The TOE is an open Java Card Platforms (JCP), that is, smart cards or similar devices enabled with Java Card technology that support post-issuance downloading of applications. The purpose of the TOE is to provide a limited Java Card environment for a single applet, specifically for e-passport and similar applications such as eID and driving license. The TOE is composed of a Smart Card Platform (SCP) and an embedded software (JCS + non-TSF parts). The JCP is compliant with Java Card Specification v3.0.4 and GlobalPlatform Specification v.2.3.
The TOE allows for the loading of the customer applets, but after loading the single applet the platform must be closed to prevent further loading of applets after issuance of the card to the end user. To support this functionality, the TOE provides a closing mechanism with specific guidance. The applet should have been previously verified by an off-card trusted IT component. The JCP is managed by Card Manager that is a part of the TOE. The Card Manager(ISD) is a pre-issuance applet. The JCP is fully compliant with the Java Card Specification v3.0.4 excluding the optional part JCRMI which is not implemented by the TOE.
The SCP is a certified hardware platform â€“ the SLE77CLFX2400PM with specific IC dedicated software (firmware). The hardware platform is certified by the BSI under the certification ID: BSI-DSZ-CC-0964-V3-2017 . Not all functionality of the hardware is used by the composite TOE. Therefore some parts of the IC platform are not part of the composite TOE to ensure that the developed applet has sufficient ability to counter attacks.