| name |
CBB business application unit Version 1.0 |
CENTAGATE v3.010-build13 |
| category |
Other Devices and Systems |
Other Devices and Systems |
| scheme |
JP |
MY |
| status |
archived |
archived |
| not_valid_after |
10.12.2010 |
06.06.2022 |
| not_valid_before |
11.03.2005 |
06.06.2017 |
| cert_link |
None |
None |
| report_link |
https://www.commoncriteriaportal.org/files/epfiles/c0024_ecvr2.pdf |
https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/ISCB-5-RPT-C072-CR-v1.pdf |
| st_link |
https://www.commoncriteriaportal.org/files/epfiles/ |
https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/2017-05-08-CTG-ST-3.0.pdf |
| manufacturer |
The Bank of Tokyo-Mitsubishi/ MITSUBISHI ELECTRIC INFORMATION SYSTEMS CORPORATION |
SecureMetric Technology Sdn Bhd |
| manufacturer_web |
|
https://www.securemetric.com/ |
| security_level |
EAL2 |
EAL4+, ALC_FLR.2 |
| dgst |
dcf4627be41380b4 |
4149b933ed4230dd |
| heuristics/cert_id |
JISEC-CC-CRP-C0024 |
ISCB-3-RPT-C072-CR-v1 |
| heuristics/cert_lab |
[] |
[] |
| heuristics/cpe_matches |
{} |
{} |
| heuristics/verified_cpe_matches |
{} |
{} |
| heuristics/related_cves |
{} |
{} |
| heuristics/direct_transitive_cves |
{} |
{} |
| heuristics/indirect_transitive_cves |
{} |
{} |
| heuristics/extracted_sars |
{} |
ADV_TDS.3, AVA_VAN.3, ASE_CCL.1, ATE_FUN.1, ASE_OBJ.2, ASE_INT.1, ALC_CMC.4, ASE_REQ.2, AGD_PRE.1, ATE_IND.2, ATE_DPT.1, ASE_ECD.1, ALC_LCD.1, ALC_FLR.2, ASE_SPD.1, ATE_COV.2, ALC_DVS.1, ALC_TAT.1, AGD_OPE.1, ALC_CMS.4, ALC_DEL.1, ASE_TSS.1, ADV_ARC.1, ADV_FSP.4, ALC_FRL.2 |
| heuristics/extracted_versions |
1.0 |
3.010 |
| heuristics/prev_certificates |
{} |
{} |
| heuristics/next_certificates |
{} |
{} |
| heuristics/report_references/directly_referenced_by |
{} |
{} |
| heuristics/report_references/directly_referencing |
{} |
{} |
| heuristics/report_references/indirectly_referenced_by |
{} |
{} |
| heuristics/report_references/indirectly_referencing |
{} |
{} |
| heuristics/scheme_data |
- cert_id: JISEC-CC-CRP-C0024
- certification_date: 01.03.2005
- claim: EAL2
- enhanced:
- assurance_level: EAL2
- description: PRODUCT DESCRIPTION TOE is a unit mounted in the banking terminal "CBB terminal" provided a convenience store, and consists of application software and a tamper-resistant security hard ware board "TURBOMISTY". By using a CBB terminal, customer can take a banking service at a convenience store without having to visit a bank branch. For providing with these services securely, TOE has several functions as well as application registration, receiving application form and data communication, with a security function to keep a confidentiality of the personal identification number.
- evaluation_facility: Electronic Commerce Security Technology Laboratory Inc.
- product: CBB business application unit
- product_type: IT product (data protection function in a terminal for banking services)
- toe_version: Version 1.0
- vendor: The Bank of Tokyo-Mitsubishi UFJ, Ltd. / MITSUBISHI ELECTRIC INFORMATION SYSTEMS CORPORATION
- expiration_date: 01.01.2011
- supplier: The Bank of Tokyo-Mitsubishi UFJ,Ltd./ MITSUBISHI ELECTRIC INFORMATION SYSTEMS CORPORATION
- toe_japan_link: https://www.ipa.go.jp/en/security/jisec/software/certified-cert/c0024_it4036.html
- toe_japan_name: CBB business application unit Version 1.0
- toe_overseas_link: None
- toe_overseas_name: -----
|
- cert_no: 2017-003-C072
- certification_date: 06.06.2017
- developer: SecureMetric Technology Sdn. Bhd.
