PREMIER MINISTRE Secrétariat général de la défense et de la sécurité nationale Agence nationale de la sécurité des systèmes d’information Certification Report ANSSI-CC-2011/17 LinqUs USIM 128k platform on SC33F640E Paris, 17th of June 2011 Courtesy Translation Certification report ANSSI-CC-2011/17 LinqUs USIM 128k platform on SC33F640E Page 2 out 19 ANSSI-CC-CER-F-07EN.006 Warning This report is designed to provide sponsors with a document enabling them to assess the security level of a product under the conditions of use and operation defined in this report for the evaluated version. It is also designed to provide the potential purchaser of the product with the conditions under which he may operate or use the product so as to meet the conditions of use for which the product has been evaluated and certified; that is why this certification report must be read alongside the evaluated user and administration guidance, as well as with the product security target, which presents threats, environmental assumptions and the supposed conditions of use so that the user can judge for himself whether the product meets his needs in terms of security objectives. Certification does not, however, constitute a recommendation product from ANSSI (French Network and Information Security Agency), and does not guarantee that the certified product is totally free of all exploitable vulnerabilities. Any correspondence about this report has to be addressed to: Secrétariat général de la défense et de la sécurité nationale Agence nationale de la sécurité des systèmes d'information Centre de certification 51, boulevard de la Tour Maubourg 75700 PARIS cedex 07 SP France certification.anssi@ssi.gouv.fr Reproduction of this document without any change or cut is authorised. LinqUs USIM 128k platform on SC33F640E Certification report ANSSI-CC-2011/17 ANSSI-CC-CER-F-07EN.006 Page 3 out 19 Certification report reference ANSSI-CC-2011/17 Product name LinqUs USIM 128k platform on SC33F640E Product reference / version T1017287 / Release A TOE reference / version S1092122/ Release A Protection profile conformity [PP JCS-O], version 2.6 Java Card System Protection Profile - Open Configuration Evaluation criteria and version Common Criteria version 3.1 revision 3 Evaluation level EAL 4 augmented ALC_DVS.2, AVA_VAN.5 Developers Gemalto La Vigie, Av du Jujubier, ZI Athelia IV, 13705 La Ciotat Cedex, France STMicroelectronics 190 avenue Celestin Coq, ZI de Rousset, B.P. 2, 13106 Rousset, France Sponsor Gemalto La Vigie, Av du Jujubier, ZI Athelia IV, 13705 La Ciotat Cedex, France Evaluation facility THALES - CEACI (T3S – CNES) 18 avenue Edouard Belin, BPI1414, 31401 Toulouse Cedex 9, France Phone: +33 (0)5 62 88 28 01 or 18, email : nathalie.feyt@thalesgroup.com Recognition arrangements CCRA The product is recognised at EAL4 level. SOG-IS Certification report ANSSI-CC-2011/17 LinqUs USIM 128k platform on SC33F640E Page 4 out 19 ANSSI-CC-CER-F-07EN.006 Introduction The Certification Security certification for information technology products and systems is governed by decree number 2002-535 dated April, 18th 2002, modified. This decree stipulates that: • The French Network and Information Security Agency draws up certification reports. These reports indicate the features of the proposed security targets. They may include any warnings that the authors feel the need to mention for security reasons. They may or may not be transmitted to third parties or made public, as the sponsors desire (article 7). • The certificates issued by the Prime Minister certify that the copies of the products or systems submitted for evaluation fulfil the specified security features. They also certify that the evaluations have been carried out in compliance with applicable rules and standards, with the required degrees of skill and impartiality (article 8). The procedures are available on the Internet site www.ssi.gouv.fr. LinqUs USIM 128k platform on SC33F640E Certification report ANSSI-CC-2011/17 ANSSI-CC-CER-F-07EN.006 Page 5 out 19 Contents 1. THE PRODUCT........................................................................................................................... 6 1.1. PRESENTATION OF THE PRODUCT........................................................................................... 6 1.2. EVALUATED PRODUCT DESCRIPTION ..................................................................................... 6 1.2.1. Product identification.................................................................................................... 6 1.2.2. Security services............................................................................................................ 7 1.2.3. Architecture................................................................................................................... 8 1.2.4. Life cycle ..................................................................................................................... 10 1.2.5. Guidance ..................................................................................................................... 12 1.2.6. Evaluated configuration.............................................................................................. 12 2. THE EVALUATION.................................................................................................................. 13 2.1. EVALUATION REFERENTIAL ................................................................................................. 13 2.2. EVALUATION WORK ............................................................................................................. 13 2.3. CRYPTOGRAPHIC MECHANISMS ROBUSTNESS ANALYSIS..................................................... 13 2.4. RANDOM NUMBER GENERATOR ANALYSIS .......................................................................... 13 3. CERTIFICATION...................................................................................................................... 14 3.1. CONCLUSION........................................................................................................................ 14 3.2. RESTRICTIONS...................................................................................................................... 14 3.3. RECOGNITION OF THE CERTIFICATE..................................................................................... 15 3.3.1. European recognition (SOG-IS).................................................................................. 15 3.3.2. International common criteria recognition (CCRA)................................................... 15 ANNEX 1. EVALUATION LEVEL OF THE PRODUCT.......................................................... 16 ANNEX 2. EVALUATED PRODUCT REFERENCES .............................................................. 17 ANNEX 3. CERTIFICATION REFERENCES ........................................................................... 19 Certification report ANSSI-CC-2011/17 LinqUs USIM 128k platform on SC33F640E Page 6 out 19 ANSSI-CC-CER-F-07EN.006 1. The product 1.1. Presentation of the product The evaluated product is the « LinqUs USIM 128k platform on SC33F640E, reference T1017287, release A » developed by Gemalto and STMicroelectronics. This product is a (U)SIM Java Card platform embedded in an open (U)SIM card intended to be plugged in a mobile phone or other mobile devices. This product can host applications that can be loaded and instantiated onto the product either before card issuance or in post-issuance through the mobile network, over-the-air (OTA) and in a connected environment and without physical manipulation of the TOE. Other administrative operations can also be done using OTA. 1.2. Evaluated product description The security target [ST] defines the evaluated product, its evaluated security functionalities and its operational environment. This security target is conformant to [PP JCS-O] protection profile, this conformity is demonstrable. Security objectives have been added to the security target [ST] to deal with the Telecom characteristics of this product. 1.2.1. Product identification The configuration list [CONF] identifies the product’s constituent elements. The certified version of the TOE can be identified by several means identified in the delivery sheet [DS]. - Response to the GetData command (0x00 0xCA 0x9F 0x7F) corresponds to the following CPLC1 information: IC Fabricator 0x47 0x50 (ST) ICType 0x00 0x25 (SC33F640) osId 0x00 0x27 (STM027) osDate 0x03 0x40 (YDDD) osVersion 0x01 0x0C - Response to the GlobalPlatform GetData command (0x00 0xCA 0x00 0x66) of the card manager gives the Card Recognition Data: TOE: S1092122 Complete label of the product (including developer tools) 1.23.1.18 1 Card manager Production Life Cycle LinqUs USIM 128k platform on SC33F640E Certification report ANSSI-CC-2011/17 ANSSI-CC-CER-F-07EN.006 Page 7 out 19 Software label 1.23.1.12 Card Recognition Data 0070666664736206072A864886FC6B01600B06092A864886FC6B02 0202630906072A864886FC6B03640B06092A864886FC6B04800064 0B06092A864886FC6B040255650A06082A864886FC6B050466190 60A2B060104012A026E0102060B47544F463634300117010C SCP1 : 0x02, 0x 55 Software label: 0x01, 0x17, 0x01, 0x0C Main difference between the product and the platform (the TOE) references rely on the identification of the list of pre-issuance2 applications loaded on this smartcard. All the applications that were present on the configuration made available to the evaluator are detailed in [App_list]. This document lists the packages and applets, included in the product configuration, with there associated names and AIDs3 . The GetStatus command permits the user to check what the installed applets and packages are on the product at his disposal. 1.2.2. Security services The product provides the following evaluated security services: - Confidentiality and integrity of cryptographic keys and application data during execution of cryptographic operations; - Confidentiality and integrity of authentication data and application data during execution of authentication operations; - Isolation of applications belonging to different contexts from each other and confidentiality and integrity of application data among applications; - Integrity of the application code execution. The product offers additional evaluated security services for applications management, relying on the GlobalPlatform framework: - Privileges delegation: The MNO4 as Card issuer is initially the only entity authorized to manage applications (loading, instantiation, deletion) through a secure communication channel with the card during the 7th phase of the smartcard (usage phase, see chapter 1.2.4). However, the MNO can grant these privileges to an Application Provider (AP) through the delegated management functionality of Global Platform (GP). - Application signature verification: All loaded applications are associated at load time to a Verification Authority (VA) signature (Mandated DAP) that is verified on card by the on-card representative of the VA prior to the completion of the application loading operation and prior to the instantiation of any applet defined in the loaded application. - Security Domain management: Application Providers have Security Domain keysets enabling them to be authenticated to the corresponding Security Domain 1 Secure Channel Protocol 2 loading realised before the 7th phase of the smart card life cycle 3 Application Identifier 4 Mobile Network Operator Certification report ANSSI-CC-2011/17 LinqUs USIM 128k platform on SC33F640E Page 8 out 19 ANSSI-CC-CER-F-07EN.006 and to establish a trusted channel between the TOE and an external trusted device. These Security Domains keysets are not known by the Card issuer. 1.2.3. Architecture The product is composed of the following components: - The microcontroller SC33F640 revision E, - A Java Card System which manages and executes applications called applets. It also provides APIs to develop applets on top of it, in accordance with the Java Card specifications. - GlobalPlatform (GP) packages (partially evaluated), which provides an interface to communicate with the smart card and manage applications in a secure way - Platform APIs, which provides ways to specifically interact with (U)SIM applications. - Telecom environment including network authentication applications (not evaluated) and Telecom communication protocol. LinqUs USIM 128k platform on SC33F640E Certification report ANSSI-CC-2011/17 ANSSI-CC-CER-F-07EN.006 Page 9 out 19 The following figure describes the major items included in the TOE: As identified in chapter 1.2.4 here after, the evaluated product has been personalized. Thus all the creation of Security Domains identified in the previous figure has been studied during the evaluation. The product at the disposal of the ITSEF actually contains those Security Domains. Here the ISD corresponds to the Issuer Security Domain, VASD to the Verification Authority Security Domain, CASD to the Controlling Authority Security Domain and SSD to Supplementary Security Domain. Some applications were already loaded in the SSD, they are all identified in the [App_list] document. Certification report ANSSI-CC-2011/17 LinqUs USIM 128k platform on SC33F640E Page 10 out 19 ANSSI-CC-CER-F-07EN.006 1.2.4. Life cycle The product’s life cycle is organised as follow: The product has been developed on the following sites: Development sites La Vigie Avenue du Jujubier ZI Athelia IV 13705 La Ciotat Cedex France [AGD_PRE] [AGD_OPE_VA] [AGD-Dev_Basic] [AGD-Dev_Sec] [AGD_OPE] [AGD_OPE] [AGD_OPE_VA] [AGD_PRE] [AGD_OPE_VA] [AGD-Dev_Basic] [AGD-Dev_Sec] [AGD_OPE] [AGD_OPE] [AGD_OPE_VA] LinqUs USIM 128k platform on SC33F640E Certification report ANSSI-CC-2011/17 ANSSI-CC-CER-F-07EN.006 Page 11 out 19 8, rue de la Verrerie 92197 Meudon Cedex France 12 Ayar Rajah Crescent Singapour 139941 Singapour Embedded software configuration sites 525, Avenue du Pic de Bretagne 13420 Gemenos France Ul. Skarszewska 2 83-110 Tczew Pologne Packaging sites Rue de Saint Ulfrant 27500 Pont-Audemer France Ul. Skarszewska 2 83-110 Tczew Pologne Pre-personalization site Rue de Saint Ulfrant 27500 Pont-Audemer France Ul. Skarszewska 2 83-110 Tczew Pologne Personalization sites Rue de Saint Ulfrant 27500 Pont-Audemer France Ul. Skarszewska 2 83-110 Tczew Pologne The microcontroller’s development and manufacturing sites are identified in the certification report [ANSSI-CC-2011/07]. Development of pre-issuance applications identified in [App_list] has been performed in the La Ciotat Development site. Their delivery and verification have also been performed on the La Ciotat site, but by different teams than those who have developed them. According to [NOTE.10], the related procedures have been analysed and audited during the evaluation process. Certification report ANSSI-CC-2011/17 LinqUs USIM 128k platform on SC33F640E Page 12 out 19 ANSSI-CC-CER-F-07EN.006 Procedure to verify pre-issuance application developed by other team than those of Gemalto haven’t been analysed, as all the pre-issuance embedded applications considered here are developed by Gemalto. 1.2.5. Guidance As the evaluated life cycle corresponds to phases 1 to 6, the preparative guidance of the personalized product [AGD-PRE] is mostly dedicated to recommendations related to the VASD, CASD, ISD, and APSD Security Domain key management. The operational guidance [AGD-OPE] provides recommendations for each of the following actors: - The Mobile Network Operator as issuer of the (U)SIM Java Card platform; - The Application Provider (AP), entity or institution responsible for the applications and their associated services; - The Controlling Authority (CA), entity independent from the MNO represented on the (U)SIM card and responsible for securing the keys creation and personalization of the Application Provider Security Domain (APSD); - The Verification Authority (VA), trusted third party represented on the (U)SIM card, acting on behalf of the MNO and responsible for the verification of applications signatures (mandated DAP) during the loading process. [AGD-OPE] also identifies delivery recommendations that should be enforced for the delivery of new applications to be load in this product. Moreover the guidance [AGD-Dev_Basic] and [AGD-Dev_Sec] describe development rules that have to be followed by applications on this product; and the guidance [AGD-OPE_VA] describe verification rules that have to be followed by the Verification Authority. 1.2.6. Evaluated configuration The open configuration of the product has been evaluated according to [NOTE.10]: this product corresponds to an open and isolating platform. Thus new applications loading that respect the constraints stated in chapter 3.2 and are loaded according to the audited process do not impact the current certification report. All applications identified in [App_list] have been verified according to [AGD-OPE_VA]. LinqUs USIM 128k platform on SC33F640E Certification report ANSSI-CC-2011/17 ANSSI-CC-CER-F-07EN.006 Page 13 out 19 2. The evaluation 2.1. Evaluation referential The evaluation has been performed in compliance with Common Criteria version 3.1 revision 3 [CC], with the Common Evaluation Methodology [CEM]. In order to meet the specificities of smart cards, the [CC IC] and [CC AP] guides have been applied. 2.2. Evaluation work The evaluation has been performed according to the composition scheme as defined in the guide [COMP] in order to assess that no weakness comes from the integration of the software in the microcontroller already certified. Therefore, the results of the evaluation of the microcontroller “SC33F640E” at EAL5 level augmented with ALC_DVS.2 and AVA_VAN.5, compliant with the [PP0035] protection profile, have been used. This microcontroller has been certified the 5 april 2011 under the reference ANSSI-CC-2011/07 [ANSSI-CC-2011/07]. The evaluation technical report [ETR], delivered to ANSSI the 31st May 2011 provides details on the work performed by the evaluation facility and assesses that all evaluation tasks are “pass”. 2.3. Cryptographic mechanisms robustness analysis The robustness of cryptographic mechanisms hasn’t been analysed by ANSSI. Nevertheless the evaluation hasn’t lead to the identification of design or construction vulnerabilities for the targeted AVA_VAN level. 2.4. Random number generator analysis The platform performs a cryptographic post-processing of the outputs of the material random generator provided by the underlying microcontroller that have been studied during this evaluation. The evaluation hasn’t identified exploitable vulnerabilities for the targeted AVA_VAN level if the [AGD-Dev_Sec] guidance is correctly applied. Certification report ANSSI-CC-2011/17 LinqUs USIM 128k platform on SC33F640E Page 14 out 19 ANSSI-CC-CER-F-07EN.006 3. Certification 3.1. Conclusion The evaluation was carried out according to the current rules and standards, with the required competency and impartiality of a licensed evaluation facility. All the work performed permits the release of a certificate in conformance with the decree 2002-535. This certificate testifies that the product “LinqUs USIM 128k platform on SC33F640E, reference T1017287, release A” submitted for evaluation fulfils the security features specified in its security target [ST] for the evaluation level EAL 4 augmented. 3.2. Restrictions This certificate only applies on the product specified in chapter 1.2 of this certification report. The user of the certified product shall respect the security objectives for the operational environment, as specified in the security target [ST], and shall respect the recommendations in the guidance [GUIDES], in particular: - Applications developers must follow the guidance for basic applications development [AGD-Dev_Basic]or the guidance for secure applications development [AGD- Dev_Sec] depending of the sensibility of the targeted application; - The Verification Authority must follow the guidance for verification authority [AGD- OPE_VA]. LinqUs USIM 128k platform on SC33F640E Certification report ANSSI-CC-2011/17 ANSSI-CC-CER-F-07EN.006 Page 15 out 19 3.3. Recognition of the certificate 3.3.1. European recognition (SOG-IS) This certificate is released in accordance with the provisions of the SOG-IS agreement [SOG- IS]. The European Recognition Agreement made by SOG-IS in 2010 allows recognition from Signatory States of the agreement1 , of ITSEC and Common Criteria certificates. The European recognition is applicable, for smart cards and similar devices, up to ITSEC E6 High and CC EAL7 levels. The certificates that are recognized in the agreement scope are released with the following marking: 3.3.2. International common criteria recognition (CCRA) This certificate is released in accordance with the provisions of the CCRA [CC RA]. The Common Criteria Recognition Arrangement allows the recognition, by signatory countries2 , of the Common Criteria certificates. The mutual recognition is applicable up to the assurance components of CC EAL4 level and also to ALC_FLR family. The certificates that are recognized in the agreement scope are released with the following marking: 1 The signatory countries of the SOG-IS agreement are: Finland, France, Germany, Italy, The Netherlands, Norway, Spain, Sweden and United Kingdom. 2 The signatory countries of the CCRA arrangement are: Australia, Austria, Canada, Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, India, Israel, Italy, Japan, the Republic of Korea, Malaysia, Netherlands, New-Zealand, Norway, Pakistan, Singapore, Spain, Sweden, Turkey, the United Kingdom and the United States of America. Certification report ANSSI-CC-2011/17 LinqUs USIM 128k platform on SC33F640E Page 16 out 19 ANSSI-CC-CER-F-07EN.006 Annex 1. Evaluation level of the product Components by assurance level Assurance level of the product Class Family EAL 1 EAL 2 EAL 3 EAL 4 EAL 5 EAL 6 EAL 7 EAL 4+ Name of the component ADV_ARC 1 1 1 1 1 1 1 Security architecture description ADV_FSP 1 2 3 4 5 5 6 4 Complete functional specification ADV_IMP 1 1 2 2 1 Implementation representation of the TSF ADV_INT 2 3 3 ADV_SPM 1 1 ADV Development ADV_TDS 1 2 3 4 5 6 3 Basic modular design AGD_OPE 1 1 1 1 1 1 1 1 Operational user guidance AGD Guidance AGD_PRE 1 1 1 1 1 1 1 1 Preparative procedures ALC_CMC 1 2 3 4 4 5 5 4 Production support, acceptance procedures and automation ALC_CMS 1 2 3 4 5 5 5 4 Problem tracking CM coverage ALC_DEL 1 1 1 1 1 1 1 Delivery procedures ALC_DVS 1 1 1 2 2 2 Sufficiency of security measures ALC_FLR ALC_LCD 1 1 1 1 2 1 Developer defined life-cycle model ALC Life-cycle support ALC_TAT 1 2 3 3 1 Well-defined development tools ASE_CCL 1 1 1 1 1 1 1 1 Conformance claims ASE_ECD 1 1 1 1 1 1 1 1 Extended components definition ASE_INT 1 1 1 1 1 1 1 1 ST introduction ASE_OBJ 1 2 2 2 2 2 2 2 Security objectives ASE_REQ 1 2 2 2 2 2 2 2 Derived security requirements ASE_SPD 1 1 1 1 1 1 1 Security problem definition ASE Security Target Evaluation ASE_TSS 1 1 1 1 1 1 1 1 TOE summary specification ATE_COV 1 2 2 2 3 3 2 Analysis of coverage ATE_DPT 1 1 3 3 4 1 Testing: basic design ATE_FUN 1 1 1 1 2 2 1 Functional testing ATE Tests ATE_IND 1 2 2 2 2 2 3 2 Independent testing: sample AVA Vulnerability assessment AVA_VAN 1 2 2 3 4 5 5 3 Advanced methodical vulnerability analysis LinqUs USIM 128k platform on SC33F640E Certification report ANSSI-CC-2011/17 ANSSI-CC-CER-F-07EN.006 Page 17 out 19 Annex 2. Evaluated product references [ST] Reference security target for the evaluation: - “Security Target LinqUs USIM 128k PK certified using SC33F640” , reference D117263, release 1.7 For the needs of publication, the following security target has been provided and validated in the evaluation: - “Security Target LinqUs USIM 128k PK certified using SC33F640” , reference D117263, release 1.7p [ETR] Evaluation technical report : - “Evaluation technical report - Project: LIOUQUET2”, reference LI2_ETR, revision 2.0 [CONF] - Delivery Sheet [DS], reference D1189308; - TOE software configuration list: “TOE file configuration list”, reference listeFichiersPhenix_1_23_1_18 ; - Documentation configuration list: “Documentation configuration list rev 2”, reference Action_List_LIOUQUET2, version 27052011; - Product pre-issuance packages [App_list]: “STM027 : Linqus USIM 128k PK Certified” , reference Gemalto_STM027_profile description_vA6, release A6. [GUIDES] Preparative guidance : - Acceptance and installation guidance [AGD-PRE] : “Preparative Guidance for LinqUs USIM 128K PK certified”, reference D1185540, release 1.3 Operational guidance: - Administration guidance [AGD-OPE] : “Guidance for Administration of LinqUs USIM 128K PK certified”, reference D1185542, release 1.3 - Guidance for application development • Guidance for basic application development [AGD- Dev_Basic]: “Rules for applications on Upteq mNFC certified product”, reference D1186227, release A03 • Guidance for secure application development [AGD- Dev_Sec]: “Guidance for secure application development on Upteq mNFC platforms”, reference D1188231, release A04 - Guidance for Verification Authority [AGD-OPE_VA]: “Guidance for Verification Authority of LinqUs USIM 128K PK” reference D1185542_VA, release 1.3 [PP JCS-O] Java Card System Protection Profile - Open Configuration, version 2.6, 19 April 2010. Certified by ANSSI under the reference ANSSI-CC-PP-2010/03 Certification report ANSSI-CC-2011/17 LinqUs USIM 128k platform on SC33F640E Page 18 out 19 ANSSI-CC-CER-F-07EN.006 [PP0035] Security IC Platform Protection Profile, version 1.0, 15 June 2007. Certified by BSI (Bundesamt für Sicherheit in der Informationstechnik) under the reference BSI_PP_0035. [ANSSI-CC- 2011/07] Secured microcontrollers ST33F1ME, ST33F768E, SC33F768E, ST33F640E, SC33F640E, ST33F512E, SC33F512E and SC33F384E with the optional cryptographic library NesLib v3.0 Certified by ANSSI under the reference ANSSI-CC- 2011/07 LinqUs USIM 128k platform on SC33F640E Certification report ANSSI-CC-2011/17 ANSSI-CC-CER-F-07EN.006 Page 19 out 19 Annex 3. Certification references Decree number 2002-535, 18th April 2002, modified related to the security evaluations and certifications for information technology products and systems. [CER/P/01] Procedure CER/P/01 - Certification of the security provided by IT products and systems, DCSSI. [CC] Common Criteria for Information Technology Security Evaluation : Part 1: Introduction and general model, July 2009, version 3.1, revision 3 Final, ref CCMB-2009-07-001; Part 2: Security functional components, July 2009, version 3.1, revision 3 Final, ref CCMB-2009-07-002; Part 3: Security assurance components, July 2009, version 3.1, revision 3 Final, ref CCMB-2009-07-003. [CEM] Common Methodology for Information Technology Security Evaluation : Evaluation Methodology, July 2009, version 3.1, revision 3 Final, ref CCMB-2009-07-004. [CC IC] Common Criteria Supporting Document - Mandatory Technical Document - The Application of CC to Integrated Circuits, reference CCDB-2009-03-002 version 3.0, revision 1, March 2009. [CC AP] Common Criteria Supporting Document - Mandatory Technical Document - Application of attack potential to smart-cards, reference CCDB-2009-03-001 version 2.7 revision 1, March 2009. [COMP] Common Criteria Supporting Document - Mandatory Technical Document - Composite product evaluation for smart cards and similar devices, reference CCDB-2007-09-001 version 1.0, revision 1, September 2007. [NOTE.10] « Application note - Certification of applications on “open and cloisonning platform” », reference ANSSI-CC-NOTE/10.0EN, see ssi.gouv.fr [REF-CRY] Mécanismes cryptographiques – Règles et recommandations concernant le choix et le dimensionnement des mécanismes cryptographiques, version 1.20 du 26 janvier 2010, voir www.ssi.gouv.fr [CC RA] Arrangement on the Recognition of Common criteria certificates in the field of information Technology Security, May 2000. [SOG-IS] « Mutual Recognition Agreement of Information Technology Security Evaluation Certificates », version 3.0, 8th January 2010, Management Committee.