PREMIER MINISTRE
Secrétariat général de la défense nationale
Direction centrale de la sécurité des systèmes d'information
Certification report 2004/19
NEC V-WAY 64 V3.0 (µPD79216000)
microcontroller
Courtesy Translation
Certification report 2004/19 NEC V-WAY 64 V3.0 (µPD79216000) microcontroller
Page 2 / 27
Warning
This report is designed to provide principals with a document enabling them to certify the
level of security offered by a product under the conditions of use or operation laid down in
this report for the version evaluated. It is also designed to provide the potential purchaser of
the product with the conditions under which he may operate or use the product so as to meet
the conditions of use for which the product has been evaluated and certified; that is why this
certification report must be read alongside the user and administration guides evaluated, as
well as with the product security target, which presents threats, environmental scenarios and
presupposed conditions of use so that the user can judge for himself whether the product
meets his needs in terms of security objectives.
Certification does not, however, constitute in and of itself a product recommendation from the
certifying organization, and does not guarantee that the certified product is totally free of all
exploitable vulnerabilities.
This report is a “courtesy translation” of the document “Rapport de certification 2004/19”.
NEC V-WAY 64 V3.0 (µPD79216000) microcontroller Certification report 2004/19
Page 3 / 27
Contents
1. EVALUATED PRODUCT ........................................................................................................... 7
1.1. PRODUCT IDENTIFICATION..................................................................................................... 7
1.2. PRODUCT DEVELOPPER.......................................................................................................... 7
1.3. PRODUCT DESCRIPTION ......................................................................................................... 8
1.3.1. Architecture................................................................................................................... 8
1.3.2. Life Cycle ...................................................................................................................... 9
1.3.3. Scope of the product evaluation.................................................................................. 10
1.4. UTILIZATION AND ADMINISTRATION ................................................................................... 10
1.4.1. Utilization.................................................................................................................... 10
1.4.2. Administration............................................................................................................. 10
2. THE EVALUATION................................................................................................................... 11
2.1. EVALUATION FACILITY ........................................................................................................ 11
2.2. SPONSOR .............................................................................................................................. 11
2.3. EVALUATION CRITERIA........................................................................................................ 11
2.4. SECURITY TARGET EVALUATION ......................................................................................... 11
2.5. PRODUCT EVALUATION........................................................................................................ 11
2.5.1. Product development................................................................................................... 11
2.5.2. Documentation ............................................................................................................ 12
2.5.3. Delivery and installation............................................................................................. 12
2.5.4. Development environment........................................................................................... 12
2.5.5. Functional testing........................................................................................................ 13
2.5.6. Vulnerability assessment............................................................................................. 13
3. CONCLUSIONS OF THE EVALUATION.............................................................................. 14
3.1. EVALUATION TECHNICAL REPORT ....................................................................................... 14
3.2. EVALUATION LEVEL............................................................................................................. 14
3.3. FUNCTIONAL REQUIREMENTS .............................................................................................. 15
3.4. STRENGTH OF FUNCTIONS.................................................................................................... 16
3.5. CRYPTOGRAPHIC MECHANISMS ANALYSIS .......................................................................... 16
3.6. PROTECTION PROFILE CLAIM ............................................................................................... 16
3.7. EUROPEAN RECOGNITION (SOG-IS) .................................................................................... 16
3.8. INTERNATIONAL RECOGNITION (CC RA) ............................................................................ 16
3.9. USAGE RESTRICTIONS .......................................................................................................... 16
3.10. SECURITY OBJECTIVES FOR THE ENVIRONMENT .................................................................. 16
3.11. RESULT SUMMARY............................................................................................................... 17
APPENDICE 1. REPORT OF THE SITE VISIT : NEC IN VÉLIZY........................................... 18
APPENDICE 2. REPORT OF THE SITE VISIT : NEC IN KUMAMOTO................................. 19
APPENDICE 3. REPORT OF THE SITE VISIT : NEC IN SAGAMIHARA............................. 20
APPENDICE 4. REPORT OF THE SITE VISIT : NEC IN YAMAGUCHI................................ 21
APPENDICE 5. REPORT OF THE SITE VISIT : TOPPAN IN TOKYO ................................... 22
APPENDICE 6. CRYPTOGRAPHIC MECHANISMS ANALYSIS............................................. 23
APPENDICE 7. EVALUATED PRODUCT DOCUMENTATION............................................... 25
Certification report 2004/19 NEC V-WAY 64 V3.0 (µPD79216000) microcontroller
Page 4 / 27
APPENDICE 8. CERTIFICATION REFERENCES ...................................................................... 26
NEC V-WAY 64 V3.0 (µPD79216000) microcontroller Certification report 2004/19
Page 5 / 27
Introduction
Certification
Security certification for information technology products and systems is governed by decree
number 2002-535 dated 18 April, 2002, and published in the "Journal Officiel de la
République Française". This decree stipulates that:
• The central information system security department draws up certification reports.
