Home

Smartcard reader Leo V2 Security Target Lite

1. and allows only PC SC commands which involved data identification PIN Therefore there is no way to address directly the pinpad or the display The housing is sealed by means of falsification secure security stickers which will be destroyed when someone attempt to open it Stickers can be used only once 2 Lifecycle The firmware is part of the TOE It is integrated in the TOE at the end of the fabrication process by flashing an EEPROM memory and destroying a fuse thus disabling the possibility Q XIRING Communication reproduction et utilisation interdites Copyright and all other rights reserved 5 18 XIRING Security target lite Leo V2 EAL3 XRD 2012 1626 of flashing another firmware Security stickers are put in place at the end of the fabrication process The fabrication process is outsourced to a partner factory manufacturer Security policies defined by XIRING enforcing confidence in firmware integrity management from delivery through flashing operation on the production chain have been transmitted to the manufacturer A specific policy for security sticker management at the factory site was also defined for the manufacturer Hardware development Hardware assembly fabrication Hardware development Firmware insertion flashing Delivery Figure 1 Lifecycle of the TOE Grey blocks are in the scope of the TOE The delivery point is located at the XIRING partner factory where
2. 1 2 TOE reference Target of evaluation Leo V2 id 633 PPD001 003 AXY where X and Y are minor revisions numbers not related to the security features of the TOE Version Issue date Firmware version PK08 12 Issue date where X and Y are minor revisions numbers that are not related to the security features of the TOE 1 3 TOE introduction A smartcard is a piece of plastic with an electronic component embedded in it It has no human interface but only a physical connector ISO 7816 type to link to a smartcard reader and the smartcard reader has normally a serial type connector to link to a Personal Computer or Workstation The PC may be a Microsoft Windows Mac or Linux OS powered The security of the PC is out of scope of the TOE As a Personal Identification Number also known and referred as PIN is required for some smartcard applications this PIN is usually keyed on the PC keyboard and forwarded to the smartcard through PC SC 3 and ISO 7816 EMV commands 4 10 As the security of the PC cannot be guaranteed a malware virus Trojan worm key logger could intercept the PIN record it to replay it or forward it to a remote attacker Such a malware can also use the security mechanisms of the smartcard to block the smartcard application denial of service attack type by providing the smartcard with a modified and false personal data example PIN Q XIRING Communi
3. HARD The hardware This sensitive asset corresponds to the hardware casing of the TOE in the use stage just after firmware download Sensitivity integrity 43 Threats 4 3 1 Threat agents During the use stage a threat agent can be U agressor an aggressor this is a person who has not received a product in an authorised way or otherwise gains illicit access to the TOE The aggressor may gain access to the TOE through the PC or have temporary access to the TOE when not in use and modify it As the TOE is to be used in a private environment the legitimate user is not considered hostile 4 3 2 Attack potential Individuals performing attacks have an Enhanced Basic attack potential They correspond to malicious persons possessing the computing skills of a well informed user having gained access to some restricted information about the TOE Q XIRING Communication reproduction et utilisation interdites Copyright and all other rights reserved 8 18 x XIRING Security target lite Leo V2 EAL3 XRD 2012 1626 4 3 3 The threats to the TOE by an attacker are The assets that have to be protected are identification data B PIN of the user and critical information to be displayed before signing B DIS as well as the firmware B FIRM and hardware B HARD of the smart card reader itself The reader itself has no secret T PIN DISCLOSE An attacker can try to access the pin B PIN and transmit it out of the TOE by gaini
