Web URL static identifiers (supposedly permalinks) are changing #443
Labels
bug
Something isn't working
Comments
|
This one will be tough to fix though, it's pretty deep in our design and we've repeatedly revisited this with no resolution. @petrs If this is important to you, could you please fit it to Thu team meeting agenda? We should discuss possible solutions in person. |
Yes, I thing this is important feature to have (permalinks). It breaks email notification functionality as well, so it is real bug. Let's discuss in person |
|
Let me put some notes here that I made on Matrix, just to not lose them. During normal operation of the site it will never happen that a previously valid certificate pages gives a 404. If a certificate is removed from an update run (or its ID changes, etc., we can not really tell these things apart) the only thing that happens is that a note is added to the certificate update log, (see here for an example, here is the diff). What happened to lead to the 404sSome time ago CC portal changed the way they construct URLs to certification artifacts (PDFs). We were including these links in our primary key that we build the ID out of. Thus one update caused almost the whole database to turn over: "old" certificates were marked as removed and "new" certificates with new IDs took their place. The database was thus sort of duplicated. To clean this up, we decided to make a new fresh run and clear up the database (as well as make our ID construction algorithm agnostic to these sort of URL changes). We also added automated redirects from the old IDs to the new ones. However, the CC portal also changed some other attributes of some certificates during this change. Since we did the fresh run we lost some certificates here, because the automated redirects were put in based on the new atrtributes (and lead to the wrong "old" IDs). How to avoid this in the future?Do not do fresh runs. How to fix this nowGet pre-update dataset, examine which of its IDs are giving 404, quantify and create more redirects manually? Bottom lineEven if we do no fresh runs in the future. The isue is not resolved fully. Even if we had not done the fresh run which has caused the 404s, we would have had a different problem. The page with the old id would list the certificate as removed and there would be a new certificate in the database (and a page) with the new id. This is because to us, these are two different certificates, even though your human eye can tell they are the same. See below for a case study on this. Case studyName and cert ID change. ➡️
Name and cert ID change. ➡️
Name and cert ID stayed. 🟰 Security target URL changed (
Name and cert ID stayed. 🟰 Changed category and added
Name and cert ID stayed. 🟰 Changed category and added many SARs to security level.
Name and cert ID stayed. 🟰 Changed category.
Plus some examples of actual 404s due to the issue I described aboveThese are from the November 2023 run: Name stayed, cert ID changed. ➡️ Also changed cert and ST links which lead to ID mismatch.
Raw data (old){
"_type": "sec_certs.sample.cc.CCCertificate",
"dgst": "aca0a7ddf0ccac9d",
"status": "active",
"category": "ICs, Smart Cards and Smart Card-Related Devices and Systems",
"name": "NXP eDoc Suite v4.0 on JCOP4.5 P71 - cryptovision ePasslet Suite – Java Card applet configuration providing Secure Signature Creation Device with Key generation (SSCD)",
"manufacturer": "NXP Semiconductors Germany GmbH",
"scheme": "NL",
"security_level": {
"_type": "Set",
"elements": [
"ALC_DVS.2",
"AVA_VAN.5",
"EAL5+"
]
},
"not_valid_before": "2023-08-09",
"not_valid_after": "2028-08-09",
"report_link": "https://www.commoncriteriaportal.org/files/epfiles/NSCIB-CC-2200053-01-CR.pdf",
"st_link": "https://www.commoncriteriaportal.org/files/epfiles/NSCIB-CC-2200053-01-ST_v14.pdf",
"cert_link": "https://www.commoncriteriaportal.org/files/epfiles/NSCIB-CC-2200053-01-Cert.pdf",
"manufacturer_web": "https://www.nxp.com",
"protection_profiles": {
"_type": "Set",
"elements": [
{
"_type": "sec_certs.sample.protection_profile.ProtectionProfile",
"pp_name": "Protection Profile for Secure Signature Creation Device - Part 2: Device with Key Generation, Version...",
"pp_eal": null,
"pp_link": "https://www.commoncriteriaportal.org/files/ppfiles/pp0059b_pdf.pdf",
"pp_ids": null
}
]
},
"maintenance_updates": {
"_type": "Set",
"elements": []
},
"state": {
"_type": "sec_certs.sample.cc.CCCertificate.InternalState",
"st_download_ok": true,
"report_download_ok": true,
"st_convert_garbage": false,
"report_convert_garbage": false,
"st_convert_ok": true,
"report_convert_ok": true,
"st_extract_ok": true,
"report_extract_ok": true,
"st_pdf_hash": "0e2d5e5a91ccbba226f110d55ca1fd0065aa199e73d2351e56f0b4ab102e333f",
"report_pdf_hash": "c9dd18b2885a4c111258594f40a74b767b4d5f754b14fec9675c24f5fd799473",
"st_txt_hash": "4bbe87eebf0880b047a9b65d014609faad6a46b96f744a048b349e2951c47849",
"report_txt_hash": "d10bbd530d5ea060725c5cdfaaaa770e7612749a591b21b65225da61716b31e8"
},
"pdf_data": {
"_type": "sec_certs.sample.cc.CCCertificate.PdfData",
"report_metadata": {
"pdf_file_size_bytes": 327123,
"pdf_is_encrypted": false,
"pdf_number_of_pages": 12,
"/Title": "Certification Report",
"/Author": "Microsoft Office User",
"/Creator": "Microsoft® Word 2021",
"/CreationDate": "D:20230811080451+01'00'",
"/ModDate": "D:20230811080451+01'00'",
"/Producer": "Microsoft® Word 2021",
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"http://www.commoncriteriaportal.org/",
"https://nscib.nl/",
"https://trustcb.com/common-criteria/nscib/",
"https://www.sogis.eu/",
"mailto:nscib@trustcb.com"
]
}
},
"st_metadata": {
"pdf_file_size_bytes": 1570952,
"pdf_is_encrypted": false,
"pdf_number_of_pages": 84,
"/MSIP_Label_e463cba9-5f6c-478d-9329-7b2295e4e8ed_Enabled": "true",
"/MSIP_Label_e463cba9-5f6c-478d-9329-7b2295e4e8ed_SetDate": "2023-08-08T11:35:26Z",
"/MSIP_Label_e463cba9-5f6c-478d-9329-7b2295e4e8ed_Method": "Standard",
"/MSIP_Label_e463cba9-5f6c-478d-9329-7b2295e4e8ed_Name": "All Employees_2",
"/MSIP_Label_e463cba9-5f6c-478d-9329-7b2295e4e8ed_SiteId": "33440fc6-b7c7-412c-bb73-0e70b0198d5a",
"/MSIP_Label_e463cba9-5f6c-478d-9329-7b2295e4e8ed_ActionId": "71f5ac0b-3117-4bc8-b525-daf0fa4f949f",
"/MSIP_Label_e463cba9-5f6c-478d-9329-7b2295e4e8ed_ContentBits": "0",
"/Title": "Security Target ePasslet/ePKI-SSCD",
"/Author": "bdrisch",
"/Keywords": "SSCD, ePasslet Suite, electronic Signature",
"/Creator": "Microsoft® Word für Microsoft 365",
"/CreationDate": "D:20230830104320+02'00'",
"/ModDate": "D:20230830104320+02'00'",
"/Producer": "Microsoft® Word für Microsoft 365",
"pdf_hyperlinks": {
"_type": "Set",
"elements": []
}
},
"report_frontpage": {
"anssi": {},
"bsi": {},
"nscib": {
"cert_id": "NSCIB-CC-2200053-01-CR",
"cert_item": "NXP eDoc Suite v4.0 on JCOP4.5 P71 - cryptovision ePasslet Suite – Java Card applet configuration providing Secure Signature Creation Device with Key generation (SSCD",
"developer": "cv cryptovision GmbH",
"cert_lab": " SGS Brightsight B.V."
