MINISTERIO DE LA PRESIDENCIA
CENTRO NACIONAL DE INTELIGENCIA
CENTRO CRIPTOLÓGICO NACIONAL
ORGANISMO DE CERTIFICACIÓN
REF: 2011-8-INF-835 v1
Target: Público
Date: 16.04.2012
Created by: CERT8
Revised by: CALIDAD
Approved by: TECNICO
CERTIFICATION REPORT
File: 2011-08 Kona102 ePassport v1.0.1 (EAC)
Applicant: KEBT KEBTechnologies
References:
[EXT-1242] Certification request of Kona102 ePassport v1.0.1 (EAC)
[EXT-1518] Evaluation Technical Report of Kona102 ePassport v1.0.1 (EAC)
The product documentation referenced in the above documents.
Certification report of the product Kona102 ePassport v1.0.1, as requested in [EXT-
1242] dated 12-01-2012, and evaluated by the laboratory Applus LGAI Technological
Center S.A., as detailed in the Evaluation Technical Report [EXT-1518] received on
06/02/2012.
Página 1 de 14
Avenida del Padre Huidobro s/n
Fax: + 34 91 372 58 08
Email: organismo.certificacion@cni.es
MINISTERIO DE LA PRESIDENCIA
CENTRO NACIONAL DE INTELIGENCIA
CENTRO CRIPTOLÓGICO NACIONAL
ORGANISMO DE CERTIFICACIÓN
TABLE OF CONTENTS
EXECUTIVE SUMMARY............................................................................................ 3
TOE SUMMARY..................................................................................................... 3
SECURITY ASSURANCE REQUIREMENTS ........................................................ 4
SECURITY FUNCTIONAL REQUIREMENTS........................................................ 5
IDENTIFICATION....................................................................................................... 6
SECURITY POLICIES................................................................................................ 6
ASSUMPTIONS AND OPERATIONAL ENVIRONMENT........................................... 7
CLARIFICATIONS ON NON-COVERED THREATS .............................................. 8
OPERATIONAL ENVIRONMENT FUNCTIONALITY ............................................. 9
ARCHITECTURE ..................................................................................................... 10
DOCUMENTS .......................................................................................................... 10
PRODUCT TESTING............................................................................................... 11
EVALUATED CONFIGURATION............................................................................. 12
EVALUATION RESULTS......................................................................................... 12
COMMENTS & RECOMMENDATIONS FROM THE EVALUATION TEAM............. 12
CERTIFIER RECOMMENDATIONS ........................................................................ 13
GLOSSARY ............................................................................................................. 13
BIBLIOGRAPHY ...................................................................................................... 13
SECURITY TARGET................................................................................................ 14
Página 2 de 14
Avenida del Padre Huidobro s/n
Fax: + 34 91 372 58 08
Email: organismo.certificacion@cni.es
MINISTERIO DE LA PRESIDENCIA
CENTRO NACIONAL DE INTELIGENCIA
CENTRO CRIPTOLÓGICO NACIONAL
ORGANISMO DE CERTIFICACIÓN
EXECUTIVE SUMMARY
This document constitutes the Certification Report for the certification file of the
product Kona102 ePassport v1.0.1.
The Target of Evaluation (TOE) is the contactless integrated circuit chip of machine
readable travel documents (MRTD’s chip) programmed according to the Logical
Data Structure (LDS) [5] and providing the Basic Access Control and Extended
Access Control according to the ‘ICAO Doc 9303’ [ICAO] and BSI TR-03110 [TR-03],
respectively.
It provides the security level of EAL4 augmented with ALC_DVS.2 and AVA_VAN.5.
The TOE type of the current security target is "the contactless integrated circuit chip
of machine readable travel documents (MRTD’s chip) programmed according to the
Logical Data Structure (LDS) and providing the Extended Access Control",
compatible with the expected TOE type described in the [PP-EAC].
Developer/manufacturer: Korea Electronic Banking Technology Co., Ltd.
Sponsor: Korea Electronic Banking Technology Co., Ltd.
Certification Body: Centro Criptológico Nacional (CCN) del Centro Nacional de
Inteligencia (CNI).
ITSEF: Applus LGAI Technological Center S.A..
Protection Profile: BSI-CC-PP-0056. Common Criteria Protection Profile Machine
Readable Travel Document with ICAO Application, Extended Access Control,
version 1.10.
