

# ASE EAL5+ for TMS THN31 1.0.2 Lite

Version 1.3

Beijing Tsingteng MicroSystem Co., Ltd. 2025-06



Confidential level: Public Page: 2 of 31

# **Revision History**

| No. | Version | Date      | Change            | By        |
|-----|---------|-----------|-------------------|-----------|
| 1   | 1.0     | Apr. 2025 | Create            | Zheng Xin |
| 2   | 1.1     | Apr. 2025 | Modify as suggest | Zheng Xin |
| 3   | 1.2     | May. 2025 | Modify as suggest | Zheng Xin |
| 4   | 1.3     | Jun. 2025 | Modify as suggest | Zheng Xin |
|     |         | _         |                   |           |
|     |         |           |                   |           |
|     |         |           |                   |           |
|     |         |           |                   |           |
|     |         |           |                   |           |
|     |         |           |                   |           |
|     |         |           |                   |           |
|     |         |           |                   |           |
|     |         |           |                   |           |
|     |         |           |                   |           |
|     |         |           |                   |           |
|     |         |           |                   |           |



Document : ASE EAL5+ for TMS THN31 1.0.2 lite

Version: V1.3

Confidential level: Public Page: 3 of 31

# **Contents**

| 1. | ST Inti  | oduction                                                      | 5  |
|----|----------|---------------------------------------------------------------|----|
|    | 1.1. ST  | and TOE reference                                             | 5  |
|    | 1.2. TO  | E overview                                                    | 5  |
|    | 1.2.1.   | TOE                                                           | 5  |
|    | 1.2.2.   | Non-TOE                                                       | 6  |
|    | 1.3. TO  | E description                                                 | 6  |
|    | 1.3.1.   | Physical architecture                                         | 6  |
|    | 1.3.2.   | Logical Scope                                                 | 7  |
|    | 1.3.3.   | TOE components                                                | 9  |
|    | 1.4. Lif | e cycle and delivery                                          | 10 |
| 2. | Confo    | mance claim                                                   | 11 |
|    | 2.1. CC  | Conformance                                                   | 11 |
|    | 2.2. PP  | Claim                                                         | 11 |
|    | 2.3. Pag | ckage claim                                                   | 11 |
|    | 2.4. Co  | nformance claim rationale                                     | 11 |
| 3. | Securit  | ry problem definition                                         | 13 |
|    | 3.1. De  | scription of Assets                                           | 13 |
|    | 3.2. Th  | reats                                                         | 13 |
|    | 3.3. Or  | ganisational security policies                                | 13 |
|    | 3.4. As  | sumptions                                                     | 14 |
| 4. | Securit  | y objectives                                                  | 15 |
|    | 4.1. Sec | curity objectives for the TOE                                 | 15 |
|    | 4.2. Sec | curity objectives for the Security IC Embedded Software       | 16 |
|    | 4.3. Sec | curity objectives for the operational environment             | 16 |
|    | 4.4. Sec | curity objectives rationale                                   | 16 |
| 5. | Extend   | led Components Definitions                                    | 18 |
| 6. | Securit  | y requirements                                                | 19 |
|    | 6.1. De  | finitions                                                     | 19 |
|    | 6.2. Sec | curity Functional Requirements (SFR)                          | 19 |
|    | 6.2.1.   | SFRs derived from the Security IC Platform Protection Profile | 19 |
|    | 6.2.2.   | SFRs regarding cryptographic functionality                    | 22 |
|    | 6.3. Sec | curity Assurance Requirements (SAR)                           | 24 |
|    | 6.4. Sec | curity requirements rationale                                 | 25 |
|    | 6.4.1.   | Security Functional Requirements (SFR)                        | 25 |
|    | 6.4.2.   | Dependencies of the SFRs                                      | 26 |



Document : ASE EAL5+ for TMS THN31 1.0.2 lite

Version: V1.3
Page: 4 of 31

Confidential level: Public

| 6    | 5.4.3. Security Assurance Requirements (SAR) | 27 |
|------|----------------------------------------------|----|
|      | TOE summary specification                    |    |
| 7.1. | . Malfunction                                | 28 |
| 7.2. | . Leakage                                    | 28 |
| 7.3. | Physical manipulation and probing            | 28 |
| 7.4. | . Abuse of functionality and Identification  | 29 |
| 7.5. | Random numbers                               | 29 |
| 7.6. | . Cryptographic functionality                | 29 |
|      | References                                   |    |

Confidential level: Public Page: 5 of 31

#### 1. ST Introduction

This Security Target (ST) is built upon the Security IC Platform Protection Profile with Augmentation Packages [1], registered and Certified by Das Bundesamt für Sicherheit in der Informationstechnik (BSI) under the reference BSI-CC-PP-0084-2014.

This chapter presents the ST reference, the reference for the Target of Evaluation (TOE), a TOE overview description and a description of the logical and physical scope of the TOE.

#### 1.1. ST and TOE reference

Table 1 Description of ST reference and TOE reference

| ST reference:  | ASE EAL5+ for TMS THN31 1.0.2 Lite V1.3 |
|----------------|-----------------------------------------|
| TOE reference: | THN31 1.0.2 Secure Element version 1.0  |

Note:

THN31 1.0.2 Secure Element version 1.0 also include Crypto Library version 1.0.1 and Boot code v1.0.

#### 1.2. TOE overview

#### 1.2.1. TOE

The THN31 1.0.2 secure element combines an embedded near-field-communication (NFC) controller on a single die. The THN31 1.0.2 secure element is in the scope of the TOE while the NFC controller is out of scope of the TOE.



Figure 1 The block diagram of the TOE hardware

The TOE is a secure element with crypto library suitable for instance to support embedded SE, embedded SIM applications, etc.

The TOE consists of hardware and IC dedicated software. The hardware is based on a 32-bit CPU with ROM (Non-Volatile Read-Only Memory), NVM (Non-volatile Programmable Memory) and RAM (Volatile Memory). The hardware of the TOE also incorporates communication peripherals and cryptographic coprocessors for execution and acceleration of symmetric and asymmetric cryptographic algorithms. The IC dedicated software consists of boot code and library of cryptographic services.

The TOE supports the following communication interfaces:

• ISO/IEC 7816 contact interface.



Confidential level: Public Page: 6 of 31

- SPI interface
- I2C interface
- I3C interface

The TOE has been designed to provide a platform for Security IC Embedded Software which ensures that the critical user data of the Composite TOE are stored and processed in a secure way. To this end the TOE has the following security features:

- Hardware coprocessor for TDES and AES,
- True Random Number Generator,
- Hardware for RSA-CRT and ECC support,
- Protection against power analysis,
- Protection against physical attacks,
- Protection against perturbation attacks,
- Software library with cryptographic services for TDES/AES, RSA-CRT/ECC and TRNG.

