Version 1.00 AUTOMATIC CASH DISPENSERS/ TELLER …

PROTECTION PROFILE

Version 1.00

AUTOMATIC CASH DISPENSERS/

TELLER MACHINES

n?aise

Registered at the French Certification Body under the number PP/9907

Evalua

ecf

tion et Certification Fra

BULL - DAT - DIEBOLD - NCR - SIEMENS NIXDORF - WANG GLOBAL AUTOMATIC CASH DISPENSER/TELLER MACHINES

CONTENTS

I. INTRODUCTION

5

I.1 Identification of the Protection Profile (PP)

5

I.2 General outline of the PP

5

II. DESCRIPTION OF THE TARGET OF EVALUATION (TOE)

5

II.1 Definition

5

II.2 The parties

8

II.3 Dynamics of interchanges and flows

9

II.3.1 Transport and checking of the personal identification number off-line (from the microcircuit)9

II.3.2 Transport and checking of the personal identification number on-line

10

II.3.3 Checking the amount

11

II.3.4 Downloading software

13

II.4 Direct interfaces with the target of evaluation

14

II.5 Scope of the Protection Profile

15

III. SECURITY ENVIRONMENT

16

III.1 Identification of the assets to be protected

16

III.2 Assumptions

16

III.3 Threats

18

III.3.1 Hardware Trojan horse

18

III.3.2 Software Trojan horse

18

III.3.3 Intrusion into the telecommunications network

18

III.3.4 Intrusion during maintenance

19

III.3.5 Actions at the customer end

19

III.3.6 Other threats

20

III.4 Security policy

20

IV. SECURITY OBJECTIVES

21

IV.1 Security objectives relating to the target of evaluation

21

IV.2 Security objectives relating to the environment

22

V. TECHNICAL SECURITY REQUIREMENTS

23

V.1 Technical security requirements of the target of evaluation

23

V.1.1 Functional requirements

23

V.1.2 Assurance requirements

27

PROTECTION PROFILE - V 1.00 02/03/99

Page: 2

BULL - DAT - DIEBOLD - NCR - SIEMENS NIXDORF - WANG GLOBAL AUTOMATIC CASH DISPENSER/TELLER MACHINES

V.2 Security requirements relating to the technical environment

29

VI. APPLICATION NOTES

30

VII. APPENDICES

31

VII.1 Glossary

31

VII.1.1 "Banking Terms"

31

VII.1.2 "CC" terms - Abbreviations and definitions

33

VII.2 Assurance requirements

35

PROTECTION PROFILE - V 1.00 02/03/99

Page: 3

BULL - DAT - DIEBOLD - NCR - SIEMENS NIXDORF - WANG GLOBAL AUTOMATIC CASH DISPENSER/TELLER MACHINES

Participants:

BULL Business Unit SST - Division Smart cards and Terminals 68, route de Versailles - BP45 78431 Louveciennes Cedex

DASSAULT A.T. 9,rue Elsa Triolet Z.I. des G?tines B.P. 13 78373 Plaisir Cedex

DIEBOLD 5 bis, rue du Pont des Halles 94656 Rungis

NCR 1, square John J. Patterson 91749 Massy Cedex

SIEMENS NIXDORF Retail and Banking Systems GmbH Heinz - Nixdorf - Ring 1 D-33106 PADERBORN

WANG GLOBAL rue de l'ancien march? La D?fense 9 - Puteaux 92047 Paris La D?fense Cedex

This document has been compiled on the basis of version 2.0 of the Common Criteria dated May 1998. The final appendix lists the abbreviations and acronyms used in the Common Criteria, among which most of those coming from Common Criteria.

PROTECTION PROFILE - V 1.00 02/03/99

Page: 4

BULL - DAT - DIEBOLD - NCR - SIEMENS NIXDORF - WANG GLOBAL AUTOMATIC CASH DISPENSER/TELLER MACHINES

I. INTRODUCTION

I.1 Identification of the Protection Profile (PP)

Title: Version: Reference: Keywords:

Automatic Cash Dispensers/Teller Machines

1.00

PP/9907

ACD/ATM, chip card, mag stripe card, personal identification number (PIN), microcircuit, withdrawal

I.2 General outline of the PP

The Protection Profile focuses upon automatic cash dispensers/automatic teller machines: these machines enable holders of identification cards (chip cards or smart cards) who have a personal identification number with which they can authenticate themselves, to carry out various transactions on a banking product linked with the card, in particular cash withdrawal.

This Protection Profile has been developed to specify the requirements in terms of functionalities and levels of assurance applicable to ACDs/ATMs.

Many transactions can be carried out via an ACD/ATM. The target has therefore been deliberately restricted to matters connected with the use of a card, the identification of the cardholder (the confidentiality of the PIN, etc) and the dispensing of cash (the integrity of the interfaces with the server, etc).

The target assurance level is EAL4, augmented in respect of the penetration tests (AVA VLA.3 instead of AVA VLA.2). The target strength of function (SoF) is "SoFmedium".

II. DESCRIPTION OF THE TARGET OF EVALUATION (TOE)

II.1 Definition The target of evaluation relates to three different types of hardware:

? Automatic Cash Dispenser, ? Automatic Teller Machine (dispensing of banknotes and "self-service"

transactions), ? Enquiry Terminal ("self-service" transactions).

For functional capabilities other than withdrawal, only those aspects which relate to the personal identification number are taken into account in the description of the PP.

PROTECTION PROFILE - V 1.00 02/03/99

Page: 5

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download