Evaluation Level: Common Criteria v3.1 r3 EAL4 + AVA_VAN.5 + ALC_DVS.2.
Evaluation end date: 06/02/2012.
All the assurance components required by the evaluation level EAL4 (augmented
with AVA_VAN.5 and ALC_DVS.2) have been assigned a “PASS” verdict.
Consequently, the laboratory Applus LGAI Technological Center S.A. assigns the
“PASS” VERDICT to the whole evaluation due all the evaluator actions are satisfied
for the EAL4 + AVA_VAN.5 + ALC_DVS.2, as defined by the Common Criteria v3.1
r3 and the CEM v3.1 r3.
Considering the obtained evidences during the instruction of the certification request
of the product Kona102 ePassport v1.0.1, a positive resolution is proposed.
TOE SUMMARY
The Target of Evaluation (TOE) is the contactless integrated circuit chip of machine
readable travel documents (MRTD’s chip) programmed according to the Logical
Data Structure (LDS) and providing the Basic Access Control and Extended Access
Página 3 de 14
Avenida del Padre Huidobro s/n
Fax: + 34 91 372 58 08
Email: organismo.certificacion@cni.es
MINISTERIO DE LA PRESIDENCIA
CENTRO NACIONAL DE INTELIGENCIA
CENTRO CRIPTOLÓGICO NACIONAL
ORGANISMO DE CERTIFICACIÓN
Control according to ‘ICAO Doc 9303’ [ICAO] and BSI TR-03110 [TR-03],
respectively.
The TOE comprises of:
• the circuitry of the MRTD’s chip (the integrated circuit, IC NXP Secure Smart
Card Controllers P5CD081V1A)
• the IC Embedded Software (operating system Kona102 ePassport version
1.0.1),
• the MRTD application and
• the associated guidance documentation.
The TOE is conformant with the Protection Profile, BSI-CC-PP-0056, Common
Criteria Protection Profile Machine Readable Travel Document with ICAO
Application, Extended Access Control, version 1.10 [PP-EAC].
The TOE covered by this Certification Report addresses the protection of the logical
MRTD
(i) in integrity by write-only-once access control and by physical means, and
(ii) in confidentiality by the Extended Access Control Mechanism.
The TOE addresses the Chip Authentication described in [TR-03] as an alternative to
the Active Authentication stated in [ICAO-03].
The confidentiality by Basic Access Control is a mandatory security feature that is
also implemented by the TOE. Nevertheless this is not explicitly covered by this
Certification Report.
SECURITY ASSURANCE REQUIREMENTS
The product was evaluated with all the evidence required to fulfil the evaluation level
EAL4 and the evidences required by the additional components AVA_VAN.5 and
ALC_DVS.2, according to Common Criteria v3.1 r3.
Assurance Class Assurance components
ADV_ARC.1 Security architecture description
ADV_FSP.4 Complete functional specification
ADV_IMP.1 Implementation representation of the TSF
ADV: Development
ADV_TDS.3 Basic modular design
AGD_OPE.1 Operational user guidance
AGD: Guidance documents
AGD_PRE.1 Preparative procedures
ALC_CMC.4 Production support, acceptance procedures and
automation
ALC_CMS.4 Problem tracking CM coverage
ALC_DEL.1 Delivery procedures
ALC_DVS.2 Sufficiency of security measures
ALC_LCD.1 Developer defined life-cycle model
ALC: Life-cycle support
ALC_TAT.1 Well-defined development tools
Página 4 de 14
Avenida del Padre Huidobro s/n
Fax: + 34 91 372 58 08
Email: organismo.certificacion@cni.es
MINISTERIO DE LA PRESIDENCIA
CENTRO NACIONAL DE INTELIGENCIA
CENTRO CRIPTOLÓGICO NACIONAL
ORGANISMO DE CERTIFICACIÓN
Assurance Class Assurance components
ASE_CCL.1 Conformance claims
ASE_ECD.1 Extended components definition
ASE_INT.1 ST introduction
ASE_OBJ.2 Security objectives
ASE_REQ.2 Derived security requirements
ASE_SPD.1 Security problem definition
ASE: Security Target
evaluation