These reports indicate the features of the proposed security targets. They may include
any warnings that the authors feel the need to mention for security reasons. They may
or may not be transmitted to third parties or made public, as the principals desire
(article 7).
• The certificates issued by the Prime Minister certify that the copies of the products or
systems submitted for evaluation fulfill the specified security features. They also
certify that the evaluations have been carried out in compliance with applicable rules
and standards, with the required degrees of skill and impartiality (article 8).
The ITSEC and Common Criteria certification procedures have been published and are
available in French on the following Internet site:
www.ssi.gouv.fr
Certificate Recognition Arrangement
The SOG-IS European Recognition Arrangement of 1999 enables all the Nations which
have signed the agreement1
to recognize the certificates issued by their certifying authority.
Certificates recognized within the framework of this agreement are issued with the following
label:
The central information system security department also signs recognition agreements with
approved foreign organizations whose head offices are located outside the Member States of
the European Community. These agreements may allow for certificates issued by France to be
recognized by the signatory countries. They may also stipulate that certificates issued by any
one party are to be recognized by all parties. The recognition of certificates may also be
limited to a predetermined assurance level.
1
As of April 1999, the following countries had signed the SOG-IS agreement: the United Kingdom, Germany,
France, Spain, Italy, Switzerland, the Netherlands, Finland, Norway, Sweden and Portugal.
Certification report 2004/19 NEC V-WAY 64 V3.0 (µPD79216000) microcontroller
Page 6 / 27
The Common Criteria Recognition Arrangement enables the nations that have signed the
agreement1
to recognize certificates issued within the framework of the Common Criteria
program up to assurance level EAL4, with specific assurance components where applicable.
Certificates recognized within the framework of this agreement are issued with the following
label:
The following table presents the web sites of the national certification organizations of the
countries which have signed the Common Criteria Recognition Arrangement:
Country
Certifying
organization
Web site
France DCSSI www.ssi.gouv.fr
United Kingdom CESG www.cesg.gov.uk
Germany BSI www.bsi.bund.de
Canada CSE www.cse-cst.gc.ca
Australia-New
Zealand
AISEP www.dsd.gov.au/infosec
United States NIAP www.niap.nist.gov
Japan IPA www.ipa.go.jp
1
As of November 2003, the following certificate-issuing countries had signed the agreement: France, Germany,
the United Kingdom, the United States, Canada , Australia-New Zealand and Japan; the countries which do not
issue certificates but which have signed the agreement are: Spain, Finland, Greece, Israel, Italy, Norway, the
Netherlands, Sweden, Austria and Turkey.
NEC V-WAY 64 V3.0 (µPD79216000) microcontroller Certification report 2004/19
Page 7 / 27
1. Evaluated product
1.1. Product identification
The product subject to the evaluation is the microcontroller developped by NEC referenced
NEC V-WAY 64 V3.0 (µPD79216000) microcontroller. This microcontroller embeds a test
software as well as two software libraries, which are delivered in an object format (linkable),
as follows:
- The interface library to access the cryptoprocessor hardware (Licrypt.a version 3.0),
- The RSA calculation library (RSAlib.a version 2.0).
The reference of the certified product is: V01005V30054 mnnn vw; where mnnn identifies
software code USER ROMCODE and TEST ROMCODE, and vw identifies the test
programme.
1.2. Product Developper
The product was developed and manufactured by several entities within NEC Electronics
group (cf. Product life cycle §1.3.2), as follows:
The product was developed and tested by:
NEC Electronics Europe, Smart Card Application Center
4, avenue Morane Saulnier
78140 Vélizy
France.
NEC Micro Systems (Kumamoto)
2081-24 Tabaru Michiki-machi
Kamimashiki-gun
Kumamoto 861-2202
Japan
The photo masks of the microcontroller were produced by:
Toppan printing Ltd
7-21-33 Nobidome Niiza-city
Saitama 352-8562
Japan
The wafer production was performed by:
NEC Electronics Sagamihara
1120 Shimokusawa Sagamihara-city
Kanagawa 229-1198
Japan
Certification report 2004/19 NEC V-WAY 64 V3.0 (µPD79216000) microcontroller
Page 8 / 27
The production tests and the wafer sawing operations were performed by:
NEC Yamaguchi
192-3 Kamimoto, Higashimagura,
Kusunoki-cho, Asa-gun,
Yamaguchi 757-0298,
Japan
1.3. Product Description
The product subject to the evaluation is the NEC V-WAY 64 V3.0 microcontroller.