},
"niap": {},
"canada": {}
},
"st_frontpage": {
"anssi": {},
"bsi": {},
"nscib": {},
"niap": {},
"canada": {}
},
"report_keywords": {
"cc_cert_id": {
"DE": {
"BSI-DSZ-CC-1149-2022": 2
},
"NL": {
"NSCIB-CC-2200053-01-CR": 12,
"NSCIB-CC-0313985-CR": 3
}
},
"cc_protection_profile_id": {
"BSI": {
"BSI-CC-PP-0059-2009-MA-02": 1
}
},
"cc_security_level": {
"EAL": {
"EAL4": 1,
"EAL5": 1,
"EAL5+": 1,
"EAL 5": 1,
"EAL5 augmented": 1,
"EAL 5 augmented": 1
}
},
"cc_sar": {
"ADV": {
"ADV_IMP": 1
},
"AGD": {
"AGD_PRE": 1,
"AGD_OPE": 1
},
"ALC": {
"ALC_DVS.2": 2
},
"AVA": {
"AVA_VAN.5": 1
}
},
"cc_sfr": {},
"cc_claims": {},
"vendor": {
"NXP": {
"NXP": 23,
"NXP Semiconductors": 5
}
},
"eval_facility": {
"SGS": {
"SGS": 2,
"SGS Brightsight": 2
},
"BrightSight": {
"Brightsight": 2
}
},
"symmetric_crypto": {},
"asymmetric_crypto": {},
"pq_crypto": {},
"hash_function": {},
"crypto_scheme": {},
"crypto_protocol": {
"PACE": {
"PACE": 3
}
},
"randomness": {},
"cipher_mode": {},
"ecc_curve": {},
"crypto_engine": {},
"tls_cipher_suite": {},
"crypto_library": {},
"vulnerability": {},
"side_channel_analysis": {
"other": {
"JIL": 2,
"JIL-AAPS": 1,
"JIL-AM": 1
}
},
"technical_report_id": {},
"device_model": {},
"tee_name": {},
"os_name": {
"JCOP": {
"JCOP4": 18,
"JCOP 4": 4
}
},
"cplc_data": {},
"ic_data_group": {},
"standard_id": {
"ICAO": {
"ICAO": 2
}
},
"javacard_version": {},
"javacard_api_const": {},
"javacard_packages": {},
"certification_process": {}
},
"st_keywords": {
"cc_cert_id": {
"NL": {
"NSCIB-CC-0313985": 2,
"NSCIB-CC-0313985-CR": 3
}
},
"cc_protection_profile_id": {
"BSI": {
"BSI-CC-PP-0059-2009-MA-02": 3,
"BSI-CC-PP-0059-": 1,
"BSI-CC-PP-0099-2017": 1,
"BSI-PP-0006-2002T": 1,
"BSI-CC-PP-0084-": 1
}
},
"cc_security_level": {
"EAL": {
"EAL 5+": 1,
"EAL 6+": 2,
"EAL5": 4,
"EAL 5": 2,
"EAL4": 1,
"EAL5 augmented": 3,
"EAL4 augmented": 1,
"EAL 5 augmented": 1
}
},
"cc_sar": {
"ADV": {
"ADV_ARC.1": 3,
"ADV_FSP.5": 1,
"ADV_IMP.1": 2,
"ADV_TDS.4": 1,
"ADV_INT.2": 1,
"ADV_FSP.4": 1,
"ADV_TDS.3": 1
},
"AGD": {
"AGD_PRE": 7,
"AGD_OPE": 2,
"AGD_OPE.1": 2,
"AGD_PRE.1": 2
},
"ALC": {
"ALC_DVS.2": 7,
"ALC_CMC.4": 1,
"ALC_CMS.5": 1,
"ALC_DEL.1": 1,
"ALC_LCD.1": 1,
"ALC_TAT.2": 1
},
"ATE": {
"ATE_COV.2": 1,
"ATE_DPT.3": 1,
"ATE_FUN.1": 1,
"ATE_IND.2": 1,
"ATE_DPT.1": 1
},
"AVA": {
"AVA_VAN.5": 8
},
"ASE": {
"ASE_CCL.1": 1,
"ASE_ECD.1": 1,
"ASE_INT.1": 1,
"ASE_OBJ.2": 1,
"ASE_REQ.2": 1,
"ASE_SPD.1": 1,
"ASE_TSS.1": 1
}
},
"cc_sfr": {
"FAU": {
"FAU_ARP.1": 1,
"FAU_SAS.1": 1,
"FAU_GEN": 1
},
"FCO": {
"FCO_NRO.2": 1
},
"FCS": {
"FCS_RND": 8,
"FCS_COP": 19,
"FCS_RND.1": 11,
"FCS_CKM.1": 21,
"FCS_CKM.1.1": 5,
"FCS_CKM.2": 3,
"FCS_CKM.3": 1,
"FCS_CKM.4": 15,
"FCS_CKM.4.1": 5,
"FCS_COP.1": 7,
"FCS_COP.1.1": 21,
"FCS_RNG.1": 2,
"FCS_RND.1.1": 2,
"FCS_CKM": 1
},
"FDP": {
"FDP_ACC.2": 4,
"FDP_ACF.1": 47,
"FDP_IFC.1": 10,
"FDP_IFF.1": 5,
"FDP_RIP.1": 15,
"FDP_ROL.1": 2,
"FDP_SDI.2": 14,
"FDP_SDI": 15,
"FDP_UIT.1": 1,
"FDP_ITC.2": 7,
"FDP_ACC.1": 24,
"FDP_IFC.2": 3,
"FDP_ITC.1": 6,
"FDP_ACC": 26,
"FDP_ACF": 17,
"FDP_RIP.1.1": 2,
"FDP_SDI.1": 2,
"FDP_ITC": 1
},
"FIA": {
"FIA_ATD.1": 2,
"FIA_UID.2": 1,
"FIA_USB.1": 2,
"FIA_UID.1": 17,
"FIA_UAU.1": 10,
"FIA_UAU.4": 2,
"FIA_AFL.1": 9,
"FIA_UID.1.1": 3,
"FIA_UID.1.2": 3,
"FIA_UAU.1.1": 4,
"FIA_UAU.1.2": 3,
"FIA_AFL.1.1": 3,
"FIA_AFL.1.2": 3
},
"FMT": {
"FMT_MSA.1": 17,
"FMT_MSA.2": 7,
"FMT_MSA.3": 26,
"FMT_SMF.1": 30,
"FMT_SMR.1": 31,
"FMT_MTD.1": 7,
"FMT_MTD.3": 1,
"FMT_SMR.1.1": 4,
"FMT_SMR.1.2": 3,
"FMT_SMF.1.1": 2,
"FMT_MOF.1": 6,
"FMT_MOF.1.1": 2,
"FMT_MSA": 13,
"FMT_MSA.2.1": 2,
"FMT_MSA.3.1": 2,
"FMT_MSA.3.2": 2,
"FMT_MSA.4": 8,
"FMT_MSA.4.1": 3,
"FMT_MTD": 13
},
"FPR": {
"FPR_UNO.1": 1
},
"FPT": {
"FPT_EMS": 8,
"FPT_FLS.1": 19,
"FPT_PHP.3": 11,
"FPT_EMS.1": 11,
"FPT_TDC.1": 1,
"FPT_RCV.3": 1,
"FPT_EMS.1.1": 5,
"FPT_EMS.1.2": 4,
"FPT_TST.1": 14,
"FPT_FLS.1.1": 2,
"FPT_TST": 2,
"FPT_PHP.1": 6,
"FPT_PHP.1.1": 3,
"FPT_PHP.1.2": 3,
"FPT_PHP.3.1": 3,
"FPT_TST.1.1": 2,
"FPT_TST.1.2": 2,
"FPT_TST.1.3": 2
},
"FTP": {
"FTP_ITC.1": 1
}
},
"cc_claims": {
"O": {
"O.RBGS": 1
},
"T": {
"T.CONFID-APPLI-DATA": 1,
"T.CONFID-JCS-CODE": 1,
"T.CONFID-JCS-DATA": 1,
"T.INTEG-APPLI-CODE": 2,
"T.INTEG-APPLI-DATA": 2,
"T.INTEG-JCS-CODE": 1,
"T.INTEG-JCS-DATA": 1,
"T.SID": 2,
"T.EXE-CODE": 2,
"T.NATIVE": 1,
"T.MODULE_EXEC": 1,
"T.RESOURCES": 1,
"T.UNAUTHORIZED_CARD_MNGT": 1,
"T.COM_EXPLOIT": 1,
"T.LIFE_CYCLE": 1,
"T.OBJ-DELETION": 1,
"T.PHYSICAL": 1,
"T.OS_OPERATE": 1,
"T.CONFIG": 1,
"T.SEC_BOX_BORDER": 1,
"T.MODULE_REPLACEMENT": 1,
"T.CONFID-UPDATE-IMAGE": 1,
"T.INTEG-UPDATE-IMAGE": 1,
"T.UNAUTH-UPDATE-IMAGE": 1,
"T.INTERRUPT_OSU": 1
},
"A": {
"A.APPLET": 1,
"A.VERIFICATION": 1,
"A.USE_DIAG": 1,
"A.USE_KEYS": 1,
"A.PROCESS-SEC-IC": 1,
"A.APPS-PROVIDER": 1,
"A.VERIFICATION-AUTHORITY": 1,
"A.CGA": 2,
"A.SCA": 2
},
"OT": {
"OT.SID": 1,
"OT.SID_MODULE": 1,
"OT.FIREWALL": 1,
"OT.GLOBAL_ARRAYS_CONFID": 1,
"OT.GLOBAL_ARRAYS_INTEG": 1,
"OT.NATIVE": 1,
"OT.OPERATE": 1,
"OT.REALLOCATION": 1,
"OT.RESOURCES": 1,
"OT.SENSITIVE_RESULTS_INTEG": 1,
"OT.ALARM": 1,
"OT.CIPHER": 1,
"OT.RND": 1,
"OT.KEY-MNGT": 1,
"OT.PIN-MNGT": 1,
"OT.BIO-MNGT": 1,
"OT.TRANSACTION": 1,
"OT.OBJ-DELETION": 1,
"OT.APPLI-AUTH": 1,
"OT.DOMAIN-RIGHTS": 1,
"OT.COMM_AUTH": 1,
"OT.COMM_INTEGRITY": 1,
"OT.COMM_CONFIDENTIALITY": 1,
"OT.CARD-MANAGEMENT": 1,
"OT.SCP": 3,
"OT.IDENTIFICATION": 1,
"OT.SEC_BOX_FW": 1,
"OT.CARD-CONFIGURATION": 1,
"OT.CONFID-UPDATE-IMAGE": 1,
"OT.AUTH-LOAD-UPDATE-IMAGE": 1,
"OT.SECURE_LOAD_ACODE": 1,
"OT.SECURE_ACTIVATION_ADDITIONAL_CODE": 1,
"OT.TOE_IDENTIFICATION": 1
},
"OE": {
"OE.VERIFICATION": 1,
"OE.CODE-EVIDENCE": 1,
"OE.APPS-PROVIDER": 1,
"OE.VERIFICATION-AUTHORITY": 1,
"OE.KEY-CHANGE": 1,
"OE.SECURITY-DOMAINS": 1,
"OE.USE_DIAG": 1,
"OE.USE_KEYS": 1,
"OE.PROCESS_SEC_IC": 1,
"OE.CONFID-UPDATE-IMAGE": 1,
"OE.HID_VAD": 3
}
},
"vendor": {
"NXP": {
"NXP": 43,
"NXP Semiconductors": 3
}
},
"eval_facility": {},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 11
}
},
"DES": {
"3DES": {
"TripleDES": 1
}
}
},
"asymmetric_crypto": {
"ECC": {
"ECDSA": {
"ECDSA": 6
},
"ECC": {
"ECC": 5
}
}
},
"pq_crypto": {},
"hash_function": {
"SHA": {
"SHA2": {
"SHA-224": 2,
"SHA-256": 2,
"SHA-384": 2,
"SHA-512": 2
}
}
},
"crypto_scheme": {
"MAC": {
"MAC": 1
}
},
"crypto_protocol": {
"PACE": {
"PACE": 20
}
},
"randomness": {
"RNG": {
"RNG": 7,
"RND": 1
}
},
"cipher_mode": {
"CCM": {
"CCM": 4
}
},
"ecc_curve": {},
"crypto_engine": {},
"tls_cipher_suite": {},
"crypto_library": {},
"vulnerability": {},
"side_channel_analysis": {
"SCA": {
"physical probing": 1,
"SPA": 2,
"DPA": 2,
"timing attacks": 2
},
"FI": {
"physical tampering": 11,
"malfunction": 1,
"DFA": 1,
"fault injection": 1
}
},
"technical_report_id": {},
"device_model": {},
"tee_name": {},
"os_name": {
"JCOP": {
"JCOP4": 121,
"JCOP 4": 7
}
},
"cplc_data": {},
"ic_data_group": {},
"standard_id": {
"FIPS": {
"FIPS180-4": 2,
"FIPS197": 2,
"FIPS186-3": 1,
"FIPS PUB 186-3": 1
},
"PKCS": {
