PREMIER MINISTRE
General Secretariat for Defence and National Security
French Network and Information Security Agency
Certification Report ANSSI-CC-2010/02
SA23YR48/80B and SB23YR48/80B Secure
Microcontrollers, including the cryptographic
library Neslib v2.0 or v3.0, in SA or SB
configuration
Paris, February 1st
2010
Courtesy Translation
Certification report ANSSI-CC-2010/02 SA23YR48/80B and SB23YR48/80B
Page 2 out 18 CER/F/07.5
Warning
This report is designed to provide sponsors with a document enabling them to assess the
security level of a product under the conditions of use and operation defined in this report for
the evaluated version. It is also designed to provide the potential purchaser of the product with
the conditions under which he may operate or use the product so as to meet the conditions of
use for which the product has been evaluated and certified; that is why this certification report
must be read alongside the evaluated user and administration guidance, as well as with the
product security target, which presents threats, environmental assumptions and the supposed
conditions of use so that the user can judge for himself whether the product meets his needs in
terms of security objectives.
Certification does not, however, constitute a recommendation product from ANSSI (French
Network and Information Security Agency), and does not guarantee that the certified product
is totally free of all exploitable vulnerabilities.
Any correspondence about this report has to be addressed to:
Secrétariat général de la défense et de la sécurité nationale
Agence nationale de la sécurité des systèmes d'information
51, boulevard de la Tour Maubourg
75700 PARIS cedex 07 SP
France
certification.anssi@ssi.gouv.fr
Reproduction of this document without any change or cut is authorised.
SA23YR48/80B and SB23YR48/80B Certification report ANSSI-CC-2010/02
Page 3 out 18
Certification report reference
ANSSI-CC-2010/02
Product name
SA23YR48/80B and SB23YR48/80B secure
microcontrollers, including the cryptographic library
Neslib v2.0 or v3.0, in SA or SB configuration
Product reference
SA23YR48/80B and SB23YR48/80B Revision B (dedicated software ANC, K2M0BFB mask set),
including the cryptographic library Neslib v2.0 or v3.0, in SA or SB configuration
Protection profile conformity
BSI-PP-0035-2007 version 1.0
Evaluation criteria and version
Common Criteria version 3.1
Evaluation level
EAL 6 augmented
ALC_FLR.1
Developer
STMicroelectronics
Smartcard IC division, 190 Avenue Célestin Coq, 13106 Rousset Cedex, France
Sponsor
STMicroelectronics
Smartcard IC division, 190 Avenue Célestin Coq, 13106 Rousset Cedex, France
Evaluation facility
Serma Technologies
30 avenue Gustave Eiffel, 33608 Pessac, France
Phone: +33 (0)5 57 26 08 75, email : e.francois@serma.com
Recognition arrangements
CCRA
The product is recognised at EAL4 level.
SOG-IS
Certification report ANSSI-CC-2010/02 SA23YR48/80B and SB23YR48/80B
Page 4 out 18 CER/F/07.5
Introduction
The Certification
Security certification for information technology products and systems is governed by decree
number 2002-535 dated 18 April 2002 and published in the "Journal Officiel de la République
Française". This decree stipulates that:
• The French Network and Information Security Agency draws up certification
reports. These reports indicate the features of the proposed security targets. They may
include any warnings that the authors feel the need to mention for security reasons.
They may or may not be transmitted to third parties or made public, as the sponsors
desire (article 7).
• The certificates issued by the Prime Minister certify that the copies of the products or
systems submitted for evaluation fulfil the specified security features. They also
certify that the evaluations have been carried out in compliance with applicable rules
and standards, with the required degrees of skill and impartiality (article 8).
The procedures are available on the Internet site www.ssi.gouv.fr.
