Sony Smart Cards and International Evaluation 2 nd Common Criteria Conference London, UK 18-19 July 2001 i-Card System Solutions Division Broadband Network.

Sony Smart Cards and International Evaluation

2nd Common Criteria Conference

London, UK

18-19 July 2001

i-Card System Solutions DivisionBroadband Network Center

Sony Corporation

18-19 July 2001 Copyright 2001 Sony Corporation 2

Japanese Culture

• Historically, Japan is a single nation in a single land

• People are united

• The same people all around

• Feeling of safety

• Security is like the air, it is natural and free

18-19 July 2001 Copyright 2001 Sony Corporation 3

Change is in the air

• Increased number of foreigners, travelling abroad is a norm

• Communication constantly improves, Internet is omnipresent

• The borders between Japan and the world are disappearing

• Security is deteriorating

18-19 July 2001 Copyright 2001 Sony Corporation 4

e-Japan

• Recognition of the IT importance

• Target the vision for ideal IT society

• Establish priority policy areas

• Develop new nation-wide IT infrastructure

• Become one of the most developed IT nations in 2005

http://www1.kantei.go.jp/foreign/it_e.html

18-19 July 2001 Copyright 2001 Sony Corporation 5

IT strategy of Japan

• High-speed network infrastructure

• Competition policies

• Electronic commerce

• E-government

• Human Resources

18-19 July 2001 Copyright 2001 Sony Corporation 6

Information Security

18-19 July 2001 Copyright 2001 Sony Corporation 7

Japan’s security efforts

• 2000 - 15408 adopted as JIS X5070

• 2001 - Commercial Evaluation Facility and Certification Authority will be established

• 2001 - 15408 has become one of requirements for the

government procurement

18-19 July 2001 Copyright 2001 Sony Corporation 8

e-Commerce Security Technology Research Association (ECSEC)

• R&D related to products and services in the areas of e-Commerce and IT security

• Improve the technology level in the area

• ISO 15408:– Introduction courses– PP and ST development courses– Evaluation facility

18-19 July 2001 Copyright 2001 Sony Corporation 9

Collaboration with ECSEC

• ECSEC helped us to start the evaluation from scratch

• Introduction to the ISO 15408

• Recommendations of evaluation facilities

• Provision of technical courses

18-19 July 2001 Copyright 2001 Sony Corporation 10

Sony philosophy

• The pioneering spirit of Sony

• Philosophy of caring for and protecting the customers

• Security policy for protecting the business and customer privacy

• Common Criteria as a way to implement the policy

18-19 July 2001 Copyright 2001 Sony Corporation 11

Current target

• The current certification effort targets:– to verify that CC provides what our security

policy calls for– to confirm that our security measures are

sufficient under CC– to be first to certify a contactless smart card– to prepare for the future market requirements

18-19 July 2001 Copyright 2001 Sony Corporation 12

FeliCa Contactless Smart CardCard

Chip

Antenna

Control board

ReaderWriter

Antenna

Power Transmit

13.56MHz Base Band

Data Communication R/W -> Card

10%ASK ManchesterCoding

Data Communication Card -> R/W

Manchester Coding byLoad Switching

18-19 July 2001 Copyright 2001 Sony Corporation 13

Major Features of FeliCa

• High system security• Strong encryption algorithm• Fully encrypted data communication

• High speed transactions with anti-tear• Simultaneous multiple file access for high speed• Multiple file transaction automatic rollback

• Flexible hierarchical file system management• Separate access keys for different users of one service file• Different authorization for different access level operations• New service registration in the field by encapsulated package

18-19 July 2001 Copyright 2001 Sony Corporation 14

Progress

• Step-by-step approach to verify the suitability of the concept

• EAL 3 evaluation is finished

• EAL 4 evaluation is in progress now

• i-Card plans to evaluate all smart card products against ISO 15408

18-19 July 2001 Copyright 2001 Sony Corporation 15

Surprising things

• Result of hardware evaluation is not subject to the Recognition Agreement

• EAL 5-7 are not subject to CCRA either

• Although ISO 15408 is available, many companies still certify to ITSEC criteria

18-19 July 2001 Copyright 2001 Sony Corporation 16

What can be improved?

• Cost of the evaluation is very high

• Evaluation process is very long

• No support system for developers– tools, templates, courses, demos, examples

• More initiative from the CB and CLEF would be appreciated

18-19 July 2001 Copyright 2001 Sony Corporation 17

ISO standards relationship

ISO 9000 ISO 17799

ISO 15408Environment

• A common definition of the parts shared between the ISO standards is necessary to improve the reuse of evaluation and certification results

18-19 July 2001 Copyright 2001 Sony Corporation 18

Software vs. HardwareProduct vs. Environment

• ISO 15408 is product- and software- oriented– SFR = Software Firewall Requirements?

• There is very little to relate to the hardware

• The requirements towards a secure environment are not sufficiently clear

18-19 July 2001 Copyright 2001 Sony Corporation 19

Acknowledgements

• CB and CLEF support us from the very beginning

• The consultation services we received from CLEF were most helpful

• The coaching attitude of CLEF, suggestions and recommendations are very useful

Thank you!

For more information:

i-Card Security Assurance <[email protected]>

FeliCa information on the Internet:

http://www.sony.co.jp/en/Products/felica/