Validated Product - DBSign for HTML Applications Version 3.0

Certificate Date: 30 September 2005

Validation Report Number: CCEVS-VR-05-0128

Product Type: Sensitive Data Protection

Conformance Claim: EAL2

PP Identifiers: None

CC Testing Lab: Arca CCTL

CC Certificate [PDF]
Security Target [PDF]
Validation Report [PDF]

PRODUCT DESCRIPTION

DBsign is a digital signature solution that enables applications to incorporate digital signature security into their processes.

The evaluated security functionalities of the product include:

  • Digital signing of data;
  • Verification of digitally signed data for data stored within a database or memory buffer or file;
  • Non-repudiation of origin; and
  • Auditing for operations performed on data stored within a database.

The Target of Evaluation (TOE) is a digital signature solution that includes a set of APIs that consists of two portions; a client and a server portion. 

The client portion of the TOE is installed to an IT environment system that includes:

  • At least 1 Network interface card;
  • Any one of Microsoft Windows 98, Me, NT, 2000, XP, or 2003; and

For DBsign Web Signer Plugin:

  • Any one of Netscape Navigator 4.x, or Microsoft Internet Explorer 4.x-5.5 SP1

For DBsign Web Signer Control:

  • Microsoft Internet Explorer 4.x or higher.

The server portion of the TOE and the IT environment database are installed to one or more IT environment systems, together that includes:

  • At least 1 Network interface card per system;
  • Java Virtual Machine version 1.3 or higher on application system;
  • J2EE compliant Java application server supporting the Java Servlet API version 2.2 or higher on application server system;
  • Any one of the operating system that is supported by the Java application server on application server system;
  • Any relational database management system (RDBMS) such as Oracle, SQL Server, or DB2 on database system;
  • The operating system that supports the RDBMS including Solaris, Linux, or Windows on database system.

The IT environment (the OS of the client and application server and the database itself) provides these supporting functions that are leveraged by DBsign.  This functionality has not been evaluated but is needed for operation of the TOE.

  • Mechanism for review of audit records (stored within the database and viewable via DBsign Administration Tools);
  • Mechanism for generation and destruction of cryptographic keys; and
  • Source of timestamps for auditing of security-relevant events.

SECURITY EVALUATION SUMMARY

None

ENVIRONMENTAL STRENGTHS

None

Vendor Information

logo
Gradkell Systems, Inc.
Grady Gaston, VP
866.472.3535 X18
866.472.3535 (Fax)
ggaston@gradkell.com

http://www.gradkell.com