of Gemalto Page 36 133 Release 1 01p gemal t x Reference ROR2 1486 00 1 CCD ASE Printed copy not controlled verify the O version before using Pages 133 Classification level Public OSP OTA SERVERS A security policy shall be employed by the mobile operator to ensure the security of the applications stored on its servers No contradiction Mobile Paypass 1 0 application is Secure APP PPSE Payez Mobile and Payment Bridge applications
35. log data of the last transactions performed by the PAP Protection integrity Customer Account Information All customer bank account data including the PAN the PAN Sequence Number expiration date Protection integrity PAP keys The cryptographic keys owned by the payment application instances Protection integrity and confidentiality Application Note ST Applicable on February 2012 Page 52 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemalt x Reference ROR2 1486 00 1 CCD ASE Printed copy not controlled verify the O version before using Classification level Public Pages 133 This asset includes secret keys private keys and random numbers used for secret key generation PAP Transaction Parameters Any data used for internal card risk management including last on line ATC PAP AID PDOL data Currency code Personal Code Entry Floor Limit Personal Code indicators CDOL1 CVM PK certificates Protection integrity PAP Selection and Activation parameters The parameters allowing the POS to perform the selection and activation of the embedded PAP Protection integrity Application Note For instance the AID the longAID the AFL contactless life cycle state etc 4 1 2 TSF data TSF data are data might affect the operation of the TOE 4 1 2 1 TRANSACTION MANAGEMENT DATA Reference Personal Code The stored value of the Personal Code which allo
36. manage the request of SSD creation and after requesting a token DM to the MNO to manage the payment application installation instantiation and deletion 1 6 3 5 UICC Management Platform The UICC Management Platform is owned by the MNO and handles the global management of the customer s UICCs This platform is mainly used during the payment service delivery 1 6 3 6 Bank GUI Management Platform The Bank GUI Management Platform enables the Bank GUI installation its synchronization and its update This platform shall be able to cover application portability issues and deliver the appropriate version of the Bank GUI depending on the mobile handset used by customer 1 6 3 7 POS terminal Point of sales POS stands for the merchant acceptance terminal used to execute and process a financial transaction by communicating with a customer device such as a mobile handset POS terminal includes stand alone multi lanes or ECR devices The POS incorporates a contactless interface device and may also include other components and interfaces The POS terminal shall comply with Payez Mobile minimum requirements defined in PM 2 1 6 3 8 POS Application The POS terminal hosts a payment application that complies with MasterCard PayPass Visa PayWave or local scheme contactless specifications and with Payez Mobile Specifications 1 6 3 9 Mobile Handset The TOE as a smartcard is intended to be plugged in a mobile handset This equipment can be a
37. mobile phone or a PDA or any other connecting device NFC Mobile handset shall comply with Payez Mobile minimum requirements defined PM 2 1 6 3 10 Bank GUI The Bank GUI Java SDK Android is a graphical interface loaded into the mobile handset that allows the customer to access to the functions associated to their CMP applications The Bank GUI gives several functionalities to the customer for example payment set to ACTIVATED by default Activate its CMP application deactivate its CMP application change the Personal Code change the application name CMP application parameters update transaction log consultation etc ST Applicable on February 2012 Page 19 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal x Reference ROR2 1486 001 CCD ASE Printed copy not controlled verify the O version before using 133 Classification level Public Pages 1 6 3 11 MNO GUI The MNO GUI is the primary graphical interface loaded onto the mobile handset which allows the customer to access all their NFC services stored in the UICC If the customer selects one PAP the MNO GUI launches the associated graphical interface called Bank GUI This interface allows the Customer to identify the current active CMP application by displaying a logo beside the associated Bank GUI 1 6 3 12 OTA Platform Platform using OTA mechanisms providing functions to tunn
38. mode of transaction are presented in Figure 3 Point of sales POS stands for the merchant acceptance terminal used to execute and process a financial transaction by communicating with a customer device such as a mobile handset POS terminal includes stand alone multi lanes or ECR devices The POS incorporates a contactless interface device and may also include other components and interfaces ST Applicable on February 2012 No disclosure to a third party without prior written consent of Gemalto Page 16 133 Release version before using 1 01p gemal Oo Reference ROR2 1486 00 1 CCD ASE Printed copy not controlled verify the 133 Classification level Public Pages Authorisation Request conditional is requested depending on Acquirer Issuing NO Step 3 The end user keeps their mobile handset onto the contactless reader until a visible and audible signal takes place Step 1 Step 2 The Merchant The end user taps enters the their mobile to the transaction amount contactless reader on the POS terminal landing zone Personal Code gt requested Step 2b Step 2c Step 2d A warning signal The end user enters The end user taps audible amp visible their personal code again their mobile requests the end on their mobile handset to the Bank risk management configuration Step 4 Step 5 The mobile displays T
39. modification of risk analysis counters or secure counters Such as the Personal Code Try Counter stored in the TOE an attacker modifies the value of the Personal Code Try Counter stored in the PAP in order to change the limitation of the number of failing Personal Code required and finally gets unauthorised permission to submit a payment transaction Assets threatened PAP Counters T TEMPORARY DATA Unauthorised modification of temporary transaction data an attacker modifies the value of transaction data in order to authorise counterfeited or replayed transactions Assets threatened PAP Transaction Data POS Transaction Data Issuing Bank Scripts MNO Data Issuing Bank Transaction Data T INTEG SEL ACT PARAM Unauthorised modification of stored selection and activation parameters an attacker modifies the value of parameters allowing the POS to perform the selection and activation of the embedded PAP in order to select and activate a counterfeited PAP Assets threatened PAP Selection and Activation Parameters 4 3 3 FRAUDULENT PAYMENT T STEALING An attacker identifies and steals the mobile handset of the legitimate customer and if necessary disables the OTA channel activating of the airplane mode for instance in order to use it to submit payment transactions Assets threatened All assets T MERCHANT ACCOMPLICE An attacker deals with a merchant in order to split payment into small amount payments that do not require Pe
40. policy on card management No contradiction O DOMAIN RIGHTS The Card issuer shall not get access or change personalized AP security domain keys which belong to the AP Modification of a security domain keyset is restricted to the AP who owns the security domain No contradiction O APPLI AUTH remote actor The card manager shall enforce the application security policies O GUIS AUTH established by the card issuer by requiring application B authentication during application loading on the card O COMM AUTH The TOE shall authenticate the origin of the card management SOUS AUTH requests that the card receives and authenticate itself to the O MNO_AUTH O COMM INTEGRITY The TOE shall verify the integrity of the card management requests that the card receives O DATA_INTEGRITY O COMM CONFIDENTIALITY The TOE shall be able to process card management requests containing encrypted data O DATA_DISCLOSURE O SCP SUPPORT The TOE OS shall support the following functionalities 1 It does not allow the TSFs to be bypassed or altered and does not allow access to other low level functions than those made available by the packages of the API That includes the protection of its private data and code against disclosure or modification from the Java Card System 2 It provides secure low level cryptographic processing to the Java Card System GlobalPlatform 3 It supports the needs for any update to
41. preventing from identity usurpation O ISSUING BANK AUTH contributes in covering this threat by ensuring that only the Issuing Bank can have access to its services T CUSTOMER USURPATION This threat is covered by the following security objectives O TRANSACTION BYPASS which prevent from bypassing a mandatory step of the transaction flow model as defined by the PM specifications and though preventing from identity usurpation O USER AUTH contributes in covering this threat by ensuring that only the end user can have access to its services O AUDIT ACCESS which guarantees that the end user has access to log files in order to check the history of payment transactions that he has made lately and thus prevents from identity usurpation The security objective on the environment of the TOE OE GUIS TIMEOUT contributes to detect previous usurpation in covering this threat by controlling Personal Code unsuccessful entry attempts 5 39 2 Organisational Security Policies 5 3 2 1 HANDSET OSP POLICY This OSP is directly upheld by the security objective OE POLICY OSP CUSTOMER PC CONFID This OSP is directly upheld by the security objective OE CUSTOMER PC CONFID OSP GUIS IDENTIFICATION This OSP is directly upheld by the security objective OE GUIS IDENTIFICATION 5 3 2 2 MANAGEMENT OSP CERTIFICATES MNGT This OSP is directly upheld by the security objective OE CERTIFICATES MNGT OSP Contactless life cycle MNGT This OSP is directly upheld by the
42. security objective OE Contactless life cycle MNGT OSP TOE USAGE This OSP is directly upheld by the security objective OE TOE USAGE OSP PISHING This security policy is covered by the security objective on the environment OE NO VAD which guarantees that only proximity purchase transactions are authorised ST Applicable on February 2012 Page 69 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal t X Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the Q version before using Public Pages 133 Classification level 5 3 2 3 MERCHANT OSP MERCHANT CONTROL This OSP is directly upheld by the security objective on the environment OE MERCHANT CONTROL The security objectives on the environment OE POS APPROVAL and OE POS APPLICATIONS ensures that POS terminals accepting Payez Mobile payment transactions are approved by a reference body and that the contactless payment applications embedded in these POS terminals are protected in integrity and authenticity 5 3 2 4 BANK OSP BANKS PRIVILEGES This OSP is directly upheld by the security objective OE BANKS PRIVILEGES refer to O ISSUING BANK AUTH which requires the TOE to authenticate the Issuing Bank before processing administration transactions and thus provide services only granted to the Issuing Bank such as request or reset of counters ST Applicable on February 2012 Page 70 133 No disclo
43. successfully or recover to a consistent and secure state No contradiction O SCP IC The SCP shall provide all IC security features against physical attacks No contradiction O Secure API The TOE shall provide to application a secure API means to optimize control on sensitive operations performed by application TOE shall provide services for secure array management and to detect loss of data integrity and inconsistent execution flow and react against tearing or fault induction No contradiction O RNG The TOE must contribute to ensure that random numbers shall not be predictable and shall have sufficient entropy No contradiction O JCAPI Services No contradiction ST Applicable on February 2012 No disclosure to a third party without prior written consent of Gemalto Page 43 133 Release 1 01p gemal t X Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the Q version before using Pages 133 Classification level Public The TOE must contribute to ensure that data manipulated during SHA and CRC services as defined in JCAPI shall not be observed O REMOTE SERVICE AUDIT The TOE shall perform remote service audit only when optional platform service audit is authorized and only by an authorized actor Limited to MNO or GemActivate Administrator usually Gemalto No contradiction O REMOTE SERVICE ACTIVCATION The TOE sha
44. 1 FAU GEN 1 ST Applicable on February 2012 Page 126 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemalt x Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the O version before using Classification level Public Pages 133 Requirements ES B T Tea To Ta Te 335 eau eena rePrsmM y y O FAU SAR 1 CUSTOMER FAU_GEN 1 X FAUGEN S FAU SAR IASSUING BANK Fau GEN FAU GEN FCS_CKM 2 or FCS COP 1 Offline Data Authentication FCS CKM 1 Session Keys FCS_COP 1 and FCS COP 1 Script Processing FCS_CKM 4 FCS CKM 4 Session Keys FDP_ITC 1 or FCS CKM 4 Session Keys FDP_ITC 2 or FCS CKM 1 Session Keys FCS_CKM 1 FCS_CKM 1 or FCS COP 1 Offline Data FDP_ITC 1 or FCS CKM 1 Session Keys Authentication FDP_ITC 2 and FCS_CKM 4 FCS_CKM 1 or FCS COP 1 Application FDP_ITC 1 or Cryptogram FDP_ITC 2 and FDP ITC 2 PAP Transaction FCS_CKM 4 FCS_CKM 1 or FDP_ITC 1 or FDP ITC 2 Post Issuance Bank FCS COP 1 Script Processing FDP ITC 2 and wan FCS_CKM 4 FCS_CKM 1 or FCS COP 1 Messages Data FDP ITC 1 or Integrity EDP TG2 agd eet FCS CKM 4 FCS CKM 1 or FCS COP 1 Messages Data FDP ITC 1 or Confidentiality FDP_ITC 2 and E PP 1 4 FCS_CKM 4 FDP _SDI 2 EPT TST 1 FPT RPL 1 FDP RIP 1 FMT_MOF 1 Parameters FMT_SMF 1 and EMT _SMF 1 Funct
45. 1 O TRANSACTION BYPASS Table 7 Threats and Security Objectives Coverage T TRANSACTION REPLAY ST Applicable on February 2012 Page 72 133 No disclosure to a third party without prior written consent of Gemalto gemalto Reference Release 1 01p ROR21486 001 CCD ASE Printed copy not controlled verify the version before using Classification level Public Pages 133 Security Objectives T TRANSACTION REPLAY O TRANSACTION UNIQUENESS T GERTIF CORRUPTION T TEMPORARY DATA O TRANSACTION INTEGRITY T GERTIF CORRUPTION O TRANSACTION BYPASS Threats T INTEG TRANS PARAM T INTEG COUNT T TRANSACTION COUNTERFEITING T TRANSACTION REPLAY T MNO USURPATION T ISSUING BANK USURPATION T CUSTOMER USURPATION O TRANSACTION REPLAY T TRANSACTION REPLAY O USER AUTH O ISSUING BANK AUTH T DISCLOSURE REF PC T INTEG KEYS T INTEG ACCOUNT INFO T INTEG REF PC T INTEG TRANS PARAM T INTEG COUNT T TEMPORARY DATA T INTEG SEL ACT PARAM T STEALING T MAN IN THE MIDDLE T TRANSACTION REPUDIATION T TRANSACTION COUNTERFEITING T TRANSACTION REPLAY T APPLIGATIONS DOS T CUSTOMER USURPATION T DISCLOSURE KEYS T DISCLOSURE REF PC T INTEG LOG FILE T INTEG KEYS T INTEG ACCOUNT INFO T INTEG REF PC T INTEG TRANS PARAM T INTEG COUNT T TEMPORARY DATA T INTEG SEL ACT PARAM T ISSUING BANK USURPATION O AUTHORISATION CONTROL T TRANSACTION COUNTERFEITING O MNO AU
46. 1 PAP Activation FMT_MSA i FDP ACC 2 PAP Activation FMT MSA 3 FDP ACF 1 PAP FDP_ACC 1 and FDP ACC 2 PAP Administration Administration Management FMT MSA 3 Management FMT MSA 3 FDP ACF 1 PAP Payment FDP_ACC 1 and FDP ACC 2 PAP Payment Transaction Transaction Management FMT MSA 3 Management FMT MSA 3 FDP ACF 1 Post Issuance FDP_ACC 1 and FDP ACC 2 Post Issuance Bank Bank Management FMT MAS Management FMT MSA 3 FDP ACF 1 PAP Offline FDP_ACC 1 and FDP ACC 2 PAP Offline Authentication Authentication FMT_MSA FMT MSA 3 FDP_ACC 1 and FDP ACF 1 PAP Transaction FMT_MSA FDP ACOC 2 PAP Transaction FMT MSA 3 FUP ee PAR CiNine FDP IFF 1 FDP IFF 1 PAP Offline Authentication Authentication Se FDP_IFF 1 FDP IFF 1 PAP Offline Transaction Transaction PDE IF a Onini FDP_IFF 1 FDP IFF 1 PAP Online Transaction Transaction FDP IFC 2 Post Issuance FDP_IFF 1 Post Issuance Bank FDP IFF 1 Bank Management Management FDP IFF 1 PAP Offline FDP IFC 1 and FDP IFC 2 PAP Offline Authentication Authentication FMT MSA FMT MSA 3 FDP IFF 1 PAP Offline FDP_IFC 1 and FDP IFC 2 PAP Offline Transaction Transaction FMT MSA FMT MSA 3 FDP IFF 1 PAP Online FDP_IFC 1 and FDP IFC 2 PAP Online Transaction Transaction FMT MSA FMT MSA 3 FDP_IFF 1 Post Issuance FDP_IFC 1 and FDP IFC 2 Post Issuance Bank Bank Management FMT van Management FMT MSA 3 FAU ARP 1 FAU_SAA 1 FAU SAA 1 FAU SAA 1 FAU GEN
47. 1 DAP FDP ITC 2 CCM FDP ROL 1 CCM FDP UIT 1 CCM FPT FLS 1 CCM FDP ACC 1 SD FDP ACF 1 SD FMT MSA 1 SD FMT_MSA 3 SD FMT_SMF 1 SD FMT_SMR 1 SD FCO_NRO 2 SC FDP_IFC 2 SC FDP_IFF 1 SC FIA_UID 1 SC FIA_UAU 1 SC FIA UAU 4 SC FMT MSA 1 SC FMT_MSA 3 SC FMT_SMF 1 SC FTP_ITC 1 SC FDP_ACC 2 FIREWALL X X X DX DX DX X DX LK LK 5X OK 5X DX X X X 0X 0 lt X FDP ACF 1 FIREWALL FDP_IFC 1 JCVM FDP_IFF 1 JCVM FDP_RIP 1 OBJECTS FMT MSA 1 JCRE FMT_MSA 1 JCVM FMT_MSA 2 FIREWALL_JCVM FMT_MSA 3 FIREWALL FMT_MSA 3 JCVM FMT_SMF 1 FMT_SMR 1 X X X XK DX p X X X xX x x ST Applicable on February 2012 No disclosure to a third party without prior written consent of Gemalto Page 48 133 Release 1 01p gemalt x Reference ROR2 1486 00 1 CCD ASE Printed copy not controlled verify the O version before using Classification level Public Pages 133 FCS CKM 1 DES X FCS CKM 1 AES X Not used FCS CKM 1 RSA X FCS CKM 2 DES X FCS CKM 2 AES X Not used FCS CKM 2 RSA gt X lt FCS_CKM 3 DES x lt FCS CKM 3 AES X Not used FCS_CKM 3 RSA FCS_CKM 4 FCS COP 1 DES CIPHER XX lt lt x FCS COP 1 DES MAC COMP FCS COP 1 AES CIPHER X Not used FCS COP 1 AES MAC COMP X No
48. 133 Classification level Public Pages Rationale for the exclusion of Dependencies The dependency FPT_STM 1 of FAU_GEN 1 is discarded The dependency with FPT_STM 1 is not relevant to the TOE correctness of time is of no use for the TOE objectives The dependency FCS_CKM 4 of FCS_COP 1 Offline Data Authentication is discarded The PM 1 amp PM 2 do not require any specific destruction method The dependency FCS_CKM 4 of FCS_COP 1 Application Cryptogram is discarded The PM 1 amp PM 2 do not require any specific destruction method The dependency FCS CKM 4 of FCS_COP 1 Script Processing is discarded The PM 1 amp PM 2 does not require any specific destruction method The dependency FCS CKM 4 of FCS COP 1 Messages Data Integrity is discarded The PM 1 amp PM 2 do not require any specific destruction method The dependency FCS CKM 4 of FCS COP 1 Messages Data Confidentiality is discarded The PM 1 amp PM 2 does not require any specific destruction method 6 3 3 2 SARs Dependencies Requirements CC Dependencies Satisfied Dependencies ADV_ARC 1 and ADV_FSP 4 and ADV_ARC 1 ADV FSP A ADV IMP 1 and ADV TDS 3 and ADV IMP 1 ADV TDS 3 AGD OPE 1 and AGD PRE 1 and AGD OPE 1 AGD PRE 1 ATE DPT 1 ATE DPT 1 ADV ARC 1 ADV FSP 1 and ADV TDS 1 ADV FSP 4 ADV TDS 3 ADV FSP 4 ADV TDS 1 ADV TDS 3 ADV IMP 1 ADV TDS 3 and ALC_TAT 1 ADV TDS 3 ALC TAT 1 AVA VAN 5 ADV TDS 3 ADV
49. 1_CCD_ASE Printed copy not controlled verify the Q version before using 133 Classification level Public Pages 7 TOE Summary Specification This section defines the summary specification 7 1 Security functions The F REACTION function allows to e Manage the policy of attack reaction according to the security violations e Manage the audit generation and review e Manage the automatic self tests The F CRYPTO OPERATION function allows to e Manage the creation and deletion of cryptographic keys e Manage the cryptographic operations e Manage the generation of secrets The F ACCESS AND FLOW_CONTROL function allows to e Manage the access control and rules for following operations o SELECT SET STATUS APPLICATION BLOCK and APPLICATION UNBLOCK VERIFY GENERATE AC READ RECORD PIN CHANGE UNBLOCK and OFFLINE CHANGE PIN COUNTER RESET PUT DATA o UPDATE RECORD e Manage the information flow control and rules for following operations o READ RECORD GENERATE AC o APPLICATION APPLICATION UNBLOCK PUT DATA UPDATE RECORD PIN CHANGE UNBLOCK 0000000 0 The F DATA IMPORT_EXPORT function allows to e Manage the import of data protected in term of integrity or confidentiality e Manage the export of data protected in term of integrity or confidentiality The F CUSTOMER AUTHENTICATION function allows to e Manage the customer authentication The F ISSUING BANK AUTHENTICATION function allows to e Manage the issuing bank authe
50. 32 ANTEGRITY iidem diet pt a i te s a ae iota ea es 55 43 3 FRAUDULENT PAYMENT us sscccecccecccunccuscuscnstensnensnensneetseensnsnansnesssessaessaussanstensneesnentns 56 4 3 4 DENIAL OF SERVICE iier EE dre M e E E EEE EEEE Er Haake 57 43 5 IDENTITY USURPATION eeee eere area eoni a hannah aaa aaa aa as 4E H4 AEREE EEEE 57 4 4 ORGANISATIONAL SECURITY POLICIES eeeeeeeeeeennen nennen nnne nnne rna narra nnn nan nnn nn nnn 58 44 1 HANDSET NN 58 4 4 2 MANAGEMENT te tape oy RR Va E a stistwtevedsivexsbasiuidvadelvagebaviavapeteeazedas 58 4 4 3 MERCHANT m E 59 44 4 DL qm M 59 4 5 ASSUMPTIONS iiss sen ene sensa cud Y NN ER ERXR EE E YAE eK EON ERVUR Qu d EXKVERY a VER Y SRVR DE VENV CN EXMRR VER 59 5 SECURITY OBJECTIVES 5nixica anis es uarias ax ausis axUa xa Ewn nare n2RYS Eun Eugwaa ina ER pani aRR RR 60 5 1 SECURITY OBJECTIVES FOR THE DOE sisse caet d vea v risa ve Lev re d rr e Sr D RR ER A P 60 5 1 1 TRANSACTION PROTECTION iiiie ii iei oaa raa o anna sa aa pana paa ea kA Y RAE ERA SAY REY ARE TARIS 60 5 12 AUTHENTICATION isa cee rd ea cea aa ua pha sva edd raa SER eR PER EAR RE PA ERA RR Yo AERA D 60 5 1 3 EXECUTION PROTEGTION iiieisexssnsceve ee ts satu npa sua Ve dea Ve e are VY A Egon HR Pads Ae EXPE YER 60 5 1 4 PATA PROTECTION idi dM eek ea Ed EE e REA rE rE 61 5 1 5 RISK MANAGEMENT i scececnvecuscennceucnsecnse
51. ACC 2 Post Issuance Bank Management Complete access control FDP ACC 2 1 Post Issuance Bank Management The TSF shall enforce the Post Issuance Bank Management Access Control SFP on Subjects S PAP S BANK TSM S MNO_ISD Objects Issuing Bank Transaction Data Issuing Bank Scripts PAP Counters PAP Keys PAP Selection and Activation Parameters PAP Transaction Parameters PAP Log File and all operations among subjects and objects covered by the SFP FDP_ACC 2 2 Post Issuance Bank Management The TSF shall ensure that all operations between any subject controlled by the TSF and any object controlled by the TSF are covered by an access control SFP Application Note What follows are all operations among subjects and objects covered by this SFP Counter Reset Audit Issuing Bank Script Processing FDP_ACC 2 PAP Offline Authentication Complete access control FDP_ACC 2 1 PAP Offline Authentication The TSF shall enforce the PAP Offline Authentication control access SFP on Subject S PAP Objects PAP Keys PAP Transaction Parameters PAP State Machine and all operations among subjects and objects covered by the SFP FDP_ACC 2 2 PAP Offline Authentication The TSF shall ensure that all operations between any subject controlled by the TSF and any object controlled by the TSF are covered by an access control SFP Application Note What follows are all operations among subjects and objects covered by this SFP
52. APPROVAL OE POS APPLICATIONS OSP BANKS PRIVILEGES OE BANKS PRIVILEGES E Table 9 OSPs and Security Objectives Coverage ST Applicable on February 2012 Page 75 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemalt x Reference ROR2 1486 00 1 CCD ASE Printed copy not controlled verify the O version before using Classification level Public Pages 133 Security Objectives Organisational Security Policies FOTRANSACTION UNIQUENESS FO TRANSACTION INTEGRITY O FO TTRANSACTION BYPASS O TRANSACTION REPLAY FouseR AU O FO1SsUNG BANK AUTH S omno AUHH OP FO AUTHORISATION CONTROL opaa DISCLOSURE 1 FODATANTEGRHY S opara USERS Fomsk wer oaee Bok Fosiw UNLOCK Foaup FocHANNES SSCs oar ACCESS focus AUTH OE CUSTOMER PC CONFI
