HID Global Digital Identity Applet v2 on NXP JCOP 2.4.2 FIPS 140-2 Cryptographic Module Security Policy Version: 1.1 Date: January 6, 2012 © Copyright 2012 HID Global This document may be freely reproduced and distributed whole and intact including this Copyright Notice. HID Global Digital Identity Applet v2 on JCOP 2.4.2 FIPS 140-2 Security Policy Table of Contents 1  Introduction ....................................................................................................................................4  1.2  Firmware and Logical Cryptographic Boundary .......................................................... 6  1.3  Versions and mode of operation ........................................................................... 7  2  Cryptographic functionality ............................................................................................................8  2.1  Critical Security Parameters................................................................................ 8  2.2  Public keys ................................................................................................... 10  3  Roles, authentication and services .............................................................................................. 10  3.1  Secure Channel Protocol (SCP) Authentication ......................................................... 10  3.2  PIV Applet PIN Comparison Authentication ............................................................. 11  3.3  PIV Applet Symmetric Cryptographic Authentication.................................................. 11  3.4  Services ....................................................................................................... 12  4  Self‐test ........................................................................................................................................ 18  4.1  Power-on self-test .......................................................................................... 18  4.2  Conditional self-tests ....................................................................................... 18  5  Physical security policy ................................................................................................................ 18  6  Operational environment ............................................................................................................ 18  7  Electromagnetic interference and compatibility (EMI/EMC) ...................................................... 18  8  Mitigation of other attacks .......................................................................................................... 19  9  Security Rules and Guidance  ....................................................................................................... 19  . 10  References ................................................................................................................................... 20  11  Acronyms and definitions ............................................................................................................ 21  © Copyright 2012 HID Global 2 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. HID Global Digital Identity Applet v2 on JCOP 2.4.2 FIPS 140-2 Security Policy Table of Tables Table 1 – Security Level of Security Requirements ................................................................ 4  Table 2 – Ports and Interfaces ........................................................................................ 5  Table 3 –Versions and Mode of Operations Indicators ............................................................. 7  Table 4 – FIPS Approved Cryptographic Functions ................................................................. 8  Table 5 – Non-FIPS Approved But Allowed Cryptographic Functions ............................................ 8  Table 6 - Module Critical Security Parameters ..................................................................... 9  Table 7 - Public Keys .................................................................................................. 10  Table 8 - Roles description ........................................................................................... 10  Table 9 - Unauthenticated Services Available to Any Applet ................................................... 12  Table 10 – Card Manager Services and CSP Usage ................................................................. 13  Table 11 – ACA Applet Services and CSP Usage ................................................................... 14  Table 12 – GC/PKI/SKI Applet Services and CSP Usage ........................................................... 16  Table 13 – PIV Extended Applet Services and CSP Usage ........................................................ 17  Table 14 – Power-On Self-Test ....................................................................................... 18  Table 15 – References ................................................................................................. 20  Table 16 – Acronyms and Definitions ................................................................................ 21  Table of Figures Figure 1 –Physical Form and Cryptographic Boundary ............................................................. 5  Figure 2 - Module Block Diagram ..................................................................................... 