Compliant Product - Gradkell DBSign for HTML Applications Version 4.0
Certificate Date: 09 March 2011
Validation Report Number: CCEVS-VR-VID10407-2011
Product Type: PKI/KMI
Conformance Claim: EAL2 Augmented with ALC_FLR.2
CC Testing Lab: DSD Information Assurance Laboratory (DIAL)
DBsign is a software only solution providing a digital signature system that supports cryptographic data integrity and non-repudiation for data stored in relational databases.
- Microsoft Windows XP Professional and higher (32-bit and 64-bit)
- Microsoft Windows Server 2003 and higher (32-bit and 64-bit) (including Microsoft Windows Server 2008)
- Red Hat Enterprise Linux 5 and higher (32-bit and 64-bit)
- Sun Solaris 8 and higher for SPARC platform (32-bit and 64-bit)
- Sun Solaris 10 and higher for INTEL platform (32-bit and 64-bit)
- Apple Mac OS X 10.6 and higher (32-bit and 64-bit)
- Oracle Enterprise Linux 5.1 and higher (32-bit and 64-bit)
SECURITY EVALUATION SUMMARY
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Gradkell DBsign for HTML Applications Version 4.0 was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 3. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 3. DSD Information Assurance Laboratory (DIAL) determined that the evaluation assurance level (EAL) for the product is EAL 2 augmented with ALC_FLR.2. The product, when delivered configured as identified in DBsign NIAP Configuration Manual, Version 4.0 document, satisfies all of the security functional requirements stated in the DBsign for HTML Applications Version 4.0 Security Target (Version 1.0). The project underwent three Validation Oversight Panel (VOR) panel reviews. The evaluation was completed in January 2011. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, (report number CCEVS-VR-VID10407-2011, dated 09 March 2011) prepared by CCEVS.
The following security functions are in the scope of the evaluation:
The DBsign Universal Web Signer, DBsign Server, and the DBsign Administration Tools generate audit records for all audit events associated with digitally signing data and verifying digitally signed data, including requests that fail due to the User Policy
The TOE provides the optional ability to restrict access to the digital signing operations. By default, the User Policy system is disabled. To support the User Policy feature, DBsign maintains a list of authorized users and associated certificates, but does not authenticate these users. DBsign relies on the underlying operating system to identify and authenticate the users.
When the DBsign User Policy feature is enabled, DBsign will not allow a user to sign a template if the security level of the template is higher than the security level of the user’s certificate.
The TOE provides a graphical user interface called the DBsign Administration Tools which implement the security management functionality. The DBsign Administration Tools require that administrators identify and authenticate themselves to the DB in order to connect to the DB and use the selected tools. The DBsign Administration Tools access and store the TOE configuration data in the DB.
Certification Path Processing
DBsign performs X.509 certification path validation checks. Certification path validation consists of validating certificates starting with the one issued to the subscriber of interest and ending with a trust anchor. DBsign supports X.509 version 3 Certificates.
All certification path processing performed by DBsign is X.509 and PKIX RFC3280 compliant.
Certificate Revocation Processing
DBsign sends Online Certificate Status Protocol (OCSP) requests in accordance with PKIX RFC 2560 and validates OCSP responses to determine the revocation status of public key certificates. The DBsign administrator configures a list of OCSP responder certificates that are trusted to do OCSP. DBsign establishes trust in the OCSP responder by performing Certification Path Validation.
DBsign allows applications to determine the revocation status of a certificate using a Certificate Revocation List (CRL). DBsign may be used to process CRLs obtained from locations indicated by a CRL Distribution Point (CRLDP) extension in a certificate and from the local cache, which is the DBsign certificate and CRL archive. The locations that may be indicated in the CRLDP extension are LDAP or HTTP URLs. DBsign supports X.509 CRLs, version 2.
PKI Signature Generation
The TOE provides a digital signature function which enables a user to generate a digital signature. The TOE digitally signs data using FIPS validated cryptographic modules in the IT environment. Under normal operations, the client side of DBsign performs the digital signing using the subscriber’s certification. Using the Notary Signing feature, the application can request that the DBsign server perform the digital signing using a certificate issued to the application.
The Digital Signature security function provides DBsign the capability to digitally sign data stored within a database, memory buffer, or file.
PKI Signature Verification
The TOE provides a digital signature function which verifies a digital signature applied to data. This allows for the author of the signed data to be uniquely identified and for the authenticity and integrity of the signed data to be verified. In addition, the digital signature function enforces personal accountability for approved changes made by an administrator to the security sensitive configuration data contained in the DBsign system tables. The TOE verifies digitally signed data and data integrity using FIPS validated cryptographic modules in the IT environment.
The TOE provides data integrity verification by enabling applications to verify the data integrity of previous transactions from unauthorized modification, based on the originator’s digital signature. The data integrity verification function is performed whenever the digital signature function verifies digitally signed data using the DBS_CheckSig() API function of the DBsign UWS or corresponding HTTP request to DBsign Server.