TrustCB B.V.
Registered address:
Van den Berghlaan 48, 2132 AT
Hoofddorp, The Netherlands
eucc@trustcb.com
https://trustcb.com/common-criteria/eucc/
TrustCB B.V. is a registered company at the
Netherlands Chamber of Commerce (KVK),
under number 858360275.
Version
1.0
®
TrustCB
is
a
registered
trademark.
Any
use
or
application
requires
prior
approval.
EUCC Certification Report
NXP JCOP 7.x with eUICC extension on SN300 B1.1 Secure
Element, versions JCOP 7.0 R1.64.0.2, JCOP 7.0 R2.04.0.2,
JCOP 7.1 R1.04.0.2, JCOP 7.2 R1.09.0.2, JCOP 7.3 R1.07.0.2
Sponsor and developer: NXP Semiconductors Netherlands N.V.
High Tech Campus 60
5656AG Eindhoven
The Netherlands
Evaluation facility: SGS Brightsight
Brassersplein 2
2612 CT Delft
The Netherlands
Report number: EUCC-3110-2025-08-2500052-01-CR
Report version: 1
Project number: EUCC-2500052-01
Author(s): Jordi Mujal, TrustCB B.V.
contact: EUCC@trustcb.com
Date: 19 August 2025
Number of pages: 23
Number of appendices: 0
Reproduction of this report is authorised only if reproduced in its entirety.
Page: 2/23 of report number:EUCC-3110-2025-08-2500052-01-CR, dated 19 August 2025
®
TrustCB
is
a
registered
trademark.
Any
use
or
application
requires
prior
approval.
CONTENTS
Foreword 3
Recognition of the Certificate 4
International recognition 4
1 Executive Summary 5
2 Certification Results 7
2.1 Identification of Target of Evaluation 7
2.2 Security Services 7
2.3 Vulnerability handling and Assurance Continuity Policies 9
2.4 Assumptions and Clarification of scope 9
2.4.1 Assumptions 9
2.4.2 Clarification of scope 10
2.5 Architectural Information 10
2.6 Supplementary Cybersecurity Information 11
2.7 Lifecycle Management processes and production facilities 13
2.8 ICT Product Testing 13
2.8.1 Identification of CAB and ITSEF 13
2.8.2 Identification of used assurance components 13
2.8.3 EUCC State of the Art documents and Protect Profiles 13
2.8.4 Testing approach and depth 14
2.8.5 Independent penetration testing 14
2.8.6 Test configuration 14
2.8.7 Test results 14
2.8.8 Reused Evaluation Results 15
2.8.9 Evaluated Configuration 15
2.9 Results of the evaluation 15
2.9.1 Assessment against each assurance requirement 15
2.9.2 Overall result of evaluation 18
2.10 Certificate information and scheme label 18
2.11 Comments/Recommendations 18
3 Summary of the Security Target 19
4 Definitions 20
5 Bibliography 22
Page: 3/23 of report number:EUCC-3110-2025-08-2500052-01-CR, dated 19 August 2025
®
TrustCB
is
a
registered
trademark.
Any
use
or
application
requires
prior
approval.
Foreword
The Common Criteria-based European Cybersecurity Certification Scheme (EUCC) is a certification
scheme created under the Cybersecurity Act (CSA), Regulation (EU) 2019/881 of 17 April 2019.
The EUCC is described by Commission Implementing Regulation (EU) 2024/482 of 31 January 2024,
laying down rules for the application of Regulation (EU) 2019/881 of the European Parliament and of
the Council as regards the adoption of the European Common Criteria-based cybersecurity
certification scheme (EUCC).
The Dutch implementation of the CSA is regulated in Dutch law in the ‘Uitvoeringswet
cyberbeveiligingsverordening’ (UITVW). In this law the role of NCCA is assigned to the Dutch Authority
for Digital Infrastructure (RDI), which is part of the Ministry of Economic Affairs.
TrustCB B.V. has been licensed by the RDI as a Certification Body (CB) for the task of ISO/IEC 17065
Certification Activities up to and including CSA assurance level high for ICT security products, as well
as for protection profiles. Part of the procedure is the technical examination (evaluation) of the
product, protection profile according to the NP002 EUCC processes published by the Dutch NCCA.
Evaluations of ICT products are performed by an IT Security Evaluation Facility (ITSEF) licensed by
the Dutch NCCA as a CAB for ISO/IEC 17025 Evaluation Activities, with scope aligning to the
requested Evaluation Assurance Level of the Object for the evaluation, referred to as the Target of
Evaluation (TOE) in this report.
By awarding an EUCC certificate as a Common Criteria certificate, TrustCB B.V. asserts that the ICT
product complies with the security requirements specified in the associated security target, or that the
protection profile (PP) complies with the requirements for PP evaluation specified in the Common
Criteria for Information Security Evaluation. A security target is a requirements specification document
that defines the scope of the evaluation activities.
The consumer should review the security target or protection profile, in addition to this certification
report, to gain an understanding of any assumptions made during the evaluation, the ICT product's
intended environment, its security requirements, and the level of confidence (i.e., the evaluation
assurance level) that the ICT product satisfies the security requirements stated in the security target.
Reproduction of this report is authorised only if it is reproduced in its entirety.
Page: 4/23 of report number:EUCC-3110-2025-08-2500052-01-CR, dated 19 August 2025
®
TrustCB
is
a
registered
trademark.
Any
use
or
application
requires
prior
approval.
Recognition of the Certificate
International recognition
The CCRA was signed by the Netherlands in May 2000 and provides mutual recognition of published
certificates based on the Common Criteria (CC). Since September 2014 the CCRA has been updated
to provide mutual recognition of certificates based on cPPs (exact use) or STs with evaluation
assurance components up to and including EAL2+ALC_FLR.
For details of the current list of signatory nations and approved certification schemes, see
http://www.commoncriteriaportal.org.
Page: 5/23 of report number:EUCC-3110-2025-08-2500052-01-CR, dated 19 August 2025
®
TrustCB
is
a
registered
trademark.
Any
use
or
application
requires
prior
approval.
1 Executive Summary
This Certification Report states the outcome of the Common Criteria security evaluation of the NXP
JCOP 7.x with eUICC extension on SN300 B1.1 Secure Element, versions JCOP 7.0 R1.64.0.2, JCOP
7.0 R2.04.0.2, JCOP 7.1 R1.04.0.2, JCOP 7.2 R1.09.0.2, JCOP 7.3 R1.07.0.2.
The developer of the NXP JCOP 7.x with eUICC extension on SN300 B1.1 Secure Element, versions
JCOP 7.0 R1.64.0.2, JCOP 7.0 R2.04.0.2, JCOP 7.1 R1.04.0.2, JCOP 7.2 R1.09.0.2, JCOP 7.3
R1.07.0.2 is NXP Semiconductors Netherlands N.V. located in Eindhoven, The Netherlands and they
also act as the sponsor of the evaluation and certification.