4. smartcard provider A USER KEYPAD It is assumed that the user enters his or her identification data using the keypad of the TOE A USER DIS It is assumed that the user verifies the information displayed on the display before approving it A USER USAGE The TOE is designed for use in private environments or office environments That means that only a limited number of persons have access to the TOE Q XIRING Communication reproduction et utilisation interdites Copyright and all other rights reserved 9 18 x XIRING Security target lite Leo V2 EAL3 XRD 2012 1626 5 Security Objectives The Device is used to get the identification data B PIN from the User and transfer it only to the smartcard The Device has been designed to protect the critical information to be approved B DIS against modification inside the TOE 5 1 Security objectives for the TOE The Leo V2 smart card reader is used to get the identification data B PIN from the user The basic security objectives for the TOE are O REVEAL The TOE does not reveal any identification data An identification data as a personal identification code B PIN is not externalized from the TOE except to the smartcard O HARD EVIDENT The hardware casing cannot be opened easily and this opening should be visible to the user tamper evidence The integrity of the hardware B HARD can be checked by the user O SIGNAL The TOE guarantees that the secure PIN entry mode i
5. 2C XIRING Smartcard reader Leo V2 Security Target Lite Common Criteria EAL3 Document reference XRD 2012 1626 Version 1 0 XIRING Communication reproduction et utilisation interdites Copyright and all other rights reserved x XIRING Security target lite Leo V2 3 XRD 2012 1626 Table of content 1 3 1 1 SI REFERENCE eeu and ah 3 1 2 REFERENCE ccccseccccccccececeesecsccececececeesensecececececeeeeneaececececsesesensaaeceeceseeeeenenaececeeeeeeeetenaaes 3 1 3 INTRODUCTION cccccccccccccceseesecccccecececeesensecececcceeeeeenenaececceeceesesensutececcesceeeetenececeeseeseeeensaes 3 14 JOEOVERVIEN ES 4 1 5 TOE DESCRIPTION ccccccccccccececeetecccecececeseesensececececeeeeeenenaececececsesenenseaececcesesesertnececeeseeteetenaees 4 2 E ah d a E 5 CONFORMANCE CLAIMS 6 4 SECURITY PROBLEM DEFINITION 7 4 1 SUBUECTS wcccccccsccosecccccececos
6. B PIN The identification data B PIN is an external asset which passes through the Device The Device has been designed to protect this external asset in confidentiality this data must be passed uniquely to the smartcard and in integrity a modified identification data can block the smartcard application Sensitivity confidentiality integrity B DIS Q XIRING Communication reproduction et utilisation interdites Copyright and all other rights reserved 7 18 x XIRING Security target lite Leo V2 EAL3 XRD 2012 1626 The critical information to be approved B DIS is an internal message in the firmware for example or external asset The Device has been designed to protect this asset against modification inside the TOE Examples of external assets An external asset may be a piece of data received from the PC in a command displayed on the display of the device and checked by the user before validating the command An external asset may be also a piece of data received from the smartcard displayed on the display of the device and checked by the user before validating the command Sensitivity integrity 4 2 2 Sensitive assets of the TOE The assets of the TOE which can be attacked are B FIRM The Firmware of the TOE B HARD The Hardware of the TOE B FIRM The firmware This sensitive asset corresponds to all TOE programs These programs are held in memory of the TOE Sensitivity integrity B
