ST3 Ace (ST3 Ace Token Manager v1.0.13.927, ST3 Ace Middleware v1.0.13.910, and SecureCOS Firmware v5.2)

 
PROJECT ID
C051
ASSURANCE LEVEL
EAL2
Security Target (ST)
 
Certification Report (CR)
 
PRODUCT NAME AND VERSION
ST3 Ace (ST3 Ace Token Manager v1.0.13.927, ST3 Ace Middleware v1.0.13.910, and SecureCOS Firmware v5.2)
PRODUCT TYPE
PKI-related security solutions that provides secure storage to store digital certificate(s) and cryptographic keys.
PRODUCT SPONSOR / DEVELOPER

SecureMetric Technology Sdn Bhd

PRODUCT SPONSOR / DEVELOPER CONTACT DETAILS

Yau Wai Chung
2-2, Incubator 2, Technology Park Malaysia
Lebuhraya Puchong - Sg. Besi, Bukit Jalil
57000 Kuala Lumpur
MALAYSIA

URL: http://www.securemetric.com
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
Phone: + 603-8996 8225
Fax: + 603-8996 7225

The Target of Evaluation (TOE) is ST3 Ace that consists of ST3 Ace Token Manager v1.0.13.927, ST3 Ace Middleware v1.0.13.910, and SecureCOS Firmware v5.2. The TOE provides secure storage to store digital certificate(s) and cryptographic keys. The ST3 Ace follows the PKCS#11 standard and implements authentication via PIN to prevent unauthorised access to the token.

The TOE is comprised of the three following core components of the ST3 Ace product:

  • SecureCOS Operating System: The operating system (firmware) embedded in a microprocessor smart chip based USB token. The firmware provides the core cryptographic functionality of the TOE.
  • ST3 Ace Middleware: Two compiled binaries that utilise exported APIs to provide an interface to the core cryptographic security functionality of the TOE, providing developers with an easily accessible method for engaging PKI-related functionality to support the development of enterprise authentication and integrity solutions.
  • ST3 Ace Token Manager: The TOE provides an application for the user to manage the cryptographic key security of the TOE. The middleware and Token Manager are installed on a host computer for third party application to communicate with SecureCOS and provides key security functionality of the TOE.

The scope of evaluation covers major security functions described as below:

  • Cryptographic Operations - The TOE provides cryptographic library, which includes 3DES, RSA, MD5 and SHA-1, for cryptographic operations that can be used by third party applications such as encryption and decryption of email. The third party applications are outside the TOE evaluation scope. The TOE also provides the functionality to digitally sign documents and files.
  • User Authentication - The TOE allows authorised users to access the TOE once the user is successfully identified and authenticated by the TOE. TOE user has to provide correct user PIN in order to access to TOE. The TOE enforces token blocking after 6 failed authentication attempts and Security Officer (SO) PIN is needed to unblock the token and reset the user PIN. The integration with the Token Management System Registration Authority (TMS RA) will allow a user to unblock the TOE and reset the User PIN without to deliver the physical token to the token management team. However, Secure Code is required in order to submit the unblock request or reset user PIN via TMS RA. TMS RA is outside the scope of the evaluation.
  • Security Management - The TOE provides management functions such as token management (name change, PIN change, unblock token) and object management (view object, export/import object).