6  © Copyright 2012 HID Global 3 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. HID Global Digital Identity Applet v2 on JCOP 2.4.2 FIPS 140-2 Security Policy 1 Introduction This document defines the Security Policy for the HID Global Digital Identity Applet v2 (v2.7.1) on NXP JCOP 2.4.2 cryptographic module, hereafter denoted the Module. The Module, validated to FIPS 140-2 overall Level 2, is a single chip smartcard module implementing the JavaCard platform, Global Platform operational environment, with Card Manager as well as the Digital Identity applet suite (including the PIV Extended Applet 2.7.1). The Module is intended for use by US Federal agencies and other markets that require smartcards with a [SP 800-73-3] conformant PIV End Point applet. The FIPS 140-2 security levels for the Module are as follows: Security Requirement Security Level Cryptographic Module Specification 3 Cryptographic Module Ports and Interfaces 2 Roles, Services, and Authentication 3 Finite State Model 2 Physical Security 4 Operational Environment N/A Cryptographic Key Management 2 EMI/EMC 3 Self-Tests 2 Design Assurance 3 Mitigation of Other Attacks 2 Table 1 – Security Level of Security Requirements The Module implementation is compliant with:  [ISO 7816] Parts 1-4  [ISO 14443] Parts 1-4  [JavaCard]  [GlobalPlatform]  [SP 800-73-3] Interfaces for Personal Identity Verification, Parts 1-4  [SP 800-78-3] Cryptographic Algorithms and Key Sizes for Personal Identity Verification © Copyright 2012 HID Global 4 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. HID Global Digital Identity Applet v2 on JCOP 2.4.2 FIPS 140-2 Security Policy 1.1 Hardware and Physical Cryptographic Boundary The Module is designed to be embedded into plastic card bodies, USB tokens, key fobs, Secure SD cards or SIMs, with a contact plate and contactless antenna connections. The physical form of the Module is depicted in Figure 1 (to scale); the red outline depicts the physical cryptographic boundary, representing the surface of the chip and the bond pads. The cross-hatching indicates the presence of active and passive tamper shields. In production use, the module is wire-bonded to a frame connected to a contact plate, enclosed in epoxy and mounted in a card body. The contactless ports of the module are electrically connected to an antenna embedded in the card body. The Module relies on [ISO7816] and [ISO14443] card readers as input/output devices. Figure 1 –Physical Form and Cryptographic Boundary Pad Description Logical interface type VSS, VDD ISO 7816: Power and ground Power CLK ISO 7816: Clock Control in RST_N ISO 7816: Reset Control in IO ISO 7816: Serial interface Data in, data out, control in, status out LA, LB ISO 14443: Antenna Data in, data out, control in, status out NC No connect Not used Table 2 – Ports and Interfaces © Copyright 2012 HID Global 5 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. HID Global Digital Identity Applet v2 on JCOP 2.4.2 FIPS 140-2 Security Policy 1.2 Firmware and Logical Cryptographic Boundary Figure 2 depicts the Module operational environment and applets. Figure 2 - Module Block Diagram  The ISO 7816 UART supports the T=0 and T=1 communications protocol variations  The ISO 14443 communications block supports 13.56 MHz Type A signaling (106 kbps; 212 kbps; 424 kbps; 848 kpbs using T=CL protocol)  144 KB EEPROM; 264 KB ROM; 3.58 KB RAM  ASC Library package – This is the library package that implements functions required by other applets. The library functions are not directly accessible via the cryptographic module command interface.  Access Control Applet (ACA) – This applet is responsible for Access Control Rules (ACR) definition, access control rules enforcement and secure-messaging processing for all card services. Three off-card entity authentication methods – GP secure messaging, PIN, and ActivIdentity External Authentication are included by default in the ACA applet.  KAT Applet – The applet executes self-tests not provided by the Global Platform implementation.  PKI/Generic Container/ SKI (PKI/GC/SKI) Applet – The PKI/GC/SKI Applet can be used to provide secure storage for PKI credentials, and other data that are required for implementation of card services including single sign-on applications, identity, and benefits information. This applet is responsible for RSA-based cryptographic operations using the RSA private key stored in the PKI buffers. The applet also exposes services for OTP (One Time Password) through a synchronous or asynchronous authentication  PIV EP Extended (Ext) Applet – This Applet implements SP800-73-3 (both at card-edge and data model levels) and is extended to support additional features on top of native PIV such as support of additional PKI RSA keys (example for administrator login. PKI Key Encryption Key, SSO (single sign-on) storage, SKI authentication mechanisms, etc. This applet can be instantiated in PIV EP mode (native PIV features) or in PIV Ext mode (extensions are accessible through the 800-73-3 card edge.). © Copyright 2012 HID Global 6 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. HID Global Digital Identity Applet v2 on JCOP 2.4.2 FIPS 140-2 Security Policy Section 3 describes applet functionality in greater detail. The JavaCard API is an internal interface, available to applets. Only applet services are available at the card edge (the interfaces that cross the cryptographic boundary). 