FQR: 110 6672 Issue: 1 Date: July 2013 1/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. March 2012 SECURITY TARGET-LITE JUBA ISSUE: 1 FQR: 110 6672 Issue: 1 Date: July 2013 2/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. Issue Date Author Status Purpose July 5/13 S. MESTIRI Version 1 Creation from FQR: 110 6389 Issue1. FQR: 110 6672 Issue: 1 Date: July 2013 3/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. Table of contents 1 PREFACE ............................................................................................................... 8 1.1 OBJECTIVES OF THE DOCUMENT................................................................................... 8 1.2 SCOPE OF THE DOCUMENT ........................................................................................... 8 1.3 RELATED DOCUMENTS ................................................................................................. 8 1.4 ABBREVIATIONS..........................................................................................................12 2 SECURITY TARGET INTRODUCTION .................................................................. 14 2.1 ST & ST- LITE REFERENCES..........................................................................................14 2.1.1 ST REFERENCE ............................................................................................................14 2.1.2 ST-LITEREFERENCE.....................................................................................................14 2.2 TOE REFERENCE..........................................................................................................14 2.3 TOE IDENTIFICATION.......................................................................................................15 2.3.1 APPLICATION IDENTIFICATION ............................................................................................15 2.3.2 PLATFORM IDENTIFICATION ...............................................................................................16 2.3.3 CONFIGURATION IDENTIFICATION OF THE PLATFORM................................................................17 2.3.3.1 MANDATED DAP ......................................................................................................17 2.3.3.2 CARD LOCK .............................................................................................................18 2.3.3.3 AUTHORIZED MANAGMENT LOCK...................................................................................18 2.4 TOE OVERVIEW..............................................................................................................20 2.4.1 TOE TYPE.....................................................................................................................21 2.4.2 Usage and major security features of the TOE ........................................................22 2.4.3 Mode 1: PIN – TAP: ..............................................................................................24 2.4.4 Mode 2: TAP – PIN – TAP:.....................................................................................24 2.4.5 Security features...................................................................................................25 2.4.6 Non-TOE available to the TOE................................................................................25 2.4.6.1 Umbrella Application ..........................................................................................25 2.4.6.2 Payez Mobile Application(CREL Application).........................................................26 2.4.6.3 Proximity Payment System Environment (PPSE) application..................................26 2.4.6.4 Bank TSM..........................................................................................................26 2.4.6.5 UICC Management Platform ...............................................................................26 2.4.6.6 Bank GUI Management Platform.........................................................................26 2.4.6.7 POS terminal .....................................................................................................27 2.4.6.8 POS Application .................................................................................................27 2.4.6.9 Mobile Handset..................................................................................................27 2.4.6.10 Bank GUI ..........................................................................................................27 2.4.6.11 MNO GUI ..........................................................................................................27 2.4.6.12 OTA Platform.....................................................................................................27 2.5 TOE DESCRIPTION ......................................................................................................27 2.5.1 Payment Application Package (PAP) .......................................................................28 2.5.2 Logical scope of the TOE: the logical security features offered by the TOE ...............28 2.5.3 Contactless Availability ..........................................................................................29 2.5.4 Script Processing Module .......................................................................................29 2.5.5 Counters Management ..........................................................................................29 2.5.6 Counter Reset Processing Module...........................................................................29 2.5.7 Transaction Log Module.........................................................................................30 2.5.8 Detect GUI Presence Module .................................................................................30 2.5.9 HCI Events Manager Module..................................................................................30 2.5.10 Over-The-Air (OTA) Capabilities .............................................................................30 2.5.11 Overview of the TOE Life Cycle ..............................................................................31 2.5.12 PAP on-card life cycle ............................................................................................32 FQR: 110 6672 Issue: 1 Date: July 2013 4/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. 2.5.13 Contactless life cycle .............................................................................................32 2.5.14 GP standard life cycle............................................................................................33 3 CONFORMANCE CLAIMS..................................................................................... 35 3.1 CC CONFORMANCE CLAIMS................................................................................................35 4 SECURITY PROBLEM DEFINITION ..................................................................... 36 4.1 ASSETS.........................................................................................................................36 4.1.1 User data .............................................................................................................36 4.1.2 TSF data...............................................................................................................36 4.2 USERS / SUBJECTS...........................................................................................................38 4.2.1 USERS..................................................................................................................38 4.2.2 SUBJECTS.............................................................................................................39 4.3 THREATS.......................................................................................................................39 4.3.1 DISCLOSURE ........................................................................................................39 4.3.2 INTEGRITY...........................................................................................................39 4.3.3 FRAUDULENT PAYMENT ........................................................................................41 4.3.4 DENIAL-OF-SERVICE.............................................................................................42 4.3.5 IDENTITY_USURPATION .......................................................................................42 4.4 ORGANISATIONAL SECURITY POLICIES ..................................................................................42 4.4.1 HANDSET .............................................................................................................42 4.4.2 MANAGEMENT ......................................................................................................43 4.4.3 MERCHANT...........................................................................................................43 4.4.4 BANK ...................................................................................................................44 4.5 ASSUMPTIONS ................................................................................................................44 5 SECURITY OBJECTIVES ...................................................................................... 45 5.1 SECURITY OBJECTIVES FOR THE TOE ...................................................................................45 5.1.1 TRANSACTION PROTECTION.................................................................................45 5.1.2 AUTHENTICATION ................................................................................................45 5.1.3 EXECUTION PROTECTION .....................................................................................45 5.1.4 DATA PROTECTION ..............................................................................................46 5.1.5 RISK MANAGEMENT..............................................................................................46 5.1.6 OBJECTIVES handled by (U)SIM Platform ...............................................................47 5.2 SECURITY OBJECTIVES FOR THE OPERATIONAL ENVIRONMENT.....................................................47 5.2.1 HANDSET .............................................................................................................47 5.2.2 MERCHANT...........................................................................................................48 5.2.3 MANAGEMENT ......................................................................................................49 5.2.4 BANK ...................................................................................................................49 5.3 SECURITY OBJECTIVES RATIONALE.......................................................................................49 5.3.1 Threats ................................................................................................................49 5.3.2 Organisational Security Policies..............................................................................55 5.3.3 Assumptions .........................................................................................................55 5.3.4 SPD and Security Objectives ..................................................................................55 6 SECURITY REQUIREMENTS ................................................................................ 64 6.1 SECURITY FUNCTIONAL REQUIREMENTS ................................................................................64 6.1.1 ACCESS CONTROL POLICY ....................................................................................66 6.1.2 ACCESS CONTROL FUNCTIONS..............................................................................70 6.1.3 INFORMATION FLOW CONTROL POLICY ................................................................78 6.1.4 SECURITY AUDIT..................................................................................................83 6.1.5 CRYPTOGRAPHIC SUPPORT...................................................................................86 6.1.6 PROTECTION........................................................................................................88 6.1.7 MANAGEMENT ......................................................................................................90 6.1.8 IDENTIFICATION / AUTHENTIFICATION ................................................................93 6.1.9 ACCESS and INFORMATION FLOW CONTROL SFP...................................................98 FQR: 110 6672 Issue: 1 Date: July 2013 5/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. 6.1.10 SECURE CHANNEL ..............................................................................................101 6.1.11 UNOBSERVABILITY .............................................................................................101 6.2 SECURITY ASSURANCE REQUIREMENTS................................................................................102 6.3 SECURITY REQUIREMENTS RATIONALE ................................................................................102 6.3.1 Objectives ..........................................................................................................102 6.3.2 Rationale tables of Security Objectives and SFRs...................................................109 6.3.3 Dependencies .....................................................................................................122 6.3.4 Rationale for the Security Assurance Requirements...............................................127 6.3.5 ALC_DVS.2 Sufficiency of security measures.........................................................127 6.3.6 AVA_VAN.5 Advanced methodical vulnerability analysis .........................................127 7 TOE SUMMARY SPECIFICATION....................................................................... 128 7.1 TOE SUMMARY SPECIFICATION.........................................................................................128 7.2 SFRS AND TSS.............................................................................................................131 8 COMPATIBILITY ............................................................................................... 132 FQR: 110 6672 Issue: 1 Date: July 2013 6/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. List of tables Table 1: TOE References .............................................................................................................15 Table 2 - Security Domain Life Cycle Coding ................................................................................17 Table 3 - Card Life Cycle Coding...................................................................................................18 Table 4 - Privileges (byte 1) ..........................................................................................................18 Table 5: Guidance references for the Platform ...............................................................................20 Table 6: Guidance references for the PAP application ....................................................................20 Tableau 7: TOE life cycle..............................................................................................................32 Table 8 Threats and Security Objectives - Coverage .....................................................................58 Table 9 Security Objectives and Threats - Coverage .....................................................................60 Table 10 OSPs and Security Objectives - Coverage ......................................................................61 Table 11 Security Objectives and OSPs - Coverage ......................................................................63 Table 12 Assumptions and Security Objectives for the Operational Environment - Coverage ...........63 Table 13 Security Objectives for the Operational Environment and Assumptions - Coverage............63 Tableau 14: Operation involved in the Access Control and Information Control Policies ....................64 Tableau 15: Security attributes involved in the Access Control and Information Control Policies ........65 Table 16 Security Objectives and SFRs – Coverage....................................................................115 Table 17 SFRs and Security Objectives......................................................................................121 Table 18 SFRs Dependencies....................................................................................................125 Table 19 SARs Dependencies ...................................................................................................127 Table 20 SFRs and TSS - Coverage ..........................................................................................131 Table 21 TSS and SFRs - Coverage ..........................................................................................131 FQR: 110 6672 Issue: 1 Date: July 2013 7/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. List of figures Figure 1: PAP application on OPERA FlyBuy Platinum ...................................................................21 Figure 2: TOE type.......................................................................................................................22 Figure 3: Mode 1: PIN - TAP.........................................................................................................24 Figure 4: Mode 2 - TAP - PIN – TAP..............................................................................................25 Figure 5: PAP Module ..................................................................................................................29 Figure 6: TOE life cycle ................................................................................................................31 Figure 7: Contactless life cycle states............................................................................................33 Figure 8: Conformance and Composition.....................................................................................132 FQR: 110 6672 Issue: 1 Date: July 2013 8/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. 1 PREFACE 1.1 OBJECTIVES OF THE DOCUMENT 1.2 SCOPE OF THE DOCUMENT This document describes the Security Target-Lite for the MasterCard Mobile PayPass MChip4 V1.0 application Version V01.00.04. it a subset the complete evaluated ST. The security target is based on the security requirements for mobile contactless proximity payments [75] [76]. The objectives of the Security Target are: - To describe the Target of Evaluation (TOE), its life cycle and to position it in the smart card life cycle. - To describe the security environment of the TOE including the assets to be protected and the threats to be countered by the TOE and by the operational environment during the platform active phases. - To describe the security objectives of the TOE and its supporting environment in terms of integrity and confidentiality of sensitive information. It includes protection of the TOE (and its documentation) during the platform active phases. - To specify the security requirements which include the TOE functional requirements, the TOE assurance requirements and the security requirements for the environment. - To describe the summary of the TOE specification including a description of the security functions and assurance measures that meet the TOE security requirements. - To present evidence that this ST is a complete and cohesive set of requirements that the TOE provides on an effective set of IT security countermeasures within the security environment, and that the TOE summary specification addresses the requirements. 1.3 RELATED DOCUMENTS [1] "Common Criteria for information Technology Security Evaluation, Part 1: Introduction and general model", July 2009, Version 3.1 revision 3. [2] "Common Criteria for information Technology Security Evaluation, Part 2: Security Functional requirements", July 2009, Version 3.1 revision 3. [3] "Common Criteria for information Technology Security Evaluation, Part 3: Security Assurance requirements", July 2009, Version 3.1 revision 3. [4] “Composite product evaluation for Smart Cards and similar devices”, September 2007, Version 1.0, CCDB-2007-09-001. [5] PP SUN Java Card™ System Protection Profile Open Configuration V2.6, April 19, 2010. FQR: 110 6672 Issue: 1 Date: July 2013 9/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. [6] "Java Card - API" Application Programming Interfaces, Classic Edition, Version 3.01, February 23, 2009, Sun Microsystems. [7] "Java Card – JCRE” Runtime Environment Specification, Classic Edition, Version 3.01, February 23, 2009, Sun Microsystems. [8] "Java Card - Virtual Machine Specifications" Classic Edition, Version 3.01, February 23, 2009, Sun Microsystems. [9] GlobalPlatform Card Specification – Version 2.2.1 – January 2011. [10] GlobalPlatform Card Mapping Guidelines of existing GP v2.1.1 implementations on v2.2.1 – Version 1.0.1 – January 2011. [11] GlobalPlatform Card Confidential Card Content Management – Card Specification v 2.2 – Amendment A – Version 1.0.1 – January 2011. [12] GlobalPlatform Card UICC Configuration – Version 1.0.1 – January 2011. [13] GlobalPlatform Card Contactless Services Card Specification v 2.2 – Amendment C Version 1.0– February 2010. [14] Visa GlobalPlatform 2.1.1 Card Implementation Requirements – Version 2.0 – July 2007. [15] "Identification cards - Integrated Circuit(s) Cards with contacts, Part 6: Inter industry data elements for interchange", ISO / IEC 7816-6 (2004). [16] FIPS PUB 46-3 “Data Encryption Standard”, October 25, 1999, National Institute of Standards and Technology [17] FIPS PUB 81 “DES Modes of Operation”, December, 1980, National Institute of Standards and Technology [18] FIPS PUB 140-2 “Security requirements for cryptographic modules”, May 2001, National Institute of Standards and Technology [19] FIPS PUB 180-3 “Secure Hash Standard”, October 2008 , National Institute of Standards and Technology [20] FIPS PUB 186-3 “Digital Signature Standard (DSS)”, June 2009, National Institute of Standards and Technology [21] FIPS PUB 197, “The Advanced Encryption Standard (AES)”, November 26, 2001, National Institute of Standards and Technology [22] SP800_90 “Recommendation for Random Number Generation Using Deterministic Random Bit Generators (Revised)”, March 2007, National Institute of Standards and Technology [23] ANSI X9.31 “Digital Signatures using Reversible Public Key Cryptography for the Financial Services Industry (rDSA)”, 1998, American National Standards Institute [24] ISO/IEC 9796-1, Public Key Cryptography using RSA for the financial services industry", annex A, section A.4 and A.5, and annex C (1995) [25] ISO/IEC 9797-1, “Information technology — Security techniques — Message Authentication Codes (MACs) — Part 1: Mechanisms using a block cipher”, 1999, International Organization for Standardization [26] PKCS#1 The public Key Cryptography standards, RSA Data Security Inc. 1993 [27] IEEE Std 1363a-2004, “Standard Specification of Public Key Cryptography – Amendment 1: Additional techniques”, 2004, IEEE Computer Society [28] IC Platform Protection Profile, Version 1.0, reference BSI-PP-0035 (15.06.2007). FQR: 110 6672 Issue: 1 Date: July 2013 10/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. [29] ST33F1ME, ST33F768E, SC33F768E, ST33F640E, SC33F640E, ST33F512E, SC33F512E, SC33F384E, all with optional cryptographic library NESLIB 3.0 Security Target - Public Version. SMD_Sx33Fxxx_ST_10_002 Rev 01.00. October 2010 [30] Règles et recommandations concernant le choix et le dimensionnement des mécanismes cryptographiques de niveau de robustesse standard N° 2741/SGDN/DCSSI/SDS/LCR Version 1.10 [31] Security Target-Lite - OPERA FLYBUY PLATINUM – FLY3, FQR 110 6052, version 3, Oberthur Technologies [32] 3GPP TS 21.111 (v6.3.0, Rel-6): USIM and IC card requirements [33] 3GPP TS 22.038 (v6.5.0, Rel-6): USIM Application Toolkit (USAT) - Stage 1 [34] 3GPP TS 23.040 (v6.9.0, Rel-6): Technical realization of the Short Message Service (SMS) [35] 3GPP TS 23.041 (v6.2.0, Rel-6): Technical realization of Cell Broadcast Service (CBS) [36] 3GPP TS 23.048 (v5.9.0, Rel-5): Security Mechanisms for the (U)SIM application toolkit; Stage 2 [37] 3GPP TS 31.048 (v5.1.0, Rel-5): Test of (U)SAT security [38] 3GPP TS 31.101 (v6.5.1, Rel-6): UICC-Terminal interface; Physical and Logical Characteristics [39] 3GPP TS 31.102 (v6.21.0, Rel-6): Characteristics of the USIM Application [40] 3GPP TS 31.103 (v6.11.0, Rel-6): Characteristics of the ISIM Application [41] 3GPP TS 31.111 (v6.14.0, Rel-6): USIM Application Toolkit (USAT) [42] 3GPP TS 31.115 (v6.5.0, Rel-6): Secured packet structure for (U)SIM Toolkit applications [43] 3GPP TS 31.116 (v6.8.0, Rel-6): Remote APDU Structure for (U)SIM Toolkit applications [44] 3GPP TS 31.122 (v6.3.0, Rel-6): USIM conformance test (card side) [45] 3GPP TS 31.130 (v6.5.0, Rel-6): (U)SIM Application Programming Interface; (U)SIM API for Java™ Card [46] 3GPP TR 31.900 (v7.1.0, Rel-7): SIM/USIM Internal and External Inter-working Aspects [47] 3GPP TS 31.919 (v6.1.0, Rel-6): 2G/3G Java Card™ API based applet interworking [48] 3GPP TS 33.102 (v6.5.0, Rel-6): 3G Security; Security architecture [49] 3GPP TS 33.105 (v6.0.0, Rel-6): Cryptographic algorithm requirements [50] 3GPP TS 35.205 (v6.0.0, Rel-6): Specification of the MILENAGE Algorithm Set [51] 3GPP TS 42.017 (v4.0.0, Rel-4): SIM functional characteristics [52] 3GPP TS 42.019 (v5.6.0, Rel-5): SIM API for Java Card™ - Stage 1 - [53] 3GPP TS 43.019 (v5.6.0, Rel-5): Subscriber Identity Module Application Programming Interface; (SIM API) for Java Card™; Stage 2 [54] 3GPP TS 51.011 (v4.15.0, Rel-4): Specification of the Subscriber Identity Module - Mobile Equipment (SIM - ME) interface FQR: 110 6672 Issue: 1 Date: July 2013 11/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. [55] 3GPP TS 51.014 (v4.5.0, Rel-4): Specification of the SIM Application Toolkit for the Subscriber Identity Module - Mobile Equipment (SIM - ME) interface [56] 3GPP TS 51.017 (v4.2.0, Rel-4): Test of SIM-ME interface (card side) [57] ETSI TS 101 220 (v6.7.0, Rel-6): Application Identifiers for telecommunications [58] ETSI TS 102 124 (v6.1.0, Rel-6): Transport Protocol for CAT Applications - Stage 1 [59] ETSI TS 102 127 (v6.13.0, Rel-6): Transport Protocol for CAT applications; Stage 2 [60] ETSI TS 102 151 (v6.0.0, Rel-6): Measurement of Electromagnetic Emission of SIM cards [61] ETSI TS 102 221 (v6.12.0, Rel-6): UICC-Terminal interface; Physical and logical characteristics [62] ETSI TS 102 222 (v6.11.0, Rel-6): Administrative Commands for telecommunications applications [63] ETSI TS 102 223 (v6.13.0, Rel-6): Card Application Toolkit [64] ETSI TS 102 224 (v6.1.0, Rel-6): CAT security – Stage 1 [65] ETSI TS 102 225 (v6.8.0, Rel-6): Secured packet structure for UICC applications [66] ETSI TS 102 226 (v6.18.0, Rel-6): Remote APDU Structure for UICC based Applications [67] ETSI TS 102 240 (v6.2.0, Rel-6): UICC Java Card™ API - Stage 1 [68] ETSI TS 102 241 (v6.12.0, Rel-6): UICC Java Card™ API - Stage 2 [69] ETSI TS 102 613 (v7.9.0, Rel-7): UICC – Contactless Front-end (CLF) Interface – Part 1: Physical and data link layer characteristics [70] ETSI TS 102 622 (v7.9.0, Rel-7): UICC – Contactless Front-end (CLF) Interface – Host Controller Interface (HCI) [71] ETSI TS 102 705 (v9.2.0, Rel-9): UICC Application Programming Interface for Java Card™ for Contactless Applications [72] ETSI TS 131.111, Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); Universal Subscriber Identity Module (USIM) Application Toolkit (USAT) (Release 6) [73] ETSI TS 131.130, Digital cellular telecommunications system (Phase 2+);Universal Mobile Telecommunications System (UMTS); (U)SIM Application Programming Interface (API);(U)SIM API for Java Card (3GPP TS 31.130 version 6.6.0 Release 6) [74] CERTIFICATION OF APPLICATIONS ON “OPEN AND ISOLATING PLATFORM, Paris, the 4th March 2011. Reference : ANSSI-CCNOTE/10EN.01deW3 [75] [AEPM-1] Part I: Product Definition v1.0 – April 2011 [76] [AEPM-2] Part II: Technical Specification v1.0 – April 2011 [77] [AEPM-4] Payez Mobile - MasterCard Implementation Guide R3 0 - v1-1 [78] [AEPM-5] Guidance for Payment Application Package Security Target v2.1 – July 2009 [79] [MC-PayPass] Mobile MasterCard PayPass – Mchip4 v1.0 April 2010 [80] [MC-UPDT#1] Specification Update and Errata to Mobile MasterCard PayPass – M/Chip 4 Technical Specifications, Version 1.0 (and version 0.91) September 2010 FQR: 110 6672 Issue: 1 Date: July 2013 12/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. [81] [MC-UPDT#2] Specification Updates and Errata to Mobile MasterCard PayPass – M/Chip 4 Technical Specifications, Version 1.0 (and version 0.91) [82] [MC-UPDT] Specification Updates and Errata to Mobile MasterCard PayPass – M/Chip 4 Technical Specifications, Version 1.0 (and version 0.91) [83] [MC-UPDT] Specification Updates and Errata to Mobile MasterCard PayPass – M/Chip 4 Technical Specifications, Version 1.0 (and version 0.91) [84] [MC-APPN#1] Mobile MasterCard PayPass – Application note #1 [85] [MC-APPN#2] Mobile MasterCard PayPass – Application note #2 [86] [MC-APPN#3] Mobile MasterCard PayPass – Application note #3 [87] [MC-APPN#4] Mobile MasterCard PayPass – Application note #4 [88] [MC-APPN#5] Mobile MasterCard PayPass – Application note #5 [89] [MC-ENV#1] Mobile MasterCard PayPass Secure Element Identification Requirements March 2009 – Version 0.2 [90] [OT#1] MC_MOBILE_AEPMR3 V1.0. Software Requirement Specifications; 076935 00 SRS [91] (U)SIM Java Card Platform Protection Profile Basic Configuration. ANSSI-CC-PP 2010/04. 