7. Linux or Mac OS It is used as peripherals in the PC surrounding field The reader is provided with power supply through the USB interface It cannot be used in standalone mode Q XIRING Communication reproduction et utilisation interdites Copyright and all other rights reserved 4 18 x XIRING Security target lite Leo V2 EAL3 XRD 2012 1626 PC applications communicate with the reader through PC SC 3 interfaces The reader is declared and recognized as a PC SC 3 device by its PC host driver All functions at the interfaces are illustrated for PC SC in accordance with 3 DISPLAY o D Q mas Q e 5 40 2 2 Q KEYPAD Details on available host software such as drivers are available in the user manual of the Leo The driver software is not included in this evaluation The TOE ends the USB interface to the host computer Installation software including drivers manual and tools can be downloaded from http www xiring com XIRING support leo by XIRING asp The Leo V2 reader is able to enter identification data PIN and convey it securely to a smart card for instance a secure signature creation device It can be used also to allow authorise access to some applications or to the computer itself if the appropriate software has been installed and the firmware of the TOE adapted The firmware is filtering the commands sent to the reader for secure PIN input
8. PENDENCIEG c cececcccececececeesensccecececeseesentecececeeeceesentnaccececs 16 7 3 SECURITY ASSURANCE REQUIREMENTS ccccccccccececeecsccccececececeensnaccecececeseesentecececeeeceeeentaccecees 16 7 4 SECURITY REQUIREMENTS RATIONALE cccccccccccececeececcccececececeesensececececeseesentecececseeseetentnaccecees 17 8 AGRONYV EET PERITI T 18 9 18 Q XIRING Communication reproduction et utilisation interdites Copyright and all other rights reserved 2 18 X XIRING Security target lite Leo V2 EAL3 XRD 2012 1626 1 STintroduction This security target describes the functional and organisational security requirements and procedures for the TOE a secure pin entry device also known as the Device and its operational environment The target of evaluation is the Leo V2 smart card reader 1 1 ST reference Title of the Security Target Smartcard reader Leo V2 Security Target Common Criteria EAL3 Version 1 0 Issue date 11 07 2012 Document ID XRD 2012 1626 Author Damien COCHET Claude MEGGL Evaluation level EAL3 Protection Profile Secure Smartcard Reader with Human Interface Protection Profile v1 6
9. PIN input TOE access SFR FTA_TAB 1 Default TOE access banners SFR FTA_TAB 1 1 Before establishing a user session the TSF shall display an advisory warning message regarding unauthorised use of the TOE XIRING Communication reproduction et utilisation interdites Copyright and all other rights reserved 13 18 x XIRING Security target lite Leo V2 EAL3 XRD 2012 1626 Note During execution of the function Secure PIN entry a green lock icon must be lit The message ENTRER CODE French translation of Enter PIN is displayed before the entry After transmission of the PIN to the signature component smart card and confirmation by the smart card with the status byte SW1 0x90 the display shows CODE CORRECT French translation of PIN If the entered PIN is not correct the message CODE INCORRECT French translation of Wrong PIN is displayed The green lock icon is not lit anymore A disturbance of the card reader caused intentionally or due to a technical failure is indicated to the user by displaying ERREUR French translation of ERROR Invalid data are rejected An error message is transferred to the host TOE physical protection FPT PHP 1 Passive detection of physical attack FPT PHP 1 1 The TSF shall provide unambiguous detection of physical tampering that might compromise the TSF The casing is sealed by means of falsification secure security stickers which will be destroyed d
10. Security target lite Leo V2 EAL3 XRD 2012 1626 ASE security target evaluation ASE INT 1 ST Introduction ASE OBJ2 Security objectives ASE_REQ 2 Derived security requirements ASE SPD 1 Security problem definition ASE TSS 1 TOE summary specification ATE COV 2 Analysis of coverage ATE Tests ATE DPT 1 Testing basic design ATE FUN 1 Functional testing ATE IND 2 Independent testing sample AVA Vulnerability assessment AVA VAN 3 Focused vulnerability analysis 7 4 Security requirements rationale Security requirements Security objectives O REVEAL O HARD EVIDENT O SIGNAL FDP IFC 1 1 X FDP IFF 1 1 FDP IFF 1 2 FDP IFF 1 4 X X X X FDP IFF 1 5 FTA TAB 1 1 X FDP RIP 2 1 X FDP PHP 1 1 X FDP PHP 1 2 X O REVEAL is covered by FDP IFC 1 1 and FDP IFF 1 1 FDP IFF 1 4 FDP IFF 1 5 as the flow control is managed inside the TOE O REVEAL is covered also by RIP 2 1 as the critical information B PIN is not stored O HARD EVIDENT is covered by FDP PHP 1 1 and FDP_PHP 1 2 which give the user the ability to detect tampering of the TOE XIRING Communication reproduction et utilisation interdites Copyright and all other rights reserved 17 18 x XIRING Security target lite Leo V2 EAL3 XRD 2012 1626 8 Acronyms Common Criteria Integrated Circuit Cards Interface Devices Card terminal Ap