53. Application FDP ACF 1 PAP Application FDP RIP 1 FIA AFL 1 Customer FIA ATD 1 FIA UAU 3 FIA UAU 4 FCS COP 1 Messages Data Integrity FCS COP 1 Messages Data Confidentiality FDP ACF 1 PAP Administration Management CASEN OLIH FDP ACF 1 PAP Payment Transaction Management FDP_ACC 2 PAP Administration Management FDP_ACC 2 PAP Payment Transaction Management FIA UAU 1 PAP Online Transaction FIA UAU 6 Customer FIA SOS 2 FMT SMR 1 FIA USB 1 FDP _ACC 2 PAP Application FDP ACF 1 PAP Application FDP _ETC 1 FIA ATD 1 FIA UAU 3 FIA UAU 4 FCS COP 1 Script Processing FCS COP 1 Messages Data Integrity FCS COP 1 Messages Data Confidentiality FDP ACC 2 PAP Activation FDP ACF 1 PAP Activation FDP ACF 1 Post Issuance Bank Management FIA AFL 1 Issuing Bank FDP ITC 1 FMT SMH 1 FDP ITC 2 Post Issuance Bank Management FDP ACC 2 PAP Administration Management FDP ACC 2 PAP Payment Transaction Management FDP ACC 2 Post lssuance Bank Management FDP ACF 1 PAP Administration Management FDP ACF 1 PAP Payment Transaction Management FIA SOS 2 FIA UAU 1 Post Issuance Bank Management FIA USB 1 FPT_TDC 1 O MNO AUTH ae by the U SIM platform O COMM FDP ACC 2 PAP Application FDP ACF 1 PAP Application FIA UAU 1 PAP Online Transaction FDP ACOC 2 PAP Activation FDP _ACF 1 PAP Activation FDP_ACF 1 PAP Administration Management FDP_ACF 1 PAP Payment Transaction Management FDP ACF 1 PAP Trans
54. CATES MNGT O APP BLOCK O USER AUTH O SIM UNLOCK O APP BLOCK OE POS DEACTIVATION T MERCHANT ACCOMPLICE OE MERCHANT AUTH OE POS APPLICATIONS OE POS APPROVAL O CHANNELS OE NFC PROTOCOL OE LATENCY CONTROL T MAN IN THE MIDDLE OE GUI INST ALERT OE TRANSACTION DISPLAY O USER AUTH O AUDIT ACCESS T STEALING ST Applicable on February 2012 Page 71 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemalt x Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the Q version before using Classification level Public Pages 133 Threats Security Objectives Rationale a es SN O DATA USERS OE TOE USAGE Section T TRANSACTION REPUDIATION O USER AUTH O AUDIT O DATA USERS OE CERTIFICATES MNGT O AUTHORISATION CONTROL O RISK MNGT T TRANSACTION COUNTERFEITING OE MERCHANT CONTROL O APP BLOCK O USER AUTH O AUDIT O TRANSACTION BYPASS O DATA DISCLOSURE O ISSUING BANK AUTH O TRANSACTION REPLAY O TRANSACTION UNIQUENESS O SIM UNLOCK O USER AUTH O TRANSACTION BYPASS O TRANSACTION INTEGRITY Section LGERTIF CORRUPTION O TRANSACTION UNIQUENESS O CHANNELS OE GUI INST ALERT Sudan T APPLICATIONS DOS OUSER AUTH T MNO USURPATION O MNO AUTH O TRANSACTION BYPASS m O ISSUING BANK AUTH Section T ISSUING BANK USURPATION O TRANSACTION BYPASS O USER AUTH OE GUIS TIMEOUT echoed T CUSTOMER USURPATION O AUDIT ACCESS 53
55. Co CREL Peelezien Et 18 1 6 3 3 Payment Bridge application e sees emn 18 1 6 3 4 Lua WEE 19 1 6 3 5 UICC Management Platform esee nemen nnne nennen nnn 19 1 6 3 6 Bank GUI Management Platform ieee nnne nnns 19 1 6 3 7 POS terminal STRE 19 1 6 3 8 POS Applicat M seica 19 1 6 3 9 Mobile Handset inaa aasan aaa ANa 19 1 6 3 10 Bank Ul dieit eine bd peneh euenit eter en nen aaa aries is den ea 19 16371 elc erence er creer er tere er tre rer er trcrrrer rere rr tecer er tren erence rer rere r rere rt 20 1 6 3 12 OTA Plattorttcsticssccsteccccotives ice veveticeidetiacsveeessceiivecddevieeiectideiiacdbbeanscatandeowernancdins 20 1 7 TOE DESCRIPTION NE 20 1 7 1 Physical scope of the TOE all hardware firmware software and guidance 20 1 7 1 1 Payment Application Package PAP eeeeee Hen 23 172 Logical scope of the TOE the logical security features offered by the TOE 24 1 7 2 1 Contactless Availability 2er rnnt saeia aaaea nana aa 24 1 7 2 2 Script Processing Module 2 rerit i an eene aneian aaa gas 24 1 7 2 3 Counters Management sessi innen nn nnn nnn nna 25 1 7 2 4 Counter Reset Processing Module eene 25 1 7 2 5 Transaction Log Module 2 1e ioter e trei noi ah nane Eyre RpI n aka RDe 25 1 7 2 6 Detect GUI Presence Module eesess
56. D OSP CUSTOMER PC CONFID LoEcu INST ALERT FoETOE UsAGE OSEE USAGE OEGUIS IDENTIFICATION OSP GUIS IDENTIFICATION FoEpoucy osePoucvy CS FoENFC PROTOCOL OE TRANSACTION DISPLAY FOE CHANNELS SELECTION Focus meor LOEMERCHANT CONTROL OSP MERCHANT CONTROL OEMERCHANTAUTH O FOELATENCY CONTROL OE POS APPROVAL OSP MERCHANT CONTROL OE POS APPLICATIONS OSP MERCHANT CONTROL FoEPos DEACTIVATION OECERTIFICATES MNGT OSPCERTIFICATES MNGT oeno vao osePsHNG OE BANKS PRIVILEGES OSP BANKS PRIVILEGES Table 10 Security Objectives and OSPs Coverage ST Applicable on February 2012 Page 76 133 No disclosure to a third party without prior written consent of Gemalto Reference ROR21486_001_CCD_ASE Release 1 01p Printed copy not controlled verify the version before using gemallo Classification level Public Pages 133 Assumptions Security Objectives for the Operational Environment Rationale A MERCHANT AUTH OE MERCHANT AUTH OE POS APPLICATIONS Section 5 3 3 Table 11 Assumptions and Security Objectives for the Operational
57. DIT_ACCESS This security objective is met by the following SFRs FAU_SAR 1 CUSTOMER which ensure that authorised users have the capability to read log files in a manner suitable for them to interpret the information 6 3 2 Rationale tables of Security Objectives and SFRs Security Objectives Security Functional Requirements Rationale FCS CKM 1 Session Keys FCS CKM 4 Session Keys FDP ACC 2 PAP Application FDP ACF 1 PAP Application FDP ETC 1 FDP IFC 2 PAP Offline Authentication FDP IFF 1 PAP Offline Authentication FDP UIT 1 FDP ACC 2 PAP Activation FDP ACF 1 PAP Activation FDP ACF 1 PAP Administration Management FDP ACF 1 PAP Payment Transaction Management FDP ACF 1 PAP Offline Authentication FDP ACF 1 Post Issuance Bank Management FDP ACF 1 PAP O TRANSACTION UNIQUENESS Transaction FDP IFC 2 PAP Offline Transaction FDP IFC 2 PAP Online Transaction FDP IFC 2 Post Issuance Bank Management FDP IFF 1 PAP Offline Transaction FDP IFF 1 PAP Online Transaction FDP IFF 1 Post Issuance Bank Management FDP ITC 1 FDP ACC 2 PAP Administration Management FDP _ACC 2 PAP Payment Transaction Management FDP_ACC 2 Post Issuance Bank Management FDP_ACC 2 PAP Offline Authentication FDP ACC 2 PAP Transaction FCS COP 1 Application Cryptogram FDP ACOC 2 PAP Application FDP ACF 1 PAP Application FDP ETC 1 FDP IFC 2 PAP Offline Authentication FDP ITC 2 Post Issuance Bank Management FDP ACC 2
58. DP ITC 1 and FDP ITC 2 Post Issuance Bank Management and FPT_TDC 1 ensure that security attributes are not exported and those related to Post Issuance Bank Management are covered FMT SMR 1 that associates the roles to the Issuing Bank FCS COP 1 Messages Data Integrity FCS COP 1 Messages Data Confidentiality FCS COP 1 Script Processing which ensure cryptographic support for authentication mechanisms EXECUTION PROTECTION O AUTHORISATION CONTROL This security objective is covered by the following SFRs Access and information flow control SFPs FDP ACC 2 PAP Application FDP_ACF 1 PAP Application FDP ACC 2 PAP Activation FDP_ACF 1 PAP Activation FDP ACF 1 PAP Administration Management FDP_ACF 1 PAP Payment Transaction Management FDP ACF 1 PAP Transaction FDP IFC 2 PAP Online Transaction FDP IFF 1 PAP Online Transaction FDP ACC 2 PAP Administration Management FDP_ACC 2 PAP Payment Transaction Management FDP ACC 2 PAP Transaction and FDP ITC 1 are enforced for authorisation requests and thus help in preserving the consistency of payment transactions FIA UAU 1 PAP Online Transaction which enforces users successful authentication to perform payment transactions as defined in the PM 1 amp PM 2 specifications DATA PROTECTION O DATA DISCLOSURE This security objective is satisfied by the following SFRs FDP RIP 1 that prevent residual information on the Personal Code and the PAP keys All access and information fl
59. Environment Coverage Security Objectives for the Operational Environment Assumptions FOECUSTOMER PC CONFID o o ocu INST ALERT LoETOE USAGE OEGUIS IDENTIFICATION rooy SSCS onec PROTOCOL SC LOETRANSACTION DISPLAY SCS LOECHANNELS SELECTION lt roEgus TIMEOUT LOEMERCHANT CONTROL LOEMERCHANT AUTH AMERCHANT AUTH lOELATENSY CONTROL lt oros APPROVAL O OE POS APPLICATIONS AMERCHANT AUTH OEPOS DEACTIVATION Sid OE CERTIFICATES MNGT novo CSS OEBANKS PRVLEGES SCS SSCS Table 12 Security Objectives for the Operational Environment and Assumptions ST Applicable on February 2012 Coverage No disclosure to a third party without prior written consent of Gemalto Page 77 133 Release 1 01p gemal x Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the O version before using Public 133 Classification level Pages 6 Security Requirements 6 1 Security Functional Requirements This section defines the security fonctional requirements SFR and the EAL It provides the rationale between security objectives and SFRs and the SFRs dependencies rationale The following two tables define the operations an
60. FSP 4 ADV FSP 4 AGD OPE ADV FSP 1 ADV FSP 4 AGD PRE 1 No Dependencies ed ALC_CMS 1 and ALC DVS 1 and ALC _CMS 4 ALC DVS Be ees AC EODD ALC LCD 1 ALC CMSA No Dependencies SCS ALC DELI NoDependencies O ooo ALC DVS2 NeDependenies Sid OCS ALC LCD No Dependencies Sid SOS ALC TAT ADVIMP 1 ADVME3 ASE_ECD 1 and ASE_INT 1 and ASE ECD 1 ASE INT 1 ASE ECD 1 No Dependencies O ASE INT 1 NoDependenies ASE OBJ2 ASE_SPD 1 ASESPD i U O ASE REQ 2 ASE ECD 1 and ASE OBJ 2 ASE SPD 1 No Dependencies ST Applicable on February 2012 Page 130 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal t x Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the Q version before using Sus 133 Classification level Public Pages Requirements CC Dependencies Satisfied Dependencies ADV FSP 1 and ASE_INT 1 and ADV FSPA ASE INT 1 pee DERI Ase REO ASE REQ 2 ATE COV 2 ADV FSP 2 and ATE FUN 1 ADV_FSP 4 ATE FUN 1 ADV ARC 1 and ADV TDS 2 and ADV ARC1 ADV TDS 3 ATE UPTL ATE FUNA ATE FUN 1 ATE FUN1 ATE COV 1 ATE COV 2 ADV_FSP 2 and AGD_OPE 1 and ADV FSP 4 AGD OPE 1 ATE IND 2 AGD_PRE 1 and ATE_COV 1 and AGD PRE 1 ATE COV 2 ATE FUN 1 ATE FUN 1 Table 16 SAR
61. February 2012 Page 29 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal x Reference ROR2 1486 001 CCD ASE Printed copy not controlled verify the O version before using 133 Classification level Public Pages LOCKED FROM INSTALLED INSTALLED LOCKED FROM SELECTABLE LOCKED FROM APPLICATION APPLICATION SPECIFIC STATES SPECIFIC STATE Figure 10 GP standard life cycle states SELECTABLE 1 7 5 Configurations Platform Orange NFC V2 G1 platform using ST33F1M x X N 1 Mastercard EMVCo s a 1 instance N 2 AEPM France WW i x X rance unt 1 instance 1 instance N 3 Brid x x T briage i n ae 1 instance 1 per MPP N 4 Bridge AEPM x x X X 4 Bridge s pd 1 instance 1 instance 1 per MPP In our case e the Mobile Paypass 1 0 application is considered as Secure APP e the PPSE Payez Mobile and Payment Bridge applications are considered as Standard APP ST Applicable on February 2012 Page 30 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal t X Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the Q version before using Classification level Public Pages 133 ST Applicable on February 2012 Page 31 133 No disclosure to a third party without prior written
62. February 2012 Page 78 133 No disclosure to a third party without prior written consent of Gemalto ROR21486_001_CCD_ASE Release 1 01p Printed copy not controlled verify the version before using Ito Reference Classification level Public Pages 133 Security Attributes Values Contactless Life Cvcle State INSTALLED ACTIVATED DEACTIVATED NON y ACTIVATABLE LOCKED U SIM Card Life Cycle Status SELECTED BLOCKED NOT BLOCKED PAP Transaction Processing Complies with PM 1 amp PM 2 and indicates results of transaction State processing steps Does not comply with PM 1 amp PM 2 PAP Transaction Parameters VERIFIED NOT VERIFIED CORRUPTED Integrity PAP Transaction Parameters State Issuing Bank risk management parameter value PAP Keys Integrity VERIFIED NOT VERIFIED CORRUPTED PAP Reference Personal Code BLOCKED UNBLOCKED State Systematic Personal Code ENABLED DISABLED State A al Personal Code VERIFIED NOT VERIFIED CORRUPTED VERIFIED NOT VERIFIED ALWAYS REQUESTED PAP Personal Code State REQUESTED AT THE NEXT PAYMENT PAP Personal Code Entry GREATER LESSER THAN PERSONAL CODE ENTRY LIMIT Amount VALUE PAP Customer Account VERIFIED NOT VERIFIED CORRUPTED Information Integrity PERMITTED Log entry data is present NOT PERMITTED PAP Selection and Activation VERIFIED NOT VERIFIED CORRUPTED Parameters Issuing Bank Transaction Data VERIFIED
63. I NoDependencies FIA UAU I PAE tining FIA_UID 1 FIA UID 1 PAP Online Transaction Transaction FIA UAU 1 Post Issuance FIA UID 1 Post Issuance Bank FIA_UID 1 Bank Managemen Management FA UMALLA Payman FIA_UID 1 FIA UID 1 Payment Transaction Transaction FIA UAU 4 No Dependencies FIA UAU 6 Customer No Dependencies Transaction FIA UID 1 Post Issuance Sank Matacamen No Dependencies FIA UID 1 Paymen No Dependencies Transaction FIA_USB 1 FIA_ATD 1 FIA_ATD 1 FIA SOS 2 No Dependencies EDP DAU T No Dependencies FDP_ACC 1 or t t FIA UAU 3 No Dependencies t t FDP ITC 2 Post Issuance Bank Management FDP ITC 2 PAP Transaction FDP ETC 1 ST Applicable on February 2012 FDP IFC 1 and FPT TDC 1 and FTP ITC 1 or FTP TRP 1 FDP ACC 1 or FDP IFC 1 and FPT TDC 1 and FTP ITC 1 or FTP TRP 1 FDP ACC 1 or FDP IFC 1 FDP ACC 2 Post Issuance Bank Management FDP IFC 2 Post Issuance Bank Management FTP ITC 1 FPT TDC 1 FDP ACOC 2 PAP Transaction FDP IFC 2 PAP Online Transaction FTP ITC 1 FPT_TDC 1 FDP ACC 2 PAP Application FDP ACC 2 PAP Activation FDP ACC 2 PAP Administration Management FDP_ACC 2 PAP Payment Transaction Management FDP ACC 2 Post Issuance Bank Management FDP ACC 2 PAP Offline Authentication FDP ACC 2 PAP Transaction FDP_IFC 2 PAP Offline Authentication FDP_IFC 2 PAP Offline Transaction
64. IFC 2 CM FDP IFF 1 CM FDP UIT 1 CM FIA UID 1 CM FMT MSA 1 CM FMT_MSA 3 CM FMT_SMF 1 CM FMT_SMR 1 CM FTP ITC 1 CM FPT RCV 3 OS FPT RCV 4 OS FCS COP 1 SHA2 X X X DX DX DX X LK DX DX 5X DX DX X gt X lt FCS COP 1 CRC ST Applicable on February 2012 No disclosure to a third party without prior written consent of Gemalto Page 50 133 gemalto Reference ROR21486 001 CCD ASE Release 1 01p Printed copy not controlled verify the version before using Classification level Public Pages 133 FCS HND 1 X FIA_SOS 2 FPT FLS 1 SecureAPI X FPT_ITT 1 SecureAPI X FPR UNO 1 SecureAPI X FMT _SMR 1 GemActivate X Not used FMT_SMF 1 GemActivate X Not used FMT MOF 1 GemActivate X Not used FMT MSA 1 GemActivate X Not used FMT MTD 1 GemaActivate X Not used FPT ITT 1 EMVUIiIAPI X FDP_SDI 1 EMVUtilAPI X Table 6 Compatibility of security functional requirements 3 7 Compatibility of security functional requirements for the environment Not applicable 3 8 Compatibility of assurance requirements The EAL4 chosen for the composite ST evaluation does not exceed the EAL4 applied to the evaluation of the platform ST ST Applicable on February 2012 No disclosure to a third party without prior written consent of Gemalto Page 51 133 Release 1 01p gemalt X
65. ISCLOSURE O DATA INTEGRITY O RISK MNGT O TRANSACTION UNIQUENESS O TRANSACTION INTEGRITY FDP IFF 1 PAP Online O TRANSACTION BYPASS Transaction O AUTHORISATION CONTROL O DATA DISCLOSURE O DATA INTEGRITY O RISK MNGT O TRANSACTION UNIQUENESS TRANSACTION INTEGRITY Por ga P TENE NEN e Saak Management O DATA DISCLOSURE O DATA INTEGRITY O RISK MNGT FAU GENS OAUDT Cryptogram O DATA INTEGRITY Integrit O DATA INTEGRITY Confidentialit O DATA DISCLOSURE Eers O DATA INTEGRITY EPT RPL1 O TRANSACTION REPLAY TRANSACTION INTEGRITY ST Applicable on February 2012 Page 123 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemalt x Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the Q version before using Classification level Public Pages 133 Security Functional Requirements O USER AUTH O ISSUING BANK AUTH FMT SMR 1 O DATA USERS O TRANSACTION BYPASS O USER AUTH FA APLU Customer O APP BLOCK O DATA USERS O TRANSACTION BYPASS FIA AFL 1 Issuing Bank O ISSUING BANK AUTH O APP BLOCK O DATA USERS FIA ATD 1 O USER AUTH O ISSUING BANK AUTH FIA UAU 1 PAP Online O TRANSACTION BYPASS O USER AUTH Transaction O AUTHORISATION CONTROL FIA UAU 1 Post Issuance O TRANSACTION BYPASS Bank Management O ISSUING BANK AUTH FIA FIA UAU 1 Payment FIA UAU 1 Payment O
66. Java Card System code No contradiction T CONFID JCS DATA The attacker executes an application to disclose data belonging to the Java Card System No contradiction T INTEG APPLI CODE The attacker executes an application to alter part of its own code or another application s code T INTEG APPLI CODE LOAD The attacker modifies part of its own or another application code when an application package is transmitted to the card for installation PAP code All T INTEG T TEMPORARY DATA PAP code ST Applicable on February 2012 No disclosure to a third party without prior written consent of Gemalto Page 34 133 Release 1 01p gemalt x Reference ROR2 1486 00 1 CCD ASE Printed copy not controlled verify the O version before using Classification level Public Pages 133 T INTEG APPLI DATA The attacker executes an application to alter part of another application s data All T INTEG T TEMPORARY_DATA T INTEG APPLI DATA LOAD The attacker modifies part of the initialization data contained in an application package when the package is transmitted to the card for installation All T INTEG T TEMPORARY_DATA T INTEG JCS CODE The attacker executes an application to alter part of the Java Card System code No contradiction T INTEG JCS DATA The attacker executes an application to alter part of Java Card System or API data T INTEG_SEL_ACT_PARAM
67. K MNGT O TRANSACTION UNIQUENESS O TRANSACTION INTEGRITY O TRANSACTION BYPASS O DATA DISCLOSURE O DATA INTEGRITY O TRANSACTION UNIQUENESS O TRANSACTION INTEGRITY O TRANSACTION BYPASS O DATA DISCLOSURE O DATA INTEGRITY O RISK MNGT O TRANSACTION UNIQUENESS O TRANSACTION INTEGRITY O TRANSACTION BYPASS O AUTHORISATION CONTROL O DATA DISCLOSURE O DATA INTEGRITY O RISK MNGT O TRANSACTION UNIQUENESS O TRANSACTION INTEGRITY O TRANSACTION BYPASS O DATA DISCLOSURE O DATA INTEGRITY O RISK MNGT FDP IFF 1 PAP Offline O TRANSACTION UNIQUENESS Authentication O TRANSACTION INTEGRITY Page 121 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal X Reference ROR2 1486_001_CCD_ASE Printed copy not controlled verify the O version before using Classification level Public Pages 133 Security Functional ce Requirements Security Objectives O TRANSACTION BYPASS O DATA DISCLOSURE O DATA INTEGRITY ST Applicable on February 2012 Page 122 133 No disclosure to a third party without prior written consent of Gemalto gemalt x Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the O version before using Release 1 01p Classification level Public Pages 133 poate his Security Objectives O TRANSACTION UNIQUENESS O TRANSACTION INTEGRITY a a A O TRANSACTION BYPASS O DATA D
68. Management FDP_ACC 2 Post Issuance Bank Management FDP_ACC 2 PAP Offline Authentication FDP ACC 2 PAP Transaction FDP ITC 2 PAP Transaction FCS COP 1 Offline Data Authentication FCS COP 1 Script Processing FPR UNO 1 FPT_TDC 1 ST Applicable on February 2012 Page 116 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemalt x Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the Q version before using Classification level Public Pages 133 Security Objectives Security Functional Requirements Rationale FAU ARP 1 FAU SAA 1 FDP ACC 2 PAP Application FDP ACF 1 PAP Application FDP DAU 1 FDP ETG 1 FDP IFGC 2 PAP Offline Authentication FDP IFF 1 PAP Offline Authentication FDP ITC 2 Post Issuance Bank Management FDP SDI 2 FDP UIT 1 FTP ITC 1 FPT TST 1 FMT MTD 1 Secrets FCS COP 1 Offline Data Authentication FCS COP 1 Application Cryptogram FCS COP 1 Script Processing FCS COP 1 Messages Data Integrity FDP ACOC 2 PAP Activation FDP ACF 1 PAP Activation FDP ACF 1 PAP Administration Management FDP_ACF 1 PAP Payment Transaction Management FDP ACF 1 PAP O DATA INTEGRITY Offline Authentication FDP ACF 1 Post Issuance Bank Management FDP ACF 1 PAP Transaction FDP IFC 2 PAP Offline Transaction FDP IFC 2 PAP Online Transaction FDP IFC 2 Post Issuance Bank Management FDP IFF 1 PAP Offline Transa
69. NOT VERIFIED CORRUPTED Integrity and Origin Issuing Bank Transaction Data Confidentiality Integrity and VERIFIED NOT VERIFIED CORRUPTED Origin PAP Action Analysis State Results of the PAP Action Analysis a VERIFIED NOT VERIFIED CORRUPTED Parameters Integrity ST Applicable on February 2012 No disclosure to a third party without prior written consent of Gemalto Page 79 133 Release 1 01p gemalt X Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the Q version before using Classification level Public Pages 133 6 1 1 ACCESS CONTROL POLICY FDP ACC 2 PAP Application Complete access control FDP ACC 2 1 PAP Application The TSF shall enforce the PAP Application Access Control SFP on S PAP PAP State Machine and all operations among subjects and objects covered by the SFP FDP ACC 2 2 PAP Application The TSF shall ensure that all operations between any subject controlled by the TSF and any object controlled by the TSF are covered by an access control SFP Application Note What follows are all operations among subjects and objects covered by this SFP PAP Selection PAP Activation Deactivation PAP Locking Unlocking Systematic Personal Code Activation Personal Code Presentation for Payment Personal Code Verification Log Update Log Heading Heference Personal Code Change Unblock Counter Reset Audit PAP Offline Data Authentication PAP Action Ana
70. OE CERTIFICATES MNGT also contributes in covering this threat by guaranteeing that certificates are updated and thus prevent from reusing a disclosed key T DISCLOSURE REF PC This threat is covered by the security objective O DATA DISCLOSURE which guarantees the secrecy of the Reference Personal Code stored in the TOE The security objectives O ISSUING BANK AUTH and O USER AUTH ensures that nobody but the Issuing Bank or the Customer can operate on the Personal Code 5 3 1 2 INTEGRITY T INTEG LOG FILE This threat is covered by the security objective O DATA INTEGRITY which prevents from unauthorised modification of log files stored in the TOE The security objectives O GUIS AUTH and O ISSUING BANK AUTH contribute in covering this threat by ensuring that only authorised users can get access to log files T INTEG KEYS This threat is covered by the security objective O DATA INTEGRITY which prevents from unauthorised modification of keys stored in the TOE The security objectives O USER AUTH O GUIS AUTH O MNO AUTH and O ISSUING BANK AUTH contribute in covering this threat by ensuring that only authorised users can get access to the TOE T INTEG ACCOUNT INFO This threat is covered by the security objective O DATA INTEGRITY which prevents from unauthorised modification of the customer account information stored in the TOE The security objectives O USER AUTH O GUIS AUTH and O ISSUING BANK AUTH contribute in covering this threat by ensuring
71. PAP Offline Data Authentication ST Applicable on February 2012 Page 82 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemalt x Reference ROR2 1486 00 1 CCD ASE Printed copy not controlled verify the O version before using Classification level Public Pages 133 FDP_ACC 2 PAP Transaction Complete access control FDP_ACC 2 1 PAP Transaction The TSF shall enforce the PAP Transaction Access Control SFP on Subject S PAP Objects Customer Account Information PAP Counters PAP Keys PAP State Machine PAP Transaction Parameters and all operations among subjects and objects covered by the SFP FDP_ACC 2 2 PAP Transaction The TSF shall ensure that all operations between any subject controlled by the TSF and any object controlled by the TSF are covered by an access control SFP Application Note What follows are all operations among subjects and objects covered by this SFP PAP Offline Data Authentication PAP Action Analysis PAP Offline Transaction PAP Online Transaction PAP Transaction processing is defined by above operations 6 1 2 ACCESS CONTROL FUNCTIONS FDP_ACF 1 PAP Application Security attribute based access control FDP_ACF 1 1 PAP Application The TSF shall enforce the PAP Application Access Control SFP to objects based on the following Security attributes of the object PAP State Machine Contactless Life Cycle St
