IDPrime MD 830 with OATH & MPCOS applets FIPS 140-2 Cryptographic Module Security Policy Level 2 IDPrime MD 830 with OATH & MPCOS applets - FIPS 140-2 Cryptographic Module Security Policy Level 2 Table of Contents References ...................................................................................................................................................5  Acronyms and definitions .........................................................................................................................6  1  Introduction  ...................................................................................................................................7  . IDPrime MD Applet ......................................................................................... 8  1.1  OATH Applet 8  1.2  MPCOS Applet ............................................................................................... 9  1.3  2  Cryptographic Module Ports and Interfaces .......................................................................... 10  Hardware and Physical Cryptographic Boundary .................................................. 10  2.1  PIN assignments and contact dimensions ............................................................... 10  2.1.1  3  Cryptographic Module Specification ....................................................................................... 12  Firmware and Logical Cryptographic Boundary .................................................... 12  3.1  Versions and mode of operation ....................................................................... 13  3.2  Cryptographic functionality ............................................................................. 18  3.3  4  Platform Critical Security Parameters .................................................................................... 22  Platform Public key ........................................................................................ 22  4.1  IDPrime MD Applet Critical Security Parameters ................................................... 23  4.2  IDPrime MD Applet Public Keys ........................................................................ 24  4.3  OATH Applet Critical Security Parameters ........................................................... 26  4.4  MPCOS Applet Critical Security Parameters......................................................... 26  4.5  5  Roles, authentication and services ......................................................................................... 27  Secure Channel Protocol (SCP) Authentication .................................................... 28  5.1  IDPrime MD User authentication ....................................................................... 29  5.2  5.3  IDPrime MD Card Application Administrator authentication ..................................... 29  OATH User authentication ............................................................................... 29  5.4  OATH Card Application Administrator authentication............................................. 30  5.5  MPCOS User authentication ............................................................................. 30  5.6  MPCOS Card Application Administrator authentication .......................................... 30  5.7  MPCOS Card Application Administrator for Payment authentication .......................... 30  5.8  Platform Services .......................................................................................... 31  5.9  IDPRIME MD Services ..................................................................................... 33  5.10  OATH Services ............................................................................................. 40  5.11  MPCOS Services ........................................................................................... 43  5.12  6  Finite State Model ..................................................................................................................... 47  7  Physical security policy ............................................................................................................ 47  8  Operational Environment ......................................................................................................... 47  9  Electromagnetic interference and compatibility (EMI/EMC) ............................................... 47  10  Self-test ....................................................................................................................................... 48  Ref: R0R21531_IDPRIME MD 830_SP-L2 Rev: 1.8 28/05/2014 Page 2/50 © Copyright Gemalto 2013. May be reproduced only in its entirety [without revision]. IDPrime MD 830 with OATH & MPCOS applets - FIPS 140-2 Cryptographic Module Security Policy Level 2 Power-on self-test ......................................................................................... 48  10.1  Conditional self-tests ..................................................................................... 