This product features two modes of operation:
«Test» mode: Upon the completion of its production, the microcontroller is
being tested thanks to an external testing system and the internal test software
embedded in the ROM of the device. Once those tests are completed the
prepersonalization data are stored in the appropriate EEPROM area and the
microcontroller is locked into «User Mode» in a Non-reversible manner.
«User» mode: This mode is the final mode of utilization for the
microcontroller. It then operates under the control of the software, which is
embedded on the Smart Card. Accessing the test software in the user mode is
absolutely impossible; thus the «User» mode is the unique mode available to the
final users.
The microcontroller cannot be used as such, without embedded software. Together with its
appropriate operating system software, the microcontroller is designed to host one or more
applications. Inserted as a module in a plastic card, the microcontroller will be a key element
of the so called Smart Card. Potential applications are ranging from Banking to Pay TV,
Transportation or health card depending on the embedded application software. These pieces
of software are not in the scope of the evaluation described herein.
1.3.1. Architecture
The V-Way64 Microcontroller is based on a 0,25µm CMOS technology and provides the
following features:
Hardware part:
o 32-bit RISC CPU;
o Memory configuration: 200 KB of ROM (192 KB USER_ROM, 8 KB
TEST_ROM), 64 KB of EEPROM, 64 Bytes of OTP ROM, a set of special
registers for User and Test modes, 4 KB of RAM;
o Cryptography processing unit (NEC SuperMAP),
o DES hardware accelerator;
o 36 MHz on chip clock system;
o 16 bit Random Number Generator;
o Two 16 bit Timers;
o Interrupt controller (49 input);
NEC V-WAY 64 V3.0 (µPD79216000) microcontroller Certification report 2004/19
Page 9 / 27
o ISO7816 & EMV compliant serial interface unit;
o Full set of security mechanisms;
o Stand-by controller (HALT, IDLE, STOP modes);
o Power management unit including a Reset generator and a Voltage
regulator;
Software part:
o The interface library to access the hardware cryptoprocessor;
o The RSA calculation library;
o The microcontroller test and evaluation software.
A detailed description of the architecture is available in the [HLD] documentation.
1.3.2. Life Cycle
The product life cycle derives from the life cycle described under PP/9806 [PP9806] as
follows :
Développement de
l’application
Product
Design
and
manufacturing
Développement du micro
-
circuit et de son logiciel dédié
Construction de la base de
données du produit
Fabrication du masque
Tests et pré
-personnalisation
Fabrication du micro
-circuit
Tests
Mise en micro
-module
Tests
Encartage
Tests
Personnalisation
Utilisation
Product
Utilization
Fin de vie
Légende
Livraison sécurisée avec
procédure de contrôle
Livraison réalisée dans
une enceinte sécurisée
Phases
supposed
to
be
secured
STM, Rousset
Phase 1
Phase 2
Phase 3
Phase 4
Phase 5
Phase 6
Phase 7
Application
development
Microcomputer and embedded
software develoment
Completion of the design
Database for the product
Mask Fabrication
Tests and pre-personalization
Microcomputer Fabrication
-
Testing
Micromodule fabrication
Testing
Card embedding
Testing
Personalization
Utilization
End of life
Légende
Livraison sécurisée avec
procédure de contrôle
Livraison réalisée dans
une enceinte sécurisée
Legend
Secure delivery with
Controle procedure
Delivery within controlled
area
NEC SCAC, NEC NMS
NEC NMS
NEC Sagamihara
NEC Yamagushi
TOPPAN
Figure 1 – Standard Smart Card life cycle
Certification report 2004/19 NEC V-WAY 64 V3.0 (µPD79216000) microcontroller
Page 10 / 27
1.3.3. Scope of the product evaluation
This certification report presents the evaluation work on the V-Way64 Microcontroller and its
associated software libraries as described under section 1.3.1. Any other embedded
application, including those, which were embedded for the sole purpose of the evaluation
work, are not in the scope of this evaluation.
With reference to the life cycle here above, the evaluated product is the one coming out of
phase 3 consisting in the microcontroller fabrication, testing and pre-personalization.