- enhanced:
- assurance_level: EAL4+ ALC_FLR.2
- category: Other Devices and Systems
- cert_id: C072
- certification_date: 06.06.2017
- developer: Nickson YauSecureMetric Technology Sdn Bhd2-2, Incubator 2,Technology Park Malaysia,Lebuh Sg. Besi - Puchong, Bukit Jalil57000, Kuala Lumpur, Malaysia Email: [email protected]: 012 301 6966
- expiration_date: 06.06.2022
- mutual_recognition: CCRA
- product: CENTAGATE v3.010-build13
- report_link: https://iscb.cybersecurity.my/resources/document/mycc/mycpr/C072/ISCB-5-RPT-C072-CR-v1.pdf
- scope: CENTAGATE is an enterprise class authentication solution built on JEE technology, that enforce secure authentication for protected resources such as internal web applications. It operates through web interfaces and has the functionality that enables three-factor of authentications and risk-based scoring engine through accessibility of single sign-on (SSO). It consists of Web Application Server and Mobile Applications that supports Android and iOS platform. The following security functions are implemented by the TOE: Security Token Provision; Mobile Protection; Mobile PKI; Hybrid Risk Scoring Engine (Rule-based and Case-based); Cryptographic Module; Key Management System; Authentication Module; Web Administration Module; and Mobile Management Module
- status: Archive
- target_link: https://iscb.cybersecurity.my/resources/document/mycc/mycpr/C072/2017-05-08-CTG-ST-3.0.pdf
- type: Other devices and systems
- expiration_date: 06.06.2022
- level: EAL4+ ALC_FLR.2
- product: CENTAGATE v3.010-build13
- recognition: CCRA
- url: https://iscb.cybersecurity.my/index.php/certification/product-certification/mycc/archived-certified-products-and-systems/submission-view/143
|
| heuristics/st_references/directly_referenced_by |
{} |
{} |
| heuristics/st_references/directly_referencing |
{} |
{} |
| heuristics/st_references/indirectly_referenced_by |
{} |
{} |
| heuristics/st_references/indirectly_referencing |
{} |
{} |
| heuristics/protection_profiles |
{} |
{} |
| maintenance_updates |
|
|
| protection_profiles |
|
|
| protection_profile_links |
{} |
{} |
| pdf_data/cert_filename |
None |
None |
| pdf_data/cert_frontpage |
|
|
| pdf_data/cert_keywords/cc_cert_id |
|
|
| pdf_data/cert_keywords/cc_protection_profile_id |
|
|
| pdf_data/cert_keywords/cc_security_level |
|
|
| pdf_data/cert_keywords/cc_sar |
|
|
| pdf_data/cert_keywords/cc_sfr |
|
|
| pdf_data/cert_keywords/cc_claims |
|
|
| pdf_data/cert_keywords/vendor |
|
|
| pdf_data/cert_keywords/eval_facility |
|
|
| pdf_data/cert_keywords/symmetric_crypto |
|
|
| pdf_data/cert_keywords/asymmetric_crypto |
|
|
| pdf_data/cert_keywords/pq_crypto |
|
|
| pdf_data/cert_keywords/hash_function |
|
|
| pdf_data/cert_keywords/crypto_scheme |
|
|
| pdf_data/cert_keywords/crypto_protocol |
|
|
| pdf_data/cert_keywords/randomness |
|
|
| pdf_data/cert_keywords/cipher_mode |
|
|
| pdf_data/cert_keywords/ecc_curve |
|
|
| pdf_data/cert_keywords/crypto_engine |
|
|
| pdf_data/cert_keywords/tls_cipher_suite |
|
|
| pdf_data/cert_keywords/crypto_library |
|
|
| pdf_data/cert_keywords/vulnerability |
|
|
| pdf_data/cert_keywords/side_channel_analysis |
|
|
| pdf_data/cert_keywords/technical_report_id |
|
|
| pdf_data/cert_keywords/device_model |
|
|
| pdf_data/cert_keywords/tee_name |
|
|
| pdf_data/cert_keywords/os_name |
|
|
| pdf_data/cert_keywords/cplc_data |
|
|
| pdf_data/cert_keywords/ic_data_group |
|
|
| pdf_data/cert_keywords/standard_id |
|
|
| pdf_data/cert_keywords/javacard_version |
|
|
| pdf_data/cert_keywords/javacard_api_const |
|
|
| pdf_data/cert_keywords/javacard_packages |
|
|
| pdf_data/cert_keywords/certification_process |
|
|
| pdf_data/cert_metadata |
|
|
| pdf_data/report_filename |
c0024_ecvr2.pdf |
ISCB-5-RPT-C072-CR-v1.pdf |
| pdf_data/report_frontpage |
|
|
| pdf_data/report_keywords/cc_cert_id |
- JP:
- Certification No. C0024: 1
|
- MY:
- ISCB-3-RPT-C072-CR-v1: 28
|
| pdf_data/report_keywords/cc_protection_profile_id |
|
|
| pdf_data/report_keywords/cc_security_level |
|
- EAL:
- EAL4: 5
- EAL4 augmented: 1
- EAL4+: 4
|
| pdf_data/report_keywords/cc_sar |
|
|
| pdf_data/report_keywords/cc_sfr |
|
|
| pdf_data/report_keywords/cc_claims |
|
|
| pdf_data/report_keywords/vendor |
|
|
| pdf_data/report_keywords/eval_facility |
|
|
| pdf_data/report_keywords/symmetric_crypto |
|
|
| pdf_data/report_keywords/asymmetric_crypto |
|
|
| pdf_data/report_keywords/pq_crypto |
|
|
| pdf_data/report_keywords/hash_function |
|
|
| pdf_data/report_keywords/crypto_scheme |
|
|
| pdf_data/report_keywords/crypto_protocol |
|
|
| pdf_data/report_keywords/randomness |
|
|
| pdf_data/report_keywords/cipher_mode |
|
|
| pdf_data/report_keywords/ecc_curve |
|
|
| pdf_data/report_keywords/crypto_engine |
|
|
| pdf_data/report_keywords/tls_cipher_suite |
|
|
| pdf_data/report_keywords/crypto_library |
|
|
| pdf_data/report_keywords/vulnerability |
|
|
| pdf_data/report_keywords/side_channel_analysis |
|
|
| pdf_data/report_keywords/technical_report_id |
|
|
| pdf_data/report_keywords/device_model |
|
|
| pdf_data/report_keywords/tee_name |
|
|
| pdf_data/report_keywords/os_name |
|
|
| pdf_data/report_keywords/cplc_data |
|
|
| pdf_data/report_keywords/ic_data_group |
|
|
| pdf_data/report_keywords/standard_id |
|
- ISO:
- ISO/IEC 18045: 2
- ISO/IEC15408: 2
|
| pdf_data/report_keywords/javacard_version |
|
|
| pdf_data/report_keywords/javacard_api_const |
|
|
| pdf_data/report_keywords/javacard_packages |
|
|
| pdf_data/report_keywords/certification_process |
|
- OutOfScope:
- OTP Hardware token, where this is out of the evaluation. SMS service to register the device is also out of scope. 18 Potential consumers of the TOE are advised that some functions and services may not have been: 1
- out of scope: 1
|
| pdf_data/report_metadata |
- /Author: IPA/JISEC
- /Company: IPA/ISEC
- /CreationDate: D:20051104120631+09'00'
- /Creator: Word 用 Acrobat PDFMaker 6.0
- /ModDate: D:20051104120640+09'00'
- /Producer: Acrobat Distiller 6.0 (Windows)
- /SourceModified: D:20051104030140
- /Title: TOE List
- pdf_file_size_bytes: 23139
- pdf_hyperlinks: {}
- pdf_is_encrypted: False
- pdf_number_of_pages: 1
|
- /Author: ISCB Department
- /CreationDate: D:20170720054033+00'00'
- /Creator: Microsoft Word
- /Keywords: MyCB_TMP_002
- /ModDate: D:20170720054033+00'00'
- /Subject: CENTAGATE v3.0.10-build13
- /Title: C072 Certification Report
- pdf_file_size_bytes: 649341