72. PAP Transaction Parameters Issuing Bank Transaction Data and all operations that cause that information to flow to and from subjects covered by the SFP FDP IFC 2 2 PAP Online Transaction The TSF shall ensure that all operations that cause any information in the TOE to flow to and from any subject in the TOE are covered by an information flow control SFP Application Note What follows are all operations among subjects and objects covered by this SFP PAP Action Analysis PAP Online Transaction FDP IFC 2 Post Issuance Bank Management Complete information flow control FDP IFC 2 1 Post Issuance Bank Management The TSF shall enforce the Post Issuance Bank Management information flow control SFP on Subject S PAP Information Issuing Bank Transaction Data and all operations that cause that information to flow to and from subjects covered by the SFP FDP IFC 2 2 Post Issuance Bank Management The TSF shall ensure that all operations that cause any information in the TOE to flow to and from any subject in the TOE are covered by an information flow control SFP Application Note What follows are all operations among subjects and objects covered by this SFP Counter Reset Audit Issuing Bank Script Processing ST Applicable on February 2012 Page 90 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal t x Reference ROR2 1486_00 1_CCD_ASE Printed copy not contro
73. PAP Transaction Parameters State indicates a dynamic authentication process FDP ACF 1 3 PAP Offline Authentication The TSF shall explicitly authorise access of subjects to objects based on the following additional rules None FDP_ACF 1 4 PAP Offline Authentication The TSF shall explicitly deny access of subjects to objects based on the following additional rules following rule If one of the conditions listed in FDP_ACF 1 2 is not fulfilled FDP_ACF 1 PAP Transaction Security attribute based access control FDP_ACF 1 1 PAP Transaction The TSF shall enforce the PAP Transaction Access Control SFP to objects based on the following Security attributes of the object PAP State Machine PAP Transaction Processing State Security attributes of the subject S PAP Contactless Life Cycle State Security attributes of the object PAP Counters PAP Counters Integrity Security attributes of the object PAP Keys PAP Keys Integrity Security attributes of the object Customer Account Information PAP Customer Account Information Integrity PAN integrity Security attributes of the object PAP Transaction Parameters PAP Transaction Parameters Integrity FDP ACF 1 2 PAP Transaction The TSF shall enforce the following rules to determine if an operation among controlled subjects and controlled objects is allowed PAP Transaction processing is allowed only if ST Applicable on February 2012 Page 88 133 No disclosure to a thir
74. Platform 2 2 Specification GP GP CCCM GlobalPlatform Card Confidential Card Content Management Card specification v2 2 Amendment A Version 1 0 1 October2007 GP 4 GlobalPlatform Card Specification 2 2 UICC Configuration v1 0 GP 5 GlobalPlatform Card Amendment C v1 0 Guidance for Payment Application Package to write Security Target PAP AEPM ref CP 2011 RT 407 Version 1 0 2 Common Criteria for Information Technology Security Evaluation Part 1 Introduction ew and general model Version 3 1 Revision 3 July 2009 CCMB 2009 07 001 Common Criteria for Information Technology Security Evaluation Part 2 Security Sz functional requirements Version 3 1 Revision 3 July CCMB 2009 07 002 Common Criteria for Information Technology Security Evaluation Part 3 Security Misi assurance requirements Version 3 1 Revision 3 July 2009 CCMB 2009 07 003 Common Methodology for Information Technology Security Evaluation Evaluation GEM Methodology Version 3 1 July 2009 CCMB 2009 07 004 CPESC CCDB Composite product evaluation for Smart Cards and similar devices September 2007 Version 1 0 Revision 1 September 2007 CCDB 2007 09 001 Mobile MasterCard PayPass Mchip4 v1 0 April 2010MasterCard PayPass M CHIP MC PayPass _ version 13 September 2005 R gles et recommandations concernant le choix et le dimensionnement des DCSSI2741 m canismes cryptographiques de niveau de robustesse standard
75. Profile PP USIM Basic configuration The composite ST is the Mobile PayPass v1 0 given in present ST written from the AEPM s Guidance for Payment Application Package Security Target PAP The platform ST and composite ST developer is Gemalto The next sections show by mapping form that there is not conflict between security environments see 3 1 3 2 and 3 3 security objectives see 3 4 and 3 5 and security requirements see 3 6 3 7 and 3 8 of the composite ST and platform ST ST Applicable on February 2012 Page 33 133 No disclosure to a third party without prior written consent of Gemalto Reference ROR21486_001_CCD_ASE Release 1 01p Printed copy not controlled verify the version before using gemalto Classification level Public Pages 133 3 1 Compatibility of threats T PHYSICAL The attacker discloses or modifies the design of the TOE its sensitive data or application code by physical opposed to logical tampering means This threat includes IC failure analysis electrical probing unexpected tearing and DP analysis That also includes the modification of the runtime execution of Java Card All T DISCLOSURE loaded on the card modifies application data application keys or authentication data All T INTEG System GlobalPlatform or SCP software through alteration of the intended execution order of set of instructions through physical tampering techniques
76. RANSACTION DISPLAY T MAN IN THE MIDDLE OECHANNELS SELECTION OE GUIS TIMEOUT T TEMPORARY DATA T MAN IN THE MIDDLE T CUSTOMER USURPATION OE MERCHANT CONTROL T TRANSACTION COUNTERFEITING OE MERCHANT AUTH T MERCHANT ACCOMPLICE OE LATENCY CONTROL T MAN IN THE MIDDLE OE POS APPLICATIONS T MERCHANT ACCOMPLICE OE POS APPROVAL T MERCHANT ACCOMPLICE OE POS DEACTIVATION T MERCHANT ACCOMPLICE T DISCLOSURE KEYS T STEALING MESBULHERAEEE MEALL T TRANSACTION COUNTERFEITING OE Contactless life cycle MNGT OE NO VAD OE BANKS PRIVILEGES Table 8 Security Objectives and Threats Coverage ST Applicable on February 2012 Page 74 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal x Reference ROR2 1486 001 CCD ASE Printed copy not controlled verify the O version before using 133 Classification level Public Pages Organisational Security Policies OSP POLICY OE POLICY E J Section Section OSP CUSTOMER PC CONFID OE CUSTOMER PC CONFID solio OSP GUIS IDENTIFICATION OE GUIS IDENTIFICATION M Section OSP CERTIFICATES MNGT OE CERTIFICATES MNGT ecto Security Objectives Rationale OSP Contactless life Section cycle MNGT OE Contactless life cycle MNGT secuon cvcle MNGT OE Contactless life cycle MNGT OSP TOE USAGE OE TOE USAGE E Section OSP PISHING OE NO VAD Section OE MERCHANT CONTROL Section OSP MERCHANT CONTROL GEPOS
77. Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the Q version before using Classification level Public Pages 133 4 Security Problem Definition 4 1 Assets This section identifies the assets of the PAP protected by a combination of U SIM platform and PAP itself Note that the PAP code is an asset of the U SIM platform protected in integrity by means of JavaCard System access control In the following the description of each asset states the type of protection required 4 1 1 User data User data are created by and for the user These data do not affect the operation of the TSF The following assets are user data POS Transaction Data All data transmitted to the PAP from the POS terminal This includes Country Code Terminal Verification Result etc Protection integrity Issuing Bank Transaction Data All transaction data transmitted to the PAP by the Issuing Bank including Issuing Bank authentication data ARPC CDOL2 etc Protection integrity Issuing Bank Scripts All the scripts transmitted by the Issuing Bank to update PAP Transaction Parameters and PAP internal states Application Block Unblock Counter Reset Change Unblock the Personal Code etc Protection integrity MNO Data All data transmitted to the TOE by the MNO including the MNO authentication data Protection integrity PAP LogFile PAP Log File and its associated format under EMV rules This asset contains the
78. SA 3 1 The TSF shall enforce the following SFP to provide restrictive default values for security attributes that are used to enforce the SFP SFPs are e Post Issuance Bank Management Access Control SFP Information Control SFP PAP Application Access Control SFP PAP Activation Access Control SFP PAP Administration Management Access Control SFP PAP Payment Transaction Management Access Control SFP PAP Offline Authentication Access Control SFP Information Control SFP PAP Transaction Access Control SFP PAP Offline Transaction Information Control SFP PAP Online Transaction Information Control SFP FMT MSA 3 2 The TSF shall allow the Issuing Bank and MNO to specify alternative initial values to override the default values when an object or information is created FMT SMR 1 Security roles FMT SMR 1 1 The TSF shall maintain the roles Customer Issuing Bank MNO FMT SMR 1 2 The TSF shall be able to associate users with roles ST Applicable on February 2012 Page 99 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal x Reference ROR2 1486 00 1 CCD ASE Printed copy not controlled verify the O version before using 133 Classification level Public Pages 6 1 8 IDENTIFICATION AUTHENTIFICATION FIA_AFL 1 Customer Authentication failure handling FIA_AFL 1 1 Customer The TSF shall detect when Personal Code Try Counter Limit unsuccessful a
79. T TST 1 TSF testing FPT TST 1 1 The TSF shall run a suite of self tests at the conditions before PAP application usage to demonstrate the correct operation of PAP application FPT TST 1 2 The TSF shall provide authorised users with the capability to verify the integrity of Transaction Management Data TSF persistent data FPT TST 1 3 The TSF shall provide authorised users with the capability to verify the integrity of PAP application code Application Note e This is not TSF s self tests but points are covered by SFRs of the platform to verify the integrity of persistent data and to verify the integrity of PAP application code during loading and then covered by the composition with the platform e This FPT TST 1 is not useful to cover the security objectives of this document because already covered by FDP SFRs but writen here according to PAP FPT RPL 1 Replay detection FPT RPL 1 1 The TSF shall detect replay for the following entities Issuer Scripts and VERIFY commands FPT RPL 1 2 The TSF shall perform reject the replay and increase counter when replay is detected Application Note e if attack replay Issuer Scripts like PIN CHANGE UNBLOCK APPLICATION UNBLOCK UPDATE RECORD etc the replay will be rejected and SMI counter will be increased e if attack replay VERIFY PIN Enciphered command which he sniffed from line the replay will be rejected and Bad Crypto Counter will be increased ST Applicable
80. TH T INTEG KEYS T MNO USURPATION O DATA DISCLOSURE O DATA INTEGRITY O DATA USERS T DISCLOSURE KEYS T DISCLOSURE REF PC T INTEG LOG FILE T INTEG KEYS T INTEG ACCOUNT INFO T INTEG REF PC T INTEG TRANS PARAM T INTEG COUNT T TEMPORARY DATA T INTEG SEL ACT PARAM T TRANSACTION REPUDIATION T TRANSACTION COUNTERFEITING T STEALING O RISK MNGT T TRANSACTION COUNTERFEITING O APP BLOCK T STEALING T MERCHANT ACCOMPLICE T TRANSACTION COUNTERFEITING O SIM UNLOCK T MERCHANT ACCOMPLICE ST Applicable on February 2012 Page 73 133 No disclosure to a third party without prior written consent of Gemalto gemalto Reference Release ROR21486 001 CCD ASE version before using 1 01p Printed copy not controlled verify the Classification level Public Pages 133 Security Objectives PoE TRANSACTION REPLAY O AUDIT B T MAN IN THE MIDDLE O CHANNELS T APPLICATIONS DOS T MAN IN THE MIDDLE LLAUDIT AGGER T CUSTOMER USURPATION O GUIS AUTH T TRANSACTION REPUDIATION T TRANSACTION COUNTERFEITING T INTEG LOG FILE T INTEG KEYS T INTEG ACCOUNT INFO T INTEG REF PC T INTEG TRANS PARAM T INTEG COUNT T INTEG SEL ACT PARAM T APPLICATIONS DOS OE CUSTOMER PC CONFID T STEALING T MAN IN THE MIDDLE OE GUI INST ALERT T APPLICATIONS DOS T STEALING OE TOE USAGE T TRANSACTION REPUDIATION OE GUIS IDENTIFICATION OE POLICY OE NFC PROTOCOL T MAN IN THE MIDDLE OE T
81. TSF shall destroy cryptographic keys in accordance with a specified cryptographic key destruction method clearKey method that meet the following JCAPI222 Application Note e Same SFR than platform one ST Applicable on February 2012 Page 95 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemalt x Reference ROR2 1486 00 1 CCD ASE Printed copy not controlled verify the O version before using Classification level Public Pages 133 FCS_COP 1 Offline Data Authentication Cryptographic operation FCS COP 1 1 Offline Data Authentication The TSF shall perform Signature operation in accordance with a specified cryptographic algorithm RSA and cryptographic key sizes 176 bytes that meet the following PM 1 and PM 2 specification FCS_COP 1 Application Cryptogram Cryptographic operation FCS _COP 1 1 Application Cryptogram The TSF shall perform MAC CBC cryptogram generation in accordance with a specified cryptographic algorithm 3DES and cryptographic key sizes 16 bytes that meet the following PM 1 and PM 2 specifications FCS COP 1 Script Processing Cryptographic operation FCS COP 1 1 Script Processing The TSF shall perform Cryptogram generation in accordance with a specified cryptographic algorithm 3DES and cryptographic key sizes 16 bytes that meet the following PM 1 and PM 2 specifications FCS COP 1 Messages Data Integ
82. The security objectives for the TOE and its environment The security functional requirements for the TOE and its IT environment The TOE security assurance requirements The security functions and associated rationales 1 2 TOE reference TOE is the composition of applet on U SIM platform Gemalto Mobile PayPass 1 0 on Orange NFC v2 G1 Release A Mobile PayPass v1 0 1109398 Release A Orange NFC V2 G1 platform using ST33F1M 81105439 Release A And its guidances GUIDE NFC GUIDE ST Applicable on February 2012 Page 7 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal X Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the Q version before using Classification level Public Pages 133 1 3 Reference Materials Please refer to Part I Product Definition PM 1 Section 2 4 ST Applicable on February 2012 Page 8 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal t x Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the O version before using 133 Classification level Public Pages U SIM Java Card Platform Protection Profile Basic Configuration PP USIM V2 0 2 June 2010 Java Card System Protection Profile Open Configuration PP JCS Version 2 6 GP Global
83. a single persistent object or class field to be atomic and possibly a low level transaction mechanism 4 It allows the Java Card System to store data in persistent technology memory or in volatile memory depending on its needs for instance transient objects must not be stored in AllO ST Applicable on February 2012 No disclosure to a third party without prior written consent of Gemalto Page 41 133 Release 1 01p Printed copy not controlled verify the version before using Ito Reference ROR21486 001 CCD ASE Classification level Public Pages 133 non volatile memory The memory model is structured and allows for low level control accesses segmentation fault detection O SID The TOE shall uniquely identify every subject applet or package before granting it access to any service No contradiction O FIREWALL The TOE shall ensure controlled sharing of data containers owned by applets of different packages or the JCRE and between applets and the TSFs No contradiction O GLOBAL ARRAYS CONFID The TOE shall ensure that the APDU buffer that is shared by all applications is always cleaned upon applet selection The TOE shall ensure that the global byte array used for the invocation of the install method of the selected applet is always cleaned after the return from the install method No contradiction O GLOBAL ARRAYS INTEG The TOE shall ens
84. action FDP_IFC 2 PAP Online Transaction FDP_IFF 1 PAP Online Transaction FDP_ITC 1 FDP ACC 2 PAP Administration Management FDP_ACC 2 PAP Payment Transaction Management FDP_ACC 2 PAP Transaction FDP IFF 1 PAP Offline Authentication FDP IFC 2 PAP Offline Authentication FDP RIP 1 FDP ACC 2 PAP Application O DATA DISCLOSURE FDP ACF 1 PAP Application FDP ITC 2 Post Issuance Bank Management FDP _ETC 1 FAU ARP 1 FAU SAA FCS COP 1 Messages Data Confidentiality O ISSUING BANK AUTH O AUTHORISATION CONTROL ST Applicable on February 2012 Page 115 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal x Reference ROR2 1486_001_CCD_ASE Printed copy not controlled verify the Q version before using Classification level Public Pages 133 Security Functional Requirements Rationale FDP ACC 2 PAP Activation FDP ACF 1 PAP Activation FDP ACF 1 PAP Administration Management FDP_ACF 1 PAP Payment Transaction Management FDP_ACF 1 PAP Offline Authentication FDP ACF 1 Post Issuance Bank Management FDP_ACF 1 PAP Transaction FDP IFC 2 PAP Offline Transaction FDP IFC 2 PAP Online Transaction FDP IFC 2 Post Issuance Bank Management FDP IFF 1 PAP Offline Transaction FDP IFF 1 PAP Online Transaction FDP IFF 1 Post Issuance Bank Management FDP ITC 1 FDP ACC 2 PAP Administration Management FDP_ACC 2 PAP Payment Transaction
85. agng PAP installations Componte Product Integranon amp U SIM Platform Storage optional Point of delivery of the U SIM PAP Usage Card Mngt amp Payment Process Figure 8 TOE life cycle We refer to platform ST NFC ST for the definition of the U SIM Platform life cycle The personalization phase phase 6 includes the loading in pre issuance of the 3 Standards APP according to the product configuration i e PPSE Payez Mobile and Payment Bridge The life cycle of the PAP consists of consecutive stages e Development This stage is performed on behalf of the Issuing Bank in a secure development environment e Loading This stage may occur in phase 7 Loading in Phase 7 is post issuance e g using OTA means e Installation amp Personalization This stage may occur in phase 7 in the usage environment e Usage This stage occurs in phase 7 In PAP Usage phase the MNO and or the Issuing Bank may perform card management and PAP management activities such as updating parameters PAP blocking unblocking etc e Destruction At this stage the PAP is destroyed ST Applicable on February 2012 Page 26 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal t x Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the Q version before using Classification level Public Pages 133 We refer to plattor
86. al Code Change Unblock command Personal Code Entry Limit Update etc For a detailed description about the Script Processing Module refer to PM 2 section 8 3 ST Applicable on February 2012 Page 24 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal x Reference ROR2 1486 00 1 CCD ASE Printed copy not controlled verify the O version before using 133 Classification level Public Pages 1 7 2 3 Counters Management This module enables the update of limits and counters partial renewal The offline counters are updated during a payment transaction if it is accepted offline The counters are not updated if a transaction is completed online 1 7 2 4 Counter Reset Processing Module This module ensures that the CMP application counter limit is not exceeded When counters exceed their limit the CMP application requests an online authorization to finalize the transaction For more information about this process please refer to PM 2 Section 8 2 4 PM 6 1 7 2 5 Transaction Log Module During a payment transaction this module ensures that the data for the transaction are logged Moreover it allows the Bank GUI to retrieve the transaction log data for display purposes 1 7 2 6 Detect GUI Presence Module This module enables to detect the presence of the Bank GUI If the Bank GUI is not present the transaction cannot be executed 1 7 2 7 HCI Events Mana
87. anagement FDP ITC 2 PAP Transaction and FPT TDC 1 that cover the integrity of user data when imported and exported FAU ARP 1 that prevents and react from potential security violation FAU SAA 1 which specifies rules that preserve the integrity of log files FCS COP 1 Offline Data Authentication FCS COP 1 Script Processing FCS COP 1 Application Cryptogram and FCS COP 1 Messages Data Integrity that specify cryptographic algorithms that shall be used to ensure the integrity of transmitted data FDP DAU 1 that guarantees the validity of objects and information FDP SDI 2 which ensure that data integrity is controlled by the TSF FDP UIT 1 which guarantees the integrity of data exchanged from and to the TOE by detecting unauthorised modification of data FTP ITC 1 that requires a communication channel that guarantees the integrity of transmitted data FMT MSA 1 Issuing Bank and FMT_MSA 3 that protect the security attributes FMT MOF 1 Parameters and FMT MTD 1 Secrets that restrict the ability to modify TSF data and security functions to the Issuing Bank and thus protect their integrity FPT TST 1 covered by the Platform according to composition refer to application note of the SFR O DATA USERS This security objective is covered by the following SFR ST FMT SMR 1 which ensures that users are associated with roles and these roles are maintained by the TSF FIA UAU 1 PAP Online Transaction FIA_UAU 1 Payment Transaction FIA UAU 1
88. are Standard APP OSP APSD KEYS The APSD keys personalization can rely either on the key escrow if the APSD has been created before the usage phase of the U SIM card or on the CA if the APSD has been created during the usage phase No contradiction OSP OPERATOR KEYS The security of the mobile operator keys ISD keys must be ensured by a well defined security policy that covers generation storage distribution destruction and recovery This policy is enforced by the mobile operator in collaboration with the personalizer No contradiction OSP KEY GENERATION The personalizer must enforce a policy ensuring that generated keys cannot be accessed in plaintext No contradiction OSP CASD KEYS The security domain keys of the CA must be securely generated and stored in the U SIM card during the personalization process These keys are not modifiable after card issuance No contradiction OSP VASD KEYS The security domain keys of the VA must be securely generated and stored in the U SIM card during the personalization process No contradiction Mobile Paypass 1 0 application is Secure APP OSP KEY CHANGE The AP shall change its initial security domain keys APSD before any operation on its Security Domain No contradiction OSP SECURITY DOMAINS Security domains can be dynamically created deleted and blocked during usage phase in post issuance mode No contradiction
89. at payment terminals accepting Payez Mobile payment transactions are approved by a reference body and that the contactless payment applications embedded in the POS terminal is protected in integrity and authenticity T MAN IN THE MIDDLE This threat is covered by the following security objectives O CHANNELS that provides the means to identify the origin of a communication request intended to be routed by a specific communication channel which decrease the probability of realizing such attacks O USER AUTH contributes in covering this threat by ensuring that the customer is authenticated before performing a payment transaction O AUDIT ACCESS grants the customer access to log files in order to check the history of payment transactions so that he can check if no fraudulent transaction has been made O AUDIT records transaction to support security management ST Applicable on February 2012 Page 66 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal x Reference ROR2 1486 00 1 CCD ASE Printed copy not controlled verify the O version before using 133 Classification level Public Pages OE LATENCY_CONTROL which ensure that the POS terminal implements time out mechanisms that disables NFC transactions with low latency and thus detects such attack OE NFC_PROTOCOL which ensures that payment transactions are disabled beyond a given distance OE GUI_INST_ALERT which guaran