ASE_TSS.1 TOE summary specification
ATE_COV.2 Analysis of coverage
ATE_DPT.1 Testing: basic design
ATE_FUN.1 Functional testing
ATE: Tests
ATE_IND.2 Independent testing - sample
AVA: Vulnerability assessment AVA_VAN.5 Advanced methodical vulnerability analysis
SECURITY FUNCTIONAL REQUIREMENTS
The product security functionality satisfies the following functional requirements,
according to the Common Criteria v3.1 r3:
Class Components
FAU: Security Audit
FAU_SAS.1 Audit storage
FCS_CKM.1/Cryptographic key generation
FCS_CKM.4 Cryptographic key destruction - MRTD
FCS_COP.1/SHA Cryptographic operation – Hash for Key
Derivation
FCS_COP.1/SYM Cryptographic operation – Symmetric
Encryption / Decryption
FCS_COP.1/MAC Cryptographic operation – MAC
FCS_COP.1/SIG_VER Cryptographic operation – Signature
verification by MRTD
FCS: Cryptographic Support
FCS_RND.1 Quality metric for random numbers
FIA_UID.1 Timing of identification
FIA_UAU.1 Timing of authentication
FIA_UAU.4 Single-use authentication mechanisms - Single-
use authentication of the Terminal by the TOE
FIA_UAU.5 Multiple authentication mechanisms
FIA_UAU.6 Re-authenticating – Re-authenticating of
Terminal by the TOE
FIA: Identification and
Authentication
FIA_API.1 Authentication Proof of Identity
FDP_ACC.1 Subset access control
FDP_ACF.1 Basic Security attribute based access control
FDP_UCT.1 Basic data exchange confidentiality
FDP: User Data Protection
FDP_UIT.1 Data exchange integrity
FMT_SMF.1 Specification of Management Functions
FMT_SMR.1 Security roles
FMT_LIM.1 Limited capabilities
FMT_LIM.2 Limited availability
FMT: Security Management
FMT_MTD.1/INI_ENA Management of TSF data – Writing of
Initialization Data and Prepersonalization Data
Página 5 de 14
Avenida del Padre Huidobro s/n
Fax: + 34 91 372 58 08
Email: organismo.certificacion@cni.es
MINISTERIO DE LA PRESIDENCIA
CENTRO NACIONAL DE INTELIGENCIA
CENTRO CRIPTOLÓGICO NACIONAL
ORGANISMO DE CERTIFICACIÓN
Class Components
FMT_MTD.1/INI_DIS Management of TSF data – Disabling
of Read Access to Initialization Data and Pre-personalization
Data
FMT_MTD.1/CVCA_INI Management of TSF data –
Initialization of CVCA Certificate and Current Date
FMT_MTD.1/CVCA_UPD Management of TSF data –
Country Verifying Certification Authority
FMT_MTD.1/DATE Management of TSF data – Current date
FMT_MTD.1/KEY_WRITE Management of TSF data – Key
Write
FMT_MTD.1/CAPK Management of TSF data – Chip
Authentication Private Key
FMT_MTD.1/KEY_READ Management of TSF data – Key
Read
FMT_MTD.3 Secure TSF data
FPT_EMSEC.1 TOE Emanation
FPT_FLS.1 Failure with preservation of secure state
FPT_TST.1 TSF testing
FPT: Protection of the Security
Functions
FPT_PHP.3 Resistance to physical attack
IDENTIFICATION
Product: Kona102 ePassport v1.0.1
Security Target: Kona102 ePassport with EAC Security Target version 1.4.
Protection Profile: BSI-CC-PP-0056. Common Criteria Protection Profile Machine
Readable Travel Document with ICAO Application, Extended Access Control,
version 1.10.
Evaluation Level: Common Criteria v3.1 r3 EAL4 + AVA_VAN.5 + ALC_DVS.2.
SECURITY POLICIES
The use of the product Kona102 ePassport v1.0.1 shall implement a set of security
policies assuring the fulfilment of different standards and security demands.
The detail of these policies is documented in the Security Target. In short, it
establishes the need of implementing organisational policies related to the following
aspects.
Policy 01: P.BAC-PP - Fulfillment of the Basic Access Control
Protection Profile
This security policy is included in the ST and it is described in the [PP-EAC]
Protection Profile (paragraph 77).
