This class describes requirements specifically of interest for TOEs that are used for the transport of information. Families within this class deal with non-repudiation.
Figure D.1 - Communication class decomposition
Figure D.1 shows the decomposition of this class into its constituent components.
In this class the concept of "information" is used. This information should be interpreted as the object being communicated, and could contain an electronic mail message, a file, or a set of predefined attribute types.
In the literature, the terms 'proof of receipt' and 'proof of origin' are commonly used terms. However it is recognised that the term 'proof' might be interpreted in a legal sense to imply a form of mathematical rationale. The components in this class interpret the de-facto use of the word 'proof' in the context of 'evidence' that the TSF demonstrates the non-repudiated transport of types of information.
Non-repudiation of origin defines requirements to provide evidence to users/subjects about the identity of the originator of some information. The originator cannot successfully deny having sent the information because evidence of origin (e.g. digital signature) provides evidence of the binding between the originator and the information sent. The recipient or a third party can verify the evidence of origin. This evidence should not be forgeable.
User notes
If the information or the associated attributes are altered in any way, validation of the evidence of origin might fail. Therefore a PP/ST author should consider including integrity requirements such as FDP_UIT.1 Data exchange integrity in the PP/ST.
In non-repudiation there are several different roles involved, each of which could be combined in one or more subjects. The first role is a subject that requests evidence of origin (only in FCO_NRO.1 Selective proof of origin ). The second role is the recipient and/or other subjects to which the evidence is provided (e.g. a notary). The third role is a subject that requests verification of the evidence of origin, for example, a recipient or a third party such as an arbiter.
The PP/ST author must specify the conditions that must be met to be able to verify the validity of the evidence. An example of a condition which could be specified is where the verification of evidence must occur within 24 hours. These conditions, therefore, allow the tailoring of the non-repudiation to legal requirements, such as being able to provide evidence for several years.
In most cases, the identity of the recipient will be the identity of the user who received the transmission. In some instances, the PP/ST author does not want the user identity to be exported. In that case the PP/ST author must consider whether it is appropriate to include this class, or whether the identity of the transport service provider or the identity of the host should be used.
In addition to (or instead of) the user identity, a PP/ST author might be more concerned about the time the information was transmitted. For example, requests for proposals must be transmitted before a certain date in order to be considered. In such instances, these requirements can be customised to provide a timestamp indication (time of origin).
FCO_NRO.1 Selective proof of origin
Operations
Assignment:
In FCO_NRO.1.1 the PP/ST author should fill in the types of information subject to the evidence of origin function, for example, electronic mail messages.
Selection:
In FCO_NRO.1.1 the PP/ST author should specify the user/subject who can request evidence of origin.
Assignment:
In FCO_NRO.1.1 the PP/ST author, dependent on the selection, should specify the third parties that can request evidence of receipt. A third party could be an arbiter, judge or legal body.
In FCO_NRO.1.2 the PP/ST author should fill in the list of the attributes that shall be linked to the information; for example, originator identity, time of origin, and location of origin.
In FCO_NRO.1.2 the PP/ST author should fill in the list of information fields within the information over which the attributes provide evidence of origin, such as the body of a message.
Selection:
In FCO_NRO.1.3 the PP/ST author should specify the user/subject who can verify the evidence of origin.
Assignment:
In FCO_NRO.1.3 the PP/ST author, dependent on the selection, should specify the third parties that can verify the evidence of origin.
In FCO_NRO.1.3 the PP/ST author should fill in the list of limitations under which the evidence can be verified. For example the evidence can only be verified within a 24 hour time interval. An assignment of 'immediate' or 'indefinite' is acceptable.
FCO_NRO.2 Enforced proof of origin
Operations
Assignment:
In FCO_NRO.2.1 the PP/ST author should fill in the types of information subject to the evidence of origin function, for example, electronic mail messages.
In FCO_NRO.2.2 the PP/ST author should fill in the list of the attributes that shall be linked to the information; for example, originator identity, time of origin, and location of origin.
In FCO_NRO.2.2 the PP/ST author should fill in the list of information fields within the information over which the attributes provide evidence of origin, such as the body of a message.
Selection:
In FCO_NRO.2.3 the PP/ST author should specify the user/subject who can verify the evidence of origin.
Assignment:
In FCO_NRO.2.3 the PP/ST author, dependent on the selection, should specify the third parties that can verify the evidence of origin. A third party could be an arbiter, judge or legal body.