90. ate U SIM Card Life Cycle Status ST Applicable on February 2012 Page 83 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal x Reference ROR2 1486 00 1 CCD ASE Printed copy not controlled verify the O version before using Public 133 Classification level Pages FDP_ACF 1 2 PAP Application The TSF shall enforce the following rules to determine if an operation among controlled subjects and controlled objects is allowed PAP operations are allowed only if the Contactless Life Cycle State is ACTIVATED or DEACTIVATED U SIM Card Life Cycle Status is NOT BLOCKED FDP_ACF 1 3 PAP Application The TSF shall explicitly authorise access of subjects to objects based on the following additional rules none FDP_ACF 1 4 PAP Application The TSF shall explicitly deny access of subjects to objects based on the following additional rules If one of the conditions listed in FDP_ACF 1 2 is not fulfilled FDP_ACF 1 PAP Activation Security attribute based access control FDP_ACF 1 1 PAP Activation The TSF shall enforce the PAP Activation Access Control SFP to objects based on the following Security attributes of the subject S PAP Contactless Life Cycle State Security attributes of the object PAP Selection and Activation Parameters PAP Selection and Activation Parameters Security attributes of the object PAP Transaction Parameters PAP Transaction Pa
91. cation This policy shall ensure the consistency between the export files is Secure APP used in the verification and those used for installing the verified PPSE Payez Mobile and file The policy must also ensure that no modification of the file is er erformed in between its verification and the signing by the aymeni Bridge applications dL gning Dy are Standard APP verification authority ALC comp OSP Secure API The TOE must contribute to ensure that application can optimize No contradiction control on its sensitive operations using a dedicated API provided by TOE TOE will provide services for secure array management and to detect loss of data integrity and inconsistent execution flow and react against tearing or fault induction The Secure APIs are used by composite TOE OSP RND This policy shall ensure the entropy of the random numbers provided by the TOE to applet using JCAPI is sufficient Thus No contradiction attacker is not able to predict or obtain information on generated numbers OSP JCAPI Services This policy shall ensure that hashing and checksum security o services defined in JCAPI provided by the TOE to applet is No contradiction secure Thus attacker is not able to predict or obtain information on manipulated data OSP TRUSTED APPS DEVELOPER There are application developers as Gemalto considered as trusted by platform issuer and application providers The No contradiction confidence i
92. ciation between the security attributes and the user data received FDP ITC 2 4 PAP Transaction The TSF shall ensure that interpretation of the security attributes of the imported user data is as intended by the source of the user data FDP ITC 2 5 PAP Transaction The TSF shall enforce the following rules when importing user data controlled under the SFP from outside the TOE the Issuing Bank Transaction Data are verified in origin and integrity and confidentiality if required following PM 1 and PM 2 specifications ST Applicable on February 2012 Page 104 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal t x Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the Q version before using 133 Classification level Public Pages FDP ETC 1 Export of user data without security attributes FDP ETC 1 1 The TSF shall enforce the TOE s Access Control and Information Flow Control SFPs all when exporting user data controlled under the SFP s outside of the TOE FDP ETC 1 2 The TSF shall export the user data without the user data s associated security attributes FDP ITC 1 Import of user data without security attributes FDP ITC 1 1 The TSF shall enforce the Access Control and Information Flow Control SFPs all except those enforced in FDP ITC 2 Post Issuance Bank Management and FDP ITC 2 PAP Transaction when importing use
93. cnuccsersnessnusaensanssenscansnensneecsaegeuensersuersensaensans 61 5 1 6 cimcEE eee 62 5 2 SECURITY OBJECTIVES FOR THE OPERATIONAL ENVIRONMENT eene nnn nnn nnn nnn 62 5 2 1 HANDSET PA AAA E A E A E 62 5 2 2 uique ng ninar Senge an ees 63 5 2 3 MANAGEMENT isisiseiiuse ed sessanta v Yu WE ARE XR ERR ERE Dan MR Fade v M RE EXE 63 5 2 4 BANK icici inti eel ea Oe A Ae 64 5 3 SECURITY OBJECTIVES RATIONALE esee nennen nnne nena rn nan n na nna agas a ai raise nna nean nn nn 64 5 3 1 YEelsc AE EEN O ETAN E NN 64 5 3 1 1 biceKelU i P 64 5 3 1 2 I gztoiupce e Rm 64 5 3 1 3 FRAUDULENT PAYMENT sccceccceccceeceeecseecueeaseceseeseenaesnseeeeeeeeeseeesauseetsegessesagens 66 5 3 1 4 DENIAL OF SERVICE eese ener nenne raa sa dae ana nn n nn 68 5 3 1 5 IDENTITY USURPATIQON i vdireoska doa uses civdsdandancaawaeae a E R 69 5 322 Organisational Security Policies essei isis h inihi enne nnn 69 5 3 2 1 HANDSET ax a a a rx Pa rl den arca e Ra E E V EE e E er La AG 69 5 3 2 2 MANAGEMENT idus in xu dives ke s a era ca a ee rca a de ra T va voa Eva Fa d C era a E T ER uae vine 69 5 3 2 3 MERCHANT 70 ST Applicable on February 2012 Page 3 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p
94. ction FDP IFF 1 PAP Online Transaction FDP IFF 1 Post Issuance Bank Management FDP ITC 1 FDP ACC 2 PAP Administration Management FDP_ACC 2 PAP Payment Transaction Management FDP ACC 2 PAP Offline Authentication FDP ACC 2 PAP Transaction FDP ITC 2 PAP Transaction FDP ACOC 2 Post Issuance Bank Management FMT MOF 1 Parameters FMT MSA 1 Issuing Bank FMT MSA 3 FPT_TDC 1 FMT SMH 1 FIA UAU 1 PAP Online O DATA USERS Transaction FIA UAU 1 Payment Transaction FIA UAU 1 Post Issuance Bank Management FIA AFL 1 Customer FIA AFL 1 Issuing Bank FDP UIT 1 FMT MSA 2 FDP ACC 2 PAP Transaction FDP ACF 1 PAP Transaction O RISK MNGT RISK MNGT FDP IFC 2 PAP Offline Transaction FDP IFF 1 PAP Offline Transaction FDP IFC 2 PAP Online Transaction FDP IFF 1 PAP Online Transaction FIA AFL 1 Issuing Bank FDP ACC 2 PAP Administration Management FDP ACF 1 PAP O APP BLOCK Administration Management FIA UAU 1 Post Issuance Bank Management FIA UID 1 Post Issuance Bank Management O SIM UNLOCK FIA UAU 1 Payment Transaction FIA UID 1 Payment Transaction FAU GEN 1 FAU SAR 1 CUSTOMER DAUDIT FAU_SAR 1 ISSUING BANK O CHANNELS FMT SMF 1 Functionalities T AppkabeonFebuay20122 5 Rage 2 117 133 on February 2012 Page 117 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal x Reference ROR2 1486_001_CCD_ASE Printed copy not controlled verif
95. d debit cards The contactless payment application targeted is the Mobile PayPass v1 0 application according to MasterCard specifications 1 6 3 Required non TOE hardware software firmware This action describes the hardware software or firmware present in the environment of the TOE and that are required to have a functional correct usage of the TOE For a detailed description see PM 2 Section 2 2 ST Applicable on February 2012 No disclosure to a third party without prior written consent of Gemalto Page 17 133 Release 1 01p gemalt x Reference ROR2 1486 00 1 CCD ASE Printed copy not controlled verify the O version before using Classification level Public Pages 133 The non TOE hardware software firmware required by the U SIM platform e g Bytecode verifier are also required by the TOE More precisely all applications must follow the rules given inside guidances for Upteq M NFC certified product D1186227 amp D1188231 Next paragraphs below describe the items required in the environment of the product but not required for secure usage of the TOE 1 6 3 1 Payez Mobile Application AEPM CREL Application The Payez Mobile application is a CREL Contactless Registry Event Listener application according to Global Platform Amendment C GP 5 The Payez Mobile application applies the Payez Mobile business logic consisting to have only one activated Payment Application Package at a time
96. d party without prior written consent of Gemalto Release 1 01p gemalt x Reference ROR2 1486 00 1 CCD ASE Printed copy not controlled verify the O version before using Classification level Public Pages 133 U SIM Card Life Cycle Status is SELECTED Contactless Life Cycle State ACTIVATED PAP Transaction Processing State complies with Transaction Flows PAP Counters Integrity is VERIFIED PAP Counters State is not BLOCKED PAP Customer Account Information Integrity is VERIFIED PAP Risk Management Parameters Integrity is VERIFIED FDP_ACF 1 3 PAP Transaction The TSF shall explicitly authorise access of subjects to objects based on the following additional rules None FDP_ACF 1 4 PAP Transaction The TSF shall explicitly deny access of subjects to objects based on the following additional rules following rule If one of the conditions listed in FDP_ACF 1 2 is not fulfilled 6 1 3 INFORMATION FLOW CONTROL POLICY FDP IFC 2 PAP Offline Authentication Complete information flow control FDP IFC 2 1 PAP Offline Authentication The TSF shall enforce the PAP Offline Authentication information flow control SFP on Subjects S PAP Information PAP Transaction Parameters and all operations that cause that information to flow to and from subjects covered by the SFP FDP IFC 2 2 PAP Offline Authentication The TSF shall ensure that all operations that cause any information in the TOE to flow to a
97. d security attributes involved in the Access Control and Information Control Policies for the product The subjects objects and information are given together with the definition of each particular policy Operation Access Control SFP RUN Le onena PAP Application PAP PAP Activation Deactivation PAP Application PAP PAP Locking Unlocking Administration Management Systematic Personal Code PAP Application PAP Activation Administration Management Personal Code Presentation for PAP Application PAP Payment Payment Transaction Management PAP Application PAP Payment Personal Code Verification Transaction Management PAP Application PAP Payment Log Update Transaction Management PAP Application PAP bog reading Administration Management LF Reference Personal Code PAP Application PAP Change Unblock Administration Management Counter Reset PAP Application Post Issuance Post lssuance Bank Bank Management Management PAP Application Post Issuance Post Issuance Bank PAP Application PAP Offline PAP Offline Data Authentication Authentication PAP PAP Offline Authentication Transaction PAP Application PAP PAP Offline Transaction PAP Application PAP PAP Offline Transaction PAP Offline Transaction PAP Application PAP PAP Online Transaction Transaction PAP Online Transaction Issui Post Issuance Bank Post Issuance Bank ssuing Bank Script Processing Management Management ST Applicable on
98. data exchanged from and to the TOE by detecting unauthorised modification and replayed transactions Al O TRANSACTION_INTEGRITY This security objective is met by the following SFRs All access and information flow control SFPs FDP_ACC 2 PAP Application FDP_ACF 1 PAP Application FDP_IFC 2 PAP Offline Authentication FDP_IFF 1 PAP Offline Authentication FDP_ACC 2 PAP Activation FDP_ACF 1 PAP Activation FDP_ACF 1 PAP Administration Management FDP_ACF 1 PAP Payment Transaction Management FDP ACF 1 PAP Offline Authentication FDP_ACF 1 Post Issuance Bank Management FDP ACF 1 PAP Transaction FDP IFC 2 PAP Offline Transaction FDP IFC 2 PAP Online Transaction FDP IFC 2 Post Issuance Bank Management FDP IFF 1 PAP Offline Transaction FDP_IFF 1 PAP Online Transaction FDP IFF 1 Post Issuance Bank Management FDP ACC 2 PAP Administration Management FDP ACC 2 PAP Payment Transaction Management FDP ACC 2 Post lssuance Bank Management FDP ACC 2 PAP Offline Authentication FDP ACC 2 PAP Transaction FDP_ETC 1 FDP ITC 1 FDP ITC 2 PAP Transaction FDP ITC 2 Post lssuance Bank Management FPT TDC 1 and FDP UIT 1 are enforced for transactions and thus help in preserving the integrity of a transaction The SFRs FMT_MOF 1 Parameters FMT MSA 1 Issuing Bank and FMT MSA 3 contributes in covering this security objective by restricting the modification of parameters to the Issuing Bank O TRANSACTION BYPASS This security
99. de timeout session When the defined number of unsuccessful authentication attempts has been surpassed the GUI shall request the Personal Code again 5 2 2 MERCHANT OE MERCHANT CONTROL In particular a specific security policy shall be established by the Acquirer regarding the secure usage of the POS by controlling the Merchants transactions flow in order to detect suspicious behavior Application Note For instance by controlling Merchants accepting small payments amounts OE MERCHANT AUTH The merchant shall subscribe for a contract that guarantees his authenticity OE LATENCY CONTROL The POS terminal shall implement time out mechanisms that disable NFC transactions with low latency OE POS APPROVAL Payment terminals accepting Payez Mobile payment transactions shall be approved by a reference body OE POS_APPLICATIONS The contactless payment applications embedded in the POS terminal shall be protected in integrity and authenticity Application Note For instance those applications are signed by a trusted third party and their signature is checked during installation process OE POS DEACTIVATION Any POS terminal may be rendered inoperative remotely by the POS purchaser or the Acquirer 5 2 3 MANAGEMENT OE CERTIFICATES MNGT The lifetime of the EMV CDA authentication certificates with the payment terminal shall be variable according to the type of the payment application transaction amount application lifeti
100. diction OE APPS PROVIDER The AP shall be a trusted actor that provides standard or secure application He must be responsible of his security domain keys No contradiction OE VERIFICATION AUTHORITY The VA should be a trusted actor who is able to guarantee and check the digital signature attached to an application No contradiction OE CONTROLLING AUTHORIT Y The CA shall be a trusted actor responsible for securing the APSD keys creation and personalisation He must be responsible for his security domain keys CASD keys No contradiction OE SECURE APPS CERTIFICATION Secure applications must be evaluated and certified at a security level higher or equal than the one of the current Protection Profile No contradiction OE BASIC APPS VALIDATION Standard applications must be analysed during the validation process in order to ensure that the rules for correct usage of the TOE are still enforced No contradiction OE SHARE CONTROL All applications standard and secure applications must have means to identify the applications with whom they share data using the Shareable Interface No contradiction OE AID MANAGEMENT The VA or the MNO shall verify that the AID of the application being loaded does not impersonate the AID known by another application on the card for the use of shareable services No contradiction OE OTA LOADING Application code validated or certified depending
101. e APSD keys creation and personalization He is responsible for his security domain keys CASD keys A APPLET Applets loaded post issuance do not contain native methods The Java Card specification explicitly does not include support for native methods JCVM222 83 3 outside the API AGD comp AGD comp A VERIFICATION All the bytecodes are verified at least once before the loading before the installation or before the execution depending on the card capabilities in order to ensure that each bytecode is valid at execution time None AGD comp Table 3 Compatibility of assumptions ST Applicable on February 2012 No disclosure to a third party without prior written consent of Gemalto Page 40 133 Release 1 01p gemal x Reference ROR2 1486_001_CCD_ASE Printed copy not controlled verify the O version before using Pages 133 Classification level Public 3 4 Compatibility of TOE security objectives O CARD MANAGEMENT The TOE shall provide card management functionalities loading installation extradition deletion of applications and GP registry updates in charge of the life cycle of the whole U SIM card and installed applications applets The card manager the application with specific rights responsible for the administration of the smart card shall control the access to card management functions It shall also implement the card issuer s
102. e 16 SARS Dependencies s ies cesvevessevesvsacsvevdsssevasssctseevecstevedveachecvdesttvessscleeevessbevedseacseeveeste 131 ST Applicable on February 2012 Page 6 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal x Reference ROR2 1486 001 CCD ASE Printed copy not controlled verify the O version before using Public Pages 133 Classification level 1 Introduction This document written from the AEPM s Guidance for Payment Application Package Security Target PAP provides a list of security requirements for a Payment Application Package PAP embedded in a U SIM card as specified in PM specifications This document is the Security Target for the Mobile PayPass 1 0 on Orange NFC V2 G1 a Gemalto specific implementation of a TOE This Product specific fulfills the generic security requirements given in this security target in order to ensure End users Orange Mobile Network Operator MNO and Issuing Banks trust 1 1 ST reference Mobile PayPass 1 0 on Orange NFC V2 G1 Security Target ROR21486 001 CCD ASE 1 01p February 23 2012 Gemalto THALES CEACI ANSSI CC 3 1 revision 3 Release This Security Target describes e The Target of Evaluation TOE e The assets to be protected the threats to be countered by the TOE itself during the usage of the TOE The organizational security policies and the assumptions
103. e Paypass 1 0 application is Secure APP OSP BASIC APPS VALIDATION Standard applications shall be associated to a digital signature which will be checked by a VA during the loading into the TOE In addition to the rules stated by the Java Card specification the validation process must enforce that standard applications e must follow the extra rules stated in the user manual of the considered U SIM Java Card Platform e cannot be libraries e must not use RMI e must not use proprietary libraries which are not certified except system libraries e access control to certified proprietary libraries is controlled by the secure application which has defined the library e must be associated to an identifier and this identifier has to be used in parameter of the function calls See Standard APP for more details on the validation process No contradiction PPSE Payez Mobile and Payment Bridge applications are Standard APP OSP SHARE CONTROL The Shareable interface functionality should be strictly controlled for all applications to prevent transitive data flows between applets i e no resharing of a shareable object with a third applet and thus prevent access to unauthorized data No contradiction OSP AID MANAGEMENT When loading an application that uses shareable object interface to make its services available to other applications the VA or the MNO shall verify that the AID of the application being
104. e application is to allow a MIDlet to interact with a Mobile Paypass 1 0 banking application Installed in a NFC enabled UICC its role is to manage the interactions with a MIDlet and the Payment application through Shareablelnterface With an event initiated by the user or by the OTA server the Service Providers MIDlet will be in measure to interact with the applets by sending APDUS through the I O channel of the SIM APDUs sent to the SIM will be controlled by the JSR177 layer of the handset Within the SIM the Payment Bridge applets act as a proxy between the Service Provider MIDlet on one side and the payment application on the other side Not to be confused with the Payment Application Package PAP 5 One shot payment The CMP application that is not active by default selected by the Customer is used only for the current payment transaction ST Applicable on February 2012 Page 18 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal x Reference ROR2 1486 00 1 CCD ASE Printed copy not controlled verify the O version before using 133 Classification level Public Pages 1 6 3 4 Bank TSM This is a platform providing functions for transport encryption to manage the Bank Supplementary Security Domain Bank SSD by establishing a dedicated secure channel for management commands and data When using Delegated Management DM mode it also provides functions to
105. e state changed to the value DEACTIVATED Please refer to GlobalPlatform GP for more information ACTIVATED DEACTIVATED NON ACTIVATABLE Figure 9 Contactless life cycle states Steps Description 1 Another CMP Application is ACTIVATED 2 A Customer sets an application from DEACTIVATED to ACTIVATED via the function Define a CMP application 3 A Customer sets an application from ACTIVATED to DEACTIVATED via the function Deactivate a CMP application 4 The CMP application is blocked by the Issuing Bank NON ACTIVATABLE Three wrong personal codes have been entered by the Customer the application is automatically blocked NON ACTIVATABLE Personal Code unblock is required to unblock the CMP application 6 The CMP Application is unblocked by the Issuing Bank The Personal Code is unblocked by the Issuing Bank 1 7 4 2 GP standard life cycle The life cycle status is the representation of the GP life cycle compliant with GP The GP standard life cycle is composed of states e INSTALLED state corresponds to the status of the PAP after its installation In this state the PAP can also be personalized for instance with the Personal Code of the customer e SELECTABLE state that means that the Application is able to receive commands from off card entities e LOCKED state which is a reversible state in which the PAP is NON SELECTABLE and its services are temporarily blocked ST Applicable on
106. e time is logged only for accepted rejected transaction For online transaction date time will not record e The only type of event is payment transaction e The records are given in FAU_SAR 1 CUSTOMER and FAU_SAR 1 ISSUING_BANK FAU_SAR 1 CUSTOMER Audit review FAU SAR 1 1 CUSTOMER The TSF shall provide U CUSTOMER with the capability to read the following audit information Purchase Amount Purchase Currency Transaction Date Cryptogram Information Data Application Transaction Counter Card Verification Results from the audit records FAU SAR 1 2 CUSTOMER The TSF shall provide the audit records in a manner suitable for the user to interpret the information FAU SAR 1 ISSUING BANK Audit review FAU SAR 1 1 ISSUING BANK The TSF shall provide U ISSUING BANK with the capability to read all available information from the audit records FAU SAR 1 2 ISSUING BANK The TSF shall provide the audit records in a manner suitable for the user to interpret the information 6 1 5 CRYPTOGRAPHIC SUPPORT FCS CKM 1 Session Keys Cryptographic key generation FCS CKM 1 1 Session Keys The TSF shall generate cryptographic keys in accordance with a specified cryptographic key generation algorithm PAP Session Keys Derivation and specified cryptographic key sizes 16 bytes that meet the following PM 1 and PM 2 standard FCS CKM 4 Session Keys Cryptographic key destruction FCS CKM 4 1 Session Keys The
107. eeeeeeneeeenen enne nnne nnns 25 1 7 2 7 HCI Events Manager Module eene nennen nnn nnn 25 1 7 2 8 Over The Air OTA Capabilities eene 25 1 723 Overview of the TOE Life Cycle Luise eee eene nennen nna haha hh haha haus aa aa MEAE E HR H4 242222224 26 1 7 3 1 TOE role and environment sssessseseeeeeeee eene enne nnne nnn nnne nn nnne nn nnne 27 i74 PAPorn catulfecVeoe i htt inuenire A Fare yo ea ep uu n paa abe esa EERE 28 1 7 4 1 Contactless lite CV Cle e E 28 1 7 4 2 GP standard life CYCIC cet ete er enc ede nennen enne Ea nennen nnne nna 29 LZ5 COnlg rlatiQns eP PPE T eer rr n XR REA TPE CTECPTEPEPLTTTCEPPCCPETEPTOCTTTEPTECPTPETT TTT CET 30 2 CONFORMANCE CLAIM c ce cteee te 32 2 1 CG CONFORMANCE CLAIM 22 525 thi norte devices doeet Ed eec Patna E2o da cas caused ae ex d R2 onu e aS 32 2 2 JPP AND PACKAGE CLAIM 3 63 rene sete ERR Ere eee Exo o REA XE Oi E Ree ere XV a Cu EROR detssncecdsctuuedersencectectass 32 3 STATEMENT OF COMPATIBILITY enisi erneuern nn 33 3 1 COMPATIBILITY OF THREATS iai xis rx eae rs xi aa Ex e ce EX XR Rer a Da E EE R REX ER Re RR EE REA R aver RR Eua 34 ST Applicable on February 2012 Page 2 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemalt x Reference ROR2 1486 00 1 CCD ASE Printed copy not controlled ve