Policy 02: P.Sensitive_Data - Privacy of sensitive biometric
reference data
Página 6 de 14
Avenida del Padre Huidobro s/n
Fax: + 34 91 372 58 08
Email: organismo.certificacion@cni.es
MINISTERIO DE LA PRESIDENCIA
CENTRO NACIONAL DE INTELIGENCIA
CENTRO CRIPTOLÓGICO NACIONAL
ORGANISMO DE CERTIFICACIÓN
This security policy is included in the ST and it is described in the [PP-EAC]
Protection Profile (paragraph 78).
Policy 03: P.Manufact - Manufacturing of the MRTD’s chip
This security policy is included in the ST and it is described in the [PP-EAC]
Protection Profile (paragraph 79).
Policy 04: P.Personalization - Personalization of the MRTD by
issuing State or Organization only
This security policy is included in the ST and it is described in the [PP-EAC]
Protection Profile (paragraph 80).
ASSUMPTIONS AND OPERATIONAL ENVIRONMENT
The following assumptions are constraints to the conditions used to assure the
security properties and functionalities compiled by the security target. These
assumptions have been applied during the evaluation in order to determine if the
identified vulnerabilities can be exploited.
In order to assure the secure use of the TOE, it is necessary to start from these
assumptions for its operational environment. If this is not possible and any of them
could not be assumed, it would not be possible to assure the secure operation of the
TOE.
Assumption 01: A.MRTD_Manufact - MRTD manufacturing on step
4 to 6
This assumption is included in the ST and it is described in the [PP-EAC] Protection
Profile (paragraph 60).
Assumption 02: A.MRTD_Delivery - MRTD delivery during steps 4
to 6
This assumption is included in the ST and it is described in the [PP-EAC] Protection
Profile (paragraph 61).
Assumption 03: A.Pers_Agent - Personalization of the MRTD’s chip
This assumption is included in the ST and it is described in the [PP-EAC] Protection
Profile (paragraph 62).
Assumption 04: A.Insp_Sys - Inspection Systems for global
interoperability
This assumption is included in the ST and it is described in the [PP-EAC] Protection
Profile (paragraph 63).
Assumption 05: A.Signature_PKI - PKI for Passive Authentication
This assumption is included in the ST and it is described in the [PP-EAC] Protection
Profile (paragraph 64).
Página 7 de 14
Avenida del Padre Huidobro s/n
Fax: + 34 91 372 58 08
Email: organismo.certificacion@cni.es
MINISTERIO DE LA PRESIDENCIA
CENTRO NACIONAL DE INTELIGENCIA
CENTRO CRIPTOLÓGICO NACIONAL
ORGANISMO DE CERTIFICACIÓN
Assumption 06: A.Auth_PKI - PKI for Inspection Systems
This assumption is included in the ST and it is described in the [PP-EAC] Protection
Profile (paragraph 65).
CLARIFICATIONS ON NON-COVERED THREATS
The following threats do not suppose a risk for the product Kona102 ePassport
v1.0.1, although the agents implementing attacks have a High attack potential
according to the assurance level of EAL4 + AVA_VAN.5 + ALC_DVS.2 and always
fulfilling the usage assumptions and the proper security policies satisfaction.
For any other threat not included in this list, the evaluation results of the product
security properties and the associated certificate, do not guarantee any resistance.
The threats covered by the security properties of the TOE are categorized below.
Threat 01: T.Read_Sensitive_Data - Read the sensitive biometric
reference data
This threat is included in the ST and it is described in the [PP-EAC] Protection Profile
(paragraph 68).
Threat 02: T.Forgery - Forgery of data on MRTD’s chip
This threat is included in the ST and it is described in the [PP-EAC] Protection Profile
(paragraph 69).
Threat 03: T.Counterfeit MRTD’s chip
This threat is included in the ST and it is described in the [PP-EAC] Protection Profile
(paragraph 70).
Threat 04: T.Abuse-Func - Abuse of Functionality
This threat is included in the ST and it is described in the [PP-EAC] Protection Profile
(paragraph 72).
Threat 05: T.Information_Leakage - Information Leakage from
MRTD’s chip
This threat is included in the ST and it is described in the [PP-EAC] Protection Profile
(paragraph 73).
Threat 06: T.Phys-Tamper - Physical Tampering
This threat is included in the ST and it is described in the [PP-EAC] Protection Profile
(paragraph 74).
Threat 07: T.Malfunction - Malfunction due to Environmental Stress
This threat is included in the ST and it is described in the [PP-EAC] Protection Profile
(paragraph 75).