1.3 Versions and mode of operation Hardware: P/N P5CD145 Firmware: JCOP 2.4.2 R0 MaskID 53 and patchID 98 , Digital Identity Applet Suite 2.7.1 The Digital Identity Applet Suite 2.7.1 includes the following applet versions: - ASCLIB: 2.7.1.2 - ACA: 2.7.1.1 - GC/PKI/SKI: 2.7.1.1 - PIV Extended: 2.7.1.1 - KAT Applet: 2.7.1.1 The module provides only a FIPS 140-2 Approved mode. To verify that a module is in the approved mode of operation, an operator sends the commands shown below. The Module responds with the following information: Command and associated elements Expected Response IDENTIFY command (with any applet selected) Mask ID 35h (Mask 53) Patch ID 62h GET PROPERTIES command (tag 24) 01 (For FIPS 140-2 L2 mode) (with ACA applet selected) Table 3 –Versions and Mode of Operations Indicators © Copyright 2012 HID Global 7 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. HID Global Digital Identity Applet v2 on JCOP 2.4.2 FIPS 140-2 Security Policy 2 Cryptographic functionality The Module operating system implements the FIPS Approved and Non-FIPS Approved but allowed cryptographic function listed in Table 4, and Table 5 below. Algorithm Description Cert # RNG [ANSI X9.31] RNG, based on the TDEA algorithm. 942 [SP 800-67] Triple Data Encryption Algorithm. The module supports the 2-Key and TDEA 1144 3-Key options; CBC and ECB modes. [FIPS113] TDEA Message Authentication Code. Vendor affirmed, based on the TDEA MAC 1144 validated TDEA above. [PKCS#1] RSA signature generation. The module follows PKCS#1 and supports RSA 885 1024- and 2048-bit RSA keys. Note that all uses of RSA follow PIV specifications, requiring hash off-card. Table 4 – FIPS Approved Cryptographic Functions Algorithm Description Hardware RNG; minimum of 8 bits per access. The HW RNG output used to seed the HW RNG FIPS approved RNG. RSA Key Gen RSA CRT key pair generation, 1024- and 2048-bit keys The module supports RSA key decryption using 2048-bit keys as described in PIV RSA Key Decrypt specifications [SP 800-73-3] and [SP 800-78-3]. Symmetric key wrapping per [AES Key Wrap], using 2-Key TDEA as allowed by FIPS Key Wrap 140 Implementation guidance D2 for key transport. Key establishment methodology provides 112 bits of encryption strength. Table 5 – Non-FIPS Approved But Allowed Cryptographic Functions Note that the module supports 2-Key TDEA. [SP 800-131A] Section A.1 provides the NIST rationale for 2- Key TDEA security strength. 2-Key TDEA is used exclusively for Global Platform secure channel operations, in which the module derives session keys from the master keys and a handshake process, performs mutual authentication, and decrypts data for internal use only. The Module encrypts a total of one block (the mutual authentication cryptogram) over the life of the session encryption key; no decrypted data is output by the module. The Module claims 112-bit security strength for its 2-Key TDEA operations, as the meet-in-the-middle attack rationale described in [SP 800-131A] does not apply unless the attacker has access to encrypt/decrypt pairs. 2-Key TDEA key establishment in this context provides 112 bits of security strength. The Module uses the SD-SKEK keys to decrypt critical security parameters, and does not perform encryption with this key or output data decrypted with this key. The module implements RSA 2048 bit key transport to decrypt a key provided by an external entity as described in the PIV [SP 800-73-3] and [SP 800-78-3] specifications (GENERAL AUTHENTICATE using an RSA Key Management (9D) Key). 2.1 Critical Security Parameters All CSPs used by the Module are described in this section. All usage of these CSPs by the Module, including all CSP lifecycle states, are described in the services detailed in Section 4. Key Description / Usage OS-SEED 64 bit random value from HW RNG used to seed the [ANSI X9.31] RNG. © Copyright 2012 HID Global 8 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. HID Global Digital Identity Applet v2 on JCOP 2.4.2 FIPS 140-2 Security Policy OS-SEED-KEY 3-key TDEA key generated by HW RNG, used for the RNG seed key OS-RNG_STATE 320 bit value; Current RNG state OS-MKEK 2-Key TDEA Master key used to encrypt all key data stored in the EEPROM. Domain Key Set (ISD or ASD) SD-KENC 2-Key TDEA Master key used by the CM role to generate SD-SENC SD-KMAC 2-Key TDEA Master key used by the CM role to generate SD-SMAC. SD-KKEK 2-Key TDEA Sensitive data decryption key used by the Module role to decrypt CSPs. 2-Key TDEA Session encryption key used by the Module role to encrypt / decrypt SD-SENC secure channel data. 2-Key TDEA Session MAC key used by the Module role to verify inbound secure channel SD-SMAC data integrity. ACA Applet Keys ACA-SPAK 2-Key or 3-Key TDEA key used by the ACA applet to authenticate the AA role (0-7 keys) GC/PKI/SKI Applet Keys RSA 1024, 2048 for general purpose Key with usage determined outside the module PKI-GPK scope 2-Key or 3-Key TDEA key used by the GC/PKI/SKI applet for one time password SKI-OTP generation (0-2 keys) PIV Keys PIV-LPIN 8 character string PIV application Local PIN PIV-PUK 8 character string PIV PIN Unblocking Key PIV-RPAK RSA 1024, 2048 PIV Authentication (9A) RSA Authentication Key PIV-SCMK 3-Key Triple DES PIV Card Management (9B) Symmetric Authentication Key PIV-RDSK RSA 2048 PIV Digital Signature (9C) RSA Private Signature Key RSA 2048 PIV Key Management (9D) RSA Key Decryption Key PIV-RKDK Up to 20 copies of this key may be stored in retired key locations ‘82’ though ‘95’. PIV-RCAK RSA 1024, 2048 Card Authentication (9E) RSA Authentication Key Table 6 - Module Critical Security Parameters All module CSPs