1.4 ABBREVIATIONS AAC Application Authentication Cryptogram AFL Application File Locator AES Advanced Encryption Standard AID Applet Identifier APDU Application Protocol Data Unit API Application Programmer Interface APSD Application Provider Security Domain ARPC Authorisation Response Cryptogram (within a transaction) ARQC Authorisation Request Cryptogram (within a transaction) ATC Application Transaction Counter BIOS Basic Input/Output System CAS Common Approval Scheme CASD Controlling Authority Security Domain CC Common Criteria CDOL Card risk management Data Object List CEM Common Evaluation Methodology CVM Card Verification Method CVR Card Verification Results CM Card Manager CPLC Card Production Life Cycle DAP Data Authentication Pattern DDA Dynamic Data Authentication DDOL Dynamic Data Object List DES Cryptographic module "Data Encryption Standard" EAL Evaluation Assurance Level FQR: 110 6672 Issue: 1 Date: July 2013 13/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. EC Elliptic Curves EEPROM Electrically Erasable and Programmable Read Only Memory EMV Europay MasterCard Visa ES Embedded Software ETR_COMP Report for a composite Smart Card Evaluation FAT File Allocation Table GP Global Platform IC Integrated Circuit ISD Issuer Security Domain IT Information Technology JCP Java Card Platform JCR Java Specification Request JCRE Java Card Runtime Environment MMI Man Machine Interface MNO Mobile Network Operator NFC Near Field Communication OS Operating system OSP Organizational Security Policy OTA Over The Air PAN Primary Account Number PAP Payment Application Package PC Personal Code PIN Personal Identification Number POS Point Of Sale PP Protection Profile RNG Random Number Generation ROM Read Only Memory RSA Cryptographic module "Rivest, Shamir, Adleman" SF Security Function SFP Security Function Policy SHA-1 Cryptographic module "Secure hash standard" SIM Subscriber Identity Module ST Security Target TOE Target of Evaluation. TSC TSF Scope of Control TSF TOE Security Functions TSP TOE Security Policy USIM Universal Subscriber Identity Module VASD Validation Authority Security Domain VM Virtual Machine FQR: 110 6672 Issue: 1 Date: July 2013 14/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. 2 Security Target Introduction This document written from the AEPM’s Guidance for Payment Application Package Security Target [78], provides a list of security requirements for a Payment Application Package (PAP) embedded in a Oberthur (U)SIM card as specified in PAP specifications [[75][76][77][79][80][81][82][83]]. This document is the Security Target for the Mobile MasterCard PayPass – M/Chip 4 on NFC FlyBuy Platinum. This Product-specific fulfils the generic security requirements given in Payment Mobile Specifications [[75][76][77][79][80][81][82][83]].The objective is to ensure end users, Mobile Network Operator (MNO) and Issuing Banks trust. 2.1 ST & ST- LITE REFERENCES 2.1.1 ST REFERENCE Title: Security Target JUBA Name: Mobile MasterCard PayPass – M/Chip 4 on NFC FlyBuy Platinum V2 Oberthur Technologies registration: FQR 110 6389 Version: Issue 1 Authors: Oberthur Technologies 2.1.2 ST-LITEREFERENCE Title: Security Target – Lite JUBA Name: Mobile MasterCard PayPass – M/Chip 4 on NFC FlyBuy Platinum V2 Oberthur Technologies registration: FQR 110 6672 Version: Issue 1 Authors: Oberthur Technologies Publication Date for the ST-Lite: July 2013 2.2 TOE REFERENCE TOE Name Mobile MasterCard PayPass – M/Chip 4 On NFC FlyBuy Platinum V2 on ST33F1ME Internal reference MasterCard Mobile PayPass V1 – Version V01.00.04 Code / Hardware Identification 0768910 Card Manager Identification GOP Ref V1.8.v FQR: 110 6672 Issue: 1 Date: July 2013 15/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. Applet Identification 0310051100071000 Label PVCS code for Application MC_MOBILE_AEPMR3_APPLET_V01.00.04 Label PVCS Code for Platform USIM_V31_NFC_V2_EAL4_CCD2_0768910 ST-lite Platform FQR : 110 6052 issue 3 June 2012 Platform Certificate ANSSI-CC-2012/39 IC reference ST33F1ME IC ST lite ST33F1ME, ST33F768E, SC33F768E, ST33F640E, SC33F640E, ST33F512E, SC33F512E, SC33F384E, all with optional cryptographic library NESLIB 3.0 Security Target - Public Version. SMD_Sx33Fxxx_ST_10_002 Rev 01.00. October 2010 IC Certificate ANSSI-CC-2011/07 IC Surveillance ANSSI-CC-2011/07-S01 (April 8, 2013) Table 1: TOE References 2.3 TOE Identification The aim of the paragraphs is to allow the user to identify uniquely the TOE. The TOE is composed of application and a platform (((U)SIM Java card, the OS and the IC). 2.3.1 Application Identification This chapter presents the means to identify the evaluated applet. Its composed of 2 packages, their AIDs are defined as follow: Mobile PayPass A000000077010000021004000x000051 Shared PIN A000000077010000021000000x000018 ‘x’ is a value between 0 and F used to uniquely assign a package to a bank. Once applet is instantiated, a GET DATA may be used to retrieve the Mastercard Application identifier: Command : 00 A4 04 00 07 Input Data : A0 00 00 00 04 10 10 Output Data : 6F 1F 84 07 A0 00 00 00 04 10 10 A5 14 50 0A 4D : 61 73 74 65 72 43 61 72 64 BF 0C 05 9F 4D 02 0B : 0A Status : 90 00 0010 : FQR: 110 6672 Issue: 1 Date: July 2013 16/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. 0011 : 80 CA 9F 7E 00 Command : 80 CA 9F 7E 00 Input Data : none Le : 00 Output Data : 9F 7E 30 03 10 05 11 00 07 10 00 A1 A2 A3 A4 A5 : A6 A7 A8 A9 AA AB AC AD AE AF B0 B1 B2 B3 B4 C1 : C2 C3 C4 C5 C6 C7 C8 C9 CA CB CC CD CE CF D0 D1 : D2 D3 D4 Status : 90 00 Application Life Cycle Data Personalization (Tag 0x9F7E) Requirements Field Personalizable 'Version Number' Optional (1 Byte) currently 03 'Type Approval ID' Optional (7 Bytes) currently 10051100071000 'Application Issuer ID' Mandatory (20 Bytes) 'Application Code ID' Not allowed (20 Bytes) As written in MasterCard documentation, it is up to the implementation to allow personalization of the optional fields. In the OT current implementation optional fields must be personalized. 2.3.2 Platform Identification This chapter presents the means to identify the platform even if the means are already specified in the ST-Lite of the OPERA FlyBuy Platinum. In order to assure the authenticity of the card within the application, the product identification shall be verified by analyzing: - The ATR: 3B 9F 96 80 3F C7 00 80 31 E0 73 FE 21 1B 64 07 68 9A 00 82 90 00 Where 07 68 9A is the SAAAAR code. - The response of the command GET DATA: Command : 80 CA 9F 7F 2D Output Data : 9F 7F 2A 47 50 00 00 82 31 21 02 33 22 00 00 00 : 00 00 00 00 00 00 00 00 00 00 00 00 00 14 34 12 : 80 00 00 00 00 14 34 03 36 00 00 00 00 Status : 90 00 The meaning of the following bytes in the response of the command is:  FAB_ID : 47 50  IC_ID : 00 00  OS_ID : 82 31  OS_Release_Date : 21 02  OS_Release_Level : 33 22 - The response of the command GET DATA “Card Manager Release”: FQR: 110 6672 Issue: 1 Date: July 2013 17/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. Command : 80 CA DF 6C 13 Output Data : DF 6C 10 47 4F 50 20 52 65 66 20 56 31 2E 38 2E 76 2F XX Status : 90 00 The last return byte ‘XX’ depends on the personalization (see table below): b8 b7 b6 b5 b4 b3 b2 b1 Description X Listing API libraries on GET_STATUS Package x Token using TDES 2 Keys cryptographic scheme x Receipt using RSA 1024 PKCS 1 cryptographic scheme 0 SSD with Authorized Management not supported 0 0 0 0 - RFU 2.3.3 Configuration Identification of the Platform 2.3.3.1 Mandated DAP To identify the configuration with or without MANDATED DAP the GET STATUS command (see [12]) should be used to retrieve information on installed Security Domain(s): CLA INS P1 P2 Lc Data Le 80 F2 40 00 or 01 02 4F 00 Xx Where P2 means: • ‘00’: Get first or all occurrence(s) • ‘01’: Get next occurrence(s) Note: in order to process the GET STATUS command, a Secure Channel (SCP02) must be opened first (see [12] for details). Response data field is formatted as follow: Name Length Value Length of Application AID 1 ‘05’-‘10’ Application AID 5-16 ‘xxxxx…’ Life Cycle State 1 ‘xx’ (see Table 2 and Table 3) Privileges (byte 1) 1 ‘xx’ (see Table 4) b8 b7 B6 b5 b4 b3 B2 b1 Meaning 0 0 0 0 0 0 1 1 INSTALLED 0 0 0 0 0 1 1 1 SELECTABLE 0 0 0 0 1 1 1 1 PERSONALIZED 1 0 0 0 - - 1 1 LOCKED Table 2 - Security Domain Life Cycle Coding b8 b7 B6 b5 b4 b3 b2 b1 Meaning 0 0 0 0 0 0 1 1 OP_READY 0 0 0 0 0 1 1 1 INITIALIZED 0 0 0 0 1 1 1 1 SECURED FQR: 110 6672 Issue: 1 Date: July 2013 18/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. 0 1 1 1 1 1 1 1 CARD_LOCKED 1 1 1 1 1 1 1 1 TERMINATED Table 3 - Card Life Cycle Coding b8 b7 b6 B5 b4 b3 B2 b1 Meaning 1 - - - - - - - Security Domain 1 1 - - - - - 0 DAP Verification 1 - 1 - - - - - Delegated Management - - - 1 - - - - Card Lock - - - - 1 - - - Card Terminate - - - - - 1 - - Card Reset - - - - - - 1 - CVM Management 1 1 - - - - - 1 Mandated DAP Verification Table 4 - Privileges (byte 1) A successful execution of the command shall be indicated by status bytes '90' '00'. The command may return the following warning condition: '63' '10' More data available. If so, a subsequent GET STATUS [get next occurrence(s)] may be issued to retrieve additional data. If the AID of the Security Domain with Mandated DAP Privilege is known, the command to perform for checking that this SD is present on the card is the following: Command : 80 F2 40 00 [Length of SD +2] 4F [Length of SD] [AID of SD] Output Data : [Length of SD] [AID of SD] [Life Cycle State]1 byte C1 Status : 90 00 For instance, if AID of SD MD = A0 00 00 00 01 23 45 67, the command will be: Command : 80 F2 40 00 0A 4F 08 A0 00 00 00 01 23 45 67 Output Data : 08 A0 00 00 00 01 23 45 67 0F C1 Status : 90 00 2.3.3.2 Card Lock The card must be in a locked configuration. This can be verified with the following command which shall send 0xFF as output data. Command : A0 BC 00 00 01 Output Data : FF Status : 90 00 Note: The ADM1 PIN must be verified before using the described command. 2.3.3.3 Authorized Managment Lock In order to check that the card does not allow SSD with Authorized Management privilege, the command GET DATA “Card Manager Release” should be used. FQR: 110 6672 Issue: 1 Date: July 2013 19/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. The last byte in the response data is the value of the TAG ‘7F’ of the Card Manager Install parameter: bit 1 shall be set to ‘0’. 2.3.3.4 TOE Guidance The table below lists the guidance for the users of the TOE (the Platform). Once the PAP application is loaded and personalized, the product is still open. It means that the Platform guidance have to be respected by all the TOE users. FQR: 110 6672 Issue: 1 Date: July 2013 20/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. 1-Guidance document for platform production - USIM V3.1 NFC V2 EAL4+ 768K on CCD2 AGD_PRE FlyBuy Platinum / FQR 110 5884 Ed 6 2-Guidance document for development of application (secure application) to certify on the Platform - USIM V3.1 NFC V2 EAL4+ 768K on CCD2 Application Security Recommendations - Flybuy Platinum/ FQR 110 5886 Ed 2 - USIM V3.1 NFC V2 EAL4+ 768K on CCD2 Application Development Guide - Flybuy Platinum / FQR 110 5885 Ed 1 3-Guidance document for development of application on Platform - See standard documentation for Java Card API [6] and UICC API [67][68]. - to assist applet developer a documentation; not mandatory to use the TOE; is available Application Development Guide / FQR 110 5885 Ed 1 4-Guidance document for Platform Issuer - USIM V3.1 NFC V2 EAL4+ 768K on CCD2 Application Management Guide - Flybuy Platinum/FQR 110 5887 Ed 3 Table 5: Guidance references for the Platform The table below lists the guidance for the users of the TOE PAP application on the platform. 1-Guidance document for use of AEPM Application 3 documents are considered as part of the user AEPM Application Guidance: - AEPM_Part I [75] and AEPM_Part II[76] and - AEPM_MasterCard Implementation guide [77] - Chapter 5.2 of this document for the Objective of the environment. 2-Guidance document for AEPM personalisation The Instantiation is described in document: - “Applet Software Requirement Specifications” [90] And personalization is described in document: - “Mobile MasterCard PayPass – M/Chip 4 Technical Specifications Version 1.0 – April2010” [79] Table 6: Guidance references for the PAP application 2.4 TOE Overview This section briefly describes the architecture of the Target of Evaluation its the usage and major security features, identifies the TOE type and any non-TOE hardware & software & firmware required by the TOE. Following figure presents the platform with PAP application. FQR: 110 6672 Issue: 1 Date: July 2013 21/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. Figure 1: PAP application on OPERA FlyBuy Platinum 2.4.1 TOE Type The product to be evaluated is an Oberthur Technologies Payment Application Package on NFC FlyBuy Platinum intended to be plugged in a mobile handset to provide secure payment services to a customer. The TOE is composed of the following bricks:  A (U)SIM Java Card platform certified conformant to [91] which is a piece of software (OS, Java Card System, (U)SIM APIs, …) embedded in an Integrated Circuit (IC).  A Payment Application Package (PAP) compliant with [[75] [76] [77] [79] [80] [81] [82] [83]]. Application Note: Only one PAP is included into the TOE. But (U) SIM Card can embed more than one PAP application. This part of the TOE i.e. (U)SIM Java Card platform is already evaluated. It means that the evaluation is a composition between this Platform and the PAP application. Bank Mifare Classic HCI – SWP R7 Card Emulation Type A, B, B’ Telecom Security Domains and Applications ISD SD1, …,SDx Amd A Amd C NFC Registry UICC SDx+1 …, SDx+y Payment Application Package (PAP) CRS API ETSI API (U)Sim Access API (U)Sim Toolkit API NFC API USIM SIM OTA RAM RFM Operating System Global Platform 2.2 JavaCard 3.01 JCAPIs JCVM JCRE BIOS Evaluated Chip Crypto Amd A Amd C GP CL Registry (GP + OP + CRS) APIs BIP Perso Cmds SCP80 Applets FQR: 110 6672 Issue: 1 Date: July 2013 22/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. Figure 2: TOE type The PAP application shall be compliant to the MasterCard [79] Payez Mobile Implementation Guide. For MasterCard, PAP is composed of: - the Contactless Mobile Payment application or CMP application, defined section 1.7.1.1; - the Payez Mobile Customization Package. 2.4.2 Usage and major security features of the TOE Payez Mobile introduces an innovative Contactless Mobile Payment (CMP) solution that enables CMP transactions via radio frequency with the payment function located on a mobile handset supporting NFC technologies. One or more PAP can be installed in the (U)SIM card. To execute a CMP, customers simply hold their mobile handset close to a contactless reader to exchange payment information. Authorization and clearing are processed similarly to an EMV or a magnetic stripe purchase transaction. FQR: 110 6672 Issue: 1 Date: July 2013 23/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. The Payez Mobile solution can be used for any transaction amount, including low value transactions. Payez Mobile CMP is characterized by a radio frequency short read range distance that requires the mobile handset to be presented close to the contactless reader to enable a transaction. Thus, only proximity purchase transactions are authorized ([75], Section 4.2). 2 modes are offered to a customer to execute a Payez Mobile CMP: Mode 1 “PIN – TAP” and Mode 2 “TAP – PIN – TAP”. Warning: The acronym PIN used in the two payment modes described below refers to the Personal Code provided by the Issuing Bank to the customer. FQR: 110 6672 Issue: 1 Date: July 2013 24/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. 2.4.3 Mode 1: PIN – TAP: When making a purchase, first, the customer manually chooses the appropriate PAP to be used for the purchase transaction, enters his Personal Code then taps his mobile handset on the landing zone of the POS terminal1 to submit a payment transaction with the amount requested by the merchant and indicated on the POS terminal. Figure 3 illustrates this mode of payment transaction in seven steps. Figure 3: Mode 1: PIN - TAP 2.4.4 Mode 2: TAP – PIN – TAP: In this mode, the customer first taps his mobile to the landing zone of the POS terminal which already displays a transaction amount; after that, if the transaction amount is lower than Personal Code Entry Limit (e.g. 20 EUR) then the transaction is processed without Personal Code (optional upon customer configuration). Otherwise, if the amount is above the Personal Code Entry Limit (see Personal Code Entry Conditions listed in Section 4.5.2.1, [75]), then the customer enters his Personal Code and after that taps his mobile handset a second time on the landing zone of the merchant POS terminal in order to proceed with the payment transaction. The steps of this mode of transaction are presented in Figure 4. 1 Point of sales (POS) stands for the merchant acceptance terminal used to execute and process a financial transaction by communicating with a customer device such as a mobile handset. POS terminal includes stand alone, multi-lanes or ECR devices The POS incorporates a contactless interface device and may also include other components and interfaces. FQR: 110 6672 Issue: 1 Date: July 2013 25/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. Step 2c The end user enters their personal code on their mobile handset Step 1 The Merchant enters the transaction amount on the POS terminal Step 2 The end user "taps" their mobile to the contactless reader "landing zone" TAP Personal Code requested (*) ? NO Step 2b A warning signal (audible & visible) requests the end user to enter their personal code before completing the transaction BEEP 2 Step 2d The end user "taps" again their mobile handset to the contactless reader "landing zone" 2nd TAP Step 3 The end user keeps their mobile handset onto the contactless reader until a visible and audible signal takes place BEEP Step 5 The POS terminal prints the user’s receipt (conditional) and the merchant’s receipt YES (*) See conditions Section 4.5.1 Authorisation Request (conditional) is requested depending on Acquirer, Issuing Bank risk management configuration Step 4 The mobile displays some information about the current transaction Figure 4: Mode 2 - TAP - PIN – TAP 2.4.5 Security features The TOE is an (U)SIM platform including PAP application. It includes: -- all security functions specified in chapter 2.5.10 of [31]) -- and the security functions listed below: • Offline communication with the POS terminal • Offline Data Authentication • Online Authentication and communication with the Bank Issuing • Personal Code verification and management • Transaction risk management analysis • Transaction Certification • Counter reset processing, • Script processing via OTA bearer • Auditing • Log reading and update • Administration management (Contactless life cycle management) Depending on the Acquirer and Issuing Bank risk management configuration, the merchant POS terminal processes the proximity purchase transaction offline or online. A Payez Mobile CMP transaction shall be executed according to Payez Mobile specification and under MasterCard operating rules and should use the same authorization network and clearing system than standard credit and debit cards. 2.4.6 Non-TOE available to the TOE This action describes the hardware, software or firmware present in the environment of the TOE and that are required to have a correct usage of the TOE. For a detailed description, see [76], Section 2.2. 2.4.6.1 Umbrella Application The umbrella application transfers the Payment Application Package AIDs and its life cycle status to the MNO GUI in order to allow the MNO GUI to make the reconciliation between the FQR: 110 6672 Issue: 1 Date: July 2013 26/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. CMP applications loaded in the UICC and the associated Bank GUIs installed on the mobile handset. 2.4.6.2 Payez Mobile Application2 (CREL Application) The Payez Mobile application is a CREL (Contactless Registry Event Listener) application according to Global Platform Amendment C [13]. The Payez Mobile application applies the Payez Mobile business logic consisting to have only one activated Payment Application Package at a time. Upon a new activation request, this application is responsible for managing the deactivation of the current activated payment application. The Payez Mobile application is the single application (except the CMP application itself) that can modify the CMP contactless life cycle state from “ACTIVATED” to “DEACTIVATED”. This application does not apply its business logic if the new application to be activated and the current activated application are members of the same application group, or in case of one-shot payment3 . 2.4.6.3 Proximity Payment System Environment (PPSE) application The PPSE application is a CREL (Contactless Registry Event Listener) application according to GlobalPlatform Amendment C [13]. This application is present in the Issuer Security Domain. Therefore, it is under the MNO’s responsibility. Its role is to: • read the GP Registry in order to check the “ACTIVATED” CMP application. Only one CMP application is in the state “ACTIVATED” at a time. Therefore, the PPSE contains only one CMP application AID; • build the “SELECT PPSE” response. The PPSE response is updated each time an activation or deactivation notification is received from the CRS API (Contactless Registry Service Application Programming Interface); • upon reception of a “SELECT PPSE” command, the PPSE application returns the PPSE response built previously. 2.4.6.4 Bank TSM This is a platform providing functions for transport encryption to manage the Bank Supplementary Security Domain (Bank SSD) by establishing a dedicated secure channel for management commands and data. When using Delegated Management (DM) mode, it also provides functions to manage the request of SSD creation and after requesting a token DM to the MNO, to manage the payment application installation, instantiation and deletion. 2.4.6.5 UICC Management Platform The UICC Management Platform is owned by the MNO and handles the global management of the customer’s UICCs. This platform is mainly used during the payment service delivery. 2.4.6.6 Bank GUI Management Platform The Bank GUI Management Platform enables the Bank GUI installation, its synchronization and its update. This platform shall be able to cover application portability issues and deliver 2 Not to be confused with the Payment Application Package (PAP). 3 One-shot payment : The CMP application (that is not active by default) selected by the Customer is used only for the current payment transaction. (Not supported in the current implementation). FQR: 110 6672 Issue: 1 Date: July 2013 27/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. the appropriate version of the Bank GUI, depending on the mobile handset used by customer. 2.4.6.7 POS terminal Point of sales (POS) stands for the merchant acceptance terminal used to execute and process a financial transaction by communicating with a customer device such as a mobile handset. POS terminal includes stand alone, multi-lanes or ECR devices The POS incorporates a contactless interface device and may also include other components and interfaces The POS terminal shall comply with Payez Mobile minimum requirements defined in [76]. 2.4.6.8 POS Application The POS terminal hosts a payment application that complies with MasterCard (PayPass) or local scheme contactless specifications and with Payez Mobile Specifications. 2.4.6.9 Mobile Handset The TOE as a smartcard is intended to be plugged in a mobile handset. This equipment can be a mobile phone or a PDA or any other connecting device. NFC Mobile handset shall comply with Payez Mobile minimum requirements defined [76]. 2.4.6.10 Bank GUI The Bank GUI (Java, SDK Android…) is a graphical interface loaded into the mobile handset that allows the customer to access to the functions associated to their CMP applications. The Bank GUI gives several functionalities to the customer for example: • payment; • set to ACTIVATED by default (Activate its CMP application); • deactivate its CMP application; • change the Personal Code; • change the application name; • CMP application parameters update; • transaction log consultation; • etc. 2.4.6.11 MNO GUI The MNO GUI is the primary graphical interface loaded onto the mobile handset which allows the customer to access all their NFC services stored in the UICC. If the customer selects one PAP, the MNO GUI launches the associated graphical interface (called Bank GUI). This interface allows the Customer to identify the current active CMP application by displaying a logo beside the associated Bank GUI. 2.4.6.12 OTA Platform Platform using OTA mechanisms providing functions to tunnel information messages exchanged between the UICC Management Platform or the Bank TSM and a (U)SIM. 2.5 TOE DESCRIPTION The TOE is presented in the Figure 1: PAP application on OPERA FlyBuy Platinum. The TOE physical interfaces and the description of the (U)SIM platform are available the public ST [31]. FQR: 110 6672 Issue: 1 Date: July 2013 28/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. All components are included in the TOE. • Integrated Circuit (IC) or chip • (U)SIM Applets • Bearer Independent Protocol (BIP) • Java Card System • GlobalPlatform (GP) • Native proprietary applications • And PAP application. 2.5.1 Payment Application Package (PAP) The Payment Application Package is loaded on a Bank TSM (cf. [79] and [80]). The CMP application is compliant with the payment scheme specifications: • MasterCard PayPass specifications (MChip/MagStripe), or It is possible to have several versions of the same CMP application loaded onto the UICC and thus several instance versions. The PAP package is composed of 2 files : A Core package in charge of main payment features A SharedPIN interface that is in charge of some PIN management functions. To insure environment isolation, each bank has a dedicated package. Each instance of this package is instantiated in the bank security domain. The first instance of each package is a data container called Ghost instance that contains the static data contained in the package. This container application must be the last removed instance. Typically this instance is not selectable on both interfaces. 2.5.2 Logical scope of the TOE: the logical security features offered by the TOE For a complete description for the logical security description of the TOE, please see the dedicated chapters 2.5.10 in of Platform public ST [31]. And, to avoid redundancies, in the following chapters only PAP’s security features as part of the logical scope of the TOE are specified. So, this section describes the security features offered by the PAP. These are structured in several modules (see Figure 5). For a detailed description about these modules, refer to [79] section 2.1, and [80]. The list of modules presented here is not exhaustive, and there might be other modules depending on the use of Mastercard. FQR: 110 6672 Issue: 1 Date: July 2013 29/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. Figure 5: PAP Module 2.5.3 Contactless Availability The contactless availability is responsible for: - the CMP activation by using the activation interface of the CRS API (the contactless life cycle state will be updated to the value 'ACTIVATED' in the GP Registry) - the CMP deactivation by using the deactivation interface of the CRS API (the contactless life cycle state will be updated to the value 'DEACTIVATED' in the GP Registry) - the CMP blocking by setting up the contactless life cycle state to the value 'NON ACTIVATABLE' in the GP Registry (using the CRS API). 2.5.4 Script Processing Module This is a functional module allowing the Issuing Bank to update some parameters of the application and strictly compliant with the payment scheme specifications. This module supports Personal Code Change/Unblock command, Personal Code Entry Limit Update, etc. For a detailed description about the Script Processing Module, refer to [76], section 8.3. 2.5.5 Counters Management This module enables the update of limits and counters partial renewal. The offline counters are updated during a payment transaction if it is accepted offline. The counters are not updated if a transaction is completed online. 2.5.6 Counter Reset Processing Module This module ensures that the CMP application counter limit is not exceeded. When counters exceed their limit, the CMP application requests an online authorization to finalize the transaction. FQR: 110 6672 Issue: 1 Date: July 2013 30/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. For more information about this process, please refer to [76] Section 8.2.4, [79] and [80]. 2.5.7 Transaction Log Module During a payment transaction, this module ensures that the data for the transaction are logged. Moreover, it allows the Bank GUI to retrieve the transaction log data for display purposes. 2.5.8 Detect GUI Presence Module This module enables to detect the presence of the Bank GUI. If the Bank GUI is not present, the transaction cannot be executed. 2.5.9 HCI Events Manager Module The HCI events are used to wake up the Bank GUI when a user interaction is required (at the end of a transaction or when the Personal Code is required)4. 2.5.10 Over-The-Air (OTA) Capabilities Platform using OTA mechanisms providing functions to tunnel information messages exchanged between the UICC Management Platform or the Bank TSM and a (U)SIM. 4 The only HCI event used in Payez Mobile solution is the EVT_TRANSACTION without the use of the parameter field. To be aware of the transaction context (i.e. why the Bank GUI has be awaken), the Bank GUI shall read the Mobile Cardholder Interaction Information FQR: 110 6672 Issue: 1 Date: July 2013 31/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. 2.5.11 Overview of the TOE Life Cycle The life cycle of the TOE is the life cycle of the (U)SIM card ((U)SIM Platform + PAP), from the development to the operational stage through manufacturing and personalization. Figure 6 illustrates the life cycle of the (U)SIM Platform as well as the life cycle of the PAP. Figure 6: TOE life cycle We refer to [91] for the definition of the (U)SIM Platform life cycle. The life cycle of the PAP consists of 5 consecutive stages:  Development: This stage is performed on behalf of the Issuing Bank in a secure development environment at Oberthur promises;  Loading: This stage can occur in phase 6: pre-issuance and or in phase 7: in post- issuance, when the (U)SIM is already delivered to the end-user, in this case, the applet loading is done using OTA means;  Installation & Personalization: This stage occurs in phase 6, in production phase or 7 in the usage environment;  Usage: This stage occurs in phase 7. In PAP Usage phase, the MNO and/or the Issuing Bank may perform card management and PAP management activities such as updating parameters, PAP blocking/unblocking, etc;  Destruction: At this stage, the PAP is destroyed. The following steps of the life cycle are covered as specified in the table below: Phase 1 Security IC Embedded Software Development Oberthur sites (Nanterre and Bordeaux) Phase 2 Security IC Development STMicroelectronics Site Phase 3 Security IC Manufacturing STMicroelectronics Site Phase 4 Security IC packaging Oberthur manufacturing sites (Vitré) Phase 5 and 6 Product Integration and Personalisation Oberthur manufacturing sites (Vitré) (U)SIM platform Development Key generation and applet Development IC Storage, pre-perso, test (U)SIM platform Storage, perso, test IC development and production (U)SIM platform Loading Phase 7 Operational Usage Applet Loading and Personalisation by OTA means FQR: 110 6672 Issue: 1 Date: July 2013 32/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. Life cycle phase Environment Covered by Phase 1 - NFC FLYBuy Platinum V2.0 Platform Development - PAP development ALC [FLY] Oberthur Sites And [FLY] EAL4+ Evaluation And [PAP] EAL4+ Evaluation Phase 2 IC Development ALC [IC] STMicroelectronics Site And [IC] EAL4+ Evaluation Phase 3 Security IC Manufacturing ALC [IC] STMicroelectronics Site And [IC] EAL4+ Evaluation Phase 4 Security IC packaging ALC [FLY] ] Oberthur Site And [FLY] EAL4+ Evaluation Phase 5 and 6 Construction of part of the TOE (Platform) or the entire TOE (Platform and applet loading) ALC [FLY] Oberthur Site And [FLY] EAL4+ Evaluation Phase 7 Operational Phase of the TOE Construction of the TOE AGD_OPE [ FLY] AGD_OPE[PAP] See Table 5: Guidance references for the Platform and Table 6: Guidance references for the PAP application Tableau 7: TOE life cycle [FLY] is under the scope of the platform certificate. [IC] is under the scope of IC certificate. [PAP] means that the assurance is under the scope of the present evaluation. 