1.4. Utilization and administration
1.4.1. Utilization
The evaluated product is not embedding any particular application. It consists in a hardware
and software platform offering various services for embedded software to be used in Smart
Card applications. In fact there is no real utilization of the microcontroller as such. The users
of the microcontroller can be seen as the application developers as well as all bodies involved
in the so called administration phases of the micromodule and the card (phase 4 to 6) where
embedded applications are configured and personalized.
Within the V-WAY64 V3.0 evaluation, users are being defined as those who can actually
implement the functionalities of the microcontroller as described under section 1.3.1.
This definition includes all users having access to the product in « user » mode including the
card issuer, the developer of embedded software, bodies in charge of card embedding or card
integration within its complete system.
The security objectives related to the design environment and the final use of the product are
listed in the security target [ST].
1.4.2. Administration
The phases 4 to 6 of the product life cycle (so called administration phases) are covered by an
assumption within the protection profile, that those phases are realized in the appropriate
conditions, which would not jeopardize the security of the product. Those conditions have not
been investigated in the context of this evaluation.
NEC V-WAY 64 V3.0 (µPD79216000) microcontroller Certification report 2004/19
Page 11 / 27
2. The evaluation
2.1. Evaluation facility
CEACI (Thalès Microelectronics – CNES)
18, avenue Edouard Belin
31401 Toulouse Cedex 4
France
Phone : +33 5 61 27 40 29
E-mail address : ceaci@cnes.fr
The evaluation has been carried out from September 2002 to March 2004.
2.2. Sponsor
NEC Electronics (Europe) GmbH
Smart Card Application Center
9, rue Paul Dautier
B.P. 52
78142 Vélizy Cedex
France
2.3. Evaluation criteria
The evaluation has been carried in compliance with Common Criteria [CC], and with the
evaluation methodology described in CEM [CEM] including final interpretations listed in the
evaluation reports.
2.4. Security target evaluation
The security target [ST] defines the evaluated product and its operational environment.
All security functional requirements and security assurance requirements from the security
target are taken from part 2 and part 3 of Common Criteria [CC].
The security target meets ASE class requirements.
2.5. Product evaluation
The evaluation consists in checking that the product and its documentation are compliant to
security functional and assurance requirements defined in the security target [ST] of the
product.
2.5.1. Product development
ADV assurance class – development – defines requirements for the stepwise refinement of the
product’s security functions from its summary specification in the security target [ST] down
to the actual implementation. Each of the resulting product’s security function representations
Certification report 2004/19 NEC V-WAY 64 V3.0 (µPD79216000) microcontroller
Page 12 / 27
provide information to help the evaluator determine whether the functional requirements of
the product have been met.
Documents associated to ADV class analysis shows that security functional requirements are
correctly and completely refined into the different levels of the product representation
(functional specifications (FSP), subsystems (HLD), modules (LLD) and implementation
(IMP)), down to the implementation of its security functions.
Documents provided for ADV – development – class evaluation meet requirements from part
3 of Common Criteria [CC] in term of form and content of evidence.
2.5.2. Documentation
From the point of view of the evaluation, there is no administrator of the micro-controller
during the usage phases (4 to 7 of the lifecycle). Indeed, administration of these phases are
linked to a specific application that is not include in the evaluation perimeter. The users are
considered to be the persons that can operate the functionalities of the product (e.g. the
embedded software developer).
User guides [USR] and administrator guides [IGS] meet requirements from part 3 of Common
Criteria [CC] in term of form and content of evidence.
2.5.3. Delivery and installation
According to the evaluation guidance « The application of CC to IC » [CC_IC], delivery is
considered:
delivery of embedded software code to the developer of micro-controller,
delivery of required information to the mask developer,
delivery of the mask to the micro-controller developer,
delivery of the micro-controllers to the person in charge of the next step
(embedding…).
The various sites involved are identified in §1.2 of this report. Within the evaluation, visits
have been carried out on these sites to verify that the procedures are applied (cf. Annex 1 to
5).
The delivery [DEL] procedure is sufficient to fulfil the requirements: it permits to identify the
origin of the delivery and to detect any modification of the product during its delivery.
The product start-up is a RESET, the installation, generation and start-up procedures [IGS]
permit to have a secure configuration of the product.
Documents provided for ADO – Delivery and operation – class evaluation meet requirements
from part 3 of Common Criteria [CC] in term of form and content of evidence.
2.5.4. Development environment
The configuration management system is used according to the configuration plan [ACM].
The configuration list [LGC] identifies the elements traced by the configuration management
system. The configuration elements identified in the configuration list are maintained by the
configuration management system. The procedures for generating the product are sufficient to
ensure that correct configuration elements are used to generate the product.
