PREMIER MINISTRE
Secretariat General for National Defence
Central Directorate for Information Systems Security
Certification Report DCSSI-2008/43
JCLX80jTOP20ID smart card:
Java Trusted Open Platform on
SLE66CLX800PE microcontroller
Paris, 19th
of December 2008
Courtesy Translation
Certification report DCSSI-2008/43
JCLX80jTOP20ID smart card: Java Trusted Open Platform on
SLE66CLX800PE microcontroller
Page 2 out 20 CER/F/07.5
Warning
This report is designed to provide sponsors with a document enabling them to assess the
security level of a product under the conditions of use and operation defined in this report for
the evaluated version. It is also designed to provide the potential purchaser of the product with
the conditions under which he may operate or use the product so as to meet the conditions of
use for which the product has been evaluated and certified; that is why this certification report
must be read alongside the evaluated user and administration guidance, as well as with the
product security target, which presents threats, environmental assumptions and the supposed
conditions of use so that the user can judge for himself whether the product meets his needs in
terms of security objectives.
Certification does not, however, constitute a recommendation product from DCSSI (Central
Directorate for Information Systems Security), and does not guarantee that the certified
product is totally free of all exploitable vulnerabilities.
Any correspondence about this report has to be addressed to:
Secrétariat Général de la Défense Nationale
Direction Centrale de la Sécurité des Systèmes d'Information
Centre de certification
51, boulevard de la Tour Maubourg
75700 PARIS cedex 07 SP
France
certification.dcssi@sgdn.gouv.fr
Reproduction of this document without any change or cut is authorised.
JCLX80jTOP20ID smart card: Java Trusted Open Platform on
SLE66CLX800PE microcontroller Certification report DCSSI-2008/43
Page 3 out 20
Certification report reference
DCSSI-2008/43
Product name
JCLX80jTOP20ID smart card:
Java Trusted Open Platform on
SLE66CLX800PE microcontroller
Product reference
IFXv#27_0.1, software revision v1.4
Protection profile conformity
None
Evaluation criteria and version
Common Criteria version 2.3
compliant with ISO 15408:2005
Evaluation level
EAL 5 augmented
ALC_DVS.2, AVA_VLA.4
Developer(s)
Trusted Logic SA
5, rue du Bailliage 78000 Versailles – France
Sponsor
Trusted Logic SA
5, rue du Bailliage 78000 Versailles – France
Evaluation facility
Serma Technologies
30 avenue Gustave Eiffel, 33608 Pessac, France
Phone: +33 (0)5 57 26 08 75, email : e.francois@serma.com
Recognition arrangements
CCRA
The product is recognised at EAL4 level.
SOG-IS
Certification report DCSSI-2008/43
JCLX80jTOP20ID smart card: Java Trusted Open Platform on
SLE66CLX800PE microcontroller
Page 4 out 20 CER/F/07.5
Introduction
The Certification
Security certification for information technology products and systems is governed by decree
number 2002-535 dated April, 18th 2002, and published in the "Journal Officiel de la
République Française". This decree stipulates that:
• The central information system security department draws up certification reports.
These reports indicate the features of the proposed security targets. They may include
any warnings that the authors feel the need to mention for security reasons. They may
or may not be transmitted to third parties or made public, as the principals desire
(article 7).
• The certificates issued by the Prime Minister certify that the copies of the products or
systems submitted for evaluation fulfil the specified security features. They also
certify that the evaluations have been carried out in compliance with applicable rules
and standards, with the required degrees of skill and impartiality (article 8).
The procedures are available on the Internet site www.ssi.gouv.fr.
