Our task:

• Simple but long-term card-terminal authorization protocol based on one-term passwords card is a low memory device, but it should allow authorization up to 2^16 times

CC Part One http://www.commoncriteriaportal.org/files/ccfiles/CCPART1V3.1R4.pdf

TOE - Target of Evaluation ST - Security Target

W załączniku A6 mamy opisane:

• Security problems
  • Threads
  • Assumptions
  • OSP (Organisational Security Policies)

W załączniku A7

• Security objectives

Przykładowa implementacja PP:

https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/ReportePP/pp0066_V2b_pdf.pdf?__blob=publicationFile

Od strony 12, punkty 3 i 4