"PKCS#15": 4,
"PKCS1": 2
},
"BSI": {
"AIS20": 7,
"AIS 20": 1
},
"ISO": {
"ISO/IEC 7816-4": 1
},
"ICAO": {
"ICAO": 7
},
"X509": {
"X.509": 1
},
"CC": {
"CCMB-2017-04-001": 2,
"CCMB-2017-04-002": 2,
"CCMB-2017-04-003": 2,
"CCMB-2017-04-004": 2
}
},
"javacard_version": {},
"javacard_api_const": {},
"javacard_packages": {},
"certification_process": {
"OutOfScope": {
"out of scope": 1,
"Out of scope": 154,
" While D.Sig provides the TOE’s functionality claimed by this security target, the PKCS#15 part is out of scope of the certification": 1,
"chapter 7.2.1.1 in platform ST) FDP_ACC.2[FIREWALL] No correspondence Out of scope (internal Java Card Fire- wall": 1,
"internal Java Virtual Machine). No contradiction to this ST. FDP_IFF.1[JCVM] No correspondence Out of scope (internal Java Virtual Machine": 1,
"internal Java Card Fire- wall). No contradiction to this ST. FMT_MSA.1[JCRE] No correspondence Out of scope (internal Java Card Fire- wall": 1,
" No contradiction to this ST. FMT_MSA.2[FIREWALL-JCVM] No correspondence Out of scope (internal Java Card Fire- wall": 1,
"internal Java Card Fire- wall). No contradiction to this ST. FMT_SMF.1 No correspondence Out of scope (internal Java Card Fire- wall": 1,
"internal Java Card func- tionality). No contradiction to this ST. FDP_RIP.1[APDU] No correspondence. Out of scope (internal Java Card func- tionality": 1,
" No contradiction to this ST. FDP_RIP.1[bArray] No correspondence. Out of scope (internal Java Card func- tionality": 1,
" No contradiction to this ST. FDP_RIP.1[TRANSIENT] No correspondence. Out of scope (internal Java Card func- tionality": 1,
"chapter 7.2.1.4 in platform ST) FIA_ATD.1[AID] No correspondence. Out of scope (internal Java Card func- tionality": 1,
"internal Java Card func- tionality). No contradiction to this ST. FIA_USB.1[AID] No correspondence Out of scope (internal Java Card func- tionality": 1,
"internal Java Card func- tionality). No contradiction to this ST. FMT_MTD.3[JCRE] No correspondence Out of scope (internal Java Card func- tionality": 1,
" No contradiction to this ST. FPT_FLS.1[INSTALLER] No correspondence Out of scope (internal Java Card func- tionality": 1,
"ADEL) policy on security aspects outside the runtime. FDP_ACC.2[ADEL] No correspondence Out of scope (internal Java Card func- tionality": 1,
"internal Java Card func- tionality). No contradiction to this ST. FDP_RIP.1[ADEL] No correspondence Out of scope (internal Java Card func- tionality": 1,
"internal Java Card func- tionality). No contradiction to this ST. FMT_MSA.3[ADEL] No correspondence Out of scope (internal Java Card func- tionality": 1,
"internal Java Card func- tionality). No contradiction to this ST. FMT_SMR.1[ADEL] No correspondence Out of scope (internal Java Card func- tionality": 1,
"internal Java Card func- tionality). No contradiction to this ST. FDP_ROL.1[CCM] No correspondence Out of scope (internal Java Card func- tionality": 1,
"internal Java Card func- tionality). No contradiction to this ST. FPT_FLS.1[CCM] No correspondence Out of scope (internal Java Card func- tionality": 1,
"internal Java Card func- tionality). No contradiction to this ST. FDP_ACF.1[SD] No correspondence Out of scope (internal Java Card func- tionality": 1,
"internal Java Card func- tionality). No contradiction to this ST. FMT_SMF.1[SD] No correspondence Out of scope (internal Java Card func- tionality": 1,
"internal Java Card func- tionality). No contradiction to this ST. FCO_NRO.2[SC] No correspondence Out of scope (internal Java Card func- tionality": 1,
"internal Java Card func- tionality). No contradiction to this ST. FDP_IFF.1[SC] No correspondence Out of scope (internal Java Card func- tionality": 1,
"internal Java Card func- tionality). No contradiction to this ST. FMT_MSA.3[SC] No correspondence Out of scope (internal Java Card func- tionality": 1,
"internal Java Card func- tionality). No contradiction to this ST. FIA_UID.1[SC] No correspondence Out of scope (internal Java Card func- tionality": 1,
"internal Java Card func- tionality). No contradiction to this ST. FIA_UAU.4[SC] No correspondence Out of scope (internal Java Card func- tionality": 1,
"CFG). Out of scope (internal Java Card functionality": 3,
"CFG). Out of scope (internal Java Card function- ality": 1,
"CFG). Out of scope (internal Java Card func- tionality": 1,
"CFG). Out of scope (in- ternal Java Card functionality": 1,
"CFG). Out of scope (internal Java Card functional- ity": 1,
"chapter 7.2.8 in platform ST) FDP_ACC.2[SecureBox] No correspondence Out of scope (internal Java Card func- tionality": 1,
" No contradiction to this ST. FMT_MSA.1[SecureBox] No correspondence Out of scope (internal Java Card func- tionality": 1,
"chapter 7.2.9 in platform ST) FDP_IFC.1[MODULAR-DESIGN] No correspondence Out of scope (internal Java Card func- tionality": 1,
" No contradiction to this ST. FIA_ATD.1[MODULAR-DESIGN] No correspondence Out of scope (internal Java Card func- tionality": 1,
" No contradiction to this ST. FMT_MSA.1[MODULAR-DESIGN] No correspondence Out of scope (internal Java Card func- tionality": 1,
" No contradiction to this ST. FMT_SMF.1[MODULAR-DESIGN] No correspondence Out of scope (internal Java Card func- tionality": 1,
" No contradiction to this ST. FPT_FLS.1[MODULAR-DESIGN] No correspondence Out of scope (internal Java Card func- tionality": 1,
"chapter 7.2.10 in platform ST) FDP_ACC.2[MDEL] No correspondence Out of scope (Modularity of plat- form": 1,
"Modularity of plat- form). No contradiction to this ST. FMT_MSA.1[MDEL] No correspondence Out of scope (Modularity of plat- form": 1,
"Modularity of plat- form). No contradiction to this ST. FMT_SMF.1[MDEL] No correspondence Out of scope (Modularity of plat- form": 1,
"Modularity of plat- form). No contradiction to this ST. FPT_FLS.1[MDEL] No correspondence Out of scope (Modularity of plat- form": 1,
"chapter 7.2.11 in platform ST) FDP_IFC.2[OSU] No correspondence Out of scope (Update Mechanism": 1,
"Update Mechanism). No contradiction to this ST. FIA_UAU.1[OSU] No correspondence Out of scope (Update Mechanism": 1,
"Update Mechanism). No contradiction to this ST. FIA_UID.1[OSU] No correspondence Out of scope (Update Mechanism": 1,
"Update Mechanism). No contradiction to this ST. FMT_MSA.3[OSU] No correspondence Out of scope (Update Mechanism": 1,
"Update Mechanism). No contradiction to this ST. FMT_SMR.1[OSU] No correspondence Out of scope (Update Mechanism": 1,
"chapter 7.1.12 in platform ST) FAU_SAS.1[SCP] No correspondence Out of scope (internal Java Card func- tionality": 1,
" While D.Sig provides the TOE’s functionality claimed by this security target, the PKCS#15 part is out of scope of the certification. 1.4.3 TOE delivery and identification The delivery comprises the following": 1,
"platform ST) Firewall Policy (chapter 7.2.1.1 in platform ST) FDP_ACC.2[FIREWALL] No correspondence Out of scope (internal Java Card Fire- wall). The resulting requirements for applets are reflected in the User": 1,