may be zeroized by use of the SET STATUS command to set the lifecycle to TERMINATED, followed by a power cycle, i.e. removal and reinsertion of the module into the reader. © Copyright 2012 HID Global 9 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. HID Global Digital Identity Applet v2 on JCOP 2.4.2 FIPS 140-2 Security Policy 2.2 Public keys Key Description / Usage GC/PKI/SKI and PIV Public Keys RSA 1024, 2048 for general purpose Key with usage determined outside the module PKI-RGPKPUB scope PIV-RPAKPUB RSA 1024, 2048 PIV Authentication (9A) RSA Authentication Public Key PIV-RDSKPUB RSA 2048 PIV Digital Signature (9C) RSA Signature Verification Key PIV-RKDKPUB RSA 2048 PIV Authentication (9D) RSA Key Decryption Key PIV-RCAKPUB RSA 1024, 2048Card Authentication (9E) RSA Authentication Public Key Table 7 - Public Keys The  PIV  applet  specification  defines  the  generation  of  asymmetric  key  pairs  for  PIV  authentication  (9A),  digital  signature  (9C),  key  management  (9D,  with  retired  copies  in  82‐95)  and  card  authentication  (9E).  When  the  GENERATE ASYMMETRIC KEY PAIR service is called, the public keys listed above are returned by the PIV applet. An  external entity (e.g., a card management system) is responsible for packaging the public key in an X509 certificate  and storing it in the corresponding X509 certificate container in the PIV applet. The PIV applet does not make use  of the public key after generation, and does not define any other usage of public keys.  3 Roles, authentication and services Table 8 lists all operator roles supported by the module. This Module does not support a maintenance role. The Module supports multiple concurrent operators via MANAGE CHANNEL, but permits only one role to be authenticated at any time, and clears previous authentications on power cycle. Role ID Role Description CO Cryptographic Officer: This role is responsible for card issuance and management of card data via the Card Manager and Digital Identity Applet Suite. Authenticated using the SCP authentication method with SD-SENC and SD-SMAC. CH Card Holder (the User role for FIPS 140-2 validation purposes). The Card Holder uses the Module for an identity token. Authenticated in the PIV applet using the VERIFY authentication method with PIV-LPIN. AA Applet Administrator. The AA role is responsible for configuration of the PIV data using the PIV applet PUT DATA and GENERATE ASYMMETRIC KEY PAIR services. - Authenticated in the PIV applet using the PIV CMK authentication method with PIV-SCMK. PU PIN Unblocking User – this role is associated with a single PIV service, RESET RETRY COUNTER, which requires knowledge of PIV-PUK. Table 8 - Roles description 3.1 Secure Channel Protocol (SCP) Authentication The Global Platform Secure Channel Protocol authentication method is performed when the EXTERNAL AUTHENTICATE service is invoked after successful execution of the INITIALIZE UPDATE command. These two commands operate as described next. In the description below, the process is identical regardless of domain, e.g. Issuer Security Domain (ISD) or Application Security Domain (ASD). The SD-KENC and SD-KMAC keys are used along with other information to derive the SD-SENC and SD- SMAC keys, respectively. The SD-SENC key is used to create a cryptogram; the external entity participating in the mutual authentication also creates this cryptogram. Each participant compares the received cryptogram to the calculated cryptogram and if this succeeds, the two participants are mutually authenticated (the external entity is authenticated to the Module in the CO role). The EXTERNAL AUTHENTICATE process also checks the expected MAC value using the SD-SMAC. © Copyright 2012 HID Global 10 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. HID Global Digital Identity Applet v2 on JCOP 2.4.2 FIPS 140-2 Security Policy Note that the only use of the any of the domain keys for encryption is for a total of 1 block over the life of the associated SD-SENC session key. The Module’s designed encryption limitation using SD-SENC prevents the meet-in-the-middle attack described in [SP800-131A]. In accordance with [SP800-131A], the Module’s 2-Key TDEA security strength is determined to be 112 bits. Based on this strength and a 64 bit authentication data block size:  The probability that a random attempt at authentication will succeed is 1/2^64, meeting the FIPS requirement of 1/1,000,000.  Based on the maximum count value of the failed authentication blocking mechanism, the probability that a random attempt will succeed over a one minute period is 255/2^64, meeting the FIPS requirement of 1/100,000 in a one minute period. 3.2 PIV Applet PIN Comparison Authentication This authentication method compares a PIN value sent to the Module to the stored PIV-LPIN or PIV-PUK values; if the two values are equal, the operator is authenticated. This method is used in the VERIFY and CHANGE REFERENCE DATA services to authenticate to the CH role, and by the RESET RETRY COUNTER service to authenticate to the PU role. The PIV EXT applet does not support the FIPS 201 global PIN option. The strength of authentication for this authentication method depends on both internal and external factors. The Module compares all 8 characters of the PIV-LPIN or PIV-PUK value. Based on this, the strength of this authentication method is as follows:  The probability that a random attempt at authentication will succeed is 1/256^8, meeting the FIPS requirement of 1/1,000,000.  