48  10.2  11  Design Assurance ..................................................................................................................... 49  Configuration Management .............................................................................. 49  11.1  Delivery and Operation ................................................................................... 49  11.2  Guidance Documents ..................................................................................... 49  11.3  Language level ............................................................................................. 49  11.4  12  Mitigation of other attacks policy ............................................................................................. 49  13  Security Rules and Guidance .................................................................................................. 49  Ref: R0R21531_IDPRIME MD 830_SP-L2 Rev: 1.8 28/05/2014 Page 3/50 © Copyright Gemalto 2013. May be reproduced only in its entirety [without revision]. IDPrime MD 830 with OATH & MPCOS applets - FIPS 140-2 Cryptographic Module Security Policy Level 2 Table of Tables Table 1 – References ................................................................................................... 6  Table 2 – Acronyms and Definitions .................................................................................. 6  Table 3 – Security Level of Security Requirements ................................................................ 7  Table 4 - Contact plate pad list – Interfaces ........................................................................ 11  Table 5 - Voltage and frequency ranges ............................................................................ 11  Table 6 –Versions and Mode of Operations Indicators ........................................................... 16  Table 7 – Applet Version and Software Version imput data...................................................... 17  Table 8 –Applet Version returned value ............................................................................ 17  Table 9 –Software Version returned values ........................................................................ 17  Table 10 – Applet Version and Software Version imput data .................................................... 18  Table 11 –Applet Version returned value .......................................................................... 18  Table 12 – FIPS Approved Cryptographic Functions ............................................................. 19  Table 13 – Non-FIPS Approved But Allowed Cryptographic Functions ........................................ 19  Table 14 - Platform Critical Security Parameters .................................................................. 22  Table 15 – Platform Public Keys ..................................................................................... 22  Table 16 – IDPrime MD Applet Critical Security Parameters .................................................... 24  Table 17 – IDPrime MD Applet Public Keys ........................................................................ 25  Table 18 – OATH Applet Critical Security Parameters ........................................................... 26  Table 19 – MPCOS Applet Critical Security Parameters ......................................................... 26  Table 20 - Role description ........................................................................................... 27  Table 21 - Unauthenticated Services and CSP Usage........................................................... 31  Table 22 – Authenticated Card Manager Services and CSP Usage ........................................... 32  Table 23 – IDPrime MD applet Services and CSP Usage........................................................ 38  Table 24 – MSPNP applet Services ................................................................................. 39  Table 26 – MPCOS Applet Services Access .................................................................... 46  Table 27 – Power-On Self-Test ...................................................................................... 48  Table of Figures Figure 1 – Contact module views .................................................................................... 10  Figure 2 – Contact plate example – Contact physical interface ................................................. 11  Figure 3 - Module Block Diagram .................................................................................... 