11. ation security attributes Subjects S JIANTERFACE Attribute values USER through the keypad interface PC through the serial interface ICC Smart card through the card reader interface Informations B PIN Identification data Attribute values USER through the keypad interface PC through the serial interface ICC Smart card through the card reader interface and the operations covered by the SFP OP P ENTRY PIN entry FDP IFF 1 2 The TSF shall permit an information flow between a controlled subject and controlled information via a controlled operation if the following rules hold OP P ENTRY receives OB PIN only from S INTERFACE attribute USER and transmits it only to S INTERFACE attribute ICC FDP IFF 1 3 The TSF shall enforce the following rules to determine if an operation among controlled subjects and controlled objects is allowed The PC S PC sends commands on behalf of the application to the reader which causes the TOE to then only cause the display OB DIS to display the secure XIRING Communication reproduction et utilisation interdites Copyright and all other rights reserved 12 18 x XIRING Security target lite Leo V2 EAL3 XRD 2012 1626 PIN entry mode message CODE OP D CONTROL and to pass the entered PIN OB PIN to the smart card S ICC if both following conditions are met 1 The command sent is a CCID PC To RDR Secure 8 command 2 This PC To RDR Secure command r
12. cation reproduction et utilisation interdites Copyright and all other rights reserved 3 8 x XIRING Security target lite Leo V2 EAL3 XRD 2012 1626 As the smartcard may be used to sign some critical information the display a Device may be used to provide the user with a mean to check this information even partially or to approve explicitly the operation before signing it The purpose of the Device is to avoid compromising the PIN or modifying the critical information to be signed by such a malware the PIN is never keyed on the PC keyboard but on the Device keypad and forwarded directly to the smartcard and never transmitted to the PC There is no way for a malware to ask for a PIN to the Device and to receive this PIN There is also no way for a malware to ask for a PIN on the PC keyboard and forward it to the smartcard The Device is supposed to be used in a private environment That is to say that the Device is to be used by an individual or a small group of persons limited to a well defined group persons in a place under control of this individual or group of persons so it can be used at home or at the office The Device is not intended to be used in a public area The Device embeds a smartcard reader 1 4 TOE overview The Leo V2 smart card reader is a secure PIN entry device a universal smart card reader with keypad display and a connecting cable with USB connector The Leo V2 smart card reader cannot be us
13. ed in standalone mode It must be plugged in a Personal Computer USB plug to offer capability for secure PIN entry The Personal Computer can be a PC with a Windows OS Linux or Mac OS The secure PIN entry functionality can be activated from a software application loaded in the PC not provided and out of scope of this TOE and used in conjunction with a secure smartcard not provided and out of scope of this TOE 1 5 TOE description The Leo V2 smart card reader is a universal smart card reader devices which can communicate with ISO 7816 and EMV2004 compliant processor cards through the PC SC 3 application interface The devices work with any smart card transmission protocol compliant with ISO 7816 4 T0 T 1 Leo V2 reader has a keypad with silicone keys to enter a digital PIN The numeric keys 0 to 9 as well as the keys Clear yellow green and Cancel red are present The reader complies with PC SC part 10 3 and CCID secure command specifications 8 Therefore within the frame of a Secure Pin Entry session the device inserts the digits keyed on the keypad as a PIN in the PIN field of the command to the smart card The PIN is formatted according to external parameters transmitted through the accurate CCID PC RDR Secure commands as described in 8 The firmware in the TOE manages the security functions The reader can be connected to all USB equipped host systems like PC computers running Microsoft Windows
