Last Updated 2015-10-22
- Protection Profile Name :
- Personal Number Cards Protection Profile
- Version of PP :
- 1.00
- echnology Type :
- Personal Number Cards
- Certification No. :
- C0431
- Date :
- 2014-05-15
- Version of Common Criteria:
- 3.1 release4
- Conformance Claim :
- EAL4 Augmented with ALC_DVS.2, AVA_VAN.5
- PP Identifier :
- None
- Procurement Entity :
- Japan Agency for Local Authority Information Systems
- Sponsor :
- Japan Agency for Local Authority Information Systems
-
- POC :
- Nobuhiro Yamashita
- Division :
- Personal number project Promotion Department
- Phone :
- +81-3-5214-8000
- E-mail :
-
- Evaluation Facility :
- ECSEC Laboratory Inc. Evaluation Center
- Certification/Validation Report :
(215 KB)(2014-11-11)
- CC Certificate Image :
(406 KB)(2014-08-07)
- Protection Profile :
(342 KB)(2014-09-09)
PRODUCT DESCRIPTION
Description of PP
This PP provides security requirements for “Personal Number Cards”, which are the IC cards used for “The Social Security and Tax Number System” in Japan.
The TOE in this PP is an IC card including an IC chip that supports both a contact interface and a contactless interface.
In order to provide services of Personal Number Cards, four basic APs, a platform for APs and data for those programs are installed in the TOE.
PP security functionality
The PP requests a TOE to implement (1) security functions specific to the services of Personal Number Cards, and (2) security functions commonly required for IC cards. The main security features of the TOE are as follows:
- secure communication
The TOE communicates using its external interfaces (i.e. contact interface or contactless interface) with an external device. For communication data which need protection from eavesdropping and/or tampering, the TOE protects confidentiality and/or integrity of those communication data by applying data encryption/decryption and/or generation/verification of message authentication code (MAC). - identification and authentication
In order to provide services specified for operators depending on their privilege, the TOE performs operator authentication for each service, and enforces access controls. - cryptographic functionality
The TOE provides the cryptographic processing functionality for services of the platform and the application programs. - protection against physical attacks
The TOE also mitigates physical attacks against its hardware part.