"of the TOE. No contradiction to this ST. FDP_ACF.1[FIREWALL] No correspondence Out of scope (internal Java Card Fire- wall). The resulting requirements for applets are reflected in the User": 1,
"of the TOE. No contradiction to this ST. FDP_IFC.1[JCVM] No correspondence Out of scope (internal Java Virtual Machine). No contradiction to this ST. FDP_IFF.1[JCVM] No correspondence Out": 1,
"internal Java Virtual Machine). No contradiction to this ST. FDP_RIP.1[OBJECTS] No correspondence. Out of scope (internal Java Card Fire- wall). No contradiction to this ST. FMT_MSA.1[JCRE] No correspondence Out": 1,
"internal Java Card Fire- wall). No contradiction to this ST. FMT_MSA.1[JCVM] No correspondence Out of scope (internal Java Card Fire- wall). No contradiction to this ST. FMT_MSA.2[FIREWALL-JCVM] No": 1,
"Out of scope (internal Java Card Fire- wall). The resulting requirements for NXP eDoc Suite v4.0 on JCOP4.5 P71": 1,
"in the User Guidance of the TOE. No contradiction to this ST. FMT_MSA.3[FIREWALL] No correspondence Out of scope (internal Java Card Fire- wall). The resulting requirements for applets are reflected in the User": 1,
"of the TOE. No contradiction to this ST. FMT_MSA.3[JCVM] No correspondence Out of scope (internal Java Card Fire- wall). No contradiction to this ST. FMT_SMF.1 No correspondence Out of": 1,
"internal Java Card Fire- wall). No contradiction to this ST. FMT_SMR.1 No correspondence Out of scope (internal Java Card Fire- wall). No contradiction to this ST. Application Programming Interface": 1,
"requirement in this ST is equiva- lent to parts of the platform ST. FCS_CKM.2 No correspondence. Out of scope. No contradiction to this ST. FCS_CKM.3 No correspondence. Out of scope. No contradiction to this": 1,
"random number generator. No contradiction to this ST. FDP_RIP.1[ABORT] No correspondence. Out of scope (internal Java Card func- tionality). No contradiction to this ST. FDP_RIP.1[APDU] No": 1,
"Out of scope (internal Java Card func- tionality). No contradiction to this ST. FDP_RIP.1[GlobalArray_Refined": 1,
"correspondence. Out of scope (internal Java Card func- tionality). No contradiction to this ST. FDP_RIP.1[bArray] No": 1,
"Out of scope (internal Java Card func- tionality). No contradiction to this ST. FDP_RIP.1[KEYS] No": 1,
"Out of scope (internal Java Card func- tionality). No contradiction to this ST. FDP_RIP.1[TRANSIENT] No": 1,
"Out of scope (internal Java Card func- tionality). No contradiction to this ST. FDP_ROL.1[FIREWALL] No": 1,
"Out of scope (internal Java Card Fire- wall). The resulting requirements for applets are reflected in the User": 1,
"complement Java Card OS mechanisms. No contradiction to this ST. FPT_TDC.1 No correspondence Out of scope (internal Java Card func- tionality). No contradiction to this ST. AID Management (chapter 7.2.1.4": 1,
"platform ST) FIA_ATD.1[AID] No correspondence. Out of scope (internal Java Card func- tionality). No contradiction to this ST. FIA_UID.2[AID] No correspondence": 1,
"internal Java Card func- tionality). No contradiction to this ST. FIA_USB.1[AID] No correspondence Out of scope (internal Java Card func- tionality). No contradiction to this ST. FMT_MTD.1[JCRE] No": 1,
"Out of scope (internal Java Card func- tionality). No contradiction to this ST. FMT_MTD.3[JCRE] No": 1,
"Out of scope (internal Java Card func- tionality). No contradiction to this ST. NXP eDoc Suite v4.0 on JCOP4.5": 3,
"which addresses security aspects outside the runtime. FMT_SMR.1[INSTALLER] No correspondence Out of scope (internal Java Card func- tionality). No contradiction to this ST. FPT_FLS.1[INSTALLER] No": 1,
"Out of scope (internal Java Card func- tionality). No contradiction to this ST. FPT_RCV.3[INSTALLER] No": 1,
"Out of scope (internal Java Card func- tionality). No contradiction to this ST. ADELG Security Functional": 1,
"manager (ADEL) policy on security aspects outside the runtime. FDP_ACC.2[ADEL] No correspondence Out of scope (internal Java Card func- tionality). No contradiction to this ST. FDP_ACF.1[ADEL] No": 1,
"Out of scope (internal Java Card func- tionality). No contradiction to this ST. FDP_RIP.1[ADEL] No": 1,
"Out of scope (internal Java Card func- tionality). No contradiction to this ST. FMT_MSA.1[ADEL] No": 1,
"Out of scope (internal Java Card func- tionality). No contradiction to this ST. FMT_MSA.3[ADEL] No": 1,
"Out of scope (internal Java Card func- tionality). No contradiction to this ST. FMT_SMF.1[ADEL] No": 1,
"Out of scope (internal Java Card func- tionality). No contradiction to this ST. FMT_SMR.1[ADEL] No": 1,
"Out of scope (internal Java Card func- tionality). No contradiction to this ST. FPT_FLS.1[ADEL] No": 1,
"that owns the deleted objects by invoking a specific API method. FDP_RIP.1[ODEL] No correspondence Out of scope (internal Java Card func- tionality). No contradiction to this ST. FPT_FLS.1[ODEL] FPT_FLS.1 The": 1,
"verified, or that has been modified after bytecode verification. FDP_UIT.1[CCM] No correspondence Out of scope (internal Java Card func- tionality). No contradiction to this ST. FDP_ROL.1[CCM] No correspondence": 1,
"internal Java Card func- tionality). No contradiction to this ST. FDP_ITC.2[CCM] No correspondence Out of scope (internal Java Card func- tionality). No contradiction to this ST. FPT_FLS.1[CCM] No correspondence": 1,
"internal Java Card func- tionality). No contradiction to this ST. FDP_ACC.1[SD] No correspondence Out of scope (internal Java Card func- tionality). No contradiction to this ST. FDP_ACF.1[SD] No correspondence": 1,
"internal Java Card func- tionality). No contradiction to this ST. FMT_MSA.1[SD] No correspondence Out of scope (internal Java Card func- tionality). No contradiction to this ST. NXP eDoc Suite v4.0 on JCOP4.5": 1,
"24 of 84 Platform SFR Correspondence in this ST References/Remarks FMT_MSA.3[SD] No correspondence Out of scope (internal Java Card func- tionality). No contradiction to this ST. FMT_SMF.1[SD] No correspondence": 1,
"internal Java Card func- tionality). No contradiction to this ST. FMT_SMR.1[SD] No correspondence Out of scope (internal Java Card func- tionality). No contradiction to this ST. FCO_NRO.2[SC] No correspondence": 1,
"internal Java Card func- tionality). No contradiction to this ST. FDP_IFC.2[SC] No correspondence Out of scope (internal Java Card func- tionality). No contradiction to this ST. FDP_IFF.1[SC] No correspondence": 1,
"internal Java Card func- tionality). No contradiction to this ST. FMT_MSA.1[SC] No correspondence Out of scope (internal Java Card func- tionality). No contradiction to this ST. FMT_MSA.3[SC] No correspondence": 1,
"internal Java Card func- tionality). No contradiction to this ST. FMT_SMF.1[SC] No correspondence Out of scope (internal Java Card func- tionality). No contradiction to this ST. FIA_UID.1[SC] No correspondence": 1,
