PREMIER MINISTRE
Secrétariat général de la défense et de la sécurité nationale
Agence nationale de la sécurité des systèmes d'information
Maintenance Report
ANSSI-CC-PP-2010/03-M01
"Java Card Protection Profile – Open
Configuration"
(version 3.0, 18th
May 2012)
Reference Certificate : ANSSI-CC-PP-2010/03
Courtesy Translation
Paris, 29 May 2012
"Java Card Protection Profile – Open Configuration" Maintenance Report
ANSSI-CC-MAI-F-02/003 Page 2 sur 3
References
a) [MAI] Assurance continuity procedure MAI/P/01.
b) [CER] Certification report ANSSI-CC-PP-2010/03 for the protection profile « Java
Card™ System Open Configuration, version 2.6 », 25 June 2010.
c) [IAR] “Java Card System Protection Profile – Open Configuration- Impact Analysis
Report”, reference CP-2012-RT-214, version 1.0, 18 May 2012.
d) [NOTE10] « Application note - Certification of applications on “open and cloisonning
platform” », reference ANSSI-CC-NOTE/10.0EN, see www.ssi.gouv.fr.
e) [SOG-IS] « Mutual Recognition Agreement of Information Technology Security
Evaluation Certificates », version 3.0, 8 January 2010.
f) [CC RA] Arrangement on the Recognition of Common Criteria certificates in the field
of information Technology Security, May 2000.
Identification of the maintained product
The maintained protection profile [PP] is the protection profile « Java Card™ System Open
Configuration » written by Trusted Labs SAS for Oracle Inc. certified under the reference b.
Description of changes
The protection profile update makes the use of Remote Method Invocation (RMI) optional
and takes into account the conditions that apply to the evaluation of open products, stated in
application note [NOTE10].
The following other changes have been made:
• Sun Microsystems is replaced by Oracle Inc;
• the reference to JCBV (JavaCard Byte Code verifier) has been updated;
• minor typos have been corrected.
Impacted deliverables
[PP] Java Card System Protection Profile Open Configuration, version 3.0, 18
may 2012
Conclusions
The above listed changes are considered as having a minor impact.
"Java Card Protection Profile – Open Configuration" Maintenance Report
ANSSI-CC-MAI-F-02/003 Page 3 sur 3
Recognition of the certificate
This maintenance report is released in accordance with the document: « Assurance
Continuity: CCRA Requirements, ref. CCIMB-2004-02-009, version 1.0, February 2004 ».
European recognition (SOG-IS)
The reference certificate was issued in accordance with the provisions of the SOG-IS
agreement [SOG-IS].
The European Recognition Agreement made by SOG-IS in 2010 allows recognition from
Signatory States of the agreement1
, of ITSEC and Common Criteria certificates. The
European recognition is applicable, for smart cards and similar devices, up to ITSEC E6 High
and CC EAL7 levels. The certificates that are recognized in the agreement scope are released
with the following marking:
International common criteria recognition (CCRA)
The reference certificate was released in accordance with the provisions of the CCRA [CC
RA].
The Common Criteria Recognition Arrangement allows the recognition, by signatory
countries2
, of the Common Criteria certificates. The mutual recognition is applicable up to the
assurance components of CC EAL4 level and also to ALC_FLR family. The certificates that
are recognized in the agreement scope are released with the following marking:
1 The signatory countries of the SOG-IS agreement are: Austria, Finland, France, Germany, Italy, The
Netherlands, Norway, Spain, Sweden and United Kingdom.
2 The signatory countries of the CCRA arrangement are: Australia, Austria, Canada, Czech Republic, Denmark,
Finland, France, Germany, Greece, Hungary, India, Israel, Italy, Japan, the Republic of Korea, Malaysia,
Netherlands, New-Zealand, Norway, Pakistan, Singapore, Spain, Sweden, Turkey, the United Kingdom and the
United States of America.