JCLX80jTOP20ID smart card: Java Trusted Open Platform on
SLE66CLX800PE microcontroller Certification report DCSSI-2008/43
Page 5 out 20
Content
1. THE PRODUCT........................................................................................................................... 6
1.1. PRESENTATION OF THE PRODUCT........................................................................................... 6
1.2. EVALUATED PRODUCT DESCRIPTION ..................................................................................... 6
1.2.1. Product identification.................................................................................................... 6
1.2.2. Security services............................................................................................................ 7
1.2.3. Architecture................................................................................................................... 8
1.2.4. Life cycle ..................................................................................................................... 10
1.2.5. Evaluated configuration.............................................................................................. 11
2. THE EVALUATION.................................................................................................................. 12
2.1. EVALUATION REFERENTIAL ................................................................................................. 12
2.2. EVALUATION WORK ............................................................................................................. 12
2.3. CRYPTOGRAPHIC MECHANISMS ROBUSTNESS ANALYSIS..................................................... 12
2.4. RANDOM NUMBER GENERATOR ANALYSIS .......................................................................... 13
3. CERTIFICATION...................................................................................................................... 14
3.1. CONCLUSION........................................................................................................................ 14
3.2. RESTRICTIONS...................................................................................................................... 14
3.3. RECOGNITION OF THE CERTIFICATE..................................................................................... 14
3.3.1. European recognition (SOG-IS).................................................................................. 14
3.3.2. International common criteria recognition (CCRA)................................................... 15
ANNEX 1. EVALUATION LEVEL OF THE PRODUCT.......................................................... 16
ANNEX 2. EVALUATED PRODUCT REFERENCES .............................................................. 17
ANNEX 3. CERTIFICATION REFERENCES ........................................................................... 19
Certification report DCSSI-2008/43
JCLX80jTOP20ID smart card: Java Trusted Open Platform on
SLE66CLX800PE microcontroller
Page 6 out 20 CER/F/07.5
1. The product
1.1. Presentation of the product
The evaluated product is “JCLX80jTOP20ID smart card: Java Trusted Open Platform on
SLE66CLX800PE microcontroller, IFXv#27_0.1, software revision v1.4” developed by
Trusted Logic SA.
It is a dual-mode (contact/contactless) smart card comprising a platform compliant with Java
Card 2.2.1 and VISA GlobalPlatform 2.1.1–Configuration 2 standards and which platform is
embedded on Infineon Technologies’ SLE66CLX800PE microcontroller. The patch v1.4 is
loaded on EEPROM (Electrically Erasable Programmable Read Only Memory).
1.2. Evaluated product description
The security target [ST] defines the evaluated product, its evaluated security functionalities
and its operation environment.
This security target has been inspired from [JCSPP]1
. However, as Remote Method
Invocation and the use of several logical channels are not included in the evaluation scope, the
conformance to that PP is not claimed.
1.2.1. Product identification
The configuration list [CONF] identifies the product’s constituent elements.
The certified version of the product can be identified by the following elements:
Items Configuration Origin
Commercial name JCLX80jTOP20ID Trusted Logic
TOE reference
(internal label)
jTOP v#27.01_1.4 Trusted Logic
TOE reference
(IC label)
SLE66CLX800PE Infineon
OS reference IFXv#27_0.1, with software revision v1.4 Trusted Logic
IC identifier SLE66CLX800PE-m1581-e13/a14 Infineon
1
[JCSPP] Java Card System Standard 2.2.1 Configuration Protection Profile
Version 1.0b, August 2003, registered and certified by the French Certification Body (DCSSI)
under the reference PP/0305.
JCLX80jTOP20ID smart card: Java Trusted Open Platform on
SLE66CLX800PE microcontroller Certification report DCSSI-2008/43
Page 7 out 20
TOE samples have been provided for evaluation. The TOE can be uniquely identified through
the ATR returned upon reset:
• 3B FE 18 00 00 80 31 FE 45 80 31 80 66 40 90 A4 56 1B 14 83 XX 90 00 where the
historical bytes allow identifying:
o the IC Manufacturer: 40 90;
o the chip type: A4;
o the mask type: 56;
o the mask version: 1B (version 27 of jTOP);
o the mask revision: 14 (1.4 is the current software revision version).
The last byte of the ATR preceding the status word is variable as it corresponds to the current
life-cycle state of the card (in the GlobalPlatform coding, from OP_READY to
TERMINATED).
This information allows tracing back to all items constituting the TOE (IC, hardmask and
software patch). It allows properly and uniquely identifying the TOE. This could be checked
on successive versions of the TOE.