#### 1.2.2. Non-TOE

The TOE is delivered to a composite product manufacturer. The security IC embedded software is developed by the composite product manufacturer. The **security IC embedded software** is not part of the TOE.

Figure 1 illustrates the block diagram of the TOE hardware, the THN31 1.0.2 secure element is in the scope of the TOE whereas **the NFC controller** is not part of the TOE.

## 1.3. TOE description

This section presents the physical and logical scope of the TOE.

#### 1.3.1. Physical architecture

The main functional blocks of the TOE hardware are depicted below.



Figure 2 The block diagram of the TOE hardware

The hardware of the TOE has the following components:



Confidential level: Public Page: 7 of 31

- 32-bit CPU
- NVM
- ROM
- RAM
- AHBMMU
- Interfaces I/O
  - o ISO/IEC 7816 contact interface
  - o SPI interface
  - o I2C interface
  - o I3C interface
- True Random Number Generator
- Block Cryptography Engine for TDES supporting
- Block Cryptography Engine for AES supporting
- Public-Key Engine for RSA-CRT supporting
- Public-Key Engine for ECC supporting
- System control circuitry
- Test circuitry
- Timers
- Security Circuitry
- Sensors
- Power Management Circuitry
- Clock circuitry
- Reset circuitry

The AHBMMU is a bus component which also provides user controllable bus masking.

#### 1.3.2. Logical Scope

The TOE distinguishes three modes:

- 1. Boot mode
- 2. Test mode
- 3. Normal mode

Boot mode is the initial mode after the chip is powered up. This mode is not available to the Security IC embedded software. It can either switch to test mode under the purpose of testing or initialization, or switch to normal mode.

Test mode is also not available for the Security IC embedded software. It is utilized to perform the TOE testing before the TOE is delivered to the end user. Test mode is strictly protected by a combination of hardware and software security features.

Normal mode is utilized for the end user, Security IC embedded software can be executed under this mode. Normal mode cannot switch back to boot mode and test mode.

The TOE provides ROM for executing the boot code and Crypto Library code, NVM for the other code and data access, and RAM for the temporary data access.



Confidential level: Public Page: 8 of 31

The Memory management unit is performed by the AHBMMU, and it also performs the access control of boot mode, test mode and normal mode.

There are four communication interfaces available, including ISO/IEC 7816 contact interface, SPI interface, I2C interface, I3C interface.

The TOE provides the system control functions to handle the reset, clock, interrupt signals, etc.

The TOE provides the test circuitry to perform the TOE testing under the test mode.

The TOE provides the timers for the security IC embedded software to abort irregular executions of the program.

The TOE provides power management functionality under boot mode, test mode, and normal mode, also contact and contactless interfaces.

The TOE provides strong security functionalities against malfunction, including the environmental sensors to monitor if environmental conditions are within the specified range, the abnormality check of TRNG to verify the quality of the generated random data, also the integrity to monitor if the data is manipulated.

The TOE provides strong security functionalities against leakage, including bus masking, random OSC clock jitter and 32-bit secure core polarity switching which configures the oscillator frequency to a random value for each cycle.

The TOE provides strong security functionalities against physical manipulation and probing, including the dedicated shielding techniques, data integrity checks for verifying the integrity of the data, also the memory encryption.

The TOE provides strong security functionalities against abuse of functionality and identification by the means of test access control mechanism. It is implemented by a combination with hardware fuse and software access control mechanism.

The TOE provides a true random number generator, which is accessible by the crypto library. The true random number generator is composed of entropy sources, self-test circuit and post-processing circuit. The self-test circuit includes the total failure test and online test. The total failure test is performed on the entropy source. The online testing is performed on the raw random number sequence, aiming to prevent malfunctioning. The true random number also fulfils the AIS20/31 PTG.2 level.

The TOE provides the following cryptographic services to the Security IC embedded software:

- TDES
- AES
- RSA-CRT
- ECC

The TOE implements Triple-DES algorithm by means of a hardware co-processor and a software crypto library. It supports the Triple-DES algorithm with three 56 bit keys for 3-key



Confidential level: Public Page: 9 of 31

Triple DES supporting ECB mode. The keys for the TDES algorithms shall be provided by the security IC embedded software.

The TOE implements AES algorithm by means of a hardware co-processor and a software crypto library. It supports AES algorithm with key size of 128, 192 and 256 in ECB mode. The keys for the AES algorithm shall be provided by the security IC embedded software.

The TOE provides RSA-CRT algorithm according to the paper [10] to meet the security requirement FCS\_COP.1[RSA-CRT]. The TSF implements the RSA-CRT algorithm with the cryptographic key size from 1900 bits to 4096 bits. The RSA-CRT algorithm is accessed by the crypto library.

The functional requirements [FDP\_ITC.1, or FDP\_ITC.2 or FCS\_CKM.1] and FCS\_CKM.4 are not included in this Security Target since the TOE only provides a pure engine for encryption and decryption without additional features for the handling of cryptographic keys.

The TOE provides ECC algorithm according to the paper [14] to meet the security requirement FCS\_COP.1[ECC]. The TSF implements the ECC algorithm with the cryptographic key sizes 224, 256, 320, 384, 512 and 521 bits. The ECC algorithm is accessed by the crypto library.

## 1.3.3. TOE components

The TOE consists of the following components that are delivered to the composite product manufacturer:

**Table 2 List of TOE components** 

| Type     | Name                                               | Version | Package                                                      | Format | Delivery<br>method |
|----------|----------------------------------------------------|---------|--------------------------------------------------------------|--------|--------------------|
| Hardware | THN31 1.0.2                                        | 1.0     | Module                                                       | Module | Courier delivery   |
| Software | Crypto Library                                     | 1.0.1   | Software library in ROM                                      | Binary | Masked in ROM      |
|          | Boot code                                          | 1.0     | Boot in ROM                                                  | Binary | Masked in ROM      |
|          |                                                    |         | user, the software also contai<br>and which is stored in NVM |        |                    |
| Document | AGD_OPE UM<br>EAL5+ for TMS<br>THN31 1.0.2 [6]     | 0.5     | Document                                                     | .pdf   | Encrypted e-mail   |
|          | AGD_PRE<br>EAL5+ for TMS<br>THN31 1.0.2 [7]        | 1.3     | Document                                                     | .pdf   | Encrypted e-mail   |
|          | AGD_OPE SG<br>EAL5+ for TMS<br>THN31 1.0.2<br>[11] | 1.4     | Document                                                     | .pdf   | Encrypted e-mail   |
|          | AGD_OPE API<br>EAL5+ for TMS                       | 0.7     | Document                                                     | .pdf   | Encrypted e-mail   |



Confidential level: Public Page: 10 of 31

| THN31 1.0.2 |  |  |
|-------------|--|--|
| [12]        |  |  |

## 1.4. Life cycle and delivery

The end-consumer environment of the TOE is phase 7 of the Security IC product life-cycle as defined in the PP [1]. In this phase the TOE is in usage by the end-consumer. Its method of use now depends on the Security IC Embedded Software. Examples of use cases are eSIM or eSE.