In FCO_NRO.2.3 the PP/ST author should fill in the list of limitations under which the evidence can be verified. For example the evidence can only be verified within a 24 hour time interval. An assignment of 'immediate' or 'indefinite' is acceptable.
Non-repudiation of receipt defines requirements to provide evidence to other users/subjects that the information was received by the recipient. The recipient cannot successfully deny having received the information because evidence of receipt (e.g. digital signature) provides evidence of the binding between the recipient attributes and the information. The originator or a third party can verify the evidence of receipt. This evidence should not be forgeable.
User notes
It should be noted that the provision of evidence that the information was received does not necessarily imply that the information was read or comprehended, but only delivered
If the information or the associated attributes are altered in any way, validation of the evidence of receipt with respect to the original information might fail. Therefore a PP/ST author should consider including integrity requirements such as FDP_UIT.1 Data exchange integrity in the PP/ST.
In non-repudiation, there are several different roles involved, each of which could be combined in one or more subjects. The first role is a subject that requests evidence of receipt (only in FCO_NRR.1 Selective proof of receipt ). The second role is the recipient and/or other subjects to which the evidence is provided, (e.g. a notary). The third role is a subject that requests verification of the evidence of receipt, for example, an originator or a third party such as an arbiter.
The PP/ST author must specify the conditions that must be met to be able to verify the validity of the evidence. An example of a condition which could be specified is where the verification of evidence must occur within 24 hours. These conditions, therefore, allow the tailoring of the non-repudiation to legal requirements, such as being able to provide evidence for several years.
In most cases, the identity of the recipient will be the identity of the user who received the transmission. In some instances, the PP/ST author does not want the user identity to be exported. In that case, the PP/ST author must consider whether it is appropriate to include this class, or whether the identity of the transport service provider or the identity of the host should be used.
In addition to (or instead of) the user identity, a PP/ST author might be more concerned about the time the information was received. For example, when an offer expires at a certain date, orders must be received before a certain date in order to be considered. In such instances, these requirements can be customised to provide a timestamp indication (time of receipt).
FCO_NRR.1 Selective proof of receipt
Operations
Assignment:
In FCO_NRO.1.1 the PP/ST author should fill in the types of information subject to the evidence of origin function, for example, electronic mail messages.
Selection:
In FCO_NRO.1.1 the PP/ST author should specify the user/subject who can request evidence of origin.
Assignment:
In FCO_NRO.1.1 the PP/ST author, dependent on the selection, should specify the third parties that can request evidence of receipt. A third party could be an arbiter, judge or legal body.
In FCO_NRO.1.2 the PP/ST author should fill in the list of the attributes that shall be linked to the information; for example, originator identity, time of origin, and location of origin.
In FCO_NRO.1.2 the PP/ST author should fill in the list of information fields within the information over which the attributes provide evidence of origin, such as the body of a message.
Selection:
In FCO_NRO.1.3 the PP/ST author should specify the user/subject who can verify the evidence of origin.
Assignment:
In FCO_NRO.1.3 the PP/ST author, dependent on the selection, should specify the third parties that can verify the evidence of origin.
In FCO_NRO.1.3 the PP/ST author should fill in the list of limitations under which the evidence can be verified. For example the evidence can only be verified within a 24 hour time interval. An assignment of 'immediate' or 'indefinite' is acceptable.
FCO_NRR.2 Enforced proof of receipt
Operations
Assignment:
In FCO_NRO.2.1 the PP/ST author should fill in the types of information subject to the evidence of origin function, for example, electronic mail messages.
In FCO_NRO.2.2 the PP/ST author should fill in the list of the attributes that shall be linked to the information; for example, originator identity, time of origin, and location of origin.
In FCO_NRO.2.2 the PP/ST author should fill in the list of information fields within the information over which the attributes provide evidence of origin, such as the body of a message.
Selection:
In FCO_NRO.2.3 the PP/ST author should specify the user/subject who can verify the evidence of origin.
Assignment:
In FCO_NRO.2.3 the PP/ST author, dependent on the selection, should specify the third parties that can verify the evidence of origin. A third party could be an arbiter, judge or legal body.
In FCO_NRO.2.3 the PP/ST author should fill in the list of limitations under which the evidence can be verified. For example the evidence can only be verified within a 24 hour time interval. An assignment of 'immediate' or 'indefinite' is acceptable.