The various sites involved in the development of the product are identified at §1.2 in this
report.
Security measures described in procedures provide the sufficient level of protection to
maintain the confidentiality and the integrity of the evaluated product and its documentation.
NEC V-WAY 64 V3.0 (µPD79216000) microcontroller Certification report 2004/19
Page 13 / 27
The evaluator checked that procedures are followed in a manner consistent with that described
in the development and configuration management documentation. Sites visits have been
performed [Visit].
Documents provided for ALC – Lifecycle support – class evaluation meet requirements from
part 3 of Common Criteria [CC] in term of form and content of evidence.
2.5.5. Functional testing
The evaluator checked that all security functions and functional specification interfaces of the
product are mapped to at least a functional test described in the test documentation. He
checked also that all security functions, as described is the high-level design documentation
[HLD], are covered by the developer tests.
2.5.6. Vulnerability assessment
Vulnerabilities identified by the developer have been checked through an analysis and
through penetration testing. The evaluator concludes that vulnerabilities identified by the
developer are correctly covered.
The evaluator performed an independent vulnerability analysis that results do not point out
any additional vulnerability.
The product within its operational environment is resistant to an attacker possessing a high
level attack potential.
Certification report 2004/19 NEC V-WAY 64 V3.0 (µPD79216000) microcontroller
Page 14 / 27
3. Conclusions of the evaluation
3.1. Evaluation technical report
The Evaluation Technical Report [RTE] describes results from the evaluation of NEC V-
WAY 64 V3.0 (µPD79216000) microcontroller.
3.2. Evaluation level
NEC V-WAY 64 V3.0 (µPD79216000) microcontroller has been evaluated in compliance to
Common Criteria [CC] and its methodology [CEM] at level EAL41
augmented with following
assurance components, compliant to Common Criteria part 3:
Components
ADV_IMP.2 Implementation of the TSF
ALC_DVS.2 Sufficiency of security measures
AVA_VLA.4 Highly resistant
Tableau 1 - Augmentations
For all these product evaluation level components, following verdicts have been issued:
Class ASE Security Target evaluation Verdict
ASE_DES.1 TOE description Pass
ASE_ENV.1 Security environment Pass
ASE_INT.1 ST introduction Pass
ASE_OBJ.1 Security objectives Pass
ASE_PPC.1 PP claims Pass
ASE_REQ.1 IT security requirements Pass
ASE_SRE.1 Explicitly stated IT security
requirements
Pass
ASE_TSS.1 Security Target, TOE summary
specification
Pass
Class ACM Configuration management
ACM_AUT.1 Partial CM automation Pass
ACM_CAP.4 Generation support and acceptance
procedures
Pass
ACM_SCP.2 Problem tracking CM coverage Pass
Class ADO Delivery and operation
ADO_DEL.2 Detection of modification Pass
ADO_IGS.1 Installation, generation, and start-up
procedures
Pass
1
In Appendice 7, a table gives a brief description of existing Evaluation Assurance Levels (EAL) defined in
Common Criteria [CC].
NEC V-WAY 64 V3.0 (µPD79216000) microcontroller Certification report 2004/19
Page 15 / 27
Class ADV Development
ADV_FSP.2 Fully defined external interfaces Pass
ADV_HLD.2 Security enforcing high-level design Pass
ADV_IMP.2 Implementation of the TSF Pass
ADV_LLD.1 Descriptive low-level design Pass
ADV_RCR.1 Informal correspondence demonstration Pass
ADV_SPM.1 Informal TOE security policy model Pass
Class AGD Guidance
AGD_ADM.1 Administrator guidance Pass
AGD_USR.1 User guidance Pass
Class ALC Life cycle support
ALC_DVS.2 Sufficiency of security measures Pass
ALC_LCD.1 Developer defined life-cycle model Pass
ALC_TAT.1 Well-defined development tools Pass
Class ATE Tests
ATE_COV.2 Analysis of coverage Pass
ATE_DPT.1 Testing: high-level design Pass
ATE_FUN.1 Functional testing Pass
ATE_IND.2 Independent testing - sample Pass
Class AVA Vulnerability assessment
AVA_MSU.2 Validation of analysis Pass
AVA_SOF.1 Strength of TOE security function
evaluation
Pass
AVA_VLA.4 Highly resistant Pass
Tableau 2 – Components and their corresponding verdicts
3.3. Functional requirements
The product meets the following security functional requirements [ST chapter 5] :
Potential violation analysis (FAU_SAA.1)
Cryptographic operation (FCS_COP.1)
Complete access control (FDP_ACC.2)
Security attributes based access control (FDP_ACF.1)
Subset information flow control (FDP_IFC.1)
Simple security attributes (FDP_IFF.1)
Stored data integrity monitoring and action (FDP_SDI.1)
User attribute definition (FIA_ATD.1)
User authentication before any action (FIA_UAU.2)
User Identification before any action (FIA_UID.2)
Management of security functions behaviour (FMT_MOF.1)
Management of security attributes (FMT_MSA.1)
Static attribute initialisation (FMT_MSA.3)
Security management roles (FMT_SMR.1)
Certification report 2004/19 NEC V-WAY 64 V3.0 (µPD79216000) microcontroller
Page 16 / 27
Unobservability (FPR_UNO.1)
Notification of physical attack (FPT_PHP.2)
Resistance to physical attack (FPT_PHP.3)
TOE Security Functions testing (FPT_TST.1)
3.4. Strength of functions
Only authentication functions have been subject to an estimation of their strength.