The scope of the assurance components referring to the TOE's life cycle is limited to phases 2, 3, 4, 5 and 6.

The security IC Embedded software will be integrated in CP testing program before CP test.

And then, the security IC embedded software will be loaded in chip when CP testing program is operated by the CP testing machine automatically during the CP testing process, which in phase 3 of the Security IC product life-cycle as define in the PP[1].

Confidential level: Public Page: 11 of 31

## 2. Conformance claim

This chapter presents conformance claim and the conformance claim rationale.

#### 2.1. CC Conformance

This Security Target and the TOE claim to be conformant to the Common Criteria version CC 3.1:

- Part 1 revision 5 [2].
- Part 2 revision 5 [3]
- Part 3 revision 5 [4]

For the evaluation will be used the methodology in Common Criteria Evaluation Methodology version 3.1 CEM revision 5 [5]

This Security Target and the TOE claim to be CC Part 2 extended and CC Part 3 conformant.

#### 2.2. PP Claim

This Security Target claims **strict** conformance to the Security IC Platform Protection Profile with augmentation packages [1].

Note: This Security Target does not claim conformance to the optional package (package "TDES" and package "AES") in the Security IC Platform Protection Profile with augmentation packages [1].

The TOE also provides additional functionality, which is not covered in the Security IC Platform Protection Profile with augmentation packages [1].

#### 2.3. Package claim

This Security Target claims conformance to the assurance package **EAL5** augmented with AVA\_VAN.5 and ALC\_DVS.2. This assurance level is in line with the Security IC Platform Protection Profile [1].

#### 2.4. Conformance claim rationale

The TOE is a Security IC equivalent to the TOE type defined in [1] as it is composed by:

- > Processing unit (32-bit CPU)
- > Security components (e.g. sensors)
- ➤ I/O ports (ISO 7816, SPI, I2C and I3C interfaces)
- ➤ Volatile memory (e.g. RAM)
- ➤ Non-Volatile memory (e.g. NVM)
- ➤ Dedicated software (Crypto library)

The TOE provides cryptographic functionalities which are inspired by Security IC Platform Protection Profile [1]:



Confidential level: Public Page: 12 of 31

Organisational Security Policy P.Crypto-Service is defined to require TDES, AES, ECC and RSA-CRT cryptographic functions.

- ➤ Security Objectives O.TDES, O.AES, O.ECC and O.RSA are included in the ST to meet P.Crypto-Service.
- ➤ Security Functional Requirements FCS\_COP.1[TDES], FCS\_COP.1[AES], FCS\_COP.1[ECC] and FCS\_COP.1[RSA-CRT] are included in the ST to meet O.TDES, O.AES, O.ECC and O.RSA.

The rationale of this Security Target does not claim conformance to the optional package (package "TDES" and package "AES"):

The TOE needs to be integrated with the security IC embedded software to implement FCS\_CKM.4[TDES] and FCS\_CKM.4[AES], but the security IC embedded software is not under the scope of this evaluation.

Confidential level: Public Page: 13 of 31

## 3. Security problem definition

This chapter presents the threats, organisational security policies and assumptions for the TOE.

The Assets, Assumptions, Threats and Organisational Security Policies are completely taken from the Security IC Platform Protection Profile [1].

## 3.1. Description of Assets

Since this Security Target claims conformance to the Security IC Platform Protection Profile [1], the assets defined in section 3.1 of the Protection Profile are applied.

#### 3.2. Threats

This Security Target claims conformance to the Security IC Platform Protection Profile [1]. The Threats that apply to this Security Target are defined in section 3.2 of the Protection Profile. The following table lists the threats of the Protection Profile.

**Table 3 Threats defined in the Protection Profile** 

| Threat          | Title                                   |
|-----------------|-----------------------------------------|
| T.Leak-Inherent | Inherent Information Leakage            |
| T.Phys-Probing  | Physical Probing                        |
| T.Malfunction   | Malfunction due to Environmental Stress |
| T.Phys-         | Physical Manipulation                   |
| Manipulation    | -                                       |
| T.Leak-Forced   | Forced Information Leakage              |
| T.Abuse-Func    | Abuse of Functionality                  |
| T.RND           | Deficiency of Random Numbers            |

# 3.3. Organisational security policies

This Security Target claims conformance to the Security IC Platform Protection Profile [1]. The Organisational Security Policy that apply to this Security Target is defined in section 3.3 of the Protection Profile, it is:

P.Process-TOE Identification during TOE Development and Production

The following Organisational Security Policy is inspired by the Security IC Platform Protection Profile [1] defined by the TOE:

P.Crypto-Service Cryptographic services of the TOE

The TOE provides secure hardware based cryptographic services for the IC Embedded Software.



Confidential level: Public Page: 14 of 31

# 3.4. Assumptions

This Security Target claims conformance to the Security IC Platform Protection Profile [1]. The assumptions claimed in this Security Target defined in section 3.4 of the Protection Profile. They are specified below.

**Table 4 Assumptions defined in the Protection Profile** 

| Assumption       | Title                                       |  |
|------------------|---------------------------------------------|--|
| A.Process-Sec-IC | Protection during Packaging, Finishing and  |  |
|                  | Personalisation                             |  |
| A.Resp-Appl      | Treatment of User Data of the Composite TOE |  |



Confidential level: Public Page: 15 of 31

## 4. Security objectives

This chapter provides the statement of security objectives and the security objective rationale. Except additional four Objectives ,for this chapter the Security IC Platform Protection Profile [1] can be applied completely. Only a short overview is given in the following.

## 4.1. Security objectives for the TOE

All objectives described in the section 4.1 of the Security IC Platform Protection Profile [1] are claimed for the TOE, these are:

Table 5 Security objectives for the TOE defined in the Protection Profile

| <b>Security Objective</b> | Title                                           |
|---------------------------|-------------------------------------------------|
| O.Phys-                   | Protection against Physical Manipulation        |
| Manipulation              |                                                 |
| O.Phys-Probing            | Protection against Physical Probing             |
| O.Malfunction             | Protection against Malfunctions                 |
| O.Leak-Inherent           | Protection against Inherent Information Leakage |
| O.Leak-Forced             | Protection against Forced Information Leakage   |
| O.Abuse-Func              | Protection against Abuse of Functionality       |
| O.Identification          | TOE Identification                              |
| O.RND                     | Random Numbers                                  |

In addition, the TOE defines the following objectives, thereamong, O.TDES and O.AES are inspired by the Security IC Platform Protection Profile [1],:

#### O.TDES TDES functionality

The TOE shall provide secure cryptographic services implementing the TDES cryptographic algorithm for encryption and decryption.