SA23YR48/80B and SB23YR48/80B Certification report ANSSI-CC-2010/02
Page 5 out 18
Content
1. PRODUCT .................................................................................................................................... 6
1.1. PRESENTATION OF THE PRODUCT........................................................................................... 6
1.2. EVALUATED PRODUCT DESCRIPTION ..................................................................................... 6
1.2.1. Product identification...........................................................................................................6
1.2.2. Security services ...................................................................................................................7
1.2.3. Architecture ..........................................................................................................................7
1.2.4. Life cycle...............................................................................................................................8
1.2.5. Evaluated configuration .....................................................................................................10
2. EVALUATION........................................................................................................................... 11
2.1. EVALUATION REFERENTIAL ................................................................................................. 11
2.2. EVALUATION WORK ............................................................................................................. 11
2.3. CRYPTOGRAPHIC MECHANISMS ROBUSTNESS ANALYSIS ACCORDING TO ANSSI TECHNICAL
REFERENCE FRAME............................................................................................................................ 11
2.4. RANDOM NUMBER GENERATOR ANALYSIS .......................................................................... 11
3. CERTIFICATION...................................................................................................................... 12
3.1. CONCLUSION........................................................................................................................ 12
3.2. RESTRICTIONS OF USE.......................................................................................................... 12
3.3. RECOGNITION OF THE CERTIFICATE..................................................................................... 12
3.3.1. European recognition (SOG-IS).........................................................................................12
3.3.2. International common criteria recognition (CCRA) ..........................................................13
ANNEX 1. EVALUATION LEVEL OF THE PRODUCT.............................................................. 14
ANNEX 2. EVALUATED PRODUCT DOCUMENT REFERENCES......................................... 15
ANNEX 3. CERTIFICATION REFERENCES................................................................................ 17
Certification report ANSSI-CC-2010/02 SA23YR48/80B and SB23YR48/80B
Page 6 out 18 CER/F/07.5
1. Product
1.1. Presentation of the product
The evaluated products are the SA23YR48, SA23YR80, SB23YR48 and SB23YR80 secure
microcontrollers revision B (dedicated software ANC, K2M0BFB mask set) developed by
STMicroelectronics. These products include the cryptographic library Neslib in version v2.0
or v3.0, in SA configuration for SA23YR48/80B and in SB configuration for
SB23YR48/80B.
The hardware part and the dedicated software are identical to the ST23YR48B and
ST23YR80B secure microcontrollers certified under the reference ANSSI-CC-2010/01.
The SASB23YR48B and SA/B23YR80B only differ by the logical size of the non volatile
EEPROM memory (48Kb or 80Kb), the physical size of the memory being 80Kb in both
products.
The SA23YR48/80B and SB23YR48/80B only differ by the SA or SB configuration of the
Neslib cryptographic library in version v2.0 or v3.0. The SA Neslib configuration provides
high-level routines to perform RSA and SHA operations, on top of that the SB configuration
provides high-level routines to perform AES and ECC operations. The Neslib v3.0 on
SB23YR48/80B products, in SB configuration, only differ from v2.0 by (SKG) routines
added to provide Secure prime numbers and RSA Key Generation.
The microcontrollers aim to host one or several software applications and can be embedded in
a plastic support to create a Smartcard with multiple possible usages (secure identity
documents, banking, health card, pay-TV or transport applications…) depending on the
Embedded Software applications. However, only the microcontroller is evaluated. The
software applications are not in the scope of this evaluation.
1.2. Evaluated product description
The security target [ST] defines the evaluated product, its evaluated security functionalities
and its operational environment.
This security target is compliant with [PP035] protection profile (strict compliance).
1.2.1. Product identification
The configuration list [CONF] identifies the product’s constituent elements.
The certified version of the product can be identified by the following elements:
- Die identification: K2M0A (Die name with HW major cut reference) and all masks
revision letters corresponding to K2M0BFB mask set;
- Cryptographic Library Reference: Neslib revision v2.0 or v3.0 (SA or SB
configuration);
- Dedicated software identification: ANC (Boot sequence, embedded test software);
SA23YR48/80B and SB23YR48/80B Certification report ANSSI-CC-2010/02
Page 7 out 18
- Embedded software identification: UBT (this is the Card Manager, a reference
Operating System, embedded in the User ROM of the samples which have been
tested, for the evaluation needs only. The Card Manager is not part of the evaluation
perimeter, cf §1.2.5);
- Manufacturing site identification: ST 4 (Rousset).