Strength of security functions meets the high level (SOF-high).
3.5. Cryptographic mechanisms analysis
Only the random generator has been analysed in a cryptographic scope during this evaluation
(cf annex 2).
3.6. Protection profile claim
This product is compliant with the requirements of PP/9806 [PP9806].
3.7. European recognition (SOG-IS)
This certification report is emited within the requirement of the SOG-IS [SOGIS] recognition
agreement with the disponibility of a security target [ST].
3.8. International recognition (CC RA)
This certification report is emited within the requirement of the CC-RA recognition
agreement with the disponibility of a security target [ST].
The following augmentations above EAL4 are not recognise within CC-RA [CCRA]:
ADV_IMP.2, ALC_DVS.2 and AVA_VLA.4 (Tableau 1).
3.9. Usage restrictions
Operational environment have to respect security objectives for the environment (§ 3.10), as
well as recommendations within user guidance [USR] and administrator guidance | IGS].
Results from the evaluation are valid only for the configuration specified in this certification
report.
This certification report gives an assessment on the strength of the “NEC V-WAY 64 V3.0
(µPD79216000) microcontroller” to resist to attacks, these attacks remain generic as no
specific application is embedded. Therefore, the security of a complete product built on this
microcontroller will only be assessed with the evaluation of the complete product; the
complete evaluation can be based on the results of this evaluation.
3.10. Security objectives for the environment
Security objectives for the environment are the followings [ST § 4.2.6], they apply to the
system that uses the microcontroller with its embedded application:
Secure communication protocols and procedures shall be used between
smartcard and terminal.
NEC V-WAY 64 V3.0 (µPD79216000) microcontroller Certification report 2004/19
Page 17 / 27
The integrity and the confidentiality of sensitive data stored/handled by the
system (terminals, communications…) shall be maintained.
3.11. Result summary
The whole evaluation work performed by the evaluation centre is accepted by the certification
body who testify that NEC V-WAY 64 V3.0 (µPD79216000) microcontroller identified in
paragraph 1.1 and described in paragraph 1.3 of this report is compliant with requirements
specified into the security target [ST]. The whole evaluation work and theirs results are
described within the evaluation technical report [RTE].
Certification report 2004/19 NEC V-WAY 64 V3.0 (µPD79216000) microcontroller
Page 18 / 27
Appendice 1. Report of the site visit : NEC in Vélizy
The following NEC site in charge of the development and the test of the product:
NEC Electronics Europe, Smart Card Application Center
4, avenue Morane Saulnier
78140 Vélizy
France
was subject of a site visit in December 2003, in the context of the V-WAY64 V3.0
evaluation, in order to verify its conformance with the evaluation criterias and the
documentation concerning:
The configuration management: ACM (ACM_AUT.1, ACM_CAP.4) ;
The deliveries: ADO (ADO_DEL.2) ;
The development security: ALC (ALC_DVS.2).
The visit by the evaluation body together with an attendant from the DCSSI, resulted in
positive conclusions as to the required criterias for the site.
NEC V-WAY 64 V3.0 (µPD79216000) microcontroller Certification report 2004/19
Page 19 / 27
Appendice 2. Report of the site visit : NEC in Kumamoto
The following NEC site in charge of the development and the test of the product:
NEC Micro Systems (Kumamoto)
2081-24 Tabaru Michiki-machi
Kamimashiki-gun
Kumamoto 861-2202
Japan
was subject of a site visit in October 2003, in the context of the V-WAY64 V3.0 evaluation,
in order to verify its conformance with the evaluation criterias and the documentation
concerning:
The configuration management: ACM (ACM_AUT.1, ACM_CAP.4) ;
The deliveries: ADO (ADO_DEL.2) ;
The development security: ALC (ALC_DVS.2).