"internal Java Card func- tionality). No contradiction to this ST. FIA_UAU.1[SC] No correspondence Out of scope (internal Java Card func- tionality). No contradiction to this ST. FIA_UAU.4[SC] No correspondence": 1,
"internal Java Card func- tionality). No contradiction to this ST. FTP_ITC.1[SC] No correspondence Out of scope (internal Java Card func- tionality). No contradiction to this ST. NXP eDoc Suite v4.0 on JCOP4.5": 1,
"7.2.7 in platform ST) FDP_IFC.2[CFG] No correspondence Complete information flow control (CFG). Out of scope (internal Java Card functionality). No contradiction to this ST. FDP_IFF.1[CFG] No correspondence": 1,
"security attributes (CFG). Out of scope (internal Java Card function- ality). No contradiction to this ST. FMT_MSA.1[CFG] No correspondence": 1,
"of security attributes (CFG). Out of scope (internal Java Card functionality). No contradiction to this ST. FMT_MSA.3[CFG] No correspondence": 1,
"attribute initialisation (CFG). Out of scope (internal Java Card func- tionality). No contradiction to this ST. FMT_SMR.1[CFG] No correspondence": 1,
"roles (CFG). Out of scope (in- ternal Java Card functionality). No contradiction to this ST. FMT_SMF.1[CFG] No correspondence": 1,
"of management Func- tions (CFG). Out of scope (internal Java Card functionality). No contradiction to this ST. FIA_UID.1[CFG] No correspondence": 1,
"of identification (CFG). Out of scope (internal Java Card functional- ity). No contradiction to this ST. SecBox Security Functional": 1,
"chapter 7.2.8 in platform ST) FDP_ACC.2[SecureBox] No correspondence Out of scope (internal Java Card func- tionality). No contradiction to this ST. FDP_ACF.1[SecureBox] No": 1,
"Out of scope (internal Java Card func- tionality). No contradiction to this ST. FMT_MSA.1[SecureBox] No": 1,
"Out of scope (internal Java Card func- tionality). No contradiction to this ST. FMT_MSA.3[SecureBox] No": 1,
"84 Platform SFR Correspondence in this ST References/Remarks FMT_SMF.1[SecureBox] No correspondence Out of scope (internal Java Card func- tionality). No contradiction to this ST. ModDesG Security Functional": 1,
"chapter 7.2.9 in platform ST) FDP_IFC.1[MODULAR-DESIGN] No correspondence Out of scope (internal Java Card func- tionality). No contradiction to this ST. FDP_IFF.1[MODULAR-DESIGN] No": 1,
"Out of scope (internal Java Card func- tionality). No contradiction to this ST. FIA_ATD.1[MODULAR-DESIGN] No": 1,
"Out of scope (internal Java Card func- tionality). No contradiction to this ST. FIA_USB.1[MODULAR-DESIGN] No": 1,
"Out of scope (internal Java Card func- tionality). No contradiction to this ST. FMT_MSA.1[MODULAR-DESIGN] No": 1,
"Out of scope (internal Java Card func- tionality). No contradiction to this ST. FMT_MSA.3[MODULAR-DESIGN] No": 1,
"Out of scope (internal Java Card func- tionality). No contradiction to this ST. FMT_SMF.1[MODULAR-DESIGN] No": 1,
"Out of scope (internal Java Card func- tionality). No contradiction to this ST. FMT_SMR.1[MODULAR-DESIGN] No": 1,
"Out of scope (internal Java Card func- tionality). No contradiction to this ST. FPT_FLS.1[MODULAR-DESIGN] No": 1,
"Out of scope (internal Java Card func- tionality). No contradiction to this ST. FIA_UID.1[MODULAR-DESIGN] No": 1,
"Out of scope (internal Java Card func- tionality). No contradiction to this ST. Module Deletion Security": 1,
"Requirements (chapter 7.2.10 in platform ST) FDP_ACC.2[MDEL] No correspondence Out of scope (Modularity of plat- form). No contradiction to this ST. FDP_ACF.1[MDEL] No correspondence Out of": 1,
"in this ST References/Remarks No contradiction to this ST. FDP_RIP.1[MDEL] No correspondence Out of scope (Modularity of plat- form). No contradiction to this ST. FMT_MSA.1[MDEL] No correspondence Out of": 1,
"Modularity of plat- form). No contradiction to this ST. FMT_MSA.3[MDEL] No correspondence Out of scope (Modularity of plat- form). No contradiction to this ST. FMT_SMF.1[MDEL] No correspondence Out of": 1,
"Modularity of plat- form). No contradiction to this ST. FMT_SMR.1[MDEL] No correspondence Out of scope (Modularity of plat- form). No contradiction to this ST. FPT_FLS.1[MDEL] No correspondence Out of": 1,
"Security Functional Requirements (chapter 7.2.11 in platform ST) FDP_IFC.2[OSU] No correspondence Out of scope (Update Mechanism). No contradiction to this ST. FDP_IFF.1[OSU] No correspondence Out of scope": 1,
"Mechanism). No contradiction to this ST. FIA_UAU.1[OSU] No correspondence Out of scope (Update Mechanism). No contradiction to this ST. FIA_UAU.4[OSU] No correspondence Out of scope": 1,
"Mechanism). No contradiction to this ST. FIA_UID.1[OSU] No correspondence Out of scope (Update Mechanism). No contradiction to this ST. FMT_MSA.1 [OSU] No correspondence Out of scope": 1,
"Mechanism). No contradiction to this ST. FMT_MSA.3[OSU] No correspondence Out of scope (Update Mechanism). No contradiction to this ST. FMT_SMF.1[OSU] No correspondence Out of scope": 1,
"Mechanism). No contradiction to this ST. FMT_SMR.1[OSU] No correspondence Out of scope (Update Mechanism). No contradiction to this ST. FPT_FLS.1[OSU] No correspondence Out of scope": 1,
"Security Functional Requirements (chapter 7.1.12 in platform ST) FAU_SAS.1[SCP] No correspondence Out of scope (internal Java Card func- tionality). No contradiction to this ST. FIA_AFL.1[PIN] FIA_AFL.1": 1,
"Platform Objective Correspondence in this ST References/Remarks OT.SID No correspondence Out of scope. No contra- diction to this ST. OT.SID_MODULE No correspondence Out of scope. No contradiction to": 1,
"ST. OT.FIREWALL No correspondence Out of scope. No contra- diction to this ST. OT.GLOBAL_ARRAYS_CONFID OT.SCD_Secrecy No contradiction to this ST": 1,
"GLOBAL_ARRAYS_INTEG OT.DTBS_Integrity_TOE No contradiction to this ST. OT.NATIVE No correspondence Out of scope. No contra- diction to this ST. NXP eDoc Suite v4.0 on JCOP4.5 P71 – SSCD with Key Generation": 1,
"of 84 Platform Objective Correspondence in this ST References/Remarks OT.OPERATE No correspondence Out of scope. No contra- diction to this ST. OT.REALLOCATION No correspondence Out of scope. No contra- diction": 1,
"this ST. OT.RESOURCES No correspondence Out of scope. No contra- diction to this ST. OT.SENSITIVE_RESULTS_INTEG No correspondence Indirectly relevant": 1,
"the platform leads to secrecy of SCD. No contra- diction to this ST. OT.PIN-MNGT No correspondence Out of scope. No contra- diction to this ST. OT.BIO-MNGT No correspondence Out of scope. No contra- diction to": 1,
"ST. OT.TRANSACTION No correspondence Out of scope. No contra- diction to this ST. OT.OBJ-DELETION No correspondence Out of scope. No contra- diction": 1,
"this ST. OT.APPLI-AUTH No correspondence Out of scope. No contradiction to this ST. OT.DOMAIN-RIGHTS No correspondence Out of scope. NXP eDoc Suite v4.0": 1,
