Personal Number Cards Protection Profile
1.00

PRODUCT DESCRIPTION

Description of PP

This PP provides security requirements for “Personal Number Cards”, which are the IC cards used for “The Social Security and Tax Number System” in Japan.
The TOE in this PP is an IC card including an IC chip that supports both a contact interface and a contactless interface.
In order to provide services of Personal Number Cards, four basic APs, a platform for APs and data for those programs are installed in the TOE.

PP security functionality

The PP requests a TOE to implement (1) security functions specific to the services of Personal Number Cards, and (2) security functions commonly required for IC cards. The main security features of the TOE are as follows:

• secure communication
  The TOE communicates using its external interfaces (i.e. contact interface or contactless interface) with an external device. For communication data which need protection from eavesdropping and/or tampering, the TOE protects confidentiality and/or integrity of those communication data by applying data encryption/decryption and/or generation/verification of message authentication code (MAC).
• identification and authentication
  In order to provide services specified for operators depending on their privilege, the TOE performs operator authentication for each service, and enforces access controls.
• cryptographic functionality
  The TOE provides the cryptographic processing functionality for services of the platform and the application programs.
• protection against physical attacks
  The TOE also mitigates physical attacks against its hardware part.