## O.AES AES functionality

The TOE shall provide secure cryptographic services implementing the AES cryptographic algorithm for encryption and decryption.

## O.RSA RSA functionality

The TOE shall provide secure cryptographic services implementing the RSA-CRT cryptographic algorithm for decryption.

#### O.ECC ECC functionality

The TOE shall provide secure cryptographic services implementing the ECC cryptographic algorithm.



Confidential level: Public Page: 16 of 31

## 4.2. Security objectives for the Security IC Embedded Software

This section describes the security objective for the security IC Embedded software, which is taken from section 4.2 of the Security IC Platform Protection Profile [1].

Table 6 Security Objectives for the security IC Embedded software defined in the Protection Profile

| <b>Security Objective</b> | Title                                       |  |
|---------------------------|---------------------------------------------|--|
| OE.Resp-Appl              | Treatment of user data of the composite TOE |  |

## 4.3. Security objectives for the operational environment

This section describes the security objective for the operational environment, which is taken from section 4.3 of the Security IC Platform Protection Profile [1].

Table 7 Security Objectives for the operational environment defined in the Protection Profile

| <b>Security Objective</b> | Title                               |  |
|---------------------------|-------------------------------------|--|
| OE.Process-Sec-IC         | Protection during composite product |  |
|                           | manufacturing                       |  |

# 4.4. Security objectives rationale

Section 4.4 in the Protection Profile provides a rationale how the assumptions, threats and organisational security policies are addressed by the objectives. The table below shows this relationship.

Table 8 Addressing of assumptions, threats and organisational security policies to objectives

| Assumption, Threat or          | Security Objective  |
|--------------------------------|---------------------|
| Organisational Security Policy |                     |
| A.Resp-Appl                    | OE.Resp-Appl        |
| P.Process-TOE                  | O.Identification    |
| A.Process-Sec-IC               | OE.Process-Sec-IC   |
| T.Leak-Inherent                | O.Leak-Inherent     |
| T.Phys-Probing                 | O.Phys-Probing      |
| T.Malfunction                  | O.Malfunction       |
| T.Phys-Manipulation            | O.Phys-Manipulation |
| T.Leak-Forced                  | O.Leak-Forced       |
| T.Abuse-Func                   | O.Abuse-Func        |
| T.RND                          | O.RND               |

For the justification of the above mapping please refer to the Protection Profile.

The table below shows how the organisational security policies are addressed by objectives for the TOE.



Confidential level: Public Page: 17 of 31

Table 9 Addressing of assumptions, threats and organisational security policies to additional objectives

| Assumption, Threat or<br>Organisational Security Policy | Security Objective |
|---------------------------------------------------------|--------------------|
| P.Crypto-Service                                        | O.TDES             |
|                                                         | O.AES              |
|                                                         | O.RSA              |
|                                                         | O.ECC              |

The objective O.TDES, O.AES, O.RSA and O.ECC enforce organizational security policy P.Crypto-Service and the target such kind of cryptographic services defined in P.Crypto-Service.



Confidential level: Public Page: 18 of 31

# 5. Extended Components Definitions

This Security Target uses the extended security functional requirements defined in chapter 5 of the Security IC Platform Protection Profile [1].

This Security Target does not define extended components in addition to the Protection Profile.

Confidential level: Public Page: 19 of 31

## 6. Security requirements

This chapter presents the statement of security requirements for the TOE and the security requirements rationale. This chapter applies the Security IC Platform Protection Profile [1].

#### 6.1. Definitions

In the next sections the following notation is used:

- The iteration operation is used when a component is claimed with varying operations, it is denoted by adding "[XXX]" to the component name.
- Refinement, selection or assignment operations are used to add details or assign specific values to components, they are indicated by italic text and explained in footnotes.

# 6.2. Security Functional Requirements (SFR)

To support a better understanding of the combination Security IC Platform Protection Profile vs. Security Target, the TOE Security Functional Requirements are presented in the following several different sections.

## 6.2.1. SFRs derived from the Security IC Platform Protection Profile

The table below lists the Security Functional Requirements that are directly taken from the Security IC Platform Protection Profile.

Table 10 List of Security Functional Requirements on the security IC platform Protection Profile

| Security functional requirement | Title                                         |
|---------------------------------|-----------------------------------------------|
| FRU_FLT.2                       | "Limited fault tolerance"                     |
| FPT_FLS.1                       | "Failure with preservation of secure state"   |
| FMT_LIM.1                       | "Limited capabilities"                        |
| FMT_LIM.2                       | "Limited availability"                        |
| FAU_SAS.1                       | "Audit storage"                               |
| FPT_PHP.3                       | "Resistance to physical attack"               |
| FDP_ITT.1                       | "Basic internal transfer protection"          |
| FDP_IFC.1                       | "Subset information flow control"             |
| FPT_ITT.1                       | "Basic internal TSF data transfer protection" |
| FDP_SDC.1                       | "Stored data confidentiality"                 |
| FDP_SDI.2                       | "Stored data integrity monitoring and action" |
| FCS_RNG.1[PTG.2]                | "Quality metric for random numbers"           |

The SFRs FRU\_FLT.2, FMT\_LIM.1, FMT\_LIM.2, FDP\_ITT.1, FDP\_IFC.1 and FPT\_ITT.1 are copied directly from the Security IC Platform Protection Profile. All the assignments, refinements and selections operations are taken as defined in the protection profile.



Confidential level: Public Page: 20 of 31

The FAU\_SAS.1, FDP\_SDC.1, FDP\_SDI.2 and FCS\_RNG.1[PTG.2] are taken from the Security IC Platform Protection Profile. The open assignments and selection operations are instantiated in the following way:

☐ In FAU\_SAS.1 the left open selection is the Initialisation Data or Pre-personalisation Data, and assignment is the type of persistent memory;

☐ In FDP\_SDC.1 the left open assignment is the memory area;

☐ In FDP\_SDI.2 the left open assignments are integrity errors, the user data attributes and the action to be taken;

☐ In the FCS\_RNG.1[PTG.2] the left open definition is the quality metric for the random numbers.

The following statements define these completed SFRs.

FAU SAS.1 Audit storage

Hierarchical to: No other components.

FAU SAS.1.1 The TSF shall provide the test process before TOE Delivery<sup>1</sup> with the

capability to store the Initialisation Data 2 in the OTP (One Time

 $Programmable)^3$ .

Dependencies: No dependencies.

FDP\_SDC.1 Stored data confidentiality

Hierarchical to: No other components.

FDP SDC.1.1 The TSF shall ensure the confidentiality of the information of the user

data while it is stored in the NVM, ROM and RAM<sup>4</sup>.

Dependencies: No dependencies.

**FDP\_SDI.2** Stored data integrity monitoring and action Hierarchical to: FDP\_SDI.1 Stored data integrity monitoring

FDP SDI.2.1 The TSF shall monitor user data stored in containers controlled by the

TSF for modification of data<sup>5</sup> on all objects, based on the following attributes: redundancy bits check including data in the memory (ROM,

NVM, RAM)<sup>6</sup>.