Identification elements are marked on the die and can be checked with a microscope. In
addition, two bytes in OTP allow identifying the product from a logical point of view, as
described in the “Datasheet” (cf. [GUIDES]. For Neslib Cryptographic library, Neslib
provides an API in order to get the library revision, as described in the Neslib “User Manual”
(cf. [GUIDES]).
1.2.2. Security services
The product provides mainly the following security services:
- Initialisation of the hardware platform and its attributes;
- Secure handling of the life cycle;
- Logical integrity of the product;
- Test of the product;
- Memory management (firewall);
- Physical tampering protection;
- Security violation administrator;
- Unobservability;
- Symmetric Key Cryptography Support;
- Asymmetric Key Cryptography Support;
- Unpredictable number generation support;
- A cryptographic library providing, depending on version and configuration used, high-
level routines to perform RSA, SHA, AES , ECC and SKG (Secure prime numbers
and RSA Key Generation) operations.
1.2.3. Architecture
The SA/SB23YR48/80B microcontrollers are made up of:
- A Hardware part:
- An 8/16-bit central processing unit;
- Memories:
ƒ 48/80 Kbytes of EEPROM (including 128 bytes of OTP) with integrity
control, for program and data storage,
ƒ 390 Kbytes of ROM for user software,
ƒ 6 Kbytes of RAM,
ƒ 20 Kbytes of ROM for dedicated software;
- Security Modules: Memory protection unit (MPU), clock generator, security
monitoring and control, power management, memory integrity control and fault
detection;
- Functional Modules: 3 8-bit timers, I/O management in contact mode (IART ISO
7816-3) and contactless mode (RF UART ISO 14443-B), True Random Number
Generator, EDES co-processor supporting DES algorithms and the NESCRYPT
co-processor with a dedicated 2-Kbyte RAM supporting public key cryptographic
algorithms.
- A dedicated software is embedded in ROM which comprises:
- Microcontroller test software (“Auto test”);
Certification report ANSSI-CC-2010/02 SA23YR48/80B and SB23YR48/80B
Page 8 out 18 CER/F/07.5
- System and Hardware/Software interface management capabilities.
- A cryptographic library (Neslib v2.0 or v3.0) providing routines to perform RSA
and SHA cryptographic operations, in configuration SA; or routines to perform
RSA, SHA, AES , ECC and SKG operations, in SB configuration (Secure prime
numbers and RSA key Generation, only available on Neslib v3.0). This library is
integrated by the Customer in his code, and is then embedded in the product User
ROM
1.2.4. Life cycle
The product’s life cycle is organised as follow:
Phase 1
Phase 2
Phase 3
Phase 4
Phase 5
Phase 6
Phase 7
Smartcard embedded
software development
Product
constructio
n
IC design with its dedicated
software
Smartcard IC database
construction
IC photomask fabrication
IC testing and prepersonalisation
IC manufacturing
Testing
IC packaging
Testing
Smartcard product finishing process
Testing
Personalisation
Smartcard product end-
usage
Product
usage
End of life process
Legend
Trusted delivery and
verification procedures
Delivery done within
secure environment
Phases
supposed
to
be
secured
STM Rousset
STM Singapore
STM Rousset
DNP Tokyo
DNP Agrate
STM Rousset
STM Rousset
STM, Zaventem
Phase 1
Phase 2
Phase 3
Phase 4
Phase 5
Phase 6
Phase 7
Smartcard embedded
software development
Product
constructio
n
IC design with its dedicated
software
Smartcard IC database
construction
IC photomask fabrication
IC testing and prepersonalisation
IC manufacturing
Testing
IC packaging
Testing
Smartcard product finishing process
Testing
Personalisation
Smartcard product end-
usage
Product
usage
End of life process
Legend
Trusted delivery and
verification procedures
Delivery done within
secure environment
Legend
Trusted delivery and
verification procedures
Delivery done within
secure environment
Phases
supposed
to
be
secured
STM Rousset
STM Singapore
STM Rousset
DNP Tokyo
DNP Agrate
STM Rousset
STM Rousset
STM, Zaventem
Figure 1 – Life cycle of a smart card
SA23YR48/80B and SB23YR48/80B Certification report ANSSI-CC-2010/02
Page 9 out 18
The product is designed, prepared, manufactured and tested by:
STMicroelectronics SAS
Smartcard IC division
ZI de Rousset, BP2
13106 Rousset Cedex
France
A part of the design is realised by:
STMicroelectronics Pte Ltd
5A Serangoon North Avenue 5
554574 Singapore
Singapore
and by:
STMicroelectronics
Excelsiorlaan 44-46,
B-1930 Zaventem,
Belgium.