14. equests one of the following Secure Entry command Verify PIN Change PIN The PIN OB PIN must be entered by the user S USER at the keypad of the TOE OP P ENTRY The PIN OB PIN may be sent only over the card reader interface to the smart card S ICC for verification of the PIN OP P VERIFY FDP IFF 1 4 The TSF shall explicitly authorise an information flow based on the following rules The TOE must rejects the commands coming from the PC S PC if the command sent is a CCID PC To RDR Xfr Block and if this command carry an identification data PIN It also rejects commands coming from the PC S PC if the command sent is a CCID PC to RDR Secure and this PC to RDR Secure does not involve data identification PIN The reader informs the application running on the PC S PC that the command has been rejected by the appropriate return code FDP IFF 1 5 The TSF shall explicitly deny an information flow based on the following rules B PIN is not transmitted to S INTERFACE attribute PC SFR FDP RIP 2 Full residual information protection SFR FDP RIP 2 1 The TSF shall ensure that any previous information content of a resource is made unavailable upon the deallocation of the resource from all objects A memory rework of the buffer for the transmission of the PIN from the keypad to the smart card is realized immediately after e Sending the PIN to the smartcard e extracting the card e abort by the user e timeout during the
15. goods are passed to a forwarder for delivery 3 Conformance Claims The security target with its functional requirements claims a demonstrable conformance to the Secure Smartcard Reader with Human Interface Protection Profile 12 Therefore this security target is conformant to the Common Criteria Version 3 1 Release 3 dated July 2009 as follow Part 2 of the Common Criteria Version 3 1 Release 3 dated July 2009 Part 3 of the Common Criteria Version 3 1 Release 3 dated July 2009 The claimed assurance level is EAL3 augmented with AVA VAN 3 ADV FSP 4 ADV TDS 3 ADV IMP 1 TAT 1 and ALC FLR 3 Q XIRING Communication reproduction et utilisation interdites Copyright and all other rights reserved 6 18 x XIRING Security target lite Leo V2 EAL3 XRD 2012 1626 4 Security problem definition Private environment Untrusted PC Secure Smartcard Secure physical path Figure 2 The TOE and its environment 4 1 Subjects S PC A personal computer that can communicate with the pinpad via a USB connection S INTERFACE represents a logical or physical communication interface that can be used by any type of users S USER A user of the TOE S ICC A smartcard that can be used with the TOE 42 Assets 4 2 1 Sensitive assets protected by the TOE The assets that have to be protected are identification data B PIN of the user and critical information to be displayed before signing B DIS
16. hts reserved 10 18 x XIRING Security target lite Leo V2 EAL3 XRD 2012 1626 Response The user does not use the TOE anymore replace it with a new one A USER_UNOBSERVED A USER KEYPAD A USER DIS A USER PIN are fulfilled by OE MANUAL A USER USAGE is fulfilled by OE PRIVATE OSP USER is fulfilled by O HARD EVIDENT and OE MANUAL a LL LL 0 a gt e u 9 gt D lt Oo a z o o Q gt ae A gt E 5 g g g g g z o z N o N 77 N a a 2 2 2 2 2 HF HF lt lt lt lt lt O REVEAL X O HARD EVIDENT X X X X O SIGNAL X X X X X OE PRIVATE X OE MANUAL X X X X X X 6 Extended components definition This security target does not contain any extended components XIRING Communication reproduction et utilisation interdites Copyright and all other rights reserved 11 18 x XIRING Security target lite Leo V2 EAL3 XRD 2012 1626 7 Security Requirements 7 1 Security functional requirements FDP IFC 1 Subset information flow control FDP IFC 1 1 The TSF shall enforce the Information Flow Control SFP on Subjects S INTERFACE Informations B PIN Identification data and the operations covered by the SFP OP P ENTRY PIN entry FDP IFF 1 Simple security attributes FDP IFF 1 1 The TSF shall enforce the Information Flow Control SFP based on the following types of subject and inform