Página 8 de 14
Avenida del Padre Huidobro s/n
Fax: + 34 91 372 58 08
Email: organismo.certificacion@cni.es
MINISTERIO DE LA PRESIDENCIA
CENTRO NACIONAL DE INTELIGENCIA
CENTRO CRIPTOLÓGICO NACIONAL
ORGANISMO DE CERTIFICACIÓN
OPERATIONAL ENVIRONMENT FUNCTIONALITY
The product requires the cooperation from its operational environment to fulfil some
of the objectives of the defined security problem.
The security objectives declared for the TOE operational environment are
categorized below.
Environment objective 01: OE.MRTD_Manufact - Protection of the
MRTD Manufacturing
This security objective for the environment is included in the ST and it is described in the
[PP-EAC] Protection Profile (paragraph 98).
Environment objective 02: MRTD_ Delivery - Protection of the
MRTD delivery
This security objective for the environment is included in the ST and it is described in the
[PP-EAC] Protection Profile (paragraph 99).
Environment objective 03: OE.Personalization - Personalization of
logical MRTD
This security objective for the environment is included in the ST and it is described in the
[PP-EAC] Protection Profile (paragraph 100).
Environment objective 04: OE.Pass_Auth_Sign - Authentication of
logical MRTD by Signature
This security objective for the environment is included in the ST and it is described in the
[PP-EAC] Protection Profile (paragraph 101).
Environment objective 05: OE.Auth_Key_MRTD - MRTD
Authentication Key
This security objective for the environment is included in the ST and it is described in the
[PP-EAC] Protection Profile (paragraph 102).
Environment objective 06: OE.Authoriz_Sens_Data - Authorization
for Use of Sensitive Biometric Reference Data
This security objective for the environment is included in the ST and it is described in the
[PP-EAC] Protection Profile (paragraph 103).
Environment objective 07: OE.BAC_PP - Fulfillment of the Basic
Access Control Protection Profile
This security objective for the environment is included in the ST and it is described in the
[PP-EAC] Protection Profile (paragraph 104).
Environment objective 08: OE.Exam_MRTD - Examination of the
MRTD passport book
This security objective for the environment is included in the ST and it is described in the
[PP-EAC] Protection Profile (paragraph 106).
Página 9 de 14
Avenida del Padre Huidobro s/n
Fax: + 34 91 372 58 08
Email: organismo.certificacion@cni.es
MINISTERIO DE LA PRESIDENCIA
CENTRO NACIONAL DE INTELIGENCIA
CENTRO CRIPTOLÓGICO NACIONAL
ORGANISMO DE CERTIFICACIÓN
Environment objective 09: OE.Passive_Auth_Verif - Verification by
Passive Authentication
This security objective for the environment is included in the ST and it is described in the
[PP-EAC] Protection Profile (paragraph 107).
Environment objective 10: OE.Prot_Logical_MRTD - Protection of
data from the logical MRTD
This security objective for the environment is included in the ST and it is described in the
[PP-EAC] Protection Profile (paragraph 108).
Environment objective 11: OE.Ext_Insp_Systems - Authorization of
Extended Inspection Systems
This security objective for the environment is included in the ST and it is described in the
[PP-EAC] Protection Profile (paragraph 110).
The details of the product operational environment (assumptions, threats and
organisational security policies) and the TOE security requirements are included in
the associated security target.
ARCHITECTURE
The TOE is a composition of IC hardware and embedded software that controls the
IC.
The TOE is defined to comprise the chip and the complete operating system and
application. Note, the inlay holding the chip as well as the antenna and the booklet
(holding the printed MRZ) are needed to represent a complete MRTD, nevertheless
these parts are not inevitable for the secure operation of the TOE.
DOCUMENTS
The product includes the following documents that shall be distributed and made
available together to the users of the evaluated version.
Página 10 de 14
Avenida del Padre Huidobro s/n
Fax: + 34 91 372 58 08
Email: organismo.certificacion@cni.es
MINISTERIO DE LA PRESIDENCIA
CENTRO NACIONAL DE INTELIGENCIA
CENTRO CRIPTOLÓGICO NACIONAL
ORGANISMO DE CERTIFICACIÓN
1. “(SP-02-02) Kona102 ePassport with EAC Security Target v1.4”, January
2012, KEBT.