108. el information messages exchanged between the UICC Management Platform or the Bank TSM and a U SIM 1 7 TOE description 1 7 1 Physical scope of the TOE all hardware firmware software and guidance U SIM Secure Basic Applets Applets Applets GP Java Card System JCRE JCVM JC API Native proprietary applications I I l I I I I I I I I I I I I i 1 1 I l l l U SIM Card Figure 4 TOE physical scope like in PAP ST Applicable on February 2012 Page 20 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal x Reference ROR2 1486 001 CCD ASE Printed copy not controlled verify the O version before using Classification level Public Pages 133 Standard APP Secure APP Figure 5 TOE logical boundaries ST Applicable on February 2012 Page 21 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal X Reference ROR2 1486 001 CCD ASE Printed copy not controlled verify the O version before using Classification level Public Pages 133 2 Standard oc Class applet 13 2 Telecom applet Toolkt applet TSF enforcing USIM SIM UICC RAM RFM inked to ISD Figure 6 Major TOE items and scope The physical interfaces are those described in the platform ST NFC ST ST Applicable on February 2012 Page 22 133 No disclosure to a
109. ended to be routed by a specific communication channel which decrease the probability of realizing such attacks O USER AUTH contributes in covering this threat by ensuring that the customer is authenticated before performing a payment transaction OE GUI INST ALERT which guarantees the legitimacy of installed GUIs O GUIS AUTH which ensures that the GUIs authorised to communicate with the applications of U SIM card are authenticated before granting them access to its functionalities thus it prevents from such attacks ST Applicable on February 2012 Page 68 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemalt X Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the Q version before using Classification level Public Pages 133 5 3 1 5 IDENTITY USURPATION T MNO USURPATION This threat is covered by the security objective O TRANSACTION BYPASS which prevent from bypassing a mandatory step of the transaction flow model as defined by the PM 1 amp PM 2 specifications and though preventing from identity usurpation O MNO AUTH contributes in covering this threat by ensuring that only the MNO can have access to its services T ISSUING BANK_USURPATION This threat is covered by the security objective O TRANSACTION BYPASS which prevent from bypassing a mandatory step of the transaction flow model as defined by the PM 1 amp PM 2 specifications and though
110. er is able to perform a transaction using the PAP embedded in the U SIM card of his mobile handset U ISSUING_BANK The Issuing Bank is the PAP provider The Issuing Bank is responsible of payment transactions authorisation and PAP administration i e loading of PAP code data and keys belonging to a specific customer U MERCHANT_POS The POS terminal used by the merchant It initiates transactions with the PAP in the customer s mobile handset for payment of a good or a service U MNO The Mobile Network Operator is the U SIM Card Issuer The MNO provides cards to the customers The MNO is responsible for the secure management of all pre issuance phases of the U SIM card life cycle status and for some post issuance processes Application Note The MNO can provide privileges to Issuing Banks via the Delegated Management functionality The MNO can also manage authorisation of applications permitted to reside on its U SIM cards U APP Any sensitive or non sensitive application embedded in the U SIM card besides the PAP U BANK GUI This is a graphical interface loaded into the mobile handset that allows the customer to access to the functions associated to their CMP applications U BANK MNG SW This is the software that is in charge of establishing a secure channel with the U SIM to tunnel PAP management functions loading updating and data U MNO MNG SW This is the software that is in charge of establishing a secure
111. ersonal Code Verification is allowed only if PAP Reference Personal Code State is UNBLOCKED PAP Reference Personal Code Integrity is VERIFIED Personal Code Presentation for Payment is requested only if PAP Personal Code State is NOT VERIFIED by the Bank s GUI or ALWAYS REQUESTED or REQUESTED AT THE NEXT PAYMENT PAP Personal Code Entry Amount is GREATER THAN PERSONAL CODE ENTRY LIMIT VALUE or the Systematic Personal Code State is ENABLED PAP Log File is allowed for all transactions besides those of Post Issuance Bank Management only during payment transactions Log File Update Status is ALLOWED FDP ACF 1 3 PAP Payment Transaction Management The TSF shall explicitly authorise access of subjects to objects based on the following additional rules none FDP ACF 1 4 PAP Payment Transaction Management The TSF shall explicitly deny access of subjects to objects based on the following additional rules following rule If one of the conditions listed in FDP ACF 1 2 is not fulfilled FDP ACF 1 Post Issuance Bank Management Security attribute based access control FDP ACF 1 1 Post Issuance Bank Management The TSF shall enforce the Post Issuance Bank Management Access Control SFP to objects based on the following Security attributes of the object PAP Keys PAP Keys Integrity Security attributes of the object PAP Counters PAP Counters Integrity PAP Counters State Security attributes of the object PAP Transaction Parameters
112. essed similarly to an EMV or a magnetic stripe purchase transaction The Payez Mobile solution can be used for any transaction amount including low value transactions Payez Mobile CMP is characterized by a radio frequency short read range distance that requires the mobile handset to be presented close to the contactless reader to enable a transaction Thus only proximity purchase transactions are authorized PM 1 Section 4 2 Two modes are offered to a customer to execute a Payez Mobile CMP Mode 1 PIN TAP and Mode 2 TAP PIN TAP Warning The acronym PIN used in the two payment modes described below refers to the Personal Code provided by the Issuing Bank to the customer ST Applicable on February 2012 Page 15 133 No disclosure to a third party without prior written consent of Gemalto gemalto Reference ROR21486_001_CCD_ASE Release 1 01p Printed copy not controlled verify the version before using Classification level Public Pages 133 1 6 2 1 Mode 1 PIN TAP When making a purchase first the customer manually chooses the appropriate PAP to be used for the purchase transaction enters his Personal Code then taps his mobile handset on the landing zone of the POS terminal to submit a payment transaction with the amount requested by the merchant and indicated on the POS terminal Figure 2 illustrates this mode of payment transaction in seven steps Autho
113. essses 104 OLIO SECURE CHANNEL irr reir rar e SERERE REEF RR SRRR ERR R RARE RRRRRRR ERKRURERKRKESRRRKAKEUREEFRRR 105 6 L11 UNOBSERVABILITY stie ERR ERE RUE XR ERE EERRE RE EERR EE EERKEERREEKREERERERRR 106 6 2 SECURITY ASSURANCE REQUIREMENTS eee nnne nnne nnn nnn nna anna nnne rana sana na nn nung 106 6 3 SECURITY REQUIREMENTS RATIONALE seen nnnm nnne nnne nane n narra rana sane na nn nnn 107 6 3 1 ODJECIVES sions 107 6 3 1 1 Security Objectives for the TOE sssssssssssssssesese nene re rere 107 6 32 Rationale tables of Security Objectives and SFRs eee 113 GZS P Tuscus H 126 6 3 3 1 SFRs Dependencies eese enne enne nnn nnn nnn nnns s ann n aranea an 126 6 3 3 2 rH CMBITo egeo 130 6 324 Rationale for the Security Assurance Requirements iiis isses eene ahhh nnn nna 131 6 325 ALC DVS 2 Sufficiency of security measures sisse esee eae eser 131 6 3 6 AVA VAN 5 Advanced methodical vulnerability analysis sessi eese 131 7 TOE SUMMARY SPECIFICATION 1 enne rre rnne rane rane rane r annum aane nnna 132 7 1 SECURITY FUNCTIONS eS 132 7 2 ASSURANCE MEASURES 55 25 55 90 25 952 Sas es anean eaa aa Eaei seuskeedvaxevestsseawied snats 133 ST Applicable on February 2012 Page 4 133 No disclosure to a third party without prior written consent of Gemalto
114. ethods No contradiction OE VERIFICATION All the bytecodes shall be verified at least once before the loading before the installation or before the execution depending on the card capabilities in order to ensure that each bytecode is valid at execution time OE TRUSTED APPS DEVELOPER The trusted application developer shall be a trusted actor that provides basic or secure application where correct usage of the TOE has been verified applying a secure development process in secure development environment No contradiction No contradiction OE TRUSTED APPS PRE ISSUANCE LOADING The trusted pre issuance loading on the platform must be done only using verified applet applying an audited process in a secure environment No contradiction OE ACTIVATION KEY ESCROW The key escrow is a trusted actor must ensure the security of the keys used for remote service activation during generation storage importation in TOE and usage No contradiction Table 5 Compatibility of security objectives for the environment ST Applicable on February 2012 No disclosure to a third party without prior written consent of Gemalto Page 47 133 Reference ROR21486_001_CCD_ASE Release 1 01p Printed copy not controlled verify the version before using gemalto Classification level Public Pages 133 3 6 Compatibility of security functional requirements FCS_COP
115. f PM 1 amp PM 2 FDP UIT 1 which guarantees the integrity of data exchanged from and to the TOE by detecting replayed transactions AUTHENTICATION O USER AUTH This objective is covered by FIA UAU 1 PAP Online Transaction which require the authentication of the customer to the TOE to perform a transaction FIA UAU 3 which prevents against use of forged authentication data FIA UAU 4 which prevents against reuse of authentication data FIA UAU 6 Customer that requests customer re authentication when it is required FIA SOS 2 which ensures the TOE can generate random value to perform authentication processes FIA ATD 1 guarantees that security attributes belonging to customer are securely maintained FDP ACC 2 PAP Application FDP ACF 1 PAP Application FDP ACF 1 PAP Administration Management FDP ACF 1 PAP Payment Transaction Management FDP_ACC 2 PAP Administration Management FDP ACC 2 PAP Payment Transaction Management that define access controls for the Customer FMT SMRH 1 that associates the roles to the Customer FDP RIP 1 and FIA AFL 1 Customer that provide protection against brute force attacks and cryptographic extraction of residual information on the Personal Code FCS COP 1 Messages Data Integrity FCS COP 1 Messages Data Confidentiality which ensure cryptographic support for authentication mechanisms FIA USB 1 ensures that the appropriate security attributes are associated to the Customer authentication
116. fication level Public Pages PAP Provider Issuing Bank SSD personalize their applications and security domains in a confidential manner They have security domain keysets enabling them to be l authenticated to the corresponding security domain and to PAP installation and establish a trusted channel between the TOE and an external personalization trusted device These security domain keysets are not known by the U SIM Card issuer U SIM Card issuer Orange MNO ISD is initially the only entity authorized to manage applications loading instantiation deletion through a secure communication channel with the card based on SMS or BIP technology However he can grant PAP usage Card Mngt amp Payment these privileges to the PAP Provider through the delegated process management function of GP PAP Provider Issuing Bank SSD End User Unprotected environment PAP Provider Issuing Bank SSD Unprotected environment PAP destruction 1 7 4 PAP on card life cycle The on card life cycle of the PAP see Figure 10 GP standard life cycle states is compliant with the GlobalPlatform standard life cycle GP The PAP life cycle is divided in two parts e The contactless life cycle concerning the contactless PAP states e The life cycle status concerning the standard GP states 1 7 4 1 Contactless life cycle The contactless life cycle is composed of three states e ACTIVATED state
117. ger Module The HCI events are used to wake up the Bank GUI when a user interaction is required at the end of a transaction or when the Personal Code is required 1 7 2 8 Over The Air OTA Capabilities Platform using OTA mechanisms providing functions to tunnel information messages exchanged between the UICC Management Platform or the Bank TSM and a U SIM The only HCI event used in Payez Mobile solution is the EVT_TRANSACTION without the use of the parameter field To be aware of the transaction context i e why the Bank GUI has be awaken the Bank GUI shall read the Mobile Cardholder Interaction Information ST Applicable on February 2012 Page 25 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p g m cl X Reference RO R2 148 6 00 1 CCD ASE Printed copy not controlled verify the O version before using Public Pages 133 Classification level 1 7 3 Overview of the TOE Life Cycle The life cycle of the TOE is the life cycle of the U SIM card U SIM Platform PAP from the development to the operational stage through manufacturing and personalization Figure 8 illustrates the life cycle of the U SIM Platform as well as the life cycle of the PAP Phase 1 amp 2 UICC amp U SIM Platform Development Point of delivery of the PAP Phase UICC Manufactunng amp U SIM Platform Storage ophonal Phase 4 UICC pack
118. h and ATM cash withdrawal so that an attacker cannot forge a message for the legitimate customer by usurpating his bank s identity in order to obtain desired information from him name address PAN activation code ST Applicable on February 2012 Page 58 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal t X Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the O version before using Public Pages 133 Classification level 4 4 3 MERCHANT OSP MERCHANT_CONTROL The Acquirer applies a specific security policy regarding the secure usage of the POS by the Merchant Application Note The Acquirer s role is acquires and processes clearing transaction files forwards authorisation and clearing messages from the Merchant point of sale to the Issuing Bank through a Payment Scheme network provides an accurate and reliable transaction flow transmission from the Merchant POS to the Issuing Bank provides a POS terminal compliant with the Payment Scheme requirements and with the functionalities defined within the Payez Mobile specifications 44 4 BANK OSP BANKS PRIVILEGES The Issuing Bank has specific privileges For instance 4 5 the ability to request the value of the ATC and Offline counters That request should be done randomly or on response to an incident reported by the customer the ability to reset offline counters through OTA
119. hall ensure that all operations between any subject controlled by the TSF and any object controlled by the TSF are covered by an access control SFP Application Note What follows are all operations among subjects and objects covered by this SFP PAP Activation Deactivation PAP Locking Unlocking Systematic Personal Code Activation Log Heading Reference Personal Code Change Unblock FDP ACC 2 PAP Payment Transaction Management Complete access control FDP ACC 2 1 PAP Payment Transaction Management The TSF shall enforce the PAP Payment Transaction Management Access Control SFP on Subjects S PAP S BANK TSM S MNO SD Objects Personal Code PAP Log File and all operations among subjects and objects covered by the SFP FDP ACC 2 2 PAP Payment Transaction Management The TSF shall ensure that all operations between any subject controlled by the TSF and any object controlled by the TSF are covered by an access control SFP Application Note What follows are all operations among subjects and objects covered by this SFP Personal Code Presentation for Payment Personal Code Verification Log Update ST Applicable on February 2012 Page 81 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal t x Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the Q version before using 133 Classification level Public Pages FDP
120. he POS terminal some information prints the user s about the current receipt conditional transaction and the merchant s receipt user to enter their handset contactless reader personal code landing zone before completing the transaction m gt 2nd TAP See conditions Section 4 5 1 e9 o CS BEEP 2 Figure 3 Mode 2 TAP PIN TAP 1 6 2 3 Security features In addition to the security functions supported by the U SIM platform refer to the 1 3 8 of NFC ST for usage of the platform the PAP shall support the security features listed below e Offline communication with the POS terminal Offline Data Authentication Online Authentication and communication with the Bank Issuing Personal Code verification and management Transaction risk management analysis Transaction Certification Counter reset processing Script processing via OTA bearer Auditing Log reading and update Administration management Contactless life cycle management Depending on the Acquirer and Issuing Bank risk management configuration the merchant POS terminal processes the proximity purchase transaction offline or online A Payez Mobile CMP transaction shall be executed according to Payez Mobile specification and under MasterCard Visa or local scheme requirements and operating rules and should use the same authorization network and clearing system than standard credit an
121. he use of the PAP Especially it must inform the customer that he must not divulgate his Personal Code to anyone The customer shall enforce these rules OE GUIS IDENTIFICATION The handset shall implement an access control mechanism that identifies GUIs authorised to communicate with the TOE Cardlets OE POLICY The mobile handset shall implement a security policy and a control access policy to resources U SIM network etc OE NFC PROTOCOL The implementation of NFC protocol shall be compliant with ISO 14443 In particular payment transactions shall be disabled beyond a given distance OE TRANSACTION DISPLAY Related payment transaction information amount transaction status etc shall be systematically displayed on the screen of the customers mobile handset before or after the transaction OE CHANNELS SELECTION The mobile handset shall provide the means to the customer to fix the communication channels that permit to communicate with the TOE eg NFC OTA Bluetooth ST Applicable on February 2012 Page 62 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemalt X Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the Q version before using Classification level Public Pages 133 OE GUIS TIMEOUT The GUls shall detect when Personal Code Timeout limit values and unsuccessful authentication attempts occur related to the Personal Co
122. ices unauthorised read or modification of the PAP sensitive assets protected in integrity and confidentiality unauthorised modification of the PAP sensitive assets protected in integrity PAP Selection failure PAP Activation failure PAP Services failure known to indicate a potential security violation b No other rules FAU GEN 1 Audit data generation FAU GEN 1 1 The TSF shall be able to generate an audit record of the following auditable events a Start up and shutdown of the audit functions b All auditable events for the not specified level of audit and c The following auditable events Payment transactions Application Note c the Payment transactions auditable events are given in FAU SAA 1 2 FAU GEN 1 2 The TSF shall record within each audit record at least the following information a Date and time of the event type of event subject identity if applicable and the outcome success or failure of the event and b For each audit event type based on the auditable event definitions of the functional components included in the PP ST ST Applicable on February 2012 Page 94 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal x Reference ROR2 1486 00 1 CCD ASE Printed copy not controlled verify the O version before using Public 133 Classification level Pages Application Note In the context of Payment transactions e Dat
123. information flow control SFP based on the following types of subject and information security attributes Security Attributes of the subject S PAP Contactless Life Cycle State PAP Action Analysis State Security Attributes of the information PAP Transaction Parameters PAP Transaction Processing State ST Applicable on February 2012 Page 91 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal x Reference ROR2 1486 00 1 CCD ASE Printed copy not controlled verify the O version before using 133 Classification level Public Pages FDP_IFF 1 2 PAP Offline Transaction The TSF shall permit an information flow between a controlled subject and controlled information via a controlled operation if the following rules hold S PAP is the currently selected application Contactless Life Cycle State is ACTIVATED PAP Transaction Processing State complies with PM 1 amp PM 2 PAP Action Analysis State requires offline processing PAP Action Analysis State does not reject the transaction FDP_IFF 1 3 PAP Offline Transaction The TSF shall enforce the following rules None FDP_IFF 1 4 PAP Offline Transaction The TSF shall explicitly authorise an information flow based on the following rules none FDP_IFF 1 5 PAP Offline Transaction The TSF shall explicitly deny an information flow based on the following rules If one of the conditions listed in FDP_IFF 1 2 i
124. ionalities FMT_SMR 1 ELIT WLF Parametra FMT_SMR 1 EMT SME Funcionales EMT SMET FMT MTD 1 Secrets FMT SMF 1 and EMT _SMF 1 Functionalities FMT SMR 1 EMT MTO 1 Secrets FMT_SMR 1 EMT SME Fu ncionalities EMT SMRT FDP_ACC 1 or FDP ACC 2 Post Issuance Bank Satisfied Dependencies FDP_IFC 1 and Management FDP_IFC 2 Post Issuance EMIT MESS leasing Bank FMT SMF 1 and Bank Management FMT_SMF 1 FMT_SMR 1 Functionalities FMT SMR 1 FDP_ACC 1 or FDP _ACC 2 Post lssuance Bank FMT MSA2 FDP_IFC 1 and Management FDP IFC 2 Post Issuance FMT MSA 1 and Bank Management FMT MSA 1 Issuing FMT SMR 1 Bank FMT SMH 1 FMT MSA 1 and sj EMI WISA 1 Issuing bank FMT MSA 3 FMT SMR 1 FMT MSA 1 Issuing Bank FMT SMH 1 ST Applicable on February 2012 Page 127 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p Printed copy not controlled verify the version before using Reference ROR21486 001 CCD ASE Classification level Public Pages 133 Satisfied Dependencies gemalto e FIA UID 1 PAP Online Transaction FIA UID 1 Post Issuance Bank Cc ics ps uL Is Dependencies FMT _SMR 1 FIA_UID 1 Managemen FIA AFL 1 Customer FIA_UAU 1 FIA UAU 1 PAP Online Transaction FIA UAU 1 PAP Online Transaction FIA AFL 1 Issuing Bank FIA UAU 1 FIA UAU 1 Post Issuance Bank Managemen FIA ATD
125. knowledge of the MNOs master key or the Bank s TSM key to make a real fake payment application exploiting cryptographic weaknesses to determine the keys Assets threatened PAP keys PAP Transaction Parameters Customer Account Information PAP Transaction Data T TRANSACTION_REPLAY Replay of a previous complete sequence of transaction operations Asset threatened PAP Transaction data POS Transaction data Issuing Bank Transaction Data Application Note This attack may be done by exploiting cryptographic weaknesses to determine the random values used for instance in DDA computation and session key diversification in order to replay previous transactions and usurpate users identities 4 3 4 DENIAL OF SERVICE T CERTIF_CORRUPTION Corruption of the transaction data certificates in order to deny participation to the transaction under the terms claimed by one party Assets threatened PAP Transaction Parameters PAP Transaction Data POS Transaction Data T APPLICATIONS DOS Exploiting OTA bearer or NFC bearer an attacker initiates transactions of small amounts by simulating a POS terminal He may also install fraudulently an application on the mobile handset GUI that initiates transactions with the U SIM card This attack may cause denial of service on the payment applications Assets threatened Issuing Bank Scripts MNO Data Issuing Bank Transaction Data 4 3 5 IDENTITY USURPATION T MNO USURPATION An attacker is il