FDP SDI.2.2 Upon detection of a data integrity error, the TSF shall raise alarm<sup>7</sup>.

Dependencies: No dependencies.

#### FCS RNG.1 [PTG.2] Random number generation

Hierarchical to: No other components.

FCS\_RNG.1.1 [PTG.2] The TSF shall provide a physical8 random number generator that

<sup>2</sup> [selection: the Initialisation Data, Pre-personalisation Data, [assignment: other data]]

<sup>5</sup>[assignment: integrity errors]

<sup>&</sup>lt;sup>1</sup> [assignment: list of subjects]

<sup>&</sup>lt;sup>3</sup> [assignment: type of persistent memory]

<sup>&</sup>lt;sup>4</sup>[assignment: memory area]

<sup>&</sup>lt;sup>6</sup>[assignment: user data attributes]

<sup>&</sup>lt;sup>7</sup> [assignment: action to be taken]

<sup>&</sup>lt;sup>8</sup> [selection: physical, non-physical true, deterministic, hybrid physical, hybrid deterministic]

Confidential level: Public Page: 21 of 31

### Implements:

• A total failure test detects a total failure of entropy source immediately when the RNG has started. When a total failure is detected, no random numbers will be output.

- If a total failure of the entropy source occurs while the RNG is being operated, the RNG prevents the output of any internal random number that depends on some raw random numbers that have been generated after the total failure of the entropy source.
- The online test shall detect non-tolerable statistical defects of the raw random number sequence (i) immediately when the RNG has started. And (ii) while the RNG is being operated. The TSF must not output any random numbers before the power-up online test has finished successfully or when a defect has been detected.
- The online test procedure shall be effective to detect non-tolerable weakness of the random numbers soon.
- The online test procedure checks the quality of the raw random number sequence. It is triggered applied upon specified internal events. The online test is suitable for detecting non-tolerable statistical defects of the statistical properties of the raw random numbers within an acceptable period of time. 9

FCS RNG.1.2[PTG.2] The TSF shall provide 32 bit random number words<sup>10</sup> that meet:

- Test procedure A and no other test suites does not distinguish the internal random numbers from output sequences of an ideal RNG.
- The average Shannon entropy per internal random bit exceeds 0.997.<sup>11</sup>

Dependencies: No dependencies.

FPT FLS.1 Failure with preservation of secure state

Hierarchical to: No other components. Dependencies: No dependencies.

FPT FLS.1.1 The TSF shall preserve a secure state when the following types of

failures occur: exposure to operating conditions which may not be tolerated according to the requirement Limited fault tolerance (FRU\_FLT.2) and where therefore a malfunction could occur<sup>12</sup>.

Refinement: The term "failure" above also covers "circumstances". The TOE

prevents failures for the "circumstances" defined above.

Application note: The occurred failures will cause the alarm signals to be triggered, which

will result in a reset (secure state).

## FPT PHP.3 Resistance to physical attack

<sup>9</sup>[assignment: list of security capabilities]

<sup>12</sup>[assignment: list of types of failures in the TSF]

<sup>&</sup>lt;sup>10</sup>[selection: bits, octets of bits, numbers [assignment: format of the numbers]]

<sup>&</sup>lt;sup>11</sup>[assignment: a defined quality metric]

Page: 22 of 31 Confidential level: Public

Hierarchical to: No other components. Dependencies: No dependencies.

FPT PHP.3.1 The TSF shall resist physical manipulation and physical probing<sup>13</sup> to the

 $TSF^{14}$  by responding automatically such that the SFRs are always

enforced.

The TSF will implement appropriate mechanism to continuously counter Refinement:

> physical manipulation and physical probing. Due to the nature of these attacks (especially manipulation) the TSF can by no means detect attacks on all of its elements. Therefore, permanent protection against these attack is required ensuring that security functional requirements are enforced. Hence, "automatic response" means here (i) assuming that there might be an attack at any time and (ii) countermeasures are

provided at any time.

Application note: If a physical manipulation or physical probing attack is detected, an

alarm will be automatically triggered by the hardware, which will cause

the chip to be reset.

## 6.2.2. SFRs regarding cryptographic functionality

FCS COP.1 [TDES] Cryptographic operation – TDES

Hierarchical to: No other components.

FCS COP.1.1 [TDES] The TSF shall perform encryption and decryption<sup>15</sup> in accordance

with a specified cryptographic algorithm TDES in ECB mode 16 and cryptographic key sizes of 112/168 bit17that meet the following: NIST

SP800-67[8] and NIST SP800-38A<sup>18</sup>[9].

Dependencies: [FDP ITC.1 Import of user data without security attributes,

or FDP ITC.2 Import of user data with security attributes, or

FCS CKM.1 Cryptographic key generation] FCS CKM.4 Cryptographic key destruction

Application note: The security IC embedded software shall note that encryption and

> decryption TDES algorithm is legacy in agreed by SOG-IS ACM [18]. The current expiration date of TDES algorithm in [18] is until 31st December 2024 for 112 bits key size and until at least 2027 for 168 bits key size. And the ECB mode is not listed as a recommended symmetric encryption/decryption mode in [18]. It is in the scope for compatibility with composite that requires use of TDES ECB mode (i.e. payment

applications).

FCS COP.1 [AES] Cryptographic operation – AES

Hierarchical to: No other components.

Beijing Tsingteng MicroSystem Co., Ltd.

<sup>&</sup>lt;sup>13</sup> [assignment: physical tampering scenarios]

<sup>&</sup>lt;sup>14</sup> [assignment: list of TSF devices/elements]

<sup>&</sup>lt;sup>15</sup>[assignment: list of cryptographic operations]

<sup>&</sup>lt;sup>16</sup>[assignment: cryptographic algorithm]

<sup>&</sup>lt;sup>17</sup> [assignment: cryptographic key sizes]

<sup>&</sup>lt;sup>18</sup>[assignment: list of standards]

Confidential level: Public Page: 23 of 31

FCS\_COP.1.1 [AES] The TSF shall perform encryption and decryption<sup>19</sup> in accordance

with a specified cryptographic algorithm *AES in ECB mode* <sup>20</sup> and cryptographic key sizes of *128/192/256 bit* <sup>21</sup> that meet the following:

AES standard<sup>22</sup> FIPS 197[13] and NIST SP800-38A [9].

Dependencies: [FDP\_ITC.1 Import of user data without security attributes,

or FDP ITC.2 Import of user data with security attributes, or

FCS\_CKM.1 Cryptographic key generation] FCS\_CKM.4 Cryptographic key destruction

Application note: The ECB mode is not listed as a recommended symmetric

encryption/decryption mode in [18]. It is in the scope for compatibility with composite that requires use of AES ECB mode (i.e. payment

applications).