1.2.2. Security services
The product provides mainly the following security services:
• Card Management
o Issuer Security Domain
ƒ OPEN
ƒ Card Content Management
• Card Content Loading
• Card Content Installation
• Card Content Deletion
ƒ Life Cycle Management
ƒ Administration Commands Control
o Secure Channels
ƒ Host Authentication
ƒ Message Integrity and Authentication
ƒ Message Data Confidentiality
ƒ Secure Channel Termination
o Secure Channel Key Management
ƒ Session Key Generation
ƒ ISD Key Loading and Replacement
o Cardholder Verification Management
ƒ Global CVM
• Runtime Environment
o Application Reference Monitors
ƒ Java Card Firewall
ƒ Defensive Java Card Virtual Machine
o Security countermeasures
ƒ Card Muting
ƒ Card Locking
ƒ Card Termination
o Life Cycle Management
ƒ Clearing sensitive information
Certification report DCSSI-2008/43
JCLX80jTOP20ID smart card: Java Trusted Open Platform on
SLE66CLX800PE microcontroller
Page 8 out 20 CER/F/07.5
ƒ Booting Tests
o Integrity
ƒ Atomic Transactions
o Service Availability
ƒ Resource Quotas
o Cryptography
ƒ Signature Generation and Verification
ƒ Encryption and Decryption
ƒ Message Digest Generation
ƒ Random Number Generation
o Key Management
ƒ Key Generation
ƒ Key Agreement
ƒ Key Encryption
ƒ Key Integrity
ƒ Key Destruction
o Cardholder Authentication
ƒ Cardholder Verification
ƒ PIN Value Integrity
• Integrated Circuit TSFs
o Operating State Checking
o Phase Management
o Protection Against Snooping
o Hardware Data Encryption
o True Random Number Generation
o Hardware Self Test
o Notification of Physical Attack
o Memory Management Unit
o Cryptographic Support
1.2.3. Architecture
The TOE is a composite product, a complete smart card comprising embedded software
including:
• Operating System;
• Java Card System (JCVM, JCRE and JCAPI) 2.2.1;
• VISA GlobalPlatform 2.1.1, configuration 2 functionalities.
The TOE is embedded on the SLE66CLX800PE-m1581-e13/a14 microcontroller, which was
certified on May the 27th
2008 under the reference BSI-DSZ-CC-04821
.
1
This certificate also includes the SLE66CLX360PE-m1587-e13/a14 microcontroller (which differs on its
memory size).
JCLX80jTOP20ID smart card: Java Trusted Open Platform on
SLE66CLX800PE microcontroller Certification report DCSSI-2008/43
Page 9 out 20
This composition transforms the card into a secure open platform device for hosting Java
Card applications.
The different operations involved in the management of those applications are performed in
accordance with VISA GlobalPlatform 2.1.1 specifications, Configuration 2. Management
operations include the downloading, installation, removal, and selection for execution of Java
Card applications, life-cycle management of both the card and the application, and sharing of
a global common PIN among all the applications installed on the card.
The following picture sums up the product architecture:
Programming Rules
& Bytecode Verification
Operating System
OPEN
Applet
Applet
Native
Applications
Java Card Platform
JC API
ISD G
P
A
P
I
Applet
TOE
Secure
Environment
Potentially
hostile
environment
Secure Channel
Protocol
SLE66CLX800PE/SLE66CLX360PE
DAP
Secure
Environment
Card Administrator Verification Authority
DAP
Signature
Secure Channel
Other
APIs
TL API
Programming Rules
& Bytecode Verification
Operating System
OPEN
Applet
Applet
Applet
Applet
Native
Applications
Java Card Platform
JC API
ISD G
P
A
P
I
Applet
Applet
TOE
Secure
Environment
Potentially
hostile
environment
Secure Channel
Protocol
SLE66CLX800PE/SLE66CLX360PE
DAP
DAP
Secure
Environment
Card Administrator Verification Authority
DAP
Signature
Secure Channel
Other
APIs
TL API
The following items are within the scope of the evaluation:
• Java Card 2.2.1 functionalities except logical channels and RMI ;
• VISA GlobalPlatform 2.1.1, configuration 2 functionalities ;
• additional proprietary Java Card APIs (util, security) ;
• The TOE life cycle perimeter includes only the design and development phases of the
embedded software, the design and construction of the IC being covered by the IC
evaluation.
The following items are out of the scope of the evaluation:
• RMI ;
• logical channels ;
• additional proprietary Java Card APIs (iso7816, math, sim) ;
• any native application that may be embedded on the product;
• any Java card applet that may be loaded onto the platform.
