- Protection Profile Name :
- Basic Resident Registration Card V2 Embedded Software Protection Profile
- Version of PP :
- 1.00
- Technology Type :
- Basic Resident Registration Card, Embedded Software
- Certification No. :
- C0284
- Date :
- 2011-02-28
- Version of Common Criteria:
- 3.1
- Conformance Claim :
- EAL4 Augmented with AVA_VAN.5
- PP Identifier :
- None
- Sponsor :
- Local Authorities Systems Development Center
-
- POC :
- Katsura Yoshikawa
- Division :
- National Center for Basic Residential Registers Network System
- Phone :
- +81-3-5214-8000
- E-mail :
- Evaluation Facility :
- Electronic Commerce Security Technology Laboratory Inc.
Evaluation Center
- Certification/Validation
Report :
(200 KB)(2011-05-18) - Protection Profile :
(149 KB)(2011-05-18)
PRODUCT DESCRIPTION
Description of PP
The PP provides security requirements for the embedded software of the Basic Resident Registration Card (BRR Card) Version 2. BRR Card is an IC card for the Basic Resident Registration Network System (BRR Net).
The TOE is a software embedded in BRR Card. The software consists of the BRR application program (BRR-AP) and the platform software. BRR-AP is the essential application program for BRR Card. The platform software provides operating environment for BRR-AP and additional APs.
PP security functionality
BRR Card provides secure measures to use BRR Net services. Major security features of the TOE are as follows:
| - | Secure communication |
| Protects communication channel between BRR Card and the external device from disclosure and modification. | |
| - | Mutual authentication |
| BRR Card and the external device authenticate each other. | |
| - | Card holder authentication |
| BRR-AP authenticates the card holder. | |
| - | Stored data protection |
| Protects stored data in the TOE from illegal access. |
Security functional requirements
PP requires the following security functional requirements:
| Security audit | Non-repudiation of origin/receipt | Cryptographic functionality | Access control |
| Data authentication | Export data protection | Information flow control | Import data protection |
| Internal transfer data protection | Residual information protection | Rollback | Stored data integrity |
| Transfer data confidentiality | Transfer data integrity | Identification and authentication | Security management |
| Privacy Control | Security functionality protection | Resource utilisation management | TOE access control |
| Trusted path/channels |