Our task:
- Simple but long-term card-terminal authorization protocol based on one-term passwords card is a low memory device, but it should allow authorization up to 2^16 times
CC Part One http://www.commoncriteriaportal.org/files/ccfiles/CCPART1V3.1R4.pdf
TOE - Target of Evaluation ST - Security Target
W załączniku A6 mamy opisane:
- Security problems
- Threads
- Assumptions
- OSP (Organisational Security Policies)
W załączniku A7
- Security objectives
Przykładowa implementacja PP:
Od strony 12, punkty 3 i 4