Certification report DCSSI-2008/43
JCLX80jTOP20ID smart card: Java Trusted Open Platform on
SLE66CLX800PE microcontroller
Page 10 out 20 CER/F/07.5
1.2.4. Life cycle
As indicated before, the evaluated TOE life cycle states include only the design and
development phases of the embedded software, the design and construction of the IC being
covered by the IC evaluation. In the following picture, which represents the whole life-cycle
of the product, this is represented by the “Platform design” bloc.
The initialization and personalization phases of the platform are out of the scope of the
evaluation. Security functions of the TOE are evaluated in the usage phase (SECURED state
in the GlobalPlatform life-cycle).
Platform software & any
embedded applications
Platform design
Application
design
IC &
dedicated
platform
design
Tools
&
manuals
Manuals
IC Production
To be masked Platform data &
embedded
applications
Platform fabrication & initialization
Loaded
directly
Application loading
Application management & use
Application deletion
OP_READY Life Cycle State
Development
Initialization
Card
is
operational
Platform
Production
Platform
Usage
Platform personalization
Platform
upgrades
Application
loading
INITIALIZED Life Cycle State
Platform software & any
embedded applications
Platform design
Application
design
IC &
dedicated
platform
design
Tools
&
manuals
Manuals
IC Production
To be masked Platform data &
embedded
applications
Platform fabrication & initialization
Loaded
directly
Application loading
Application management & use
Application deletion
OP_READY Life Cycle State
Development
Initialization
Card
is
operational
Platform
Production
Platform
Usage
Platform personalization
Platform
upgrades
Application
loading
INITIALIZED Life Cycle State
The product has been developed in the following site:
Trusted Logic SA
5 rue du Bailliage
78000 Versailles
France
JCLX80jTOP20ID smart card: Java Trusted Open Platform on
SLE66CLX800PE microcontroller Certification report DCSSI-2008/43
Page 11 out 20
In the evaluation context, the Card Administrator has been considered as “product
administrator”. This role is defined in [ST] and reminded in [ADM] in the Definitions chapter.
In particular, the Card Administrator is the representative of the Card Issuer and has ultimate
control of the smart card’s content and life cycle management. During the platform
initialization phase, this role is embodied by the Card Enabler. During the platform usage
phase, the Card Administrator can lock, unlock or terminate the smart card, download new
applets on it, modify the static keys of the ISD or retrieve administration information from the
smart card. The Card Administrator always acts on behalf of the Card Issuer.
Besides, still in the evaluation context, the Application Developers have been considered as
“product users”, their responsabilities are detailed in [USR].
1.2.5. Evaluated configuration
The certificate applies to the only Java Card platform, as described above in 1.2.3
Architecture chapter, and when configured as required by the personalization guide (cf.
[GUIDES]).
Certification report DCSSI-2008/43
JCLX80jTOP20ID smart card: Java Trusted Open Platform on
SLE66CLX800PE microcontroller
Page 12 out 20 CER/F/07.5
2. The evaluation
2.1. Evaluation referential
The evaluation has been performed in compliance with Common Criteria version 2.3 [CC],
with the Common Evaluation Methodology [CEM].
For assurance components above EAL4 level, the evaluation facility’s own evaluation
methods consistent with [AIS 34], validated by DCSSI have been used.
In order to meet the specificities of smart cards, the [CC IC] and [CC AP] guides have been
applied.
2.2. Evaluation work
The evaluation has been performed according to the composition scheme as defined in the
guide [COMP] in order to assess that no weakness is introduced from the integration of the
software in the microcontroller already certified.
Therefore, the results of the evaluation of the microcontroller at EAL4 level augmented with
ALC_DVS.2, AVA_MSU.3 and AVA_VLA.4, compliant with the [PP0002] protection
profile, have been used.
The evaluation technical report [ETR], delivered to DCSSI on the 9th
December 2008
provides details on the work performed by the evaluation facility and assesses that all
evaluation tasks are “pass”.
2.3. Cryptographic mechanisms robustness analysis
The robustness of cryptographic mechanisms has been analysed by DCSSI. The results are
stated in the cryptographic analysis report [ANA-CRY], they lead to the following
conclusion: some of the mecanisms analysed do not reach the “standard” level as defined in
DCSSI cryptographic referential [REF-CRY].
The analysis has identified some theoretical weaknesses existing in some examined
mecanisms. However, the results have been taken into account in the independent evaluator
vulnerability analysis but do not allowed to bring to light exploitable vulnerablities for the
aimed VLA level.
