- Product Name :
- Cloud-based payment system Thincacloud core modules
- Version of TOE :
- Thincacloud Payment Server 1.0.0
Thincacloud Payment Client Windows CE Edition 1.0.0
Thinca Payment App for Osaifu-keitai 1.0.0
Thinca Payment App for NFC 1.0.0
- Product Type :
- Cloud-based e-money payment system core module
- Certification No. :
- Date :
- Version of Common Criteria:
- 3.1 Release3
- Conformance Claim :
- EAL1 Augmented with ASE_SPD.1, ASE_OBJ.2, ASE_REQ.2
- PP Identifier :
- Vendor :
- TF PAYMENT SERVICE CO.,LTD.
- POC :
- Nobuyoshi Minami
- Division :
- Phone :
- E-mail :
- Evaluation Facility :
- ECSEC Laboratory Inc.
Description of TOE
The TOE is the core modules of the system which enables to provide cloud-based payment processing functions of prepaid electronic money for the FeliCa IC chip. Those functions are used to be built separately for each store. The system is scheduled to be composed of multiple applications built on top of the common platform. TOE scope is a single application for nanaco payment service and the common platform.
TOE security functionality
The TOE provides the following security functions.
|-||FeliCa IC chip identification and authentication function
Ability to verify that the FeliCa IC chip used for the electronic money payment is legitimate.
Ability to verify that the terminal to connect to the service is legitimate.
|-||Payment data protection
Ability to protect against exposing and tampering payment data to be transferred to the FeliCa IC chip.
Ability to record the operating status of the security functions of the server.
Security functional requirements
This TOE implements the following security functional requirements.
|Security audit||Non-repudiation of origin/receipt||Cryptographic functionality||Access control|
|Data authentication||Export data protection||Information flow control||Import data protection|
|Internal transfer data protection||Residual information protection||Rollback||Stored data integrity|
|Transfer data confidentiality||Transfer data integrity||Identification and authentication||Security management|
|Privacy Control||Security functionality protection||Resource utilisation management||TOE access control|