Foreword
1 Scope
2 References
2.1 Normative references
2.2 Informative references
3 Terms and definitions, abbreviations
3.1 Terms and definitions
3.2 Abbreviations
3.3 Document conventions
4 SSCD-related provisions of the Directive
4.1 Relevant definitions
4.2 General provisions given as recitals
4.3 Technical aspects of provisions given in Annex 3
4.4 SSCD-related provisions on qualified certificates
and CSP
5 Explanatory amendments to CWA 14169
5.1 General implementation guidelines
5.1.1 SSCD overview
5.1.2 SSCD Types
5.1.3 TOE vs. TOE IT-environment
5.2 Guidelines on specific matters of interest
5.2.1 Inter-TSF trusted channel (FTP_ITC) and
trusted path (FTP_TRP)
5.2.2 TOE Emanation (FPT_EMSEC)
5.2.3 Security function policies and roles (FDP_ACC,
FDP_ACF)
5.2.4 Transition to operational state
5.2.5 Key destruction (FCS_CKM.4)
5.2.6 Authentication failure handling (FIA_AFL)
5.3 Requests for clarification
5.3.1 Status of the SSCD PPs
5.3.2 Key generation at the CSP
5.3.3 Usage for CSP signing
5.3.4 Key recovery, key escrow, shared secrets
for SSCDs
5.3.5 Signature service provision
5.3.6 SVD export/import for Type 2
5.3.7 Cryptographic attacks
5.3.8 Authentication and identification
5.3.9 Reasonably assured
5.3.10 Management of security function behaviour
(FMT_MOF.1)
5.3.11 Emanation Security (FPT_EMSEC) vs.
Unobservability (FPR_UNO)
6 Relation of SSCD PP to other standards
6.1 Overview of related protection profiles
6.1.1 SSCD PP
6.1.2 Eurosmart PP9911 (software and hardware)
relying on PP9806 (hardware)
6.1.3 Eurosmart PP0002 "Smart Card IC Platform
Protection Profile"
6.1.4 Eurosmart PP0010 "Smart Card IC with
Multi-Application Secure Platform"
6.1.5 The NIST SC-user group PP-document (Version
3.0)
6.2 Evaluation aspects of SSCD as HW-SW combination
6.2.1 Requirements for hardware components
6.2.2 Division of SSCD into different components
6.2.3 Evaluation of the SSCD as composite device
7 General Platform Implementation Guidelines
7.1 SSCD and the Qualified Certificate
7.1.1 SSCD-indicator in the certificate
7.1.2 Trusted channel to the CGA
7.1.3 Certificate distribution
7.2 Implementation of SCA and SSCD
7.2.1 Class 1 SCS-SCA and SSCD share a computing
engine
7.2.2 Class 2 SCS-SCA and SSCD on separate computing
engines
7.3 Display limitations
7.3.1 Display message (DM) device
7.3.2 Display hash (DH) device
7.4 Use cases
7.4.1 Class 1DM System
7.4.2 Class 2DM System
7.4.3 Class 1DH System
7.4.4 Class 2DH System
8 Implementation guidelines for smartcards
8.1 SSCD platform functions
8.1.1 Personalisation
8.1.2 User authentication
8.1.3 Trusted channels and trusted path
8.2 SSCD environment
9 Implementation guidelines for mobile phones
9.1 Usage considerations
9.1.1 Displaying the complete message on the phone
9.1.2 Displaying only a hash value on the phone
9.2 SSCD platform functions
9.2.1 Personalisation
9.2.2 User authentication
9.2.3 Trusted channels and trusted path
9.3 SSCD environment
10 Implementation guidelines for PDA
10.1 Computing engine choices
10.1.1 Single Computing engine
10.1.2 Separate Computing engines
10.2 Display considerations
10.2.1 Display Message device
10.2.2 Display Hash device
10.3 User intentions
10.4 SSCD platform functions
10.4.1 Personalisation
10.4.2 User authentication
10.4.3 Trusted Paths and Channels
11 Implementation guidelines for PCs
11.1 Computing engine choices
11.1.1 Single Computing engine
11.1.2 Separate Computing engines
11.2 Display considerations
11.2.1 Display Message device
11.2.2 Display Hash device
11.3 User intentions
11.4 SSCD platform functions
11.4.1 Personalisation
11.4.2 User Authentication
11.4.3 Trusted Paths and Channels
12 Signing Services
Annex 1 (informative) Comparison of Protection Profiles
1.1 Security Objectives comparison
1.2 Functional Security Requirements comparison