126. legally granted the rights of the MNO to modify the transactions parameters in order to authorise fraudulent transactions Assets threatened MNO Data T ISSUING BANK_USURPATION An attacker is illegally granted rights of the Issuing Bank to make unauthorised PAP management operations Assets threatened Issuing Bank Transaction Data T CUSTOMER_USURPATION An attacker is illegally granted the rights of the legitimate customer to submit unauthorised transactions on his her behalf ST Applicable on February 2012 Page 57 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal x Reference ROR2 1486 00 1 CCD ASE Printed copy not controlled verify the O version before using 133 Classification level Public Pages Assets threatened All assets Application Note Those attacks could be made by exploiting cryptographic weaknesses to determine the keys or random values used in the authentication process in order to usurpate users identities 4 4 Organisational Security Policies 4 4 1 HANDSET OSP POLICY The mobile handset implements a security policy and a control access policy to resources U SIM network etc OSP CUSTOMER_PC_CONFID The mobile handset never conserves the customer s Personal Code in its memory OSP GUIS_IDENTIFICATION The handset implements an access control mechanism that identifies GUIs authorised to communicate with the PAP Cardlet
127. ll perform remote optional platform service activation only when service activation is authorized and only by an authorized actor Limited to Gemactivate Administrator usually Gemalto under control of MNO No contradiction O EMVUtil_API The TOE shall provide to banking application a secure_API to optimize control on sensitive object performed by application TOE shall provide services for secure container and counter management and to detect loss of data integrity No contradiction Table 4 Compatibility of TOE security objectives ST Applicable on February 2012 No disclosure to a third party without prior written consent of Gemalto Page 44 133 Release 1 01p gemalt x Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the Q version before using Classification level Public Pages 133 3 5 Compatibility of security objectives for the environment OE MOBILE OPERATOR The mobile operator shall be a trusted actor responsible for the mobile network and the associated OTA servers No contradiction OE OTA ADMIN Administrators of the mobile operator OTA servers shall be trusted people They shall be trained to use and administrate those servers They have the means and the equipments to perform their tasks They must be aware of the sensitivity of the assets they manage and the responsibilities associated to the administration of OTA servers No contra
128. lled verify the Q version before using 133 Classification level Public Pages FDP IFF 1 PAP Offline Authentication Simple security attributes FDP IFF 1 1 PAP Offline Authentication The TSF shall enforce the PAP Offline Authentication information flow control SFP based on the following types of subject and information security attributes Security Attributes of the subject S PAP Contactless Life Cycle State Security Attributes of the information PAP Transaction Parameters PAP Transaction Parameters State FDP IFF 1 2 PAP Offline Authentication The TSF shall permit an information flow between a controlled subject and controlled information via a controlled operation if the following rules hold S PAP is the currently selected application Contactless Life Cycle State is ACTIVATED PAP Transaction Parameters State requires dynamic authentication FDP IFF 1 3 PAP Offline Authentication The TSF shall enforce the following rules none FDP IFF 1 4 PAP Offline Authentication The TSF shall explicitly authorise an information flow based on the following rules None FDP IFF 1 5 PAP Offline Authentication The TSF shall explicitly deny an information flow based on the following rules If one of the conditions listed in FDP IFF 1 2 is not fulfilled FDP IFF 1 PAP Offline Transaction Simple security attributes FDP IFF 1 1 PAP Offline Transaction The TSF shall enforce the PAP Offline Transaction
129. log files in order to check the history of payment transactions that he has made lately ST Applicable on February 2012 Page 61 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemalt x Reference ROR2 1486 00 1 CCD ASE Printed copy not controlled verify the O version before using Classification level Public Pages 133 5 1 6 GUI O GUIS_AUTH The TOE U SIM Platform and PAP shall authenticate the GUIs authorised to communicate with the applications of U SIM card Cardlets before granting them access to its functionalities The applications shall only accept communication from authenticated GUls Application Note Handled by the U SIM platform see O APPLI AUTH and O COMM AUTH in PP USIM This security objective is handled by the U SIM platform 5 2 Security objectives for the Operational Environment 5 2 1 HANDSET OE CUSTOMER PC CONFID The mobile handset shall preserve the customer s Personal Code from disclosure during its transmission to the PAP in order to be compared with the Reference Personal Code Thus the mobile handset shall never keep the customer s Personal Code in its memory OE GUI INST ALERT The mobile handset shall provide mechanisms for determining the legitimacy of an installed GUI alerting the customer on application installation attempts OE TOE USAGE The Issuing Bank shall communicate to the customer the rules dealing with t
130. lysis PAP Offline Transaction PAP Online Transaction Issuing Bank Script Processing FDP ACC 2 PAP Activation Complete access control FDP ACC 2 1 PAP Activation The TSF shall enforce the PAP Activation Access Control SFP on S PAP PAP Transaction Parameters PAP Selection and Activation Parameters and all operations among subjects and objects covered by the SFP FDP ACC 2 2 PAP Activation The TSF shall ensure that all operations between any subject controlled by the TSF and any object controlled by the TSF are covered by an access control SFP Application Note What follows are all operations among subjects and objects covered by this SFP PAP Selection ST Applicable on February 2012 Page 80 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal t x Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the Q version before using 133 Classification level Public Pages FDP ACC 2 PAP Administration Management Complete access control FDP ACC 2 1 PAP Administration Management The TSF shall enforce the PAP Administration Management Access Control SFP on Subject S PAP Objects PAP Selection and Activation Parameters PAP Log File PAP Keys PAP Counters Personal Code and Reference Personal Code and all operations among subjects and objects covered by the SFP FDP ACC 2 2 PAP Administration Management The TSF s
131. m Guides NFC GUIDE for the security recommendations to apply PAP development phase 1 is in the TOE evaluation scope including the application verification according to rules given inside guidances for Upteq M NFC certified product D1186227 amp D1188231 PAP verification and signature by Verification Authority VASD prior to PAP loading phase 7 is out of the TOE evaluation scope covered by the platform guidance The Mobile Paypass 1 0 application Secure APP is loading in post issuance during PAP loading phase phase 7 1 7 3 1 TOE role and environment We refer to platform ST NFC ST for the location of the U SIM Platform role and environment PAP Application Developer for Issuing Bank Gemalto Meudon 6 rue de la Verrerie 92197 Meudon Gemalto La Ciotat La Vigie Avenue du Jujubier ZI Ath lia IV 13705 La Ciotat Gemalto Singapore 12 Ayer Rajah Crescent 139941 Singapore ITSEF Secure environment PAP development Application loader i e TSM entity is in charge of secure application loading The TSM SP acting behalf Issuing Bank SSD to load the secure applications by OTA The TSM SP is composed of Integrator to setup the server and the Server that contains secure application DAP and software with required keys to perform the loading Before loading all applications are verified by a Validation Laboratory for the Standard applications or by ITSEF for the PAP loading Secure applications
132. m values Application Note The 8 bytes challenge is generated from Applicative Get Challenge from Platform Javacard API javacard security RandomData generateData FDP_DAU 1 Basic Data Authentication FDP_DAU 1 1 The TSF shall provide a capability to generate evidence that can be used as a guarantee of the validity of the following objects and information Contactless Life Cycle U SIM Life Cycle Status PAP Code PAP Selection and Activation Parameters PAP Transaction Parameters PAP Keys Reference Personal Code PAP Log File PAP Counters PAP Customer Account Information FDP_DAU 1 2 The TSF shall provide S PAP with the ability to verify evidence of the validity of the indicated information Application Note This FDP_DAU 1 is not appropriate but writen here according to PAP This SFR has to be used as integrity control ST Applicable on February 2012 Page 103 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal x Reference ROR2 1486 00 1 CCD ASE Printed copy not controlled verify the O version before using 133 Classification level Public Pages 6 1 9 ACCESS and INFORMATION FLOW CONTROL SFP FDP ITC 2 Post Issuance Bank Management Import of user data with security attributes FDP ITC 2 1 Post Issuance Bank Management The TSF shall enforce the Post Issuance Bank Management Access Control and the Post Is
133. me and the U SIM card lifetime These certificates shall be updated via OTA during the term of the contract signed with the customer OE Contactless life cycle MNGT Upon a new activation request Payez Mobile application is responsible for managing the deactivation of the current activated PAP The Payez Mobile application shall guarantee that only one PAP is activated at any given time ST Applicable on February 2012 Page 63 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal X Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the Q version before using 133 Classification level Public Pages 5 2 4 BANK OE NO VAD Remote payments e g internet transactions Mail Order Telephone Order MOTO cash advance quasi cash and ATM cash withdrawal shall be forbidden by the banks for PAP payments Only proximity purchase transactions shall be authorised OE BANKS PRIVILEGES The Issuing Bank shall be granted specific privileges 5 3 Security Objectives Rationale 5 3 1 Threats 5 3 1 1 DISCLOSURE T DISCLOSURE_KEYS This threat is covered by the security objective O DATA_DISCLOSURE which guarantees the secrecy of the keys stored in the TOE The security objective O ISSUING BANK AUTH ensures that nobody but the Issuing Bank can operates on PAP cryptographic keys stored in the TOE The security objective on the operational environment
134. n these actors has been obtained by audit of i ALC comp development process and development environment performed by ITSEF during private scheme evaluation or Common Criteria composite evaluation process OSP TRUSTED APPS PRE ISSUANCE LOADING For Pre Issuance loading of trusted applications the audited process during Platform evaluation must be used No contradiction ALC comp OSP SERVICE AUDIT The MNO and activation administrator usually Gemalto can audit No contradiction ST Applicable on February 2012 Page 38 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal t X Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the Q version before using Pages 133 Classification level Public optional platform service activation using remote service audit OSP ACTIVATION KEY ESCROW The key escrow is a trusted actor in charge of the secure storage of the activation keys generated and stored outside of TOE and import in TOE by the TOE personalizer during initial personalization He ensures the security of the keys for remote service activation No contradiction OSP EMVUtil_API The TOE must contribute to ensure that Banking application can optimize control on its sensitive operations using a dedicated API providing management of secure container and counter by TOE No contradiction The Secu
135. nd from any subject in the TOE are covered by an information flow control SFP Application Note What follows are all operations among subjects and objects covered by this SFP PAP Offline Data Authentication FDP IFC 2 PAP Offline Transaction Complete information flow control FDP IFC 2 1 PAP Offline Transaction The TSF shall enforce the PAP Offline Transaction Information Flow Control SFP on Subject S PAP Information PAP Transaction Parameters and all operations that cause that information to flow to and from subjects covered by the SFP ST Applicable on February 2012 Page 89 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal x Reference ROR2 1486 00 1 CCD ASE Printed copy not controlled verify the O version before using 133 Classification level Public Pages FDP_IFC 2 2 PAP Offline Transaction The TSF shall ensure that all operations that cause any information in the TOE to flow to and from any subject in the TOE are covered by an information flow control SFP Application Note What follows are all operations among subjects and objects covered by this SFP PAP Action Analysis PAP Offline Transaction FDP IFC 2 PAP Online Transaction Complete information flow control FDP IFC 2 1 PAP Online Transaction The TSF shall enforce the PAP Online Transaction information flow control SFP on Subject S PAP Information
136. ne of the conditions listed in FDP ACF 1 2 is not fulfilled FDP ACF 1 PAP Offline Authentication Security attribute based access control FDP ACF 1 1 PAP Offline Authentication The TSF shall enforce the PAP Offline Authentication Access Control SFP to objects based on the following Security attributes of the subject S PAP Contactless Life Cycle State U SIM Card Life Cycle Status Security attributes of the object PAP State Machine PAP Transaction Processing State Security attributes of the object PAP Keys PAP Keys Integrity Security attributes of the object PAP Transaction Parameters PAP Transaction Parameters State PAP Transaction Parameters Integrity FDP ACF 1 2 PAP Offline Authentication The TSF shall enforce the following rules to determine if an operation among controlled subjects and controlled objects is allowed PAP Offline Data Authentication is allowed only if ST Applicable on February 2012 Page 87 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal t x Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the O version before using 133 Classification level Public Pages U SIM Card Life Cycle Status is SELECTED Contactless Life Cycle State is ACTIVATED PAP Transaction Processing State complies with Transaction Flow PAP Keys Integrity is VERIFIED PAP Transaction Parameters Integrity is VERIFIED
137. nsactions certificates O USER AUTH contributes in covering this threat by ensuring that only the customer can submit transactions ST Applicable on February 2012 Page 67 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal x Reference ROR2 1486 00 1 CCD ASE Printed copy not controlled verify the O version before using Public Pages 133 Classification level O TRANSACTION_BYPASS covers this threat by preventing from bypassing a mandatory step of the transaction flow model as defined by the PM 1 amp PM 2 specifications and though preventing from replaying a payment transaction O SIM_UNLOCK requires unlocking the U SIM card by means of the PIN code for each payment transaction This threat could be covered by the U SIM platform security functions 5 3 1 4 DENIAL OF SERVICE T CERTIF_CORRUPTION This threat is covered by the security objective O TRANSACTION_INTEGRITY that preserves the integrity of transactions and the integrity of all certified terms of the transactions The security objective O TRANSACTION_UNIQUENESS contributes in covering this threat by preserving the uniqueness of a transaction by limiting the probability of generating two identical copies of transactions certificates T APPLICATIONS DOS This threat is covered by the following security objectives O CHANNELS that provides the means to identify the origin of a communication request int
138. ntication ST Applicable on February 2012 Page 132 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal x Reference ROR2 1486 00 1 CCD ASE Printed copy not controlled verify the O version before using Public 133 Classification level Pages The F PROTECTION function allows to e Management Manage the integrity or confidentiality of User data and TSF data that required integrity or confidentiality Manage the replay detection Manage the residual information protection Manage the secure communication channel Manage Reference Personal Code and PAP Keys unoservability 7 2 Assurance measures Assurance measure Document title MPP ASE Mobile Paypass v1 0 on Orange NFC V2 G1 Security Target MPP ADV ADV documents MPP ADV_IMP Source code Mobile Paypass v1 0 MPP AGD AGD documents MPP ALC ALC documents MPP ATE ATE documents MPP AVA Samples Mobile Paypass v1 0 on Orange NFC V2 G1 END OF THE DOCUMENT ST Applicable on February 2012 Page 133 133 No disclosure to a third party without prior written consent of Gemalto
139. o a third party without prior written consent of Gemalto Release 1 01p gemal t x Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the Q version before using Public Pages 133 Classification level FTP ITC 1 Inter TSF trusted channel FTP ITC 1 1 The TSF shall provide a communication channel between itself and another trusted IT product that is logically distinct from other communication channels and provides assured identification of its end points and protection of the channel data from modification or disclosure FTP ITC 1 2 The TSF shall permit another trusted IT product to initiate communication via the trusted channel FTP ITC 1 3 The TSF shall initiate communication via the trusted channel for PAP Online Transaction Post Issuance Bank Management 6 1 11 UNOBSERVABILITY FPR UNO 1 Unobservability FPR UNO 1 1 The TSF shall ensure that all users and subjects are unable to observe the operation PIN comparison and key comparison on the Reference Personal Code and the PAP keys performed by S PAP 6 2 Security Assurance Requirements The Evaluation Assurance Level is EAL4 augmented with ALC_DVS 2 and AVA VAN 5 ST Applicable on February 2012 Page 106 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal x Reference ROR2 1486 00 1 CCD ASE Printed copy not controlled verify the O version before using
140. objective is satisfied by the following SFRs All access and information flow control SFPs FDP ACC 2 PAP Application FDP_ACF 1 PAP Application FDP IFC 2 PAP Offline Authentication FDP IFF 1 PAP Offline Authentication FDP ACC 2 PAP Activation FDP ACF 1 PAP Activation FDP ACF 1 PAP Administration Management FDP_ACF 1 PAP Payment Transaction Management FDP ACF 1 PAP Offline Authentication FDP ACF 1 PAP Offline Authentication FDP ACF 1 Post lssuance Bank Management FDP ACF 1 PAP Transaction ST Applicable on February 2012 Page 107 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal x Reference ROR2 1486 00 1 CCD ASE Printed copy not controlled verify the O version before using Classification level Public Pages 133 FDP_IFC 2 PAP Offline Transaction FDP_IFC 2 PAP Online Transaction FDP_IFC 2 Post Issuance Bank Management FDP_IFF 1 PAP Offline Transaction FDP_IFF 1 PAP Online Transaction FDP IFF 1 Post Issuance Bank Management FDP ACC 2 PAP Administration Management FDP ACC 2 PAP Payment Transaction Management FDP ACC 2 Post lssuance Bank Management FDP ACC 2 PAP Offline Authentication FDP ACC 2 PAP Transaction FDP ETC 1 FDP ITC 1 FDP ITC 2 PAP Transaction and FDP ITC 2 Post Issuance Bank Management and FPT TDC 1 are enforced for transaction process and thus help in ensuring a non bypassability of the transaction flow model
141. of the user to be performed before the user is authenticated ST Applicable on February 2012 Page 100 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal t x Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the O version before using 133 Classification level Public Pages Refinement User authentication stands for the authentication using the Personal Code of the PAP FIA_UAU 1 2 PAP Online Transaction The TSF shall require each user to be successfully authenticated before allowing any other TSF mediated actions on behalf of that user FIA UAU 1 Post Issuance Bank Management Timing of authentication FIA UAU 1 1 Post Issuance Bank Management The TSF shall allow selecting a PAP on the U SIM card requesting data that identifies the Issuing Bank establishment of a trusted path dedicated to the Post Issuance Bank Management on behalf of the user to be performed before the user is authenticated Refinement User authentication stands for the authentication using the Personal Code FIA UAU 1 2 Post Issuance Bank Management The TSF shall require each user to be successfully authenticated before allowing any other TSF mediated actions on behalf of that user FIA UAU 1 Payment Transaction Timing of authentication FIA UAU 1 1 Payment Transaction The TSF shall allow all operations except payment transactions on
142. on February 2012 Page 97 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal x Reference ROR2 1486 00 1 CCD ASE Printed copy not controlled verify the O version before using 133 Classification level Public Pages FDP_RIP 1 Subset residual information protection FDP_RIP 1 1 The TSF shall ensure that any previous information content of a resource is made unavailable upon the deallocation of the resource from the following objects PAP Reference Personal Code PAP Personal Code PAP Keys Application Note e The PAP Reference Personal Code is created during personalization and cleared during reset personalization 6 1 7 MANAGEMENT FMT_SMF 1 Functionalities Specification of Management Functions FMT_SMF 1 1 Functionalities The TSF shall be capable of performing the following management functions Post Issuance Bank Management issuing bank scripts Communication channels selection OTA Issuance Management TSM can install the MPP instance over the air and personalize the installed instance over the air too Customer personal parameter setup Customer can setup some personal parameters in MPP via MIDlet Application Note e The communication channels selection is to be considered as a way to identify the origin by determining the contact or contactless protocol FMT_MOF 1 Parameters Management of security func
143. on the application is loaded Over The Air OTA onto U SIM Platform using OTA servers This process should protect the confidentiality and the integrity of the loaded application code No contradiction OE OTA SERVERS ST Applicable on February 2012 No disclosure to a third party without prior written consent of Gemalto Page 45 133 Release 1 01p gemal t X Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the Q version before using Classification level Public Pages 133 The mobile operator must enforce a policy to ensure the security of the applications stored on its servers OE AP KEYS The SD keys personalizer the AP and the key escrow must No contradiction enforce a security policy on SD keys in order to secure their transmission OE OPERATOR KEYS The security of the mobile operator keys must be ensured in the No contradiction environment of the TOE OE KEY GENERATION The security of the mobile operator keys must be ensured in the No contradiction environment of the TOE OE CA KEYS The security domain keys of the CA must be securely generated No contradiction prior storage in the U SIM card OE VA KEYS The security domain keys of the VA must be securely generated No contradiction prior storage in the U SIM card OE KEY CHANGE The AP must change its security domain initial keys before any No contradiction operation on it OE
144. once the maximal number of attempts has been reached until a special action is performed by a privileged user O ISSUING BANK AUTH The TOE shall authenticate the Issuing Bank before processing administration transactions O MNO AUTH The TOE shall authenticate the MNO before granting him access to its services Handled by the U SIM platform see O COMM AUTH in PP USIM 5 1 3 EXECUTION PROTECTION The correct execution of the services provided by the PAP applications resources control and applications isolation are handled by the U SIM platform on which the payment application package is embedded They are satisfied by technical countermeasures implemented by the U SIM platform PP USIM O AUTHORISATION CONTROL The consistency of payment transactions shall be checked according to Payez Mobile specifications PM 1 and PM 2 before granting the customer the authorisation to submit payment transactions ST Applicable on February 2012 Page 60 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal x Reference ROR2 1486 00 1 CCD ASE Printed copy not controlled verify the O version before using 133 Classification level Public Pages 5 1 4 DATA PROTECTION O DATA_DISCLOSURE The TOE shall avoid unauthorised disclosure of TSF data stored and manipulated by the TOE and that must be protected in confidentiality Application Note This security objective
