Page 11

Oberthur PIV EP v1 on ID-One Cosmo 64 v5 D

Security Policy

April 27, 2006

Version 1.1

Page 11 / 39

This document may be reproduced only in its original entirety without revision

Card OS

Java Card Virtual Machine

Card

Manager

And

Security

Domains

I/O

Cryptographic

Services

Memory Mgmt

services

Reset

Power

Chip

I/O

Services

SSO

applet

Java

Card

API

Open

Platform

API

PIV

applet

Java

Card

API

Open

Platform

API

PIV Instance

With

NIST AID

Contains

All

FIPS 201

Data Objects

Mandatory

And

Optional

Other

Instances

of PIV applet

(optional)

Used for

Additional

containers

proprietary to

each agency

Binary Files

(optional)

Data Storage

for additional

applications like

contactless

access log

and

DESFIRE/HID

"emulation"

Figure 3: Functional block diagram

4.1

Module Identification

This document addresses the submission for validation of the module Oberthur PIV EP v1 on ID-One

Cosmo 64 v5 D based on the following configuration:

Hardware Platform # `77' with Firmware `E303-063684' and PIV EP v1 Applet Suite.

Oberthur PIV EP v1 Applet Suite is made up of the following two applets:

PIV Applet Version 1.08

SSO Applet Version 1.08

For the purpose of this validation the Oberthur PIV EP card should be viewed as a whole and indivisible

entity. Although it is technically based on the ID-One Cosmo 64 v5 Java Card platform, the system software

of the said platform requires a special customization to support the Oberthur PIV firmware application.

When delivered to the customer the module is already in FIPS mode with the PIV EP Applet Suite loaded

and instantiated.

The hardware module complete Identification and configuration can be retrieved at any time using the Get

Data services described in paragraph 6.4.1 and in the product user guide.