2.5.12 PAP on-card life cycle The on-card life cycle of the PAP is compliant with the GlobalPlatform standard life cycle [9]: The PAP life cycle is divided in two parts: - The life cycle status, concerning the standard GP states - The contactless life cycle, concerning the contactless PAP states 2.5.13 Contactless life cycle The contactless life cycle is composed of three states: - ACTIVATED state in which the application is activated and can be selected by a terminal application; - DEACTIVATED state in which the application is deactivated but still can be selected by a terminal application to receive appropriate commands. For instance, in this state, the customer is authorized to view his transactions log or change the Personal Code; FQR: 110 6672 Issue: 1 Date: July 2013 33/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. - NON-ACTIVATABLE state in which the application cannot be activated and its services are blocked either by the Issuing Bank or as a result of several (above the Personal Code Entry Limit) wrong Personal Code entry by the customer. When the life cycle status of the “Head Application” of an application group is NON ACTIVATABLE, then the members of the application group are automatically deactivated (application life cycle state changed to the value “DEACTIVATED”). Please refer to GlobalPlatform [9] for more information. Figure 7: Contactless life cycle states Steps Description: 1. Another CMP Application is ACTIVATED; 2. A Customer sets an application from “ACTIVATED” to “DEACTIVATED” via the function “Deactivate a CMP application”; 3. A Customer sets an application from “DEACTIVATED” to “ACTIVATED” via the function “Define a CMP application”; 4. The CMP application is blocked by the Issuing Bank (NON-ACTIVATABLE); 5. Three wrong personal codes have been entered by the Customer; the application is automatically blocked (NON-ACTIVATABLE). Personal Code unblock is required to unblock the CMP application; 6. The CMP Application is unblocked by the Issuing Bank; 7. The Personal Code is unblocked by the Issuing Bank. 2.5.14 GP standard life cycle The life cycle status is the representation of the GP life cycle (compliant with [9]). The GP standard life cycle is composed of states: FQR: 110 6672 Issue: 1 Date: July 2013 34/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. - INSTALLED state corresponds to the status of the PAP after its installation. In this state, the PAP can also be personalized (for instance, with the Personal Code of the customer); - SELECTABLE state that means that the Application is able to receive commands from off-card entities; - LOCKED state which is a reversible state in which the PAP is NON SELECTABLE and its services are temporarily blocked. Figure 8: Life Cycle Status FQR: 110 6672 Issue: 1 Date: July 2013 35/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. 3 Conformance Claims 3.1 CC Conformance Claims This Security Target claims conformance to CC version 3.1 with the following documents: [1] "Common Criteria for information Technology Security Evaluation, Part 1: Introduction and general model", July 2009, Version 3.1 revision 3. [2] "Common Criteria for information Technology Security Evaluation, Part 2: Security Functional requirements", July 2009, Version 3.1 revision 3. [3] "Common Criteria for information Technology Security Evaluation, Part 3: Security Assurance requirements", July 2009, Version 3.1 revision 3. Conformance is claimed as follows: Part 1: conformant Part 2: conformant Part 3: conformant EAL4 augmented with ALC_DVS.2 and AVA_VAN.5. FQR: 110 6672 Issue: 1 Date: July 2013 36/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. 4 Security Problem Definition 4.1 Assets This section identifies the assets of the PAP, protected by a combination of (U)SIM platform and PAP itself. Note that the PAP code is an asset of the (U)SIM platform, protected in integrity by means of JavaCard System access control. In the following, the description of each asset states the type of protection required. 4.1.1 User data User data are created by and for the user. These data do not affect the operation of the TSF. The following assets are user data. POS Transaction Data All data transmitted to the PAP from the POS terminal. This includes: Country Code, Terminal Verification Result, etc. Protection: integrity. Issuing Bank Transaction Data All transaction data transmitted to the PAP by the Issuing Bank including Issuing Bank authentication data, ARPC, CDOL2, etc. Protection: integrity. Issuing Bank Scripts All the scripts transmitted by the Issuing Bank to update PAP Transaction Parameters and PAP internal states (Application Block/Unblock, Counter Reset, Change/Unblock the Personal Code,etc) Protection: integrity. MNO Data All data transmitted to the TOE by the MNO including the MNO authentication data. 4.1.2 TSF data TSF data are created by and for the TOE. These data might affect the operation of the TOE. 4.1.2.1 TRANSACTION MANAGEMENT DATA Reference Personal Code The stored value of the Personal Code which allows the authentication of the customer to the PAP. This includes related parameters for entry checking (POS currency, Personal Code Entry Limit). Protection: integrity and confidentiality. FQR: 110 6672 Issue: 1 Date: July 2013 37/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. PAP Log File PAP Log File and its associated format under EMV rules. This asset contains the log data of the last transactions performed by the PAP. Protection: integrity Customer Account Information All customer bank account data including the PAN, the PAN Sequence Number, expiration date. Protection: integrity. PAP keys The cryptographic keys owned by the payment application instances. Protection: integrity and confidentiality Application Note: This asset includes secret keys, private keys and random numbers used for secret key generation. PAP Transaction Parameters Any data used for internal card risk management, including last on-line ATC, PAP AID, PDOL data, Currency code, Personal Code Entry Floor Limit, Personal Code indicators, CDOL1, CVM, PK certificates. Protection: integrity. PAP Counters This asset covers two types of counters: o risk analysis counters which is data used to count sensitive operations, for instance, the number of transactions processed by the PAP (ATC), o secure counters such as the number of failed attempts to present the Personal Code (Personal Code Try Counter). Protection: integrity PAP Selection and Activation parameters The parameters allowing the POS to perform the selection and activation of the embedded PAP. Protection: integrity. Application Note: For instance the AID, the longAID, the AFL, contactless life cycle state, etc. PAP State Machine The PAP State Machine stores information about the PAP application internal states during its usage phase. Protection: integrity. FQR: 110 6672 Issue: 1 Date: July 2013 38/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. 4.1.2.2 TEMPORARY TRANSACTION DATA PAP Transaction Data All data used by the PAP when performing payment transactions, including Card Challenge, Dynamic Authentication related data, Session Keys, Card Verification Results, Cryptograms (AAC, TC and ARQC). Protection: integrity 4.2 Users / Subjects 4.2.1 USERS Users are entities (human or IT) outside the TOE that interact with the TOE. U.CUSTOMER The customer interacts with the TOE in its usage phase. The customer is able to perform a transaction using the PAP embedded in the (U)SIM card of his mobile handset. U.ISSUING_BANK The Issuing Bank is the PAP provider. The Issuing Bank is responsible of payment transactions authorisation and PAP administration (i.e. loading of PAP code, data and keys belonging to a specific customer). U.MERCHANT_POS The POS terminal used by the merchant. It initiates transactions with the PAP in the customer's mobile handset for payment of a good or a service. U.MNO The Mobile Network Operator is the (U)SIM Card Issuer. The MNO provides cards to the customers. The MNO is responsible for the secure management of all pre-issuance phases of the (U)SIM card life cycle status and for some post-issuance processes. Application Note: The MNO can provide privileges to Issuing Banks via the Delegated Management functionality. The MNO can also manage authorisation of applications permitted to reside on its (U)SIM cards. U.APP Any sensitive or non-sensitive application embedded in the (U)SIM card besides the PAP. U.BANK_GUI This is a graphical interface loaded into the mobile handset, that allows the customer to access to the functions associated to their CMP applications. U.BANK_MNG_SW This is the software that is in charge of establishing a secure channel with the (U)SIM to tunnel PAP management functions (loading, updating,...) and data. FQR: 110 6672 Issue: 1 Date: July 2013 39/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. U.MNO_MNG_SW This is the software that is in charge of establishing a secure channel with the (U)SIM to tunnel MNO's management functions and data. 4.2.2 SUBJECTS Subjects are active entities in the TOE. S.PAP The PAP subject is the Payment Application Package. S.BANK_TSM The Bank TSM allows the Issuing Bank to submit PAP management operations (installation, selection, activation, block, counter reset, etc). S.MNO_ISD The MNO Issuer Security Domain allows the MNO to verify the Issuing Bank management operations in a Delegated Management privilege mode (token verification). 4.3 Threats A threat agent wishes to abuse the assets by physical or logical attacks or by any other type of attacks. Any user may act as a threat agent. All threats of the Platform are included in this ST. Please refer to [31]. Compatibilities are showed in chapter 8. 4.3.1 DISCLOSURE Unauthorized disclosure of assets. T.DISCLOSURE_KEYS An attacker may perform attacks leading to unauthorized knowledge of the keys. Assets threatened: PAP keys. T.DISCLOSURE_REF_PC An attacker may perform attacks leading to unauthorized knowledge of the Reference Personal Code. Assets threatened: Reference Personal Code. 4.3.2 INTEGRITY Unauthorized modification of assets. T.INTEG_LOG_FILE Unauthorized modification of stored log files: an attacker modifies the log of transactions in order to hide malicious operations. Asset threatened: PAP Log File. FQR: 110 6672 Issue: 1 Date: July 2013 40/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. T.INTEG_KEYS Unauthorized modification of stored keys: an attacker modifies the value of the keys in order to input a known key. Assets threatened: PAP keys. T.INTEG_ACCOUNT_INFO Unauthorized modification of stored customer account information: for instance an attacker modifies the value of the PAN. Assets threatened: Customer Account Information. T.INTEG_REF_PC Unauthorized modification of stored Reference Personal Code: an attacker modifies the value of the Reference Personal Code stored in the PAP, for instance, in order to enter a known one. Assets threatened: Reference Personal Code. T.INTEG_TRANS_PARAM Unauthorized modification of stored transactions parameters: an attacker modifies the value of transaction parameters which define the configuration of the PAP in order to bypass controls or a limitation enforced by the bank's risk management and let the PAP accepting counterfeited or replayed transactions. Assets threatened: PAP Transaction Parameters, PAP State Machine. T.INTEG_COUNT Unauthorized modification of risk analysis counters or secure counters such as the Personal Code Try Counter stored in the TOE: an attacker modifies the value of the Personal Code Try Counter stored in the PAP in order to change the limitation of the number of failing Personal Code required and finally gets unauthorized permission to submit a payment transaction. Assets threatened: PAP Counters. T.TEMPORARY_DATA Unauthorized modification of temporary transaction data: an attacker modifies the value of transaction data in order to authorize counterfeited or replayed transactions. Assets threatened: PAP Transaction Data, POS Transaction Data, Issuing-Bank Scripts, MNO Data, Issuing Bank Transaction Data. T.INTEG_SEL_ACT_PARAM Unauthorized modification of stored selection and activation parameters: an attacker modifies the value of parameters allowing the POS to perform the selection and activation of the embedded PAP in order to select and activate a counterfeited PAP. Assets threatened: PAP Selection and Activation Parameters. FQR: 110 6672 Issue: 1 Date: July 2013 41/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. 4.3.3 FRAUDULENT PAYMENT T.STEALING An attacker identifies and steals the mobile handset of the legitimate customer and if necessary disables the OTA channel (activating of the airplane mode, for instance) in order to use it to submit payment transactions. Assets threatened: All assets. T.MERCHANT_ACCOMPLICE An attacker deals with a merchant in order to split payment into small amount payments that do not require Personal Code entry. Assets threatened: PAP Transaction Parameters. T.MAN-IN-THE-MIDDLE An attacker installs on his mobile handset an application or uses a NFC device that is capable of relaying communications from the POS terminal to a mobile handset including a genuine payment application via NFC bearer or OTA bearer. The attacker presents his mobile handset or his NFC device to the POS terminal for a payment transaction, the request for payment is relayed from the POS terminal, through one or more intermediate attackers fake devices (NFC devices), to the victims mobile handset, which may be at a considerable distance. Assets threatened: PAP Transaction parameters, PAP Counters. T.TRANSACTION_REPUDIATION Performing payment transactions without the customer authentication. It can lead to the repudiation of those transactions by the customer. Assets threatened: PAP Log File and PAP Transaction Parameters. T.TRANSACTION_COUNTERFEITING Counterfeiting of payment transactions. This may take several forms depending on the type of the data available to the attacker: o knowledge of all personalisation data to clone a payment application; o knowledge of the MNOs master key or the Bank's TSM key to make a real fake payment application; o exploiting cryptographic weaknesses to determine the keys. Assets threatened: PAP keys, PAP Transaction Parameters, Customer Account Information, PAP Transaction Data. T.TRANSACTION_REPLAY Replay of a previous complete sequence of transaction operations. Asset threatened: PAP Transaction data, POS Transaction data, Issuing Bank Transaction Data. Application Note: This attack may be done by exploiting cryptographic weaknesses to determine the random values used, for instance, in DDA computation and session key diversification in order to replay previous transactions and usurpate users' identities. FQR: 110 6672 Issue: 1 Date: July 2013 42/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. 4.3.4 DENIAL-OF-SERVICE T.CERTIF_CORRUPTION Corruption of the transaction data (certificates) in order to deny participation to the transaction under the terms claimed by one party. Assets threatened: PAP Transaction Parameters, PAP Transaction Data, POS Transaction Data. T.APPLICATIONS_DOS Exploiting OTA bearer or NFC bearer, an attacker initiates transactions of small amounts by simulating a POS terminal. He may also install fraudulently an application on the mobile handset (GUI) that initiates transactions with the (U)SIM card. This attack may cause denial of service on the payment applications. Assets threatened: Issuing-Bank Scripts, MNO Data, Issuing Bank Transaction Data. 4.3.5 IDENTITY_USURPATION T.MNO_USURPATION An attacker is illegally granted the rights of the MNO to modify the transactions parameters in order to authorize fraudulent transactions. Assets threatened: MNO Data. T.ISSUING-BANK_USURPATION An attacker is illegally granted rights of the Issuing Bank to make unauthorized PAP management operations. Assets threatened: Issuing Bank Transaction Data. T.CUSTOMER_USURPATION An attacker is illegally granted the rights of the legitimate customer to submit unauthorized transactions on his/her behalf. Assets threatened: All assets. Application note: Those attacks could be made by exploiting cryptographic weaknesses to determine the keys or random values used in the authentication process in order to usurpate users' identities. 4.4 Organisational Security Policies All Organisational Security Policies of the Platform are included in this ST. Please refer to [31]. Compatibilities are showed in chapter 8. 4.4.1 HANDSET OSP.POLICY The mobile handset implements a security policy and a control access policy to resources ((U)SIM, network,etc) FQR: 110 6672 Issue: 1 Date: July 2013 43/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. OSP.CUSTOMER_PC_CONFID The mobile handset never conserves the customer's Personal Code in its memory. OSP.GUIS_IDENTIFICATION The handset implements an access control mechanism that identifies GUIs authorized to communicate with the PAP (Cardlets). 4.4.2 MANAGEMENT OSP.CERTIFICATES_MNGT The lifetime of the (EMV-CDA) authentication certificates with the payment terminal varies according to the type of the payment application (application lifetime), and the (U)SIM card (lifetime). These certificates are updated via OTA during the term of the contract signed with the customer. Updating EMV certificates makes compromised payment applications inoperative. OSP.Contactless_life cycle_MNGT Each PAP holds the "Contactless Life Cycle State", which takes values from: o ACTIVATED o DEACTIVATED o NON-ACTIVATABLE In a Payez Mobile implementation, there shall be at maximum one payment application in "ACTIVATED" state. The Payez Mobile application handles this requirement deactivating the previous payment application when a new one requests is activated. When the Payez Mobile application receives a notification from the CRS API that a payment application has just been activated, it uses the GP mechanisms as defined in the amendment C [13] to deactivate the previous active payment application. OSP.TOE_USAGE The customer never reveals their Personal Code so that an attacker is unable to grant the rights of the legitimate customer to submit unauthorized transactions on his/her behalf. The customer shall respect the security rules given by the Issuing Bank. OSP.PISHING The Bank shall forbid remote payments (e.g. internet transactions), Mail Order / Telephone Order (MOTO), cash advance, quasi-cash and ATM cash withdrawal) so that an attacker cannot forge a message for the legitimate customer by usurpating his bank's identity in order to obtain desired information from him (name, address, PAN, activation code). 4.4.3 MERCHANT OSP.MERCHANT_CONTROL The Acquirer applies a specific security policy regarding the secure usage of the POS by the Merchant. Application Note: The Acquirer's role is: FQR: 110 6672 Issue: 1 Date: July 2013 44/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. o acquires and processes clearing transaction files; o forwards authorisation and clearing messages from the Merchant point of sale to the Issuing Bank through a Payment Scheme network; o provides an accurate and reliable transaction flow transmission from the Merchant POS to the Issuing Bank; o provides a POS terminal compliant with the Payment Scheme requirements and with the functionalities defined within the Payez Mobile specifications. 4.4.4 BANK OSP.BANKS_PRIVILEGES The Issuing Bank has specific privileges. For instance: o the ability to request the value of the ATC and Offline counters. That request should be done randomly or on response to an incident reported by the customer; o the ability to reset offline counters through OTA bearer; o the ability to perform complete personnalisation of its dedicated payment application through OTA bearer. 4.5 Assumptions All platform assumptions [31] are part of this composite ST. Compatibilities are showed in chapter 8. A.MERCHANT_AUTH Merchant contract subscription guarantees the authenticity of the Merchant. FQR: 110 6672 Issue: 1 Date: July 2013 45/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. 5 Security Objectives 5.1 Security Objectives for the TOE All security objectives of the Platform are included in this ST. Please refer to [31]. Compatibilities are showed in chapter 8. 5.1.1 TRANSACTION PROTECTION O.TRANSACTION_UNIQUENESS The TOE shall preserve the uniqueness of a transaction by limiting the probability of generating two identical copies of transactions certificates. O.TRANSACTION_INTEGRITY The TOE shall preserve the integrity of transactions and the integrity of all certified terms of the transactions. O.TRANSACTION_BYPASS The TOE shall prevent from bypassing a mandatory step of the transaction flow model as defined by the [76] and [75] specifications. O.TRANSACTION_REPLAY The TOE shall detect and reject replayed transactions. 5.1.2 AUTHENTICATION O.USER_AUTH The TOE shall provide customer authentication means for Personal Code change and for each payment transaction above the Personal Code Entry Limit. Application Note: No further customer authentication attempts shall be possible once the maximal number of attempts has been reached, until a special action is performed by a privileged user. O.ISSUING_BANK_AUTH The TOE shall authenticate the Issuing Bank before processing administration transactions. O.MNO_AUTH The TOE shall authenticate the MNO before granting him access to its services. Handled by the (U)SIM platform (see O.COMM_AUTH in [91]) 5.1.3 EXECUTION PROTECTION The correct execution of the services provided by the PAP, applications resources control and applications isolation are handled by the (U)SIM platform on which the payment FQR: 110 6672 Issue: 1 Date: July 2013 46/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. application package is embedded. They are satisfied by technical countermeasures implemented by the (U)SIM platform. [in [91] O.AUTHORISATION_CONTROL The consistency of payment transactions shall be checked according to Payez Mobile specifications [75] and [76] before granting the customer the authorisation to submit payment transactions. 5.1.4 DATA PROTECTION O.DATA_DISCLOSURE The TOE shall avoid unauthorized disclosure of TSF data stored and manipulated by the TOE and that must be protected in confidentiality. Application Note: This security objective is partially handled by the (U)SIM platform regarding physical attacks and unobservability of secrets. O.DATA_INTEGRITY The TOE shall avoid unauthorized modification of user data and TSF data managed or manipulated by the TOE. O.DATA_USERS The TOE shall ensure that user data are only accessed by authorized users. 5.1.5 RISK MANAGEMENT O.RISK_MNGT The TOE security functions behavior is limited by maximum values of risk management counters (number of transactions without authorisation, the aggregated amount without authorisation) that trigger an online authorisation request. These mechanisms are valid regardless the amount of the payment transaction. O.APP_BLOCK The TOE shall grant an authorized user the privilege to block the PAP and its data in a way to prohibit a positive response to payment authorisation requests. O.SIM_UNLOCK The TOE shall require unlocking the (U)SIM card (by means of the PIN code) for each payment transaction. Application Note: Handled by the (U)SIM platform (see O.COMM_AUTH in in [91]) O.AUDIT The TOE shall record transactions to support effective security management. FQR: 110 6672 Issue: 1 Date: July 2013 47/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. O.CHANNELS The TOE shall provide the means to identify the origin of a communication request intended to be routed by a specific communication channel (e.g. SWP for communications between the (U)SIM and the NFC Controller). O.AUDIT_ACCESS The TOE shall grant the customer access to log files in order to check the history of payment transactions that he has made lately. 5.1.6 OBJECTIVES handled by (U)SIM Platform O.GUIS_AUTH The TOE ((U)SIM Platform and PAP) shall authenticate the GUIs authorized to communicate with the applications of (U)SIM card (Cardlets) before granting them access to its functionalities. The applications shall only accept communication from authenticated GUIs. Application Note: Handled by the (U)SIM platform (see O.COMM_AUTH in [91] This security objective is handled by the (U)SIM platform. For instance, using ACF mechanism (cf. [AEPM-2], Section C.2.3) 5.2 Security objectives for the Operational Environment All security objectives for the Operational Environment of the Platform are included in this composite ST. Please refer to [31]. Compatibilities are showed in chapter 8. 5.2.1 HANDSET OE.CUSTOMER_PC_CONFID The mobile handset shall preserve the customer's Personal Code from disclosure during its transmission to the PAP in order to be compared with the Reference Personal Code. Thus, the mobile handset shall never keep the customer's Personal Code in its memory. OE.GUI_INST_ALERT The mobile handset shall provide mechanisms for determining the legitimacy of an installed GUI, alerting the customer on application installation attempts. OE.TOE_USAGE The Issuing Bank shall communicate to the customer the rules dealing with the use of the PAP. Especially it must inform the customer that he must not divulgate his Personal Code to anyone. The customer shall enforce these rules. OE.GUIS_IDENTIFICATION The handset shall implement an access control mechanism that identifies GUIs authorized to communicate with the TOE (Cardlets). FQR: 110 6672 Issue: 1 Date: July 2013 48/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. OE.POLICY The mobile handset shall implement a security policy and a control access policy to resources ((U)SIM, network, etc) OE.NFC_PROTOCOL The implementation of NFC protocol shall be compliant with ISO 14443. In particular, payment transactions shall be disabled beyond a given distance. OE.TRANSACTION_DISPLAY Related payment transaction information (amount, transaction status, etc) shall be systematically displayed on the screen of the customer mobile handset before or after the transaction. OE.CHANNELS_SELECTION The mobile handset shall provide the means to the customer to fix the communication channels that permit to communicate with the TOE (eg NFC, OTA, Bluetooth). OE.GUIS_TIMEOUT The GUIs shall detect when Personal Code Timeout limit values and unsuccessful authentication attempts occur related to the Personal Code timeout session. When the defined number of unsuccessful authentication attempts has been surpassed, the GUI shall request the Personal Code again. 5.2.2 MERCHANT OE.MERCHANT_CONTROL In particular, a specific security policy shall be established by the Acquirer regarding the secure usage of the POS, by controlling the Merchants transactions flow in order to detect suspicious behavior. Application Note: For instance, by controlling Merchants accepting small payments amounts. OE.MERCHANT_AUTH The merchant shall subscribe for a contract that guarantees his authenticity. OE.LATENCY_CONTROL The POS terminal shall implement time-out mechanisms that disable NFC transactions with low latency. OE.POS_APPROVAL Payment terminals accepting Payez Mobile payment transactions shall be approved by a reference body. OE.POS_APPLICATIONS The contactless payment applications embedded in the POS terminal shall be protected in integrity and authenticity. Application Note: FQR: 110 6672 Issue: 1 Date: July 2013 49/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. For instance, those applications are signed by a trusted third party and their signature is checked during installation process. OE.POS_DEACTIVATION Any POS terminal may be rendered inoperative remotely by the POS purchaser or the Acquirer. 5.2.3 MANAGEMENT OE.CERTIFICATES_MNGT The lifetime of the (EMV-CDA) authentication certificates with the payment terminal shall be variable according to the type of the payment application (transaction amount, application lifetime), and the (U)SIM card (lifetime). These certificates shall be updated via OTA during the term of the contract signed with the customer. OE.Contactless_life cycle_MNGT Upon a new activation request, Payez Mobile application is responsible for managing the deactivation of the current activated PAP. The Payez Mobile application shall guarantee that only one PAP is activated at any given time. 5.2.4 BANK OE.NO_VAD Remote payments (e.g. internet transactions), Mail Order / Telephone Order (MOTO), cash advance, quasi-cash and ATM cash withdrawal) shall be forbidden by the banks for PAP payments. Only proximity purchase transactions shall be authorized. OE.BANKS_PRIVILEGES The Issuing Bank shall be granted specific privileges. 5.3 Security Objectives Rationale Please refer to chapter 7.3 of Platform Public ST [31] for: - the rational of the Platform security objectives, - and the rational of the Platform Assumptions. 