- pdf_hyperlinks: mailto:[email protected], http://www.cybersecurity.my/mycc
- pdf_is_encrypted: False
- pdf_number_of_pages: 29
|
| pdf_data/st_filename |
|
2017-05-08-CTG-ST-3.0.pdf |
| pdf_data/st_frontpage |
|
|
| pdf_data/st_keywords/cc_cert_id |
|
|
| pdf_data/st_keywords/cc_protection_profile_id |
|
|
| pdf_data/st_keywords/cc_security_level |
|
- EAL:
- EAL 4: 1
- EAL 4 augmented: 1
- EAL4: 3
- EAL4 augmented: 1
|
| pdf_data/st_keywords/cc_sar |
|
- ADV:
- ADV_ARC.1: 1
- ADV_FSP.4: 1
- ADV_IMP: 1
- ADV_TDS.3: 1
- AGD:
- AGD_OPE.1: 1
- AGD_PRE.1: 1
- ALC:
- ALC_CMC.4: 1
- ALC_CMS.4: 1
- ALC_DEL.1: 1
- ALC_DVS.1: 1
- ALC_FLR.2: 2
- ALC_FRL.2: 1
- ALC_LCD.1: 1
- ALC_TAT.1: 1
- ASE:
- ASE_CCL.1: 1
- ASE_ECD.1: 1
- ASE_INT.1: 1
- ASE_OBJ.2: 1
- ASE_REQ.2: 1
- ASE_SPD.1: 1
- ASE_TSS.1: 1
- ATE:
- ATE_COV.2: 1
- ATE_DPT.1: 1
- ATE_FUN.1: 1
- ATE_IND.2: 1
- AVA:
|
| pdf_data/st_keywords/cc_sfr |
|
- FAU:
- FAU_ARP: 3
- FAU_ARP.1: 5
- FAU_ARP.1.1: 1
- FAU_GEN: 2
- FAU_GEN.1: 10
- FAU_GEN.1.1: 2
- FAU_GEN.1.2: 1
- FAU_GEN.2: 4
- FAU_GEN.2.1: 1
- FAU_SAA: 1
- FAU_SAA.1: 8
- FAU_SAA.1.1: 1
- FAU_SAA.1.2: 1
- FAU_SAA.2: 6
- FAU_SAA.2.1: 1
- FAU_SAA.2.2: 1
- FAU_SAA.2.3: 1
- FAU_SAR: 2
- FAU_SAR.1: 5
- FAU_SAR.1.1: 1
- FAU_SAR.1.2: 1
- FAU_SAR.2: 3
- FAU_SAR.2.1: 1
- FCS:
- FCS_CKM.1: 13
- FCS_CKM.1.1: 1
- FCS_CKM.2: 10
- FCS_CKM.2.1: 1
- FCS_CKM.4: 13
- FCS_CKM.4.1: 1
- FCS_COP.1: 11
- FCS_COP.1.1: 1
- FDP:
- FDP_ACC.1: 12
- FDP_ACC.1.1: 1
- FDP_ACF.1: 12
- FDP_ACF.1.1: 1
- FDP_ACF.1.2: 1
- FDP_ACF.1.3: 1
- FDP_ACF.1.4: 1
- FDP_IFC.1: 1
- FDP_ITC.1: 3
- FDP_ITC.2: 3
- FIA:
- FIA_AFL.1: 6
- FIA_AFL.1.1: 1
- FIA_AFL.1.2: 1
- FIA_ATD.1: 7
- FIA_ATD.1.1: 1
- FIA_UAU.1: 8
- FIA_UAU.1.1: 1
- FIA_UAU.1.2: 1
- FIA_UAU.2: 3
- FIA_UAU.2.1: 1
- FIA_UAU.5: 9
- FIA_UAU.5.1: 1
- FIA_UAU.5.2: 1
- FIA_UAU.6: 7
- FIA_UAU.6.1: 1
- FIA_UID.1: 13
- FIA_UID.1.1: 1
- FIA_UID.1.2: 1
- FIA_UID.2: 7
- FIA_UID.2.1: 1
- FMT:
- FMT_MSA.1: 5
- FMT_MSA.1.1: 1
- FMT_MSA.3: 5
- FMT_MSA.3.1: 1
- FMT_MSA.3.2: 1
- FMT_SMF.1: 5
- FMT_SMF.1.1: 1
- FMT_SMR.1: 12
- FMT_SMR.1.1: 1
- FMT_SMR.1.2: 1
- FPT:
- FTA:
|
| pdf_data/st_keywords/cc_claims |
|
- A:
- A.COMPENT_ADMIN: 1
- A.COMPENT_ADMINSTRATORS: 1
- A.FIREWALL: 2
- A.MAIL_SERVER: 2
- A.MALICIOUS_CODE: 1
- A.NO_EVIL: 2
- A.OPERATING_SYSTEM: 1
- A.PORT_PROTECT: 2
- A.TIME_STAMP: 2
- D:
- O:
- O.ALERT: 6
- O.AUDIT: 7
- O.AUTH_MECH: 8
- O.MOBILE_SENSITVE: 2
- O.MOBILE_SENSITVE_: 1
- O.MOBILE_SENSITVE_PROTECTION: 5
- O.TRAFFIC_PROTECTION: 23
- O.USER_ACC: 1
- O.USER_ACC_CONTROL: 19
- OE:
- OE.COMPENT_: 1
- OE.COMPENT_ADMINSTRATORS: 1
- OE.FIREWALL: 2
- OE.MAIL_SERVER: 2
- OE.MALICIOUS_CODE_N: 1
- OE.MALICIOUS_CODE_NOT_SIGN: 1
- OE.NO_EVIL: 2
- OE.OPERATING_SYSTEM: 1
- OE.PHYSICAL_PROTECTION: 1
- OE.PORT_PROTECT: 2
- OE.TIME_STAMP: 2
- T:
- T.CUMMUNICATION: 1
- T.CUMMUNICATION_ATTACK: 1
- T.DATA_ACCESS: 2
- T.MOBILE: 1
- T.MOBILE_ATTACK: 1
- T.USER_ACC_CONTROL: 1
- T.WEB_ATTACK: 2
|
| pdf_data/st_keywords/vendor |
|
|
| pdf_data/st_keywords/eval_facility |
|
|
| pdf_data/st_keywords/symmetric_crypto |
|
|
| pdf_data/st_keywords/asymmetric_crypto |
|
|
| pdf_data/st_keywords/pq_crypto |
|
|
| pdf_data/st_keywords/hash_function |
|
|
| pdf_data/st_keywords/crypto_scheme |
|