17. n Criteria part 3 as follows The augmentation AVA VAN 3 and its dependencies are required for this type of product in regard of potential attackers enhanced basic considering that the usage is in private environment FLR 3 with dependencies are listed red FLR3 is required to provide TOE users with confidence in the product they are using The ADV components shall be refined to cope with the hardware acceptance process The ST writer shall specify the procedures to be applied by the TOE developer to check the integrity of the hardware Assurance class Assurance component ADV ARC 1 Security architecture description ADV Development ADV FSP 4 Complete Functional Specification ADV TDS 3 Basic modular design ADV IMP 1 Implementation representation of the TSF AGD Guidance documents 1 Operational user guidance AGD PRE 1 Preparative Procedures ALC Life cycle support ALC_CMC 3 Authorisation controls ALC_CMS 3 Implementation representation CM coverage ALC_DEL 1 Delivery procedures ALC_DVS 1 Identification of security measures ALC_LCD 1 Developer defined life cycle model ALC_FLR 3 Systematic flaw remediation ALC_TAT 1 Well defined development tools ASE_CCL 1 Conformance claims ASE_ECD 1 Extended components definition XIRING Communication reproduction et utilisation interdites Copyright and all other rights reserved 16 18 x XIRING
18. ng access to the firmware B FIRM or the hardware B HARD of the TOE T PIN MODIFY An attacker can try to modify the pin B PIN in the TOE and block the smartcard application false Pin counter by modifying the firmware B FIRM or inserting a hardware bug in the hardware B HARD T DIS An attacker modifies the information to be displayed and or signed by the Device B DIS before sending it to the Device Or an attacker can try to modify the critical information to be approved B DIS by modifying the firmware B FIRM or inserting a bug in the hardware B HARD 44 Organisational security policies OSP USER A written procedure or manual is given to the user by the smartcard provider or by the company if the TOE is to be used in company premises to inform the user how to use the reader how to store securely his smartcard or smartcards how to use securely his or one of his smartcards with the reader and how to store and use securely his PIN and how to check that the reader has not been tampered 45 Assumptions LEO V2 smart card readers are suitable both for the office and for private use Readers can support additional uses beyond those described in the Security Target The end user is informed about his or her responsibility during the use of the TOE A USER UNOBSERV The user must enter his or her identification data unobserved A USER PIN It is assumed that the user stores his or her identification data using recommendations of the
19. plication Programming Interface Eurocard Mastercard Visa Identifier Personal Computer Personal Computer Smart Card Personal Identification Number Secure Pin Pad Reader Universal Serial Bus 9 Bibliography 1 Decret 2001 272 Decret du 30 03 2001 chapitre 1 Des dispositifs s curis s de cr ation de signature lectronique 2 1999 99 CE European Community Directive on electronic signature 3 PC SC V 2 0 Interoperability Specification for ICCs and Personal Computer Systems Revision 2 02 6 April 2009 http www pcscworkgroup com specifications files pcsc10 v2 02 06 pdf 4 ISO IEC 7816 Integrated circuit s cards with contacts http Awww iso org iso catalogue_detail htm csnumber 29257 8 CCID Chip Smart Card Interface Devices Revision 1 1 April 22rd 2005 http www usb org developers devclass_docs DWG_Smart Card CCID Rev110 pdf 9 Common Common Criteria for Information Technology Security Evaluation Criteria Part 1 3 September 2006 10 EMV 2004 Integrated Circuit Card Terminal Specifications for Payment Systems version 4 1 11 CC 1316 4 Article 1316 4 du Code Civil relatif la signature lectronique 12 SSR Secure Smartcard Reader with Human Interface Protection Profile v1 6 XIRING Communication reproduction et utilisation interdites Copyright and all other rights reserved 18 18
