Embedded UICC for Machine-to-Machine Protection Profile

Others / Smart card and similar devices

Certification Body

Bundesamt fĂźr Sicherheit in der Informationstechnik (BSI)


GSM Association

Point of Contact

  • GSMA Head Office, Floor 2, The Walbrook Building; 25 Walbrook; London, EC4N 8AF, UK
  • commoncriteria@bsi.bund.de

Certification ID


PP Version

v1.1/ 25 August 2015

CC Version

3.1 Revision 4

CC Conformance Claim

CC part 2 extended
CC part 3 conformant
EAL 4 augmented by ALC_DVS.2 and AVA_VAN.5
Conformance claims to this protection profile requires demonstrable conformance

Certification status

Certified 6 October 2015




The Target of Evaluation (TOE) is the software that implements the GSMA Remote Provisioning Architecture for Embedded UICC Technical Specification.

The TOE includes:

  • security Domains: Privileged applications providing the remote provisioning and administration functionality;
  • a set of functions providing support to these Security Domains: Platform Support Functions, which include Policy enforcement functions and extended GP OPEN functionality;
  • a Telecom Framework providing network authentication algorithms.

The TOE includes in particular Platform management capabilities, which provide an interface to manage applications in a secure way. These packages are inspired from Global Platform (GP). The GP OPEN package may implement part of the Platform Support Functions functionality.

A Profile is the combination of a file structure, data and applications to be provisioned in eUICC. Each Profile, combined with the functionality of the eUICC, behaves basically as a SIM card. An eUICC may contain more than one Profile, but one and only one is activated at a time.

Relation to other PPs

This Protection Profile requires composite evaluation atop an IC previously certified according to BSI-CC-PP-0084, Does not require a certified platform. The ST writer might use a previously certified Java Card System (according to the PP Java Card System Open Configuration, using composition, but they also may chose instead to:

  • add the runtime environment (that may use another technology than JavaCard) in the TOE,

  • transform the objectives OE.RE.* into objectives for the TOE,

  • add SFRs and demonstrate that the objectives are covered.