"in this ST References/Remarks No contradiction to this ST. OT.COMM_AUTH No correspondence Out of scope. No contradiction to this ST. OT.COMM_INTEGRITY No correspondence Out of scope. No contradiction to": 1,
"ST. OT.COMM_CONFIDENTIALITY No correspondence Out of scope. No contradiction to this ST. OT.CARD-MANAGEMENT No correspondence Out of scope. No contra- diction": 1,
"this ST. OT.SCP.IC No correspondence Out of scope. No contradiction to this ST. OT.SCP.RECOVERY No correspondence Out of scope. No contradiction to": 1,
"ST. OT.SCP.SUPPORT No correspondence Out of scope. No contradiction to this ST. OT.IDENTIFICATION No correspondence Out of scope. No contradiction to": 1,
"ST. OT.SEC_BOX_FW No correspondence Out of scope. No contradiction to this ST. OT.CARD-CONFIGURATION No correspondence Out of scope. No": 1,
"to this ST. OT.CONFID-UPDATE-IMAGE.LOAD No correspondence Out of scope. No contradiction to this ST. OT.AUTH-LOAD-UPDATE-IMAGE No correspondence Out of scope. No": 1,
"to this ST. OT.SECURE_LOAD_ACODE No correspondence Out of scope. No contradiction to this ST. OT.SECURE_ACTIVATION_ADDITIONAL_CODE No correspondence Out of scope": 1,
"in this ST References/Remarks No contradiction to this ST. OT.TOE_IDENTIFICATION No correspondence Out of scope. No contradiction to this ST. Table 5: Assessment of the platform objectives. 2.2.4 Assessment of": 1,
"T.SCD_Divulg, T.SCD_Derive No contradiction to this ST. T.CONFID-JCS-CODE No correspondence Out of scope. No contradiction to this ST. T.CONFID-JCS-DATA No correspondence Out of scope. No contradiction to": 1,
"ST. T.INTEG-APPLI-CODE No correspondence Out of scope. No contradiction to this ST. T.INTEG-APPLI-CODE.LOAD No correspondence Out of scope. No": 1,
"DTBS_Forgery, T.Sig_Forgery No contradiction to this ST. T.INTEG-APPLI-DATA.LOAD No correspondence Out of scope. No contradiction to this ST. T.INTEG-JCS-CODE No correspondence Out of scope. No contradiction to": 1,
"ST. T.INTEG-JCS-DATA No correspondence Out of scope. No contradiction to this ST. T.SID.1 No correspondence Out of scope. No contradiction to this ST": 1,
"SID.2 No correspondence Out of scope. No contradiction to this ST. T.EXE-CODE.1 No correspondence Out of scope. No contradiction to this ST. T.EXE-CODE.2 No correspondence Out of scope. No contradiction to this": 1,
"T.NATIVE No correspondence Out of scope. No contradiction to this ST. T.MODULE_EXEC No correspondence Out of scope. No contradiction to": 1,
"32 of 84 Platform Threat Correspondence in this ST References/Remarks T.RESOURCES No correspondence Out of scope. No contradiction to this ST. T.UNAUTHORIZED_CARD_MNGT No correspondence Out of scope. No": 1,
"to this ST. T.COM_EXPLOIT No correspondence Out of scope. No contradiction to this ST. T.LIFE_CYCLE No correspondence Out of scope. No contradiction to this": 1,
"T.OBJ-DELETION No correspondence Out of scope. No contradiction to this ST. T.PHYSICAL T.Hack_Phys No contradiction to this ST. T.OS_OPERATE No": 1,
"Out of scope. No contradiction to this ST. T.CONFIG No correspondence Out of scope. No contradiction to this ST. T.SEC_BOX_BORDER No correspondence Out of scope. No contradiction to": 1,
"ST. T.MODULE_REPLACEMENT No correspondence Out of scope. No contradiction to this ST. T.CONFID-UPDATE-IMAGE.LOAD No correspondence Out of scope. No": 1,
"to this ST. T.INTEG-UPDATE-IMAGE.LOAD No correspondence Out of scope. No contradiction to this ST. T.UNAUTH-UPDATE-IMAGE.LOAD No correspondence Out of scope. No": 1,
"to this ST. T.INTERRUPT_OSU No correspondence Out of scope. No contradiction to this ST. Table 6: Threats of the platform ST. 2.2.5 Assessment of Platform": 1
}
}
},
"report_filename": "NSCIB-CC-2200053-01-CR.pdf",
"st_filename": "NSCIB-CC-2200053-01-ST_v14.pdf"
},
"heuristics": {
"_type": "sec_certs.sample.cc.CCCertificate.Heuristics",
"extracted_versions": {
"_type": "Set",
"elements": [
"4.0",
"4.5"
]
},
"cpe_matches": null,
"verified_cpe_matches": null,
"related_cves": null,
"cert_lab": [
""
],
"cert_id": "NSCIB-CC-2200053-01-CR",
"st_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"indirectly_referenced_by": null,
"directly_referencing": null,
"indirectly_referencing": null
},
"report_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"indirectly_referenced_by": null,
"directly_referencing": null,
"indirectly_referencing": null
},
"extracted_sars": {
"_type": "Set",
"elements": [
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ADV_ARC",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ADV_FSP",
"level": 5
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ADV_IMP",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ADV_INT",
"level": 2
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ADV_TDS",
"level": 4
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "AGD_OPE",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "AGD_PRE",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ALC_CMC",
"level": 4
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ALC_CMS",
"level": 5
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ALC_DEL",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ALC_DVS",
"level": 2
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ALC_LCD",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ALC_TAT",
"level": 2
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ASE_CCL",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ASE_ECD",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ASE_INT",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ASE_OBJ",
"level": 2
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ASE_REQ",
"level": 2
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ASE_SPD",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ASE_TSS",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ATE_COV",
"level": 2
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ATE_DPT",
"level": 3
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ATE_FUN",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ATE_IND",
"level": 2
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "AVA_VAN",
"level": 5
}
]
},
"direct_transitive_cves": null,
"indirect_transitive_cves": null,
"scheme_data": {
"manufacturer": "NXP Semiconductors Germany GmbH",
"product": "NXP eDoc Suite v3.5 on JCOP4 P71 - cryptovision ePasslet Suite – Java Card applet configuration providing Secure Signature Creation Device with Key generation (SSCD)",
"scheme": "elDAS",
"cert_id": "CC-20-0229286",
"manufacturer_link": "https://www.nxp.com",
"level": "EAL 5 augmented with ALC_DVS.2 and AVA_VAN.5",
"cert_link": "https://www.tuv-nederland.nl/assets/files/cerfiticaten/2020/12/certificate-eidas-20-0229286.pdf",
"report_link": "https://www.tuv-nederland.nl/assets/files/cerfiticaten/2020/12/nscib-cc-0229286-cr-sscdeidas.pdf",
"target_link": "https://www.tuv-nederland.nl/assets/files/cerfiticaten/2020/12/nscib-cc-0229286sscdkeygen-stv1.2-5feb1d88d5a32.pdf"
}
}
}Name and cert ID stayed. 🟰 Changed cert link which lead to ID mismatch.