5.3.1 Threats 5.3.1.1 DISCLOSURE T.DISCLOSURE_KEYS This threat is covered by the security objective O.DATA_DISCLOSURE which guarantees the secrecy of the keys stored in the TOE. The security objective O.ISSUING_BANK_AUTH ensures that nobody but the Issuing Bank can operates on PAP cryptographic keys stored in the TOE. The security objective on the operational environment OE.CERTIFICATES_MNGT also contributes in covering this threat by guaranteeing that certificates are updated and thus prevent from reusing a disclosed key. FQR: 110 6672 Issue: 1 Date: July 2013 50/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. T.DISCLOSURE_REF_PC This threat is covered by the security objective O.DATA_DISCLOSURE which guarantees the secrecy of the Reference Personal Code stored in the TOE. The security objectives O.ISSUING_BANK_AUTH and O.USER_AUTH ensures that nobody but the Issuing Bank or the Customer can operate on the Personal Code. 5.3.1.2 INTEGRITY T.INTEG_LOG_FILE This threat is covered by the security objective O.DATA_INTEGRITY which prevents from unauthorized modification of log files stored in the TOE. The security objectives O.GUIS_AUTH and O.ISSUING_BANK_AUTH contribute in covering this threat by ensuring that only authorized users can get access to log files. T.INTEG_KEYS This threat is covered by the security objective O.DATA_INTEGRITY which prevents from unauthorized modification of log files stored in the TOE. The security objectives O.USER_AUTH, O.GUIS_AUTH, O.MNO_AUTH, and O.ISSUING_BANK_AUTH contribute in covering this threat by ensuring that only authorized users can get access to the TOE. T.INTEG_ACCOUNT_INFO This threat is covered by the security objective O.DATA_INTEGRITY which prevents from unauthorized modification of the customer account information stored in the TOE. The security objectives O.USER_AUTH, O.GUIS_AUTH and O.ISSUING_BANK_AUTH contribute in covering this threat by ensuring that only authorized users can get access to the TOE. T.INTEG_REF_PC This threat is covered by the security objective O.DATA_INTEGRITY which prevents from unauthorized modification of Reference Personal Code stored in the TOE. The security objectives O.USER_AUTH, O.GUIS_AUTH and O.ISSUING_BANK_AUTH contribute in covering this threat by ensuring that only authorized users can get access to the TOE. T.INTEG_TRANS_PARAM This threat is covered by the security objective O.DATA_INTEGRITY which prevents from unauthorized modification of transaction parameters stored in the TOE. The security objective O.TRANSACTION_BYPASS covers this threat by preventing from bypassing a mandatory step of the transaction flow model as defined by the [75] and [76] specifications and though ensuring the integrity of transaction parameters. The security objectives O.USER_AUTH, O.GUIS_AUTH and O.ISSUING_BANK_AUTH contribute in covering this threat by ensuring that only authorized users can get access to the TOE. T.INTEG_COUNT This threat is covered by the security objective O.DATA_INTEGRITY which prevents from unauthorized modification of PAP counters stored in the TOE. The security objective O.TRANSACTION_BYPASS covers this threat by preventing from bypassing a mandatory step of the transaction flow model as defined by the [75] and [76] specifications and though ensuring the integrity of PAP counters. FQR: 110 6672 Issue: 1 Date: July 2013 51/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. The security objectives O.USER_AUTH, O.GUIS_AUTH and O.ISSUING_BANK_AUTH contribute in covering this threat by ensuring that only authorized users can get access to the TOE. T.TEMPORARY_DATA This threat is covered by the security objectives O.DATA_INTEGRITY and O.TRANSACTION_INTEGRITY which prevent from unauthorized modification of transactions and related temporary data. The security objectives O.USER_AUTH, O.GUIS_AUTH and O.ISSUING_BANK_AUTH contribute in covering this threat by ensuring that only authorized users can get access to the TOE. T.INTEG_SEL_ACT_PARAM This threat is covered by the security objective O.DATA_INTEGRITY which prevents from unauthorized modification of selection and activation parameters stored in the TOE. The security objectives O.USER_AUTH and O.ISSUING_BANK_AUTH contribute in covering this threat by ensuring that only authorized users can get access to the TOE. 5.3.1.3 FRAUDULENT PAYMENT T.STEALING This threat is countered by: o O.RISK_MNGT which avoids payment temptations by limiting the number of transactions without authorisation. o O.APP_BLOCK which provides the Issuing Bank means to block the PAP through OTA bearer on the user's demand. o O.USER_AUTH which ensures that the customer is authenticated for each payment transaction above the Personal Code Entry Limit o OE.TOE_USAGE which ensures that the Issuing Bank provides to the customer the rules to securely use his TOE. o OE.CUSTOMER_PC_CONFID which guarantees that the mobile handset never keeps the customer's Personal Code in its memory. o OE.CERTIFICATES_MNGT that contributes in covering this threat by avoiding the usage of a stolen authentication certificates by providing updates. T.MERCHANT_ACCOMPLICE This threat is covered by the security objective O.SIM_UNLOCK which requires unlocking the (U)SIM card (by means of the PIN code) for each payment transaction. The security objective O.APP_BLOCK provides the means to authorized users to block the PAP in order to prevent from such attacks. The security objective on the environment OE.MERCHANT_AUTH ensures that merchant shall subscribe for a contract that guarantees his authenticity. The security objectives for the environment OE.POS_DEACTIVATION, OE.POS_APPROVAL and OE.POS_APPLICATIONS ensure respectively that the POS may be rendered inoperative remotely by the POS purchaser or the Acquirer, that the contactless payment applications embedded in the POS terminal is protected in integrity and authenticity, and that payment terminals accepting Payez Mobile payment transactions are approved by a reference body. FQR: 110 6672 Issue: 1 Date: July 2013 52/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. T.MAN-IN-THE-MIDDLE This threat is covered by the following security objectives: o O.CHANNELS that provides the means to identify the origin of a communication request intended to be routed by a specific communication channel which decrease the probability of realizing such attacks o O.USER_AUTH contributes in covering this threat by ensuring that the customer is authenticated before performing a payment transaction o O.AUDIT_ACCESS grants the customer access to log files in order to check the history of payment transactions so that he can check if no fraudulent transaction has been made o OE.LATENCY_CONTROL which ensure that the POS terminal implements time- out mechanisms that disables NFC transactions with low latency and thus detects such attack o OE.NFC_PROTOCOL which ensures that payment transactions are disabled beyond a given distance o OE.GUI_INST_ALERT which guarantees the legitimacy of installed GUIs o OE.TRANSACTION_DISPLAY contributes in covering this threat by displaying related payment transaction information (amount, transaction status) on the screen of the customers mobile handset before or after the transaction o OE.GUIS_TIMEOUT ensures that the Transaction Personal Code is requested everytime the unsuccessful authentication attempt number is surpassed. o O.AUDIT records transaction to support security management T.TRANSACTION_REPUDIATION This threat is countered by: o O.DATA_USERS that prevents the use of the TOE by unauthorized users because they do not have the required rights to perform transactions o O.USER_AUTH that requires the authentication of the customer before performing any transaction o OE.TOE_USAGE which ensures that the Issuing Bank provides to the customer the rules to securely use his PAP and especially that he must not provide his Personal Code to anyone. Thus, if the Personal Code has been entered, kept secure and an authenticated communication has been used, the transaction cannot be repudiated. o O.AUDIT ensures that the TOE shall record transactions to prevent from repudiation. T.TRANSACTION_COUNTERFEITING This threat is covered by the following security objectives: o O.DATA_USERS that prevents the use of the TOE by unauthorized users because they do not have the required rights to perform transactions o O.AUTHORISATION_CONTROL which guarantees that the consistency of payment transactions is checked according to Payez Mobile specifications [75] and [76] before granting the customer the authorisation to submit payment transactions. o O.RISK_MNGT which avoids improper conditions of using the PAP and ensures that only possible parameters values must be valid and correspond to secure configurations o O.APP_BLOCK provides the means to authorized users to block the PAP in order to prevent from counterfeiting. FQR: 110 6672 Issue: 1 Date: July 2013 53/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. o O.USER_AUTH contributes in covering this threat by ensuring that only the customer can submit transactions. o O.AUDIT ensures that the TOE shall record transactions to detect counterfeiting. o O.TRANSACTION_BYPASS covers this threat by preventing from bypassing a mandatory step of the transaction flow model as defined by the [75] and [76] specifications and though preventing from counterfeiting of payment transactions. o O.DATA_DISCLOSURE that guarantees the secrecy of the keys stored in the TOE. o O.ISSUING_BANK_AUTH that ensures that nobody but the Issuing Bank can operate on PAP cryptographic keys stored in the TOE. o OE.CERTIFICATES_MNGT that contributes in covering this threat by avoiding the usage of a counterfeited authentication certificates by providing updates. o OE.MERCHANT_CONTROL ensures that the merchant maintains a specific security policy that ensures a secure usage of the POS terminal. T.TRANSACTION_REPLAY This threat is covered by the following security objectives: o O.TRANSACTION_REPLAY which ensures that replayed transactions will be detected and rejected by the TOE. o O.TRANSACTION_UNIQUENESS which reserves the uniqueness of a transaction; this by limiting the probability of generating two identical copies of transactions certificates. o O.USER_AUTH contributes in covering this threat by ensuring that only the customer can submit transactions. o O.TRANSACTION_BYPASS covers this threat by preventing from bypassing a mandatory step of the transaction flow model as defined by the [75] and [76] specifications and though preventing from replaying a payment transaction. o O.SIM_UNLOCK requires unlocking the (U)SIM card (by means of the PIN code) for each payment transaction. This threat could be covered by the (U)SIM platform security functions; 5.3.1.4 DENIAL-OF-SERVICE T.CERTIF_CORRUPTION This threat is covered by the security objective O.TRANSACTION_INTEGRITY that preserves the integrity of transactions and the integrity of all certified terms of the transactions. The security objective O.TRANSACTION_UNIQUENESS contributes in covering this threat by preserving the uniqueness of a transaction by limiting the probability of generating two identical copies of transactions certificates. T.APPLICATIONS_DOS This threat is covered by the following security objectives: o O.CHANNELS that provides the means to identify the origin of a communication request intended to be routed by a specific communication channel which decrease the probability of realizing such attacks o O.USER_AUTH contributes in covering this threat by ensuring that the customer is authenticated before performing a payment transaction o OE.GUI_INST_ALERT which guarantees the legitimacy of installed GUIs o OE.GUIS_AUTH which ensures that the GUIs authorized to communicate with the applications of (U)SIM card are authenticated before granting them access to its functionalities; thus it prevents from such attacks.. FQR: 110 6672 Issue: 1 Date: July 2013 54/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. 5.3.1.5 IDENTITY_USURPATION T.MNO_USURPATION This threat is covered by the security objective O.TRANSACTION_BYPASS which prevent from bypassing a mandatory step of the transaction flow model as defined by the [75] and [76] specifications and though preventing from identity usurpation. O.MNO_AUTH contributes in covering this threat by ensuring that only the MNO can have access to its services. T.ISSUING-BANK_USURPATION This threat is covered by the security objective O.TRANSACTION_BYPASS which prevent from bypassing a mandatory step of the transaction flow model as defined by the [75] and [76] specifications and though preventing from identity usurpation. O.ISSUING_BANK_AUTH contributes in covering this threat by ensuring that only the Issuing Bank can have access to its services. T.CUSTOMER_USURPATION This threat is covered by the following security objectives: o O.TRANSACTION_BYPASS which prevent from bypassing a mandatory step of the transaction flow model as defined by the [75], [76] specifications and though preventing from identity usurpation o O.USER_AUTH contributes in covering this threat by ensuring that only the end user can have access to its services o O.AUDIT_ACCESS which guarantees that the end user has access to log files in order to check the history of payment transactions that he has made lately and thus prevents from identity usurpation o The security objective on the environment of the TOE OE.GUIS_TIMEOUT contributes in covering this threat by controlling Personal Code unsuccessful entry attempts. FQR: 110 6672 Issue: 1 Date: July 2013 55/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. 5.3.2 Organisational Security Policies 5.3.2.1 HANDSET OSP.POLICY This OSP is directly upheld by the security objective OE.POLICY. OSP.CUSTOMER_PC_CONFID This OSP is directly upheld by the security objective OE.CUSTOMER_PC_CONFID. OSP.GUIS_IDENTIFICATION This OSP is directly upheld by the security objective OE.GUIS_IDENTIFICATION. 5.3.2.2 MANAGEMENT OSP.CERTIFICATES_MNGT This OSP is directly upheld by the security objective OE.CERTIFICATES_MNGT. OSP.Contactless_life cycle_MNGT This OSP is directly upheld by the security objective OE.Contactless_life cycle_MNGT. OSP.TOE_USAGE This OSP is directly upheld by the security objective OE.TOE_USAGE. OSP.PISHING This security policy is covered by the security objective on the environment OE.NO_VAD which guarantees that only proximity purchase transactions are authorized. 5.3.2.3 MERCHANT OSP.MERCHANT_CONTROL This OSP is directly upheld by the security objective on the environment OE.MERCHANT_CONTROL. The security objectives on the environment OE.POS_APPROVAL and OE.POS_APPLICATIONS ensures that POS terminals accepting Payez Mobile payment transactions are approved by a reference body and that the contactless payment applications embedded in these POS terminals are protected in integrity and authenticity. 5.3.2.4 BANK OSP.BANKS_PRIVILEGES This OSP is directly upheld by the security objective OE.BANKS_PRIVILEGES. 5.3.3 Assumptions A.MERCHANT_AUTH This assumption is enforced by the security objectives on the environment OE.MERCHANT_AUTH and OE.POS_APPLICATIONS which guarantees the authenticity of the merchant and the applications installed on the POS terminal handled by the merchant. 5.3.4 SPD and Security Objectives FQR: 110 6672 Issue: 1 Date: July 2013 56/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. Threats Security Objectives Rationale T.DISCLOSURE_KEYS OE.CERTIFICATES_MNGT, O.ISSUING_BANK_AUTH, O.DATA_DISCLOSURE Section 2.3.1 T.DISCLOSURE_REF_PC O.ISSUING_BANK_AUTH, O.USER_AUTH, O.DATA_DISCLOSURE Section 2.3.1 T.INTEG_LOG_FILE O.DATA_INTEGRITY, O.USER_AUTH, O.ISSUING_BANK_AUTH O.GUIS_AUTH Section 2.3.1 T.INTEG_KEYS O.ISSUING_BANK_AUTH, O.DATA_INTEGRITY, O.USER_AUTH, O.MNO_AUTH, O.GUIS_AUTH Section 2.3.1 T.INTEG_ACCOUNT_INFO O.ISSUING_BANK_AUTH, O.DATA_INTEGRITY, O.USER_AUTH O.GUIS_AUTH Section 2.3.1 T.INTEG_REF_PC O.ISSUING_BANK_AUTH, O.DATA_INTEGRITY, O.USER_AUTH O.GUIS_AUTH Section 2.3.1 T.INTEG_TRANS_PARAM O.ISSUING_BANK_AUTH, O.DATA_INTEGRITY, O.TRANSACTION_BYPASS, O.USER_AUTH O.GUIS_AUTH Section 2.3.1 T.INTEG_COUNT O.ISSUING_BANK_AUTH, O.DATA_INTEGRITY, O.TRANSACTION_BYPASS, O.USER_AUTH O.GUIS_AUTH Section 2.3.1 T.TEMPORARY_DATA O.TRANSACTION_INTEGRITY, O.USER_AUTH, O.ISSUING_BANK_AUTH, O.DATA_INTEGRITY O.GUIS_AUTH Section 2.3.1 T.INTEG_SEL_ACT_PARAM O.ISSUING_BANK_AUTH, O.DATA_INTEGRITY, O.USER_AUTH O.GUIS_AUTH Section 2.3.1 T.STEALING OE.TOE_USAGE, O.RISK_MNGT, OE.CUSTOMER_PC_CONFID, OE.CERTIFICATES_MNGT, O.APP_BLOCK, O.USER_AUTH Section 2.3.1 FQR: 110 6672 Issue: 1 Date: July 2013 57/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. Threats Security Objectives Rationale T.MERCHANT_ACCOMPLICE O.SIM_UNLOCK, O.APP_BLOCK, OE.POS_DEACTIVATION, OE.MERCHANT_AUTH, OE.POS_APPLICATIONS, OE.POS_APPROVAL Section 2.3.1 T.MAN-IN-THE-MIDDLE O.CHANNELS, OE.NFC_PROTOCOL, OE.LATENCY_CONTROL, OE.GUI_INST_ALERT, OE.TRANSACTION_DISPLAY, O.USER_AUTH, OE.CHANNELS_SELECTION, O.AUDIT_ACCESS, OE.GUIS_TIMEOUT Section 2.3.1 T.TRANSACTION_REPUDIATION O.DATA_USERS, OE.TOE_USAGE, O.USER_AUTH, O.AUDIT Section 2.3.1 T.TRANSACTION_COUNTERFEITING O.DATA_USERS, OE.CERTIFICATES_MNGT, O.AUTHORISATION_CONTROL , O.RISK_MNGT, OE.MERCHANT_CONTROL, O.APP_BLOCK, O.USER_AUTH, O.AUDIT, O.TRANSACTION_BYPASS O.ISSUING_BANK_AUTH O.DATA_DISCLOSURE Section 2.3.1 T.TRANSACTION_REPLAY O.TRANSACTION_REPLAY, O.TRANSACTION_UNIQUENES S, O.SIM_UNLOCK, O.USER_AUTH, O.TRANSACTION_BYPASS Section 2.3.1 T.CERTIF_CORRUPTION O.TRANSACTION_INTEGRITY, O.TRANSACTION_UNIQUENES S Section 2.3.1 T.APPLICATIONS_DOS O.CHANNELS, O.USER_AUTH, OE.GUI_INST_ALERT, O.GUIS_AUTH Section 2.3.1 T.MNO_USURPATION O.MNO_AUTH, O.TRANSACTION_BYPASS Section 2.3.1 T.ISSUING-BANK_USURPATION O.ISSUING_BANK_AUTH, O.TRANSACTION_BYPASS Section 2.3.1 FQR: 110 6672 Issue: 1 Date: July 2013 58/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. Threats Security Objectives Rationale T.CUSTOMER_USURPATION O.USER_AUTH, OE.GUIS_TIMEOUT, O.AUDIT_ACCESS, O.TRANSACTION_BYPASS Section 2.3.1 Table 8 Threats and Security Objectives - Coverage FQR: 110 6672 Issue: 1 Date: July 2013 59/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. Security Objectives Threats O.TRANSACTION_UNIQUENESS T.TRANSACTION_REPLAY, T.CERTIF_CORRUPTION O.TRANSACTION_INTEGRITY T.TEMPORARY_DATA, T.CERTIF_CORRUPTION O.TRANSACTION_BYPASS T.INTEG_TRANS_PARAM, T.INTEG_COUNT, T.TRANSACTION_COUNTERFEITING, T.TRANSACTION_REPLAY, T.MNO_USURPATION, T.ISSUING- BANK_USURPATION, T.CUSTOMER_USURPATION O.TRANSACTION_REPLAY T.TRANSACTION_REPLAY O.USER_AUTH T.DISCLOSURE_REF_PC, T.INTEG_LOG_FILE, T.INTEG_KEYS, T.INTEG_ACCOUNT_INFO, T.INTEG_REF_PC, T.INTEG_TRANS_PARAM, T.INTEG_COUNT, T.TEMPORARY_DATA, T.INTEG_SEL_ACT_PARAM, T.STEALING, T.MAN-IN-THE-MIDDLE, T.TRANSACTION_REPUDIATION, T.TRANSACTION_COUNTERFEITING, T.TRANSACTION_REPLAY, T.APPLICATIONS_DOS, T.CUSTOMER_USURPATION O.ISSUING_BANK_AUTH T.DISCLOSURE_KEYS, T.DISCLOSURE_REF_PC, T.TRANSACTION_COUNTERFEITING T.INTEG_LOG_FILE, T.INTEG_KEYS, T.INTEG_ACCOUNT_INFO, T.INTEG_REF_PC, T.INTEG_TRANS_PARAM, T.INTEG_COUNT, T.TEMPORARY_DATA, T.INTEG_SEL_ACT_PARAM, T.ISSUING- BANK_USURPATION O.MNO_AUTH T.INTEG_KEYS, T.MNO_USURPATION O.AUTHORISATION_CONTROL T.TRANSACTION_COUNTERFEITING O.DATA_DISCLOSURE T.DISCLOSURE_KEYS, T.DISCLOSURE_REF_PC T.TRANSACTION_COUNTERFEITING O.DATA_INTEGRITY T.INTEG_LOG_FILE, T.INTEG_KEYS, T.INTEG_ACCOUNT_INFO, T.INTEG_REF_PC, T.INTEG_TRANS_PARAM, T.INTEG_COUNT, T.TEMPORARY_DATA, T.INTEG_SEL_ACT_PARAM O.DATA_USERS T.TRANSACTION_REPUDIATION, T.TRANSACTION_COUNTERFEITING O.RISK_MNGT T.STEALING, T.TRANSACTION_COUNTERFEITING FQR: 110 6672 Issue: 1 Date: July 2013 60/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. Security Objectives Threats O.APP_BLOCK T.STEALING, T.MERCHANT_ACCOMPLICE, T.TRANSACTION_COUNTERFEITING O.SIM_UNLOCK T.MERCHANT_ACCOMPLICE, T.TRANSACTION_REPLAY O.AUDIT T.TRANSACTION_REPUDIATION, T.TRANSACTION_COUNTERFEITING O.CHANNELS T.MAN-IN-THE-MIDDLE, T.APPLICATIONS_DOS O.AUDIT_ACCESS T.MAN-IN-THE-MIDDLE, T.CUSTOMER_USURPATION O.GUIS_AUTH T.INTEG_KEYS T.APPLICATIONS_DOS OE.CUSTOMER_PC_CONFID T.STEALING OE.GUI_INST_ALERT T.MAN-IN-THE-MIDDLE, T.APPLICATIONS_DOS OE.TOE_USAGE T.STEALING, T.TRANSACTION_REPUDIATION OE.GUIS_IDENTIFICATION OE.POLICY OE.NFC_PROTOCOL T.MAN-IN-THE-MIDDLE OE.TRANSACTION_DISPLAY T.MAN-IN-THE-MIDDLE OE.CHANNELS_SELECTION T.MAN-IN-THE-MIDDLE, T.APPLICATIONS_DOS OE.GUIS_TIMEOUT T.MAN-IN-THE-MIDDLE, T.CUSTOMER_USURPATION OE.MERCHANT_CONTROL T.TRANSACTION_COUNTERFEITING OE.MERCHANT_AUTH T.MERCHANT_ACCOMPLICE OE.LATENCY_CONTROL T.MAN-IN-THE-MIDDLE OE.POS_APPROVAL T.MERCHANT_ACCOMPLICE OE.POS_APPLICATIONS T.MERCHANT_ACCOMPLICE OE.POS_DEACTIVATION T.MERCHANT_ACCOMPLICE OE.CERTIFICATES_MNGT T.DISCLOSURE_KEYS, T.STEALING, T.TRANSACTION_COUNTERFEITING OE.Contactless_life cycle_MNGT OE.NO_VAD OE.BANKS_PRIVILEGES Table 9 Security Objectives and Threats - Coverage FQR: 110 6672 Issue: 1 Date: July 2013 61/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. Organisational Security Policies Security Objectives Rationale OSP.POLICY OE.POLICY Section 2.3.2 OSP.CUSTOMER_PC_CONFI D OE.CUSTOMER_PC_CONFID Section 2.3.2 OSP.GUIS_IDENTIFICATION OE.GUIS_IDENTIFICATION Section 2.3.2 OSP.CERTIFICATES_MNGT OE.CERTIFICATES_MNGT Section 2.3.2 OSP.Contactless_life cycle_MNGT OE.Contactless_life cycle_MNGT Section 2.3.2 OSP.TOE_USAGE OE.TOE_USAGE Section 2.3.2 OSP.PISHING OE.NO_VAD Section 2.3.2 OSP.MERCHANT_CONTROL OE.MERCHANT_CONTROL, OE.POS_APPROVAL, OE.POS_APPLICATIONS Section 2.3.2 OSP.BANKS_PRIVILEGES OE.BANKS_PRIVILEGES Section 2.3.2 Table 10 OSPs and Security Objectives - Coverage FQR: 110 6672 Issue: 1 Date: July 2013 62/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. Security Objectives Organisational Security Policies O.TRANSACTION_UNIQUENE SS O.TRANSACTION_INTEGRITY O.TRANSACTION_BYPASS O.TRANSACTION_REPLAY O.USER_AUTH O.ISSUING_BANK_AUTH O.MNO_AUTH O.AUTHORISATION_CONTR OL O.DATA_DISCLOSURE O.DATA_INTEGRITY O.DATA_USERS O.RISK_MNGT O.APP_BLOCK O.SIM_UNLOCK O.AUDIT O.CHANNELS O.AUDIT_ACCESS O.GUIS_AUTH OE.CUSTOMER_PC_CONFID OSP.CUSTOMER_PC_CONFID OE.GUI_INST_ALERT OE.TOE_USAGE OSP.TOE_USAGE OE.GUIS_IDENTIFICATION OSP.GUIS_IDENTIFICATION OE.POLICY OSP.POLICY OE.NFC_PROTOCOL OE.TRANSACTION_DISPLAY OE.CHANNELS_SELECTION OE.GUIS_TIMEOUT OE.MERCHANT_CONTROL OSP.MERCHANT_CONTROL OE.MERCHANT_AUTH OE.LATENCY_CONTROL OE.POS_APPROVAL OSP.MERCHANT_CONTROL OE.POS_APPLICATIONS OSP.MERCHANT_CONTROL OE.POS_DEACTIVATION FQR: 110 6672 Issue: 1 Date: July 2013 63/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. Security Objectives Organisational Security Policies OE.CERTIFICATES_MNGT OSP.CERTIFICATES_MNGT OE.Contactless_life cycle_MNGT OSP.Contactless_life cycle_MNGT OE.NO_VAD OSP.PISHING OE.BANKS_PRIVILEGES OSP.BANKS_PRIVILEGES Table 11 Security Objectives and OSPs - Coverage Assumptions Security Objectives for the Operational Environment Rationale A.MERCHANT_AUTH OE.MERCHANT_AUTH, OE.POS_APPLICATIONS Section 2.3.3 Table 12 Assumptions and Security Objectives for the Operational Environment - Coverage Security Objectives for the Operational Environment Assumptions OE.CUSTOMER_PC_CONFID OE.GUI_INST_ALERT OE.TOE_USAGE OE.GUIS_IDENTIFICATION OE.POLICY OE.NFC_PROTOCOL OE.TRANSACTION_DISPLAY OE.CHANNELS_SELECTION OE.GUIS_TIMEOUT OE.MERCHANT_CONTROL OE.MERCHANT_AUTH A.MERCHANT_AUTH OE.LATENCY_CONTROL OE.POS_APPROVAL OE.POS_APPLICATIONS A.MERCHANT_AUTH OE.POS_DEACTIVATION OE.CERTIFICATES_MNGT OE.Contactless_life cycle_MNGT OE.NO_VAD OE.BANKS_PRIVILEGES Table 13 Security Objectives for the Operational Environment and Assumptions - Coverage FQR: 110 6672 Issue: 1 Date: July 2013 64/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. 6 Security Requirements 6.1 Security Functional Requirements This section defines the security functional requirements (SFR) and the EAL. It provides the rationale between security objectives and SFRs, and the SFRs dependencies rationale. The following two tables define the operations and security attributes involved in the Access Control and Information Control Policies for the product. The subjects, objects and information are given together with the definition of each particular policy. Operation PAP Selection PAP Activation/Deactivation - PAP Locking/Unlocking Systematic Personal Code Activation Personal Code Presentation for Payment Personal Code Verification Log Update Log Reading Reference Personal Code Change/Unblock Counter Reset Audit PAP Offline Data Authentication PAP Action Analysis PAP Offline Transaction PAP Online Transaction Issuing Bank Script Processing Tableau 14: Operation involved in the Access Control and Information Control Policies FQR: 110 6672 Issue: 1 Date: July 2013 65/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. Security Attributes Possible Values for Security Attributes; Contactless Life Cycle State INSTALLED - ACTIVATED / DEACTIVATED - NON- ACTIVATABLE – LOCKED (U)SIM Card Life Cycle Status SELECTED / BLOCKED / NOT BLOCKED PAP Transaction Processing State Complies with [75] and [76] and indicates results of transaction processing steps / Does not comply with [75] and [76] PAP Transaction Parameters Integrity VERIFIED / NOT VERIFIED / CORRUPTED PAP Transaction Parameters State Issuing Bank risk management parameter value PAP Keys Integrity VERIFIED / NOT VERIFIED / CORRUPTED PAP Reference Personal Code State BLOCKED / UNBLOCKED Systematic Personal Code State ENABLED / DISABLED PAP Reference Personal Code Integrity VERIFIED / NOT VERIFIED / CORRUPTED PAP Personal Code State VERIFIED / NOT VERIFIED / ALWAYS REQUESTED / REQUESTED AT THE NEXT PAYMENT PAP Personal Code Entry Amount GREATER / LESSER THAN PERSONAL CODE ENTRY LIMIT VALUE PAP Customer Account Information Integrity VERIFIED / NOT VERIFIED / CORRUPTED Log File Reading Status PERMITTED (Log entry data is present) / NOT PERMITTED Log File Update Status ALLOWED / NOT ALLOWED PAP Counters Integrity VERIFIED / NOT VERIFIED / CORRUPTED PAP Counters State COUNTER IN RANGE / BLOCKED PAP Selection and Activation Parameters VERIFIED / NOT VERIFIED / CORRUPTED Issuing Bank Transaction Data Integrity and Origin VERIFIED / NOT VERIFIED / CORRUPTED Issuing Bank Transaction Data Confidentiality, Integrity and Origin VERIFIED / NOT VERIFIED / CORRUPTED PAP Action Analysis State Results of the PAP Action Analysis PAP Transation Parameters Integrity VERIFIED / NOT VERIFIED / CORRUPTED Tableau 15: Security attributes involved in the Access Control and Information Control Policies FQR: 110 6672 Issue: 1 Date: July 2013 66/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. 6.1.1 ACCESS CONTROL POLICY FDP_ACC.2/ PAP Application Complete access control FDP_ACC.2.1/ PAP Application The TSF shall enforce the [assignment: access control SFP] on [assignment: list of subjects and objects] and all operations among subjects and objects covered by the SFP. The TSF shall enforce the PAP Application Access Control SFP on S.PAP, PAP Sate Machine and all operations among subjects and objects covered by the SFP. FDP_ACC.2.2/ PAP Application The TSF shall ensure that all operations between any subject controlled by the TSF and any object controlled by the TSF are covered by an access control SFP. Application Note: What follows are all operations among subjects and objects covered by this PAP Application Access Control SFP: • PAP Selection • PAP Activation/Deactivation - PAP Locking/Unlocking • Systematic Personal Code Activation • Personal Code Presentation for Payment • Personal Code Verification • Log Update • Log Reading • Reference Personal Code Change/Unblock • Counter Reset • Audit • PAP Offline Data Authentication • PAP Action Analysis • PAP Offline Transaction • PAP Online Transaction • Issuing Bank Script Processing FDP_ACC.2/ PAP Activation Complete access control FDP_ACC.2.1/ PAP Activation The TSF shall enforce the [assignment: access control SFP] on [assignment: list of subjects and objects] and all operations among subjects and objects covered by the SFP. The TSF shall enforce the PAP Activation Access Control SFP on o S.PAP; FQR: 110 6672 Issue: 1 Date: July 2013 67/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. o PAP Transaction Parameters; o PAP Selection and Activation Parameters and all operations among subjects and objects covered by the SFP. FDP_ACC.2.2/ PAP Activation The TSF shall ensure that all operations between any subject controlled by the TSF and any object controlled by the TSF are covered by an access control SFP. Application Note: What follows are all operations among subjects and objects covered by this PAP Activation Access Control SFP: • PAP Selection FDP_ACC.2/ PAP Administration Management Complete access control FDP_ACC.2.1/ PAP Administration Management The TSF shall enforce the [assignment: access control SFP] on [assignment: list of subjects and objects] and all operations among subjects and objects covered by the SFP. The TSF shall enforce the PAP Administration Management Access Control SFP on o Subject: • S.PAP; o Objects: • PAP Selection and Activation Parameters; • PAP Log File; • PAP Keys; • PAP Counters; • Personal Code and Reference Personal Code and all operations among subjects and objects covered by the SFP. FDP_ACC.2.2/ PAP Administration Management The TSF shall ensure that all operations between any subject controlled by the TSF and any object controlled by the TSF are covered by an access control SFP. Application Note: What follows are all operations among subjects and objects covered by this PAP Administration Management Access Control SFP: • PAP Activation/Deactivation - PAP Locking/Unlocking • Systematic Personal Code Activation • Log Reading • Reference Personal Code Change/Unblock FQR: 110 6672 Issue: 1 Date: July 2013 68/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. FDP_ACC.2/ PAP Payment Transaction Management Complete access control FDP_ACC.2.1/ PAP Payment Transaction Management The TSF shall enforce the [assignment: access control SFP] on [assignment: list of subjects and objects] and all operations among subjects and objects covered by the SFP. The TSF shall enforce the PAP Payment Transaction Management Access Control SFP on o Subjects: • S.PAP; • S.BANK_TSM; • S.MNO_ISD; o Objects: • Personal Code; • PAP Log File, and all operations among subjects and objects covered by the SFP. FDP_ACC.2.2/ PAP Payment Transaction Management The TSF shall ensure that all operations between any subject controlled by the TSF and any object controlled by the TSF are covered by an access control SFP. Application Note: What follows are all operations among subjects and objects covered by this PAP Payment Transaction Management Access Control SFP: • Personal Code Presentation for Payment • Personal Code Verification • Log Update FDP_ACC.2/ Post-Issuance Bank Management Complete access control FDP_ACC.2.1/ Post-Issuance Bank Management The TSF shall enforce the [assignment: access control SFP] on [assignment: list of subjects and objects] and all operations among subjects and objects covered by the SFP. The TSF shall enforce the Post-Issuance Bank Management Access Control SFP on o Subjects: • S.PAP; • S.BANK_TSM; • S.MNO_ISD; o Objects: • Issuing Bank Transaction Data; • Issuing Bank Scripts; • PAP Counters; • PAP Keys; • PAP Selection and Activation Parameters; FQR: 110 6672 Issue: 1 Date: July 2013 69/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. • PAP Transaction Parameters; • PAP Log File, and all operations among subjects and objects covered by the SFP. FDP_ACC.2.2/ Post-Issuance Bank Management The TSF shall ensure that all operations between any subject controlled by the TSF and any object controlled by the TSF are covered by an access control SFP. Application Note: What follows are all operations among subjects and objects covered by this Post-Issuance Bank Management Access Control SFP: • Counter Reset • Audit • Issuing Bank Script Processing FDP_ACC.2/ PAP Offline Authentication Complete access control FDP_ACC.2.1/ PAP Offline Authentication The TSF shall enforce the [assignment: access control SFP] on [assignment: list of subjects and objects] and all operations among subjects and objects covered by the SFP. The TSF shall enforce the PAP Offline Authentication control access SFP on o Subject: • S.PAP; o Objects: • PAP Keys; • PAP Transaction Parameters; • PAP State Machine and all operations among subjects and objects covered by the SFP. FDP_ACC.2.2/ PAP Offline Authentication The TSF shall ensure that all operations between any subject controlled by the TSF and any object controlled by the TSF are covered by an access control SFP. Application Note: What follows are all operations among subjects and objects covered by this PAP Offline Authentication control access SFP: • PAP Offline Data Authentication FQR: 110 6672 Issue: 1 Date: July 2013 70/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. FDP_ACC.2/ PAP Transaction Complete access control FDP_ACC.2.1/ PAP Transaction The TSF shall enforce the [assignment: access control SFP] on [assignment: list of subjects and objects] and all operations among subjects and objects covered by the SFP. The TSF shall enforce the PAP Transaction Access Control SFP on o Subject: • S.PAP; o Objects; • Customer Account Information; • PAP Counters; • PAP Keys; • PAP State Machine; • PAP Transaction Parameters; and all operations among subjects and objects covered by the SFP. FDP_ACC.2.2/ PAP Transaction The TSF shall ensure that all operations between any subject controlled by the TSF and any object controlled by the TSF are covered by an access control SFP. Application Note: What follows are all operations among subjects and objects covered by this PAP Transaction Access Control SFP: 1. PAP Offline Data Authentication 2. PAP Action Analysis 3. PAP Offline Transaction 4. PAP Online Transaction 6.1.2 ACCESS CONTROL FUNCTIONS FDP_ACF.1/ PAP Application Security attribute based access control FDP_ACF.1.1/ PAP Application The TSF shall enforce the [assignment: access control SFP] to objects based on the following: [assignment: list of subjects and objects controlled under the indicated SFP, and for each, the SFP-relevant security attributes, or named groups of SFP-relevant security attributes]. The TSF shall enforce the PAP Application Access Control SFP to objects based on the following: o Security attributes of the object PAP State Machine: • Contactless Life Cycle State; • (U)SIM Card Life Cycle Status. FDP_ACF.1.2/ PAP Application The TSF shall enforce the following rules to determine if an operation among controlled subjects and controlled objects is allowed: [assignment: rules FQR: 110 6672 Issue: 1 Date: July 2013 71/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. governing access among controlled subjects and controlled objects using controlled operations on controlled objects]. The TSF shall enforce the following rules to determine if an operation among controlled subjects and controlled objects is allowed: PAP operations are allowed only if the: o Contactless Life Cycle State is ACTIVATED or DEACTIVATED; o (U)SIM Card Life Cycle Status is NOT BLOCKED. FDP_ACF.1.3/ PAP Application The TSF shall explicitly authorize access of subjects to objects based on the following additional rules: [assignment: rules, based on security attributes, that explicitly authorize access of subjects to objects]. The TSF shall explicitly authorize access of subjects to objects based on the following additional rules: none. FDP_ACF.1.4/ PAP Application The TSF shall explicitly deny access of subjects to objects based on the following additional rules:[assignment: rules, based on security attributes, that explicitly deny access of subjects to objects]. The TSF shall explicitly deny access of subjects to objects based on the following additional rules: o If one of the conditions listed in FDP_ACF.1.2 is not fulfilled. FDP_ACF.1/ PAP Activation Security attribute based access control FDP_ACF.1.1/ PAP Activation The TSF shall enforce the [assignment: access control SFP] to objects based on the following: [assignment: list of subjects and objects controlled under the indicated SFP, and for each, the SFP-relevant security attributes, or named groups of SFP-relevant security attributes]. The TSF shall enforce the PAP Activation Access Control SFP to objects based on the following: o Security attributes of the subject S.PAP: • Contactless Life Cycle State; o Security attributes of the object PAP Selection and Activation Parameters: • PAP Selection and Activation Parameters; o Security attributes of the object PAP Transaction Parameters: • PAP Transaction Parameters Integrity. FDP_ACF.1.2/ PAP Activation The TSF shall enforce the following rules to determine if an operation among controlled subjects and controlled objects is allowed: [assignment: rules governing access among controlled subjects and controlled objects using controlled operations on controlled objects]. The TSF shall enforce the following rules to determine if an operation among controlled subjects and controlled objects is allowed: o Selection is allowed only if • Contactless Life Cycle State is Installed; o PAP Selection and Activation Parameters is allowed if: FQR: 110 6672 Issue: 1 Date: July 2013 72/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. • PAP Selection and Activation Parameters is Verified; o PAP Transaction Parameters is allowed if: • PAP Transaction Parameters Integrity is Verified. FDP_ACF.1.3/ PAP Activation The TSF shall explicitly authorize access of subjects to objects based on the following additional rules: [assignment: rules, based on security attributes, that explicitly authorize access of subjects to objects]. The TSF shall explicitly authorize access of subjects to objects based on the following additional rules: o none FDP_ACF.1.4/ PAP Activation The TSF shall explicitly deny access of subjects to objects based on the following additional rules:[assignment: rules, based on security attributes, that explicitly deny access of subjects to objects]. The TSF shall explicitly deny access of subjects to objects based on the following additional rules: following rule: o If one of the conditions listed in FDP_ACF.1.2 and FDP_ACF.1.3 is not fulfilled. FDP_ACF.1/ PAP Administration Management Security attribute based access control FDP_ACF.1.1/ PAP Administration Management The TSF shall enforce the [assignment: access control SFP] to objects based on the following: [assignment: list of subjects and objects controlled under the indicated SFP, and for each, the SFP-relevant security attributes, or named groups of SFP-relevant security attributes]. The TSF shall enforce the PAP Administration Management Access Control SFP to objects based on the following: o Security attributes of the object Reference Personal Code and Personal Code: • PAP Reference Personal Code State; • PAP Reference Personal Code Integrity; • PAP Personal Code State; o Security attributes of the subject S.PAP: • Contactless Life Cycle State; o Security attributes of the object PAP Log File: • Log File reading Status; o Security attributes of the object PAP Keys: • PAP Keys Integrity; o Security attributes of the object PAP Counters: • PAP Counters Integrity; • PAP Counters State. FDP_ACF.1.2/ PAP Administration Management The TSF shall enforce the following rules to determine if an operation among controlled subjects and controlled objects is allowed: FQR: 110 6672 Issue: 1 Date: July 2013 73/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. [assignment: rules governing access among controlled subjects and controlled objects using controlled operations on controlled objects]. The TSF shall enforce the following rules to determine if an operation among controlled subjects and controlled objects is allowed: o Systematic Personal Code Activation/Deactivation is allowed only if: • PAP Reference Personal Code Integrity is VERIFIED; • PAP Personal Code State is VERIFIED; o Reference Personal Code Change is allowed only if: • PAP Reference Personal Code Integrity is VERIFIED; • PAP Personal Code State is VERIFIED; • PAP Reference Personal Code State is UNBLOCKED; o Log Reading is allowed only if: • Contactless Life Cycle State is ACTIVATED or DEACTIVATED; • Log File Reading Status is PERMITTED (Log entry data is present); o PAP Activation/Deactivation is allowed only if: • Contactless Life Cycle State is ACTIVATED or DEACTIVATED; • PAP Reference Personal Code Integrity is VERIFIED; • PAP Personal Code State is VERIFIED; o PAP Locking/Unlocking is allowed only if: • PAP Issuing Bank keys integrity is VERIFIED; • PAP Issuing Bank secure script counter integrity is VERIFIED; • PAP Issuing Bank secure script counter State is NOT BLOCKED. FDP_ACF.1.3/ PAP Administration Management The TSF shall explicitly authorize access of subjects to objects based on the following additional rules: [assignment: rules, based on security attributes, that explicitly authorize access of subjects to objects]. The TSF shall explicitly authorize access of subjects to objects based on the following additional rules: none. FDP_ACF.1.4/ PAP Administration Management The TSF shall explicitly deny access of subjects to objects based on the following additional rules:[assignment: rules, based on security attributes, that explicitly deny access of subjects to objects]. The TSF shall explicitly deny access of subjects to objects based on the following additional rules: following rule: o If one of the conditions listed in FDP_ACF.1.2 is not fulfilled. FDP_ACF.1/ PAP Payment Transaction Management Security attribute based access control FDP_ACF.1.1/ PAP Payment Transaction Management The TSF shall enforce the [assignment: access control SFP] to objects based on the following: [assignment: list of subjects and objects controlled under the indicated SFP, and for each, the SFP-relevant security attributes, or named groups of SFP-relevant security attributes]. The TSF shall enforce the PAP Payment Transaction Management Access Control SFP to objects based on the following: FQR: 110 6672 Issue: 1 Date: July 2013 74/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. o Security attributes of the object Personal Code: • PAP Personal Code State; • PAP Personal Code Entry Amount; • Systematic Personal Code State; o Security attributes of the object PAP Log File: • Log Update. FDP_ACF.1.2/ PAP Payment Transaction Management The TSF shall enforce the following rules to determine if an operation among controlled subjects and controlled objects is allowed: [assignment: rules governing access among controlled subjects and controlled objects using controlled operations on controlled objects]. The TSF shall enforce the following rules to determine if an operation among controlled subjects and controlled objects is allowed: o Personal Code Presentation for Payment is requested only if: • PAP Personal Code State is NOT VERIFIED (by the Bank's GUI) or ALWAYS REQUESTED or REQUESTED AT THE NEXT PAYMENT; • PAP Personal Code Entry Amount is GREATER THAN PERSONAL CODE ENTRY LIMIT VALUE or the Systematic Personal Code State is ENABLED; o Log Update is allowed for all transactions besides those of Post-Issuance Bank Management (only during payment transactions) only if:  Log Update is ALLOWED. o Personal Code Verification is allowed only if: • PAP Reference Personal Code State is UNLOCKED; • PAP Reference Personal Code Integrity is Verified FDP_ACF.1.3/ PAP Payment Transaction Management The TSF shall explicitly authorize access of subjects to objects based on the following additional rules: [assignment: rules, based on security attributes, that explicitly authorize access of subjects to objects]. The TSF shall explicitly authorize access of subjects to objects based on the following additional rules: none. FDP_ACF.1.4/ PAP Payment Transaction Management The TSF shall explicitly deny access of subjects to objects based on the following additional rules:[assignment: rules, based on security attributes, that explicitly deny access of subjects to objects]. The TSF shall explicitly deny access of subjects to objects based on the following additional rules: following rule: o If one of the conditions listed in FDP_ACF.1.2 is not fulfilled. FDP_ACF.1/ Post-Issuance Bank Management Security attribute based access control FDP_ACF.1.1/ Post-Issuance Bank Management The TSF shall enforce the [assignment: access control SFP] to objects based on the following: [assignment: list of subjects and objects controlled under the indicated SFP, and for each, the SFP-relevant security attributes, or named groups of SFP-relevant security attributes]. The TSF shall enforce the Post-Issuance Bank Management Access Control SFP to objects based on the following: FQR: 110 6672 Issue: 1 Date: July 2013 75/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. o Security attributes of the object PAP Keys: • PAP Keys Integrity; o Security attributes of the object PAP Counters: • PAP Counters Integrity; • PAP Counters State; o Security attributes of the object PAP Transaction Parameters: • PAP Transaction Parameters Integrity; o Security attributes of the object Issuing Bank Transaction Data: • Issuing Bank Transaction Data Integrity and Origin; • Issuing Bank Transaction Data Confidentiality, Integrity and Origin. FDP_ACF.1.2/ Post-Issuance Bank Management The TSF shall enforce the following rules to determine if an operation among controlled subjects and controlled objects is allowed: [assignment: rules governing access among controlled subjects and controlled objects using controlled operations on controlled objects]. The TSF shall enforce the following rules to determine if an operation among controlled subjects and controlled objects is allowed: Post-Issuance Bank Management operations are allowed only if: o PAP Issuing Bank keys Integrity is VERIFIED; o PAP Issuing Bank secure script counter integrity is VERIFIED; o PAP Issuing Bank secure script counter state is NOT BLOCKED; o Issuing Bank Transaction Data Integrity and Origin is VERIFIED; o Issuing Bank Transaction Data Confidentiality, Integrity and Origin is VERIFIED;.PAP Transaction Parameters Integrity is Verified; FDP_ACF.1.3/ Post-Issuance Bank Management The TSF shall explicitly authorize access of subjects to objects based on the following additional rules: [assignment: rules, based on security attributes, that explicitly authorize access of subjects to objects]. The TSF shall explicitly authorize access of subjects to objects based on the following additional rules: None. FDP_ACF.1.4/ Post-Issuance Bank Management The TSF shall explicitly deny access of subjects to objects based on the following additional rules:[assignment: rules, based on security attributes, that explicitly deny access of subjects to objects]. The TSF shall explicitly deny access of subjects to objects based on the following additional rules: following rule: o If one of the conditions listed in FDP_ACF.1.2 is not fulfilled. FQR: 110 6672 Issue: 1 Date: July 2013 76/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. FDP_ACF.1/ PAP Offline Authentication Security attribute based access control FDP_ACF.1.1/ PAP Offline Authentication The TSF shall enforce the [assignment: access control SFP] to objects based on the following: [assignment: list of subjects and objects controlled under the indicated SFP, and for each, the SFP-relevant security attributes, or named groups of SFP-relevant security attributes]. The TSF shall enforce the PAP Offline Authentication Access Control SFP to objects based on the following: o Security attributes of the subject S.PAP: • Contactless Life Cycle State; • U)SIM Card Life Cycle Status; o Security attributes of the object PAP State Machine: • PAP Transaction Processing State; o Security attributes of the object PAP Keys: • PAP Keys Integrity; o Security attributes of the object PAP Transaction Parameters: • PAP Transaction Parameters State; • PAP Transaction Parameters Integrity. FDP_ACF.1.2/ PAP Offline Authentication The TSF shall enforce the following rules to determine if an operation among controlled subjects and controlled objects is allowed: [assignment: rules governing access among controlled subjects and controlled objects using controlled operations on controlled objects]. The TSF shall enforce the following rules to determine if an operation among controlled subjects and controlled objects is allowed: PAP Offline Data Authentication is allowed only if: o (U)SIM Card Life Cycle Status is SELECTED; o Contactless Life Cycle State is ACTIVATED; o PAP Transaction Processing State complies with Transaction Flow; o PAP Keys Integrity is VERIFIED; o PAP Transaction Parameters Integrity is VERIFIED; o PAP Transaction Parameters State indicates a dynamic authentication process. FDP_ACF.1.3/ PAP Offline Authentication The TSF shall explicitly authorize access of subjects to objects based on the following additional rules: [assignment: rules, based on security attributes, that explicitly authorize access of subjects to objects]. The TSF shall explicitly authorize access of subjects to objects based on the following additional rules: None. FDP_ACF.1.4/ PAP Offline Authentication The TSF shall explicitly deny access of subjects to objects based on the following additional rules:[assignment: rules, based on security attributes, that explicitly deny access of subjects to objects]. The TSF shall explicitly deny access of subjects to objects based on the following additional rules: following rule: o If one of the conditions listed in FDP_ACF.1.2 is not fulfilled. FQR: 110 6672 Issue: 1 Date: July 2013 77/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. FDP_ACF.1/ PAP Transaction Security attribute based access control FDP_ACF.1.1/ PAP Transaction The TSF shall enforce the [assignment: access control SFP] to objects based on the following: [assignment: list of subjects and objects controlled under the indicated SFP, and for each, the SFP-relevant security attributes, or named groups of SFP-relevant security attributes]. The TSF shall enforce the PAP Transaction Access Control SFP to objects based on the following: o Security attributes of the object PAP State Machine :  PAP Transaction Processing State; o Security attributes of the subject S.PAP • (U)SIM Card Life Cycle Status is SELECTED; • Contactless Life Cycle State; o Security attributes of the object PAP Counters: • PAP Counters Integrity; • PAP Counters state; o Security attributes of the object Customer Account Information: • PAP Customer Account Information Integrity (PAN integrity); o Security attributes of the object PAP Keys: • PAP Keys Integrity; o Security attributes of the object PAP Transaction Parameters: • PAP Transaction Parameters Integrity. FDP_ACF.1.2/ PAP Transaction The TSF shall enforce the following rules to determine if an operation among controlled subjects and controlled objects is allowed: [assignment: rules governing access among controlled subjects and controlled objects using controlled operations on controlled objects]. The TSF shall enforce the following rules to determine if an operation among controlled subjects and controlled objects is allowed: PAP Transaction processing is allowed only if: o PAP Transaction Processing State complies with Transaction Flows following [75] and [76] specifications; o (U)SIM Card Life Cycle Status is SELECTED; o Contactless Life Cycle State ACTIVATED; o PAP Counter Integrity is VERIFIED; o PAP Counter State is not BLOCKED; o PAP Customer Account Information Integrity is VERIFIED; o PAP keys integrity is VERIFIED; o PAP Transaction Parameters Integrity is VERIFIED. FQR: 110 6672 Issue: 1 Date: July 2013 78/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. FDP_ACF.1.3/ PAP Transaction The TSF shall explicitly authorize access of subjects to objects based on the following additional rules: [assignment: rules, based on security attributes, that explicitly authorize access of subjects to objects]. The TSF shall explicitly authorize access of subjects to objects based on the following additional rules: None. FDP_ACF.1.4/ PAP Transaction The TSF shall explicitly deny access of subjects to objects based on the following additional rules:[assignment: rules, based on security attributes, that explicitly deny access of subjects to objects]. The TSF shall explicitly deny access of subjects to objects based on the following additional rules: following rule: o If one of the conditions listed in FDP_ACF.1.2 is not fulfilled. 6.1.3 INFORMATION FLOW CONTROL POLICY FDP_IFC.2/ PAP Offline Authentication Complete information flow control FDP_IFC.2.1/ PAP Offline Authentication The TSF shall enforce the [assignment: information flow control SFP] on [assignment: list of subjects and information] and all operations that cause that information to flow to and from subjects covered by the SFP. The TSF shall enforce the PAP Offline Authentication information flow control SFP on o Subjects: • S.PAP; o Information: • PAP Transaction Parameters; and all operations that cause that information to flow to and from subjects covered by the SFP. FDP_IFC.2.2/ PAP Offline Authentication The TSF shall ensure that all operations that cause any information in the TOE to flow to and from any subject in the TOE are covered by an information flow control SFP. Application Note: What follows are all operations among subjects and objects covered by this SFP: PAP Offline Data Authentication FDP_IFC.2/ PAP Offline Transaction Complete information flow control FDP_IFC.2.1/ PAP Offline Transaction The TSF shall enforce the [assignment: information flow control SFP] on [assignment: list of subjects and information] and all operations that cause that information to flow to and from subjects covered by the SFP. The TSF shall enforce the PAP Offline Transaction Information Flow Control SFP on o Subject: • S.PAP; o Information: FQR: 110 6672 Issue: 1 Date: July 2013 79/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. • PAP Transaction Parameters; and all operations that cause that information to flow to and from subjects covered by the SFP. FDP_IFC.2.2/ PAP Offline Transaction The TSF shall ensure that all operations that cause any information in the TOE to flow to and from any subject in the TOE are covered by an information flow control SFP. Application Note: What follows are all operations among subjects and objects covered by this SFP: PAP Action Analysis PAP Offline Transaction FDP_IFC.2/ PAP Online Transaction Complete information flow control FDP_IFC.2.1/ PAP Online Transaction The TSF shall enforce the [assignment: information flow control SFP] on [assignment: list of subjects and information] and all operations that cause that information to flow to and from subjects covered by the SFP. The TSF shall enforce the PAP Online Transaction information flow control SFP on o Subject: • S.PAP; o Information: • PAP Transaction Parameters; • Issuing Bank Transaction Data and all operations that cause that information to flow to and from subjects covered by the SFP. FDP_IFC.2.2/ PAP Online Transaction The TSF shall ensure that all operations that cause any information in the TOE to flow to and from any subject in the TOE are covered by an information flow control SFP. Application Note: What follows are all operations among subjects and objects covered by this SFP: PAP Action Analysis PAP Online Transaction FDP_IFC.2/ Post-Issuance Bank Management Complete information flow control FDP_IFC.2.1/ Post-Issuance Bank Management The TSF shall enforce the [assignment: information flow control SFP] on [assignment: list of subjects and information] and all operations that cause that information to flow to and from subjects covered by the SFP. The TSF shall enforce the Post-Issuance Bank Management information flow control SFP on o Subject: • S.PAP; o Information: FQR: 110 6672 Issue: 1 Date: July 2013 80/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. • Issuing Bank Transaction Data; and all operations that cause that information to flow to and from subjects covered by the SFP. FDP_IFC.2.2/ Post-Issuance Bank Management The TSF shall ensure that all operations that cause any information in the TOE to flow to and from any subject in the TOE are covered by an information flow control SFP. Application Note: What follows are all operations among subjects and objects covered by this SFP: o Counter Reset o Audit o Issuing Bank Script Processing FDP_IFF.1/ PAP Offline Authentication Simple security attributes FDP_IFF.1.1/ PAP Offline Authentication The TSF shall enforce the [assignment: information flow control SFP] based on the following types of subject and information security attributes: [assignment: list of subjects and information controlled under the indicated SFP, and for each, the security attributes]. The TSF shall enforce the PAP Offline Authentication information flow control SFP based on the following types of subject and information security attributes: o Security Attributes of the subject S.PAP: • Contactless Life Cycle State; o Security Attributes of the information PAP Transaction Parameters: • PAP Transaction Parameters State. FDP_IFF.1.2/ PAP Offline Authentication The TSF shall permit an information flow between a controlled subject and controlled information via a controlled operation if the following rules hold: [assignment: for each operation, the security attribute-based relationship that must hold between subject and information security attributes]. The TSF shall permit an information flow between a controlled subject and controlled information via a controlled operation if the following rules hold: o S.PAP is the currently selected application; o Contactless Life Cycle State is ACTIVATED; o PAP Transaction Parameters State requires dynamic authentication. FDP_IFF.1.3/ PAP Offline Authentication The TSF shall enforce the [assignment: additional information flow control SFP rules]. The TSF shall enforce the following rules: none. FDP_IFF.1.4/ PAP Offline Authentication The TSF shall explicitly authorize an information flow based on the following rules: [assignment: rules, based on security attributes, that explicitly authorize information flows]. The TSF shall explicitly authorize an information flow based on the following rules: None. FQR: 110 6672 Issue: 1 Date: July 2013 81/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. FDP_IFF.1.5/ PAP Offline Authentication The TSF shall explicitly deny an information flow based on the following rules: [assignment: rules, based on security attributes, that explicitly deny information flows]. The TSF shall explicitly deny an information flow based on the following rules: o If one of the conditions listed in FDP_IFF.1.2 is not fulfilled. FDP_IFF.1/ PAP Offline Transaction Simple security attributes FDP_IFF.1.1/ PAP Offline Transaction The TSF shall enforce the [assignment: information flow control SFP] based on the following types of subject and information security attributes: [assignment: list of subjects and information controlled under the indicated SFP, and for each, the security attributes]. The TSF shall enforce the PAP Offline Transaction information flow control SFP based on the following types of subject and information security attributes: o Security Attributes of the subject S.PAP: • Contactless Life Cycle State; • PAP Action Analysis State; o Security Attributes of the information PAP Transaction Parameters: • PAP Transaction Processing State. FDP_IFF.1.2/ PAP Offline Transaction The TSF shall permit an information flow between a controlled subject and controlled information via a controlled operation if the following rules hold: [assignment: for each operation, the security attribute-based relationship that must hold between subject and information security attributes]. The TSF shall permit an information flow between a controlled subject and controlled information via a controlled operation if the following rules hold: o S.PAP is the currently selected application; o Contactless Life Cycle State is ACTIVATED; o PAP Transaction Processing State complies with [75] and [76] o PAP Action Analysis State requires offline processing; o PAP Action Analysis State does not reject the transaction. FDP_IFF.1.3/ PAP Offline Transaction The TSF shall enforce the [assignment: additional information flow control SFP rules]. The TSF shall enforce the following rules: None. FDP_IFF.1.4/ PAP Offline Transaction The TSF shall explicitly authorize an information flow based on the following rules: [assignment: rules, based on security attributes, that explicitly authorize information flows]. The TSF shall explicitly authorize an information flow based on the following rules: none. FDP_IFF.1.5/ PAP Offline Transaction The TSF shall explicitly deny an information flow based on the following rules: [assignment: rules, based on security attributes, that explicitly deny information flows]. The TSF shall explicitly deny an information flow based on the following rules: o If one of the conditions listed in FDP_IFF.1.2 is not fulfilled. FQR: 110 6672 Issue: 1 Date: July 2013 82/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. FDP_IFF.1/ PAP Online Transaction Simple security attributes FDP_IFF.1.1/ PAP Online Transaction The TSF shall enforce the [assignment: information flow control SFP] based on the following types of subject and information security attributes: [assignment: list of subjects and information controlled under the indicated SFP, and for each, the security attributes]. The TSF shall enforce the PAP Online Transaction information flow control SFP based on the following types of subject and information security attributes: o Security Attributes of the subject S.PAP: • Contactless Life Cycle State; • PAP Action Analysis State; o Security Attributes of the information PAP Transaction parameters: • PAP Transaction Processing State; o Security Attributes of the information Issuing Bank Transaction data: • Issuing Bank Transaction Data Integrity and Origin;. FDP_IFF.1.2/ PAP Online Transaction The TSF shall permit an information flow between a controlled subject and controlled information via a controlled operation if the following rules hold: [assignment: for each operation, the security attribute-based relationship that must hold between subject and information security attributes]. The TSF shall permit an information flow between a controlled subject and controlled information via a controlled operation if the following rules hold: o S.PAP is the currently selected application; o Contactless Life Cycle is ACTIVATED; o PAP Transaction Processing State complies with PAP specifications [75] and [76] o PAP Action Analysis State requires online processing; o PAP Action Analysis State does not reject the transaction;. o Issuing Bank Transaction Data Integrity and Origin is Verified. FDP_IFF.1.3/ PAP Online Transaction The TSF shall enforce the [assignment: additional information flow control SFP rules]. The TSF shall enforce the following rules: None. FDP_IFF.1.4/ PAP Online Transaction The TSF shall explicitly authorize an information flow based on the following rules: [assignment: rules, based on security attributes, that explicitly authorize information flows]. The TSF shall explicitly authorize an information flow based on the following rules: None. FDP_IFF.1.5/ PAP Online Transaction The TSF shall explicitly deny an information flow based on the following rules: [assignment: rules, based on security attributes, that explicitly deny information flows]. The TSF shall explicitly deny an information flow based on the following rules: o If one of the conditions listed in FDP_IFF.1.2 is not fulfilled. FQR: 110 6672 Issue: 1 Date: July 2013 83/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. FDP_IFF.1/ Post-Issuance Bank Management Simple security attributes FDP_IFF.1.1/ Post-Issuance Bank Management The TSF shall enforce the [assignment: information flow control SFP] based on the following types of subject and information security attributes: [assignment: list of subjects and information controlled under the indicated SFP, and for each, the security attributes]. The TSF shall enforce the Post-Issuance Bank Management information flow control SFP based on the following types of subject and information security attributes: o Security Attributes of the subject S.PAP: • Contactless Life Cycle State; o Security Attributes of the information Issuing Bank Transaction Data: • Issuing Bank Transaction Data Integrity and Origin. FDP_IFF.1.2/ Post-Issuance Bank Management The TSF shall permit an information flow between a controlled subject and controlled information via a controlled operation if the following rules hold: [assignment: for each operation, the security attribute-based relationship that must hold between subject and information security attributes]. The TSF shall permit an information flow between a controlled subject and controlled information via a controlled operation if the following rules hold: o S.PAP is the currently selected application; o Contactless Life Cycle is ACTIVATED or DEACTIVATED; o PAP Action Analysis State does not reject the transaction; o Issuing Bank Transaction Data Confidentiality, Integrity and Origin is VERIFIED. FDP_IFF.1.3/ Post-Issuance Bank Management The TSF shall enforce the [assignment: additional information flow control SFP rules]. The TSF shall enforce the following rules: None. FDP_IFF.1.4/ Post-Issuance Bank Management The TSF shall explicitly authorize an information flow based on the following rules: [assignment: rules, based on security attributes that explicitly authorize information flows]. The TSF shall explicitly authorize an information flow based on the following rules: None. FDP_IFF.1.5/ Post-Issuance Bank Management The TSF shall explicitly deny an information flow based on the following rules: [assignment: rules, based on security attributes that explicitly deny information flows]. The TSF shall explicitly deny an information flow based on the following rules: o If one of the conditions listed in FDP_IFF.1.2 is not fulfilled. 6.1.4 SECURITY AUDIT FQR: 110 6672 Issue: 1 Date: July 2013 84/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. FAU_ARP.1 Security alarms FAU_ARP.1.1 The TSF shall take [assignment: list of actions] upon detection of a potential security violation. The TSF shall take one of the following actions: o locking the PAP; o blocking or terminating the (U)SIM card session (muting the (U)SIM card); o reinitializing secret data; o bringing the (U)SIM card to a secure state; o temporary disabling the services of the PAP until a privileged role performs a special action; o definitely disabling all the services of the PAP upon detection of a potential security violation. FAU_SAA.1 Potential violation analysis FAU_SAA.1.1 The TSF shall be able to apply a set of rules in monitoring the audited events and based upon these rules indicate a potential violation of the enforcement of the SFRs. FAU_SAA.1.2 The TSF shall enforce the following rules for monitoring audited events: a) Accumulation or combination of [assignment: subset of defined auditable events] known to indicate a potential security violation; b) [assignment: any other rules]. The TSF shall enforce the following rules for monitoring audited events: a) Accumulation or combination of the following auditable events: o unauthorized use of the PAP services; o unauthorized read or modification of the PAP sensitive assets protected in integrity and confidentiality; o unauthorized modification of the PAP sensitive assets protected in integrity; o PAP Selection failure; o PAP Activation failure; o PAP Services failure known to indicate a potential security violation; b) No other rules. FAU_GEN.1 Audit data generation FAU_GEN.1.1 The TSF shall be able to generate an audit record of the following auditable events: a) Start-up and shutdown of the audit functions; b) All auditable events for the [selection: choose one of: minimum, basic, detailed, not specified] level of audit; and c) [assignment: other specifically defined auditable events]. FQR: 110 6672 Issue: 1 Date: July 2013 85/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. The TSF shall be able to generate an audit record of the following auditable events: a) Start-up and shutdown of the audit functions; b) All auditable events for the not specified level of audit; and c) The following auditable events: o Payment transactions;. FAU_GEN.1.2 The TSF shall record within each audit record at least the following information: a) Date and time of the event, type of event, subject identity (if applicable), and the outcome (success or failure) of the event; and b) For each audit event type, based on the auditable event definitions of the functional components included in the PP/ST, [assignment: other audit relevant information]. The TSF shall record within each audit record at least the following information: a) Date and time of the event, type of event, subject identity (if applicable), and the outcome (success or failure) of the event; and b) For each audit event type, based on the auditable event definitions of the functional components included in the PP/ST, o Date/time is logged only for accepted/rejected transaction. For online transaction, date/time will not record. o The only type of event is payment transaction. o The records are given in FAU_SAR.1/CUSTOMER and FAU_SAR.1/ISSUING_BANK. Refinement: Payment transactions auditable events are specified in FAU_SAA.1.2 FAU_SAR.1/CUSTOMER Audit review FAU_SAR.1.1/CUSTOMER The TSF shall provide [assignment: authorized users] with the capability to read [assignment: list of audit information] from the audit records. The TSF shall provide U.CUSTOMER with the capability to read the following audit information: o purchase amount; o purchase currency; o transaction date; o Cryptogram Information Data; o Application Transaction Counter; o Card Verification Results from the audit records. FAU_SAR.1.2/CUSTOMER The TSF shall provide the audit records in a manner suitable for the user to interpret the information. FQR: 110 6672 Issue: 1 Date: July 2013 86/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. FAU_SAR.1/ISSUING_BANK Audit review FAU_SAR.1.1/ISSUING_BANK The TSF shall provide [assignment: authorized users] with the capability to read [assignment: list of audit information] from the audit records. The TSF shall provide U.ISSUING_BANK with the capability to read all available information from the audit records. FAU_SAR.1.2/ISSUING_BANK The TSF shall provide the audit records in a manner suitable for the user to interpret the information. 6.1.5 CRYPTOGRAPHIC SUPPORT FCS_CKM.1/Session Keys Cryptographic key generation FCS_CKM.1.1/Session Keys The TSF shall generate cryptographic keys in accordance with a specified cryptographic key generation algorithm [assignment: cryptographic key generation algorithm] and specified cryptographic key sizes [assignment: cryptographic key sizes] that meet the following: [assignment: list of standards]. The TSF shall generate cryptographic keys in accordance with a specified cryptographic key generation algorithm PAP Session Keys Derivation and specified cryptographic key sizes 16 bytes that meet the following: [75] and [76] standard. FCS_CKM.4 Cryptographic key destruction FCS_CKM.4.1 The TSF shall destroy cryptographic keys in accordance with a specified cryptographic key destruction method [assignment: cryptographic key destruction method] that meets the following: [assignment: list of standards]. The TSF shall destroy cryptographic keys in accordance with a specified cryptographic key destruction method: The keys are reset in accordance with ["Java Card - API" Application Programming Interfaces, Classic Edition, Version 3.01, February 23, 2009, Sun Microsystems] in class Key with the method clearKey(). Application note: This SFT is implemented by the Platform. That also prevents the destroyed keys from being referenced. Any access to a cleared key attempting to use it for ciphering or signing shall throw an exception that meets the following: ["Java Card - API" Application Programming Interfaces, Classic Edition, Version 3.01, February 23, 2009, Sun Microsystems]. FQR: 110 6672 Issue: 1 Date: July 2013 87/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. FCS_COP.1/Offline Data Authentication Cryptographic operation FCS_COP.1.1/Offline Data Authentication The TSF shall perform [assignment: list of cryptographic operations] in accordance with a specified cryptographic algorithm [assignment: cryptographic algorithm] and cryptographic key sizes [assignment: cryptographic key sizes] that meet the following: [assignment: list of standards]. The TSF shall perform Signature operation in accordance with a specified cryptographic algorithm RSA and cryptographic key sizes 176 bytes that meet the following: [75] and [76] specification. FCS_COP.1 PIN Cryptographic operation FCS_COP.1.1 PIN The TSF shall perform [assignment: list of cryptographic operations] in accordance with a specified cryptographic algorithm [assignment: cryptographic algorithm] and cryptographic key sizes [assignment: cryptographic key sizes] that meet the following: [assignment: list of standards]. The TSF shall perform encryption and decryption in accordance with a specified cryptographic algorithm RSA and cryptographic key sizes from 768 bits to 1920 bits with a step of 32-bit that meet the following: 1. Ansi X9.31 [11], 2. ISO / IEC 9796-1, annex A, section A.4 and A.5, and annex C [16] 3. PKCS#1 The public Key Cryptography standards, RSA Data Security Inc. 1993 [19]. FCS_COP.1/Application Cryptogram Cryptographic operation FCS_COP.1.1/Application Cryptogram The TSF shall perform [assignment: list of cryptographic operations] in accordance with a specified cryptographic algorithm [assignment: cryptographic algorithm] and cryptographic key sizes [assignment: cryptographic key sizes] that meet the following: [assignment: list of standards]. The TSF shall perform MAC CBC cryptogram generation in accordance with a specified cryptographic algorithm 3DES and cryptographic key sizes 16 bytes that meet the following: [75] and [76] specifications. FCS_COP.1/Script Processing Cryptographic operation FCS_COP.1.1/Script Processing The TSF shall perform [assignment: list of cryptographic operations] in accordance with a specified cryptographic algorithm [assignment: cryptographic algorithm] and cryptographic key sizes [assignment: cryptographic key sizes] that meet the following: [assignment: list of standards]. The TSF shall perform Cryptogram generation in accordance with a specified cryptographic algorithm 3DES and cryptographic key sizes 16 bytes that meet the following: [75] and [76] specifications. FQR: 110 6672 Issue: 1 Date: July 2013 88/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. FCS_COP.1/Messages Data Integrity Cryptographic operation FCS_COP.1.1/Messages Data Integrity The TSF shall perform [assignment: list of cryptographic operations] in accordance with a specified cryptographic algorithm [assignment: cryptographic algorithm] and cryptographic key sizes [assignment: cryptographic key sizes] that meet the following: [assignment: list of standards]. The TSF shall perform MAC Computation in accordance with a specified cryptographic algorithm 3DES and cryptographic key sizes 16 bytes that meet the following: [75] and [76] specifications. FCS_COP.1/Messages Data Confidentiality Cryptographic operation FCS_COP.1.1/Messages Data Confidentiality The TSF shall perform [assignment: list of cryptographic operations] in accordance with a specified cryptographic algorithm [assignment: cryptographic algorithm] and cryptographic key sizes [assignment: cryptographic key sizes] that meet the following: [assignment: list of standards]. The TSF shall perform Encipherment in accordance with a specified cryptographic algorithm 3DES and cryptographic key sizes 16 bytes that meet the following: [75] and [76] specifications. 6.1.6 PROTECTION FDP_SDI.2 Stored data integrity monitoring and action FDP_SDI.2.1 The TSF shall monitor user data stored in containers controlled by the TSF for [assignment: integrity errors] on all objects, based on the following attributes: [assignment: user data attributes]. The TSF shall monitor user data stored in containers controlled by the TSF for corruption on all objects, based on the following attributes: o all stored Transaction management data; o all stored Temporary data during transaction processing integrity; o all stored Temporary data during Post-Issuance Bank Management. FDP_SDI.2.2 Upon detection of a data integrity error, the TSF shall [assignment: action to be taken]. Upon detection of a data integrity error, the TSF shall o deactivate and lock the PAP; o or Mute the (U)SIM card; o or Clear secret data; FQR: 110 6672 Issue: 1 Date: July 2013 89/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. FPT_TST.1 TSF testing FPT_TST.1.1 The TSF shall run a suite of self tests [selection: during initial start-up, periodically during normal operation, at the request of the authorized user, at the conditions [assignment: conditions under which self test should occur]] to demonstrate the correct operation of [selection: [assignment: parts of TSF], the TSF]. The TSF shall run a suite of self tests at the conditions: before PAP Application usage to demonstrate the correct operation of PAP application. FPT_TST.1.2 The TSF shall provide authorized users with the capability to verify the integrity of [selection: [assignment: parts of TSF data], TSF data]. The TSF shall provide authorized users with the capability to verify the integrity of Transaction Management Data (TSF persistent data). FPT_TST.1.3 The TSF shall provide authorized users with the capability to verify the integrity of [selection: [assignment: parts of TSF], TSF]. The TSF shall provide authorized users with the capability to verify the integrity of PAP application code. Application Note: FPT_TST.1 shall not be interpreted as TSF’s self-tests but as protection of integrity of Transaction Management Data (TSF persistent data) and PAP application code during loading of the applet, and covered by the (U)SIM platform (with the SFRs that meet the objective O.COMM_INTEGRITY). FPT_TDC.1 Inter-TSF basic TSF data consistency FPT_TDC.1.1 The TSF shall provide the capability to consistently interpret the following TSF data types when shared between the TSF and another trusted IT product. The TSF data types are: • PAP Reference Personal Code State • PAP Counters Integrity and PAP Counters State • Contactless Life Cycle State • PAP Transaction processing State and Issuing Bank Transaction Data Confidentiality (if required), Integrity and Origin FPT_TDC.1.2 The TSF shall use the rules defined in [75] and [76] when interpreting the TSF data from another trusted IT product. FQR: 110 6672 Issue: 1 Date: July 2013 90/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. FPT_RPL.1 Replay detection FPT_RPL.1.1 The TSF shall detect replay for the following entities: [assignment: list of identified entities]. The TSF shall detect replay for the following entities: Issuer Scripts and VERIFY commands. FPT_RPL.1.2 The TSF shall perform [assignment: list of specific actions] when replay is detected. The TSF shall perform reject the replay and increase counter when replay is detected. Application Note: If attack replay Issuer Scripts like PIN CHANGE UNBLOCK / APPLICATION UNBLOCK / UPDATE RECORD etc, the replay will be rejected and SMI counter will be increased. If attack replay VERIFY (PIN) Enciphered command which he sniffed from line, the replay will be rejected and Bad Crypto Counter will be increased. FDP_RIP.1 Subset residual information protection FDP_RIP.1.1 The TSF shall ensure that any previous information content of a resource is made unavailable upon the [selection: allocation of the resource to, deallocation of the resource from] the following objects: [assignment: list of objects]. The TSF shall ensure that any previous information content of a resource is made unavailable upon the deallocation of the resource from the following objects: o PAP Reference Personal Code; o PAP Personal Code; o PAP Keys. Application Note: This function shall be implemented by the (U)SIM platform. 6.1.7 MANAGEMENT FMT_SMF.1/ Functionalities Specification of Management Functions FMT_SMF.1.1/ Functionalities The TSF shall be capable of performing the following management functions: [assignment: list of management functions to be provided by the TSF]. The TSF shall be capable of performing the following management functions: o Communication channels selection; FQR: 110 6672 Issue: 1 Date: July 2013 91/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. o Post-Issuance Bank Management; o Customer Personal Parameter setup (Customer can setup some personal parameters via Midlet). Application Note: OTA Issuance Management (TSM can install the instance OTA and personalize the installed instance OTA) is implemented by the platform. FMT_MOF.1/ Parameters Management of security functions behaviour FMT_MOF.1.1/ Parameters The TSF shall restrict the ability to [selection: determine the behavior of, disable, enable, modify the behaviour of] the functions [assignment: list of functions] to [assignment: the authorized identified roles]. The TSF shall restrict the ability to disable, enable and modify the behaviour of the functions o PAP Selection; o PAP Activation/Deactivation; o PAP Offline Data Authentication; o PAP Offline Transaction; o PAP Online Transaction; o Personal Code Verification to the Issuing Bank. FMT_MTD.1/ Secrets Management of TSF data FMT_MTD.1.1/ Secrets The TSF shall restrict the ability to [selection: change_default, query, modify, delete, clear, [assignment: other operations]] the [assignment: list of TSF data] to [assignment: the authorized identified roles]. The TSF shall restrict the ability to modify the PAP TSF data (all) to the Issuing Bank. FMT_MSA.1/ Issuing Bank Management of security attributes FMT_MSA.1.1/ Issuing Bank The TSF shall enforce the [assignment: access control SFP(s), information flow control SFP(s)] to restrict the ability to [selection: change_default, query, modify, delete, [assignment: other operations]] the security attributes [assignment: list of security attributes] to [assignment: the authorized identified roles]. The TSF shall enforce the Post-Issuance Bank Management Access Control SFP and Post-Issuance Bank Management Information Control SFP to restrict the ability to modify the security attributes all the PAP security attributes to the Issuing Bank. FQR: 110 6672 Issue: 1 Date: July 2013 92/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. FMT_MSA.2 Secure security attributes FMT_MSA.2.1 The TSF shall ensure that only secure values are accepted for [assignment: list of security attributes]. The TSF shall ensure that only secure values are accepted for security attributes defined in PAP Transaction Access Control SFP and PAP Offline Transaction, PAP Online Transaction Information Control SFP. FMT_MSA.3 Static attribute initialization FMT_MSA.3.1 The TSF shall enforce the [assignment: access control SFP, information flow control SFP] to provide [selection: choose one of: restrictive, permissive, [assignment: other property]] default values for security attributes that are used to enforce the SFP. The TSF shall enforce the: - Post-Issuance Bank Management Access Control SFP and Post-Issuance Bank Management Information Control SFP - PAP Application Access Control SFP; - PAP Payment Transaction Management Access Control SFP; - PAP Activation Access Control SFP; - PAP Administration Management Access Control SFP; - PAP Transaction Access Control SFP; - PAP Offline Authentication Access Control SFP and PAP Offline Authentication Information Control SFP; - PAP Offline Transaction Information Control SFP; - PAP Online Transaction Information Control SFP; to provide restrictive default values for security attributes that are used to enforce the SFP. FMT_MSA.3.2 The TSF shall allow the [assignment: the authorized identified roles] to specify alternative initial values to override the default values when an object or information is created. The TSF shall allow the Issuing Bank and MNO to specify alternative initial values to override the default values when an object or information is created. FMT_SMR.1 Security roles FMT_SMR.1.1 The TSF shall maintain the roles [assignment: the authorized identified roles]. The TSF shall maintain the roles o Customer; FQR: 110 6672 Issue: 1 Date: July 2013 93/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. o Issuing Bank; o MNO. FMT_SMR.1.2 The TSF shall be able to associate users with roles. 6.1.8 IDENTIFICATION / AUTHENTIFICATION FIA_AFL.1/ Customer Authentication failure handling FIA_AFL.1.1/ Customer The TSF shall detect when [selection: [assignment: positive integer number], an administrator configurable positive integer within [assignment: range of acceptable values]] unsuccessful authentication attempts occur related to [assignment: list of authentication events]. The TSF shall detect when Personal Code Try Counter Limit within [1, FFFFh] unsuccessful authentication attempts occur related to the Personal Code Verification. FIA_AFL.1.2/ Customer When the defined number of unsuccessful authentication attempts has been [selection: met, surpassed], the TSF shall [assignment: list of actions]. When the defined number of unsuccessful authentication attempts has been surpassed, the TSF shall o return an error, as specified in [75] and [76] o block the PAP Reference Personal Code until the Issuing Bank unblocks it. Application Note: the value of the Personal Code Try Counter Limit is defined during personalization (2 bytes, from 1 to FFFFh). FIA_AFL.1/ Issuing Bank Authentication failure handling FIA_AFL.1.1/ Issuing Bank The TSF shall detect when [selection: [assignment: positive integer number], an administrator configurable positive integer within [assignment: range of acceptable values]] unsuccessful authentication attempts occur related to [assignment: list of authentication events]. The TSF shall detect when 1 unsuccessful authentication attempts occur related to Issuing Bank Authentication. FIA_AFL.1.2/ Issuing Bank When the defined number of unsuccessful authentication attempts has been [selection: met, surpassed], the TSF shall [assignment: list of actions]. When the defined number of unsuccessful authentication attempts has been surpassed, the TSF shall slow down the next authentication. The waiting time is augmented with a maximum number of unsuccessful authentications of 15 FQR: 110 6672 Issue: 1 Date: July 2013 94/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. FIA_ATD.1 User attributes definition FIA_ATD.1.1 The TSF shall maintain the following list of security attributes belonging to individual users: [assignment: list of security attributes]. The TSF shall maintain the following list of security attributes belonging to individual users: o Personal Code Verification Security Attributes (PAP Transaction Parameters); o Issuing Bank Authentication Security Attributes (PAP Transaction Parameters). FIA_UAU.1/ PAP Online Transaction Timing of authentication FIA_UAU.1.1/ PAP Online Transaction The TSF shall allow [assignment: list of TSF mediated actions] on behalf of the user to be performed before the user is authenticated. The TSF shall allow o PAP Action analysis; o establishment of a trusted path dedicated to the current payment transaction on behalf of the user to be performed before the user is authenticated. Refinement: User authentication stands for the authentication using the Personal Code. FIA_UAU.1.2/ PAP Online Transaction The TSF shall require each user to be successfully authenticated before allowing any other TSF-mediated actions on behalf of that user. FIA_UAU.1/ Post-Issuance Bank Management Timing of authentication FIA_UAU.1.1/ Post-Issuance Bank Management The TSF shall allow [assignment: list of TSF mediated actions] on behalf of the user to be performed before the user is authenticated. The TSF shall allow o selecting a PAP on the (U)SIM card; o requesting data that identifies the Issuing Bank; o establishment of a trusted path dedicated to the Post-Issuance Bank Management on behalf of the user to be performed before the user is authenticated. Refinement: User authentication stands for the authentication using the Personal Code. FQR: 110 6672 Issue: 1 Date: July 2013 95/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. FIA_UAU.1.2/ Post-Issuance Bank Management The TSF shall require each user to be successfully authenticated before allowing any other TSF-mediated actions on behalf of that user. FIA_UAU.1/ Payment Transaction Timing of authentication FIA_UAU.1.1/ Payment Transaction The TSF shall allow [assignment: list of TSF mediated actions] on behalf of the user to be performed before the user is authenticated. The TSF shall allow all operations except payment transactions on behalf of the user to be performed before the user is authenticated. Refinement: User authentication stands for the authentication of the user to the (U)SIM card by mean of the PIN code. FIA_UAU.1.2/ Payment Transaction The TSF shall require each user to be successfully authenticated before allowing any other TSF-mediated actions on behalf of that user. Application Note: This authentication shall be handled by the (U)SIM platform. The PAP shall be able to verify the state of the customer authentication by the (U)SIM platform. FIA_UAU.3 Unforgeable authentication FIA_UAU.3.1 The TSF shall [selection: detect, prevent] use of authentication data that has been forged by any user of the TSF. The TSF shall detect use of authentication data that has been forged by any user of the TSF. FIA_UAU.3.2 The TSF shall [selection: detect, prevent] use of authentication data that has been copied from any other user of the TSF. The TSF shall detect use of authentication data that has been copied from any other user of the TSF. FIA_UAU.4 Single-use authentication mechanisms FIA_UAU.4.1 The TSF shall prevent reuse of authentication data related to [assignment: identified authentication mechanism(s)]. The TSF shall prevent reuse of authentication data related to o PAP Offline Data Authentication; FQR: 110 6672 Issue: 1 Date: July 2013 96/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. o PAP Issuing Bank and MNO Authentication. FIA_UAU.6/ Customer Re-authenticating FIA_UAU.6.1/ Customer The TSF shall re-authenticate the user under the conditions [assignment: list of conditions under which re-authentication is required]. The TSF shall re-authenticate the user under the conditions: o Upon reception Set- Reset-Parameters Application Note: If the customer did not submit a payment transaction during the frame specified time. The time, in seconds, is defined by” CVM_Reset Timeout”. Its value is added at the personalization phase. The Midlet is out of the scope of this evaluation. FIA_UID.1/ PAP Online Transaction Timing of identification FIA_UID.1.1/ PAP Online Transaction The TSF shall allow [assignment: list of TSF- mediated actions] on behalf of the user to be performed before the user is identified. The TSF shall allow all TSF-mediated actions listed in FIA_UAU.1/PAP Online Transaction on behalf of the user to be performed before the user is identified. FIA_UID.1.2/ PAP Online Transaction The TSF shall require each user to be successfully identified before allowing any other TSF-mediated actions on behalf of that user. FIA_UID.1/ Post-Issuance Bank Management Timing of identification FIA_UID.1.1/ Post-Issuance Bank Management The TSF shall allow [assignment: list of TSF-mediated actions] on behalf of the user to be performed before the user is identified. The TSF shall allow all TSF-mediated actions listed in FIA_UAU.1/ Post-Issuance Bank Management on behalf of the user to be performed before the user is identified. FIA_UID.1.2/ Post-Issuance Bank Management The TSF shall require each user to be successfully identified before allowing any other TSF-mediated actions on behalf of that user. FQR: 110 6672 Issue: 1 Date: July 2013 97/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. FIA_UID.1/ Payment Transaction Timing of identification FIA_UID.1.1/ Payment Transaction The TSF shall allow [assignment: list of TSF-mediated actions] on behalf of the user to be performed before the user is identified. The TSF shall allow all TSF-mediated actions listed in FIA_UAU.1/ Payment Transaction on behalf of the user to be performed before the user is identified. FIA_UID.1.2/ Payment Transaction The TSF shall require each user to be successfully identified before allowing any other TSF-mediated actions on behalf of that user. FIA_USB.1 User-subject binding FIA_USB.1.1 The TSF shall associate the following user security attributes with subjects acting on the behalf of that user: [assignment: list of user security attributes]. The TSF shall associate the following user security attributes with subjects acting on the behalf of that user: o PAP Transaction Parameters State. FIA_USB.1.2 The TSF shall enforce the following rules on the initial association of user security attributes with subjects acting on the behalf of users: [assignment: rules for the initial association of attributes]. The TSF shall enforce the following rules on the initial association of user security attributes with subjects acting on the behalf of users: o PAP Transaction Parameters State initially indicates no identification/authentication of the user. FIA_USB.1.3 The TSF shall enforce the following rules governing changes to the user security attributes associated with subjects acting on the behalf of users: [assignment: rules for the changing of attributes]. The TSF shall enforce the following rules governing changes to the user security attributes associated with subjects acting on the behalf of users: none. FIA_SOS.2 TSF Generation of secrets FIA_SOS.2.1 The TSF shall provide a mechanism to generate secrets that meet [assignment: a defined quality metric]. The TSF shall provide a mechanism to generate secrets that meet the STANDARD level as specified in platform (refer to [30]). FQR: 110 6672 Issue: 1 Date: July 2013 98/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. FIA_SOS.2.2 The TSF shall be able to enforce the use of TSF generated secrets for [assignment: list of TSF functions]. The TSF shall be able to enforce the use of TSF generated secrets for the generation of the 8-bytes challenge used for cryptographic operations. Refinement: Refinement: "secrets" stand for random values. FDP_DAU.1 Basic Data Authentication FDP_DAU.1.1 The TSF shall provide a capability to generate evidence that can be used as a guarantee of the validity of [assignment: list of objects or information types]. The TSF shall provide a capability to generate evidence that can be used as a guarantee of the validity of the following objects and information: o Contactless Life Cycle; o (U)SIM Life Cycle Status; o PAP Code; o PAP Selection and Activation Parameters; o PAP Transaction Parameters; o PAP Keys; o Reference Personal Code; o PAP Log File; o PAP Counters; o PAP Customer Account Information. FDP_DAU.1.2 The TSF shall provide [assignment: list of subjects] with the ability to verify evidence of the validity of the indicated information. The TSF shall provide S.PAP with the ability to verify evidence of the validity of the indicated information. 