Validated Product - DBSign for Client/Server Applications Version 3.0

Certificate Date: 30 September 2005

Validation Report Number: CCEVS-VR-05-0127

Product Type: Sensitive Data Protection

Conformance Claim: EAL2

PP Identifiers: None

CC Testing Lab: Arca CCTL

Security Target

Validation Report

CC Certificate

PRODUCT DESCRIPTION

DBsign is a digital signature solution that enables applications to incorporate digital signature security into their processes.

The evaluated security functionalities of the product include:

Digital signing of data;
Verification of digitally signed data for data stored within a database or memory buffer or file;
Non-repudiation of origin; and
Auditing for operations performed on data stored within a database.

The Target of Evaluation (TOE) is a digital signature solution that includes a set of APIs and is installed to an IT environment client system that includes:

At least 1 Network interface card;
Any one of Microsoft Windows 98, Me, NT, 2000, XP, or 2003; and
Any database client that supports any one of DB2-CLI, JDBC, ODBC, OCI 7.0, OCI 8.0, or OCI 8i.

The IT environment database is installed to an IT environment system that includes:

At least 1 Network interface card per system;
Any relational database management system (RDBMS) such as SQL server, Oracle or DB2;
The operating system that supports the RDBMS including Solaris, Linux, or Windows.

The IT environment (the OS of the client, and the database itself) provides these supporting functions that are leveraged by DBsign. This functionality has not been evaluated but is needed for operation of the TOE.

Mechanism for review of audit records (stored within the database and viewable via DBsign Administration Tools);
Mechanism for generation and destruction of cryptographic keys; and
Source of timestamps for auditing of security-relevant events.

Vendor Information

Gradkell Systems, Inc.
Grady Gaston, VP
866.472.3535 X18
866.472.3535 (Fax)
ggaston@gradkell.com

http://www.gradkell.com