FCS COP.1 [RSA-CRT] Cryptographic operation – RSA-CRT

Hierarchical to: No other components.

FCS COP.1.1[RSA-CRT] The TSF shall perform decryption<sup>23</sup> in accordance with a

specified cryptographic algorithm RSA-CRT<sup>24</sup> and cryptographic key sizes modulus N size of 1900 bits to 4096 bits<sup>25</sup> that meet the following:

RSA standard [10]<sup>26</sup>.

Dependencies: [FDP ITC.1 Import of user data without security attributes,

or FDP ITC.2 Import of user data with security attributes, or

FCS\_CKM.1 Cryptographic key generation] FCS\_CKM.4 Cryptographic key destruction

Application note: Decryption RSA-CRT algorithm with key sizes <3000 bits is in the

scope for compatibility with composite that require use of RSA-CRT (i.e. payment applications). However, key lengths >= 3000 bits is the recommended. For RSA-CRT with keys between 1900-bits and 2999-bits, the current expiration date in [18] is until 31st December 2025.

FCS COP.1 [ECC] Cryptographic operation – ECC

Hierarchical to: No other components.

FCS\_COP.1.1[ECC] The TSF shall perform signature, verification, and point multiplication

 $^{27}$  in accordance with a specified cryptographic algorithm *ECC* over GF(p)  $^{28}$  and cryptographic key sizes 224, 256, 320, 384, 512 and 521 bits<sup>29</sup> that meet the following: *ECC* standards [14], *RFC* 5639[15],

ANSI X9.62-2005[16]<sup>30</sup>.

Dependencies: [FDP ITC.1 Import of user data without security attributes,

<sup>19</sup>[assignment: list of cryptographic operations]

\_

<sup>&</sup>lt;sup>20</sup>[assignment: cryptographic algorithm]

<sup>&</sup>lt;sup>21</sup> [assignment: cryptographic key sizes]

<sup>&</sup>lt;sup>22</sup>[assignment: list of standards]

<sup>&</sup>lt;sup>23</sup> [assignment: list of cryptographic operations]

<sup>&</sup>lt;sup>24</sup> [assignment: cryptographic algorithm]

<sup>&</sup>lt;sup>25</sup> [assignment: cryptographic key sizes]

<sup>&</sup>lt;sup>26</sup> [assignment: list of standards]

<sup>&</sup>lt;sup>27</sup> [assignment: list of cryptographic operations]

<sup>&</sup>lt;sup>28</sup> [assignment: cryptographic algorithm]

<sup>&</sup>lt;sup>29</sup> [assignment: cryptographic key sizes]

<sup>&</sup>lt;sup>30</sup> [assignment: list of standards]

Confidential level: Public Page: 24 of 31

or FDP ITC.2 Import of user data with security attributes, or

FCS\_CKM.1 Cryptographic key generation] FCS\_CKM.4 Cryptographic key destruction

Application note: The security functionality is resistant against side channel analysis and

other attacks described in [JIL-ATT-SC][17].

The certification covers the standard curves, ansix9p224r1,

ansix9p256r1, ansix9p384r1 and ansix9p521r1 from ANSI X9.62-2005, brainpoolP224r1, brainpoolP256r1, brainpoolP320r1, brainpoolP384r1

and brainpoolP512r1 curves from RFC 5639.

The curves ansix9p224r1, brainpoolP224r1 and brainpoolP320r1 are not recommended in [18]. They are in the scope for compatibility with composite that requires use of ansix9p224r1, brainpoolP224r1 and

brainpoolP320r1(i.e. payment applications).

## 6.3. Security Assurance Requirements (SAR)

This Security Target will be evaluated according to Security Target evaluation (Class ASE)

The Security Assurance Requirements for the evaluation of the TOE are the components in Assurance Evaluation level EAL5 augmented by the components ALC\_DVS.2 and AVA VAN.5. Refer to CC Part3[4] for the details of these assurance requirements.

**Table 11 TOE assurance requirements** 

| Security assurance                    | Titles                         |  |
|---------------------------------------|--------------------------------|--|
| requirements                          |                                |  |
| Class ADV: Development                |                                |  |
| ADV_ARC.1                             | Architectural design           |  |
| ADV_FSP.5                             | Functional specification       |  |
| ADV_IMP.1                             | Implementation representation  |  |
| ADV_INT.2                             | TSF internals                  |  |
| ADV_TDS.4                             | TOE design                     |  |
| Class AGD: Guidance d                 | locuments                      |  |
| AGD_OPE.1                             | Operational user guidance      |  |
| AGD_PRE.1                             | Preparative user guidance      |  |
| Class ALC: Life-cycle support         |                                |  |
| ALC_CMC.4                             | CM capabilities                |  |
| ALC_CMS.5                             | CM scope                       |  |
| ALC_DEL.1                             | Delivery                       |  |
| ALC_DVS.2                             | Development security           |  |
| ALC_LCD.1                             | Life-cycle definition          |  |
| ALC_TAT.2                             | Tools and techniques           |  |
| Class ASE: Security Target evaluation |                                |  |
| ASE_CCL.1                             | Conformance claims             |  |
| ASE_ECD.1                             | Extended components definition |  |
| ASE_INT.1                             | ST introduction                |  |
| ASE_OBJ.2                             | Security objectives            |  |



Confidential level: Public Page: 25 of 31

| ASE_REQ.2                         | Derived security requirements |  |
|-----------------------------------|-------------------------------|--|
| ASE_SPD.1                         | Security problem definition   |  |
| ASE_TSS.1                         | TOE summary specification     |  |
| Class ATE: Tests                  |                               |  |
| ATE_COV.2                         | Coverage                      |  |
| ATE_DPT.3                         | Depth                         |  |
| ATE_FUN.1                         | Functional testing            |  |
| ATE_IND.2                         | Independent testing           |  |
| Class AVA: Vulnerability analysis |                               |  |
| AVA_VAN.5                         | Vulnerability analysis        |  |

All refinements in section 6.2.1 of the Protection Profile [5] to security assurance requirements in Table 11, which are taken from the Protection Profile without modifications, entirely apply to this Security Target.

## 6.4. Security requirements rationale

## 6.4.1. Security Functional Requirements (SFR)

The table below provides an overview of how the security functional requirements are combined to meet the security objectives.

