BİLİŞİM TEKNOLOJİLERİ
TEST VE BELGELENDİRME
DAİRESİ BAŞKANLIĞI /
INFORMATION TECHNOLOGIES TEST AND
CERTIFICATION DEPARTMENT
Doküman No BTBD-03-01-FR-01
CCCS CERTIFICATION REPORT
Yayın Tarihi 30/07/2015
RevizyonTarihi 29/04/2016 No 05
Sayfa 1/23
Bu dokümanın güncelliği, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir.
Certification Report
EAL 2 Evaluation of
EnPOS Bilişim Sanayi ve Ticaret A.Ş.
N-PosCore v.2.0.0.31
issued by
Turkish Standards Institution
Common Criteria Certification Scheme
Certificate Number: 21.0.03/TSE-CCCS-46
BİLİŞİM TEKNOLOJİLERİ
TEST VE BELGELENDİRME
DAİRESİ BAŞKANLIĞI /
INFORMATION TECHNOLOGIES TEST AND
CERTIFICATION DEPARTMENT
Doküman No BTBD-03-01-FR-01
CCCS CERTIFICATION REPORT
Yayın Tarihi 30/07/2015
RevizyonTarihi 29/04/2016 No 05
Sayfa 2/23
Bu dokümanın güncelliği, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir.
TABLE OF CONTENTS
TABLE OF CONTENTS .............................................................................................................................2
DOCUMENT INFORMATION.........................................................................................................................3
DOCUMENT CHANGE LOG ...........................................................................................................................3
DISCLAIMER ....................................................................................................................................................4
FOREWORD ......................................................................................................................................................5
RECOGNITION OF THE CERTIFICATE........................................................................................................6
1 - EXECUTIVE SUMMARY ............................................................................................................................7
1.1 TOE Overview ..............................................................................................................................................7
1.2 Threats...........................................................................................................................................................7
2 CERTIFICATION RESULTS .........................................................................................................................11
2.1 Identification of Target of Evaluation.........................................................................................................11
2.2 Security Policy ............................................................................................................................................11
2.3 Assumptions and Clarification of Scope.....................................................................................................12
2.4 Architectural Information............................................................................................................................14
2.4.1 Logical Scope...........................................................................................................................................14
2.4.2 Physical Scope .........................................................................................................................................15
2.4.3 Software environment of TOE.................................................................................................................15
2.4.4 Hardware Environment of TOE...............................................................................................................16
2.5 Documentation............................................................................................................................................17
2.6 IT Product Testing.......................................................................................................................................18
2.7 Evaluated Configuration .............................................................................................................................18
2.8 Results of the Evaluation ............................................................................................................................19
2.9 Evaluator Comments / Recommendations..................................................................................................20
3 SECURITY TARGET ...................................................................................................................................21
4 ACRONYMS.............................................................................................................................................22
5 BIBLIOGRAPHY........................................................................................................................................23
BİLİŞİM TEKNOLOJİLERİ
TEST VE BELGELENDİRME
DAİRESİ BAŞKANLIĞI /
INFORMATION TECHNOLOGIES TEST AND
CERTIFICATION DEPARTMENT
Doküman No BTBD-03-01-FR-01
CCCS CERTIFICATION REPORT
Yayın Tarihi 30/07/2015
RevizyonTarihi 29/04/2016 No 05
Sayfa 3/23
Bu dokümanın güncelliği, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir.
DOCUMENT INFORMATION
Date of Issue October 10, 2017
Approval Date October 10, 2017
Certification Report Number 21.0.03/17-010
Sponsor and Developer EnPOS Bilişim Sanayi ve Ticaret A.Ş.
Evaluation Facility TÜBİTAK BİLGEM OKTEM
TOE N-PosCore v.2.0.0.31
Pages 23
Prepared by Cem ERDİVAN
Reviewed by İbrahim Halil KIRMIZI
This report has been prepared by the Certification Expert and reviewed by the Technical Responsible of which
signatures are above.
DOCUMENT CHANGE LOG
Release Date Pages Affected Remarks/Change Reference
1.0 October 10, 2017 All First Release
BİLİŞİM TEKNOLOJİLERİ
TEST VE BELGELENDİRME
DAİRESİ BAŞKANLIĞI /
INFORMATION TECHNOLOGIES TEST AND
CERTIFICATION DEPARTMENT
Doküman No BTBD-03-01-FR-01
CCCS CERTIFICATION REPORT
Yayın Tarihi 30/07/2015
RevizyonTarihi 29/04/2016 No 05
Sayfa 4/23
Bu dokümanın güncelliği, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir.
DISCLAIMER
This certification report and the IT product in the associated Common Criteria document has been evaluated at
an accredited and licensed evaluation facility conformance to Common Criteria for IT Security Evaluation,
version 3.1,revision 4, using Common Methodology for IT Products Evaluation, version 3.1, revision 4. This
certification report and the associated Common Criteria document apply only to the identified version and
release of the product in its evaluated configuration. Evaluation has been conducted in accordance with the
provisions of the CCCS, and the conclusions of the evaluation facility in the evaluation report are consistent
with the evidence adduced. This report and its associated Common Criteria document are not an endorsement
of the product by the Turkish Standardization Institution, or any other organization that recognizes or gives
effect to this report and its associated Common Criteria document, and no warranty is given for the product by
the Turkish Standardization Institution, or any other organization that recognizes or gives effect to this report
and its associated Common Criteria document.
BİLİŞİM TEKNOLOJİLERİ
TEST VE BELGELENDİRME
DAİRESİ BAŞKANLIĞI /
INFORMATION TECHNOLOGIES TEST AND
CERTIFICATION DEPARTMENT
Doküman No BTBD-03-01-FR-01
CCCS CERTIFICATION REPORT
Yayın Tarihi 30/07/2015
RevizyonTarihi 29/04/2016 No 05
Sayfa 5/23
Bu dokümanın güncelliği, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir.
FOREWORD
The Certification Report is drawn up to submit the Certification Commission the results and evaluation
information upon the completion of a Common Criteria evaluation service performed under the Common
Criteria Certification Scheme. Certification Report covers all non-confidential security and technical
information related with a Common Criteria evaluation which is made under the ITCD Common Criteria
Certification Scheme. This report is issued publicly to and made available to all relevant parties for reference
and use.
The Common Criteria Certification Scheme (CCSS) provides an evaluation and certification service to ensure
the reliability of Information Security (IS) products. Evaluation and tests are conducted by a public or
commercial Common Criteria Evaluation Facility (CCTL = Common Criteria Testing Laboratory) under
CCCS’ supervision.
CCEF is a facility, licensed as a result of inspections carried out by CCCS for performing tests and evaluations
which will be the basis for Common Criteria certification. As a prerequisite for such certification, the CCEF
has to fulfill the requirements of the standard ISO/IEC 17025 and should be accredited by accreditation bodies.
The evaluation and tests related with the concerned product have been performed by Beam Technology Testing
Facility, which is a commercial CCTL.
A Common Criteria Certificate given to a product means that such product meets the security requirements
defined in its security target document that has been approved by the CCCS. The Security Target document is
where requirements defining the scope of evaluation and test activities are set forth. Along with this
certification report, the user of the IT product should also review the security target document in order to
understand any assumptions made in the course of evaluations, the environment where the IT product will run,
security requirements of the IT product and the level of assurance provided by the product.
This certification report is associated with the Common Criteria Certificate issued by the CCCS for N-PosCore
v.2.0.0.31 whose evaluation was completed on September 27, 2017 and whose evaluation technical report was
drawn up by TÜBİTAK BİLGEM OKTEM (as CCTL), and with the Security Target document with version no
2.3 of the relevant product.
The certification report, certificate of product evaluation and security target document are posted on the ITCD
Certified Products List at bilisim.tse.org.tr portal and the Common Criteria Portal (the official web site of the
Common Criteria Project).
BİLİŞİM TEKNOLOJİLERİ
TEST VE BELGELENDİRME
DAİRESİ BAŞKANLIĞI /
INFORMATION TECHNOLOGIES TEST AND
CERTIFICATION DEPARTMENT
Doküman No BTBD-03-01-FR-01
CCCS CERTIFICATION REPORT
Yayın Tarihi 30/07/2015
RevizyonTarihi 29/04/2016 No 05
Sayfa 6/23
Bu dokümanın güncelliği, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir.
RECOGNITION OF THE CERTIFICATE
The Common Criteria Recognition Arrangement logo is printed on the certificate to indicate that this certificate
is issued in accordance with the provisions of the CCRA.
The CCRA has been signed by the Turkey in 2003 and provides mutual recognition of certificates based on the
CC evaluation assurance levels up to and including EAL2. The current list of signatory nations and approved
certification schemes can be found on:
http://www.commoncriteriaportal.org.
BİLİŞİM TEKNOLOJİLERİ
TEST VE BELGELENDİRME
DAİRESİ BAŞKANLIĞI /
INFORMATION TECHNOLOGIES TEST AND
CERTIFICATION DEPARTMENT
Doküman No BTBD-03-01-FR-01
CCCS CERTIFICATION REPORT
Yayın Tarihi 30/07/2015
RevizyonTarihi 29/04/2016 No 05
Sayfa 7/23
Bu dokümanın güncelliği, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir.
1 - EXECUTIVE SUMMARY
1.1 TOE Overview
The TOE addressed by this certification report is an application software and crypto library which is the main
items of a Fiscal Cash Register (FCR). TOE is used to process the transaction amount of purchases which can
be viewed by both seller and buyer. Since transaction amount is used to determine tax revenues; secure
processing, storing and transmission of this data is very important.
The FCR is mandatory for first-and second-class traders. FCR is not mandatory for sellers who sell the goods
back to its previous seller completely the same as the purchased good.
FCR consists of different parts. The TOE being the main item of an FCR named as N-PosCore, there are also
several additional components necessary to get a fully functional FCR.
N-PosCore v.2.0.0.31 (TOE) is used as the fiscal application software for the FCR devices that satisfies the
operational environment requirements and component properties defined in the Security Target.
TOE is providing the following functionalities as well as the security functions stated in the Security Target;
• Dynamic promotion support
• Product description in detail for the goods in sale
• User friendly interface designed with consideration of user experience
• Single-click sales via touch screen
• On-Line and Off-Line execution
• Receipt upon completion of transaction
• Customizable user screen and receipt templates
• Providing additional fields for end of receipts
• Alert of users in defined circumstances
• Advanced search capabilities for product with the support of single-click sales
• N-PosCore aided Z-Reports at the end of the day
• Unlimited definition of cash in/out process type
• Sales with 6 different foreign currencies
• Exporting a receipt to an invoice
• Automated preparation of expense invoice
• Unlimited number of authorized user
• Follow-up incentives for the authorized users based of sales
• Exporting sales report per authorized user
• Detailed reporting for the data on Daily Memory, Fiscal Memory and ERU.
1.2 Threats
BİLİŞİM TEKNOLOJİLERİ
TEST VE BELGELENDİRME
DAİRESİ BAŞKANLIĞI /
INFORMATION TECHNOLOGIES TEST AND
CERTIFICATION DEPARTMENT
Doküman No BTBD-03-01-FR-01
CCCS CERTIFICATION REPORT
Yayın Tarihi 30/07/2015
RevizyonTarihi 29/04/2016 No 05
Sayfa 8/23
Bu dokümanın güncelliği, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir.
Threats Definition
T.AccessControl • Adverse action: Authenticated users could try to use functions which are not
allowed. (e.g. FCR Authorised User gaining access to FCR Authorised
Manufacturer User functions)
• Threat agent: An attacker who has basic attack potential and has logical
access to FCR.
• Asset: Event data, sales data, time information.
T.Authentication • Adverse action: Unauthenticated users could try to use FCR functions except
doing fiscal sales and taking reports which are not fiscal.
• Threat agent: An attacker who has basic attack potential, has logical and
physical access to the FCR.
• Asset: Sales data, event data, time information.
T.MDData • Adverse action: This threat deals with five types of data: event data, sales
data, characterization data, authentication data and FCR parameters.
o An attacker could try to manipulate the event data to hide its actions
and unauthorised access to the FCR, failure reports, and deletion of
logs. An attacker also could try to disclose important events while
transmitted between PRA-IS and FCR.
o An attacker could try to manipulate or delete the sales data generated
by TOE which may result in tax fraud. In addition, an attacker also
could try to disclose sales data while transmitted between PRA-IS
and FCR. Manipulation and deletion of sales data located in FCR
may be caused by magnetic and electronic reasons.
o An attacker could try to manipulate the characterization data to cover
information about tax fraud; to masquerade the user identity.
o An attacker could try to manipulate the FCR parameters to use FCR
in undesired condition.
o An attacker also could try to disclose and modify authentication data
in FCR to gain access to functions which are not allowed to his/her.
• Threat agent: An attacker who has basic attack potential, has physical and
logical access to the FCR.
• Asset: Event data, sales data, characterization data, FCR parameters and
authentication data.
BİLİŞİM TEKNOLOJİLERİ
TEST VE BELGELENDİRME
DAİRESİ BAŞKANLIĞI /
INFORMATION TECHNOLOGIES TEST AND
CERTIFICATION DEPARTMENT
Doküman No BTBD-03-01-FR-01
CCCS CERTIFICATION REPORT
Yayın Tarihi 30/07/2015
RevizyonTarihi 29/04/2016 No 05
Sayfa 9/23
Bu dokümanın güncelliği, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir.
T.Eavesdrop • Adverse action: An attacker could try to eavesdrop event data, sales data and
characterization data transmitted between the TOE and the PRA-IS and also
between the TOE and the distributed memory units (Fiscal Memory,
Database, Daily Memory and ERU).
• Threat agent: An attacker who has basic attack potential, has physical access
to the FCR and physical access to the FCR communication channel.
• Asset: Characterization data, sales data, and event data.
T.Skimming • Adverse action: An attacker could try to imitate TSM to set parameters to
FCR via the communication channel.
• Threat agent: An attacker who has basic attack potential and logical access
to the FCR.
• Asset: FCR parameters.
T.Counterfeit • Adverse action: An attacker could try to imitate FCR by using sensitive data
while communicating with PRA-IS and TSM to cover information about tax
fraud.
• Threat agent: An attacker who has basic attack potential and has physical
and logical access to the FCR.
• Asset: Sensitive data.
T. Server
counterfeiting
• Adverse action: An attacker could try to imitate PRA-IS by changing server
certificates (PPRA and PPRA-SIGN) in FCR. In this way, the attacker could
try to receive information from FCR.
• Threat agent: An attacker who has basic attack potential, has physical and
logical access to the FCR.
• Asset: Server Certificates
T.Malfunction • Adverse action: An attacker may try to use FCR out of its normal
operational conditions to cause malfunction without the knowledge of TOE.
• Threat agent: An attacker who has basic attack potential, has physical access
to the FCR.
• Asset: Sales data, event data.
BİLİŞİM TEKNOLOJİLERİ
TEST VE BELGELENDİRME
DAİRESİ BAŞKANLIĞI /
INFORMATION TECHNOLOGIES TEST AND
CERTIFICATION DEPARTMENT
Doküman No BTBD-03-01-FR-01
CCCS CERTIFICATION REPORT
Yayın Tarihi 30/07/2015
RevizyonTarihi 29/04/2016 No 05
Sayfa 10/23
Bu dokümanın güncelliği, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir.
T.ChangingTime • Adverse action: An attacker may try to change time to invalidate the
information about logged events and reports in FCR.
• Threat agent: An attacker who has basic attack potential, has physical and
logical access to the FCR.
• Asset: Time Information.
Table 1: Threats
BİLİŞİM TEKNOLOJİLERİ
TEST VE BELGELENDİRME
DAİRESİ BAŞKANLIĞI /
INFORMATION TECHNOLOGIES TEST AND
CERTIFICATION DEPARTMENT
Doküman No BTBD-03-01-FR-01
CCCS CERTIFICATION REPORT
Yayın Tarihi 30/07/2015
RevizyonTarihi 29/04/2016 No 05
Sayfa 11/23
Bu dokümanın güncelliği, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir.
2 CERTIFICATION RESULTS
2.1 Identification of Target of Evaluation
Certificate Number 21.0.03/TSE-CCCS-46
TOE Name and Version N-PosCore v.2.0.0.31
Security Target Title N-PosCore v.2.0.0.31 Security Target
Security Target Version v2.3
Security Target Date September 26, 2017
Assurance Level EAL2
Criteria • Common Criteria for Information Technology Security
Evaluation, Part 1: Introduction and General Model; CCMB-
2012-09-001, Version 3.1, Revision 4, September 2012
• Common Criteria for Information Technology Security
Evaluation, Part 2: Security Functional Components; CCMB-
2012-09-002, Version 3.1 Revision 4, September 2012
• Common Criteria for Information Technology Security
Evaluation, Part 3: Security Assurance Components; CCMB-
2012-09-003, Version 3.1 Revision 4, September 2012
Methodology Common Criteria for Information Technology Security Evaluation,
Evaluation Methodology; CCMB-2012-09-004, Version 3.1, Revision
4, September 2012
Protection Profile Conformance NEW GENERATION CASH REGISTER FISCAL APPLICATON
SOFTWARE 2.0 (TSE-CCCS/PP-007)
Common Criteria Conformance • Common Criteria for Information Technology Security
Evaluation, Part 1: Introduction and General Model, Version 3.1,
Revision 4, September 2012
• Common Criteria for Information Technology Security
Evaluation, Part 2: Security Functional Components, Version
3.1, Revision 4, September 2012, extended
• Common Criteria for Information Technology Security
Evaluation, Part 3: Security Assurance Components, Version
3.1, Revision 4, September 2012, conformant
Sponsor and Developer EnPOS Bilişim Sanayi ve Ticaret A.Ş.
Evaluation Facility TÜBİTAK BİLGEM OKTEM
Certification Scheme TSE CCCS
2.2 Security Policy
The TOE is used as part of a FCR which is an electronic device for calculating and recording sales transactions
and for printing receipts. TOE provides the following services;
1. TOE supports storing sales data in fiscal memory.
2. TOE supports storing for each receipt the total receipt amount and total VAT amount in daily memory.
3. TOE supports generating reports (X report, Z report etc.).
BİLİŞİM TEKNOLOJİLERİ
TEST VE BELGELENDİRME
DAİRESİ BAŞKANLIĞI /
INFORMATION TECHNOLOGIES TEST AND
CERTIFICATION DEPARTMENT
Doküman No BTBD-03-01-FR-01
CCCS CERTIFICATION REPORT
Yayın Tarihi 30/07/2015
RevizyonTarihi 29/04/2016 No 05
Sayfa 12/23
Bu dokümanın güncelliği, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir.
4. TOE supports transmitting Z reports, receipt information, sale statistics and other information
determined by PRA to PRA-IS in PRA Messaging Protocol format.
5. TOE stores records of important events as stated in PRA Messaging Protocol document and transmits to
PRA-IS in PRA Messaging Protocol [6] format in a secure way.
6. TOE supports using by authorized user or authorized manufacturer user and using in secure state mode
or maintenance mode.
The security policy is expressed by the set of Security Functional Requirements and implemented by the TOE.
It covers the following issues:
1. TOE supports access control.
2. TOE is able to detect disconnection between main processor and fiscal memory and should enter into
the maintenance mode.
3. TOE supports usage of ITU X509 v3 formatted certificate and its protected private key for
authenticating against PRA-IS and establishing a secure communication with PRA-IS and TSM.
4. TOE supports secure communication between FCR, PRA-IS and FCR TSM.
5. TOE supports secure communication with EFT-POS/ SMART PINPAD
6. TOE ensures the integrity of event data, sales data, authentication data, characterization data and FCR
parameters.
7. TOE records important events given in PRA Messaging Protocol document and send urgent event data
to PRA-IS in a secure way.
8. TOE detects physical attacks to FCR and enters into the maintenance mode in such cases.
2.3 Assumptions and Clarification of Scope
Policy Definition
P.Certificate It has to be assured that certificate which is installed at initialization step is
compatible with ITU X.509 v3 format. FCR contains;
• FCR certificate,
• Certification Authority root and sub-root (subordinate) certificates that are
used for verification of all certificates that are produced by Certification
Authority,
• PPRA certificate that is used for key transport process between FCR and
PRA-IS,
• PPRA-SIGN certificate that is used by TOE for signature verification
• UpdateControl certificate that is used to verify the signature of the TOE.
P.Certificates
Installation
It has to be assured that environment of TOE provides secure installation of
certificates (PPRA PPRA-SIGN , Certification Authority root and sub-root
certificates, Update Control certificate, FCR certificates if handled as soft ) into the
FCR at initialization phase. Before the installation of certificates, it has to be
assured that asymmetric key pair is generated in a manner which maintains
security posture.
BİLİŞİM TEKNOLOJİLERİ
TEST VE BELGELENDİRME
DAİRESİ BAŞKANLIĞI /
INFORMATION TECHNOLOGIES TEST AND
CERTIFICATION DEPARTMENT
Doküman No BTBD-03-01-FR-01
CCCS CERTIFICATION REPORT
Yayın Tarihi 30/07/2015
RevizyonTarihi 29/04/2016 No 05
Sayfa 13/23
Bu dokümanın güncelliği, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir.
P.Comm_EXT -
Communication
between TOE and
External Device
It has to be assured that communication between TOE and external devices is used
to encrypted using AES algorithm with 256 bits according to External Device
Communication Protocol Document [7].
P.InformationLeakage
- Information leakage
from FCR
It has to be assured that TOE’s environment provides a secure mechanism which
prevents attacker to obtain sensitive information (private key) when FCR performs
signature operation; i.e by side channel attacks like SPA (Simple Power Analysis),
SEMA (Simple Electromagnetic Analysis), DPA (Differential Power
Analysis), DEMA (Differential Electromagnetic Analysis).
P.SecureEnvironment It has to be assured that environment of TOE senses disconnection between fiscal
memory and main processor. Then TOE enters into the maintenance mode and logs
urgent event. It has to be assured that fiscal memory doesn't accept transactions
with negative amounts which results in a decrease of total tax value. It has to be
assured that environment of TOE provides a mechanism that sales data in daily
memory which is not reflected to the fiscal memory cannot be deleted and
modified in an uncontrolled way. It has to be assured that sales data in ERU cannot
be deleted and modified.
P.PhysicalTamper It has to be assured that TOE environment and TOE provide a tamper respondent
system which is formed by electromechanical seals. It has to be assured that
physical tampering protection system protects the keys (asymmetric key,
symmetric key), the certificates, event data, characterization data, FCR parameters
and sales data in FCR. It has to be assured that TOE logs this type of events and
enters into the maintenance mode when physical tampering protection system
detect unauthorized access. It has to be assured that authorised access such as
maintenance work or service works are logged.
It has to be also assured that physical tampering protection system (mesh cover)
protects fiscal memory.
P.PKI - Public key
infrastructure
It has to be assured that IT environment of the TOE provides public key
infrastructure for encryption, signing and key agreement.
P.UpdateControl TOE is allowed to be updated by only TSM or Authorized Manufacturer User to
avoid possible threats during this operation, FCR shall verify the signature of the
new version of TOE to ensure that the TOE to be updated is signed by the correct
organization. Thus, the TOE to be updated is ensured to be the correct certified
version because only the certified versions will be signed. In addition, FCR shall
check version of TOE to ensure that it is the latest version.
Table 2: Organizational Security Policies
Assumption Definition
A.TrustedManufacturer It is assumed that manufacturing is done by trusted manufacturers. They process
manufacturing step in a manner which maintains IT security.
A.Control It is assumed that PRA-IS personnel performs random controls on FCR. During
control PRA-IS should check if tax amount, total amount printed on receipt and
sent to PRA-IS is the same. In addition to this, a similar check should be
processed for events as well.
BİLİŞİM TEKNOLOJİLERİ
TEST VE BELGELENDİRME
DAİRESİ BAŞKANLIĞI /
INFORMATION TECHNOLOGIES TEST AND
CERTIFICATION DEPARTMENT
Doküman No BTBD-03-01-FR-01
CCCS CERTIFICATION REPORT
Yayın Tarihi 30/07/2015
RevizyonTarihi 29/04/2016 No 05
Sayfa 14/23
Bu dokümanın güncelliği, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir.
A.Initialisation It is assumed that environment of TOE provides secure initialization steps.
Initialization step consists of secure boot of operating systems, and integrity
check for TSF data. Moreover, if certificate is handled as soft (not in the
smartcard) it is assumed that environment of TOE provides secure installation of
it to the FCR in initialization phase. Before certificate installation it is assumed
that asymmetric key pair generated in a manner which maintains security
posture.
A.TrustedUser User is assumed to be trusted. It is assumed that for each sale a sales receipt is
provided to the buyer.
A.Activation It is assumed that environment of TOE provides secure activation steps at the
beginning of the TOE operation phase and after each maintenance process.
A.AuthorisedService It is assumed that repairing is done by trusted authorised services. The repairing
step is processed in a manner which maintains legal limits.
A.Ext_Key It is assumed that External Device (EFT-POS/SMART PINPAD) generates
strong key for communicating with TOE and stores it in a secure way.
A.Ext_Device Pairing It is assumed that External Device and TOE are paired by Authorised Service.
Table 3: Assumptions
2.4 Architectural Information
2.4.1 Logical Scope
The logical scope of the TOE consists of the security functional features of the fiscal application software
which is subject to a common criteria evaluation. The following security functions are in the logical scope of
TOE;
• Audit/Event Log: The function which generates and stored the events data according to the PRA
Messaging Protocol and the SFRs stated in the Security Target.
• Cryptography: The Cryptographic Libraries which are used by TSF for cryptographic operations like
encrypt and decrypt of imported and exported data. This function also covers the key generation and
destruction.
• Identification and Authentication: TOE has various user roles and access rights during normal operation
and an identification and authentication function controls the user identification and authentication
securely.
• Access Control: The access rights in the TOE are controlled with an access control policies and
functions. This function is enforced during authentication and data export. Also TOE enforces
information flow control policy for EFT-POS/SMART PINPAD and TSM.
• Data Integrity: TOE protects the integrity of stored and exported data with the support of a TSF.
• Import/Export: Data import and export are handled securely with an enforced policy with the control of
a TSF.
• TSF Protection: TSF protects the secure operation and in any case of defined corruptions TOE switches
to maintenance mode to continue protecting its core functionality.
• TOE Self Testing: TOE conducts self-testing of its functionality during initial startup.
BİLİŞİM TEKNOLOJİLERİ
TEST VE BELGELENDİRME
DAİRESİ BAŞKANLIĞI /
INFORMATION TECHNOLOGIES TEST AND
CERTIFICATION DEPARTMENT
Doküman No BTBD-03-01-FR-01
CCCS CERTIFICATION REPORT
Yayın Tarihi 30/07/2015
RevizyonTarihi 29/04/2016 No 05
Sayfa 15/23
Bu dokümanın güncelliği, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir.
• Security Management: TSF provides the security functions and restrict the access to these functions
with specific capabilities defined in the security target.
2.4.2 Physical Scope
Figure-1 The connections between control cards in Fiscal unit and CPU and memories
2.4.3 Software environment of TOE
Application runs at the top of an operating system’s kernel, file-system as in a typical software environment.
This structure is shown in Table 4.
File System
Operating System Kernel
Table 4 Typical software environment of TOE
In addition to TOE, following software components are necessary for security and functionality of the FCR:
BİLİŞİM TEKNOLOJİLERİ
TEST VE BELGELENDİRME
DAİRESİ BAŞKANLIĞI /
INFORMATION TECHNOLOGIES TEST AND
CERTIFICATION DEPARTMENT
Doküman No BTBD-03-01-FR-01
CCCS CERTIFICATION REPORT
Yayın Tarihi 30/07/2015
RevizyonTarihi 29/04/2016 No 05
Sayfa 16/23
Bu dokümanın güncelliği, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir.
• FCR operating system which supports following features
o at least 32-bit data processing capacity
o multi-processing
o IPv4 and IPv6
o NTP (Network Time Protocol)
• MSSQL 2008 Express or higher database which is used to store sales data, has the following features;
o Database has data recording, organizing, querying, reporting features
o Database stores sales records for main product groups (food, clothing, electronics, glassware
etc.) and sub-product groups (milk, cigarette, fruit, trousers etc.) in order to track detailed
statistics
o Database has indexing mechanism
2.4.4 Hardware Environment of TOE
In addition to TOE, following hardware components are necessary for security and functionality of the FCR:
• Fiscal memory
o Fiscal memory has following features;
1. Fiscal memory has the capacity to store at least 10 years (3650 days) of data,
2. Fiscal memory keeps data at least 5 years after the capacity specified in (a) has been reached,
3. Fiscal memory is to be fixed in FCR in a way that it cannot be removed without damaging
the chassis.
4. Fiscal memory is protected with mesh cover,
5. Fiscal memory has the ability to protect against magnetic and electronic threats, When the
Fiscal memory and main processor interconnection is interrupted, FCR will begin to run in
maintenance mode,
6. The data stored in the fiscal memory shouldn't be lost in case of power off,
7. Fiscal Memory accepts only positive amounts from the application and the peripherals,
8. FCR checks "Z" reports from fiscal memory during device start-up. In case there are days for
which Z report was not generated, FCR will be able to run in normal mode only after it
generates Z reports for the missing days. Seasonal firms can take cumulative Z report by
specifying date and time range.
o Fiscal Memory includes following data;
1. Fiscal symbol, company code, identification number of the device,
2. Cumulative sum of the total sales amount and Value Added Tax (VAT) amounts of all sales
receipts, starting from the device activation (i.e. first use),
3. Date and number of daily "Z" reports with total sales and VAT per day,
4. The number of receipts per day.
• Daily memory
o Daily memory has following features;
1. Receipt total and total VAT amount for each receipt are to be stored in the daily memory
instantly. This data can be transmitted to PRA - IS, instantly or daily depending on demand.
BİLİŞİM TEKNOLOJİLERİ
TEST VE BELGELENDİRME
DAİRESİ BAŞKANLIĞI /
INFORMATION TECHNOLOGIES TEST AND
CERTIFICATION DEPARTMENT
Doküman No BTBD-03-01-FR-01
CCCS CERTIFICATION REPORT
Yayın Tarihi 30/07/2015
RevizyonTarihi 29/04/2016 No 05
Sayfa 17/23
Bu dokümanın güncelliği, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir.
2. Data in the daily memory which is not already transmitted to fiscal memory, cannot be
modified in an uncontrolled way.
3. Data transmitted from daily memory to fiscal memory is to be kept in daily memory for at
least 10 days.
4. Z reports, taken at the end of the day; and X reports, taken within the current day are
produced by using the data in the daily memory.
o Following values are stored in the daily memory
1. total VAT amount per day,
2. total daily sales values per day grouped by payment type
3. payment type (Cash, credit card etc.)
4. number of receipts.
• FCR supports X.509 formatted digital certificate generated by Authorized Certificate Authority. This
Public Key Infrastructure(PKI) compatible digital certificate is called fiscal certificate and is used for
authentication and secure communication between PRA-IS and FCR through Trusted Service Manager
(TSM). For physical security, FCR is protected by electronic and mechanic systems called electronic
seal. FCR uses cryptographic library for secure communication with PRA-IS and TSM
• Electronic Record Unit (ERU) is used to keep second copy of the receipt and has following features;
1. ERU stores information about receipts and FCR reports (except ERU reports) in a retrievable form.
2. ERU has at least 1.2 million row capacity. ERU may be included in the sealed part of the FCR. In
this case ERU must have at least 40 million row capacity
3. Data stored in ERU cannot be modified
4. ERU also has features specified in “Fiscal Cash Register General Communique Serial Number: 67”
part A which is about Law No: 3100 except item (ii) above.
• FCR device has ETHERNET interface for communication with PRA-IS (for data transfer) and TSM
system (for parameter management and software update). External ETHERNET may be accepted as
internal in case the data is encrypted in fiscal unit.
• Incoming and outgoing data traffic for FCR passes over a firewall.
• FCR has a printer to print sales receipt.
• FCR supports the use of EFTPOS/SMART PINPAD.
• FCR needs some input/output devices for functionalities listed below;
1. FCR has separate displays for cashier and buyer
2. FCR has a keyboard unit
3. FCR has money drawer for keeping cash
4. FCR has internal battery to keep time information, to protect event data and fiscal memory.
5. FCR has serial I/O port for barcode reader.
2.5 Documentation
These documents listed below are provided to customer by the developer alongside the TOE:
BİLİŞİM TEKNOLOJİLERİ
TEST VE BELGELENDİRME
DAİRESİ BAŞKANLIĞI /
INFORMATION TECHNOLOGIES TEST AND
CERTIFICATION DEPARTMENT
Doküman No BTBD-03-01-FR-01
CCCS CERTIFICATION REPORT
Yayın Tarihi 30/07/2015
RevizyonTarihi 29/04/2016 No 05
Sayfa 18/23
Bu dokümanın güncelliği, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir.
Document Name Version Release Date
N-PosCore v.2.0.0.31 Security Target v2.3 September 26, 2017
NPC-AGD (Guidance Document) v.0.5 August 14, 2017
User Manual v0.2 August 14, 2017
Installation Procedures v0.7 August 14, 2017
Table-5 Documentation
2.6 IT Product Testing
During the evaluation, all evaluation evidences of TOE were delivered and transferred completely to CCTL by
the developers. All the delivered evaluation evidences which include software, documents, etc. are mapped to
the assurance families Common Criteria and Common Methodology; so the connections between the assurance
families and the evaluation evidences has been established. The evaluation results are available in the final
Evaluation Technical Report v2.0 of N-PosCore v.2.0.0.31. It is concluded that the TOE supports EAL 2.
IT Product Testing is mainly realized in two parts:
1-Developer Testing: (27 Tests)
• TOE Test Coverage: Developer has prepared TOE Test Document according to the TOE Functional
Specification documentation.
• TOE Functional Testing: Developer has made functional tests according to the test documentation.
Test plans, test scenarios, expected test results and actual test results are in the test documentation.
2- Evaluator Testing:
Independent Testing: The evaluator conducted testing using 9 of developer tests found in the developer’s test
plan and procedures. Additionally, the evaluator conducted 46 independent tests prepared by the evaluators
themselves. All off these tests have ensured that TOE is capable of demonstrating the functional requirements
stated in security document. TOE has successfully passed all tests.
Penetration Testing: Evaluator has done 10 penetration tests to find out if TOE`s vulnerabilities can be used
for malicious purposes. During devising the tests, a flaw hypothesis was prepared considering:
• SFRs in security target,
• Architectural elements in architecture document,
• Guidance documents,
• Internet search for publicly known vulnerabilities of TOE and tools used to create TOE etc.
TOE has successfully passed all tests.
2.7 Evaluated Configuration
N-PosCore v.2.0.0.31 has been evaluated under the configuration below:
Cash Registry Model: Enpos YN200
BİLİŞİM TEKNOLOJİLERİ
TEST VE BELGELENDİRME
DAİRESİ BAŞKANLIĞI /
INFORMATION TECHNOLOGIES TEST AND
CERTIFICATION DEPARTMENT
Doküman No BTBD-03-01-FR-01
CCCS CERTIFICATION REPORT
Yayın Tarihi 30/07/2015
RevizyonTarihi 29/04/2016 No 05
Sayfa 19/23
Bu dokümanın güncelliği, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir.
Main Processor: Intel AtomTM Processors D2550
Processor Features: Dual Core, 1M Cache, 1.86GHz, 10W, BGA 559 packaging technology, 32nm process
technology
Security Processor: Atmel AT90SC25672RCT in SafeNet eToken 5100
Security Processor Features: (EAL4+(AVA_VAN.5) and FIPS 140-2 Level 3 certified)
Physical Features of the Device:
• Tamper Detection
• Mesh Detection
• Fiscal Memory Disconnection
Piller:
• ER26500 (9000mAh): For safety of the Electro-mechanic Seal Mechanism
• CR2032 (220mAh): To keep time information
2.8 Results of the Evaluation
The verdict for the CC Part 3 assurance components (according to EAL2 and the security target evaluation) is
summarized in the following table:
Assurance Class Component ID Component Title Verdict
ADV: Development
ADV_ARC.1 Security architecture description PASS
ADV_FSP.2 Security-enforcing functional specification PASS
ADV_TDS.1 Basic design PASS
AGD: Guidance documents
AGD_OPE.1 Operational user guidance PASS
AGD_PRE.1 Preparative procedures PASS
ALC: Life-cycle support
ALC_CMC.2 Use of a CM system PASS
ALC_CMS.2 Parts of the TOE CM coverage PASS
ALC_DEL.1 Delivery procedures PASS
ASE: Security Target
evaluation
ASE_CCL.1 Conformance claims PASS
ASE_ECD.1 Extended components definition PASS
ASE_INT.1 ST introduction PASS
ASE_OBJ.2 Security objectives PASS
ASE_REQ.2 Security requirements PASS
ASE_SPD.1 Security problem definition PASS
ASE_TSS.1 TOE summary specification PASS
ATE: Tests
ATE_COV.1 Evidence of coverage PASS
ATE_FUN.1 Functional testing PASS
ATE_IND.2 Independent testing - sample PASS
AVA: Vulnerability
assessment
AVA_VAN.2 Vulnerability analysis PASS
BİLİŞİM TEKNOLOJİLERİ
TEST VE BELGELENDİRME
DAİRESİ BAŞKANLIĞI /
INFORMATION TECHNOLOGIES TEST AND
CERTIFICATION DEPARTMENT
Doküman No BTBD-03-01-FR-01
CCCS CERTIFICATION REPORT
Yayın Tarihi 30/07/2015
RevizyonTarihi 29/04/2016 No 05
Sayfa 20/23
Bu dokümanın güncelliği, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir.
Table-6 Results of the evaluation
2.9 Evaluator Comments / Recommendations
No recommendations or comments have been communicated to CCCS by the evaluators related to the
evaluation process of “N-PosCore v.2.0.0.31” product, result of the evaluation, or the ETR.
BİLİŞİM TEKNOLOJİLERİ
TEST VE BELGELENDİRME
DAİRESİ BAŞKANLIĞI /
INFORMATION TECHNOLOGIES TEST AND
CERTIFICATION DEPARTMENT
Doküman No BTBD-03-01-FR-01
CCCS CERTIFICATION REPORT
Yayın Tarihi 30/07/2015
RevizyonTarihi 29/04/2016 No 05
Sayfa 21/23
Bu dokümanın güncelliği, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir.
3 SECURITY TARGET
The security target associated with this Certification Report is identified by the following terminology:
Title: N-PosCore v.2.0.0.31 Security Target
Version: 2.3
Date of Document: September 26, 2017
This Security Target describes the TOE, intended IT environment, security objectives, security requirements
(for the TOE and IT environment), TOE security functions and all necessary rationale.
BİLİŞİM TEKNOLOJİLERİ
TEST VE BELGELENDİRME
DAİRESİ BAŞKANLIĞI /
INFORMATION TECHNOLOGIES TEST AND
CERTIFICATION DEPARTMENT
Doküman No BTBD-03-01-FR-01
CCCS CERTIFICATION REPORT
Yayın Tarihi 30/07/2015
RevizyonTarihi 29/04/2016 No 05
Sayfa 22/23
Bu dokümanın güncelliği, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir.
4 ACRONYMS
AES : Advanced Encryption Standard
CC : Common Criteria
CCMB : Common Criteria Management Board
DEMA : Differential Electromagnetic Analysis
DFA : Differential Fault Analysis
DPA : Differential Power Analysis
EAL : Evaluation Assurance Level (defined in CC)
EFT-POS : Electronic Funds Transfer at Point of Sale
ERU : Electronic Recording Unit
FCR : Fiscal Cash Register
FCRAS : Fiscal Cash Register Application Software
GMP : GIB Messaging Protocol
IT : Information Technology
ITU : International Telecommunication Union
OSP : Organizational Security Policy
PP : Protection Profile
PKI : Public Key Infrastructure
PRA : Presidency of Revenue Administration
PRA-IS : Presidency of Revenue Administration Information Systems
SAR : Security Assurance Requirements
SEMA : Simple Electromagnetic Analysis
SFR : Security Functional Requirements
SHA : Secure Hash Algorithm
SPA : Simple Power Analysis
SSL - CA : Secure Sockets Layer - Client Authentication
ST : Security Target
TOE : Target of Evaluation
TSF : TOE Security Functionality (defined in CC)
TSE : Türk Standartları Enstitüsü
TSM : Trusted Service Manager
VAT : Value Added Tax
FMC : Peripheral’s control card of TOE
BİLİŞİM TEKNOLOJİLERİ
TEST VE BELGELENDİRME
DAİRESİ BAŞKANLIĞI /
INFORMATION TECHNOLOGIES TEST AND
CERTIFICATION DEPARTMENT
Doküman No BTBD-03-01-FR-01
CCCS CERTIFICATION REPORT
Yayın Tarihi 30/07/2015
RevizyonTarihi 29/04/2016 No 05
Sayfa 23/23
Bu dokümanın güncelliği, elektronik ortamda TSE Doküman Yönetim Sisteminden takip edilmelidir.
5 BIBLIOGRAPHY
[1] Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 4, September 2012
[2] Common Methodology for Information Technology Security Evaluation, CEM, Version 3.1 Revision 4,
September 2012
[3] BTBD-03-01-TL-01 Certification Report Preparation Instructions, Rel. Date: February 8, 2016
[4] ETR v2.0 of N-PosCore v.2.0.0.31, Rel. Date: September 27, 2017
[5] N-PosCore v.2.0.0.31 Security Target, Version 2.3, Rel. Date: September 26, 2017