JCLX80jTOP20ID smart card: Java Trusted Open Platform on
SLE66CLX800PE microcontroller Certification report DCSSI-2008/43
Page 13 out 20
2.4. Random number generator analysis
The evaluated product provides two random number generators (SMRNG and APRNG in
short).
Both use the TRNG (True Randon Number Generator) provided by the IC. This TRNG has
been evaluated "AIS 31 class P2 level High" when it is used with respect of specific
recommendations described in [AN_RNG] in chapter 2.
The SMRNG is intended for the needs of the only operating system. The SMRNG outputs
data are note available neither to the applications, nor to the end user of the card, and are not
used for cryptographic applications. The DCSSI therefore stopped the SMRNG’s analysis at
this discovery.
The APRNG is intended for the purpose of applications. More precisely, the random data
generated, a combination of TRNG and of a cryptographic post-treatment, are used for:
• generating keys;
• the padding in some protocol;
• producing random data for class RandomData (JavaCard API).
The APRNG has been analysed by DCSSI, it reaches its “standard” robutness level.
Indeed, this analysis did not show any flawed statistic bias for a direct use of the generated
numbers. This does not imply that the generated numbers are really random but ensures that
the generator is exempt of major conception flaws. As stated in the document [REF-CRY],
DCSSI reminds that for a cryptographic use, the hardware-generated numbers shall be
reprocessed by a cryptographic algorithm, even if the analysed random number generator did
not show any weakness.
Certification report DCSSI-2008/43
JCLX80jTOP20ID smart card: Java Trusted Open Platform on
SLE66CLX800PE microcontroller
Page 14 out 20 CER/F/07.5
3. Certification
3.1. Conclusion
The evaluation was carried out according to the current rules and standards, with the required
competency and impartiality for a licensed evaluation facility. All the work performed permits
the release of a certificate in conformance with the decree 2002-535.
This certificate testifies that the product “JCLX80jTOP20ID smart card: Java Trusted Open
Platform on SLE66CLX800PE microcontroller, IFXv#27_0.1, software revision v1.4”
submitted for evaluation fulfils the security features specified in its security target [ST] for the
evaluation level EAL 5 augmented.
3.2. Restrictions
This certificate only applies on the product specified in chapter 1.2 of this certification report.
The user of the certified product shall respect the operational environmental security
objectives summarized specified in the security target [ST] and shall respect the
recommendations in the guidance [GUIDES].
3.3. Recognition of the certificate
3.3.1. European recognition (SOG-IS)
This certificate is issued in accordance with the provisions of the SOG-IS agreement [SOG-
IS].
The European Recognition Agreement made by SOG-IS in 1999 allows recognition from
Signatory States of the agreement1
, of ITSEC and Common Criteria certificates. The
European recognition is applicable up to ITSEC E6 and CC EAL7 levels. The certificates that
are recognized in the agreement scope are released with the following marking:
1 The signatory countries of the SOG-IS agreement are: Finland, France, Germany, Greece, Italy, The
Netherlands, Norway, Spain, Sweden and United Kingdom.
JCLX80jTOP20ID smart card: Java Trusted Open Platform on
SLE66CLX800PE microcontroller Certification report DCSSI-2008/43
Page 15 out 20
3.3.2. International common criteria recognition (CCRA)
This certificate is released in accordance with the provisions of the CCRA [CC RA].
The Common Criteria Recognition Arrangement allows the recognition, by signatory
countries1
, of the Common Criteria certificates. The mutual recognition is applicable up to the
assurance components of CC EAL4 level and also to ALC_FLR family. The certificates that
are recognized in the agreement scope are released with the following marking:
1 The signatory countries of the CCRA arrangement are: Australia, Austria, Canada, Czech Republic, Denmark,
Finland, France, Germany, Greece, Hungary, India, Israel, Italy, Japan, the Republic of Korea, Malaysia,
Netherlands, New-Zealand, Norway, Singapore, Spain, Sweden, Turkey, the United Kingdom and the United
States of America.