|
| pdf_data/st_keywords/crypto_protocol |
|
|
| pdf_data/st_keywords/randomness |
|
|
| pdf_data/st_keywords/cipher_mode |
|
|
| pdf_data/st_keywords/ecc_curve |
|
|
| pdf_data/st_keywords/crypto_engine |
|
|
| pdf_data/st_keywords/tls_cipher_suite |
|
|
| pdf_data/st_keywords/crypto_library |
|
|
| pdf_data/st_keywords/vulnerability |
|
|
| pdf_data/st_keywords/side_channel_analysis |
|
|
| pdf_data/st_keywords/technical_report_id |
|
|
| pdf_data/st_keywords/device_model |
|
|
| pdf_data/st_keywords/tee_name |
|
|
| pdf_data/st_keywords/os_name |
|
|
| pdf_data/st_keywords/cplc_data |
|
|
| pdf_data/st_keywords/ic_data_group |
|
|
| pdf_data/st_keywords/standard_id |
|
|
| pdf_data/st_keywords/javacard_version |
|
|
| pdf_data/st_keywords/javacard_api_const |
|
|
| pdf_data/st_keywords/javacard_packages |
|
|
| pdf_data/st_keywords/certification_process |
|
- OutOfScope:
- Out of Scope: 1
- issuer certificate validity, certificate status, and the certificate owner Mobile audio pass (Out of Scope) TOE will generate challenge and PKI certificate will be used to sign the challenge. The signature: 1
- out of scope: 5
- procedure. Table 21: Authentication Components Authentication Method of authentication PKI token (out of scope) The user prompted to select the valid certificate from the list, and then TOE will verify the: 1
- serial number / fingerprint that stored in the DB. Hardware CR OTP (out of scope) User needs to have CR OTP token to use this feature. User will request for a challenge from the: 1
- then be sent back to the TOE by the mobile application and verified for its validity. FIDO (out of scope) User need to plugged in the token then click on the button of the token to submit the validation: 1
- token. This is out of the scope of the evaluation. Also, using SMS to register the device is also out of scope of evaluation. SecureMetric Technology Sdn Bhd 2016 Page 17 of 76 For QR code registration: 1
- which will then be used by the user to generate the OTP. Hardware OTP (out of scope) User needs to have OTP token to use this feature. User will generate an OTP from the OTP token and: 1
|
| pdf_data/st_metadata |
|
- /Author: Rajiv;Biau
- /CreationDate: D:20170523024954+00'00'
- /Creator: Microsoft Word
- /Keywords: ST
- /ModDate: D:20170720134505+08'00'
- /Title: Centagat Security Target
- pdf_file_size_bytes: 1592329
- pdf_hyperlinks: {}
- pdf_is_encrypted: False
- pdf_number_of_pages: 76
|
| state/cert/convert_garbage |
None |
None |
| state/cert/convert_ok |
False |
False |
| state/cert/download_ok |
False |
False |
| state/cert/extract_ok |
False |
False |
| state/cert/pdf_hash |
Equal |
Equal |
| state/cert/txt_hash |
Equal |
Equal |
| state/report/convert_garbage |
None |
None |
| state/report/convert_ok |
True |
True |
| state/report/download_ok |
True |
True |
| state/report/extract_ok |
True |
True |
| state/report/pdf_hash |
Different |
Different |
| state/report/txt_hash |
Different |
Different |
| state/st/convert_garbage |
None |
None |
| state/st/convert_ok |
False |
True |
| state/st/download_ok |
False |
True |
| state/st/extract_ok |
False |
True |
| state/st/pdf_hash |
Different |
Different |
| state/st/txt_hash |
Different |
Different |