Raw data (old){
"_type": "sec_certs.sample.cc.CCCertificate",
"dgst": "dafe75fdaa3920fe",
"status": "active",
"category": "Other Devices and Systems",
"name": "Hikvision Network Camera Series iDS-2CD7x version 1.0",
"manufacturer": "Hangzhou HIKVISION Digital Technology Co.",
"scheme": "SG",
"security_level": {
"_type": "Set",
"elements": [
"ALC_FLR.2",
"EAL2+"
]
},
"not_valid_before": "2023-02-14",
"not_valid_after": "2028-02-13",
"report_link": "https://www.commoncriteriaportal.org/files/epfiles/[CER]%20Hikvision%20Network%20Camera%20Series%20iDS-2CD7x%20Certificate%20Report%20v1.0.pdf",
"st_link": "https://www.commoncriteriaportal.org/files/epfiles/[ST]%20Hikvision%20Network%20Camera%20Series%20Series%20iDS-2CD7x%20Security%20Target%20V2.1.pdf",
"cert_link": "https://www.commoncriteriaportal.org/files/epfiles/[CER]%20Hikvision%20Network%20Camera%20Series%20iDS-2CD7x%20Certificate%20v1.pdf",
"manufacturer_web": "https://www.hikvision.com/en/",
"protection_profiles": {
"_type": "Set",
"elements": []
},
"maintenance_updates": {
"_type": "Set",
"elements": []
},
"state": {
"_type": "sec_certs.sample.cc.CCCertificate.InternalState",
"st_download_ok": true,
"report_download_ok": true,
"st_convert_garbage": false,
"report_convert_garbage": false,
"st_convert_ok": true,
"report_convert_ok": true,
"st_extract_ok": true,
"report_extract_ok": true,
"st_pdf_hash": "563a869342d1c8ab0cae9b53d5f3201dfc67253f30cc5441eaf3b251f1bc3e9f",
"report_pdf_hash": "2bae72adf9859e132f51451b118bd38bf3fb4aa194afe48e626ba6712f809e3a",
"st_txt_hash": "fd7e39929db2c6a66df0d08f988a2388a5d9e4a5c94755c4ebd8530e76f43562",
"report_txt_hash": "8e6c3fe4487b4b1ea037bc7c370e634e36e390c76e8dc0a6fc5dd21d28f97ef1"
},
"pdf_data": {
"_type": "sec_certs.sample.cc.CCCertificate.PdfData",
"report_metadata": {
"pdf_file_size_bytes": 935413,
"pdf_is_encrypted": false,
"pdf_number_of_pages": 19,
"/Author": "ChokWenLi",
"/CreationDate": "D:20230220173747+08'00'",
"/ModDate": "D:20230220173747+08'00'",
"/Producer": "Microsoft: Print To PDF",
"/Title": "Microsoft Word - [CER] Hikvision Network Camera Series iDS-2CD7x Certificate Report v1.0",
"pdf_hyperlinks": {
"_type": "Set",
"elements": []
}
},
"st_metadata": {
"pdf_file_size_bytes": 575737,
"pdf_is_encrypted": false,
"pdf_number_of_pages": 36,
"/Author": "Panagiotis Afratis",
"/Creator": "Microsoft® Word for Microsoft 365",
"/CreationDate": "D:20220715093509+08'00'",
"/ModDate": "D:20230209081857+08'00'",
"/Producer": "Microsoft® Word for Microsoft 365",
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf",
"https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf",
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r2.pdf",
"https://www.hikvision.com/en/support/download/firmware-with-cc"
]
}
},
"report_frontpage": {
"anssi": {},
"bsi": {},
"nscib": {},
"niap": {},
"canada": {}
},
"st_frontpage": {
"anssi": {},
"bsi": {},
"nscib": {},
"niap": {},
"canada": {}
},
"report_keywords": {
"cc_cert_id": {
"SG": {
"CSA_CC_22003": 2
}
},
"cc_protection_profile_id": {},
"cc_security_level": {
"EAL": {
"EAL2": 1,
"EAL 2": 1,
"EAL 2 augmented": 1
}
},
"cc_sar": {
"ALC": {
"ALC_FLR.2": 2,
"ALC_FLR": 1
},
"ATE": {
"ATE_FUN": 2,
"ATE_IND": 2
},
"AVA": {
"AVA_VAN": 3
}
},
"cc_sfr": {},
"cc_claims": {
"OE": {
"OE.TRUSTED_USERS": 1,
"OE.TRUSTED_NETWORK_SYSTEMS": 1,
"OE.NO_PHYSICAL_ACCESS": 1
}
},
"vendor": {},
"eval_facility": {
"An": {
"An Security": 2
}
},
"symmetric_crypto": {},
"asymmetric_crypto": {},
"pq_crypto": {},
"hash_function": {},
"crypto_scheme": {},
"crypto_protocol": {
"TLS": {
"TLS": {
"TLS": 4
}
}
},
"randomness": {},
"cipher_mode": {},
"ecc_curve": {},
"crypto_engine": {},
"tls_cipher_suite": {},
"crypto_library": {},
"vulnerability": {
"CVE": {
"CVE-2021-36260": 1
}
},
"side_channel_analysis": {},
"technical_report_id": {},
"device_model": {},
"tee_name": {},
"os_name": {},
"cplc_data": {},
"ic_data_group": {},
"standard_id": {
"ISO": {
"ISO/IEC 15408": 2,
"ISO/IEC 18045": 2
},
"CC": {
"CCMB-2017-04-001": 1,
"CCMB-2017-04-002": 1,
"CCMB-2018-04-003": 1,
"CCMB-2017-04-004": 1
}
},
"javacard_version": {},
"javacard_api_const": {},
"javacard_packages": {},
"certification_process": {}
},
"st_keywords": {
"cc_cert_id": {},
"cc_protection_profile_id": {},
"cc_security_level": {
"EAL": {
"EAL2": 2,
"EAL2 augmented": 1
}
},
"cc_sar": {
"ADV": {
"ADV_TDS.1": 1,
"ADV_ARC.1": 1,
"ADV_FSP.2": 1
},
"AGD": {
"AGD_PRE": 1,
"AGD_OPE.1": 1,
"AGD_PRE.1": 1
},
"ALC": {
"ALC_FLR.2": 2,
"ALC_CMC.2": 1,
"ALC_CMS.2": 1,
"ALC_DEL.1": 1,
"ALC_FLR": 1
},
"ATE": {
"ATE_COV.1": 1,
"ATE_FUN.1": 1,
"ATE_IND.2": 1
},
"AVA": {
"AVA_VAN.2": 1
},
"ASE": {
"ASE_CCL.1": 1,
"ASE_ECD.1": 1,
"ASE_INT.1": 1,
"ASE_TSS.1": 1,
"ASE_OBJ.2": 1,
"ASE_REQ.2": 1,
"ASE_SPD.1": 1
}
},
"cc_sfr": {
"FAU": {
"FAU_GEN.1": 10,
"FAU_GEN.2": 5,
"FAU_SAR.1": 4,
"FAU_GEN.1.1": 1,
"FAU_GEN.1.2": 1,
"FAU_GEN.2.1": 1,
"FAU_SAR.1.1": 1,
"FAU_SAR.1.2": 1,
"FAU_GEN": 2,
"FAU_SAR": 1
},
"FCS": {
"FCS_COP.1": 10,
"FCS_CKM.4": 22,
"FCS_CKM.1": 16,
"FCS_CKM.2": 4,
"FCS_CKM": 17,
"FCS_COP": 36
},
"FDP": {
"FDP_ITC.1": 7,
"FDP_ITC.2": 7
},
"FIA": {
"FIA_AFL.1": 5,
"FIA_UAU.1": 9,
"FIA_UAU.7": 4,
"FIA_UID.1": 17,
"FIA_ATD.1": 5,
"FIA_AFL.1.1": 1,
"FIA_UAU.1.1": 1,
"FIA_UAU.1.2": 1,
"FIA_UAU.7.1": 1,
"FIA_UID.1.2": 1,
"FIA_ATD.1.1": 1,
"FIA_AFL": 1,
"FIA_UAU": 2,
"FIA_ATD": 1
},
"FMT": {
"FMT_SMR.2": 9,
"FMT_SMF.1": 12,
"FMT_MOF.1": 4,
"FMT_MTD.1": 3,
"FMT_SMR.1": 1,
"FMT_SMR.2.1": 1,
"FMT_SMR.2.2": 1,
"FMT_SMR.2.3": 1,
"FMT_MOF.1.1": 1,
"FMT_SMR": 2,
"FMT_MTD.1.1": 1,
"FMT_SMF": 2,
"FMT_MOF": 1,
"FMT_MTD": 1
},
"FPT": {
"FPT_STM.1": 7,
"FPT_TST.1": 4,
"FPT_STM.1.1": 1,
"FPT_TST.1.1": 1,
"FPT_TST.1.2": 1,
"FPT_TST.1.3": 1,
"FPT_STM": 1,
"FPT_TST": 1
},
"FTA": {
"FTA_MCS.1": 7,
"FTA_SSL.3": 5,
"FTA_SSL.4": 5,
"FTA_MCS.1.1": 1,
"FTA_MCS.1.2": 1,
"FTA_SSL.3.1": 1,
"FTA_SSL.4.1": 1,
"FTA_MCS": 1,
"FTA_SSL": 2
},
"FTP": {
"FTP_TRP.1": 7,
"FTP_ITC.1": 5,
"FTP_TRP.1.1": 1,
"FTP_TRP.1.2": 1,
"FTP_TRP.1.3": 1,
"FTP_ITC.1.1": 1,
"FTP_ITC.1.2": 1,
"FTP_ITC.1.3": 1,
"FTP_TRP": 1,
"FTP_ITC": 1
}
},
"cc_claims": {
"O": {
"O.USER_AUTHENTICATION": 4,
"O.USER_AUTHORISATION": 4,
"O.USER_MANAGEMENT": 4,
"O.AUDIT_LOGS": 4,
"O.AUDIT_VIEW": 3,
"O.AUDIT_EXPORT": 4,
"O.VIDEO_INTEGRITY": 4,
"O.FIRMWARE_LOAD_INTEGRITY": 4,
"O.TRUSTED_PATH": 5,
"O.VIDEO_PROTECTION": 4,
"O.SOFTWARE_VERIFIED": 4,
"O.KEY_SECRECY": 4,
"O.AUDIT_REVIEW": 1
},
"T": {
"T.UNAUTHORISED_ACCESS": 3,
"T.TRANSMISSION_DISCLOSURE": 2,
"T.VIDEO_MANIPULATION": 3,
"T.UPDATE_COMPROMISE": 2
},
"A": {
"A.TRUSTED_USERS": 3,
"A.TRUSTED_NETWORK_SYSTEMS": 2,
"A.NO_PHYSICAL_ACCESS": 3
},
"OE": {
"OE.TRUSTED_USERS": 3,
"OE.TRUSTED_NETWORK_SYSTEMS": 4,
"OE.NO_PHYSICAL_ACCESS": 3,
"OE.PASSWORDS": 3
}
},
"vendor": {},
"eval_facility": {},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 7
}
}
},
"asymmetric_crypto": {
"RSA": {
"RSA2048": 1,
"RSA 2048": 1
},
"ECC": {
"ECDH": {
"ECDH": 1
}
},
"FF": {
"DH": {
"DHE": 6,
"DH": 1
}
}
},
"pq_crypto": {},
"hash_function": {
"SHA": {
"SHA2": {
"SHA256": 5,
"SHA384": 1,
"SHA512": 1,