The photo masks of the product are manufactured by:
DAI NIPPON PRINTING CO., LTD
2-2-1, Fukuoka, kamifukuoka-shi,
Saitama-Ken, 356-8507
Japan
and by:
DAI NIPPON PRINTING EUROPE
Via C. Olivetti, 2/A,
I-20041 Agrate Brianza,
Italy
The product manages itself the logical phases of its life cycle and can be in one of its two
following configurations:
• “Test” configuration: at the end of IC manufacturing, the microcontroller is tested
using the test software stored in ROM (called “Autotest”) within the secure developer
premises. Pre-personalization data can be loaded in the EEPROM. The product
configuration is changed to “User” before delivery to the next user, and the device
cannot be reversed to the “test” configuration.
• “User” configuration: final configuration of the product, including 3 modes:
ƒ “reduced test”, allowing STMicroelectronics to perform some reduced sets of
test;
ƒ “diagnosis”, allowing even more limited operations restricted to
STMicroelectronics;
ƒ “end user”, final usage mode of the product, whose functionalities are driven
exclusively by the Embedded Software. The developer test functionalities are
unavailable. The end-users of the product can use it only under this mode.
Certification report ANSSI-CC-2010/02 SA23YR48/80B and SB23YR48/80B
Page 10 out 18 CER/F/07.5
1.2.5. Evaluated configuration
This certification report presents the evaluation work related to the product and the dedicated
software identified in §1.2.1. Any other embedded application, such as the Card Manager
embedded for evaluation purpose only, is not part of the evaluation perimeter.
Referring to the life-cycle, the evaluated product is the product that comes out the
manufacturing, test and pre-personalization phase (phase 3).
For the evaluation needs, the product SB23YR80B (with internal revision F) was provided to
the ITSEF, this product includes Neslib v3.0 and a dedicated software in a mode known as
“open1
”.
1
mode that enables to load and execute a native code in EEPROM and also to disable the configurable security
mechanisms.
SA23YR48/80B and SB23YR48/80B Certification report ANSSI-CC-2010/02
Page 11 out 18
2. Evaluation
2.1. Evaluation referential
The evaluation has been performed in compliance with Common Criteria version 3.1 [CC]
and the Common Evaluation Methodology [CEM]. For assurance components above EAL4
level, the evaluation facility own evaluation methods, validated by ANSSI, have been used. In
order to meet the specificities of smart cards, the [CC IC] and [CC AP] guides have been
applied.
2.2. Evaluation work
This Re-Evaluation is based on the impact analysis report [SIA] and on the results of the
SA23YR48/80A and SB23YR48/80A including the cryptographic library Neslib v3.0,
product evaluation certified EAL6+ on January 2010 with the reference DCSSI-2009/62. And
is also based on the results of the SA23YR48/80A and SB23YR48/80A including the
cryptographic library Neslib v2.0, product evaluation certified EAL6+ on December 2009
with the reference DCSSI-2009/51.
The evaluation technical report [ETR], delivered to ANSSI on the 5th
of January 2010,
describes the work performed by the evaluation facility and assesses that all evaluation tasks
are “pass”.
2.3. Cryptographic mechanisms robustness analysis according to ANSSI
technical reference frame
The evaluated product provides the following cryptographic support services:
- support for symmetric key cryptography (EDES) ;
- support for asymmetric key cryptography (NESCRYPT) ;
- support for random numbers generation (TRNG).
These services, however, cannot be analyzed in relation to the ANSSI technical reference
frame [REF-CRY], [REF-CLE] and [REF-AUT], as they do not contribute to the inherent
security of the product; their strength will depend on their use by the application embedded in
the microcircuit.
The SA/SB23YR48/80B products include also a cryptographic library Neslib v2.0 or v3.0.
The quotation of the cryptographic mechanisms provided by this library, according to
technical reference frame [REF-CRY], [REF-CLE] and [REF-AUT], has not been performed.
Nevertheless, the evaluation did not reveal any vulnerability in design nor implementation for
the targeted AVA_VAN level.
2.4. Random number generator analysis
The evaluated product provides a hardware random number generator that has been evaluated
according to the [AIS31] methodology by the evaluation facility: the generator reaches the
class “P2 – SOF-high” according to [AIS31].
Certification report ANSSI-CC-2010/02 SA23YR48/80B and SB23YR48/80B
Page 12 out 18 CER/F/07.5
3. Certification
3.1. Conclusion
The evaluation was carried out according to the current rules and standards, with the required
competency and impartiality as required for an accredited evaluation facility. All the work
performed allows the release of a certificate in conformance with the decree 2002-535.
This certificate testifies that the secure microcontrollers SA/SB23YR48/80B, including the
cryptographic library Neslib v2.0 or v3.0, in configuration SA or SB, submitted for
evaluation, fulfil the security features specified in its security target [ST] for the evaluation
level EAL6 augmented.
3.2. Restrictions of use
This certificate only applies on the products specified in chapter 1.2 of this certification
report.
This certificate provides a resistance assessment of the SA/SB23YR48/80B products to a set
of attacks which remains generic due to the missing of any specific embedded application.
Therefore, the security of a final product based on the evaluated microcontrollers would only
be assessed through the final product evaluation, which could be performed using the results
of current evaluation listed in Chapter 2.
The user of the certified product shall respect the operational environmental security
objectives specified in the security target [ST] chapter 5.2 and shall respect the
recommendations in the guidance [GUIDES].
3.3. Recognition of the certificate
3.3.1. European recognition (SOG-IS)
This certificate is issued in accordance with the provisions of the SOG-IS agreement [SOG-
IS].
The European recognition agreement made by SOG-IS in 1999 allows recognition from
signatory states of the agreement1
, of ITSEC and Common Criteria certificates. The European
recognition is applicable up to ITSEC E6 and CC EAL7 levels. The certificates that are
recognized in such scope are released with the following marking:
1 The signatory countries of the SOG-IS agreement are: Finland, France, Germany, Greece, Italy, The
Netherlands, Norway, Spain, Sweden and United Kingdom.
SA23YR48/80B and SB23YR48/80B Certification report ANSSI-CC-2010/02
Page 13 out 18
3.3.2. International common criteria recognition (CCRA)
This certificate is released in accordance with the provisions of the CCRA [CC RA].
The Common Criteria Recognition Arrangement allows the recognition, by signatory
countries1
, of the Common Criteria certificates. The mutual recognition is applicable up to the
assurance components of CC EAL4 level and also to ALC_FLR family. The certificates that
are recognized in the agreement scope are released with the following marking:
1 The signatory countries of the CCRA arrangement are: Australia, Austria, Canada, Czech Republic, Denmark,
Finland, France, Germany, Greece, Hungary, India, Israel, Italy, Japan, the Republic of Korea, Malaysia,
Netherlands, New-Zealand, Norway, Singapore, Spain, Sweden, Turkey, the United Kingdom and the United
States of America.