Table 12 Mapping of security functional requirements to security objectives

| Security           | Security Functional | Fulfilment of mapping |
|--------------------|---------------------|-----------------------|
| Objectives for the | Requirements        |                       |
| TOE                |                     |                       |
| O.Leak-Inherent    | FDP_ITT.1           | See PP                |
|                    | FDP_IFC.1           |                       |
|                    | FPT_ITT.1           |                       |
| O.Phys-Probing     | FDP_SDC.1           | See PP                |
|                    | FPT_PHP.3           |                       |
| O.Malfunction      | FRU_FLT.2           | See PP                |
|                    | FPT_FLS.1           |                       |
| O.Phys-            | FDP_SDI.2           | See PP                |
| Manipulation       | FPT_PHP.3           |                       |
| O.Leak-Forced      | FDP_ITT.1           | See PP                |
|                    | FDP_IFC.1           |                       |
|                    | FPT_ITT.1           |                       |
|                    | FRU_FLT.2           |                       |
|                    | FPT_FLS.1           |                       |
|                    | FPT_PHP.3           |                       |
| O.Abuse-Func       | FMT_LIM.1           | See PP                |
|                    | FMT_LIM.2           |                       |
|                    | FDP_ITT.1           |                       |
|                    | FPT_ITT.1           |                       |
|                    | FDP_IFC.1           |                       |
|                    | FPT_PHP.3           |                       |



Confidential level: Public Page: 26 of 31

|                  | EDIL ELE A      |                                           |
|------------------|-----------------|-------------------------------------------|
|                  | FRU_FLT.2       |                                           |
|                  | FPT_FLS.1       |                                           |
| O.Identification | FAU_SAS.1       | See PP                                    |
| O.RND            | FCS_RNG.1[PTG.  | See PP                                    |
|                  | 2]              |                                           |
|                  | FDP_ITT.1       |                                           |
|                  | FPT_ITT.1       |                                           |
|                  | FDP_IFC.1       |                                           |
|                  | FPT_PHP.3       |                                           |
|                  | FRU FLT.2       |                                           |
|                  | FPT FLS.1       |                                           |
| O.TDES           | FCS COP.1       | O.TDES requires the TOE to support        |
|                  | [TDES]          | TDES encryption and decryption with its   |
|                  |                 | specified key lengths. The claim for      |
|                  |                 | FCS_COP.1 [TDES] is suitable to meet the  |
|                  |                 | objective O.TDES.                         |
| O.AES            | FCS COP.1 [AES] | O.AES requires the TOE to support AES     |
|                  |                 | encryption and decryption with its        |
|                  |                 | specified key lengths. The claim for      |
|                  |                 | FCS COP.1 [AES] is suitable to meet the   |
|                  |                 | objective O.AES.                          |
| O.RSA            | FCS COP.1 [RSA- | O.RSA requires the TOE to support RSA-    |
|                  | CRT]            | CRT decryption with its specified key     |
|                  |                 | lengths. The claim for FCS COP.1 [RSA-    |
|                  |                 | CRT] is suitable to meet the objective O. |
|                  |                 | RSA.                                      |
| O.ECC            | FCS COP.1 [ECC] | O.ECC requires the TOE to support ECC     |
|                  |                 | signature, verification, and point        |
|                  |                 | multiplication with its specified key     |
|                  |                 | lengths. The claim for FCS_COP.1 [ECC]    |
|                  |                 | is suitable to meet the objective O. ECC. |

# 6.4.2. Dependencies of the SFRs

The dependencies for the SFRs claimed according to the Protection Profile are all satisfied in the set of SFRs claimed in the Protection Profile.

In the following table the dependencies of the SFRs claimed in addition to Protection Profile is indicated.

Table 13 Dependencies of SFRs in addition to PP

| Security functional | Dependencies | Fulfilled by security requirements in this |
|---------------------|--------------|--------------------------------------------|
| requirement         |              | Security Target                            |
| FCS_COP.1[TDES]     | FDP_ITC.1 or | See explanation below this table           |
|                     | FDP_ITC.2 or |                                            |
|                     | FCS_CKM.1,   |                                            |
|                     | FCS_CKM.4    |                                            |



Confidential level: Public Page: 27 of 31

| FCS_COP.1[AES] | FDP_ITC.1 or | See explanation below this table |
|----------------|--------------|----------------------------------|
|                | FDP_ITC.2 or |                                  |
|                | FCS_CKM.1,   |                                  |
|                | FCS_CKM.4    |                                  |
| FCS_COP.1[RSA- | FDP_ITC.1 or | See explanation below this table |
| CRT]           | FDP_ITC.2 or |                                  |
|                | FCS_CKM.1,   |                                  |
|                | FCS_CKM.4    |                                  |
| FCS_COP.1[ECC] | FDP_ITC.1 or | See explanation below this table |
|                | FDP_ITC.2 or |                                  |
|                | FCS_CKM.1,   |                                  |
|                | FCS CKM.4    |                                  |

The developer of the Security IC Embedded Software must ensure that the implemented additional security functional requirements FCS\_COP.1[TDES], FCS\_COP.1[AES], FCS\_COP.1[RSA-CRT], FCS\_COP.1[ECC] and FCS\_RNG.1[PTG.2] are used as specified and that the User Data processed by the related security functionality is protected as defined for the application context.

The dependent requirements for FCS\_COP.1[TDES], FCS\_COP.1[AES], FCS\_COP.1[RSA-CRT] and FCS\_COP.1[ECC] address the appropriate management of cryptographic keys used by the specified cryptographic function. All requirements concerning these management functions shall be fulfilled by the environment (Security IC Embedded Software).

The functional requirements [FDP\_ITC.1, or FDP\_ITC.2 or FCS\_CKM.1] and FCS\_CKM.4 are not included in this Security Target since the TOE only provides a pure engine for encryption and decryption without additional features for the handling of cryptographic keys.

Therefore, the Security IC Embedded Software must fulfil these requirements related to the needs of the realised application.

## 6.4.3. Security Assurance Requirements (SAR)

The chosen assurance package EAL5 is augmented with AVA\_VAN.5 and ALC\_DVS.2. This assurance level is chosen in order to meet assurance expectations of financial applications. Moreover, the conformity with Security IC Platform Protection Profile [1] is satisfied given that the PP requires at least EAL4.

The TOE intends to be used in scenario with high security requirements. Therefore, it should provide adequate level of defence against sophisticated attacks.

This assurance level is chosen because the product is designed to give maximum security assurance from application of security engineering techniques based on good commercial practices in order to produce a premium TOE for protecting against significant risks.

EAL5 is chosen to ensure by semiformal methods that the TOE has been well designed and to improve mechanism and procedure that provide confidence that the TOE will not be tampered with during development.



Confidential level: Public Page: 28 of 31

AVA\_VAN.5 augmentation is chosen because vulnerability analysis deals with the threats that an attacker will be able to discover flaws that will allow unauthorized access to data and functionality. The high level of security assurance of TOE is very essential especially in financial applications. AVA\_VAN.5 gives the security assurance assuming an attack potential of High.

ALC\_DVS.2 augmentation is chosen because the Life-cycle support is an aspect of establishing discipline and control in the processes of refinement of the TOE during its development and maintenance. The security measures deployed to remove or reduce the threats that existing at the developer's site are critical to ensure the confidentiality and maintenance of the TOE. ALC\_DVS.2 gives a sufficient security measures in the developer's site.

