- Product Name :
- Version of TOE :
- Product Type :
- Certification No. :
- Date :
- Version of Common Criteria:
- 3.1 release4
- Conformance Claim :
- EAL4 Augmented with ALC_DVS.2, AVA_VAN.5
- PP Identifier :
- Vendor :
- NTT Communications Corporation
- POC :
- Hiromi Watanabe
- Division :
- Solution Services Division
- Phone :
- E-mail :
- Evaluation Facility :
- ECSEC Laboratory Inc. Evaluation Center
Description of TOE
The TOE is the IC card implementing security functions required for the Personal Number Card.
The embodiment of the TOE is the IC card equipped with an IC chip and both contact interface and contactless interface. Within the IC chip, programs and data are embedded for providing services as the Personal Number Card.
The programs include
(1) the software platform providing an operational environment for each application program (denoted “AP” hereafter),
(2) Input Support AP for the personal information printed on the card,
(3) Basic Resident Registration AP,
(4) Public ID authentication AP, and
(5) AP for digitization of the personal information printed on the card.
The four APs (from (2) to (5)) are running on (1) the software platform, and are called “the basic APs”.
TOE security functionality
The TOE controls logical access via external interfaces by the programs inside the TOE (i.e. the software platform and the basic APs), in order to protect its information assets. This is done by identifying and authenticating a user, and permitting the user to access the information/resources within his/her access rights. Also the users and service functions are defined for each programs (i.e. the software platform, and the four APs).
The main security features of the TOE are as follows:
|The TOE communicates using its external interfaces (i.e. contact interface or contactless interface) with an external device. For communication data which need protection from eavesdropping and/or tampering, the TOE protects confidentiality and/or integrity of those communication data by applying data encryption/decryption and/or generation/verification of message authentication code (MAC).|
|-||identification and authentication|
|In order to provide services specified for operators depending on their privilege, the TOE performs operator authentication for each service, and enforces access controls.|
|The TOE provides the cryptographic processing functionality for services of the software platform and the APs.|
|-||protection against physical attacks|
|The TOE also mitigates physical attacks against its hardware part.|