6.1.9 ACCESS and INFORMATION FLOW CONTROL SFP FDP_ITC.2/ Post-Issuance Bank Management Import of user data with security attributes FDP_ITC.2.1/ Post-Issuance Bank Management The TSF shall enforce the [assignment: access control SFP(s) and/or information flow control SFP(s)] when importing user data, controlled under the SFP, from outside of the TOE. FQR: 110 6672 Issue: 1 Date: July 2013 99/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. The TSF shall enforce the Post-Issuance Bank Management Access Control and the Post-Issuance Bank Management Information Flow Control SFPs when importing user data, controlled under the SFP, from outside of the TOE. FDP_ITC.2.2/ Post-Issuance Bank Management The TSF shall use the security attributes associated with the imported user data. FDP_ITC.2.3/ Post-Issuance Bank Management The TSF shall ensure that the protocol used provides for the unambiguous association between the security attributes and the user data received. FDP_ITC.2.4/ Post-Issuance Bank Management The TSF shall ensure that interpretation of the security attributes of the imported user data is as intended by the source of the user data. FDP_ITC.2.5/ Post-Issuance Bank Management The TSF shall enforce the following rules when importing user data controlled under the SFP from outside the TOE: [assignment: additional importation control rules]. The TSF shall enforce the following rules when importing user data controlled under the SFP from outside the TOE: o the Issuing Bank Transaction Parameters are verified in origin and integrity (and confidentiality if required) following [75] and [76] specifications. FDP_ITC.2/ PAP Transaction Import of user data with security attributes FDP_ITC.2.1/ PAP Transaction The TSF shall enforce the [assignment: access control SFP(s) and/or information flow control SFP(s)] when importing user data, controlled under the SFP, from outside of the TOE. The TSF shall enforce the PAP Transaction Access Control and the PAP Online Transaction Information Flow Control SFPs when importing user data, controlled under the SFP, from outside of the TOE. FDP_ITC.2.2/ PAP Transaction The TSF shall use the security attributes associated with the imported user data. FDP_ITC.2.3/ PAP Transaction The TSF shall ensure that the protocol used provides for the unambiguous association between the security attributes and the user data received. FDP_ITC.2.4/ PAP Transaction The TSF shall ensure that interpretation of the security attributes of the imported user data is as intended by the source of the user data. FDP_ITC.2.5/ PAP Transaction The TSF shall enforce the following rules when importing user data controlled under the SFP from outside the TOE: [assignment: additional importation control rules]. FQR: 110 6672 Issue: 1 Date: July 2013 100/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. The TSF shall enforce the following rules when importing user data controlled under the SFP from outside the TOE: o the Issuing Bank Transaction Data are verified in origin and integrity (and confidentiality if required) following [75] and [76] specifications. FDP_ETC.1 Export of user data without security attributes FDP_ETC.1.1 The TSF shall enforce the [assignment: access control SFP(s) and/or information flow control SFP(s)] when exporting user data, controlled under the SFP(s), outside of the TOE. The TSF shall enforce the TOE's Access Control and Information Flow Control SFPs (all) when exporting user data, controlled under the SFP(s), outside of the TOE. FDP_ETC.1.2 The TSF shall export the user data without the user data's associated security attributes FDP_ITC.1 Import of user data without security attributes FDP_ITC.1.1 The TSF shall enforce the [assignment: access control SFP(s) and/or information flow control SFP(s)] when importing user data, controlled under the SFP, from outside of the TOE. The TSF shall enforce the Access Control and Information Flow Control SFPs (all except those enforced in FDP_ITC.2/ Post-Issuance Bank Management and FDP_ITC.2/ PAP Transaction) when importing user data, controlled under the SFP, from outside of the TOE. FDP_ITC.1.2 The TSF shall ignore any security attributes associated with the user data when imported from outside the TOE. FDP_ITC.1.3 The TSF shall enforce the following rules when importing user data controlled under the SFP from outside the TOE: [assignment: additional importation control rules]. The TSF shall enforce the following rules when importing user data controlled under the SFP from outside the TOE: none. FDP_UIT.1 Data exchange integrity FDP_UIT.1.1 The TSF shall enforce the [assignment: access control SFP(s) and/or information flow control SFP(s)]to [selection: transmit, receive] user data in a manner protected from [selection: modification, deletion, insertion, replay] errors. FQR: 110 6672 Issue: 1 Date: July 2013 101/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. The TSF shall enforce the PAP Offline Transaction, PAP Online Transaction and the Post-Issuance Bank Management Information Flow Control SFPs to receive user data in a manner protected from replay, insertion, deletion and modification errors. FDP_UIT.1.2 The TSF shall be able to determine on receipt of user data, whether [selection: modification, deletion, insertion, replay] has occurred. The TSF shall be able to determine on receipt of user data, whether modification, deletion, insertion and replay has occurred. 6.1.10 SECURE CHANNEL FTP_ITC.1 Inter-TSF trusted channel FTP_ITC.1.1 The TSF shall provide a communication channel between itself and another trusted IT product that is logically distinct from other communication channels and provides assured identification of its end points and protection of the channel data from modification or disclosure. FTP_ITC.1.2 The TSF shall permit [selection: the TSF, another trusted IT product] to initiate communication via the trusted channel. The TSF shall permit another trusted IT product to initiate communication via the trusted channel. FTP_ITC.1.3 The TSF shall initiate communication via the trusted channel for [assignment: list of functions for which a trusted channel is required]. The TSF shall initiate communication via the trusted channel for o PAP Online Transaction; o Post-Issuance Bank Management. 6.1.11 UNOBSERVABILITY FPR_UNO.1 Unobservability FPR_UNO.1.1 The TSF shall ensure that [assignment: list of users and/or subjects] are unable to observe the operation [assignment: list of operations] on [assignment: list of objects] by [assignment: list of protected users and/or subjects]. The TSF shall ensure that all users and subjects are unable to observe the operation PIN comparison and key comparison on the Reference Personal Code and the PAP keys performed by S.PAP. FQR: 110 6672 Issue: 1 Date: July 2013 102/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. 6.2 Security Assurance Requirements The Evaluation Assurance Level is EAL4 augmented with ALC_DVS.2 and AVA_VAN.5. The assurance details are removed from the public version. 6.3 Security Requirements Rationale 6.3.1 Objectives 6.3.1.1 Security Objectives for the TOE TRANSACTION PROTECTION O.TRANSACTION_UNIQUENESS This security objective is met by the following SFRs: o FCS_COP.1/Application Cryptogram, FCS_CKM.1/Session Keys, FCS_CKM.4 which guarantees that transaction cryptograms are generated in accordance with the [75] and [76] specifications. o All access and information flow control SFPs (FDP_ACC.2/ PAP Application, FDP_ACF.1/ PAP Application, FDP_IFC.2/ PAP Offline Authentication, FDP_IFF.1/ PAP Offline Authentication, FDP_ACC.2/ PAP Activation, FDP_ACF.1/ PAP Activation, FDP_ACF.1/ PAP Administration Management, FDP_ACF.1/ PAP Payment Transaction Management, FDP_ACF.1/ PAP Offline Authentication, FDP_ACF.1/ Post-Issuance Bank Management, FDP_ACF.1/ PAP Transaction, FDP_IFC.2/ PAP Offline Transaction, FDP_IFC.2/ PAP Online Transaction, FDP_IFC.2/ Post-Issuance Bank Management, FDP_IFF.1/ PAP Offline Transaction, FDP_IFF.1/ PAP Online Transaction, FDP_IFF.1/ Post-Issuance Bank Management, FDP_ACC.2/ PAP Administration Management, FDP_ACC.2/ PAP Payment Transaction Management, FDP_ACC.2/ Post-Issuance Bank Management, FDP_ACC.2/ PAP Offline Authentication, FDP_ACC.2/ PAP Transaction, FDP_ETC.1 and FDP_ITC.1) are enforced for cryptogram generation and thus help in preserving the uniqueness of a transaction. o FDP_UIT.1 which guarantees the integrity of data exchanged from and to the TOE by detecting unauthorized modification and replayed transactions. o FMT_SMF.1/Functionalities is added as it ensures Post-Issuance Bank Management. O.TRANSACTION_INTEGRITY This security objective is met by the following SFRs: All access and information flow control SFPs o FDP_ACC.2/ PAP Application, FDP_ACF.1/ PAP Application, FDP_IFC.2/ PAP Offline Authentication, FDP_IFF.1/ PAP Offline Authentication, FDP_ACC.2/ PAP Activation, FDP_ACF.1/ PAP Activation, FDP_ACF.1/ PAP Administration Management, FDP_ACF.1/ PAP Payment Transaction Management, FDP_ACF.1/ PAP Offline Authentication, FDP_ACF.1/ Post-Issuance Bank Management, FDP_ACF.1/ PAP Transaction, FDP_IFC.2/ PAP Offline Transaction, FDP_IFC.2/ PAP Online Transaction, FDP_IFC.2/ Post-Issuance Bank Management, FDP_IFF.1/ PAP Offline Transaction, FDP_IFF.1/ PAP Online Transaction, FDP_IFF.1/ Post-Issuance Bank Management, FDP_ACC.2/ PAP Administration Management, FDP_ACC.2/ PAP Payment Transaction Management, FDP_ACC.2/ Post-Issuance Bank Management, FDP_ACC.2/ PAP Offline Authentication, FQR: 110 6672 Issue: 1 Date: July 2013 103/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. FDP_ACC.2/ PAP Transaction, FDP_ETC.1, FDP_ITC.1, FDP_ITC.2/ PAP Transaction; FDP_ITC.2/ Post-Issuance Bank Management) FPT_TDC.1 and FDP_UIT.1 are enforced for transaction Post-Issuance Bank Management) are enforced for transactions and thus help in preserving the integrity of a transaction. o The SFRs FMT_MOF.1/ Parameters, FMT_MSA.1/ Issuing Bank and FMT_MSA.3 contributes in covering this security objective by restricting the modification of parameters to the Issuing Bank. o FMT_SMF.1/Functionalities is added as it ensures Post-Issuance Bank Management. O.TRANSACTION_BYPASS This security objective is satisfied by the following SFRs: o All access and information flow control SFPs (FDP_ACC.2/ PAP Application, FDP_ACF.1/ PAP Application, FDP_IFC.2/ PAP Offline Authentication, FDP_IFF.1/ PAP Offline Authentication, FDP_ACC.2/ PAP Activation, FDP_ACF.1/ PAP Activation, FDP_ACF.1/ PAP Administration Management, FDP_ACF.1/ PAP Payment Transaction Management, FDP_ACF.1/ PAP Offline Authentication, FDP_ACF.1/ PAP Offline Authentication, FDP_ACF.1/ Post-Issuance Bank Management, FDP_ACF.1/ PAP Transaction, FDP_IFC.2/ PAP Offline Transaction, FDP_IFC.2/ PAP Online Transaction, FDP_IFC.2/ Post-Issuance Bank Management, FDP_IFF.1/ PAP Offline Transaction, FDP_IFF.1/ PAP Online Transaction, FDP_IFF.1/ Post-Issuance Bank Management, FDP_ACC.2/ PAP Administration Management, FDP_ACC.2/ PAP Payment Transaction Management, FDP_ACC.2/ Post-Issuance Bank Management, FDP_ACC.2/ PAP Offline Authentication, FDP_ACC.2/ PAP Transaction, FDP_ETC.1, FDP_ITC.1, FDP_ITC.2/ PAP Transaction and FDP_ITC.2/ Post-Issuance Bank Management) and FPT_TDC.1 are enforced for transaction process and thus help in ensuring a non-bypassability of the transaction flow model. o FIA_UAU.1/ PAP Online Transaction, FIA_UAU.1/ Post-Issuance Bank Management, FIA_UAU.1/ MNO, FIA_UID.1/ PAP Online Transaction, FIA_UID.1/ Payment Transaction, FIA_UID.1/ Post-Issuance Bank Management, FIA_AFL.1/ Customer, FIA_AFL.1/ Issuing Bank which enforce users identification and authentication to perform some actions as defined in the [75] and [76] specifications. o FMT_SMF.1/Functionalities is added as it ensures Post-Issuance Bank Management. O.TRANSACTION_REPLAY This security objective is covered by the following SFRs: o FPT_RPL.1/ which ensures that all transactions are protected against replay; the TSF can detect it and react to such attack. o FIA_SOS.2/ which ensures the TOE can generate random value to enforce the protection against replay attacks. o FIA_UAU.4 guarantees that authentication data cannot be reused. o FCS_CKM.1/Session Keys and FCS_CKM.4 keys ensures that session keys generation meet the requirements of [75] and [76], destruction is handled by the platform. o FDP_UIT.1 which guarantees the integrity of data exchanged from and to the TOE by detecting replayed transactions. FQR: 110 6672 Issue: 1 Date: July 2013 104/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. AUTHENTICATION O.USER_AUTH This objective is covered by: o FIA_UAU.1/ PAP Online Transaction which require the authentication of the customer to the TOE to perform a transaction, o FIA_UAU.3 which prevents against use of forged authentication data, o FIA_UAU.4 which prevents against reuse of authentication data, o FIA_UAU.6/ Customer that requests customer re-authentication when it is required o FIA_SOS.2 which ensures the TOE can generate random value to perform authentication processes. o FIA_ATD.1 guarantees that security attributes belonging to customer are securely maintained. o FDP_ACC.2/ PAP Application, FDP_ACF.1/ PAP Application, FDP_ACF.1/ PAP Administration Management, FDP_ACF.1/ PAP Payment Transaction Management, FDP_ACC.2/ PAP Administration Management, FDP_ACC.2/ PAP Payment Transaction Management that define access controls for the Customer o FMT_SMR.1 that associates the roles to the Customer o FDP_RIP.1 and FIA_AFL.1/ Customer that provide protection against brute force attacks and cryptographic extraction of residual information on the Personal Code. o FCS_COP.1/Messages Data Integrity, FCS_COP.1/Messages Data Confidentiality FCS_COP.1 PIN, which ensure cryptographic support for authentication mechanisms o FIA_USB.1 ensures that the appropriate security attributes are associated to the Customer authentication o FMT_SMF.1 this management function provides customer to setup some personal parameters. O.ISSUING_BANK_AUTH This objective is covered by: o FIA_UAU.1/ Post-Issuance Bank Management which require a successful authentication of the Issuing Bank to the TOE to perform a transaction, o FIA_UAU.3 which prevents against use of forged authentication data, o FIA_UAU.4 which prevents against reuse of authentication data, o FIA_SOS.2 which ensures the TOE can generate random value to perform authentication processes. o FIA_AFL.1/ Issuing Bank that detects unauthorized authentications events o FIA_ATD.1 guarantees that security attributes belonging to the Issuing Bank are securely maintained. o FIA_USB.1 ensures that the appropriate security attributes are associated to the Issuing Bank authentication o FDP_ACC.2/ Post-Issuance Bank Management, FDP_ACF.1/ Post-Issuance Bank Management, FDP_ACC.2/ PAP Application, FDP_ACF.1/ PAP Application, FDP_ACF.1/ PAP Administration Management, FDP_ACF.1/ PAP Payment Transaction Management, FDP_ACC.2/ PAP Administration Management, FDP_ACC.2/ PAP Activation, FDP_ACC.2/ PAP Payment Transaction Management, FDP_ACF.1/ PAP Activation that define access controls to the TOE for the Issuing Bank FQR: 110 6672 Issue: 1 Date: July 2013 105/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. o FDP_ETC.1, FDP_ITC.1 and FDP_ITC.2/ Post-Issuance Bank Management and FPT_TDC.1 ensure that security attributes are not exported and those related to Post-Issuance Bank Management are covered. o FMT_SMR.1 that associates the roles to the Issuing Bank o FCS_COP.1/Messages Data Integrity, FCS_COP.1/Messages Data Confidentiality, FCS_COP.1/Script Processing which ensure cryptographic support for authentication mechanisms. o FMT_SMF.1/Functionalities ensures Post-Issuance Bank Management. O.MNO_AUTH handled by the (U)SIM platform (O.COMM_AUTH). EXECUTION PROTECTION O.AUTHORISATION_CONTROL This security objective is covered by the following SFRs: o Access and information flow control SFPs (FDP_ACC.2/ PAP Application, FDP_ACF.1/ PAP Application, FDP_ACC.2/ PAP Activation, FDP_ACF.1/ PAP Activation, FDP_ACF.1/ PAP Administration Management, FDP_ACF.1/ PAP Payment Transaction Management, FDP_ACF.1/ PAP Transaction, FDP_IFC.2/ PAP Online Transaction, FDP_IFF.1/ PAP Online Transaction, FDP_ACC.2/ PAP Administration Management, FDP_ACC.2/ PAP Payment Transaction Management, FDP_ACC.2/ PAP Transaction and FDP_ITC.1) are enforced for authorisation requests and thus help in preserving the consistency of payment transactions. o FIA_UAU.1/ PAP Online Transaction which enforces users successful authentication to perform payment transactions as defined in the [75] and [76] specifications DATA PROTECTION O.DATA_DISCLOSURE This security objective is satisfied by the following SFRs: o FDP_RIP.1 that prevent residual information on the Personal Code and the PAP keys o All access and information flow control SFPs (FDP_ACC.2/ PAP Application, FDP_ACF.1/ PAP Application, FDP_IFC.2/ PAP Offline Authentication, FDP_IFF.1/ PAP Offline Authentication, FDP_ACC.2/ PAP Activation, FDP_ACF.1/ PAP Activation, FDP_ACF.1/ PAP Administration Management, FDP_ACF.1/ PAP Payment Transaction Management, FDP_ACF.1/ PAP Offline Authentication, FDP_ACF.1/ PAP Offline Authentication, FDP_ACF.1/ Post-Issuance Bank Management, FDP_ACF.1/ PAP Transaction, FDP_IFC.2/ PAP Offline Transaction, FDP_IFC.2/ PAP Online Transaction, FDP_IFC.2/ Post-Issuance Bank Management, FDP_IFF.1/ PAP Offline Transaction, FDP_IFF.1/ PAP Online Transaction, FDP_IFF.1/ Post-Issuance Bank Management, FDP_ACC.2/ PAP Administration Management, FDP_ACC.2/ PAP Payment Transaction Management, FDP_ACC.2/ Post-Issuance Bank Management, FDP_ACC.2/ PAP Offline Authentication, FDP_ACC.2/ PAP Transaction) helps in ensuring the confidentiality of the TSF data. o FDP_ETC.1, FDP_ITC.1, FDP_ITC.2/ Post-Issuance Bank Management and FDP_ITC.2/ PAP Transaction that cover the confidentiality of user data when imported and exported. FQR: 110 6672 Issue: 1 Date: July 2013 106/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. o FAU_ARP.1 that prevents and react from potential security violation o FAU_SAA.1 specifies rules that preserve the confidentiality of log files. o FCS_COP.1/Offline Data Authentication, FCS_COP.1/Script Processing and FCS_COP.1/Messages Data Confidentiality that specify cryptographic algorithms that shall be used to ensure the confidentiality of transmitted data. -FPR_UNO.1 which specifies that PIN comparison and Key comparison are unobservable. O.DATA_INTEGRITY This security objective is satisfied by the following SFRs: o All access and information flow control SFPs (FDP_ACC.2/ PAP Application, FDP_ACF.1/ PAP Application, FDP_IFC.2/ PAP Offline Authentication, FDP_IFF.1/ PAP Offline Authentication, FDP_ACC.2/ PAP Activation, FDP_ACF.1/ PAP Activation, FDP_ACF.1/ PAP Administration Management, FDP_ACF.1/ PAP Payment Transaction Management, FDP_ACF.1/ PAP Offline Authentication, FDP_ACF.1/ PAP Offline Authentication, FDP_ACF.1/ Post-Issuance Bank Management, FDP_ACF.1/ PAP Transaction, FDP_IFC.2/ PAP Offline Transaction, FDP_IFC.2/ PAP Online Transaction, FDP_IFC.2/ Post-Issuance Bank Management, FDP_IFF.1/ PAP Offline Transaction, FDP_IFF.1/ PAP Online Transaction, FDP_IFF.1/ Post-Issuance Bank Management, FDP_ACC.2/ PAP Administration Management, FDP_ACC.2/ PAP Payment Transaction Management, FDP_ACC.2/ Post-Issuance Bank Management, FDP_ACC.2/ PAP Offline Authentication, FDP_ACC.2/ PAP Transaction) helps in ensuring the integrity of the TSF data o FDP_ETC.1, FDP_ITC.1, FDP_ITC.2/ Post-Issuance Bank Management and FDP_ITC.2/ PAP Transaction and FPT_TDC.1 that cover the integrity of security attributes when imported and exported. o FAU_ARP.1 that prevents and react from potential security violation o FAU_SAA.1 specifies rules that preserve the integrity of log files. o FCS_COP.1/Offline Data Authentication, FCS_COP.1/Script Processing, FCS_COP.1/Application Cryptogram and FCS_COP.1/Messages Data Integrity that specify cryptographic algorithms that shall be used to ensure the integrity of transmitted data. o FDP_DAU.1 that guarantees the validity of objects and information o FDP_SDI.2 which ensure that data integrity is controlled by the TSF o FDP_UIT.1 which guarantees the integrity of data exchanged from and to the TOE by detecting unauthorized modification of data. o FTP_ITC.1 that requires a communication channel that guarantees the integrity of transmitted data o FMT_MSA.1/ Issuing Bank and FMT_MSA.3 that protect the security attributes o FMT_MOF.1/ Parameters and FMT_MTD.1/ Secrets that restrict the ability to modify TSF data and security functions to the Issuing Bank and thus protect their integrity. o FPT_TST.1 shall be covered by the Platform (see Application Note of FPT_TST.1). O.DATA_USERS This security objective is covered by the following SFR: o FMT_SMR.1 which ensures that users are associated with roles and these roles are maintained by the TSF FQR: 110 6672 Issue: 1 Date: July 2013 107/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. RISK MANAGEMENT O.RISK_MNGT This security objective is met by the following SFRs: o FDP_ACC.2/ PAP Transaction and FDP_ACF.1/ PAP Transaction, FDP_IFC.2/ PAP Offline Transaction and FDP_IFF.1/ PAP Offline Transaction, and FDP_IFC.2/ PAP Online Transaction and FDP_IFF.1/ PAP Online Transaction, which ensure number of transactions without authorization does not exceed maximum values of risk management counters. o FDP_UIT.1 which ensures that data are protected during transmission from and to the TOE. Unauthorized modification and replay attacks are detected. o FMT_MSA.2 which guarantees that only secure values are accepted for security attributes O.APP_BLOCK This security objective is met by the following SFRs: o FDP_ACC.2/ PAP Transaction and FDP_ACF.1/ PAP Transaction which prevent PAP operations if PAP is blocked. o FDP_ACC.2/ PAP Administration Management and FDP_ACF.1/ PAP Administration Management which grant an authorized user (the Issuing Bank) the privilege to block the PAP and its data. o FIA_UID.1/ Post-Issuance Bank Management and FIA_UAU.1/ Post-Issuance Bank Management that contribute to meet the objective in requiring Issuing Bank to be identified and authenticated. o FIA_AFL.1/ Issuing Bank that details which special actions shall be undertaken and refining who is an authorized subject (only Issuing Bank has the privilege to block the PAP and its data). o FMT_SMF.1/ Functionalities is added as Post-Issuance Bank Management enables the Issuing Bank to block the PAP. O.SIM_UNLOCK This security objective is covered by FIA_UAU.1/ Payment Transaction and FIA_UID.1/ Payment Transaction which require a successful identification and authentication of the customer to the (U)SIM card to perform a payment transaction. O.AUDIT This security objective is met by the following SFRs: o FAU_GEN.1 which guarantees that auditable events are recorded o FAU_SAR.1/CUSTOMER and FAU_SAR.1/ISSUING_BANK which ensure that authorized users have the capability to read log files in a manner suitable for them to interpret the information. o FMT_SMF.1/ Functionalities is added as Post-Issuance Bank Management enables the Issuing Bank to have the capability to read log files. O.CHANNELS This security objective is met by the following SFRs: o FMT_SMF.1/ Functionalities which ensure that the communication channels can be selected FQR: 110 6672 Issue: 1 Date: July 2013 108/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. O.AUDIT_ACCESS This security objective is met by the following SFRs: o FAU_SAR.1/CUSTOMER which ensures that authorized users have the capability to read log files in a manner suitable for them to interpret the information. FQR: 110 6672 Issue: 1 Date: July 2013 109/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. OBJECTIVES handled by (U)SIM Platform O.GUIS_AUTH handled by the (U)SIM platform (O.COMM_AUTH) 6.3.2 Rationale tables of Security Objectives and SFRs Security Objectives Security Functional Requirements Rationale O.TRANSACTION_UNIQUE NESS FCS_CKM.1/Session Keys, FCS_CKM.4, FDP_ACC.2/ PAP Application, FDP_ACF.1/ PAP Application, FDP_ETC.1, FDP_IFC.2/ PAP Offline Authentication, FDP_IFF.1/ PAP Offline Authentication, FDP_UIT.1, FDP_ACC.2/ PAP Activation, FDP_ACF.1/ PAP Activation, FDP_ACF.1/ PAP Administration Management, FDP_ACF.1/ PAP Payment Transaction Management, FDP_ACF.1/ PAP Offline Authentication, FDP_ACF.1/ Post-Issuance Bank Management, FDP_ACF.1/ PAP Transaction, FDP_IFC.2/ PAP Offline Transaction, FDP_IFC.2/ PAP Online Transaction, FDP_IFC.2/ Post-Issuance Bank Management, FDP_IFF.1/ PAP Offline Transaction, FDP_IFF.1/ PAP Online Transaction, FDP_IFF.1/ Post-Issuance Bank Management, FDP_ITC.1, FDP_ACC.2/ PAP Administration Management, FDP_ACC.2/ PAP Payment Transaction Management, FDP_ACC.2/ Post-Issuance Bank Management, FDP_ACC.2/ PAP Offline Authentication, FDP_ACC.2/ PAP Transaction, FCS_COP.1/Application Cryptogram Section 6.3.1 FQR: 110 6672 Issue: 1 Date: July 2013 110/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. Security Objectives Security Functional Requirements Rationale O.TRANSACTION_INTEGRI TY FDP_ACC.2/ PAP Application, FDP_ACF.1/ PAP Application, FDP_ETC.1, FDP_IFC.2/ PAP Offline Authentication, FDP_ITC.2/ Post- Issuance Bank Management, FDP_ACC.2/ PAP Activation, FDP_ACF.1/ PAP Activation, FDP_ACF.1/ PAP Administration Management, FDP_ACF.1/ PAP Payment Transaction Management, FDP_ACF.1/ PAP Offline Authentication, FDP_ACF.1/ Post- Issuance Bank Management, FDP_ACF.1/ PAP Transaction, FDP_IFC.2/ PAP Offline Transaction, FDP_IFC.2/ PAP Online Transaction, FDP_IFC.2/ Post-Issuance Bank Management, FDP_ITC.1, FDP_ACC.2/ PAP Administration Management, FDP_ACC.2/ PAP Payment Transaction Management, FDP_ACC.2/ Post-Issuance Bank Management, FDP_ACC.2/ PAP Offline Authentication, FDP_ACC.2/ PAP Transaction, FDP_IFF.1/ PAP Offline Authentication, FDP_IFF.1/ PAP Offline Transaction, FDP_IFF.1/ PAP Online Transaction, FDP_IFF.1/ Post-Issuance Bank Management, FDP_ITC.2/ PAP Transaction, FMT_MOF.1/ Parameters, FMT_MSA.1/ Issuing Bank, FMT_MSA.3, FDP_UIT.1, FPT_TDC.1 Section 6.3.1 FQR: 110 6672 Issue: 1 Date: July 2013 111/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. Security Objectives Security Functional Requirements Rationale O.TRANSACTION_BYPASS FDP_ACC.2/ PAP Application, FDP_ACF.1/ PAP Application, FDP_ETC.1, FDP_IFC.2/ PAP Offline Authentication, FDP_IFF.1/ PAP Offline Authentication, FDP_ITC.2/ Post- Issuance Bank Management, FIA_UAU.1/ PAP Online Transaction, FDP_ACC.2/ PAP Activation, FDP_ACF.1/ PAP Activation, FDP_ACF.1/ PAP Administration Management, FDP_ACF.1/ PAP Payment Transaction Management, FDP_ACF.1/ PAP Offline Authentication, FDP_ACF.1/ Post- Issuance Bank Management, FDP_ACF.1/ PAP Transaction, FDP_IFC.2/ PAP Offline Transaction, FDP_IFC.2/ PAP Online Transaction, FDP_IFC.2/ Post-Issuance Bank Management, FDP_IFF.1/ PAP Offline Transaction, FDP_IFF.1/ PAP Online Transaction, FDP_IFF.1/ Post-Issuance Bank Management, FIA_UAU.1/ Post-Issuance Bank Management, FDP_ITC.1, FIA_UID.1/ PAP Online Transaction, FIA_UID.1/ Post- Issuance Bank Management, FDP_ACC.2/ PAP Administration Management, FDP_ACC.2/ PAP Payment Transaction Management, FDP_ACC.2/ Post-Issuance Bank Management, FDP_ACC.2/ PAP Transaction, FIA_AFL.1/ Customer, FIA_AFL.1/ Issuing Bank, FDP_ACC.2/ PAP Offline Authentication, FDP_ITC.2/ PAP Transaction, FIA_UID.1/ Payment Transaction,FPT_TDC.1 Section 6.3.1 O.TRANSACTION_REPLAY FPT_RPL.1, FIA_SOS.2, FIA_UAU.4, FCS_CKM.1/Session Keys, FCS_CKM.4, FDP_UIT.1 Section 6.3.1 O.USER_AUTH FDP_ACC.2/ PAP Application, FDP_ACF.1/ PAP Application, FDP_RIP.1, FIA_AFL.1/ Customer, FIA_ATD.1, FIA_UAU.3, FIA_UAU.4, FCS_COP.1/Messages Data Integrity, FCS_COP.1/Messages Data Confidentiality, FCS_COP.1 PIN, FDP_ACF.1/ PAP Administration Management, FDP_ACF.1/ PAP Payment Transaction Management, FDP_ACC.2/ PAP Administration Management, FDP_ACC.2/ PAP Payment Transaction Management, FIA_UAU.1/ PAP Online Transaction, FIA_UAU.6/ Customer, FIA_SOS.2, FMT_SMR.1, FIA_USB.1, FMT_SMF.1/Functionalities. Section 