- Product Name :
- NEC Group Secure Information Exchange Site
- Version of TOE :
- 1.0
- Product Type :
- Secure Information Exchange System
- Certification No. :
- C0156
- Date :
- 2008-04-25
- Version of Common Criteria:
- 3.1
- Conformance Claim :
- EAL1 Augmented with ASE_OBJ.2, ASE_REQ.2, ASE_SPD.1
- PP Identifier :
- None
- Vendor :
- NEC Corporation
-
- POC :
- Junji Ishihara
- Division :
- Corporate IT Division
- Phone :
- +81-3-5418-1641
- E-mail :
- Evaluation Facility :
- Mizuho Information & Research Institute, Inc. Center for Evaluation of Information Security
- Certification/Validation
Report :
(314 KB)(2008-08-07) - Security Target :
(480 KB)(2008-08-07)
PRODUCT DESCRIPTION
Description of TOE
This TOE is the business data exchange system that provides services for preventing the miss-delivery of business data and the information leakage in communications between internal users and customers. The basic operation of the TOE is as follows:
(1) An employee of NEC Group first creates an Area that is an administered
data storage
area, and then creates a folder in that Area.
(2) An internal user or a customer uploads business data to that folder.
(3) The uploaded data is then downloaded by internal users or customers
for their business use.
The TOE provides the following service functions:
-
- Upload
- Download
- Area Maintenance
- User Maintenance
- Set Personal Information
- Administration
As security functions, the TOE protects the business data to be exchanged by the TOE from unauthorized access, miss-delivery and information leakage. It also collects audit logs.
TOE security functions
[Identification and Authentication]
A function to identify and authenticate the users of the
TOE [Access Control]
A function to control access to the business data based
on the user roles of the
TOE
[Auditing]
A function to generate and view the audit trail of the
TOE [Cryptography]
A function to encrypt and decrypt the communication data between the TOE
and a user
Security functional requirements
This TOE implements the following security functional requirements.
| Security audit | Non-repudiation of origin/receipt | Cryptographic functionality | Access control |
| Data authentication | Export data protection | Information flow control | Import data protection |
| Internal transfer data protection | Residual information protection | Rollback | Stored data integrity |
| Transfer data confidentiality | Transfer data integrity | Identification and authentication | Security management |
| Privacy Control | Security functionality protection | Resource utilisation management | TOE access control |
| Trusted path/channels |