Based on the [SP800-73-3] defined maximum count of 15 for failed VERIFY or CHANGE REFERENCE DATA attempts, the probability that a random attempt will succeed over a one minute period is 15/256^8, meeting the FIPS requirement of 1/100,000 in a one minute period. Please see Section 9 for guidance on required external security procedures associated with the PIV Applet PIN Comparison authentication method. 3.3 PIV Applet Symmetric Cryptographic Authentication This authentication method decrypts (using PIV-SCMK) an encrypted challenge sent to the module by an external entity and compares the challenge to the expected value. The strength of authentication for this authentication method is based on the strength of PIV-SCMK; only 3-Key TDEA are allowed for this key, with a security strength of 112 bits, hence the associated strength of this authentication methods is:  The probability that a random attempt at authentication will succeed is 1/2^64, meeting the FIPS requirement of 1/1,000,000.  The execution of this authentication mechanism is rate limited – the module can perform no more than 2^16 attempts per minute. Therefore, the probability that a random attempt will succeed over a one minute period is 2^16/2^64, meeting the FIPS requirement of 1/100,000 in a one minute period. © Copyright 2012 HID Global 11 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. HID Global Digital Identity Applet v2 on JCOP 2.4.2 FIPS 140-2 Security Policy 3.4 Services All services implemented by the Module are listed in the tables below. Each service description also describes all usage of CSPs by the service. Service Description Power cycle the Module by removing and reinserting it into the contact reader slot, or by reader assertion of the RST signal. The Card Reset service invokes the power on self-tests as described in Section 4. Card Reset (Self-test) On any card reset, the Module overwrites OS-SEED, OS-SEED-KEY and OS-RNG_STATE. On any card reset, the card overwrites all volatile memory. Fetch remaining data to read from the Card (e.g in response to GET ACR command). CSP Usage: Does not use CSPs. GET RESPONSE Interface availability: Contact-Contactless IDENTIFY Return module information (mask identification information) Select an applet. CSP Usage: Does not use CSPs. SELECT Interface availability: Contact-Contactless Table 9 - Unauthenticated Services Available to Any Applet The UN column in the tables below indicates unauthenticated commands available in that applet. Service CO UN Description Delete an applet instance or package from EEPROM. CSP usage: Destroys all CSPs associated with the deleted applet or package by X DELETE overwriting memory. Interface availability: Contact-Contactless Authenticates the operator and establishes a secure channel. Must be preceded by a successful INITIALIZE UPDATE. X EXTERNAL AUTHENTICATE CSP Usage: Executes using SD-SENC, SD-SMAC. Interface availability: Contact-Contactless Retrieve a single data object. GET DATA CSP Usage: Does not use CSPs. X Interface availability: Contact-Contactless Retrieve information about the card. X GET STATUS CSP Usage: Does not use CSPs. Interface availability: Contact-Contactless Perform Card Content management. INSTALL X CSP Usage: Does not use CSPs. Interface availability: Contact-Contactless Initialize the Secure Channel; to be followed by EXTERNAL AUTHENTICATE. INITIALIZE UPDATE CSP Usage: Executes using SD-KENC, SD-KMAC. Writes SD-SENC, SD-SMAC. X Interface availability: Contact-Contactless LOAD X Load a load file (e.g. an applet). © Copyright 2012 HID Global 12 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. HID Global Digital Identity Applet v2 on JCOP 2.4.2 FIPS 140-2 Security Policy Service CO UN Description CSP Usage: Executes using SD-SENC, SD-SMAC. Interface availability: Contact-Contactless Opens and closes supplementary logical channels. X MANAGE CHANNEL CSP Usage: Does not use CSPs. Interface availability: Contact-Contactless Load Card Manager keys as well as the XAUT keys (like used to unblock the PIN), the RSA private key component or the SKI key for One Time Password generation. X PUT KEY CSP Usage: SD-KKEK. Writes SD-KENC, SD-KMAC, SD-KKEK. Interface availability: Contact-Contactless Modify the card or applet life cycle status. X SET STATUS CSP Usage: Does not use CSPs. Interface availability: Contact-Contactless Transfer data to an application during command processing. X STORE DATA CSP Usage: Does not use CSPs. Interface availability: Contact-Contactless Table 10 – Card Manager Services and CSP Usage Service CO CH PU AA UN Description Used in combination with a GET CHALLENGE to authenticate the AA using the AC external authenticate protocol. AC EXTERNAL X AUTHENTICATE CSP Usage: Execute with ACA-SPAK Interface availability: Contact-Contactless Create the PIN (PIV-LPIN) and PUK (PIV-PUK) in the card. It is also used to update the PUK value. X X CHANGE REFERENCE DATA CSP Usage: Write PIV-LPIN, PIV-PUK Interface availability: Contact only Authenticates the operator and establishes a secure channel. Must be preceded by a successful INITIALIZE UPDATE. EXTERNAL AUTHENTICATE X CSP Usage: Execute with SD-SENC, SD-SMAC. Interface availability: Contact only Extract the public ACR (Access Control Rule) or ACR-ID-INS or Applet table properties as configured during the card issuance process GET ACR X CSP Usage: Does not use CSPs. Interface availability: Contact-Contactless Retrieve a challenge from the card too perform a host