A Certification Report is intended to assist prospective consumers when judging the suitability of the IT
security properties of the product for their particular requirements.
The TOE is a composite platform containing the Java Card eUICC OS embedded on the SN300
Secure Element with IC Dedicated Software. The eUICC is an UICC embedded in a consumer device
and may be in a removable form factor or otherwise. It connects to a given mobile network, by means
of its currently enabled MNO profile. The eUICC domain is directly accessible by the ISO-7816
interface. The TOE functionality of the product is defined by the requirements in the [ST] and it is
mainly covering the JavaCard functionality as per [PP099] and eUICC functionality as per [PP100].
Further details on the TOE features are found in Section 2.2.
The TOE has been evaluated by SGS Brightsight located in Delft, The Netherlands. The evaluation
was completed on 19 August 2025 with the issuance of the evaluation technical report [ETR] 1 . The
certification procedure has been conducted in accordance with the provisions of the EUCC as
described in Commission implementing regulation (EU) 2024/482 of 31 January 2024, amended by
(EU) 2024/3144 of 18 December 2024.
The scope of the evaluation is defined by the security target [ST], which identifies assumptions made
during the evaluation, the intended environment for the NXP JCOP 7.x with eUICC extension on
SN300 B1.1 Secure Element, versions JCOP 7.0 R1.64.0.2, JCOP 7.0 R2.04.0.2, JCOP 7.1
R1.04.0.2, JCOP 7.2 R1.09.0.2, JCOP 7.3 R1.07.0.2, the security requirements, and the level of
confidence (evaluation assurance level) at which the product is intended to satisfy the security
requirements.
Consumers of the NXP JCOP 7.x with eUICC extension on SN300 B1.1 Secure Element, versions
JCOP 7.0 R1.64.0.2, JCOP 7.0 R2.04.0.2, JCOP 7.1 R1.04.0.2, JCOP 7.2 R1.09.0.2, JCOP 7.3
R1.07.0.2 are advised to verify that their own environment is consistent with the security target, and to
give due consideration to the comments, observations and recommendations in this certification
report.
As per the [ST] conformance claim rationale, all the assumptions defined in the claimed PPs
[PP100][PP099] are taken with some exceptions. See section 2.3 for details.
There are no special configuration requirements for the TOE besides the requirements defined in the
user guidance. All users shall read these requirements and install the TOE in the operational
environment accordingly.
The summary of the threats and security policies which [ST] defines:
- The Threats that are presented in Section 4 of [ST] include the threats as presented in the
JavaCard PP [PP0099], but also includes additional threats. The Threats of the eUICC
component is the same as in eUICC PP [PP0100], no item have been added, removed or
modified for Consumer Devices.
- The OSPs of the eUICC component are the same as in eUICC PP [PP0100], no item have
been added, removed or modified. The OSPs for the JavaCard part are the same as the ones
defined in [PP099], but three additional additional OSPs were added.
1 The Evaluation Technical Report contains information proprietary to the developer and/or the
evaluator, and is not available for public review.
Page: 6/23 of report number:EUCC-3110-2025-08-2500052-01-CR, dated 19 August 2025
®
TrustCB
is
a
registered
trademark.
Any
use
or
application
requires
prior
approval.
The results documented in the [ETR] for this product provide sufficient evidence that the TOE meets
the EAL4 augmented (EAL4+) assurance requirements for the evaluated security functionality. This
assurance level is augmented with ALC_DVS.2 (Sufficiency of security measures), ALC_FLR.2 “Flaw
Reporting Procedures” and AVA_VAN.5 (Advanced methodical vulnerability analysis). It also includes
the assurance Composite product package as defined in [CC](Part 5). This assurance level is
recognised by article 52 of [CSA] as ‘high’.
The evaluation was conducted using the Common Methodology for Information Technology Security
Evaluation, CC:2022, Revision 1 [CEM] for conformance to the Common Criteria for Information
Technology Security Evaluation, CC:2022 Revision 1 [CC] (Parts 1, 2, 3, 4, 5).
TrustCB B.V., as Certification Assessment Body licensed by the Dutch Authority for Digital
Infrastructure (RDI) for EUCC high certification activities, declares that the product will be listed on the
ENISA EU Cybersecurity Certificates list and that the evaluation meets all the conditions for
international recognition of Common Criteria Certificates. Note that the certification results apply only
to the specific version of the product as evaluated.
Page: 7/23 of report number:EUCC-3110-2025-08-2500052-01-CR, dated 19 August 2025
®
TrustCB
is
a
registered
trademark.
Any
use
or
application
requires
prior
approval.
2 Certification Results
2.1 Identification of Target of Evaluation
The Target of Evaluation (TOE) for this evaluation is the ICT product NXP JCOP 7.x with eUICC
extension on SN300 B1.1 Secure Element, versions JCOP 7.0 R1.64.0.2, JCOP 7.0 R2.04.0.2, JCOP
7.1 R1.04.0.2, JCOP 7.2 R1.09.0.2, JCOP 7.3 R1.07.0.2 from NXP Semiconductors Netherlands N.V.
located in Eindhoven, The Netherlands.
The TOE is comprised of the following main components:
Delivery
item type
Identifier Version
Hardware SN300_SE B1.1
Software
FactoryOS 1.11.3
BootOS (ROM) 1.11.1
Flash Driver Software (FlashROM) 1.11.2
Software
JCOP 7.x OS with eUICC functionalities and
including Shared Code (with Cryptolib), FlashOS,
CommOS, SystemOS, and SMK.
JCOP 7.0 R1.64.0.2,
JCOP 7.0 R2.04.0.2,
JCOP 7.1 R1.04.0.2,
JCOP 7.2 R1.09.0.2,
JCOP 7.3 R1.07.0.2
To ensure secure usage a set of guidance documents is provided, together with the NXP JCOP 7.x
with eUICC extension on SN300 B1.1 Secure Element, versions JCOP 7.0 R1.64.0.2, JCOP 7.0
R2.04.0.2, JCOP 7.1 R1.04.0.2, JCOP 7.2 R1.09.0.2, JCOP 7.3 R1.07.0.2. For details, see section
2.6 of this report, “Supplementary Cybersecurity Information.
The name and contact information provided for the holder of the issued Certificate associated with this
Certification Report are as follows:
Organisation name: NXP Semiconductors Netherlands N.V.
Address: High Tech Campus 60, 5656AG Eindhoven, The Netherlands
Certified product contact cybersecurity.certification@nxp.com
2.2 Security Services
The TOE has the following features as stated in the [ST]:
• Hardware-supported features
o hardware to perform computations on multiprecision integers, which are suitable for
public-key cryptography
o hardware to calculate the Data Encryption Standard with up to three keys
o hardware to calculate the Advanced Encryption Standard (AES) with different key
lengths
o hardware to support Cipher Block Chaining (CBC), Cipher Feedback (CFB), and
Counter (CTR) modes of operation for symmetric-key cryptographic block ciphers
o hardware to support Galois/Counter Mode (GCM) of operation for symmetric-key
cryptographic block ciphers
Page: 8/23 of report number:EUCC-3110-2025-08-2500052-01-CR, dated 19 August 2025
®
TrustCB
is
a
registered
trademark.
Any
use
or
application
requires
prior
approval.
o hardware to serve with True Random Numbers
o hardware to control access to memories and hardware components.
• Cryptographic algorithms and functionality
o AES
o Triple-DES (3DES)
o RSA for encryption/decryption and signature generation and verification
o RSA key generation
o ECDSA signature generation and verification
o ECDH key exchange
o ECC key generation
o ECC point operations and key validation
o Diffie Hellman key exchange on Montgomery Curves over GF(p)
o Key generation for the Diffie Hellman key exchange on Montgomery Curves over
GF(p))
o EdDSA signature generation and verification
o EdDSA key generation
o SHA-1, SHA-224, SHA-256, SHA-384, SHA-512 algorithms
o HMAC algorithms
o eUICC authentication functions (MILENAGE, TUAK and CAVE)
o Data Protection Module for a secure storage of the sensitive data.
o Random number generation according to class DRG.3 or DRG.4 of AIS20 and
initialized (seeded) by the hardware random number generator of the TOE.
• Java Card 3.1 functionality
• GlobalPlatform 2.3.1 functionality
• GSMA ’Remote SIM Provisioning Architecture for consumer Devices’ (SGP.22 v2.2)
• NXP proprietary functionality
o Runtime Configuration Interface: Config Applet that can be used for configuration of
the TOE.
o OS Update Component: Proprietary functionality that can update JCOP OS, Crypto
Lib, Flash Services Software or Updater OS. This component allows only NXP
authorised updates to the product.
o Restricted Mode: In Restricted Mode only very limited functionality of the TOE is
available such as reading logging information or resetting the Attack Counter.
o Image4 (IM4): Software which ensures the customer authorisation of any product
updates using OS update or Applet Migration features, and provides features to make
the update management easier.
o Error Detection Code (EDC) API.
Page: 9/23 of report number:EUCC-3110-2025-08-2500052-01-CR, dated 19 August 2025
®
TrustCB
is
a
registered
trademark.
Any
use
or
application
requires
prior
approval.
2.3 Vulnerability handling and Assurance Continuity Policies
The following vulnerability handling policy has been identified as applicable to the NXP JCOP 7.x with
eUICC extension on SN300 B1.1 Secure Element, versions JCOP 7.0 R1.64.0.2, JCOP 7.0 R2.04.0.2,
JCOP 7.1 R1.04.0.2, JCOP 7.2 R1.09.0.2, JCOP 7.3 R1.07.0.2
Document reference:
[PSIRT] PSIRT, Product Security Incident Response Process, NXPOMS-1719007347-4179, version
1.3, 14 Mach 2024
This is a new product certification. An assurance continuity policy was not provided.
2.4 Assumptions and Clarification of scope
2.4.1 Assumptions
The assumptions defined in the Security Target are not covered by the TOE itself. These aspects lead
to specific Security Objectives to be fulfilled by the TOE-Environment. For detailed information on the
Assumptions and Security Objectives that must be fulfilled by the TOE environment, see section 4 and
5.2 of the [ST].
The user guidance as outlined in section 2.5 contains necessary information about the usage of the
TOE and its configuration in the environment to fulfil all Assumptions described in the [ST]. Certain
aspects of the TOE’s security functionality, in particular the countermeasures against attacks, depend
on accurate conformance to the user guidance of both the software and the hardware part of the TOE.
There are no particular obligations or recommendations for the user apart from following the user
guidance. Please note that the documents contain relevant details concerning the resistance against
certain attacks.
The circumstances and objectives related to the intended use of the product, are the ones related to
the TOE type and its requirements defined in the [ST], and according to the claimed PPs
[PP100][PP099] expected usage. It is important to remark that User Applet development is outside the
scope of this evaluation, but post-issuance loading of applets is allowed, which corresponds to case 3
of [SotA_COSP]. On this aspect, the product guidance, [UG-JCOP] section 1.4.2 Applet Requirements
and Recommendations defines the security requirements for Applets. The security requirements in the
developer user guidance fulfil OE1 and OE2 in [SotA_COSP].
As per the [ST] conformance claim rationale, see section 2.3 for details, all the assumptions defined in
the claimed PPs [PP100][PP099] are taken with the following exceptions:
The Security Problem Definition of the eUICC component is the same as in [PP100], no item has been
added, removed or modified.
The SPD statement includes two of the three assumptions from the [PP099]. The assumption
A.Deletion is excluded. The Card Manager is part of the TOE and therefore the assumption is no
longer relevant.
Besides the assumptions from the [PP099], the following assumptions are added:
• A.PROCESS-SEC-IC
• A.USE_DIAG
• A.USE_KEYS
• A.APPS-PROVIDER
• A.VERIFICATION-AUTHORITY
• A.TRUSTED-GUESTOS
The assumption A.PROCESS-SEC-IC is taken from the underlying Security IC Platform PP.
The assumptions A.USE_DIAG and A.USE_KEYS are included because the Card Manager is part of
the TOE and no longer part of the environment.
Page: 10/23 of report number:EUCC-3110-2025-08-2500052-01-CR, dated 19 August 2025
®
TrustCB
is
a
registered
trademark.
Any
use
or
application
requires
prior
approval.
The assumptions A.APPS-PROVIDER and A.VERIFICATION-AUTHORITY are added because
Security Domains from the GlobalPlatform Specification are introduced. All the applets and packages
are signed by the APSD and the correctness is verified on the TOE by VASD before the package or
applet is installed or loaded. A.APPSPROVIDER and A.VERIFICATION-AUTHORITY are additions to
PP for card content management environment.
The assumptions A.TRUSTED-GUESTOS is included because the Guest Operating Systems that are
hosted in external contexts are provided by a trusted actor.
2.4.2 Clarification of scope
Considering all Assumptions above, the evaluation did not reveal any threats to the TOE that are not
countered by the evaluated security functions of the product.
The following components of the platform are not part of the TOE:
• HW NFC Controller Subsystem and Power Management Unit (see [HW-CERT])
• JCOP eSE and any other secondary JCOP (optional)
• CommOS
There is no security claim on the ECDAA signature generation, Korean SEED, MIFARE and FeliCa
APIs provided by JCOP 7.x.
The following functionality is also present without specific security claims:
• 5G features as per SIM Alliance 2.3
• Programmable Timeout for SMB with Limitations.
• CPLC data made available through SystemInfo.
• Proprietary Bytecode Compression applied after BCV. Some standard bytecodes are replaced by
optimized byte codes (one to one) with exactly the same operation.
• Compliance to Secure Element configuration, Common Implementation Configuration, UICC
Configuration, and UICC Configuration Contactless Extension
2.5 Architectural Information
The top-level block diagram of the TOE as it is depicted in the [ST]:
According to the [ETR], the TOE is the eUICC Application on top of the Java Card Operating System
and the SN300 Secure Element (including Dedicated Software) on which it is running. TOE
identification provided in the ST identifies the JCOP 7.x OS with eUICC functionalities and including
Page: 11/23 of report number:EUCC-3110-2025-08-2500052-01-CR, dated 19 August 2025
®
TrustCB
is
a
registered
trademark.
Any
use
or
application
requires
prior
approval.
Shared Code (with Cryptolib), FlashOS, CommOS, SystemOS, and SMK. There are no known
applications loaded pre-issuance or post-issuance for this evaluation.
2.6 Supplementary Cybersecurity Information
The contact information for the NXP JCOP 7.x with eUICC extension on SN300 B1.1 Secure Element,
versions JCOP 7.0 R1.64.0.2, JCOP 7.0 R2.04.0.2, JCOP 7.1 R1.04.0.2, JCOP 7.2 R1.09.0.2, JCOP
7.3 R1.07.0.2 from NXP Semiconductors Netherlands N.V. was provided as:
cybersecurity.certification@nxp.com.
The following website link was provided: https://www.nxp.com/products/wireless-connectivity/nfc-
hf/nfc-enabled-digital-wallet:NFC-ENABLED-DIGITAL-WALLET
This link provides further details and links on
- the accepted method for receiving vulnerability information from end users and security
researchers for the TOE,
- supplementary cybersecurity information associated with the TOE, in accordance with Article
55 of [EU-EUCC]
- the online repository listing publicly disclosed vulnerabilities related to the TOE NXP JCOP 7.x
with eUICC extension on SN300 B1.1 Secure Element, versions JCOP 7.0 R1.64.0.2, JCOP
7.0 R2.04.0.2, JCOP 7.1 R1.04.0.2, JCOP 7.2 R1.09.0.2, JCOP 7.3 R1.07.0.2 and to any
relevant cybersecurity advisories:
The following documentation is provided with the product by the developer to the customer for the
JCOP 7.0 R1.64.0.2:
Identifier Revision Date
JCOP 7.0 User Guidance Manual Rev. 1.24.7 2025-02-24
JCOP 7.0 UGM Addendum Rev. 1.24.1 2024-04-09
JCOP 7.0 UGM Anomaly Rev. 1.24.1 2024-04-09
JCOP 7.0 R1.64.0.2 (JCOP 7.0 17.4-2.64) UGM
for JCOP eUICC
Rev. 1.24.5 2025-03-03
JCOP 7.0 UGM Addendum UICC Rev. 1.28.1 2024-04-09
JCOP 7.0 UGM Addendum System Management Rev. 1.24.2 2024-04-29
ES_JCOP7.x Documentation Errata Rev. 1.1 2025-08-07
The following documentation is provided with the product by the developer to the customer for the
JCOP 7.0 R2.04.0.2:
Identifier Revision Date
JCOP 7.0 User Guidance Manual Rev. 2.04.2 2025-02-18
JCOP 7.0 UGM Addendum Rev. 2.04.0 2024-04-02
JCOP 7.0 UGM Anomaly Rev. 2.04.0 2024-04-02
JCOP 7.0 R2.04.0.2 (JCOP 7.0 18.4-2.04) UGM
for JCOP eUICC
Rev. 2.04.2 2025-02-27
JCOP 7.0 UGM Addendum UICC Rev. 2.04.0 2024-04-02
JCOP 7.0 UGM Addendum System Management Rev. 2.04.1 2024-04-29
Page: 12/23 of report number:EUCC-3110-2025-08-2500052-01-CR, dated 19 August 2025
®
TrustCB
is
a
registered
trademark.
Any
use
or
application
requires
prior
approval.
Identifier Revision Date
ES_JCOP7.x Documentation Errata Rev. 1.1 2025-08-07
The following documentation is provided with the product by the developer to the customer for the
JCOP 7.1 R1.04.0.2:
Identifier Revision Date
JCOP 7.1 User Guidance Manual Rev. 3.05.4 2025-02-17
JCOP 7.1 UGM Addendum Rev. 3.04.1 2024-04-02
JCOP 7.1 UGM Anomaly Rev. 3.04.1 2023-04-02
JCOP 7.1 R1.04.0.2 (19.4-2.04) UGM for JCOP
eUICC
Rev. 3.05.3 2025-02-17
JCOP 7.1 UGM Addendum UICC Rev. 3.04.1 2024-04-02
JCOP 7.1 UGM Addendum System Management Rev. 3.04.2 2024-04-29
ES_JCOP7.x Documentation Errata Rev. 1.1 2025-08-07
The following documentation is provided with the product by the developer to the customer for the
JCOP 7.2 R1.09.0.2:
Identifier Revision Date
JCOP 7.2 User Guidance Manual Rev. 4.05.3 2024-02-18
JCOP 7.2 UGM Addendum Rev. 4.05.0 2024-04-28
JCOP 7.2 UGM Anomaly Rev. 4.05.0 2024-04-28
NXP JCOP 7.2 R1.09.0.2 (JCOP 7.2 20.4-2.06)
User Guidance Manual for JCOP eUICC
Rev. 4.05.3 2025-02-18
JCOP 7.2 UGM Addendum UICC Rev. 4.05.0 2024-02-28
JCOP 7.2 UGM Addendum System Management Rev. 4.05.0 2024-02-28
ES_JCOP7.x Documentation Errata Rev. 1.1 2025-08-07
The following documentation is provided with the product by the developer to the customer for the
JCOP 7.3 R1.07.0.2:
Identifier Revision Date
JCOP 7.3 User Guidance Manual Rev. 5.6.2 2025-08-07
JCOP 7.3 UGM Addendum Rev. 5.6.0 2025-03-07
JCOP 7.3 UGM Anomaly Rev. 5.6.1 2025-04-09
NXP JCOP 7.3 R1.07.0.2 (21.4-2.07) User
Guidance Manual for JCOP eUICC
Rev. 5.6.2 2025-08-07
JCOP 7.3 UGM Addendum UICC Rev. 5.6.0 2025-03-07
JCOP 7.3 UGM Addendum System Management Rev. 5.6.0 2025-03-07
ES_JCOP7.x Documentation Errata Rev. 1.1 2025-08-07
Page: 13/23 of report number:EUCC-3110-2025-08-2500052-01-CR, dated 19 August 2025
®
TrustCB
is
a
registered
trademark.
Any
use
or
application
requires
prior
approval.
The stated period during which security support will be offered to end users, in particular as regards
the availability of cybersecurity related updates, is: 5 years.
2.7 Lifecycle Management processes and production facilities
For a detailed and precise description of the TOE lifecycle, see the [ST], Chapter 5.2.
User Applet development is outside the scope of this evaluation. Applet loading into Flash memory
can be done in phases 3, 4, 5, and 6. Applet loading in phase 7 is also allowed. This means post-
issuance loading of applets is allowed,
2.8 ICT Product Testing
2.8.1 Identification of CAB and ITSEF
Testing was performed by SGS Brightsight and reported to TrustCB
TrustCB is the Certification Assessment Body, licensed by the Dutch Authority for Digital Infrastructure
(RDI) for EUCC high certification activities.
TrustCB point of contact: EUCC@trustcb.com
2.8.2 Identification of used assurance components
The assurance components used in the product testing were:
• EAL 4 augmented with ALC_DVS.2, ALC_FLR.2 and AVA_VAN.5 and
• Composition evaluation package (COMP),
as defined by, and detailed in, [CC] and [CEM].
2.8.3 EUCC State of the Art documents and Protect Profiles
EUCC state-of-the-art documents [SotA Documents] were applied as referenced in the Bibliography.
The following Protection Profiles were applied:
eUICC for Consumer and IoT Devices Protection Profile, as certified under the reference BSI-CC-PP-
0100-V2-2025 by CAB Bundesamt für Sicherheit in der Informationstechnik (BSI), following evaluation
by ITSEF Deutsche Telekom Security GmbH. The author of this Protection Profile is the GSM
Association (GSMA). The assurance package required for a product conforming to this protection
profile is EAL4 augmented with AVA_VAN.5 and ALC_DVS.2.
Contact details for CB of PP: Zertifizierung@bsi.bund.de
Contact details of ITSEF for PP: evaluation-facility@telekom.de
Java Card System – Open Configuration Protection Profile, as certified under the reference BSI-CC-
PP-0099-V3-2024 by CAB Bundesamt für Sicherheit in der Informationstechnik (BSI) following
evaluation by ITSEF TÜV Informationstechnik GmbH. The author of this Protection Profile is Oracle
Corporation. The assurance package required for a product conforming to this protection profile is
EAL4 augmented with AVA_VAN.5, ALC_DVS.2 and ALC_FLR.2.
Contact details for CB of PP: Zertifizierung@bsi.bund.de
Contact details of ITSEF for PP: M.LeGuin@tuvit.de
Page: 14/23 of report number:EUCC-3110-2025-08-2500052-01-CR, dated 19 August 2025
®
TrustCB
is
a
registered
trademark.
Any
use
or
application
requires
prior
approval.
2.8.4 Testing approach and depth
The developer performed extensive testing on functional specification, subsystem and SFR-enforcing
module level. The evaluators examined the developer’s testing activities documentation and verified
that the developer has met their testing responsibilities.
All parameter choices were addressed at least once. All boundary cases identified were tested
explicitly, and additionally the near-boundary conditions were covered probabilistically. The testing
was largely automated using industry standard and proprietary test suites. Test scripts were used
extensively to verify that the functions return the expected values.
The underlying hardware test results are extendable to composite evaluations, because the underlying
platform is operated according to its guidance and the composite evaluation requirements are met.
For the testing performed by the evaluators, the developer provided samples and a test environment.
The evaluators reproduced a selection of the developer tests, as well as a small number of test cases
designed by the evaluator.
2.8.5 Independent penetration testing
The independent vulnerability analysis performed was conducted along the steps described in section
2.9.1, AVA part.
2.8.6 Test configuration
The configuration of the sample used for independent evaluator testing and penetration testing was
the same as described in the [ST]:
JCOP 7.0 R1.64.0.2, JCOP 7.0 R2.04.0.2, JCOP 7.1 R1.04.0.2, JCOP 7.2 R1.09.0.2
JCOP 7.3 R1.07.0.2
Some of the independent and penetration testing was performed on an earlier version of the software
(R1.54.0.2, R2.04.0.1, R1.66.0.1 and R1.62.0.1) or on JCOP 7.x eSE OS instance(JCOP 7.0
R2.04.0.1, JCOP 7.1 R2.01.0.1, JCOP 7.2 R1.09.0.1 and JCOP 7.3 R1.07.0.1). The ITSEF assessed
the differences between these versions and concluded that do not negatively impact security, the test
results obtained on the earlier version are fully applicable to the TOE versions in the [ST].
2.8.7 Test results
The testing activities, including configurations, procedures, test cases, expected results and observed
results are summarised in the [ETR], with references to the documents containing the full details.
The developer’s tests and the independent functional tests produced the expected results, giving
assurance that the TOE behaves as specified in its [ST] and functional specification.
No exploitable vulnerabilities were found with the independent penetration tests.
The algorithmic security level of cryptographic functionality has not been rated in this certification
process, but the current consensus on the algorithmic security level in the open domain, i.e., from the
current best cryptanalytic attacks published, has been taken into account.
Not all key sizes specified in the [ST] have sufficient cryptographic strength for satisfying the
AVA_VAN.5 “high attack potential”. The TOE supports a wider range of key sizes (see [ST]), including
those with sufficient algorithmic security level to exceed 100 bits as required for high attack potential
(AVA_VAN.5).
The strength of the implementation of the cryptographic functionality has been assessed in the
evaluation, as part of the AVA_VAN activities.
For composite evaluations, please consult the [ETRfC] for details.
Page: 15/23 of report number:EUCC-3110-2025-08-2500052-01-CR, dated 19 August 2025
®
TrustCB
is
a
registered
trademark.
Any
use
or
application
requires
prior
approval.
2.8.8 Reused Evaluation Results
This was a new certification under EUCC however documentary evaluation results of an earlier
version of the TOE certified under the SOG-IS Netherlands Scheme for Certification in the area of IT
security (NSCIB) have been partially reused. Vulnerability analysis and penetration testing has been
renewed.
There has been extensive reuse of the ALC aspects for the sites involved in the development and
production of the TOE, by use of 24 site certificates and 26 Site Technical Audit Reports.
No sites have been visited as part of this evaluation.
2.8.9 Evaluated Configuration
The TOE is defined uniquely by its name and version number NXP JCOP 7.x with eUICC extension on
SN300 B1.1 Secure Element, versions JCOP 7.0 R1.64.0.2, JCOP 7.0 R2.04.0.2, JCOP 7.1
R1.04.0.2, JCOP 7.2 R1.09.0.2, JCOP 7.3 R1.07.0.2.
The evaluated product is an open and isolating platform. The isolation of applications, and also the
protection of post-issuance application loading have been studied in order to identify that this platform
is conformant to the concept of “open and isolating platform” [SotA-COSP]. There are no known
applications.
2.9 Results of the evaluation
The evaluation lab documented their evaluation results in the [ETR], which references an ASE
Intermediate Report, other evaluator documents and developer documentation [DEV_DOCS]. To
support composite evaluations according to [COMP] a derived document [ETRfC] was provided and
approved. This document provides details of the TOE evaluation that must be considered when this
TOE is used as platform in a composite evaluation.
The verdict of each claimed assurance requirement is “Pass”.
2.9.1 Assessment against each assurance requirement
ASE
ASE
ST introduction ASE_INT.1
Conformance claims ASE_CCL.1
Security problem definition ASE_SPD.1
Security objectives ASE_OBJ.2
Extended components definition ASE_ECD.1
Security requirements ASE.REQ.2
TOE summary specification ASE.TSS.1
Consistency of Composite product ST ASE.COMP.1
The findings are well-documented and internally consistent, demonstrating a thorough understanding
of the Security Target [ST] and its components. The TOE introduction, conformance claim, security
problems, security objectives, extended components, security requirements, TOE summary
specification and composite product consistency are appropriately addressed, and the TOE
description is accurate and adequate for the evaluation level. Consequently, the ASE activities fulfil
the assurance requirements EAL4 augmented with AVA_VAN.5, ALC_DVS.2 and ALC_FLR.2. No
issues or deviations were identified.
ADV
Page: 16/23 of report number:EUCC-3110-2025-08-2500052-01-CR, dated 19 August 2025
®
TrustCB
is
a
registered
trademark.
Any
use
or
application
requires
prior
approval.
ADV
Security architecture ADV_ARC.1
Functional specification ADV_FSP.4
Implementation representation ADV_IMP.1
TOE design ADV_TDS.3
Composite design compliance ADV_COMP.1
The evaluation has demonstrated that the developer’s evidence meets ADV specified requirements.
The TOE model is complete, clearly showing all interfaces (TSFI/non-TSFI), user roles, and relations,
with explanations on completeness and tracing requirements met. The subsystem/module level model
is sensible, useful, and shows TSFIs and subsystem/module decomposition. The security architecture
is thoroughly explained, design compliance rationale is complete and coherent, and necessary
evidence is extracted per alternative approach. The evaluator confirmed why the TSF is well-
structured. SFRs were inspected, with findings mapped to the implementation representation in both
evaluation meetings. Finally, the evaluator has determined that the TOE does comply with the
requirements from the underlying hardware platform. Accordingly, the ADV activities meet the
assurance requirements for EAL4 augmented with AVA_VAN.5, ALC_DVS.2 and ALC_FLR.2, with no
issues or deviations identified.
AGD
AGD
Operational user guidance AGD_OPE.1
Preparative procedures AGD_PRE.1
The evaluation has demonstrated that the guidance documentation is clear, complete, and sufficient to
support the secure acceptance, installation, configuration, and operation of the TOE within its intended
environment by its user roles. The guidance effectively helps prevent common misconfigurations and
promotes correct usage. Therefore, the AGD activities fulfil the assurance requirements for EAL4
augmented with AVA_VAN.5, ALC_DVS.2 and ALC_FLR.2, with no issues or deviations identified.
ALC
ALC
CM capabilities ALC_CMC.4
CM Scope ALC_CMS.4
Delivery ALC_DEL.1
Development security ALC_DVS.2
Life cycle definition ALC_LCD.1
Flaw remediation ALC_FLR.2
Tools and techniques ALC_TAT.1
Integration of composition parts and consistency
check of delivery procedures
ALC_COMP.1
The evaluation has demonstrated that the developer’s evidence meets ALC specified. The CI-list was
comprehensive and uniquely identified all configuration items, with clear identification of the developer.
The CM documentation effectively described unique identification methods, a CM plan for
development, procedures for accepting modified or new CIs, and the CM system was operated in
accordance with the CM plan to maintain all configuration items by automated means. Delivery
Page: 17/23 of report number:EUCC-3110-2025-08-2500052-01-CR, dated 19 August 2025
®
TrustCB
is
a
registered
trademark.
Any
use
or
application
requires
prior
approval.
procedures were well-documented, ensuring security during TOE distribution. Security measures for
protecting the confidentiality and integrity of the TOE in physical, procedural, personnel, logical and
other areas were justified as sufficient. Flaw remediation procedures were comprehensive, including
methods for receiving reports, tracking flaws, providing corrective actions, and updating users. The
development life-cycle model provided necessary control; tools were well-defined with clear
documentation. Finally, the certified underlying TOE was correctly used and followed per guidance.
Accordingly, the ALC activities satisfy the assurance requirements for EAL4 augmented with
AVA_VAN.5, ALC_DVS.2 and ALC_FLR.2, with no issues or deviations identified.
ATE
ATE
Coverage ATE_COV.2
Depth ATE_DPT.1
Functional tests ATE_FUN.1
Independent testing ATE_IND.2
Composite functional testing ATE_COMP.1
The evaluation has demonstrated that the developer’s evidence for ATE requirements meets all
specified requirements. The testing approach used by the developer effectively covered the TSFIs and
modules. The developer’s rationale for testing all TSFIs and modules was presented and verified. The
developer test results show that for all tests either the result was pass or a proper rationale was given
why the test failed. For the evaluator’s independent testing, the overall approach for test selection,
goals for the witnessing session, and independent test plan were clearly outlined. The evaluator’s
testing results showed that all sampled tests were passed. Accordingly, the ATE activities satisfy the
assurance requirements for EAL4 augmented with AVA_VAN.5, ALC_DVS, with no issues or
deviations identified.
AVA
AVA
Vulnerability analysis AVA_VAN.5
Composite vulnerability assessment AVA_COMP.1
The methodical analysis performed was conducted along the following steps:
- When evaluating the evidence in the classes ASE, ADV and AGD the evaluator considers whether
potential vulnerabilities can already be identified due to the TOE type and/or specified behaviour in
such an early stage of the evaluation.
- For ADV_IMP a thorough implementation representation review is performed on the TOE. During this
attack-oriented analysis, the protection of the TOE is analysed using the knowledge gained from all
previous evaluation classes. This results in the identification of (additional) potential vulnerabilities. For
this analysis will be performed according to the attack methods in [JIL-AMS] [JIL-AAPS] [SotA-AAPS].
- The evaluator examined sources of information publicly available to identify potential vulnerabilities in
the TOE under consideration of the components identified in the list of third party components, and
specific IT products in the environment that the TOE depends on, e.g., bytecode verifier. No potential
vulnerabilities were identified.
- All potential vulnerabilities are analysed using the knowledge gained from all evaluation classes and
information from the public domain. A judgment was made on how to assure that these potential
vulnerabilities are not exploitable. The potential vulnerabilities are addressed by penetration testing, a
guidance update or in other ways that are deemed appropriate.
Page: 18/23 of report number:EUCC-3110-2025-08-2500052-01-CR, dated 19 August 2025
®
TrustCB
is
a
registered
trademark.
Any
use
or
application
requires
prior
approval.
Consequently, the AVA activities were performed in full compliance with the assurance requirements
EAL4 augmented with AVA_VAN.5, ALC_DVS.2 and ALC_FLR.2, providing a high level of confidence
in the TOE’s resistance to exploitation.
2.9.2 Overall result of evaluation
Based on the above evaluation results the evaluation lab concluded the NXP JCOP 7.x with eUICC
extension on SN300 B1.1 Secure Element, versions JCOP 7.0 R1.64.0.2, JCOP 7.0 R2.04.0.2, JCOP
7.1 R1.04.0.2, JCOP 7.2 R1.09.0.2, JCOP 7.3 R1.07.0.2, to be CC:2022 revision 1 Part 2 extended,
CC:2022 revision 1 Part 3 conformant, at an assurance level recognised by article 52 of [CSA] as
‘high’, and to meet the assurance requirements of EAL 4 augmented with ALC_FLR.2, ALC_DVS.2
and AVA_VAN.5 and the Composite evaluation package (COMP) This implies that the product
satisfies the security requirements specified in Security Target [ST].
The Security Target claims ‘strict’ conformance to the Protection Profile [PP0100] and ‘demonstrable’
conformance to the Protection Profile [PP0099].
2.10 Certificate information and scheme label
A Certificate has been issued recognising this evaluation result as follows:
Unique identifier: EUCC-3110-2025-08-2500052-01
Date of issuance: 19-08-2025 and with a validity period of 5 years.
2.11 Comments/Recommendations
The user guidance as outlined in section 2.5 contains necessary information about the usage of the
TOE. Certain aspects of the TOE’s security functionality, in particular the countermeasures against
attacks, depend on accurate conformance to the user guidance of both the software and the hardware
part of the TOE. There are no particular obligations or recommendations for the user apart from
following the user guidance. Please note that the documents contain relevant details concerning the
resistance against certain attacks.
In addition, all aspects of assumptions, threats and policies as outlined in the Security Target not
covered by the TOE itself must be fulfilled by the operational environment of the TOE.
The customer or user of the product shall consider the results of the certification within his system risk
management process. For the evolution of attack methods and techniques to be covered, the
customer should define the period of time until a re-assessment for the TOE is required and thus
requested from the sponsor of the certificate.
The strength of the cryptographic algorithms and protocols was not rated in the course of this
evaluation. This specifically applies to the following proprietary or non-standard algorithms, protocols
and implementations: ECDAA, Korean SEED, MIFARE and FeliCa, which are out of scope as there
are no security claims relating to these, which are out of scope as there are no security claims relating
to these.
Not all key sizes specified in the [ST] have sufficient cryptographic strength to satisfy the AVA_VAN.5
“high attack potential”. To be protected against attackers with a “high attack potential”, appropriate
cryptographic algorithms with sufficiently large cryptographic key sizes shall be used (references can
be found in national and international documents and standards).
Page: 19/23 of report number:EUCC-3110-2025-08-2500052-01-CR, dated 19 August 2025
®
TrustCB
is
a
registered
trademark.
Any
use
or
application
requires
prior
approval.
3 Summary of the Security Target
The "NXP JCOP 7.x with eUICC extension on SN300 B1.1 Secure Element, Security Target", Rev.6.6,
18 August 2025 [ST] is included here by reference.
Please note that, to satisfy the need for publication, a public version [ST-lite] has been created and
verified according to [ST-SAN].
This is the summary of the [ST] according to the [ETR]:
The TOE is the embedded UICC (eUICC) software that implements the GSMA Remote SIM
Provisioning (RSP) Architecture for Consumer Devices. The security functionality of the evaluated ICT
product is represented by the implementation of the selected components of [CC](Part2) and are listed
in section 7 Security Functional Requirements (ASE_REQ) of the [ST]. Regarding SFRs Statement for
Java Card Component, the Security Functional Requirements Statement copies most SFRs as
defined in the JCOP PP [PP0099], with the exception of a number of options. Please refer to section
2.3.2.3 for a brief summary of sets of SFRs in addition to JCOP PP [PP0099] including card content
management mechanism, Config Applet, OS Update, Restricted Mode and Context Separation etc.
The Security Functional Requirements for the eUICC component are copied from the eUICC PP
[PP0100], none have been added, removed, or modified for Consumer Devices.
Page: 20/23 of report number:EUCC-3110-2025-08-2500052-01-CR, dated 19 August 2025
®
TrustCB
is
a
registered
trademark.
Any
use
or
application
requires
prior
approval.
4 Definitions
This list of acronyms and definitions contains elements that are not already defined by the CC or CEM:
AES Advanced Encryption Standard
APSD Application Provider Security Domain
CAB Conformity Assessment Body
CBC Cipher Block Chaining (a block cipher mode of operation)
CBC-MAC Cipher Block Chaining Message Authentication Code
CFB Cipher Feedback
CPLC Card Production Life Cycle
CRT Chinese Remainder Theorem
CSP Cryptographic Service Provider
CTR Counter
DES Data Encryption Standard
DRG Deterministic Random Generator
ECB Electronic Code Book (a block cipher mode of operation)
ECC Elliptic Curve Cryptography
ECDAA Elliptic Curve Direct Anonymous Attestation
ECDSA Elliptic Curve Digital Signature Algorithm
ECDH Elliptic Curve Diffie Hellman
EDC Error Detection Code
EdDSA Elliptic Curve Edwards-curve Digital Signature Algorithm
eUICC embedded Universal Integrated Circuit Card
GCM Galois/Counter Mode
GF Galois Field
GP Global Platform
GCM Galois/Counter Mode
GSMA Groupe Speciale Mobile Association
IM4 Image4
IT Information Technology
ITSEF IT Security Evaluation Facility
JIL Joint Interpretation Library
MAC Message Authentication Code
MNO Mobile Network Operators
NFC Near-Field Communication
PP Protection Profile
RSA Rivest-Shamir-Adleman Algorithm
SHA Secure Hash Algorithm
Page: 21/23 of report number:EUCC-3110-2025-08-2500052-01-CR, dated 19 August 2025
®
TrustCB
is
a
registered
trademark.
Any
use
or
application
requires
prior
approval.
SMB Secure Mailbox
SPD Security Problem Definition
SotA State of the Art document for EUCC
VASD Verification Authority Security Domain
TOE Target of Evaluation
Page: 22/23 of report number:EUCC-3110-2025-08-2500052-01-CR, dated 19 August 2025
®
TrustCB
is
a
registered
trademark.
Any
use
or
application
requires
prior
approval.
5 Bibliography
This section lists all referenced documentation used as source material in the compilation of this
report.
[CC] Common Criteria for Information Technology Security Evaluation, CC:2022
Parts 1, 2, 3, 4 and 4, Revision 1, November 2022
[CEM] Common Methodology for Information Technology Security Evaluation,
CEM:2022 Revision 1, November 2022
[DEV_DOCS] For developer documentation used in the evaluation effort, see [ETRfc] and
[ETR]
[ETR] Evaluation Technical Report “NXP JCOP 7.x with eUICC extension on SN300
B1.1 Secure Element (versions: JCOP 7.0 R1.64.0.2 - JCOP 7.0 R2.04.0.2 -
JCOP 7.1 R1.04.0.2 – JCOP 7.2 R1.09.0.2 – JCOP 7.3 R1.07.0.2)” – EAL4
augmented with AVA_VAN.5, ALC_DVS.2 and ALC_FLR.2, 25-RPT-536,
version 5.0, 19 August 2025
[ETRfC] Evaluation Technical Report for Composition “(versions: JCOP 7.0 R1.64.0.2 -
JCOP 7.0 R2.04.0.2 - JCOP 7.1 R1.04.0.2 – JCOP 7.2 R1.09.0.2 - JCOP 7.3
R1.07.0.2)” – EAL4 augmented with AVA_VAN.5, ALC_DVS.2 and
ALC_FLR.2, 25-RPT-537, version 4.0, 18 August 2025
[EU-CSA] REGULATION (EU) 2019/881 OF THE EUROPEAN PARLIAMENT AND OF
THE COUNCIL of 17 April 2019 on ENISA (the European Union Agency for
Cybersecurity) and on information and communications technology
cybersecurity certification and repealing Regulation (EU) No 526/2013
(Cybersecurity Act)
[EU-EUCC] COMMISSION IMPLEMENTING REGULATION (EU) 2024/482 of 31 January
2024 laying down rules for the application of Regulation (EU) 2019/881 of the
European Parliament and of the Council as regards the adoption of the
European Common Criteria-based cybersecurity certification scheme (EUCC)
[HW-CERT] Certification Report NXP SN300 Series - Secure Element SN300_SE B1.1 J9,
NSCIB-CC-2300122-02-CR, version 1, 01 May 2025
[HW-ETRfC] Evaluation Technical Report for Composition “NXP SN300 Series – Secure
Element” – EAL4+, 23-RPT-1234, version 3.0, 1 May 2025
[HW-ST] NXP SN300 Series – Secure Element Security Target, Rev.1.0.6 – 19 February
2025
[JIL-AMS] Attack Methods for Smartcards and Similar Devices, Version 2.4, January 2020
(sensitive with controlled distribution)
[JIL-AAPS] JIL Application of Attack Potential to Smartcards, Version 3.2.1, February 2024
[JIL-COMP] Joint Interpretation Library, Composite product evaluation for Smart Cards and
similar devices for CC:2022, Version 1.6, April 2024
[PP0099] Java Card System – Open Configuration Protection Profile, Version 3.2, July
2024, registered under the reference BSI-CC-PP-0099-V3-2024
[PP0100] eUICC for Consumer and IoT Devices Protection Profile, Version: 2.1, 03
February 2025, registered under the reference BSI-CCPP-0100-V2-2025
Page: 23/23 of report number:EUCC-3110-2025-08-2500052-01-CR, dated 19 August 2025
®
TrustCB
is
a
registered
trademark.
Any
use
or
application
requires
prior
approval.
[PSIRT] PSIRT, Product Security Incident Response Process, NXPOMS-1719007347-
4179, version 1.3, 14 March 2024
[SotA_AAPS] EUCC SCHEME STATE-OF-THE-ART DOCUMENT Application of Attack
Potentical to Smarcards and Similar Devices, Version 2, February 2025
[SotA_CCIC] EUCC SCHEME STATE-OF-THE-ART DOCUMENT Application of Common
Criteria to integrated circuits Version 2, December 2024
[SotA_COSP] EUCC SCHEME STATE-OF-THE-ART DOCUMENT CERTIFICATION OF
“OPEN” SMART CARD PRODUCTS VERSION 1.1, October 2023
[SotA_COMP] EUCC SCHEME STATE-OF-THE-ART DOCUMENT Composite product
evaluation and certification for CC: 2022 Version 1, February 2025
[SotA_MSSR] EUCC SCHEME STATE-OF-THE-ART DOCUMENT Minimum Site Security
Requirements, Version 2, February 2025
[SotA_SARC] EUCC SCHEME STATE-OF-THE-ART DOCUMENT Security Architecture
requirements (ADV_ARC) for smart cards and similar devices extended to
Secure Sub Systems in SoCs, version 1.1, October 2023
[SotA_STAR] EUCC SCHEME STATE-OF-THE-ART DOCUMENT, STAR methodology,
version 1, February 2025
[ST] "NXP JCOP 7.x with eUICC extension on SN300 B1.1 Secure Element,
Security Target", Rev.6.6, 18 August 2025
[ST-lite] "NXP JCOP 7.x with eUICC extension on SN300 B1.1 Secure Element",
Security Target Lite, Revision 6.6, 18 August 2025.
[ST-SAN] Sanitization of a security target for publication, [EUCC] Annex V section V.2
ST sanitising for publication, CC Supporting Document CCDB-2006-04-004,
April 2006
[UG-JCOP] JCOP 7.0 User Guidance Manual, Rev. 1.24.7, 24 February 2025
JCOP 7.0 User Guidance Manual, Rev. 2.04.2, 18 February 2025
JCOP 7.1 User Guidance Manual, Rev. 3.05.4, 17 February 2025
JCOP 7.2 User Guidance Manual, Rev. 4.05.3, 18 February 2025
JCOP 7.3 User Guidance Manual, Rev. 5.6.2, 07 August 2025
(This is the end of this report.)