The visit by the evaluation body resulted in positive conclusions as to the required criterias
for the site.
Certification report 2004/19 NEC V-WAY 64 V3.0 (µPD79216000) microcontroller
Page 20 / 27
Appendice 3. Report of the site visit : NEC in Sagamihara
The following NEC site in charge of the wafer fabrication:
NEC (Sagamihara)
1120 Shimokusawa Sagamihara-city
Kanagawa 229-1198
Japan
was subject of a site visit in October 2003, in the context of the V-WAY64 V3.0 evaluation,
in order to verify its conformance with the evaluation criterias and the documentation
concerning:
The configuration management: ACM (ACM_AUT.1, ACM_CAP.4) ;
The deliveries: ADO (ADO_DEL.2) ;
The development security: ALC (ALC_DVS.2).
The visit by the evaluation body resulted in positive conclusions as to the required criterias
for the site.
NEC V-WAY 64 V3.0 (µPD79216000) microcontroller Certification report 2004/19
Page 21 / 27
Appendice 4. Report of the site visit : NEC in Yamaguchi
The following NEC site in charge of the wafer testing and sawing:
NEC (Yamaguchi)
192-3 Kamimoto, Higashimagura,
Kusunoki-cho, Asa-gun,
Yamaguchi 757-0298,
Japan
was subject of a site visit in October 2003, in the context of the V-WAY64 V3.0 evaluation,
in order to verify its conformance with the evaluation criterias and the documentation
concerning:
The configuration management: ACM (ACM_AUT.1, ACM_CAP.4) ;
The deliveries: ADO (ADO_DEL.2) ;
The development security: ALC (ALC_DVS.2).
The visit by the evaluation body resulted in positive conclusions as to the required criterias
for the site.
Certification report 2004/19 NEC V-WAY 64 V3.0 (µPD79216000) microcontroller
Page 22 / 27
Appendice 5. Report of the site visit : Toppan in Tokyo
The following NEC site in charge of the photo masks fabrication:
Toppan printing Ltd
7-21-33 Nobidome Niiza-city
Saitama 352-8562
Japan
was subject of a site visit in October 2003, in the context of the V-WAY64 V3.0 evaluation,
in order to verify its conformance with the evaluation criterias and the documentation
concerning:
The configuration management: ACM (ACM_AUT.1, ACM_CAP.4) ;
The deliveries: ADO (ADO_DEL.2) ;
The development security: ALC (ALC_DVS.2).
The visit by the evaluation body resulted in positive conclusions as to the required criterias
for the site.
NEC V-WAY 64 V3.0 (µPD79216000) microcontroller Certification report 2004/19
Page 23 / 27
Appendice 6. Cryptographic mechanisms analysis
The NEC V-WAY 64 V3.0 (µPD79216000) microcontroller provides a random numbers
generator.
This service is to be used by an embedded application and has been analysed by DCSSI. The
analysis shows that in the case this random number generator shall be used for cryptographic
means, it has to be used in compliance with the guidance [USR].
Certification report 2004/19 NEC V-WAY 64 V3.0 (µPD79216000) microcontroller
Page 24 / 27
Appendice 7. Evaluation Assurance Levels
ISO 15408 or CC
Components by assurance level
Class Family
EAL1 EAL2 EAL3 EAL4 EAL5 EAL6 EAL7
ACM_AUT 1 1 2 2
ACM_CAP 1 2 3 4 4 5 5
ACM class
Configuration
management ACM_SCP 1 2 3 3 3
ADO_DEL 1 1 2 2 2 3
ADO class
Delivery and operation ADO_IGS 1 1 1 1 1 1 1
ADV_FSP 1 1 1 2 3 3 4
ADV_HLD 1 2 2 3 4 5
ADV_IMP 1 2 3 3
ADV_INT 1 2 3
ADV_LLD 1 1 2 2
ADV_RCR 1 1 1 1 2 2 3
ADV class
Development
ADV_SPM 1 3 3 3
AGD_ADM 1 1 1 1 1 1 1
AGD class
Guidance documents AGD_USR 1 1 1 1 1 1 1
ALC_DVS 1 1 1 2 2
ALC_FLR
ALC_LCD 1 2 2 3
ALC class
Life cycle support
ALC_TAT 1 2 3 3
ATE_COV 1 2 2 2 3 3
ATE_DPT 1 1 2 2 3
ATE_FUN 1 1 1 1 2 2
ATE class
Tests
ATE_IND 1 2 2 2 2 2 3
AVA_CCA 1 2 2
AVA_MSU 1 2 2 3 3
AVA_SOF 1 1 1 1 1 1
AVA class
Vulnerability
assessment
AVA_VLA 1 1 2 3 4 4
NEC V-WAY 64 V3.0 (µPD79216000) microcontroller Certification report 2004/19
Page 25 / 27
Appendice 8. Evaluated product documentation
[ACM] Configuration Management Smartcard Manual, réf: 81-00U0-00001,
version 1.30 of 9/09/2003.
