Security Architecture Requirements for Smart Cards and Similar Devices

This state-of-the-art document supporting the EUCC scheme provides requirements for the developer and guidance for the evaluator on how to apply the assurance requirements of the family ADV_ARC to the Technical Domain of smart cards and similar devices extended to Secure Sub-Systems (3S) in SoC1. The developer documentation provided to fulfil the ADV_ARC family is denoted as “ARC document” in the text. The current document keeps same information applicable to smart cards & similar devices, and it includes additional sections dedicated to Secure Sub-Systems in SoC. 

The technology associated to this Technical Domain requires special interpretation because it combines security integrated circuits or 3S in SoC, operating systems and applications to high secure devices. Therefore, this document is intended to provide mandatory interpretation for the application of the ADV_ARC family. It is addressed to both developers of security integrated circuits and developers of composite products, consisting of a hardware platform and embedded software. The embedded software can be organised in different ways (native software, closed operating systems with one or more applications, open software platforms and more).