sony smart cards and international evaluation 2 nd common criteria conference london, uk 18-19 july...
Post on 01-Apr-2015
213 Views
Preview:
TRANSCRIPT
Sony Smart Cards and International Evaluation
2nd Common Criteria Conference
London, UK
18-19 July 2001
i-Card System Solutions DivisionBroadband Network Center
Sony Corporation
18-19 July 2001 Copyright 2001 Sony Corporation 2
Japanese Culture
• Historically, Japan is a single nation in a single land
• People are united
• The same people all around
• Feeling of safety
• Security is like the air, it is natural and free
18-19 July 2001 Copyright 2001 Sony Corporation 3
Change is in the air
• Increased number of foreigners, travelling abroad is a norm
• Communication constantly improves, Internet is omnipresent
• The borders between Japan and the world are disappearing
• Security is deteriorating
18-19 July 2001 Copyright 2001 Sony Corporation 4
e-Japan
• Recognition of the IT importance
• Target the vision for ideal IT society
• Establish priority policy areas
• Develop new nation-wide IT infrastructure
• Become one of the most developed IT nations in 2005
http://www1.kantei.go.jp/foreign/it_e.html
18-19 July 2001 Copyright 2001 Sony Corporation 5
IT strategy of Japan
• High-speed network infrastructure
• Competition policies
• Electronic commerce
• E-government
• Human Resources
18-19 July 2001 Copyright 2001 Sony Corporation 6
Information Security
18-19 July 2001 Copyright 2001 Sony Corporation 7
Japan’s security efforts
• 2000 - 15408 adopted as JIS X5070
• 2001 - Commercial Evaluation Facility and Certification Authority will be established
• 2001 - 15408 has become one of requirements for the
government procurement
18-19 July 2001 Copyright 2001 Sony Corporation 8
e-Commerce Security Technology Research Association (ECSEC)
• R&D related to products and services in the areas of e-Commerce and IT security
• Improve the technology level in the area
• ISO 15408:– Introduction courses– PP and ST development courses– Evaluation facility
18-19 July 2001 Copyright 2001 Sony Corporation 9
Collaboration with ECSEC
• ECSEC helped us to start the evaluation from scratch
• Introduction to the ISO 15408
• Recommendations of evaluation facilities
• Provision of technical courses
18-19 July 2001 Copyright 2001 Sony Corporation 10
Sony philosophy
• The pioneering spirit of Sony
• Philosophy of caring for and protecting the customers
• Security policy for protecting the business and customer privacy
• Common Criteria as a way to implement the policy
18-19 July 2001 Copyright 2001 Sony Corporation 11
Current target
• The current certification effort targets:– to verify that CC provides what our security
policy calls for– to confirm that our security measures are
sufficient under CC– to be first to certify a contactless smart card– to prepare for the future market requirements
18-19 July 2001 Copyright 2001 Sony Corporation 12
FeliCa Contactless Smart CardCard
Chip
Antenna
Control board
ReaderWriter
Antenna
Power Transmit
13.56MHz Base Band
Data Communication R/W -> Card
10%ASK ManchesterCoding
Data Communication Card -> R/W
Manchester Coding byLoad Switching
18-19 July 2001 Copyright 2001 Sony Corporation 13
Major Features of FeliCa
• High system security• Strong encryption algorithm• Fully encrypted data communication
• High speed transactions with anti-tear• Simultaneous multiple file access for high speed• Multiple file transaction automatic rollback
• Flexible hierarchical file system management• Separate access keys for different users of one service file• Different authorization for different access level operations• New service registration in the field by encapsulated package
18-19 July 2001 Copyright 2001 Sony Corporation 14
Progress
• Step-by-step approach to verify the suitability of the concept
• EAL 3 evaluation is finished
• EAL 4 evaluation is in progress now
• i-Card plans to evaluate all smart card products against ISO 15408
18-19 July 2001 Copyright 2001 Sony Corporation 15
Surprising things
• Result of hardware evaluation is not subject to the Recognition Agreement
• EAL 5-7 are not subject to CCRA either
• Although ISO 15408 is available, many companies still certify to ITSEC criteria
18-19 July 2001 Copyright 2001 Sony Corporation 16
What can be improved?
• Cost of the evaluation is very high
• Evaluation process is very long
• No support system for developers– tools, templates, courses, demos, examples
• More initiative from the CB and CLEF would be appreciated
18-19 July 2001 Copyright 2001 Sony Corporation 17
ISO standards relationship
ISO 9000 ISO 17799
ISO 15408Environment
• A common definition of the parts shared between the ISO standards is necessary to improve the reuse of evaluation and certification results
18-19 July 2001 Copyright 2001 Sony Corporation 18
Software vs. HardwareProduct vs. Environment
• ISO 15408 is product- and software- oriented– SFR = Software Firewall Requirements?
• There is very little to relate to the hardware
• The requirements towards a secure environment are not sufficiently clear
18-19 July 2001 Copyright 2001 Sony Corporation 19
Acknowledgements
• CB and CLEF support us from the very beginning
• The consultation services we received from CLEF were most helpful
• The coaching attitude of CLEF, suggestions and recommendations are very useful
Thank you!
For more information:
i-Card Security Assurance <icsa@net.sony.co.jp>
FeliCa information on the Internet:
http://www.sony.co.jp/en/Products/felica/
top related