Cybersecurity technology –
Security specifications for IC card chip with CPU
1 Scope
This document gives a description of IC card chip with CPU, specifies security issues, security purposes, extended components, security requirements, and describes the test methods of corresponding security functional requirements and the evaluation methods of security assurance requirements.
This document is applicable to the test and evaluation activities of products of IC card chip with CPU, and is also used to guide the research and development of such products.
2 Normative references
The following normative documents contain provisions which, through reference in this text, constitute provisions of this standard. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 18336.1 Cybersecurity technology - Evaluation criteria for IT security - Part 1: Introduction and general model
GB/T 18336.2 Cybersecurity technology - Evaluation criteria for IT security - Part 2: Security functional components
GB/T 18336.3 Cybersecurity technology - Evaluation criteria for IT security - Part 3: Security assurance components
GB/T 25069 Information security technology - Glossary
GB/T 30270 Cybersecurity technology - Methodology for IT security evaluation
GB/T 32915 Information security technology - Randomness test methods for binary sequence
ISO/IEC 17825: 2024 Information technology – Security techniques – Testing methods for the mitigation of non-invasive attack classes against cryptographic modules
ISO/IEC18033 (all parts) Information security – Encryption algorithms
3 Terms and definitions
For the purposes of this document, the terms and definitions given in GB/T 25069 and GB/T 18336.1 and the following apply.
3.1
target of evaluation; TOE
subject of software, which is a collection of software, firmware and/or hardware
Note: TOE in this document refers to IC card chip with CPU, referred to as "IC card chip".
[Source: GB/T 18336.1, 3.53, modified]
3.2
IC dedicated software
dedicated software developed by IC card chip designer and existing in IC card integrated circuit
Note: Usually used for testing purposes during production, and may also be used to provide additional services to facilitate usage of the hardware. Some functions of the dedicated testing software are limited to specific stages
3.3
initialization data
data specified by the IC card chip manufacturer and used to identify the chip in order to track the production process and life cycle stage
Note: Such as the unique identification number of IC card chip.
3.4
pre⁃personalization data
data written into the nonvolatile memory by the manufacturer in the IC card chip manufacturing stage
3.5
IC card embedded software
software stored in the non-volatile memory of the IC card with CPU (such as ROM, EEPROM or Flash) and running in IC card chip
Note: Used to manage the hardware resources and data of the chip, and exchange information with IC card terminal device through the communication interface of the chip, so as to respond to application requests such as data encryption, data signature and authentication initiated by users, and realize the support of application functions.
3.6
security target; ST
implementation-dependent representation of the security requirements for a particular identified target of evaluation (TOE)
[Source: GB/T 25069, 3.17, modified]
3.7
side⁃channel analysis
technology for extracting secret information by capturing side-channel information associated with algorithm data or operations leaked when an IC card chip executes a cryptographic algorithm
3.8
fault⁃injection analysis
technology that uses voltage fault-injection, clock glitch injection, electromagnetic pulse injection, laser injection and other methods to induce faults inside the IC card chip, causing errors in the code, system data or execution process of the IC card chip, and changing the operating behavior of the IC card chip
3.9
invasive analysis
technology that uses IC card chip failure analysis and semiconductor reverse engineering technologies to physically slice the IC card chip, obtain the design information of the IC card chip, and then detect sensitive information
4 Abbreviations
For the purposes of this document, the following abbreviations apply.