"SHA-256": 1,
"SHA-384": 1,
"SHA-512": 1
}
}
},
"crypto_scheme": {},
"crypto_protocol": {
"TLS": {
"TLS": {
"TLS": 18,
"TLS1.1": 1,
"TLS1.3": 4,
"TLS 1.2": 1,
"TLS1.2": 1
}
}
},
"randomness": {},
"cipher_mode": {
"CBC": {
"CBC": 2
},
"GCM": {
"GCM": 2
}
},
"ecc_curve": {},
"crypto_engine": {},
"tls_cipher_suite": {
"TLS": {
"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384": 3,
"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256": 3
}
},
"crypto_library": {},
"vulnerability": {},
"side_channel_analysis": {},
"technical_report_id": {},
"device_model": {},
"tee_name": {},
"os_name": {},
"cplc_data": {},
"ic_data_group": {},
"standard_id": {
"FIPS": {
"FIPS PUB 180-4": 5,
"FIPS PUB 186-4": 2
},
"NIST": {
"NIST SP 800-38A": 1,
"NIST SP 800-38D": 1,
"NIST SP 800-88": 1
},
"RFC": {
"RFC5288": 5,
"RFC5246": 5,
"RFC3268": 4
}
},
"javacard_version": {},
"javacard_api_const": {},
"javacard_packages": {},
"certification_process": {}
},
"report_filename": "[CER] Hikvision Network Camera Series iDS-2CD7x Certificate Report v1.0.pdf",
"st_filename": "[ST] Hikvision Network Camera Series Series iDS-2CD7x Security Target V2.1.pdf"
},
"heuristics": {
"_type": "sec_certs.sample.cc.CCCertificate.Heuristics",
"extracted_versions": {
"_type": "Set",
"elements": [
"1.0"
]
},
"cpe_matches": null,
"verified_cpe_matches": null,
"related_cves": null,
"cert_lab": null,
"cert_id": "CSA_CC_22003",
"st_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"indirectly_referenced_by": null,
"directly_referencing": null,
"indirectly_referencing": null
},
"report_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"indirectly_referenced_by": null,
"directly_referencing": null,
"indirectly_referencing": null
},
"extracted_sars": {
"_type": "Set",
"elements": [
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ADV_ARC",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ADV_FSP",
"level": 2
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ADV_TDS",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "AGD_OPE",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "AGD_PRE",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ALC_CMC",
"level": 2
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ALC_CMS",
"level": 2
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ALC_DEL",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ALC_FLR",
"level": 2
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ASE_CCL",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ASE_ECD",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ASE_INT",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ASE_OBJ",
"level": 2
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ASE_REQ",
"level": 2
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ASE_SPD",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ASE_TSS",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ATE_COV",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ATE_FUN",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ATE_IND",
"level": 2
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "AVA_VAN",
"level": 2
}
]
},
"direct_transitive_cves": null,
"indirect_transitive_cves": null,
"scheme_data": {
"level": "EAL2+ALC_FLR.2",
"product": "Hikvision Network Camera Series iDS-2CD7x version 1.0",
"vendor": "Hangzhou Hikvision Digital Technology Co., Ltd",
"url": "https://www.csa.gov.sg/hikvision-network-camera-series-ids-2cd7x-version-1.0",
"certification_date": "14 February 2023",
"expiration_date": "13 February 2028",
"category": "Other Devices and Systems",
"cert_title": "[CER] Hikvision Network Camera Series iDS-2CD7x Certificate v1",
"cert_link": "https://www.csa.gov.sg/docs/default-source/common-product/-cer-hikvision-network-camera-series-ids-2cd7x-certificate-v1.pdf?sfvrsn=13871b20_1",
"report_title": "[CER] Hikvision Network Camera Series iDS-2CD7x Certificate Report v1.0",
"report_link": "https://www.csa.gov.sg/docs/default-source/common-product/-cer-hikvision-network-camera-series-ids-2cd7x-certificate-report-v1.0.pdf?sfvrsn=2a423f5b_1",
"target_title": "[ST] Hikvision Network Camera Series Series iDS-2CD7x Security Target V2.1",
"target_link": "https://www.csa.gov.sg/docs/default-source/common-product/-st-hikvision-network-camera-series-series-ids-2cd7x-security-target-v2.1.pdf?sfvrsn=af1c7edf_1"
}
}
}
Name changed to fix/change the version. ➡️
Name and cert ID stayed. 🟰 Certification report link changed which lead to the mismatch.
Name and cert ID stayed. 🟰 Category changed.
|
|
Looking at the case studies I think a proper fix is to rethink what a certificate even is. In the cases above, which cases represent the same certificate and which present a new one? For example the first two where part of the cert ID changed are quite weird. See the respective certificates: old new. Once we understand what a certificate even is, we can think about the changes to our methodology necessary to reflect that. I think it would have to go in the direction of more similarity based metrics and fuzzy stuff rather than hard IDs. Also, the tool is currently quite naive with respect to incremental updates and the web is doing a fresh run each time + some custom update tracking. This should be aligned, because without time information about the previous state of the dataset it is hard to say that some entries are really the same certificate. |
I checked these two and I believe these shall be considered two different certificates:
|
|
I made the following change to the website to handle the cases where some of the primary key attributes changed, but not much. @petrs Is this a good-enough resolution for you?
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
The auto generated ids for sec-certs urls pointing to specific certified product are not always persistent in time (https://sec-certs.org/cc/**6207e27699db6695**/). We do have at least two cases of id that changed in time - for example https://sec-certs.org/cc/6207e27699db6695/ vs. https://sec-certs.org/cc/56ef6c45d7eab7ee/ . The ID is generated from presumably static parameters of certificates, but it changed anyway. If these changes, we are loosing permalink people may have in their papers or watched certificates (email/RSS/Compare). We shall at least detect and add redirect. (and also investigate what is changing)
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Once indexed and inserted to database, the url static string shall stay same.
If change is anyway detected, notify admins and add automatic redirect to new url.
Desktop (please complete the following information):
Additional context
Known examples
NXP JCOP 4 P71 https://sec-certs.org/cc/2a45531c2dbd1ab8/ -> https://sec-certs.org/cc/f29f88756682e034/
Strong Customer Authentication for Apple Pay on Apple Watch with S8 running watchOS 9.4(watchOS 9.4 (build 20T253)) ( ANSSI-CC-2023/60) https://sec-certs.org/cc/56ef6c45d7eab7ee/ -> https://sec-certs.org/cc/6207e27699db6695/
The text was updated successfully, but these errors were encountered: