ICS 35.040
L 80
National Standard of the People’s Republic of China
GB/T 22186-2016
Replaces GB/T 22186-2008
Information security techniques - Security technical requirements for IC card chip with CPU
(English Translation)
Issue date: 2016-08-29 Implementation date: 2017-03-01
Issued by the General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China
the Standardization Administration of the People's Republic of China
Information security techniques - Security technical requirements for IC card chip with CPU
1 Scope
This standard specifies the security functional requirements and security assurance requirements for the IC card chip with CPU (EAL4+, EAL5+ and EAL6+), including the security problem definition, security objectives, extended components definition, security requirements, rationale, etc.
This standard is applicable to the test, evaluation and procurement of IC card chip products, and is also useful as a guide for the research and development of such products.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 18336 (All parts) Information technology - Security techniques - Evaluation criteria for IT security
GB/T 25069-2010 Information security technology - Glossary
3 Terms, definitions and abbreviations
3.1 Terms and definitions
For the purposes of this document, the terms and definitions given in GB/T 25069-2010, GB/T 18336.1 and the followings apply.
3.1.1
IC dedicated software
dedicated software developed by the IC card chip designer and existing in the IC card integrated circuit. The dedicated software is usually used for testing purposes during production, and can also be used to provide additional services to facilitate usage of the hardware. Some functions of the dedicated testing software are limited to specific stages
3.1.2
initialization data
data defined by the IC card chip manufacturer and used to identify the chip in order to track the production process and life cycle stage, e.g. the unique identification number of the IC card chip
3.1.3
pre-personalization data
data written into the non-volatile memory by the manufacturer in the IC card chip manufacturing stage, for the convenience of tracing the manufacturing process of the IC card chip in the subsequent life cycle stage
3.1.4
IC card embedded software
software stored in the non-volatile memory of the IC card with CPU (such as ROM, EEPROM or Flash) and running in IC card chip. The software is used to manage the hardware resources and data of the chip, and exchange information with IC card terminal device through the communication interface of the chip, so as to respond to application requests such as data encryption, data signature and authentication initiated by users, and realize the support for application functions
3.2 Abbreviations
For the purposes of this document, the following abbreviations apply.
CPU: Central Processing Unit
CM: Configuration Management
EAL: Evaluation Assurance Level
EEPROM: Electrically-Erasable Programmable Read-only Memory
IC: Integrated Circuit
I/O: Input/Output
IT: Information Technology
RAM: Random-Access Memory
ROM: Read-Only Memory
ST: Security Target
TOE: Target of Evaluation
TSF: TOE Security Functionality
USB: Universal Serial Bus
4 Description of IC card chip
The Target of Evaluation (TOE) of this standard refers to the IC card chip with CPU (hereinafter referred to as IC card chip), which is generally composed of processing unit, volatile memory RAM and non-volatile memory ROM/EEPROM/Flash, I/O interfaces (contact, contactless or similar interfaces like USB), random number generator, cryptographic co-processor, security measure circuit (such as hardware module for preventing physical detection and environmental stress threat), etc. The TOE may also include the IC dedicated software delivered by the IC designer/manufacturer. Such software (also known as IC firmware) is often used for testing purposes during production but may also provide additional services to facilitate usage of the hardware (for instance in the form of a library). The IC card embedded software is that running in the IC card chip by the user of the TOE, but is not part of the TOE. The general structure and operational environment of the IC card chip are shown in Figure 1 (it is worth noting that the IC card chip may not contain some circuit modules, such as ROM and EEPROM according to the actual use of the chip).
In this operational environment, the administrator can basically configure the IC card chip through the IC dedicated software (or directly through the chip interface or circuit); on the other hand, attackers can attack by using IC card embedded software interface or detecting IC card chip circuit, so as to destroy the sensitive data information of the IC card chip or abuse its security function. Therefore, protective measures shall be taken for the IC card chip to ensure the data and functional security of the chip.
Foreword i
Introduction iii
1 Scope
2 Normative references
3 Terms, definitions and abbreviations
3.1 Terms and definitions
3.2 Abbreviations
4 Description of IC card chip
5 Security problem definition
5.1 Assets
5.2 Threats
5.3 Organizational security policies
5.4 Assumptions
6 Security objectives
6.1 Security objectives for the IC card chip
6.2 Security objective for environment
7 Extended components definition
7.1 Definition of the Family FMT_LIM
7.2 Definition of the Family FPT_TST
8 Security requirements
8.1 Security functional requirements
8.2 Security assurance requirements
9 Rationale
9.1 Security objectives rationale
9.2 Security requirement rationale
9.3 Component dependency rationale
Bibliography
