Certified/Validated Products List

Cloud-based payment system Thincacloud core modules
Thincacloud Payment Server 1.0.0
Thincacloud Payment Client Windows CE Edition
1.0.0
Thinca Payment App for Osaifu-keitai 1.0.0
Thinca Payment App for NFC 1.0.0

TF PAYMENT SERVICE CO.,LTD.
Product Name :
Cloud-based payment system Thincacloud core modules
Version of TOE :
Thincacloud Payment Server 1.0.0
Thincacloud Payment Client Windows CE Edition 1.0.0
Thinca Payment App for Osaifu-keitai 1.0.0
Thinca Payment App for NFC 1.0.0
Product Type :
Cloud-based e-money payment system core module
Certification No. :
C0399
Date :
2013-08-01
Version of Common Criteria:
3.1 Release3
Conformance Claim :
EAL1 Augmented with ASE_SPD.1, ASE_OBJ.2, ASE_REQ.2
PP Identifier :
None

PRODUCT DESCRIPTION

Description of TOE

The TOE is the core modules of the system which enables to provide cloud-based payment processing functions of prepaid electronic money for the FeliCa IC chip. Those functions are used to be built separately for each store. The system is scheduled to be composed of multiple applications built on top of the common platform. TOE scope is a single application for nanaco payment service and the common platform.

 

TOE security functionality

The TOE provides the following security functions.

- FeliCa IC chip identification and authentication function
Ability to verify that the FeliCa IC chip used for the electronic money payment is legitimate.
- Terminal validation
Ability to verify that the terminal to connect to the service is legitimate.
- Payment data protection
Ability to protect against exposing and tampering payment data to be transferred to the FeliCa IC chip.
- Audit function
Ability to record the operating status of the security functions of the server.

 

Security functional requirements

This TOE implements the following security functional requirements.

Security audit Non-repudiation of origin/receipt Cryptographic functionality Access control
Data authentication Export data protection Information flow control Import data protection
Internal transfer data protection Residual information protection Rollback Stored data integrity
Transfer data confidentiality Transfer data integrity Identification and authentication Security management
Privacy Control Security functionality protection Resource utilisation management TOE access control
Trusted path/channels