145. ot controlled verify the version before using Ito Reference ROR21486 001 CCD ASE Classification level Public Pages 133 The TOE shall provide a means to securely manage cryptographic keys This concerns the correct generation distribution access and destruction of cryptographic keys O PIN MNGT The TOE shall provide a means to securely manage PIN objects No contradiction O REMOTE The TOE shall provide restricted remote access from the CAD to the services implemented by the applets on the card This particularly concerns the Java Card RMI services introduced in version 2 2 x of the Java Card platform No contradiction O TRANSACTION The TOE must provide a means to execute a set of operations atomically No contradiction O OBJ DELETION The TOE shall ensure the object deletion shall not break references to objects No contradiction O DELETION The TOE shall ensure that both applet and package deletion perform as expected No contradiction O LOAD The TOE shall ensure that the loading of a package into the card is safe No contradiction O INSTALL The TOE shall ensure that the installation of an applet performs as expected No contradiction O SCP RECOVERY If there is a loss of power or if the smart card is withdrawn from the CAD while an operation is in progress the SCP must allow the TOE to eventually complete the interrupted operation
146. ow control SFPs FDP_ACC 2 PAP Application FDP_ACF 1 PAP Application FDP IFC 2 PAP Offline Authentication FDP IFF 1 PAP Offline Authentication FDP ACC 2 PAP Activation FDP ACF 1 PAP Activation FDP ACF 1 PAP Administration Management FDP_ACF 1 PAP Payment Transaction Management FDP ACF 1 PAP Offline Authentication FDP ACF 1 PAP Offline Authentication FDP ACF 1 Post lssuance Bank Management FDP ACF 1 PAP Transaction FDP IFC 2 PAP Offline Transaction FDP IFC 2 PAP Online Transaction FDP IFC 2 Post Issuance Bank Management FDP_IFF 1 PAP Offline Transaction FDP_IFF 1 PAP Online Transaction FDP IFF 1 Post Issuance Bank Management FDP ACC 2 PAP Administration Management FDP ACC 2 PAP Payment Transaction Management FDP ACC 2 Post lssuance Bank Management FDP ACC 2 PAP Offline Authentication FDP ACC 2 PAP Transaction helps in ensuring the confidentiality of the User data FDP ETC 1 FDP ITC 1 FDP ITC 2 Post Issuance Bank Management FDP ITC 2 PAP Transaction and FPT TDC 1 that cover the confidentiality of user data when imported and exported FAU ARP 1 that prevents and react from potential security violation FAU SAA 1 FAU_SAA 1 which specifies rules that preserve the confidentiality of log files FCS COP 1 Offline Data Authentication FCS COP 1 Script Processing and FCS COP 1 Messages Data Confidentiality that specify cryptographic algorithms that shall be used to ensure the confidentiality of transmitted da
147. r data controlled under the SFP from outside of the TOE FDP ITC 1 2 The TSF shall ignore any security attributes associated with the user data when imported from outside the TOE FDP ITC 1 3 The TSF shall enforce the following rules when importing user data controlled under the SFP from outside the TOE None FDP UIT 1 Data exchange integrity FDP UIT 1 1 The TSF shall enforce the PAP Offline Transaction PAP Online Transaction and the Post Issuance Bank Management Information Flow Control SFPs to receive user data in a manner protected from replay insertion deletion and modification errors FDP UIT 1 2 The TSF shall be able to determine on receipt of user data whether modification deletion insertion and replay has occurred 6 1 10 SECURE CHANNEL FPT TDC 1 Inter TSF basic TSF data consistency FPT TDC 1 1 The TSF shall provide the capability to consistently interpret the following TSF data types when shared between the TSF and another trusted IT product The TSF data types are PAP Reference Personal Code State PAP Counters Integrity and PAP Counters State Contactless Life Cycle State PAP Transaction processing State and Issuing Bank Transaction Data Confidentiality if required Integrity and Origin FPT TDC 1 2 The TSF shall use the rules defined in PM 1 amp PM 2 when interpreting the TSF data from another trusted IT product ST Applicable on February 2012 Page 105 133 No disclosure t
148. rameters Integrity FDP_ACF 1 2 PAP Activation The TSF shall enforce the following rules to determine if an operation among controlled subjects and controlled objects is allowed Selection is allowed only if Contactless Life Cycle State is INSTALLED PAP Selection and Activation Parameters is allowed only if PAP Selection and Activation Parameters is VERIFIED PAP Transaction Parameters is allowed only if PAP Transaction Parameters Integrity is VERIFIED FDP_ACF 1 3 PAP Activation The TSF shall explicitly authorise access of subjects to objects based on the following additional rules None FDP_ACF 1 4 PAP Activation The TSF shall explicitly deny access of subjects to objects based on the following additional rules following rule If one of the conditions listed in FDP_ACF 1 2 and FDP_ACF 1 3 is not fulfilled ST Applicable on February 2012 Page 84 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal t x Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the Q version before using 133 Classification level Public Pages FDP ACF 1 PAP Administration Management Security attribute based access control FDP ACF 1 1 PAP Administration Management The TSF shall enforce the PAP Administration Management Access Control SFP to objects based on the following Security attributes of the object Personal Code and Reference Personal Code
149. re APIs are used by composite TOE Table 2 Compatibility of OSP ST Applicable on February 2012 No disclosure to a third party without prior written consent of Gemalto Page 39 133 Release 1 01p Printed copy not controlled verify the version before using Ito Reference ROR21486 001 CCD ASE Classification level Public Pages 133 3 3 Compatibility of assumptions A MOBILE OPERATOR The mobile operator is a trusted actor responsible for the mobile network and the associated OTA servers The mobile operator as Card issuer cannot get access or change the application data which belongs to the AP AGD comp A OTA ADMIN Administrators of the mobile operator OTA servers are trusted people They are trained to use and administrate securely those servers They have the means and the equipments to perform their tasks They are aware of the sensitivity of the assets they managed and the responsibilities associated to the administration of OTA servers AGD comp A APPS PROVIDER The AP is a trusted actor that provides standard or secure applications He is responsible for his security domain keys APSD keys AGD comp A VERIFICATION AUTHORITY The VA is a trusted actor who is able to guarantee and check the digital signature attached to a standard or secure application AGD comp A CONTROLLING AUTHORITY The CA is a trusted actor responsible for securing th
150. ribes the usage of the TOE and its major security features identifies the TOE type and any non TOE hardware software firmware required by the TOE 1 6 1 TOE type The product to be evaluated is Gemalto Mobile PayPass 1 0 on Orange NFC V2 G1 U SIM card intended to be plugged in a mobile handset to provide secure payment services to an end user see Figure 1 The TOE is composed of the following bricks e AGemalto Orange NFC V2 G1 U SIM Java Card platform certified conformant to PP USIM which is a piece of software OS Java Card System U SIM APIs embedded in an STMicroelectronics ST33F1M Integrated Circuit IC It shall be compliant with GlobalPlatform UICC Configuration GP 4 and GlobalPlatform Card Specification v2 2 GP including the extended ProcessData method as defined in Confidential Card Content Management GP2 2 Card Specification v2 2 Amendment A GP CCCM The U SIM also implements the mechanisms defined in GlobalPlatform Amendment C GP 5 e A Gemalto Mobile PayPass v1 0 Payment Application Package PAP compliant with PM 1 PM 2 and PM 6 1 UICC stands for a U SIM card The term package doesn t correspond to the package in Java world but means the contactless mobile payment application ST Applicable on February 2012 Page 13 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p Classification level gemal X Reference ROR2 1486 001 CCD
151. rify the O version before using Classification level Public Pages 133 3 2 COMPATIBILITY OF OSP ooien a e aa a EO Ea 36 3 3 COMPATIBILITY OF ASSUMPTIONS csecccecceeceeecueecueeaueeuseaneeseensuenaeseeeseueseueseeeseseutsauesasesagets 40 3 4 COMPATIBILITY OF TOE SECURITY OBJECTIVES cscccseesseecseeceeeueeeseenaueeseseueseeesaeeseeseutsauesssesagens 41 3 5 COMPATIBILITY OF SECURITY OBJECTIVES FOR THE ENVIRONMENT eee 45 3 6 COMPATIBILITY OF SECURITY FUNCTIONAL REQUIREMENTS seen nennen nne nnn nnn nnn nnn nnn nn 48 3 7 COMPATIBILITY OF SECURITY FUNCTIONAL REQUIREMENTS FOR THE ENVIRONMENT scceseeeeseeeeesesaees 51 3 8 COMPATIBILITY OF ASSURANCE REQUIREMENTS cieeeeenn nennen nnne nnne nne nhanh nn nnn nen nnn nn 51 4 SECURITY PROBLEM DEFINITION n rere rrr rrr nun nu rura aun run 52 LU MEME Ium 52 4 1 1 User daO nosenom ni E AA E TE E EEE EE AAE EREA EAKR AR 52 4 1 2 TSF GW P AEEA E AA AE E E EEE 53 4 1 2 1 TRANSACTION MANAGEMENT DATA eene nnnm nennen nnne nnne 53 4 1 2 2 TEMPORARY TRANSACTION DATA eene nennen nennen nena nnn 53 COP USRS EVUrpce e 54 421 URO 54 PP MEERDUA Ie cR E ecw 54 LEN Dig 55 43 1 DISCLOSURE isse iae eR ERE AXE AER IARE ERAI MR EVER FANE RR RARE RA LERA FRAN Fa Re NR E RYRE RAE 55 4
152. risation Request conditional is requested depending on Acquirer Issuing Bank risk management configuration application via MMI multiple payment applications scenario on mobile handset POS terminal amount is displayed on the Merchant s their mobile to the contactless reader landing zone and audible signal takes place BEEP some information about the current transaction a em P d ES Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Select the payment Enter Personal code The transaction The end user taps Wait until a visible The mobile displays The POS terminal prints the user s receipt conditional and the merchant s receipt Figure 2 Mode 1 PIN TAP 1 6 2 2 Mode 2 TAP PIN TAP In this mode the customer first taps his mobile to the landing zone of the POS terminal which already displays a transaction amount after that if the transaction amount is lower than Personal Code Entry Limit e g 20 EUR then the transaction is processed without Personal Code optional upon customer configuration Otherwise if the amount is above the Personal Code Entry Limit see Personal Code Entry Conditions listed in Section 4 5 2 1 PM 1 then the customer enters his Personal Code and after that taps his mobile handset a second time on the landing zone of the merchant POS terminal in order to proceed with the payment transaction The steps of this
153. rity Cryptographic operation FCS COP 1 1 Messages Data Integrity The TSF shall perform MAC Computation in accordance with a specified cryptographic algorithm 3DES and cryptographic key sizes 16 bytes that meet the following PM 1 and PM 2 specifications FCS COP 1 Messages Data Confidentiality Cryptographic operation FCS COP 1 1 Messages Data Confidentiality The TSF shall perform Encipherment in accordance with a specified cryptographic algorithm 3DES and cryptographic key sizes 16 bytes that meet the following PM 1 and PM 2 specifications ST Applicable on February 2012 Page 96 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal x Reference ROR2 1486 00 1 CCD ASE Printed copy not controlled verify the O version before using 133 Classification level Public Pages 6 1 6 PROTECTION FDP_SDI 2 Stored data integrity monitoring and action FDP_SDI 2 1 The TSF shall monitor user data stored in containers controlled by the TSF for corruption on all objects based on the following attributes all stored Transaction management data all stored Temporary data during transaction processing integrity all stored Temporary data during Post Issuance Bank Management FDP SDI 2 2 Upon detection of a data integrity error the TSF shall deactivate and lock the PAP or Mute the U SIM card or Clear secret data FP
154. rsonal Code entry Assets threatened PAP Transaction Parameters T MAN IN THE MIDDLE An attacker installs on his mobile handset an application or uses a NFC device that is capable of relaying communications from the POS terminal to a mobile handset including a genuine payment application via NFC bearer or OTA bearer The attacker presents his mobile handset or his NFC device to the POS terminal for a payment transaction the request for payment is relayed from the POS terminal through one or more intermediate attackers fake devices NFC devices to the victims mobile handset which may be at a considerable distance Assets threatened PAP Transaction parameters PAP Counters T TRANSACTION REPUDIATION Performing payment transactions without the customer authentication It can lead to the repudiation of those transactions by the customer ST Applicable on February 2012 Page 56 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemalt x Reference ROR2 1486 00 1 CCD ASE Printed copy not controlled verify the O version before using Classification level Public Pages 133 Assets threatened PAP Log File and PAP Transaction Parameters T TRANSACTION_COUNTERFEITING Counterfeiting of payment transactions This may take several forms depending on the type of the data available to the attacker knowledge of all personalisation data to clone a payment application
155. s 4 4 2 MANAGEMENT OSP CERTIFICATES_MNGT The lifetime of the EMV CDA authentication certificates with the payment terminal varies according to the type of the payment application application lifetime and the U SIM card lifetime These certificates are updated via OTA during the term of the contract signed with the customer Updating EMV certificates makes compromised payment applications inoperative OSP Contactless life cycle MNGT Each PAP holds the Contactless Life Cycle State which takes values from ACTIVATED DEACTIVATED NON ACTIVATABLE In a Payez Mobile implementation there shall be at maximum one payment application in ACTIVATED state The Payez Mobile application handles this requirement deactivating the previous payment application when a new one requests is activated When the Payez Mobile application receives a notification from the CRS API that a payment application has just been activated it uses the GP mechanisms as defined in the amendment C GP 5 to deactivate the previous active payment application OSP TOE USAGE The customer never reveals their Personal Code so that an attacker is unable to grant the rights of the legitimate customer to submit unauthorised transactions on his her behalf The customer shall respect the security rules given by the Issuing Bank OSP PISHING The Bank shall forbid remote payments e g internet transactions Mail Order Telephone Order MOTO cash advance quasi cas
156. s Dependencies 6 3 4 Rationale for the Security Assurance Requirements EAL4 allows a developer to attain a reasonably high assurance level without the need for highly specialized processes and practices It corresponds to a white box analysis and it can be considered as a reasonable level that can be applied to an existing product line without undue expense and complexity 6 3 5 ALC DVS 2 Sufficiency of security measures This component was added in order to provide a higher assurance on the security of the PAP development and manufacturing processes especially for the secure handling of the embedded data Those requirements appear as the most adequate ones for a manufacturing process in which several actors exchange and store highly sensitive information confidential code cryptographic keys peronalisation data etc 6 3 6 AVA_VAN 5 Advanced methodical vulnerability analysis This component added to EAL 4 package in order to provide sufficient robustness to counter an attacker with high attack potential without the support of a protecting environment Moreover the PAP is a highly sensitive application Potential attackers for such kind of applications could include experienced hackers or international organizations disposing of advanced means and resources ST Applicable on February 2012 Page 131 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal X Reference ROR2 1486_00
157. s not fulfilled FDP_IFF 1 PAP Online Transaction Simple security attributes FDP_IFF 1 1 PAP Online Transaction The TSF shall enforce the PAP Online Transaction information flow control SFP based on the following types of subject and information security attributes Security Attributes of the subject S PAP Contactless Life Cycle State PAP Action Analysis State Security Attributes of the information PAP Transaction parameters PAP Transaction Processing State Security Attributes of the information Issuing Bank Transaction data Issuing Bank Transaction Data Integrity and Origin ST Applicable on February 2012 Page 92 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemalt x Reference ROR2 1486 00 1 CCD ASE Printed copy not controlled verify the O version before using Classification level Public Pages 133 FDP_IFF 1 2 PAP Online Transaction The TSF shall permit an information flow between a controlled subject and controlled information via a controlled operation if the following rules hold S PAP is the currently selected application Contactless Life Cycle is ACTIVATED PAP Transaction Processing State complies with PM 1 amp PM 2 PAP Action Analysis State requires online processing PAP Action Analysis State does not reject the transaction Issuing Bank Transaction Data Integrity and Origin is VERIFIED FDP_IFF 1 3 PAP Online Tran
158. saction The TSF shall enforce the following rules None FDP_IFF 1 4 PAP Online Transaction The TSF shall explicitly authorise an information flow based on the following rules None FDP_IFF 1 5 PAP Online Transaction The TSF shall explicitly deny an information flow based on the following rules If one of the conditions listed in FDP_IFF 1 2 is not fulfilled FDP IFF 1 Post Issuance Bank Management Simple security attributes FDP IFF 1 1 Post Issuance Bank Management The TSF shall enforce the Post Issuance Bank Management information flow control SFP based on the following types of subject and information security attributes Security Attributes of the subject S PAP Contactless Life Cycle State Security Attributes of the information Issuing Bank Transaction Data Issuing Bank Transaction Data Confidentiality Integrity and Origin FDP IFF 1 2 Post Issuance Bank Management The TSF shall permit an information flow between a controlled subject and controlled information via a controlled operation if the following rules hold S PAP is the currently selected application Contactless Life Cycle is ACTIVATED or DEACTIVATED PAP Action Analysis State does not reject the transaction Issuing Bank Transaction Data Confidentiality Integrity and Origin is VERIFIED FDP IFF 1 3 Post Issuance Bank Management The TSF shall enforce the following rules None FDP IFF 1 4 Post Issuance Bank Management The TSF shall explicitly a
159. sification level Public Pages 133 Table of Tables Table 1 Compatibility Of threats rr nee nnne nnn nnne nnn nn nnn nnne nna 35 Table 2 Compatibility of OSP eeeseeeesseeseeee enne nennen nnne nnn nnn nnne nnns nen rn nnne nna 39 Table 3 Compatibility of ASSUMPTIONS ccc re een n nnn nnne nnn nnn 40 Table 4 Compatibility of TOE security objectives eeeeseeseeeeeee nennen nnne 44 Table 5 Compatibility of security objectives for the environment eeeeeeeneennnn 47 Table 6 Compatibility of security functional requirements seseeeeeeeee nen 51 Table 7 Threats and Security Objectives Coverage sssssssseeeenenenememenenenene 72 Table 8 Security Objectives and Threats Coverage senem 74 Table 9 OSPs and Security Objectives Coverage ssssssssssssseenenenenenemenemenenene 75 Table 10 Security Objectives and OSPs COVEraQ eC i iii i i i i i i i i nln i i ini niin 76 Table 11 Assumptions and Security Objectives for the Operational Environment Coverage 77 Table 12 Security Objectives for the Operational Environment and Assumptions Coverage 77 Table 13 Security Objectives and SFRs Coverage ei i i i i i i i i i i i innit 118 Table 14 SFRs and Security Objectives i i i i ill nln nln nln i i i i i i iii 125 Table 15 SFRs Dependencies siisii aaa iai aaa anra 129 Tabl
160. stJ ssuance Bank Management and FIA_UAU 1 Post lssuance Bank Management that contribute to meet the objective in requiring Issuing Bank to be identified and authenticated FIA AFL 1 Issuing Bank that details which special actions shall be undertaken and refining who is an authorised subject only Issuing Bank has the privilege to block the PAP and its data O SIM UNLOCK This security objective is covered by FIA UAU 1 Payment Transaction and FIA UID 1 Payment Transaction which require a successful identification and authentication of the customer to the U SIM card to perform a payment transaction O AUDIT This security objective is met by the following SFRs FAU GEN 1 which guarantees that auditable events are recorded FAU SAR 1 CUSTOMER and FAU SAR 1 ISSUING BANK which ensure that authorised users have the capability to read log files in a manner suitable for them to interpret the information O CHANNELS This security objective is met by the following SFRs FMT SMF 1 Functionalities which ensure that the communication channels can be selected The Select determines the contact or contactless origin of communication channel ST Applicable on February 2012 Page 112 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemalt x Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the O version before using Classification level Public Pages 133 O AU
161. suance Bank Management Information Flow Control SFPs when importing user data controlled under the SFP from outside of the TOE FDP ITC 2 2 Post lssuance Bank Management The TSF shall use the security attributes associated with the imported user data FDP ITC 2 3 Post Issuance Bank Management The TSF shall ensure that the protocol used provides for the unambiguous association between the security attributes and the user data received FDP ITC 2 4 Post Issuance Bank Management The TSF shall ensure that interpretation of the security attributes of the imported user data is as intended by the source of the user data FDP ITC 2 5 Post Issuance Bank Management The TSF shall enforce the following rules when importing user data controlled under the SFP from outside the TOE the Issuing Bank Transaction Parameters are verified in origin and integrity and confidentiality if required following PM 1 and PM 2 specifications FDP ITC 2 PAP Transaction Import of user data with security attributes FDP ITC 2 1 PAP Transaction The TSF shall enforce the PAP Transaction Access Control and the PAP Online Transaction Information Flow Control SFPs when importing user data controlled under the SFP from outside of the TOE FDP ITC 2 2 PAP Transaction The TSF shall use the security attributes associated with the imported user data FDP ITC 2 3 PAP Transaction The TSF shall ensure that the protocol used provides for the unambiguous asso
162. sure to a third party without prior written consent of Gemalto Release 1 01p gemal t x Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the O version before using ngs 133 Classification level Public Pages 5 39 3 Assumptions A MERCHANT AUTH This assumption is enforced by the security objectives on the environment OE MERCHANT AUTH and OE POS APPLICATIONS which guarantees the authenticity of the merchant and the applications installed on the POS terminal handled by the merchant 5 3 4 SPD and Security Objectives Threats Security Objectives Rationale OE CERTIFICATES MNGT AM T DISCLOSURE KEYS O ISSUING BANK AUTH EtU O DATA DISCLOSURE 3 3 1 O ISSUING BANK AUTH O USER AUTH Section T DISCLOSURE REF PC QISSUING BANK AUI O DATA INTEGRITY Seaton m ee O ISSUING_BANK AUTH O ISSUING BANK AUTH T INTEG KEYS O DATA INTEGRITY O USER AUTH Sect O MNO_AUTH O ISSUING BANK AUTH Eu LINES BUDQOUNT INS O DATA INTEGRITY O USER AUTH Eu O ISSUING BANK AUTH Section LEE O DATA INTEGRITY O USER AUTH O ISSUING BANK AUTH O DATA INTEGRITY O TRANSACTION BYPASS O USER AUTH O ISSUING BANK AUTH O DATA INTEGRITY O TRANSACTION BYPASS O USER AUTH O TRANSACTION INTEGRITY O USER AUTH T TEMPORARY DATA O GUIS_ AUTH O ISSUING BANK AUTH O DATA INTEGRITY T INTEG TRANS PARAM T INTEG COUNT OETOE USAGE O1 TOE USAGE O RISK MNGT RISK MNGT MNGT OE CUSTOMER PC CONFID OE CERTIFI