authentication: first step of the AC EXTERNAL AUTHENTICATION process) GET CHALLENGE X CSP Usage: Does not use CSPs. Interface availability: Contact-Contactless Retrieve Applet instance properties (marked only with “public” attribute) X GET PROPERTIES CSP Usage: Does not use CSPs. Interface availability: Contact-Contactless © Copyright 2012 HID Global 13 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. HID Global Digital Identity Applet v2 on JCOP 2.4.2 FIPS 140-2 Security Policy Service CO CH PU AA UN Description Initialize the Secure Channel; to be followed by EXTERNAL AUTHENTICATE. INITIALIZE UPDATE CSP Usage: Executes using SD-KENC, SD-KMAC. Writes SD-SENC, X SD-SMAC. Interface availability: Contact only Logout all previously authenticated roles X LOGOUT CSP Usage: Does not use CSPs. Interface availability: Contact-Contactless Load XAUT keys (like used to unblock the PIN) X X PUT KEY CSP Usage: Write ACA-SPAK. Execute using SD_KKEK Interface availability: Contact only Manages the mapping between ACR-ID and actual APDU instruction as well as record the ACR definition for the applet X REGISTER ACR services CSP Usage: Does not use CSPs. Interface availability: Contact only Record applet instances to the ACA instance so that the access control and secure message service can be provided. X REGISTER APPLET CSP Usage: Does not use CSPs. Interface availability: Contact only Reset the card content (buffer content, PKI credentials, SKI keys as well the PIN/PUK) RESET CARD CSP Usage: Destroy ACA-SPAK, PIV-LPIN, PIV-PUK, PKI-GPK and X X X PKI-GPKPUB Interface availability: Contact only Used to unblock the cardholder PIN (PIV-LPIN) and restore the VERIFY service with a new counter value if the CM role is authenticated successfully. The command operates as long as X X RESET RETRY COUNTER the unblock counter has not expired. CSP Usage: Write PIV-LPIN Interface availability: Contact only Initialize the UID (unique identifier) associated with the applet instance X SET APPLICATION UID CSP Usage: Does not use CSPs. Interface availability: Contact only Modify the card or applet life cycle status X SET STATUS CSP Usage: Does not use CSPs. Interface availability: Contact only Updates the Applet properties X X X X UPDATE PROPERTIES CSP Usage: Does not use CSPs. Interface availability: Contact only Check the PIN presented by the cardholder against the current PIN. VERIFY X CSP Usage: Execute with PIV-LPIN Interface availability: Contact-Contactless Table 11 – ACA Applet Services and CSP Usage © Copyright 2012 HID Global 14 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. HID Global Digital Identity Applet v2 on JCOP 2.4.2 FIPS 140-2 Security Policy Service CO CH AA UN Description APDU is used in combination with a GET CHALLENGE to authenticate the AA using the AC external authenticate AC EXTERNAL protocol. X AUTHENTICATE CSP Usage: Use ACA-SPAK Interface availability: Contact only Authenticates the operator and establishes a secure channel. Must be preceded by a successful INITIALIZE UPDATE. X EXTERNAL AUTHENTICATE CSP Usage: Execute with SD-SENC, SD-SMAC. Interface availability: Contact only Generate an RSA Key Pair in the cryptographic module. The Private Key is associated with a PKI Applet instance. X X X GENERATE KEY CSP Usage: Write PKI-RGPK and PKI-RGPKPUB Interface availability: Contact only Retrieve a challenge from the card too perform a host authentication: first step of the AC EXTERNAL AUTHENTICATION process) GET CHALLENGE X CSP Usage: Does not use CSPs. Interface availability: Contact only Retrieve a single data object X GET DATA CSP Usage: Does not use CSPs. Interface availability: Contact-Contactless Retrieve Applet instance properties (marked only with “public” attribute) X GET PROPERTIES CSP Usage: Does not use CSPs. Interface availability: Contact-Contactless Initialize the Secure Channel; to be followed by EXTERNAL AUTHENTICATE. INITIALIZE UPDATE CSP Usage: Executes using SD-KENC, SD-KMAC. Writes SD-SENC, X SD-SMAC. Interface availability: Contact only Perform SKI operations to generate a cryptogram from the card for verification by the calling application. INTERNAL AUTHENTICATE X X CSP Usage: Execute with SKI-OTP Interface availability: Contact-Contactless Use the RSA private key in the PKI buffer to sign data. PRIVATE SIGN/DECRYPT X X CSP Usage: Execute with PKI-RGPK and PKI-RGPKPUB Interface availability: Contact-Contactless Inject the RSA private key component to the module PUT KEY CSP Usage: Write PKI-RGPK and PKI-RGPKPUB X X Interface availability: Contact only Reads binary data stored on the card READ BINARY CSP Usage: Does not use CSPs X Interface availability: Contact only X X X SET PROPERTIES Load Applet properties © Copyright 2012 HID Global 15 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. HID Global Digital Identity Applet v2 on JCOP 2.4.2 FIPS 140-2 Security Policy Service CO CH AA UN Description CSP Usage: Does not use CSPs Interface availability: Contact only Modify the card or applet life cycle status X SET STATUS CSP Usage: Does not use CSPs. Interface availability: Contact only Read the data from the selected buffer READ CERTIFICATE X X X CSP Usage: Does not use CSPs BUFFER / READ BUFFER Interface availability: Contact-Contactless Write data into the selected buffer UPDATE CERTIFICATE CSP Usage: Does not use CSPs X X X X BUFFER / UPDATE BUFFER Interface availability: Contact-Contactless Performs VERIFY authentication; executes using PIV-LPIN as specified in the APDU. VERIFY