2. “(SP-02-05) Kona102 ePassport Proprietary Command Manual v1.2”. July
2011. KEBT.
3. “(SP-02-06) Kona102 ePassport Technical Manual v1.2”. September 2011.
KEBT.
4. “(SP-02-11) Kona102 ePassport Delivery Procedure v1.1”. July 2011. KEBT.
5. “(SP-02-18) Kona102 ePassport Life-Cycle Definition v1.0”. January 2011.
KEBT.
PRODUCT TESTING
The developer has executed test for all the security functions. All the tests have been
performed by the developer in its premises, with a satisfactory result.
During the evaluation process it has been verified each unit test checking that the
security functionality that covers is been identified and also that the kind of test is
appropriate to the function that is intended to test.
All the tests have been developed using the testing scenario appropriate to the
established architecture in the security target. It has also been checked that the
obtained results during the tests fit or correspond to the previously estimated results.
To verify the results of the developer tests, the evaluation team has applied a
sampling strategy on the developer functional tests in the testing platform
implemented in the evaluation laboratory. The evaluation team has concluded the
obtained information during the repeated tests was enough to reproduce tests
devised by the developer, identify the functionality tested, confirm the expected
results and gain confidence on developer’s tests as the information was complete
and coherent.
Moreover, additional tests where proposed independently of the developer. These
tests covered the ePassport EAC functionalities and tested the underlying RNG.
It has been checked that the obtained results conform to the expected results and in
the cases where a deviation in respect to the expected results was present, the
evaluator has confirmed that this variation neither represents any security problem
nor a decrease in the functional capacity of the product.
PENETRATION TESTING
Based on the list of potential vulnerabilities applicable to the TOE in its operational
environment, the evaluation team has devised attack scenarios for penetration tests.
Within these activities all aspects of the security architecture which were not covered
by functional testing have been considered.
The implementation of the requirements of the provided platform's ETR for
Composition and guidance, as well as of the security mechanisms of the applet in
Página 11 de 14
Avenida del Padre Huidobro s/n
Fax: + 34 91 372 58 08
Email: organismo.certificacion@cni.es
MINISTERIO DE LA PRESIDENCIA
CENTRO NACIONAL DE INTELIGENCIA
CENTRO CRIPTOLÓGICO NACIONAL
ORGANISMO DE CERTIFICACIÓN
general have been verified by the evaluation team. An appropriate test set was
devised to cover these potential vulnerabilities.
The overall test result is that no deviations were found between the expected and the
actual test results. No attack scenario with the attack potential High has been
successful in the TOE’s operational environment as defined in the security target
when all measures required by the developer are applied.
EVALUATED CONFIGURATION
The TOE is defined by its name and version number Kona102 ePassport v1.0.1.
The composite TOE includes:
•
• the circuitry of the MRTD’s chip (the integrated circuit, IC NXP Secure
Smart Card Controllers P5CD081V1A),
•
• the IC Embedded Software (operating system Kona102 ePassport
version 1.0.1),
•
• the MRTD application and
•
• the associated guidance documentation.
EVALUATION RESULTS
The product Kona102 ePassport v1.0.1 has been evaluated against the Security
Target Kona102 ePassport with EAC Security Target version 1.4.
All the assurance components required by the evaluation level EAL4 + AVA_VAN.5
+ ALC_DVS.2 have been assigned a “PASS” verdict. Consequently, the laboratory
Applus LGAI Technological Center S.A. assigns the “PASS” VERDICT to the whole
evaluation due all the evaluator actions are satisfied for the evaluation level EAL4 +
AVA_VAN.5 + ALC_DVS.2, as defined by the Common Criteria v3.1 r3 and the
CEM v3.1 r3.
COMMENTS & RECOMMENDATIONS FROM THE
EVALUATION TEAM
Next, recommendations regarding the secure usage of the TOE are provided. These
have been collected along the evaluation process and are detailed to be considered
when using the product.
• The developer follows all the underlying platform security recommendations
and contributes with additional countermeasures to enforce the security of the
whole product. Therefore the Kona102 ePassport, Version 1 Revision 0
Página 12 de 14
Avenida del Padre Huidobro s/n
Fax: + 34 91 372 58 08
Email: organismo.certificacion@cni.es
MINISTERIO DE LA PRESIDENCIA
CENTRO NACIONAL DE INTELIGENCIA
CENTRO CRIPTOLÓGICO NACIONAL
ORGANISMO DE CERTIFICACIÓN
update 1 fulfils the requirements of CC version 3.1 with an evaluation
assurance level EAL4 + ALC_DVS.2 + AVA_VAN.5.