Certification report ANSSI-CC-2010/02 SA23YR48/80B and SB23YR48/80B
Page 14 out 18 CER/F/07.5
Annex 1. Evaluation level of the
product
Classe Famille Composants par niveau
d’assurance
Niveau d’assurance retenu
pour le produit
EAL
1
EAL
2
EAL
3
EAL
4
EAL
5
EAL
6
EAL
7
EAL
6+
Intitulé du composant
ADV
Développement
ADV_ARC 1 1 1 1 1 1 1 Security architecture description
ADV_FSP 1 2 3 4 5 5 6 5
Complete semiformal functional
specification with additional
error information
ADV_IMP 1 1 2 2 2
Complete mapping of the
implementation representation of
the TSF
ADV_INT 2 3 3 3 Minimally complex internals
ADV_SPM 1 1 1
Formal TOE security policy
model
ADV_TDS 1 2 3 4 5 6 5
Complete semiformal modular
design
AGD
Guides
d’utilisation
AGD_OPE 1 1 1 1 1 1 1 1 Operational user guidance
AGD_PRE 1 1 1 1 1 1 1 1 Preparative procedure
ALC
Support au
cycle de vie
ALC_CMC 1 2 3 4 4 5 5 5 Advanced support
ALC_CMS 1 2 3 4 5 5 5 5 Development tools CM coverage
ADO_DEL 1 1 1 1 1 1 1 Delivery procedures
ALC_DVS 1 1 1 2 2 2 Sufficiency of security measures
ALC_FLR 1 Basic flaw remediation
ALC_LCD 1 1 1 1 2 1
Developer defined life-cycle
model
ALC_TAT 1 2 3 3 3
Compliance with
implementation standards – all
parts
ASE
Evaluation de la
cible de sécurité
ASE_CCL 1 1 1 1 1 1 1 1 Conformance claim
ASE_ECD 1 1 1 1 1 1 1 1 Extended component definition
ASE_INT 1 1 1 1 1 1 1 1 ST introduction
ASE_OBJ 1 2 2 2 2 2 2 2 Security objectives
ASE_REQ 1 2 2 2 2 2 2 2 Derived security requirements
ASE_SPD 1 1 1 1 1 1 1 Security problem definition
ASE_TSS 1 1 1 1 1 1 1 1 TOE summary specifications
ATE
Tests
ATE_COV 1 2 2 2 3 3 3 Rigorous analysis of coverage
ATE_DPT 1 2 3 3 4 3 Testing: modular design
ATE_FUN 1 1 1 1 2 2 2 Ordered functional testing
ATE_IND 1 2 2 2 2 2 3 2 Independant testing, sample
SA23YR48/80B and SB23YR48/80B Certification report ANSSI-CC-2010/02
Page 15 out 18
AVA
Estimation des
vulnérabilités
AVA_VAN 1 2 2 3 4 5 5 5
Advanced methodical
vulnerability analysis
Certification report ANSSI-CC-2010/02 SA23YR48/80B and SB23YR48/80B
Page 16 out 18 CER/F/07.5
Annex 2. Evaluated product
references
[ST] Reference security target for the evaluation:
- Sx23YRxxB Security Target,
Reference : SMD_Sx23YRxx_ST_09_001, v01.00,
STMicroelectronics
For the needs of publication, the following security target has been
provided and validated in the evaluation:
- Sx23YRxxB Security Target - Public Version,
Reference : SMD_Sx23YRxx_ST_09_002, v02.01,
STMicroelectronics
[SIA] Impact Analysis Report:
- ST23YR80B maskset BFB, v1.0
Reference : SMD_ST23YR80B_SIA_09_001,
STMicroelectronics
[ETR] Evaluation technical report :
- Evaluation Technical Report - LAFITE Project,
Reference : LAFITE-EAL6+_SB23YR80B_ETR_v1.0 / 1.0,
4 janvier 2010,
Serma Technologies
For the needs of composite evaluation with this microcontroller a
technical report for composition has been validated:
- ETR Lite for Composition – LAFITE project,
Reference: LAFITE-SB23YR80B_ETRLiteComp_v1.0/ 1.0,
13 janvier 2010,
Serma Technologies
[CONF] Products configuration list:
- Configuration list,
Reference : SMD_SB23YR80E-UBT_CFGL_09_001 rev 1.1,
STMicroelectronics
List of the delivered materials:
- documentation report,
Reference : SMD_SB23YR80_DR_09_001_v1.5,
STMicroelectronics.
Neslib v2.0 library configuration list:
- Neslib 2.0 configuration list
Reference: NesLib_2.0_CFGL_09_002_V01.01
STMicroelectronics.
Neslib v3.0 library configuration list:
- Neslib 3.0 configurationlist
SA23YR48/80B and SB23YR48/80B Certification report ANSSI-CC-2010/02
Page 17 out 18
Reference: NesLib_3.0_CFGL_09_003_V01.01
STMicroelectronics.