6.3.1 FQR: 110 6672 Issue: 1 Date: July 2013 112/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. Security Objectives Security Functional Requirements Rationale O.ISSUING_BANK_AUTH FDP_ACC.2/ PAP Application, FDP_ACF.1/ PAP Application, FDP_ETC.1, FIA_ATD.1, FIA_UAU.3, FIA_UAU.4, FCS_COP.1/Script Processing, FCS_COP.1/Messages Data Integrity, FCS_COP.1/Messages Data Confidentiality, FDP_ACC.2/ PAP Activation, FDP_ACF.1/ PAP Activation, FDP_ACF.1/ Post-Issuance Bank Management, FIA_AFL.1/ Issuing Bank, FDP_ITC.1, FMT_SMR.1, FDP_ITC.2/ Post-Issuance Bank Management, FDP_ACC.2/ PAP Administration Management, FDP_ACC.2/ PAP Payment Transaction Management, FDP_ACC.2/ Post-Issuance Bank Management, FDP_ACF.1/ PAP Administration Management, FDP_ACF.1/ PAP Payment Transaction Management, FIA_SOS.2, FIA_UAU.1/ Post-Issuance Bank Management, FIA_USB.1, FPT_TDC.1 FMT_SMF.1/Functionalities Section 6.3.1 O.MNO_AUTH O.AUTHORISATION_CONT ROL FDP_ACC.2/ PAP Application, FDP_ACF.1/ PAP Application, FIA_UAU.1/ PAP Online Transaction, FDP_ACC.2/ PAP Activation, FDP_ACF.1/ PAP Activation, FDP_ACF.1/ PAP Administration Management, FDP_ACF.1/ PAP Payment Transaction Management, FDP_ACF.1/ PAP Transaction, FDP_IFC.2/ PAP Online Transaction, FDP_IFF.1/ PAP Online Transaction, FDP_ITC.1, FDP_ACC.2/ PAP Administration Management, FDP_ACC.2/ PAP Payment Transaction Management, FDP_ACC.2/ PAP Transaction Section 6.3.1 FQR: 110 6672 Issue: 1 Date: July 2013 113/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. Security Objectives Security Functional Requirements Rationale O.DATA_DISCLOSURE FDP_IFF.1/ PAP Offline Authentication, FDP_IFC.2/ PAP Offline Authentication, FDP_RIP.1, FDP_ACC.2/ PAP Application, FDP_ACF.1/ PAP Application, FDP_ITC.2/ Post-Issuance Bank Management, FDP_ETC.1, FAU_ARP.1, FAU_SAA.1, FCS_COP.1/Messages Data Confidentiality, FDP_ACC.2/ PAP Activation, FDP_ACF.1/ PAP Activation, FDP_ACF.1/ PAP Administration Management, FDP_ACF.1/ PAP Payment Transaction Management, FDP_ACF.1/ PAP Offline Authentication, FDP_ACF.1/ Post-Issuance Bank Management, FDP_ACF.1/ PAP Transaction, FDP_IFC.2/ PAP Offline Transaction, FDP_IFC.2/ PAP Online Transaction, FDP_IFC.2/ Post-Issuance Bank Management, FDP_IFF.1/ PAP Offline Transaction, FDP_IFF.1/ PAP Online Transaction, FDP_IFF.1/ Post-Issuance Bank Management, FDP_ITC.1, FDP_ACC.2/ PAP Administration Management, FDP_ACC.2/ PAP Payment Transaction Management, FDP_ACC.2/ Post-Issuance Bank Management, FDP_ACC.2/ PAP Offline Authentication, FDP_ACC.2/ PAP Transaction, FDP_ITC.2/ PAP Transaction, FCS_COP.1/Offline Data Authentication, FCS_COP.1/Script Processing, FPR_UNO.1, FPT_TDC.1 Section 6.3.1 FQR: 110 6672 Issue: 1 Date: July 2013 114/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. Security Objectives Security Functional Requirements Rationale O.DATA_INTEGRITY FAU_ARP.1, FAU_SAA.1, FDP_ACC.2/ PAP Application, FDP_ACF.1/ PAP Application, FDP_DAU.1, FDP_ETC.1, FDP_IFC.2/ PAP Offline Authentication, FDP_IFF.1/ PAP Offline Authentication, FDP_ITC.2/ Post- Issuance Bank Management, FDP_SDI.2, FDP_UIT.1, FTP_ITC.1, FPT_TST.1, FMT_MTD.1/ Secrets, FCS_COP.1/Offline Data Authentication, FCS_COP.1/Application Cryptogram, FCS_COP.1/Script Processing, FCS_COP.1/Messages Data Integrity, FDP_ACC.2/ PAP Activation, FDP_ACF.1/ PAP Activation, FDP_ACF.1/ PAP Administration Management, FDP_ACF.1/ PAP Payment Transaction Management, FDP_ACF.1/ PAP Offline Authentication, FDP_ACF.1/ Post-Issuance Bank Management, FDP_ACF.1/ PAP Transaction, FDP_IFC.2/ PAP Offline Transaction, FDP_IFC.2/ PAP Online Transaction, FDP_IFC.2/ Post-Issuance Bank Management, FDP_IFF.1/ PAP Offline Transaction, FDP_IFF.1/ PAP Online Transaction, FDP_IFF.1/ Post-Issuance Bank Management, FDP_ITC.1, FDP_ACC.2/ PAP Administration Management, FDP_ACC.2/ PAP Payment Transaction Management, FDP_ACC.2/ PAP Offline Authentication, FDP_ACC.2/ PAP Transaction, FDP_ITC.2/ PAP Transaction, FDP_ACC.2/ Post-Issuance Bank Management, FMT_MOF.1/ Parameters, FMT_MSA.1/ Issuing Bank, FMT_MSA.3/ Issuing Bank, FPT_TDC.1 Section 6.3.1 O.DATA_USERS FMT_SMR.1 Section 6.3.1 O.RISK_MNGT FDP_ACC.2/ PAP Transaction, FDP_ACF.1/ PAP Transaction, FDP_IFC.2/ PAP Offline, FDP_IFF.1/ PAP Offline Transaction, FDP_IFC.2/ PAP Online Transaction FDP_IFF.1/ PAP Online Transaction, FDP_UIT.1, FMT_MSA.2 Section 6.3.1 O.APP_BLOCK FIA_AFL.1/ Issuing Bank FDP_ACC.2/ PAP Transaction, FDP_ACF.1/ PAP Transaction FDP_ACC.2/ PAP Administration Management, FDP_ACF.1/ PAP Administration Management FIA_UID.1/ Post-Issuance Bank Management, FIA_UAU.1/ Post-Issuance Bank Management FMT_SMF.1/Funtionalities Section 6.3.1 O.SIM_UNLOCK FIA_UAU.1/ Payment Transaction, FIA_UID.1/ Payment Transaction Section 6.3.1 FQR: 110 6672 Issue: 1 Date: July 2013 115/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. Security Objectives Security Functional Requirements Rationale O.AUDIT FAU_GEN.1, FAU_SAR.1/CUSTOMER, FAU_SAR.1/ISSUING_BANK Section 6.3.1 O.CHANNELS FMT_SMF.1/ Functionalities Section 6.3.1 O.AUDIT_ACCESS FAU_SAR.1/CUSTOMER Section 6.3.1 O.GUIS_AUTH Table 16 Security Objectives and SFRs – Coverage FQR: 110 6672 Issue: 1 Date: July 2013 116/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. Security Functional Requirements Security Objectives FDP_ACC.2/ PAP Application O.TRANSACTION_UNIQUENESS, O.TRANSACTION_INTEGRITY, O.TRANSACTION_BYPASS, O.USER_AUTH, O.ISSUING_BANK_AUTH, O.AUTHORISATION_CONTROL, O.DATA_DISCLOSURE, O.DATA_INTEGRITY FDP_ACC.2/ PAP Activation O.TRANSACTION_UNIQUENESS, O.TRANSACTION_INTEGRITY, O.TRANSACTION_BYPASS, O.ISSUING_BANK_AUTH, O.AUTHORISATION_CONTROL, O.DATA_DISCLOSURE, O.DATA_INTEGRITY FDP_ACC.2/ PAP Administration Management O.TRANSACTION_UNIQUENESS, O.TRANSACTION_INTEGRITY, O.TRANSACTION_BYPASS, O.USER_AUTH, O.ISSUING_BANK_AUTH, O.AUTHORISATION_CONTROL, O.DATA_DISCLOSURE, O.DATA_INTEGRITY O.APP_BLOCK FDP_ACC.2/ PAP Payment Transaction Management O.TRANSACTION_UNIQUENESS, O.TRANSACTION_INTEGRITY, O.TRANSACTION_BYPASS, O.USER_AUTH, O.ISSUING_BANK_AUTH, O.AUTHORISATION_CONTROL, O.DATA_DISCLOSURE, O.DATA_INTEGRITY FDP_ACC.2/ Post-Issuance Bank Management O.TRANSACTION_UNIQUENESS, O.TRANSACTION_INTEGRITY, O.TRANSACTION_BYPASS, O.ISSUING_BANK_AUTH, O.DATA_DISCLOSURE, O.DATA_INTEGRITY FDP_ACC.2/ PAP Offline Authentication O.TRANSACTION_UNIQUENESS, O.TRANSACTION_INTEGRITY, O.TRANSACTION_BYPASS, O.DATA_DISCLOSURE, O.DATA_INTEGRITY FDP_ACC.2/ PAP Transaction O.TRANSACTION_UNIQUENESS, O.TRANSACTION_INTEGRITY, O.TRANSACTION_BYPASS, O.AUTHORISATION_CONTROL, O.DATA_DISCLOSURE, O.DATA_INTEGRITY O.RISK_MNGT O.APP_BLOCK FQR: 110 6672 Issue: 1 Date: July 2013 117/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. Security Functional Requirements Security Objectives FDP_ACF.1/ PAP Application O.TRANSACTION_UNIQUENESS, O.TRANSACTION_INTEGRITY, O.TRANSACTION_BYPASS, O.USER_AUTH, O.ISSUING_BANK_AUTH, O.AUTHORISATION_CONTROL, O.DATA_DISCLOSURE, O.DATA_INTEGRITY FDP_ACF.1/ PAP Activation O.TRANSACTION_UNIQUENESS, O.TRANSACTION_INTEGRITY, O.TRANSACTION_BYPASS, O.ISSUING_BANK_AUTH, O.AUTHORISATION_CONTROL, O.DATA_DISCLOSURE, O.DATA_INTEGRITY FDP_ACF.1/ PAP Administration Management O.TRANSACTION_UNIQUENESS, O.TRANSACTION_INTEGRITY, O.TRANSACTION_BYPASS, O.USER_AUTH, O.ISSUING_BANK_AUTH, O.AUTHORISATION_CONTROL, O.DATA_DISCLOSURE, O.DATA_INTEGRITY O.APP_BLOCK FDP_ACF.1/ PAP Payment Transaction Management O.TRANSACTION_UNIQUENESS, O.TRANSACTION_INTEGRITY, O.TRANSACTION_BYPASS, O.USER_AUTH, O.ISSUING_BANK_AUTH, O.AUTHORISATION_CONTROL, O.DATA_DISCLOSURE, O.DATA_INTEGRITY FDP_ACF.1/ Post-Issuance Bank Management O.TRANSACTION_UNIQUENESS, O.TRANSACTION_INTEGRITY, O.TRANSACTION_BYPASS, O.ISSUING_BANK_AUTH, O.DATA_DISCLOSURE, O.DATA_INTEGRITY FDP_ACF.1/ PAP Offline Authentication O.TRANSACTION_UNIQUENESS, O.TRANSACTION_INTEGRITY, O.TRANSACTION_BYPASS, O.DATA_DISCLOSURE, O.DATA_INTEGRITY FDP_ACF.1/ PAP Transaction O.TRANSACTION_UNIQUENESS, O.TRANSACTION_INTEGRITY, O.TRANSACTION_BYPASS, O.AUTHORISATION_CONTROL, O.DATA_DISCLOSURE, O.DATA_INTEGRITY O.RISK_MNGT O.APP_BLOCK FQR: 110 6672 Issue: 1 Date: July 2013 118/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. Security Functional Requirements Security Objectives FDP_IFC.2/ PAP Offline Authentication O.TRANSACTION_UNIQUENESS, O.TRANSACTION_INTEGRITY, O.TRANSACTION_BYPASS, O.DATA_DISCLOSURE, O.DATA_INTEGRITY FDP_IFC.2/ PAP Offline Transaction O.TRANSACTION_UNIQUENESS, O.TRANSACTION_INTEGRITY, O.TRANSACTION_BYPASS, O.DATA_DISCLOSURE, O.DATA_INTEGRITY O.RISK_MNGT FDP_IFC.2/ PAP Online Transaction O.TRANSACTION_UNIQUENESS, O.TRANSACTION_INTEGRITY, O.TRANSACTION_BYPASS, O.AUTHORISATION_CONTROL, O.DATA_DISCLOSURE, O.DATA_INTEGRITY FDP_IFC.2/ Post-Issuance Bank Management O.TRANSACTION_UNIQUENESS, O.TRANSACTION_INTEGRITY, O.TRANSACTION_BYPASS, O.DATA_DISCLOSURE, O.DATA_INTEGRITY FDP_IFF.1/ PAP Offline Authentication O.TRANSACTION_UNIQUENESS, O.TRANSACTION_INTEGRITY, O.TRANSACTION_BYPASS, O.DATA_DISCLOSURE, O.DATA_INTEGRITY FDP_IFF.1/ PAP Offline Transaction O.TRANSACTION_UNIQUENESS, O.TRANSACTION_INTEGRITY, O.TRANSACTION_BYPASS, O.DATA_DISCLOSURE, O.DATA_INTEGRITY O.RISK_MNGT FDP_IFF.1/ PAP Online Transaction O.TRANSACTION_UNIQUENESS, O.TRANSACTION_INTEGRITY, O.TRANSACTION_BYPASS, O.AUTHORISATION_CONTROL, O.DATA_DISCLOSURE, O.DATA_INTEGRITY O.RISK_MNGT FDP_IFF.1/ Post-Issuance Bank Management O.TRANSACTION_UNIQUENESS, O.TRANSACTION_INTEGRITY, O.TRANSACTION_BYPASS, O.DATA_DISCLOSURE, O.DATA_INTEGRITY FAU_ARP.1 O.DATA_DISCLOSURE, O.DATA_INTEGRITY FQR: 110 6672 Issue: 1 Date: July 2013 119/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. Security Functional Requirements Security Objectives FAU_SAA.1 O.DATA_DISCLOSURE, O.DATA_INTEGRITY FAU_GEN.1 O.AUDIT FAU_SAR.1/CUSTOMER O.AUDIT, O.AUDIT_ACCESS FAU_SAR.1/ISSUING_BANK O.AUDIT, FCS_CKM.1/Session Keys O.TRANSACTION_UNIQUENESS, O.TRANSACTION_REPLAY FCS_CKM.4 O.TRANSACTION_UNIQUENESS, O.TRANSACTION_REPLAY FCS_COP.1/Offline Data Authentication O.DATA_DISCLOSURE, O.DATA_INTEGRITY FCS_COP.1/Application Cryptogram O.TRANSACTION_UNIQUENESS, O.DATA_INTEGRITY FCS_COP.1/Script Processing O.ISSUING_BANK_AUTH, O.DATA_DISCLOSURE, O.DATA_INTEGRITY FCS_COP.1/Messages Data Integrity O.USER_AUTH, O.ISSUING_BANK_AUTH, O.DATA_INTEGRITY FCS_COP.1/Messages Data Confidentiality O.USER_AUTH, O.ISSUING_BANK_AUTH, O.DATA_DISCLOSURE FCS_COP.1/PIN O.USER_AUTH, FDP_SDI.2 O.DATA_INTEGRITY FPT_TST.1 O.DATA_INTEGRITY FPT_RPL.1 O.TRANSACTION_REPLAY FDP_RIP.1 O.USER_AUTH, O.DATA_DISCLOSURE FMT_SMF.1/ Functionalities O.CHANNELS, O.USER_AUTH, O.ISSUING_BANK_AUTH O.APP_BLOCK, O.TRANSACTION_INTEG RITY O.TRANSACTION_BYPASS O.TRANSACTION_UNIQUENESS O.AUDIT FMT_MOF.1/ Parameters O.TRANSACTION_INTEGRITY, O.DATA_INTEGRITY FMT_MTD.1/ Secrets O.DATA_INTEGRITY FMT_MSA.1/ Issuing Bank O.TRANSACTION_INTEGRITY, O.DATA_INTEGRITY FMT_MSA.2 O.RISK_MNGT FMT_MSA.3 O.TRANSACTION_INTEGRITY, O.DATA_INTEGRITY FQR: 110 6672 Issue: 1 Date: July 2013 120/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. Security Functional Requirements Security Objectives FMT_SMR.1 O.USER_AUTH, O.ISSUING_BANK_AUTH, O.DATA_USERS FIA_AFL.1/ Customer O.TRANSACTION_BYPASS, O.USER_AUTH, FIA_AFL.1/ Issuing Bank O.TRANSACTION_BYPASS, O.ISSUING_BANK_AUTH, O.APP_BLOC, FIA_ATD.1 O.USER_AUTH, O.ISSUING_BANK_AUTH FIA_UAU.1/ PAP Online Transaction O.TRANSACTION_BYPASS, O.USER_AUTH, O.AUTHORISATION_CONTROL FIA_UAU.1/ Post-Issuance Bank Management O.TRANSACTION_BYPASS, O.ISSUING_BANK_AUTH O.APP_BLOCK FIA_UAU.1/ Payment Transaction O.SIM_UNLOCK FIA_UAU.3 O.USER_AUTH, O.ISSUING_BANK_AUTH FIA_UAU.4 O.TRANSACTION_REPLAY, O.USER_AUTH, O.ISSUING_BANK_AUTH FIA_UAU.6/ Customer O.USER_AUTH FIA_UID.1/ PAP Online Transaction O.TRANSACTION_BYPASS FIA_UID.1/ Post-Issuance Bank Management O.TRANSACTION_BYPASS O.APP_BLOCK FIA_UID.1/ Payment Transaction O.TRANSACTION_BYPASS, O.SIM_UNLOCK FIA_USB.1 O.USER_AUTH, O.ISSUING_BANK_AUTH FIA_SOS.2 O.TRANSACTION_REPLAY, O.USER_AUTH, O.ISSUING_BANK_AUTH FDP_DAU.1 O.DATA_INTEGRITY FDP_ITC.2/ Post-Issuance Bank Management O.TRANSACTION_INTEGRITY, O.TRANSACTION_BYPASS, O.ISSUING_BANK_AUTH, O.DATA_DISCLOSURE, O.DATA_INTEGRITY FDP_ITC.2/ PAP Transaction O.TRANSACTION_INTEGRITY, O.TRANSACTION_BYPASS, O.DATA_DISCLOSURE, O.DATA_INTEGRITY FDP_ETC.1 O.TRANSACTION_UNIQUENESS, O.TRANSACTION_INTEGRITY, O.TRANSACTION_BYPASS, O.ISSUING_BANK_AUTH, O.DATA_DISCLOSURE, O.DATA_INTEGRITY FQR: 110 6672 Issue: 1 Date: July 2013 121/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. Security Functional Requirements Security Objectives FDP_ITC.1 O.TRANSACTION_UNIQUENESS, O.TRANSACTION_INTEGRITY, O.TRANSACTION_BYPASS, O.ISSUING_BANK_AUTH, O.AUTHORISATION_CONTROL, O.DATA_DISCLOSURE, O.DATA_INTEGRITY FDP_UIT.1 O.TRANSACTION_UNIQUENESS, O.TRANSACTION_REPLAY, O.DATA_INTEGRITY, O.RISK_MNGT FTP_ITC.1 O.DATA_INTEGRITY FPR_UNO.1 O.DATA_DISCLOSURE FPT_TDC.1 O.TRANSACTION_INTEGRITY , O.TRANSACTION_BYPASS, O.ISSUING_BANK_AUTH, O.DATA_INTEGRITY Table 17 SFRs and Security Objectives FQR: 110 6672 Issue: 1 Date: July 2013 122/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. 6.3.3 Dependencies 6.3.3.1 SFRs Dependencies Requirements CC Dependencies Satisfied Dependencies FDP_ACC.2/ PAP Application (FDP_ACF.1) FDP_ACF.1/ PAP Application FDP_ACC.2/ PAP Activation (FDP_ACF.1) FDP_ACF.1/ PAP Activation FDP_ACC.2/ PAP Administration Management (FDP_ACF.1) FDP_ACF.1/ PAP Administration Management FDP_ACC.2/ PAP Payment Transaction Management (FDP_ACF.1) FDP_ACF.1/ PAP Payment Transaction Management FDP_ACC.2/ Post-Issuance Bank Management (FDP_ACF.1) FDP_ACF.1/ Post-Issuance Bank Management FDP_ACC.2/ PAP Offline Authentication (FDP_ACF.1) FDP_ACF.1/ PAP Offline Authentication FDP_ACC.2/ PAP Transaction (FDP_ACF.1) FDP_ACF.1/ PAP Transaction FDP_ACF.1/ PAP Application (FDP_ACC.1) and (FMT_MSA.3) FDP_ACC.2/ PAP Application, FMT_MSA.3 FDP_ACF.1/ PAP Activation (FDP_ACC.1) and (FMT_MSA.3) FDP_ACC.2/ PAP Activation, FMT_MSA.3 FDP_ACF.1/ PAP Administration Management (FDP_ACC.1) and (FMT_MSA.3) FDP_ACC.2/ PAP Administration Management, FMT_MSA.3 FDP_ACF.1/ PAP Payment Transaction Management (FDP_ACC.1) and (FMT_MSA.3) FDP_ACC.2/ PAP Payment Transaction Management, FMT_MSA.3 FDP_ACF.1/ Post-Issuance Bank Management (FDP_ACC.1) and (FMT_MSA.3) FDP_ACC.2/ Post-Issuance Bank Management, FMT_MSA.3 FDP_ACF.1/ PAP Offline Authentication (FDP_ACC.1) and (FMT_MSA.3) FDP_ACC.2/ PAP Offline Authentication, FMT_MSA.3 FDP_ACF.1/ PAP Transaction (FDP_ACC.1) and (FMT_MSA.3) FDP_ACC.2/ PAP Transaction, FMT_MSA.3 FDP_IFC.2/ PAP Offline Authentication (FDP_IFF.1) FDP_IFF.1/ PAP Offline Authentication FDP_IFC.2/ PAP Offline Transaction (FDP_IFF.1) FDP_IFF.1/ PAP Offline Transaction FDP_IFC.2/ PAP Online Transaction (FDP_IFF.1) FDP_IFF.1/ PAP Online Transaction FDP_IFC.2/ Post-Issuance Bank Management (FDP_IFF.1) FDP_IFF.1/ Post-Issuance Bank Management FDP_IFF.1/ PAP Offline Authentication (FDP_IFC.1) and (FMT_MSA.3) FDP_IFC.2/ PAP Offline Authentication, FMT_MSA.3 FDP_IFF.1/ PAP Offline Transaction (FDP_IFC.1) and (FMT_MSA.3) FDP_IFC.2/ PAP Offline Transaction, FMT_MSA.3 FQR: 110 6672 Issue: 1 Date: July 2013 123/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. Requirements CC Dependencies Satisfied Dependencies FDP_IFF.1/ PAP Online Transaction (FDP_IFC.1) and (FMT_MSA.3) FDP_IFC.2/ PAP Online Transaction, FMT_MSA.3 FDP_IFF.1/ Post-Issuance Bank Management (FDP_IFC.1) and (FMT_MSA.3) FDP_IFC.2/ Post-Issuance Bank Management, FMT_MSA.3 FAU_ARP.1 (FAU_SAA.1) FAU_SAA.1 FAU_SAA.1 (FAU_GEN.1) FAU_GEN.1 FAU_GEN.1 (FPT_STM.1) FAU_SAR.1/CUSTOMER (FAU_GEN.1) FAU_GEN.1 FAU_SAR.1/ISSUING_BANK (FAU_GEN.1) FAU_GEN.1 FCS_CKM.1/Session Keys (FCS_CKM.2 or FCS_COP.1) and (FCS_CKM.4) FCS_COP.1/Offline Data Authentication, FCS_COP.1/Script Processing and FCS_CKM.4 FCS_CKM.4 (FCS_CKM.1 or FDP_ITC.1 or FDP_ITC.2) FCS_CKM.1/Session Keys FCS_COP.1/Offline Data Authentication (FCS_CKM.1 or FDP_ITC.1 or FDP_ITC.2) and (FCS_CKM.4) FCS_CKM.1/Session Keys and FCS_CKM.4 FCS_COP.1/Application Cryptogram (FCS_CKM.1 or FDP_ITC.1 or FDP_ITC.2) and (FCS_CKM.4) FDP_ITC.2/ PAP Transaction and FCS_CKM.4 FCS_COP.1/Script Processing (FCS_CKM.1 or FDP_ITC.1 or FDP_ITC.2) and (FCS_CKM.4) FDP_ITC.2/ Post-Issuance Bank Management and FCS_CKM.4 FCS_COP.1/Messages Data Integrity (FCS_CKM.1 or FDP_ITC.1 or FDP_ITC.2) and (FCS_CKM.4) FDP_ITC.1 and FCS_CKM.4 FCS_COP.1/Messages Data Confidentiality (FCS_CKM.1 or FDP_ITC.1 or FDP_ITC.2) and (FCS_CKM.4) FDP_ITC.1 and FCS_CKM.4 FCS_COP.1 PIN (FCS_CKM.1 or FDP_ITC.1 or FDP_ITC.2) and (FCS_CKM.4) FDP_ITC.1 and FCS_CKM.4 FDP_SDI.2 No Dependencies FPT_TST.1 No Dependencies FPT_RPL.1 No Dependencies FQR: 110 6672 Issue: 1 Date: July 2013 124/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. Requirements CC Dependencies Satisfied Dependencies FDP_RIP.1 No Dependencies FMT_SMF.1/ Functionalities No Dependencies FMT_MOF.1/ Parameters (FMT_SMF.1) and (FMT_SMR.1) FMT_SMF.1/ Functionalities, FMT_SMR.1 FMT_MTD.1/ Secrets (FMT_SMF.1) and (FMT_SMR.1) FMT_SMF.1/ Functionalities, FMT_SMR.1 FMT_MSA.1/ Issuing Bank (FDP_ACC.1 or FDP_IFC.1) and (FMT_SMF.1) and (FMT_SMR.1) FDP_ACC.2/ Post-Issuance Bank Management, FDP_IFC.2/ Post-Issuance Bank Management, FMT_SMF.1/ Functionalities, FMT_SMR.1 FMT_MSA.2 (FDP_ACC.1 or FDP_IFC.1) and (FMT_MSA.1) and (FMT_SMR.1) FDP_ACC.2/ PAP Administration Management, FDP_ACC.2/ PAP Payment Transaction Management, FDP_IFC.2/ Post-Issuance Bank Management, FMT_MSA.1/ Issuing Bank, FMT_SMR.1 FMT_MSA.3 (FMT_MSA.1) and (FMT_SMR.1) FMT_MSA.1/ Issuing Bank, FMT_SMR.1 FMT_SMR.1 (FIA_UID.1) FIA_UID.1/ PAP Online Transaction, FIA_UID.1/ Post-Issuance Bank Management FIA_AFL.1/ Customer (FIA_UAU.1) FIA_UAU.1/ PAP Online Transaction FIA_AFL.1/ Issuing Bank (FIA_UAU.1) FIA_UAU.1/ PAP Online Transaction, FIA_UAU.1/ Post-Issuance Bank Management FIA_ATD.1 No Dependencies FIA_UAU.1/ PAP Online Transaction (FIA_UID.1) FIA_UID.1/ PAP Online Transaction FIA_UAU.1/ Post-Issuance Bank Management (FIA_UID.1) FIA_UID.1/ Post-Issuance Bank Management FIA_UAU.1/ Payment Transaction (FIA_UID.1) FIA_UID.1/ Payment Transaction FIA_UAU.3 No Dependencies FIA_UAU.4 No Dependencies FIA_UAU.6/ Customer No Dependencies FIA_UID.1/ PAP Online Transaction No Dependencies FIA_UID.1/ Post-Issuance Bank Management No Dependencies FIA_UID.1/ Payment Transaction No Dependencies FIA_USB.1 (FIA_ATD.1) FIA_ATD.1 FQR: 110 6672 Issue: 1 Date: July 2013 125/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. Requirements CC Dependencies Satisfied Dependencies FIA_SOS.2 No Dependencies FDP_DAU.1 No Dependencies FDP_ITC.2/ Post-Issuance Bank Management (FDP_ACC.1 or FDP_IFC.1) and (FPT_TDC.1) and (FTP_ITC.1 or FTP_TRP.1) FDP_ACC.2/ Post-Issuance Bank Management, FDP_IFC.2/ Post-Issuance Bank Management, FTP_ITC.1, FPT_TDC.1 FDP_ITC.2/ PAP Transaction (FDP_ACC.1 or FDP_IFC.1) and (FPT_TDC.1) and (FTP_ITC.1 or FTP_TRP.1) FDP_ACC.2/ Post-Issuance Bank Management, FDP_IFC.2/ Post-Issuance Bank Management, FTP_ITC.1, FPT_TDC.1 FDP_ETC.1 (FDP_ACC.1 or FDP_IFC.1) FDP_ACC.2/ PAP Application, FDP_ACC.2/ PAP Activation, FDP_ACC.2/ PAP Administration Management, FDP_ACC.2/ PAP Payment Transaction Management, FDP_ACC.2/ Post-Issuance Bank Management, FDP_ACC.2/ PAP Offline Authentication, FDP_ACC.2/ PAP Transaction, FDP_IFC.2/ PAP Offline Authentication, FDP_IFC.2/ PAP Offline Transaction, FDP_IFC.2/ PAP Online Transaction, FDP_IFC.2/ Post-Issuance Bank Management FDP_ITC.1 (FDP_ACC.1 or FDP_IFC.1) and (FMT_MSA.3) FDP_ACC.2/ PAP Application, FDP_ACC.2/ PAP Activation, FDP_ACC.2/ PAP Administration Management, FDP_ACC.2/ PAP Payment Transaction Management, FDP_ACC.2/ Post-Issuance Bank Management, FDP_ACC.2/ PAP Offline Authentication, FDP_ACC.2/ PAP Transaction, FDP_IFC.2/ PAP Offline Authentication, FDP_IFC.2/ PAP Offline Transaction, FDP_IFC.2/ PAP Online Transaction, FDP_IFC.2/ Post-Issuance Bank Management, FMT_MSA.3 FDP_UIT.1 (FDP_ACC.1 or FDP_IFC.1) and (FTP_ITC.1 or FTP_TRP.1) FDP_IFC.2/ PAP Offline Transaction, FDP_IFC.2/ PAP Online Transaction, FDP_IFC.2/ Post-Issuance Bank Management, FTP_ITC.1 FTP_ITC.1 No Dependencies FPR_UNO.1 No Dependencies FPT_TDC.1 No Dependencies Table 18 SFRs Dependencies FQR: 110 6672 Issue: 1 Date: July 2013 126/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. Rationale for the exclusion of dependencies The dependency FPT_STM.1 of FAU_GEN.1 is discarded. The dependency with FPT_STM.1 is not relevant to the TOE: correctness of time is of no use for the TOE objectives. 6.3.3.2 SARs Dependencies Requirements CC Dependencies Satisfied Dependencies AVA_VAN.5 (ADV_ARC.1) and (ADV_FSP.4) and (ADV_IMP.1) and (ADV_TDS.3) and (AGD_OPE.1) and (AGD_PRE.1) and (ATE_DPT.1) ADV_ARC.1, ADV_FSP.4, ADV_IMP.1, ADV_TDS.3, AGD_OPE.1, AGD_PRE.1, ATE_DPT.1 ADV_ARC.1 (ADV_FSP.1) and (ADV_TDS.1) ADV_FSP.4, ADV_TDS.3 ADV_FSP.4 (ADV_TDS.1) ADV_TDS.3 ADV_IMP.1 (ADV_TDS.3) and (ALC_TAT.1) ADV_TDS.3, ALC_TAT.1 ADV_TDS.3 (ADV_FSP.4) ADV_FSP.4 AGD_OPE.1 (ADV_FSP.1) ADV_FSP.4 AGD_PRE.1 No Dependencies ALC_CMC.4 (ALC_CMS.1) and (ALC_DVS.1) and (ALC_LCD.1) ALC_CMS.4, ALC_DVS.2, ALC_LCD.1 ALC_CMS.4 No Dependencies ALC_DEL.1 No Dependencies ALC_DVS.2 No Dependencies ALC_LCD.1 No Dependencies ALC_TAT.1 (ADV_IMP.1) ADV_IMP.1 ASE_CCL.1 (ASE_ECD.1) and (ASE_INT.1) and (ASE_REQ.1) ASE_ECD.1, ASE_INT.1, ASE_REQ.2 ASE_ECD.1 No Dependencies ASE_INT.1 No Dependencies ASE_OBJ.2 (ASE_SPD.1) ASE_SPD.1 ASE_REQ.2 (ASE_ECD.1) and (ASE_OBJ.2) ASE_ECD.1, ASE_OBJ.2 ASE_SPD.1 No Dependencies ASE_TSS.1 (ADV_FSP.1) and (ASE_INT.1) and (ASE_REQ.1) ADV_FSP.4, ASE_INT.1, ASE_REQ.2 ATE_COV.2 (ADV_FSP.2) and (ATE_FUN.1) ADV_FSP.4, ATE_FUN.1 ATE_DPT.1 (ADV_ARC.1) and (ADV_TDS.2) and (ATE_FUN.1) ADV_ARC.1, ADV_TDS.3, ATE_FUN.1 ATE_FUN.1 (ATE_COV.1) ATE_COV.2 FQR: 110 6672 Issue: 1 Date: July 2013 127/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. Requirements CC Dependencies Satisfied Dependencies ATE_IND.2 (ADV_FSP.2) and (AGD_OPE.1) and (AGD_PRE.1) and (ATE_COV.1) and (ATE_FUN.1) ADV_FSP.4, AGD_OPE.1, AGD_PRE.1, ATE_COV.2, ATE_FUN.1 Table 19 SARs Dependencies 6.3.4 Rationale for the Security Assurance Requirements EAL4 allows a developer to attain a reasonably high assurance level without the need for highly specialized processes and practices. It corresponds to a white box analysis and it can be considered as a reasonable level that can be applied to an existing product line without undue expense and complexity. 6.3.5 ALC_DVS.2 Sufficiency of security measures This component was added in order to provide a higher assurance on the security of the PAP development and manufacturing processes, especially for the secure handling of the embedded data. Those requirements appear as the most adequate ones for a manufacturing process in which several actors exchange and store highly sensitive information (confidential code, cryptographic keys, peronalisation data, etc). 6.3.6 AVA_VAN.5 Advanced methodical vulnerability analysis This component added to EAL 4 package in order to provide sufficient robustness to counter an attacker with high attack potential without the support of a protecting environment. Moreover, the PAP is a highly sensitive application. Potential attackers for such kind of applications could include experienced hackers or international organizations disposing of advanced means and resources. FQR: 110 6672 Issue: 1 Date: July 2013 128/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. 7 TOE Summary Specification 7.1 TOE Summary Specification This chapter presents the TOE summary specification. It presents all security function implemented in the TOE. SF_PAP_Access_Control SF_PAP_Access_Control: This security function ensures that access to the operations is done regarding: -The State Machine Policy (SELECTED, INITIATED), -The Blocked/Unblocked state -The contactless visibility of the PAP Application (ACTIVATED, DEACTIVATED, NON ACTIVABLE). -The Used Mode (Management, Payment). These conditions are checked by the dispatcher who permits to determine which operation is to be executed following input data and parameters. Application Note: For a payment Transaction, the used mode must be Payment Mode and the CL Life Cycle of the PAP must be ACTIVATED. The PAP Application must be SELECTABLE and must Selected before initiating any action on it. For a payment Transaction, the used mode must be Payment Mode and the CL Life Cycle of the PAP must be ACTIVATED. The PAP Application must be SELECTABLE and must Selected before initiating any action on it SF_Unobservability_Pin _ Keys_Comparaison SF_Unobservability_Pin _ Keys_Comparaison This function assures that processing based on secure elements of the TOE does not reveal any information on those elements. For example, observation of a PIN verification cannot reveal the PIN value, observation of key comparaison cannot give information on the key. SF_Dispatcher This function controls which operation can be executed regarding input data and parameters. it determines Bank management commands: APPLICATION BLOCK, APPLICATION UNBLOCK, PUT DATA, PIN CHANGE UNBLOCK, OFFLINE PIN CHANGE. Application Note: Implemented in ProcessData SF_Platform This requirement is implemented by the platform. Details are in the Platform ST-lite [31]. SF_SINGLE_ACTIVATION Implemented within the CRS, this function ensures that only one instance is active at the same time. SF_Integrity_Confid This security function enforces check of confidentiality, integrity and/or origin of several objects especially the following ones: -PAP Keys; -PAP Counters; -PAP Transaction Parameters; -Issuing Bank Transaction Data; FQR: 110 6672 Issue: 1 Date: July 2013 129/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. These objects are accessed if their state permits it and if their confidentiality are well ensured. PAP Keys are handled by Cryptographic objects owned by the platform and are protected against disclosure and their integrity is ensured by the platform. Integrity is ensured by computing and checking MAC and Cryptogram using Session Keys. Mirrors are also used for this purpose. Input data are encrypted when confidentiality is required. These attributes are implemented within commands that handle those objects (GENERATE AC, PUT DATA, UPDATE RECORD, PIN CHANGE/UNBLOCK, APPLICATION BLOCK/UNBLOCK, and Second GENERATE AC). SF_PAYMNT_AND_ADMIN_MANAGMNT This security function implements security attributes (ACF.1.1) and rules (ACF.1.2) and enforces them through the commands that handle Reference Personal Code, PAP Counters, PAP Activation/Deactivation, PAP Locking/Unlocking and Log Entry. [Log entry can be accessed, for reading (if not empty) or for update, in both management and payment modes. The Log update is implemented within GENERATE AC command. ] The integrity of data is ensured through MAC computation and comparison. [Reference Personal Code is managed by an object (OWNER PIN) owned by platform. The platform is in charge of controlling the integrity of the Reference Personal Control and the key by handling a checksum.] The Personal Code Presentation is requested in payment mode if: o PAP Personal Code State is NOT VERIFIED (by the Bank's GUI) or ALWAYS REQUESTED or REQUESTED AT THE NEXT PAYMENT; o PAP Personal Code Entry Amount is GREATER THAN PERSONAL CODE ENTRY LIMIT VALUE or the Systematic Personal Code State is ENABLED; SF_TRANSACTION_FLOW SF_TRANSACTION_FLOW: This security function implements Transaction flow following [75] and [76] specifications. SF_TRANSACTION This security function implements the use, by the S.PAP, of the necessary objects (Customer Account Information, PAP Counters, PAP Keys, PAP State Machine, PAP Transaction Parameters) involved in a transaction (Read only for some of these objects and update of some others). This function is implements through commands that handle these objects (GPO, Read Record, and Generate AC/CDA). This function ensures the authentication (Online and OffLine) with the POS and the Issuing Bank. SF_CARD_RISK_MANAGMNT This security function implements the Card Action Analysis and ensures that the transaction is not rejected. SF_Alarm This security function detects all security violation (SAA) and takes appropriate actions (ARP). SF_AUDIT_LOG This SF stores a log with all auditable events (purchase currency; transaction date; transaction time; merchant's name;... these events are accessible on read only by U.Customer and U.Issuing bank. FQR: 110 6672 Issue: 1 Date: July 2013 130/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. SF_No_REPLAY This security function ensures that there is no replay on commands (ISSUERS Scripts and Verify) by updating a set of counters for each command. SF_Management The SF ensures access control and flow control for management of functionalities, behaviour of the PAP application, modification of user data and TSF data and security attributes of the PAP application. This TSF allows the Issuing Bank to provide restrictive values for security attributes. These security attributes have to be restrictive by default. The operations are allowed at post issuance by the issuing Bank once it’s authenticated. SF_User_Auth This security function checks the authentication of the User (Customer or Issuing BANK). For the user, it checks the given Personal Code and detects unsuccessful authentication. It blocks the PAP Reference Personal Code if the maximum number of tries is reached (Handled by the VERIFY command). For the Issuing Bank, it checks the issuing authentication data and detects the unsuccessful authentication. When the defined number of unsuccessful is reached, this function returns an error as specified in [12] By default, the AP Transaction Processing State initially indicates no identification/authentication of the user. Application Note: The Issuing authentication data is the cryptogram. The cryptogram is based on the ARPC and the application cryptogram generated during first Generate AC. SF_CHALLENGE This function ensures to generate an 8 bytes challenge generated by API javacard.security.RandomData.generateData. SF_DATA_VALIDITY This function assures the validity of the following data (Personnal code, counters,..). SF_TIME_OUT This function checks the timeout and cancels the transaction when it's reached. it's implemented within the middlet. SF_SECURE_CHANNEL This function ensures use of secure channel for exchange between PAP application and external entity (BANK TSM or MNO). The Secure Channel is opened to the initiative of an external entity, and it ensures integrity and confidentiality of the exchanges between PAP and this external entity. 7.2 SFRs and TSS This chapter is removed from the public version. FQR: 110 6672 Issue: 1 Date: July 2013 131/131 All rights of Oberthur Technologies are reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owner. 8 Compatibility The chapter is removed.