12  Ref: R0R21531_IDPRIME MD 830_SP-L2 Rev: 1.8 28/05/2014 Page 4/50 © Copyright Gemalto 2013. May be reproduced only in its entirety [without revision]. IDPrime MD 830 with OATH & MPCOS applets - FIPS 140-2 Cryptographic Module Security Policy Level 2 References Acronym Full Specification Name NIST, Security Requirements for Cryptographic Modules, May 25, 2001 [FIPS140-2] GlobalPlatform Consortium: GlobalPlatform Card Specification 2.1.1, March 2003, http://www.globalplatform.org [GlobalPlatform] GlobalPlatform Consortium: GlobalPlatform Card Specification 2.1.1 Amendment A, March 2004 GlobalPlatform Consortium: GlobalPlatform Card Specification 2.2 Amendment D, Sept 2009 ISO/IEC 7816-1: 1998 Identification cards -- Integrated circuit(s) cards with contacts -- Part 1: Physical characteristics ISO/IEC 7816-2:2007 Identification cards -- Integrated circuit cards -- Part 2: Cards with contacts -- Dimensions and location of the contacts [ISO 7816] ISO/IEC 7816-3:2006 Identification cards -- Integrated circuit cards -- Part 3: Cards with contacts -- Electrical interface and transmission protocols ISO/IEC 7816-4:2005 Identification cards -- Integrated circuit cards -- Part 4: Organization, security and commands for interchange Java Card 2.2.2 Runtime Environment (JCRE) Specification Java Card 2.2.2 Virtual Machine (JCVM) Specification [JavaCard] Java Card 2.2.2 Application Programming Interface Java Card 3.0.1 Application Programming Interface [only for algos ECDSA, SHA2] Published by Sun Microsystems, March 2006 Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key [SP800-131A] Lengths, January 2011 American Bankers Association, Digital Signatures Using Reversible Public Key Cryptography for [ANS X9.31] the Financial Services Industry (rDSA), ANSI X9.31-1998 - Appendix A.2.4. NIST Special Publication 800-67, Recommendation for the Triple Data Encryption Algorithm [SP 800-67] (TDEA) Block Cipher, version 1.2, July 2011 NIST, Computer Data Authentication, FIPS Publication 113, 30 May 1985. [FIPS113] NIST, Advanced Encryption Standard (AES), FIPS Publication 197, November 26, 2001. [FIPS 197] PKCS #1 v2.1: RSA Cryptography Standard, RSA Laboratories, June 14, 2002 [PKCS#1] NIST, Digital Signature Standard (DSS), FIPS Publication 186-2, January, 2000 with Change [FIPS 186-2] Notice 1. (DSA, RSA and ECDSA) NIST Special Publication 800-56A, Recommendation for Pair-Wise Key Establishment Schemes [SP 800-56A] Using Discrete Logarithm Cryptography, March 2007 NIST, Secure Hash Standard, FIPS Publication 180-3, October 2008 [FIPS 180-3] NIST, AES Key Wrap Specification, 16 November 2001. This document defines symmetric key [AESKeyWrap] wrapping, Use of 2-Key TDEA in lieue of AES is described in [IG] D.2. NIST, Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation [IG] Program, last updated 29 June 2012. Ref: R0R21531_IDPRIME MD 830_SP-L2 Rev: 1.8 28/05/2014 Page 5/50 © Copyright Gemalto 2013. May be reproduced only in its entirety [without revision]. IDPrime MD 830 with OATH & MPCOS applets - FIPS 140-2 Cryptographic Module Security Policy Level 2 Table 1 – References Acronyms and definitions Acronym Definition GP Global Platform MMU Memory Management Unit OP Open Platform RMI Remote Method Invocation Table 2 – Acronyms and Definitions Ref: R0R21531_IDPRIME MD 830_SP-L2 Rev: 1.8 28/05/2014 Page 6/50 © Copyright Gemalto 2013. May be reproduced only in its entirety [without revision]. IDPrime MD 830 with OATH & MPCOS applets - FIPS 140-2 Cryptographic Module Security Policy Level 2 1 Introduction This document defines the Security Policy for the Gemalto IDCore30 platform and the ID Prime MD applet (IAS Classic V4.1) card called IDPrime MD 830 and herein denoted as Cryptographic Module. The Cryptographic Module or CM, validated to FIPS 140-2 overall Level 2, is a “contact-only” secure controller module implementing the Global Platform operational environment, with Card Manager, the IDPrime MD applet (associated to MSPNP applet V1.0), the OATH Applet V2.11 and the MPCOS applet V3.8. The OATH applet and the MPCOS applet are options and the CM smart card must operate with them. The CM is a limited operational environment under the FIPS 140-2 definitions. The CM includes a firmware load service to support necessary updates. New firmware versions within the scope of this validation must be validated through the FIPS 140-2 CMVP. Any other firmware loaded into this module is out of the scope of this validation and requires a separate FIPS 140-2 validation. The FIPS 140-2 security levels for the Module are as follows: Security Requirement Security Level Cryptographic Module Specification 2 Cryptographic Module Ports and Interfaces 2 Roles, Services, and Authentication 3 Finite State Model 2 Physical Security 3 Operational Environment N/A Cryptographic Key Management 2 EMI/EMC 3 Self-Tests 2 Design Assurance 3 Mitigation of Other Attacks 2 Table 3 – Security Level of Security Requirements The CM implementation is compliant with:  [ISO 7816] Parts 1-4  [JavaCard]  [GlobalPlatform] Ref: R0R21531_IDPRIME MD 830_SP-L2 Rev: 1.8 28/05/2014 Page 7/50 © Copyright Gemalto 2013. May be reproduced only in its entirety [without revision]. IDPrime MD 830 with OATH & MPCOS applets - FIPS 140-2 Cryptographic Module Security Policy Level 2 1.1 IDPrime MD Applet IDPrime MD Applet (called IAS Classic V4.1) is a Java applet that provides all the necessary functions to integrate a smart card in a public key infrastructure (PKI) system, suitable for identity and corporate security applications. It is also useful for storing information about the cardholder and any sensitive data. IDPrime MD Applet implements state–of–the–art security and conforms to the latest standards for smart cards and PKI applications. It is also fully compliant with digital signature law. The IDPrime MD Applet, designed for use on JavaCard 2.2.2 and Global Platform 2.1.1 compliant smart cards. The main features of IDPrime MD Applet are as follows:  Digital signatures—these are used to ensure the integrity and authenticity of a message. (RSA, ECDSA)  Storage of sensitive data based on security attributes  PIN management.  