X CSP Usage: Execute with PIV-LPIN Interface availability: Contact-Contactless Table 12 – GC/PKI/SKI Applet Services and CSP Usage Service CO CH PU AA UN Description Used for: change the PIV-LPIN. Successful execution of this service is an instance of the VERIFY authentication method; that is, the CH holder has been authenticated. X CHANGE REFERENCE DATA CSP usage: PIV-LPIN: execute, update. Interface availability: Contact only. As defined in [SP 800-73-3], this service has several different usages depending on the command tags embedded in the APDU, and also on the prior execution of other commands in a protocol. Used for: AA role (9B) authentication. Does not require prior authentication. CSP usage: PIV-SCMK: execute. Interface availability: Contact only. Used for: authentication of the card to the external system. CSP usage: PIV-RCAK: execute. GENERAL AUTHENTICATE X X Interface availability: Contact or Contactless only. Used for: authentication of the PIV Applet to the external system. Requires prior authentication to the CH role. CSP usage: PIV-RPAK: execute. Interface availability: Contact only. Used for: decryption of the key provided by an external system (the key provided by the external system in the command message has been encrypted by an external system using the PIV-RKEK). Requires prior authentication to the CH role. CSP usage: PIV-RKDK: execute. X Interface availability: Contact only. © Copyright 2012 HID Global 16 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. HID Global Digital Identity Applet v2 on JCOP 2.4.2 FIPS 140-2 Security Policy Service CO CH PU AA UN Description Used for: Signing a hashed message provided by an external system. Requires authentication to the CH role in the message immediately preceding this command. CSP usage: PIV-RDSK: execute. Interface availability: Contact only. Used for: nonce generation for use as a challenge. CSP usage: OS RNG-STATE: execute. Interface availability: Contact only. Used for: When authenticated to the AA role, generates new PIV RSA keys. Writes the PIV-RPAK, PIV-RDSK, PIV-RKDK, PIV- RCAK, as designated in the APDU. When used with the PIV- RKDK only the current key location may be specified; the GENERATE ASYMMETRIC X X retired key locations ‘82’ through ‘95’ cannot be overwritten KEY PAIR with this command. CSP Usage: Execute. Interface availability: Contact only. Used for: Retrieve a single data object managed by the PIV applet access control conditions. If the VERIFY(PIN) security condition is met, access to containers with the PIN condition are allowed. Containers with the ALWAYS access control X GET DATA (PIV Variant) condition are always allowed. X CSP Usage: This service does not use any CSPs. Interface availability: Contact-Contactless Used for: An operator authenticated to the AA role can replace the contents of PIV Data objects using this APDU command. X X PUT DATA CPS Usage: This service does not use any CSPs. Interface availability: Contact only Used for: Change the PIV-LPIN. This service requires authentication of the current PIV-PUK value (i.e. authentication of the PU role) to succeed. X RESET RETRY COUNTER CSP Usage: Executes using PIV-PUK, updates the counter associated with PIV-LPIN. Interface availability: Contact only Used for: Performs VERIFY authentication; X VERIFY CSP Usage: Executes using PIV-LPIN as specified in the APDU. Interface availability: Contact only Table 13 – PIV Extended Applet Services and CSP Usage Note: The KAT Applet doesn’t have the same table as for the other applets as it doesn’t expose any APDU command except the SELECT command. © Copyright 2012 HID Global 17 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. HID Global Digital Identity Applet v2 on JCOP 2.4.2 FIPS 140-2 Security Policy 4 Self-test 4.1 Power-on self-test Each time the Module is powered up it tests that the cryptographic algorithms still operate correctly and that sensitive data have not been damaged. Power-on self–tests are available on demand by power cycling the module. On power on or reset, the Module performs the self-tests described in Table 14 below. All KATs must be completed successfully prior to any other use of cryptography by the Module. Test Target Description Firmware Integrity 16 bit CRC performed over all code located in EEPROM. RNG Performs the [ANS X9.31] RNG KAT. TDEA Performs separate encrypt and decrypt KATs using 2-Key TDEA in ECB mode. Performs separate RSA PKCS#1 signature and verification KATs using an RSA 1024 bit key. RSA Note that all uses of RSA follow PIV specifications, requiring hash off-card. Table 14 – Power-On Self-Test 4.2 Conditional self-tests On every call to the HW RNG or [ANSI X9.31] RNG, the Module performs a continuous stuck fault test to assure that the output is different than the previous value. The Module performs a pairwise consistency test when any asymmetric key pair is generated. When new firmware is loaded into the module using the LOAD command, the module verifies the integrity of the new firmware using a TDEA MAC process and the SD-SMAC key. 5 Physical security policy The Module is a single-chip implementation that meets commercial-grade specifications for power, temperature, reliability, and shock/vibrations. The Module uses standard passivation techniques and is protected by passive shielding (metal layer coverings opaque to the circuitry below) and active shielding (a grid of top metal layer wires with tamper response). A tamper event detected by the active shield places the Module permanently into the SYSTEM HALTED error state. The Module is intended to be mounted in a plastic smartcard or other package as described in Section 1; physical inspection of the module boundary is not practical after mounting. Physical inspection of modules for tamper evidence is performed using a lot sampling technique during the card assembly process. 