## 7. TOE summary specification

This chapter provides general information to potential users of the TOE on how the TOE implements the Security Functional Requirements in terms of "Security Functionality".

This chapter SF stands for Security Function, Security Function are visible to the user and can be accessed through TSFl. SM stands for security mechanisms, which used to implement security functions (or its parts) to meet SFR or enhance the reliability of the architecture

#### 7.1. Malfunction

Malfunctioning relates to the security functional requirements FRU\_FLT.2 and FPT\_FLS.1. The TOE meets these SFRs by a group of security measures that guarantee correct operation of the TOE.

The TOE ensures its correct operation and prevents any malfunction while the security IC embedded software is executed by implementation of the following security features:

Environmental sensors

#### 7.2. Leakage

Leakages relates to the security functional requirements FDP\_ITT.1, FDP\_IFC.1 and FPT\_ITT.1. The TOE meets these SFRs by implementing several measures that provide logical protection against leakage:

- Bus masking
- Random clock jitter
- 32-bit secure core polarity switching

## 7.3. Physical manipulation and probing



Confidential level: Public Page: 29 of 31

Physical manipulation and probing relates to the security functional requirements FPT\_PHP.3, FDP\_SDC.1 and FDP\_SDI.2. The TOE meets this SFR by implementing security measures that provides physical protection against physical probing and manipulation.

The security measures protect the TOE against manipulation of

- (i) The hardware.
- (ii) The security IC embedded software in the ROM
- (iii) The application data in the NVM including the configuration data.

It also protects User Data or TSF data against disclosure by physical probing when stored or while being processed by the TOE.

The protection of the TOE comprises different features within the design and construction, which make reverse-engineering and tamper attacks more difficult. These features comprise of

- Active shielding
- Data integrity checking
- Memory encryption

## 7.4. Abuse of functionality and Identification

Abuse of functionality and Identification relates to the security functional requirements FMT\_LIM.1, FMT\_LIM.2, FAU\_SAS.1 by implementation of a test mode access control mechanism that prevents abuse of test functionality delivered as part of the TOE.

#### 7.5. Random numbers

Random numbers relate to the security requirement FCS\_RNG.1[PTG.2]. The TOE meets this SFR by providing a random number generator.

## 7.6. Cryptographic functionality

The TOE provides the Triple-DES algorithm according to the NIST SP800-67[8], NIST SP800-38A [9] Standard to meet the security requirement FCS COP.1[TDES].

The TOE provides the AES algorithm according to the NIST SP800-38A [9] and FIPS 197 [13] Standard to meet the security requirement FCS COP.1[AES].

The TOE provides the RSA-CRT algorithm according to the paper [10] to meet the security requirement FCS\_COP.1[RSA-CRT]. The TSF implement the RSA-CRT algorithm with the cryptographic key sizes is 1900 bits to 4096 bits.

The TOE provides the ECC algorithm according to the paper [14] to meet the security requirement FCS\_COP.1[ECC]. The TSF implement the ECC algorithm with the cryptographic key sizes 224, 256, 320, 384, 512 and 521 bits.



Confidential level: Public Page: 30 of 31

# 8. References

| Ref  | Title                                                                                                                                                                                                                    | Version                   | Date       |
|------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------|------------|
| [1]  | Security IC Platform Protection Profile, BSI-CC-PP-0084-2014                                                                                                                                                             | Version 1.0               | Jan.2014   |
| [2]  | Common Criteria for Information Technology<br>Security Evaluation,<br>Part 1: Introduction and General Model<br>CCMB-2012-09-001                                                                                         | Version 3.1<br>Revision 5 | April 2017 |
| [3]  | Common Criteria for Information Technology<br>Security Evaluation,<br>Part 2: Security Functional Requirements<br>CCMB-2012-09-002                                                                                       | Version 3.1<br>Revision 5 | April 2017 |
| [4]  | Common Criteria for Information Technology<br>Security Evaluation,<br>Part 3: Security Assurance Requirements<br>CCMB-2012-09-003                                                                                        | Version 3.1<br>Revision 5 | April 2017 |
| [5]  | Common Methodology for Information<br>Technology Security Evaluation (CEM),<br>Evaluation Methodology<br>CCMB-2012-09-004                                                                                                | Version 3.1<br>Revision 5 | April 2017 |
| [6]  | AGD_OPE UM EAL5+ for TMS THN31 1.0.2                                                                                                                                                                                     | Version 0.5               | Apr. 2025  |
| [7]  | AGD_PRE EAL5+ for TMS THN31 1.0.2                                                                                                                                                                                        | Version 1.3               | May. 2025  |
| [8]  | NIST SP 800-67, Recommendation for the Triple<br>Data Encryption Algorithm (TDEA) Block Cipher,<br>revised November 2017, National Institute of<br>Standards and Technology                                              | Revision 2                | Nov.2017   |
| [9]  | NIST SP 800-38A Recommendation for Block<br>Cipher Modes of Operation, 2001, with Addendum<br>Recommendation for Block Cipher Modes of<br>Operation: Three Variants of Ciphertext Stealing<br>for CBC Mode, October 2010 | 2001 ED                   | Mar.2022   |
| [10] | PKCS #1: RSA Cryptography Specifications                                                                                                                                                                                 | Version 2.2               | 2016       |
| [11] | AGD_OPE SG EAL5+ for TMS THN31 1.0.2                                                                                                                                                                                     | Version 1.4               | May. 2025  |
| [12] | AGD OPE API EAL5+ for TMS THN31 1.0.2                                                                                                                                                                                    | Version 0.7               | Mar. 2025  |
| [13] | FIPS PUB 197, Advanced Encryption Standard (AES), National Institute of Standards and Technology, U.S. Department of Commerce, November 2001                                                                             | Version 1                 | May. 2023  |
| [14] | Technical Guideline TR-03111, Elliptic Curve<br>Cryptography, BSI                                                                                                                                                        | Version 2.10              | 07.06.2018 |
| [15] | RFC 5639: J. Merkle, ECC Brainpool Standard Curves and Curve Generation, BSI, March 2010.                                                                                                                                | Version 1                 | 2010       |
| [16] | ANS X9.62-2005: Public Key Cryptography for<br>the Financial Services Industry: the Elliptic<br>Curve Digital Signature Algorithm (ECDSA),<br>American National Standards Institute (ANSI),<br>2005                      | Version 1                 | Nov.2005   |



Confidential level: Public Page: 31 of 31

| [17] | Joint Interpretation Library: Application of Attack | Version     | Feb.2024 |
|------|-----------------------------------------------------|-------------|----------|
|      | Potential to Smartcards and Similar Devices         | 3.2.1       |          |
| [18] | SOG-IS Crypto Evaluation Scheme Agreed              | Version 1.2 | Feb.2023 |
|      | Cryptographic Mechanisms                            |             |          |