Skip to content
Permalink
Browse files Browse the repository at this point in the history
Update README.md
  • Loading branch information
tsenger committed Jul 28, 2022
1 parent caf722a commit d3c93c6
Showing 1 changed file with 4 additions and 5 deletions.
9 changes: 4 additions & 5 deletions README.md
Expand Up @@ -10,12 +10,11 @@ This repository also contains the developer documentation necessary for CC certi

The attestation certificate in this repository has been replaced by a sample certificate. The certified token uses an attestation certificate signed by the [BSI FIDO U2F root](https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/FIDO_U2F/FIDO_U2F_Root_Zertifikat_cer.html).

#### Note
*The FIDO U2F Authenticator applet described in this certification procedure is set up as a **pilot project, which is not intended for production**. For this reason some requirements of the produced TOE were only exemplary implemented (especially the life cycle ALC) and do not correspond to the requirements for secure products. The certificate is only intended to show the feasibility by means of an exemplary certification.
#### Notes
1. *The FIDO U2F Authenticator applet described in this certification procedure is set up as a **pilot project, which is not intended for production**. For this reason some requirements of the produced TOE were only exemplary implemented (especially the life cycle ALC) and do not correspond to the requirements for secure products. The certificate is only intended to show the feasibility by means of an exemplary certification.
Nevertheless feel free to use this source and docs as inspiration for your own product. Even though the CC process can be a tough challenge.*

#### Note2
*As smartcards have no buttons, the FIDO user presence check with a smartcard is here implemented by inserting the card into a reader or placing the card on an NFC field. After a single action, the presence check flag on the card is disabled.*
2. *As smartcards have no buttons, the FIDO user presence check with a smartcard is here implemented by inserting the card into a reader or placing the card on an NFC field. After a single action, the presence check flag on the card is disabled.*

*The following attack scenario was reported to us by Sergei Volokitin: A reset command send by the reader to the card circumvents the user presence check. For example, malware on the host PC / smartphone could send a reset command to the reader programmatically. It is not possible for the card to distinguish if the reader sent a reset command or if it was physically removed from the reader. We stress here to follow chapter 1.1, BSI_de.fac2_AGD_v1.3.pdf, which requires that the user keeps his system secure, i.e. that the host PC / smartphone is free of malware and under full control of the user.*
3. *The following attack scenario was reported to us by Sergei Volokitin: A reset command send by the reader to the card circumvents the user presence check. For example, malware on the host PC / smartphone could send a reset command to the reader programmatically. It is not possible for the card to distinguish if the reader sent a reset command or if it was physically removed from the reader. With reference to this scenario, the Guidance Documentation (AGD) and the Security Target (ST) were updated in July 2022 in a "Assurance Maintenance".*

0 comments on commit d3c93c6

Please sign in to comment.