CM: configuration management
CNN: convolutional neural network
CPU: central processing unit
DEMA: differential electromagnetism analysis
DPA: differential power analysis
EAL: evaluation assurance level
EEPROM: electrically⁃erasable programmable read⁃only memory
IC: integrated circuit
ICA: independent component analysis
I/O: input/output
IT: information technology
Foreword i
Introduction iii
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviations
5 Description of IC card chip
6 Security issue
6.1 Assets
6.2 Threats
6.3 Security policies and assumptions
7 Security objectives
7.1 Security objectives for TOE
7.2 Security objectives for environment
8 Extended component
8.1 Family FPT_EMS
8.2 Family FPT_TST
9 Security requirements
9.1 General
9.2 Security functional requirements
9.3 Security assurance requirements
10 Security functional requirement test method
10.1 General
10.2 Cryptographic key generation
10.3 Cryptographic operation
10.4 Random number generation
10.5 Subset access control
10.6 Security attribute based access control
10.7 Subset information flow control
10.8 Basic internal transfer protection
10.9 Stored data integrity monitoring
10.10 Stored data integrity monitoring and action
10.11 Timing of authentication
10.12 Authentication failure handling
10.13 Limited capabilities
10.14 Limited availability
10.15 Security attribute management
10.16 Static attribute initialization
10.17 Management of TSF data
10.18 Management function
10.19 Security roles
10.20 Failure with preservation of secure state
10.21 Basic protection of internal TSF data transmission
10.22 Resistance to physical attack
10.23 Disclosure of use of TSF data and user data
10.24 Combination of information leakage
10.25 Subset TSF testing
10.26 Limited fault tolerance
11 Evaluation methods for security assurance requirements
11.1 General
11.2 Vulnerability analysis (AVA_VAN)
Annex A (Informative) Guidelines for attack potential calculation
A.1 General rules
A.2 Identification and implementation of attacks
A.3 Factors for attack potential calculation
A.4 Scoring rules for attack potential
Annex B (Informative) Side-channel analysis
B.1 General
B.2 Test methods of single-source information leakage
B.3 Test methods of information leakage fusion
B.4 Side-channel analysis methods for vulnerability analysis
Annex C (Informative) Side-channel analysis capability calibration
C.1 General
C.2 Symbol description and analysis conditions
C.3 Usage instructions
Annex D (Informative) Fault-injection analysis
Annex E (Informative) Invasive analysis
Bibliography
Standard
GB/T 22186-2026 Cybersecurity technology—Security specifications for IC card chip with CPU (English Version)
Standard No.
GB/T 22186-2026
Status
valid
Language
English
File Format
PDF
Word Count
20000 words
Price(USD)
600.0
Implemented on
2026-11-1
Delivery
via email in 1 business day
Detail of GB/T 22186-2026
Standard No.
GB/T 22186-2026
English Name
Cybersecurity technology—Security specifications for IC card chip with CPU
Cybersecurity technology –
Security specifications for IC card chip with CPU
1 Scope
This document gives a description of IC card chip with CPU, specifies security issues, security purposes, extended components, security requirements, and describes the test methods of corresponding security functional requirements and the evaluation methods of security assurance requirements.
This document is applicable to the test and evaluation activities of products of IC card chip with CPU, and is also used to guide the research and development of such products.
2 Normative references
The following normative documents contain provisions which, through reference in this text, constitute provisions of this standard. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 18336.1 Cybersecurity technology - Evaluation criteria for IT security - Part 1: Introduction and general model
GB/T 18336.2 Cybersecurity technology - Evaluation criteria for IT security - Part 2: Security functional components
GB/T 18336.3 Cybersecurity technology - Evaluation criteria for IT security - Part 3: Security assurance components
GB/T 25069 Information security technology - Glossary
GB/T 30270 Cybersecurity technology - Methodology for IT security evaluation
GB/T 32915 Information security technology - Randomness test methods for binary sequence
ISO/IEC 17825: 2024 Information technology – Security techniques – Testing methods for the mitigation of non-invasive attack classes against cryptographic modules
ISO/IEC18033 (all parts) Information security – Encryption algorithms
3 Terms and definitions
For the purposes of this document, the terms and definitions given in GB/T 25069 and GB/T 18336.1 and the following apply.
3.1
target of evaluation; TOE
subject of software, which is a collection of software, firmware and/or hardware
Note: TOE in this document refers to IC card chip with CPU, referred to as "IC card chip".
[Source: GB/T 18336.1, 3.53, modified]
3.2
IC dedicated software
dedicated software developed by IC card chip designer and existing in IC card integrated circuit
Note: Usually used for testing purposes during production, and may also be used to provide additional services to facilitate usage of the hardware. Some functions of the dedicated testing software are limited to specific stages
3.3
initialization data
data specified by the IC card chip manufacturer and used to identify the chip in order to track the production process and life cycle stage
Note: Such as the unique identification number of IC card chip.