163. t used FCS COP 1 RSA SIGN gt X lt x FCS COP 1 RSA CIPHER FCS COP 1 HMAC FDP RIP 1 ABORT FDP RIP 1 APDU FDP RIP 1 bArray FDP RIP 1 KEYS FDP RIP 1 TRANSIENT FDP_ROL 1 FIREWALL FAU_ARP 1 FDP_SDI 2 FPR_UNO 1 FPT_FLS 1 JCS FPT_TDC 1 FIA_ATD 1 AID FIA UID 2 AID FIA USB 1 AID FMT MTD 1 JCRE FMT MTD S JCRE FDP ITC 2 Installer FMT_SMR 1 Installer X X X DX DX DX X LK 5X DX DX DX DX X X X DX DX x FPT FLS 1 Installer ST Applicable on February 2012 Page 49 133 No disclosure to a third party without prior written consent of Gemalto gemalto Reference ROR21486_001_CCD_ASE Release 1 01p Printed copy not controlled verify the version before using Classification level Public Pages 133 FPT RCV 3 Installer FDP ACC 2 ADEL FDP ACF 1 ADEL FDP RIP 1 ADEL FMT MSA 1 ADEL FMT_MSA 3 ADEL FMT_SMF 1 ADEL FMT_SMR 1 ADEL FPT_FLS 1 ADEL FDP_ACC 2 JCRMI FDP_ACF 1 JCRMI FDP_IFC 1 JCRMI FDP_IFF 1 JCRMI FMT_MSA 1 EXPORT FMT_MSA 1 REM_REFS X X X DX DX DX X DX LK LK DX 5X DX DX px FMT_MSA 3 JCRMI Not used FMT_REV 1 JCRMI Not used FMT_SMF 1 JCRMI Not used FMT_SMR 1 JCRMI X X lt x Not used FDP RIP 1 ODEL FPT FLS 1 ODEL FCO NRO 2 CM FDP
164. ta FPR UNO 1 which specifies that PIN comparison and Key comparison are unobservable ST Applicable on February 2012 Page 110 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemalt x Reference ROR2 1486 00 1 CCD ASE Printed copy not controlled verify the O version before using Classification level Public Pages 133 O DATA_INTEGRITY This security objective is satisfied by the following SFRs All access and information flow control SFPs FDP_ACC 2 PAP Application FDP_ACF 1 PAP Application FDP_IFC 2 PAP Offline Authentication FDP_IFF 1 PAP Offline Authentication FDP_ACC 2 PAP Activation FDP_ACF 1 PAP Activation FDP_ACF 1 PAP Administration Management FDP_ACF 1 PAP Payment Transaction Management FDP_ACF 1 PAP Offline Authentication FDP_ACF 1 PAP Offline Authentication FDP ACF 1 Post lssuance Bank Management FDP_ACF 1 PAP Transaction FDP_IFC 2 PAP Offline Transaction FDP_IFC 2 PAP Online Transaction FDP_IFC 2 Post Issuance Bank Management FDP_IFF 1 PAP Offline Transaction FDP_IFF 1 PAP Online Transaction FDP_IFF 1 Post Issuance Bank Management FDP_ACC 2 PAP Administration Management FDP_ACC 2 PAP Payment Transaction Management FDP ACC 2 Post lssuance Bank Management FDP_ACC 2 PAP Offline Authentication FDP_ACC 2 PAP Transaction helps in ensuring the integrity of the User data FDP ETC 1 FDP ITC 1 FDP ITC 2 Post Issuance Bank M
165. tees the legitimacy of installed GUIs OE TRANSACTION_DISPLAY contributes in covering this threat by displaying related payment transaction information amount transaction status on the screen of the customers mobile handset before or after the transaction T TRANSACTION_REPUDIATION This threat is countered by O DATA_USERS that prevents the use of the TOE by unauthorised users because they do not have the required rights to perform transactions O USER_AUTH that requires the authentication of the customer before performing any transaction OE TOE_USAGE which ensures that the Issuing Bank provides to the customer the rules to securely use his PAP and especially that he must not provide his Personal Code to anyone Thus if the Personal Code has been entered kept secure and an authenticated communication has been used the transaction cannot be repudiated O AUDIT ensures that the TOE shall record transactions to prevent from repudiation T TRANSACTION_COUNTERFEITING This threat is covered by the following security objectives O DATA_USERS that prevents the use of the TOE by unauthorised users because they do not have the required rights to perform transactions O AUTHORISATION CONTROL which guarantees that the consistency of payment transactions is checked according to Payez Mobile specifications PM 1 amp PM 2 before granting the customer the authorisation to submit payment transactions O RISK MNGT which avoids improper conditions of using
166. that only authorised users can get access to the TOE ST Applicable on February 2012 Page 64 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemalt x Reference ROR2 1486 00 1 CCD ASE Printed copy not controlled verify the O version before using Classification level Public Pages 133 T INTEG_REF_PC This threat is covered by the security objective O DATA_INTEGRITY which prevents from unauthorised modification of Reference Personal Code stored in the TOE The security objectives O USER_AUTH O GUIS_AUTH and O ISSUING_BANK_AUTH contribute in covering this threat by ensuring that only authorised users can get access to the TOE T INTEG_TRANS_PARAM This threat is covered by the security objective O DATA_INTEGRITY which prevents from unauthorised modification of transaction parameters stored in the TOE The security objective O TRANSACTION_BYPASS covers this threat by preventing from bypassing a mandatory step of the transaction flow model as defined by the PM 1 amp PM 2 specifications and though ensuring the integrity of transaction parameters The security objectives O USER_AUTH O GUIS_AUTH and O ISSUING_BANK_AUTH contribute in covering this threat by ensuring that only authorised users can get access to the TOE T INTEG_COUNT This threat is covered by the security objective O DATA_INTEGRITY which prevents from unauthorised modification of PAP counters stored in the TOE
167. the PAP and ensures that only possible parameters values must be valid and correspond to secure configurations O APP BLOCK provides the means to authorised users to block the PAP in order to prevent from counterfeiting O USER AUTH contributes in covering this threat by ensuring that only the customer can submit transactions O AUDIT ensures that the TOE shall record transactions to detect counterfeiting O TRANSACTION BYPASS covers this threat by preventing from bypassing a mandatory step of the transaction flow model as defined by the PM 1 amp PM 2 specifications and though preventing from counterfeiting of payment transactions O DATA DISCLOSURE that guarantees the secrecy of the keys stored in the TOE O ISSUING BANK AUTH that ensures that nobody but the Issuing Bank can operate on PAP cryptographic keys stored in the TOE OE CERTIFICATES MNGT that contributes in covering this threat by avoiding the usage of a counterfeited authentication certificates by providing updates OE MERCHANT CONTROL ensures that the merchant maintains a specific security policy that ensures a secure usage of the POS terminal T TRANSACTION REPLAY This threat is covered by the following security objectives O TRANSACTION REPLAY which ensures that replayed transactions will be detected and rejected by the TOE O TRANSACTION UNIQUENESS which reserves the uniqueness of a transaction this by limiting the probability of generating two identical copies of tra
168. third party without prior written consent of Gemalto Release 1 01p gemalt x Reference ROR2 1486 00 1 CCD ASE Printed copy not controlled verify the O version before using Classification level Public Pages 133 The following platform TOE components are described in details in the the platform ST NFC ST 1 3 3 and 1 3 5 compliant to the U SIM platform Protection Profile PP USIM ST33F1M Integrated Circuit IC or chip NFC2 0 U SIM Bearer Independent Protocol BIP that does not offer any security function for the TOE Java Card System according JCS Protection Profile JCS PP Open configuration GlobalPlatform GP Native proprietary applications 1 7 1 1 Payment Application Package PAP The Payment Application Package is loaded on a Bank TSM cf PM 6 The Mobile Paypass 1 0 CMP application is compliant with the payment scheme specifications e MasterCard PayPass specifications MChip MagStripe It is possible to have several versions of the same CMP application loaded onto the UICC and thus several instance versions In our case the Mobile Paypass 1 0 is loaded on a Bank SSD For more details about the PAP Application please refer to e Section 1 7 2 of this document e Payez Mobile MasterCard Implementation Guide PM 6 ST Applicable on February 2012 Page 23 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal x Reference
169. tion FDP ACF 1 PAP Activation FDP ACF 1 PAP Administration Management FDP ACF 1 PAP Payment Transaction Management FDP ACF 1 PAP Offline Authentication FDP ACF 1 Post Issuance Bank Management FDP ACF 1 PAP Transaction FDP IFC 2 PAP Offline Transaction FDP IFC 2 PAP Online Transaction FDP IFC 2 Post Issuance Bank Management FDP IFF 1 PAP Offline Transaction FDP IFF 1 PAP Online Transaction FDP IFF 1 Post Issuance Bank Management FIA UAU 1 Post Issuance Bank Management FDP ITC 1 FIA UID 1 PAP Online Transaction FIA UID 1 Post Issuance Bank Management FDP ACC 2 PAP Administration Management FDP_ACC 2 PAP Payment Transaction Management FDP ACC 2 Post Issuance Bank Management FDP ACC 2 PAP Transaction FIA AFL 1 Customer FIA AFL 1 Issuing Bank FDP ACC 2 PAP Offline Authentication FDP ITC 2 PAP Transaction FIA UAU 1 Payment Transaction FIA UID 1 Payment Transaction FPT_TDC 1 ST Applicable on February 2012 Page 114 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemalt x Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the O version before using Classification level Public Pages 133 Security Objectives Security Functional Requirements Rationale FPT RPL 1 FIA SOS 2 FIA UAU 4 ssl O TRANSACTION REPLAY FCS CKM 1 Session Keys FCS CKM 4 Session FUIS Keys FDP UIT 1 mn FDP ACOC 2 PAP
170. tions behaviour FMT_MOF 1 1 Parameters The TSF shall restrict the ability to disable enable and modify the behaviour of the functions PAP Selection PAP Activation Deactivation PAP Offline Data Authentication PAP Offline Transaction PAP Online Transaction Personal Code Verification to the Issuing Bank ST Applicable on February 2012 Page 98 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal t x Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the Q version before using 133 Classification level Public Pages FMT MTD 1 Secrets Management of TSF data FMT MTD 1 1 Secrets The TSF shall restrict the ability to modify the PAP TSF data all to the Issuing Bank FMT MSA 1 Issuing Bank Management of security attributes FMT MSA 1 1 Issuing Bank The TSF shall enforce the Post Issuance Bank Management Access Control SFP and Post Issuance Bank Management Information Control SFP to restrict the ability to modify the security attributes all the PAP security attributes to the Issuing Bank FMT_MSA 2 Secure security attributes FMT MSA 2 1 The TSF shall ensure that only secure values are accepted for security attributes defined in PAP Transaction Access Control SFP and PAP Offline Transaction PAP Online Transaction Information Control SFP FMT_MSA 3 Static attribute initialisation FMT M
171. ttacker modifies the log of transactions in order to hide malicious operations Asset threatened PAP Log File T INTEG KEYS Unauthorised modification of stored keys an attacker modifies the value of the keys in order to input a known key Assets threatened PAP keys T lINTEG ACCOUNT INFO Unauthorised modification of stored customer account information for instance an attacker modifies the value of the PAN Assets threatened Customer Account Information T INTEG REF PC Unauthorised modification of stored Reference Personal Code an attacker modifies the value of the Reference Personal Code stored in the PAP for instance in order to enter a known one Assets threatened Reference Personal Code ST Applicable on February 2012 Page 55 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal X Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the Q version before using 133 Classification level Public Pages T INTEG TRANS PARAM Unauthorised modification of stored transactions parameters an attacker modifies the value of transaction parameters which define the configuration of the PAP in order to bypass controls or a limitation enforced by the bank s risk management and let the PAP accepting counterfeited or replayed transactions Assets threatened PAP Transaction Parameters PAP State Machine T INTEG COUNT Unauthorised
172. ty without prior written consent of Gemalto gemalto Reference Release 1 01p Printed copy not controlled verify the version before using ROR21486_001_CCD_ASE Classification level Public Pages 133 Security Functional Requirements FDP ACF 1 PAP Administration Management FDP ACF 1 PAP Payment Transaction Management FDP ACF 1 Post Issuance Bank Management FDP ACF 1 PAP Offline Authentication FDP ACF 1 PAP Transaction FDP IFC 2 PAP Offline Authentication FDP IFC 2 PAP Offline Transaction FDP IFC 2 PAP Online Transaction FDP IFC 2 Post Issuance Bank Management Applicable on February 2012 Security Objectives O TRANSACTION UNIQUENESS O TRANSACTION INTEGRITY O TRANSACTION BYPASS O USER AUTH O ISSUING BANK AUTH O AUTHORISATION CONTROL O DATA DISCLOSURE O DATA INTEGRITY O APP BLOCK O TRANSACTION UNIQUENESS O TRANSACTION INTEGRITY O TRANSACTION BYPASS O USER AUTH O ISSUING BANK AUTH O AUTHORISATION CONTROL O DATA DISCLOSURE O DATA INTEGRITY O TRANSACTION UNIQUENESS O TRANSACTION INTEGRITY O TRANSACTION BYPASS O ISSUING BANK AUTH O DATA DISCLOSURE O DATA INTEGRITY O RISK MNGT O TRANSACTION UNIQUENESS O TRANSACTION INTEGRITY O TRANSACTION BYPASS O DATA DISCLOSURE O DATA INTEGRITY O TRANSACTION UNIQUENESS O TRANSACTION INTEGRITY O TRANSACTION BYPASS O AUTHORISATION CONTROL O DATA DISCLOSURE O DATA INTEGRITY O RIS
173. ure script Counters State is NOT BLOCKED FDP ACF 1 3 PAP Administration Management The TSF shall explicitly authorise access of subjects to objects based on the following additional rules none FDP ACF 1 4 PAP Administration Management The TSF shall explicitly deny access of subjects to objects based on the following additional rules following rule If one of the conditions listed in FDP ACF 1 2 is not fulfilled ST Applicable on February 2012 Page 85 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal t x Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the O version before using 133 Classification level Public Pages FDP_ACF 1 PAP Payment Transaction Management Security attribute based access control FDP_ACF 1 1 PAP Payment Transaction Management The TSF shall enforce the PAP Payment Transaction Management Access Control SFP to objects based on the following Security attributes of the object Personal Code PAP Reference Personal Code Siate PAP Reference Personal Code Integrity PAP Personal Code Siate PAP Personal Code Entry Amount Systematic Personal Code State Security attributes of the object PAP Log File Log File Update Status FDP ACF 1 2 PAP Payment Transaction Management The TSF shall enforce the following rules to determine if an operation among controlled subjects and controlled objects is allowed P
174. ure that only the currently selected application may have a write access to the APDU buffer and the global byte array used for the invocation of the install method of the selected applet No contradiction O NATIVE The only means that the Java Card VM shall provide for an application to execute native code is the invocation of a method of the Java Card API or any additional API No contradiction O OPERATE The TOE must ensure continued correct operation of its security functions No contradiction O REALLOCATION The TOE shall ensure that the re allocation of a memory block for the runtime areas of the Java Card VM does not disclose any information that was previously stored in that block No contradiction O RESSOURCES The TOE shall control the availability of resources for the applications No contradiction O ALARM The TOE shall provide appropriate feedback information upon detection of a potential security violation No contradiction O CIPHER The TOE shall provide a means to cipher sensitive data for applications in a secure way In particular the TOE must support cryptographic algorithms consistent with cryptographic usage policies and standards No contradiction O KEY MNGT No contradiction ST Applicable on February 2012 No disclosure to a third party without prior written consent of Gemalto Page 42 133 Release 1 01p Printed copy n
175. urity Functional Requirements Security Objectives Fos DATA_INTEGRITY O RISK MNGT O TRANSACTION INTEGRITY O TRANSACTION BYPASS O ISSUING BANK AUTH O DATA DISCLOSURE O DATA INTEGRITY FTP ITC 1 O DATA INTEGRITY FPR UNO 1 O DATA DISCLOSURE Table 14 SFRs and Security Objectives FPT TDC 1 ST Applicable on February 2012 Page 125 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal t x Reference ROR2 1486_00 1_CCD_ASE Printed copy not controlled verify the O version before using ngs 133 Classification level Public Pages 6 3 3 Dependencies 6 3 3 1 SFRs Dependencies exe e Requirements Dependencies Satisfied Dependencies FDP ACC 2 PAP Application FDP_ACF 1 FDP ACF 1 PAP Application FDP ACOC 2 PAP Activation FDP_ACF 1 FDP ACF 1 PAP Activation FDP ACC 2 PAP FDP ACF 1 FDP ACF 1 PAP Administration Administration Management Management FDP_ACC 2 PAP Payment FDP_ACF 1 FDP ACF 1 PAP Payment Transaction Transaction Management Management FDP ACC 2 Post Issuance FDP ACF 1 FDP ACF 1 Post Issuance Bank Bank Management Management d UK FDP ACF 1 FDP ACF 1 PAP Offline Authentication FDP ACOC 2 PAP Transaction FDP_ACF 1 FDP ACF 1 PAP Transaction FDP_ACC 1 and FDP AGGU c FAP Application FDP ACF 1 PAP Application FMT_MSA FDP ACOC 2 PAP Application FMT MSA 3 FDP_ACC 1 and FDP ACF
176. uthentication attempts occur related to the Personal Code Verification FIA_AFL 1 2 Customer When the defined number of unsuccessful authentication attempts has been surpassed the TSF shall return an error as specified in PM 1 and PM 2 block the PAP Reference Personal Code until the Issuing Bank unblocks it Application Note e The Personal Code Try Counter Limit is created during personalization FIA_AFL 1 Issuing Bank Authentication failure handling FIA_AFL 1 1 Issuing Bank The TSF shall detect when an administrator configurable positive integer within range of acceptable values unsuccessful authentication attempts occur related to Issuing Bank Authentication FIA_AFL 1 2 Issuing Bank When the defined number of unsuccessful authentication attempts has been surpassed the TSF shall return an error as specified in GP 4 Application Note The range of values is 1 FFFFh FIA_ATD 1 User attribute definition FIA_ATD 1 1 The TSF shall maintain the following list of security attributes belonging to individual users Personal Code Verification Security Attributes PAP Transaction Parameters Issuing Bank Authentication Security Attributes PAP Transaction Parameters FIA UAU 1 PAP Online Transaction Timing of authentication FIA UAU 1 1 PAP Online Transaction The TSF shall allow PAP Action analysis establishment of a trusted path dedicated to the current payment transaction on behalf
177. uthorise an information flow based on the following rules None FDP IFF 1 5 Post Issuance Bank Management The TSF shall explicitly deny an information flow based on the following rules If one of the conditions listed in FDP IFF 1 2 is not fulfilled ST Applicable on February 2012 Page 93 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal x Reference ROR2 1486 00 1 CCD ASE Printed copy not controlled verify the O version before using Public Pages 133 Classification level 6 1 4 SECURITY AUDIT FAU_ARP 1 Security alarms FAU_ARP 1 1 The TSF shall take one of the following actions locking the PAP blocking or terminating the U SIM card session muting the U SIM card reinitializing secret data bringing the U SIM card to a secure state temporary disabling the services of the PAP until a privileged role performs a special action definitely disabling all the services of the PAP upon detection of a potential security violation FAU_SAA 1 Potential violation analysis FAU_SAA 1 1 The TSF shall be able to apply a set of rules in monitoring the audited events and based upon these rules indicate a potential violation of the enforcement of the SFRs FAU SAA 1 2 The TSF shall enforce the following rules for monitoring audited events a Accumulation or combination of the following auditable events unauthorised use of the PAP serv
178. ws the authentication of the customer to the PAP This includes related parameters for entry checking POS currency Personal Code Entry Limit Protection integrity and confidentiality PAP Counters This asset covers two types of counters risk analysis counters which is data used to count sensitive operations for instance the number of transactions processed by the PAP ATC secure counters such as the number of failed attempts to present the Personal Code Personal Code Try Counter Protection integrity PAP State Machine The PAP State Machine stores information about the PAP application internal states during its usage phase Protection integrity 4 1 2 2 TEMPORARY TRANSACTION DATA PAP Transaction Data All data used by the PAP when performing payment transactions including Card Challenge Dynamic Authentication related data Session Keys Card Verification Results Cryptograms AAC TC and ARQO Protection integrity ST Applicable on February 2012 Page 53 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemal x Reference ROR2 1486 00 1 CCD ASE Printed copy not controlled verify the O version before using 133 Classification level Public Pages 4 2 Users Subjects 4 2 1 USERS Users are entities human or IT outside the TOE that interact with the TOE U CUSTOMER The customer interacts with the TOE in its usage phase The custom
179. y the Q version before using Classification level Public Pages 133 Security Objectives Security Functional Requirements Rationale O AUDIT ACCESS FAU_SAR 1 CUSTOMER 2 handled by the U SIM platform O APPLI AUTH oils ALTH and O COMM AUTH Table 13 Security Objectives and SFRs Coverage ST Applicable on February 2012 Page 118 133 No disclosure to a third party without prior written consent of Gemalto gemalto Reference Release 1 01p Printed copy not controlled verify the version before using ROR21486_001_CCD_ASE Classification level Public Pages 133 ST Security Functional Requirements FDP ACOC 2 PAP Application FDP ACOC 2 PAP Activation FDP ACOC 2 PAP Administration Management FDP ACOC 2 PAP Payment Transaction Management FDP ACOC 2 Post Issuance Bank Management FDP ACOC 2 PAP Offline Authentication FDP ACC 2 PAP Transaction FDP ACF 1 PAP Application FDP ACF 1 PAP Activation Applicable on February 2012 Security Objectives O TRANSACTION UNIQUENESS O TRANSACTION INTEGRITY O TRANSACTION BYPASS O USER AUTH O ISSUING BANK AUTH O AUTHORISATION CONTROL O DATA DISCLOSURE O DATA INTEGRITY O TRANSACTION UNIQUENESS O TRANSACTION INTEGRITY O TRANSACTION BYPASS O ISSUING BANK AUTH O AUTHORISATION CONTROL O DATA DISCLOSURE O DATA INTEGRITY O TRANSACTION UNIQUENESS O TRANSACTION INTEGRITY O TRANSACTION BYPASS
180. yment Transaction The TSF shall require each user to be successfully identified before allowing any other TSF mediated actions on behalf of that user ST Applicable on February 2012 Page 102 133 No disclosure to a third party without prior written consent of Gemalto Release 1 01p gemalt x Reference ROR2 1486 00 1 CCD ASE Printed copy not controlled verify the O version before using Classification level Public Pages 133 FIA_USB 1 User subject binding FIA_USB 1 1 The TSF shall associate the following user security attributes with subjects acting on the behalf of that user PAP Transaction Parameters State FIA_USB 1 2 The TSF shall enforce the following rules on the initial association of user security attributes with subjects acting on the behalf of users PAP Transaction Parameters State initially indicates no identification authentication of the user FIA_USB 1 3 The TSF shall enforce the following rules governing changes to the user security attributes associated with subjects acting on the behalf of users none FIA_SOS 2 TSF Generation of secrets FIA_SOS 2 1 The TSF shall provide a mechanism to generate secrets that meet the STANDARD level as specified in platform refer to DCSSI2741 FIA_SOS 2 2 The TSF shall be able to enforce the use of TSF generated secrets for the generation of the 8 bytes challenge used for cryptographic operations Refinement secrets stand for rando
Download Pdf Manuals
Related Search