[Visite] • Visit Report ARSIA (NEC SCAC Vélizy), réf: ARS_RDV_SCAC,
version 1.0 of 12/12/2003;
• ARSIA Audit Site : NEC NMS / Kumamoto October 01st & 02nd,
2003, réf: ARS_RDV_NMS, version a;
• ARSIA Audit Site : Toppan Printing / Tokyo September 30th,
2003, réf: ARS_RDV_TOP, version a;
• ARSIA Audit Site : NEC UC line + G4/ Sagamihara October 06th
2003, réf : ARS_RDV_SAG, version a;
• ARSIA Audit Site : NEC / YAMAGUCHI October 01st & 02nd,
2003, réf: ARS_RDV_YAM, version a.
[DEL] ADO_DEL: Delivery of the TOE, réf: 81-55w1-00001, version 1.01 of
13/01/2004.
[HLD] Total Chip (TC) High Level Design, réf: 33-55Q1-10000, version 1.04 of
29/03/2004.
[IGS] V-WAY64-V 3.0 [uPD79216000] Installation, Generation and Start-Up,
réf 33-55F1-10000, version 1.10 of 12/11/2003.
[LGC] VWAY 64 Configuration List, réf: 33-55U1-00001, version 1.04 of
26/04/2004.
VWAY 64-V3.0 EAL4+ Document Navigator, réf: 33-5511-10002,
version 1.23 of 17/06/2004.
[RTE] Evaluation Technical Report of ARSIA project, réf: ARS_ETR, version
1.0 of 29/04/04.
[ST] µPD79216000 V3.0 (V-WAY 64 V3.0) Security Target, Ref:33-55N1-
10000, version 1.34 of 31/03/2004.
µPD79216000 V3.0 (V-WAY 64 V3.0) Security Target Lite, Ref:33-
55N1-10001, version 1.00 of 12/07/2004.
[USR] V-WAY 64-V 3.0 [uPD79216000] User Guidance, réf: 33-65K1-10000,
version 1.02 of 26/04/04.
[PP9806]
Common Criteria for Information Technology Security Evaluation -
Protection Profile : Smart Card Integrated Circuit Version 2.0, Issue
September 1998.
Certified by the French certification body under reference PP/9806.
Certification report 2004/19 NEC V-WAY 64 V3.0 (µPD79216000) microcontroller
Page 26 / 27
Appendice 9. Certification references
Decree 2002-535 of 18 April 2002 relating to evaluation and certification of security
provided by information technology products and systems.
[CC] Common Criteria for Information Technology Security Evaluation:
• Part 1: Introduction and general model, version 2.1, August 1999;
• Part 2: Security functional requirements, version 2.1, August 1999;
• Part 3: Security assurance requirements, version 2.1, August 1999.
[CEM] Common Methodology for Information Technology Security Evaluation:
• Part 2: Evaluation Methodology, version 1.0, August 1999.
[IS 15408] Information technology — Security techniques — Evaluation criteria for
IT security:
• ISO/IEC 15408-1:1999(E): Part 1: Introduction and general model;
• ISO/IEC 15408-2:1999(E): Part 2: Security functional
requirements;
• ISO/IEC 15408-3:1999(E): Part 3: Security assurance
requirements.
[CC RA] Arrangement on the Recognition of Common criteria certificates in the
field of information Technology Security, may 2000.
[SOG-IS] «Mutual Recognition Agreement of Information Technology Security
Evaluation Certificates», version 2.0, April 1999, Management Committee
of Agreement Group.
NEC V-WAY 64 V3.0 (µPD79216000) microcontroller Certification report 2004/19
Page 27 / 27
Any correspondence about this report has to be addressed to :
Secrétariat Général de la Défense Nationale
Direction Centrale de la Sécurité des Systèmes d'Information
Bureau certification
51, boulevard de la Tour Maubourg
75700 Paris cedex 07 SP
France
certification.dcssi@sgdn.pm.gouv.fr
Reproduction of this document without any change or cut is authorised.