[GUIDES] The product user guidance documentation is the following:
- ST23YR80 Datasheet,
Reference: DS_23YR80 Rev 0.4,
STMicroelectronics
- ST23YR48 Datasheet,
Reference: DS_23YR48 Rev 0.3,
STMicroelectronics
- ST23 Platform - Security Guidance,
Reference: AN_SECU_23 Rev 7,
STMicroelectronics
- Addendum 1 – ST23 Platform Security Guidance,
Reference : AN_SECU_23_AD1 Rev 1,
STMicroelectronics
- ST21/23 programming manual,
Reference: PM_21_23/0709 Rev 1,
STMicroelectronics
- User Manual of Neslib 2.0 library,
Reference : UM_NesLib_2.0 Rev 2,
STMicroelectronics
- NesLib 2.0: using the dispatcher on ST23YR80 UBO,
Reference : PTD_NesLib_TN_09_006_v01.03,
STMicroelectronics
- User Manual of Neslib 3.0 library,
Reference : UM_NesLib_3.0 Rev 1,
STMicroelectronics
- NesLib 3.0: using the dispatcher,
Reference : PTD_NesLib_TN_09_018_v01.01,
STMicroelectronics
- ST23YR80/48: Recommendations for contactless operation,
Reference : AN_23YR80_RCMD Rev 1,
STMicroelectronics
- Memory protection unit limitations on ST23Y devices,
Reference : TN_23_MPU Rev 3,
STMicroelectronics
- ST23 AIS31 Compliant Random Number User Manual,
Référence : UM_23_AIS31 Rev 1,
STMicroelectronics
- ST23 AIS31 Tests reference implementation user manual,
Référence : AN_23_AIS31 Rev1,
STMicroelectronics
[PP0035] Security IC Platform Protection Profile Version 1.0 June 2007. Certified
by BSI (Bundesamt für Sicherheit in der Informationstechnik) under the
reference BSI-PP-0035-2007.
Certification report ANSSI-CC-2010/02 SA23YR48/80B and SB23YR48/80B
Page 18 out 18 CER/F/07.5
Annex 3. Certification references
Decree number 2002-535 dated 18th
April 2002 related to the security evaluations and
certifications for information technology products and systems.
[CER/P/01] Procedure CER/P/01 - Certification of the security provided by IT
products and systems, DCSSI.
[CC] Common Criteria for Information Technology Security Evaluation :
Part 1: Introduction and general model, September 2006, version 3.1,
revision 1, ref CCMB-2006-09-001,
Part 2: Security functional components, September 2007, version 3.1,
revision 2, ref CCMB-2007-09-002,
Part 3: Security assurance components, September 2007, version 3.1,
revision 2, ref CCMB-2007-09-003.
[CEM] Common Methodology for Information Technology Security Evaluation :
Evaluation Methodology, September 2007, version 3.1, ref CCMB-2007-
09-004, revision 2.
[CC IC] Common Criteria Supporting Document - Mandatory Technical
Document - The Application of CC to Integrated Circuits, reference
CCDB-2006-04-003 version 2.0, revision 1, April 2006.
[CC AP] Common Criteria Supporting Document - Mandatory Technical
Document - Application of attack potential to smart-cards, reference
CCDB-2009-03-001 version 2.7 revision 1, March 2009.
[REF-CRY] Cryptographic mechanisms - Rules and recommendations about the
choice and parameters sizes of cryptographic mechanisms, version 1.11,
24th
of October 2008, see www.ssi.gouv.fr
[REF-CLE] Cryptographic keys management - Rules and recommendations about
management of keys used in cryptographic mechanisms, version 1.10,
24th
of October 2008, see www.ssi.gouv.fr
[REF-AUT] Authentication - Rules and recommendations about authentication
mechanisms with standard level robustness, v0.13 12th
of April 2007, No.
729/SGDN/DCSSI/SDS
[AIS31] Functionality classes and evaluation methodology for physical random
number generator, AIS31 version 1, 25 September 2001,
Bundesamt für Sicherheit in der Informationstechnik (BSI)