6 Operational environment The Module is designated as a limited operational environment under the FIPS 140-2 definitions. The Module includes a firmware load service to support necessary updates. New firmware versions within the scope of this validation must be validated through the FIPS 140-2 CMVP. Any other firmware loaded into this module is out of the scope of this validation and require a separate FIPS 140-2 validation. 7 Electromagnetic interference and compatibility (EMI/EMC) The Module conforms to the EMI/EMC requirements specified by part 47 Code of Federal Regulations, Part 15, Subpart B, Unintentional Radiators, Digital Devices, Class B. © Copyright 2012 HID Global 18 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. HID Global Digital Identity Applet v2 on JCOP 2.4.2 FIPS 140-2 Security Policy 8 Mitigation of other attacks The Module implements defenses against:  Light attacks  Invasive fault attacks  Side-channel attacks (SPA/DPA)  Timing analysis  Differential fault analysis (DFA) 9 Security Rules and Guidance The Module implementation also enforces the following security rules:  No additional interface or service is implemented by the Module which would provide access to CSPs.  Data output is inhibited during key generation, self-tests, zeroization, and error states.  There are no restrictions on which keys or CSPs are zeroized by the zeroization service.  The module does not support manual key entry, output plaintext CSPs or output intermediate key values.  Status information does not contain CSPs or sensitive data that if misused could lead to a compromise of the module. In addition, the following guidance must be followed to operate the Module within the conditions describes any further rules for using the module in accordance with the conditions of the FIPS 140-2 validation.  PIV Applet administrators are required to procedurally enforce usage policy that ensures end user’s PIV PIN values meet the conditions as described in [SP80073-3-3] and that the selected PIN values also meet the FIPS 140-2 security strength of 1/1,000,000. © Copyright 2012 HID Global 19 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. HID Global Digital Identity Applet v2 on JCOP 2.4.2 FIPS 140-2 Security Policy 10 References The following standards are referred to in this Security Policy. Acronym Full Specification Name [FIPS140-2] Security Requirements for Cryptographic Modules, May 25, 2001 [FIPS201-1] Personal Identity Verification (PIV) Of Federal Employees and Contractors, March 2006 [ISO 7816] ISO/IEC 7816-1: 1998 Identification cards -- Integrated circuit(s) cards with contacts -- Part 1: Physical characteristics ISO/IEC 7816-2:2007 Identification cards -- Integrated circuit cards -- Part 2: Cards with contacts -- Dimensions and location of the contacts ISO/IEC 7816-3:2006 Identification cards -- Integrated circuit cards -- Part 3: Cards with contacts -- Electrical interface and transmission protocols ISO/IEC 7816-4:2005 Identification cards -- Integrated circuit cards -- Part 4: Organization, security and commands for interchange [ISO 14443] ISO/IEC 14443-1:2008 Identification cards -- Contactless integrated circuit cards -- Proximity cards -- Part 1: Physical characteristics ISO/IEC 14443-2:2001 Identification cards -- Contactless integrated circuit(s) cards -- Proximity cards -- Part 2: Radio frequency power and signal interface ISO/IEC 14443-3:2001 Identification cards -- Contactless integrated circuit(s) cards -- Proximity cards -- Part 3: Initialization and anticollision ISO/IEC 14443-4:2008 Identification cards -- Contactless integrated circuit cards -- Proximity cards -- Part 4: Transmission protocol [JavaCard] Please cite the correct document [GlobalPlatform] GlobalPlatform Consortium: GlobalPlatform Card Specification 2.1.1, March 2003, http://www.globalplatform.org GlobalPlatform Consortium: GlobalPlatform Card Specification 2.1.1 Amendment A, March 2004 [SP800-131A] Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths, January 2011 [SP800-73-3] Interfaces for Personal Identity Verification - Part 1: End-Point PIV Card Application Namespace, Data Model and Representation, February 2010 Interfaces for Personal Identity Verification - Part 2: End-Point PIV Card Application Card Command Interface, February 2010 [SP800-78-3] Cryptographic Algorithms and Key Sizes for Personal Identity Verification, December 2010 [FIPS 140-2 IG] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program, March 2011 [AES Key Wrap] AES Key Wrap Specification, 16 November 2001, NIST Table 15 – References © Copyright 2012 HID Global 20 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. HID Global Digital Identity Applet v2 on JCOP 2.4.2 FIPS 140-2 Security Policy 11 Acronyms and definitions Acronym Definition ACA Access Control Applet APDU Application Protocol Data Unit GP Global Platform KAT Known Answer Test MMU Memory Management Unit PUK Pin Unblocking Key RSA Rivest Shamir and Adelman XAUT External Authentication Table 16 – Acronyms and Definitions © Copyright 2012 HID Global 21 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.