20. s clearly signified to the user 5 2 Security objectives for the environment The security objectives for the environment correspond in a general manner to those under 4 1 specified OE PRIVATE The TOE is to be used in private environments In an office environment the TOE should be managed to prevent access to unauthorized users That means that the smart card reader is linked to a PC which is usable by a limited number of people only OE MANUAL The user is provided with a user manual explaining the rules or refers to the smartcard provider information for storing securely his PIN verifies the data displayed before entering his PIN keys his PIN unobserved on the keypad of the TOE The manual also explains how to check TOE s integrity stop using it if tampered with and how to replace it 5 3 Security objectives rationale T PIN DISCLOSE is countered by O REVEAL Protection Detection O HARD EVIDENT should warn the user that T PIN DISCLOSE is possible Response The user does not use the TOE anymore replace it with a new one T PIN MODIFY is countered by O HARD EVIDENT Protection Detection O HARD_EVIDENT should warn the user that T PIN MODIFY is possible Response The user does not use the TOE anymore replace it with a new one T DIS is countered by O HARD EVIDENT should warn the user that T DIS is possible and O SIGNAL Q XIRING Communication reproduction et utilisation interdites Copyright and all other rig
21. sevvsecoccaccccsseveveccavececesenvevuccacatdedsessdcessocdeccedeavdcedeventecesenscedesvecnceceat deceev 7 42 EE SRM 7 4 2 1 Sensitive assets protected by the TE rene AES NN DA RR tee 4 22 Sensitive assets of the TOE CE 8 3 SIRE ATS 8 i iustitia tuis blat id RUP E NUT Sd M MA M DAE nn 8 43 2 Alta ck potential assesses csi a mM uM a a MEUM EU 8 4 3 3 The threats to TOE by an attacker are i eee aane e pA intense 9 44 ORGANISATIONAL SECURITY POLICIES ccccccccccccccececeeseccccececececeesensecececcesesesentnacceceeseeeeeneaees 9 4 5 ASSUMPTIONS ccccesecccccceccceceesenscccecececessecensccececcceeeesensaaececceeceeeetenseseceeseseeetensaececeeseneeenenanes 9 5 SECURITY 10 5 1 SECURITY OBJECTIVES FOR THE I OE ree Ea Y 10 5 2 SECURITY OBJECTIVES FOR THE ENVIRONMENT 10 5 3 SECURITY OBJECTIVES RATIONALE iioii dinde eia ed ecu n Pm Mee aco and Hd eb ND EUR e du 10 6 EXTENDED COMPONENTS DEFINITION 11 7 SECURITY 12 7 1 SECURITY FUNCTIONAL en tene se enter esent rne sr sternere seen 12 7 2 FUNCTIONAL REQUIREMENT DE
22. uring removal and thus can be used only once FPT PHP 1 2 The TSF shall provide the capability to determine whether physical tampering with the TSF s devices or TSF s elements has occurred The casing is sealed by means of falsification secure security stickers which will be destroyed during removal and thus can be used only once Thus the user can recognize by the condition of the safety seal that no manipulations at the hardware were made If the safety seal has been tampered then the user is at risk that his PIN can be compromised by an electronic bug inserted in the device or a logical bug inserted in the firmware Q XIRING Communication reproduction et utilisation interdites Copyright and all other rights reserved 14 18 XIRING Security target lite Leo V2 EAL3 XRD 2012 1626 Security seals Q XIRING Communication reproduction et utilisation interdites Copyright and all other rights reserved 15 18 x XIRING Security target lite Leo V2 EAL3 XRD 2012 1626 7 2 Functional requirement dependencies Security Dependencies Comments requirement FDP IFC 1 FDP IFF 1 This component is a selected component FDP IFF 1 IFC 1 This components is a selected component FMT MSA 3 V A there are no initial values FTA TAB 1 1 None FDP RIP 2 None FDP PHP 1 None 7 3 Security assurance requirements The requirements for the aimed evaluation assurance level 3 are listed in table 4 Commo

Smartcard reader Leo V2 Security Target Lite

Contents

Download Pdf Manuals

Related Search

Related Contents