CERTIFIER RECOMMENDATIONS
Considering the obtained evidences during the instruction of the certification request
of the product Kona102 ePassport v1.0.1, a positive resolution is proposed.
Additionally, the Certification Body wants to clarify that the GET DATA command
cited in this Certification Report, provides information strictly related to the code
masked in the ROM of the TOE. Specific detail on GET DATA command can be
found in “(SP-02-06) Kona102 ePassport Technical Manual v1.2”, which is
distributed along with the TOE.
GLOSSARY
BAC Basic Access Control
CCN Centro Criptológico Nacional
CNI Centro Nacional de Inteligencia
EAC Extended Access Control
EAL Evaluation Assurance Level
ETR Evaluation Technical Report
IC Integrated Circuit
ICAO International Civil Aviation Organization
LDS Logical Data Structure
MRTD Machine Readable Travel Document
MRZ Machine Readable Zone
OC Organismo de Certificación
PP Protection Profile
ROM Read-Only Memory
ST Security Target
TOE Target Of Evaluation
BIBLIOGRAPHY
The following standards and documents have been used for the evaluation of the
product:
Página 13 de 14
Avenida del Padre Huidobro s/n
Fax: + 34 91 372 58 08
Email: organismo.certificacion@cni.es
MINISTERIO DE LA PRESIDENCIA
CENTRO NACIONAL DE INTELIGENCIA
CENTRO CRIPTOLÓGICO NACIONAL
ORGANISMO DE CERTIFICACIÓN
[CC_P1] Common Criteria for Information Technology Security Evaluation Part 1:
Introduction and general model, Version 3.1, R3 Final, July 2009.
[CC_P2] Common Criteria for Information Technology Security Evaluation Part 2:
Security functional components, Version 3.1, R3 Final, July 2009.
[CC_P3] Common Criteria for Information Technology Security Evaluation Part 3:
Security assurance components, Version 3.1, R3 Final, July 2009.
[CEM] Common Methodology for Information Technology Security Evaluation:
Version 3.1, R3 Final, July 2009.
[PP-EAC] Common Criteria Protection Profile Machine Readable Travel Document
with ICAO Application, Extended Access Control, version 1.10. BSI-CC-PP-0056.
Bundesamt für Sicherheit in der Informationstechnik (BSI.
[ICAO-01] ICAO Doc 9303, Machine Readable Travel Documents, part 1 – Machine
Readable Passports, Sixth Edition, 2006, International Civil Aviation Organization.
[ICAO-03] Internal Civil Aviation Organization. Machine Readable Travel Documents,
Part 3, Vol 1 - Specifications for Electronically Enabled MRTDs with Biometric
Identification Capability, version 3, edition 2008, International Civil Aviation
Organization.
[TR-03] Technical Guideline TR-03110. Advanced Security Mechanisms for Machine
Readable Travel Documents – Extended Access Control (EAC), Version 1.11,
Bundesamt für Sicherheit in der Informationstechnik (BSI).
[PRE] ORDEN PRE/2740/2007 Reglamento de evaluación y certificación de
seguridad de las tecnologías de la información. 19/09/2007.
[CCDB-2008-04-001] Application of Attack Potential to Smartcards Version 2.7
February 2009.
[CCDB-2007-09-001] Composite product evaluation for Smart Cards and similar
Devices Version 1.0 Revision 1. September 2007
[AM] Attack Methods for Smartcards and Similar Devices Version 1.5. February 2009
[C5401456] AVA_VAN.5 evaluation methodology M0. 2009-03-10
[ARC] ADV_ARC guidance Security Architecture requirements (ADV_ARC) Version
1.0 draft 1. June 2008
SECURITY TARGET
Along with this certification report, the complete security target of the evaluation is
available in the Certification Body:
• “(SP-02-02) Kona102 ePassport with EAC Security Target v1.4”, January
2012, KEBT.
Página 14 de 14
Avenida del Padre Huidobro s/n
Fax: + 34 91 372 58 08
Email: organismo.certificacion@cni.es