Certification report DCSSI-2008/43
JCLX80jTOP20ID smart card: Java Trusted Open Platform on
SLE66CLX800PE microcontroller
Page 16 out 20 CER/F/07.5
Annex 1. Evaluation level of the product
Components by assurance level Assurance level of the product
Class Family
EAL
1
EAL
2
EAL
3
EAL
4
EAL
5
EAL
6
EAL
7
EAL
5+
Name of the component
ACM_AUT 1 1 2 2 1 Partial CM automation
ACM_CAP 1 2 3 4 4 5 5 4
Configuration support and
acceptance procedures
ACM
Configuration
management
ACM_SCP 1 2 3 3 3 3
Development tools CM
coverage
ADO_DEL 1 1 2 2 2 3 2 Detection of modification
ADO
Delivery and
operation ADO_IGS 1 1 1 1 1 1 1 1
Installation, generation and
start-up procedures
ADV_FSP 1 1 1 2 3 3 4 3
Semiformal functional
specification
ADV_HLD 1 2 2 3 4 5 3 Semiformal high-level design
ADV_IMP 1 2 3 3 2 Implementation of the TSF
ADV_INT 1 2 3 1 Modularity
ADV_LLD 1 1 2 2 1 Descriptive low-level design
ADV_RCR 1 1 1 1 2 2 3 2
Semiformal correspondence
demonstration
ADV
Development
ADV_SPM 1 3 3 3 3
Formal TOE security policy
model
AGD_ADM 1 1 1 1 1 1 1 1 Administrator guidance
AGD
Guidance AGD_USR 1 1 1 1 1 1 1 1 User guidance
ALC_DVS 1 1 1 2 2 2
Sufficiency of security
measures
ALC_FLR
ALC_LCD 1 2 2 3 2 Standardised life-cycle model
ALC
Life-cycle
support
ALC_TAT 1 2 3 3 2
Compliance with
implementation standards
ATE_COV 1 2 2 2 3 3 2 Analysis of coverage
ATE_DPT 1 1 2 2 3 2 Testing: low-level design
ATE_FUN 1 1 1 1 2 2 1 Functional testing
ATE
Tests
ATE_IND 1 2 2 2 2 2 3 2 Independent testing – sample
AVA_CCA 1 2 2 1 Covert channel analysis
AVA_MSU 1 2 2 3 3 2
Analysis and testing of
insecure states
AVA_SOF 1 1 1 1 1 1 1
Strength of TOE security
function evaluation
AVA
Vulnerability
assessment
AVA_VLA 1 1 2 3 4 4 4 Highly resistant
JCLX80jTOP20ID smart card: Java Trusted Open Platform on
SLE66CLX800PE microcontroller Certification report DCSSI-2008/43
Page 17 out 20
Annex 2. Evaluated product references
[ST] Reference security target for the evaluation:
• JCLX80jTOP20ID/JCLX36jTOP20ID - Security Target -
version 1.8 (Developer’s reference is CP-2006-RT-389)
For the needs of publication, the following security target has been
provided and validated in the evaluation:
• JCLX80jTOP20ID/JCLX36jTOP20ID - Security Target Lite -
version 1.4 (Developer’s reference is CP-2007-RT-075)
[ETR] Evaluation technical report :
• Evaluation Technical Report - ALCAZAR project,
ALCAZAR_ETR_v1.1
For the needs of composite evaluation with this microcontroller, a
technical report for composition has been validated:
• ETR-LITE FOR COMPOSITION (ETR-LITE), v1.0,
2008.03.11, (Developer’s reference is
0482_ETRcomp_080311_v1)
o SLE66CLX800PE / m1581-e13/a14
o SLE66CLX800PEM / m1580-e13/a14
o SLE66CLX800PES / m1582-e13/a14
o SLE66CX800PE / m1599-e13/a14
o SLE66CLX360PE / m1587-e13/a14
o SLE66CLX360PEM / m1588-e13/a14
o SLE66CLX360PES / m1589-e13/a14
o SLE66CLX180PE / m2080-a14
o SLE66CLX180PEM / m2081-a14
o SLE66CLX120PE / m2082-a14
o SLE66CLX120PEM / m2083-a14
o all optional with RSA2048 V1.5 and ECC V1.1
Certification ID: 8103819623 / BSI-DSZ-CC-0482
[ANA-CRY] Cotation de mécanismes cryptographiques,
847/SGDN/DCSSI/SDS/Crypto, 18/04/2008
[CONF] Software configuration management plan (reference [ACM] in [RTE]):
• JCLX80jTOP20ID Software Configuration Management Plan -
version 1.2 (Developer’s reference is CP-2007-RT-017)
Configuration list (reference [LIS] in [RTE]) :
• Configuration list - version 0.5 (Developer’s reference is CVS-
Files-Versions.txt /CVS-Repositories-Architectures.txt / SVN-
Files-Versions.txt)
Certification report DCSSI-2008/43
JCLX80jTOP20ID smart card: Java Trusted Open Platform on
SLE66CLX800PE microcontroller
Page 18 out 20 CER/F/07.5
[GUIDES] Administration guidance:
• JCLX80jTOP20ID Administration Guide, version 1.2
(Developer’s reference is CP-2007-RT-165)
User guidance:
• JCLX80jTOP20ID Common Criteria User Guide, version 1.1,
(Developer’s reference is CP-2007-RT-166)
[PP0002] Protection Profile, Smart card IC Platform Protection Profile Version
1.0 July 2001. Certified by BSI (Bundesamt für Sicherheit in der
Informationstechnik) under the reference BSI-PP-0002-2001.
[AN_RNG] Application Note : Security & Chip Card Ics SLE 66CxxxP and SLE
66CxxxPE Testing the Random Number Generator non-AIS-31 and
AIS-31 compliant, version 11.2004 (Developer’s reference is
CAN_SLE66CxxxP_PE_RNG_2004_11)
JCLX80jTOP20ID smart card: Java Trusted Open Platform on
SLE66CLX800PE microcontroller Certification report DCSSI-2008/43
Page 19 out 20
Annex 3. Certification references
Decree number 2002-535 dated 18th
April 2002 related to the security evaluations and
certifications for information technology products and systems.
[CER/P/01] Procedure CER/P/01 - Certification of the security provided by IT
products and systems, DCSSI.
[CC] Common Criteria for Information Technology Security Evaluation:
Part 1: Introduction and general model,
August 2005, version 2.3, ref CCMB-2005-08-001;
Part 2: Security functional requirements,
August 2005, version 2.3, ref CCMB-2005-08-002;
Part 3: Security assurance requirements,
August 2005, version 2.3, ref CCMB-2005-08-003.
The content of Common Criteria version 2.3 is identical to the
international ISO/IEC 15408:2005.
[CEM] Common Methodology for Information Technology Security
Evaluation: Evaluation Methodology,
August 2005, version 2.3, ref CCMB-2005-08-004.
The content of CEM version 2.3 is identical to the international ISO/IEC
18045:2005.
[CC IC] Common Criteria Supporting Document - Mandatory Technical
Document - The Application of CC to Integrated Circuits, reference
CCDB-2006-04-003 version 2.0, revision 1, April 2006.
[CC AP] Common Criteria Supporting Document - Mandatory Technical
Document - Application of attack potential to smart-cards, reference
CCDB-2008-04-001 version 2.5 revision 1, April 2008.
[COMP] Common Criteria Supporting Document - Mandatory Technical
Document - Composite product evaluation for smart cards and similar
devices, reference CCDB-2007-09-001 version 1.0, revision 1,
September 2007.
[CC RA] Arrangement on the Recognition of Common criteria certificates in the
field of information Technology Security, May 2000.
[SOG-IS] «Mutual Recognition Agreement of Information Technology Security
Evaluation Certificates», version 2.0, April 1999, Management
Committee of Agreement Group.
[REF-CRY] Cryptographic mechanisms - Rules and recommendations about the
choice and parameters sizes of cryptographic mechanisms with standard
robustness level version 1.10, 14th
of September 2007, No.
1904/SGDN/DCSSI/SDS/LCR
Certification report DCSSI-2008/43
JCLX80jTOP20ID smart card: Java Trusted Open Platform on
SLE66CLX800PE microcontroller
Page 20 out 20 CER/F/07.5
[AIS 34] Application Notes and Interpretation of the Scheme - Evaluation
Methodology for CC Assurance Classes for EAL5+, AIS34, Version
1.00, 01 June 2004, Bundesamt für Sicherheit in der
Informationstechnik
[AIS31] Functionnality classes and evaluation methodology for physical random
number generator, AIS31 version 1, 25/09/2001,
Bundesamt für Sicherheit in der Informationstechnik