3.4
pre⁃personalization data
data written into the nonvolatile memory by the manufacturer in the IC card chip manufacturing stage
3.5
IC card embedded software
software stored in the non-volatile memory of the IC card with CPU (such as ROM, EEPROM or Flash) and running in IC card chip
Note: Used to manage the hardware resources and data of the chip, and exchange information with IC card terminal device through the communication interface of the chip, so as to respond to application requests such as data encryption, data signature and authentication initiated by users, and realize the support of application functions.
3.6
security target; ST
implementation-dependent representation of the security requirements for a particular identified target of evaluation (TOE)
[Source: GB/T 25069, 3.17, modified]
3.7
side⁃channel analysis
technology for extracting secret information by capturing side-channel information associated with algorithm data or operations leaked when an IC card chip executes a cryptographic algorithm
3.8
fault⁃injection analysis
technology that uses voltage fault-injection, clock glitch injection, electromagnetic pulse injection, laser injection and other methods to induce faults inside the IC card chip, causing errors in the code, system data or execution process of the IC card chip, and changing the operating behavior of the IC card chip
3.9
invasive analysis
technology that uses IC card chip failure analysis and semiconductor reverse engineering technologies to physically slice the IC card chip, obtain the design information of the IC card chip, and then detect sensitive information
4 Abbreviations
For the purposes of this document, the following abbreviations apply.
CM: configuration management
CNN: convolutional neural network
CPU: central processing unit
DEMA: differential electromagnetism analysis
DPA: differential power analysis
EAL: evaluation assurance level
EEPROM: electrically⁃erasable programmable read⁃only memory
IC: integrated circuit
ICA: independent component analysis
I/O: input/output
IT: information technology
Contents of GB/T 22186-2026
Foreword i
Introduction iii
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviations
5 Description of IC card chip
6 Security issue
6.1 Assets
6.2 Threats
6.3 Security policies and assumptions
7 Security objectives
7.1 Security objectives for TOE
7.2 Security objectives for environment
8 Extended component
8.1 Family FPT_EMS
8.2 Family FPT_TST
9 Security requirements
9.1 General
9.2 Security functional requirements
9.3 Security assurance requirements
10 Security functional requirement test method
10.1 General
10.2 Cryptographic key generation
10.3 Cryptographic operation
10.4 Random number generation
10.5 Subset access control
10.6 Security attribute based access control
10.7 Subset information flow control
10.8 Basic internal transfer protection
10.9 Stored data integrity monitoring
10.10 Stored data integrity monitoring and action
10.11 Timing of authentication
10.12 Authentication failure handling
10.13 Limited capabilities
10.14 Limited availability
10.15 Security attribute management
10.16 Static attribute initialization
10.17 Management of TSF data
10.18 Management function
10.19 Security roles
10.20 Failure with preservation of secure state
10.21 Basic protection of internal TSF data transmission
10.22 Resistance to physical attack
10.23 Disclosure of use of TSF data and user data
10.24 Combination of information leakage
10.25 Subset TSF testing
10.26 Limited fault tolerance
11 Evaluation methods for security assurance requirements
11.1 General
11.2 Vulnerability analysis (AVA_VAN)
Annex A (Informative) Guidelines for attack potential calculation
A.1 General rules
A.2 Identification and implementation of attacks
A.3 Factors for attack potential calculation
A.4 Scoring rules for attack potential
Annex B (Informative) Side-channel analysis
B.1 General
B.2 Test methods of single-source information leakage
B.3 Test methods of information leakage fusion
B.4 Side-channel analysis methods for vulnerability analysis
Annex C (Informative) Side-channel analysis capability calibration
C.1 General
C.2 Symbol description and analysis conditions
C.3 Usage instructions
Annex D (Informative) Fault-injection analysis
Annex E (Informative) Invasive analysis
Bibliography