Secure messaging based on the triple DES (Triple-DES 2-key) and AES algorithms.  Public key cryptography, allowing for RSA keys and ECDSA keys  Storage of digital certificates—these are issued by a trusted body known as a certification authority (CA) and are typically used in PKI authentication schemes.  CVC verification  Key establishment RSA , ECDH  On board key generation (RSA, ECDSA)  Mutual authentication between IDPrime MD Applet and the terminal (Triple-DES, AES, RSA, ECDH)  Support of integrity on data to be signed.  Secure Key Injection according to Microsoft scheme. MSPNP applet is associated to IDPrime MD applet and offers:  GUID tag reading, defined in Microsoft Mini Driver specification. 1.2 OATH Applet The OATH Applet, designed for use on JavaCard 2.2.2 and Global Platform 2.1.1 compliant smart cards, provides one time password (OTP) service generation that conforms to the OATH specification for hardware tokens. The OATH Applet features:  Authentication of the OATH Applet User and the OATH Applet security officer 1. Supports global PIN based authentication.  Execution of native platform cryptographic services integrated with managed objects: 2. Two key Triple-DES encryption and decryption. 3. SHA1 secure hashing generation. 4. Pseudo-random number generation. Ref: R0R21531_IDPRIME MD 830_SP-L2 Rev: 1.8 28/05/2014 Page 8/50 © Copyright Gemalto 2013. May be reproduced only in its entirety [without revision]. IDPrime MD 830 with OATH & MPCOS applets - FIPS 140-2 Cryptographic Module Security Policy Level 2 1.3 MPCOS Applet The MPCOS applet (Multi-application Payment Chip Operating System), is an applet designed for multi- purpose and payment applications. It offers secure payment and data management And could be used in a wide range of applications as electronic purse, public applications (road pricing, health care …), multi-purpose (loyalty, retail …), or access control. The MPCOS applet features:  Basic inter-industry commands and file types  Protected by PIN (Local)  Secure messaging based on Triple-DES algorithm to protect data integrity Ref: R0R21531_IDPRIME MD 830_SP-L2 Rev: 1.8 28/05/2014 Page 9/50 © Copyright Gemalto 2013. May be reproduced only in its entirety [without revision]. IDPrime MD 830 with OATH & MPCOS applets - FIPS 140-2 Cryptographic Module Security Policy Level 2 2 Cryptographic Module Ports and Interfaces 2.1 Hardware and Physical Cryptographic Boundary The CM is designed to be embedded into plastic card bodies, with a contact plate connection. The physical form of the CM is depicted in Figure 1 (to scale), with the cryptographic boundary indicated by the red outline. The module is a single integrated circuit die wire-bonded to a frame connected to a contact plate, enclosed in epoxy and mounted in a card body. The cryptographic boundary is the contact plate surface on the top side, and the surface of the epoxy on the bottom side. The Module relies on [ISO7816] card readers as input/output devices. WORLD RLC module   Bottom View - Epoxy Top View – Contact Plate Figure 1 – Contact module views 2.1.1 PIN assignments and contact dimensions The CM conforms to the ISO 7816-1 and ISO 7816-2 specifications for physical characteristics, dimensions and contact location. The contact plate pads are assigned as shown below, with the corresponding interfaces given in Table 4. C1 C5 C2 C6 C3 C7 C4 C8 Ref: R0R21531_IDPRIME MD 830_SP-L2 Rev: 1.8 28/05/2014 Page 10/50 © Copyright Gemalto 2013. May be reproduced only in its entirety [without revision]. IDPrime MD 830 with OATH & MPCOS applets - FIPS 140-2 Cryptographic Module Security Policy Level 2 Figure 2 – Contact plate example – Contact physical interface Contact No. Logical interface type Contact No. Logical interface type C1 VCC (Supply voltage) C5 GND (Ground) C2 RST (Reset signal) C6 Not connected C3 CLK (Clock signal) C7 I/O : Data in, data out, control in, status out C4 Not connected C8 Not connected Table 4 - Contact plate pad list – Interfaces The CM conforms to the ISO 7816-3 specifications for electrical signals and transmission protocols, with voltage and frequency operating ranges as shown in Table 5. Conditions Range Voltage 1.62 V and 5.5 V Frequency 1MHz to 10MHz Table 5 - Voltage and frequency ranges Ref: R0R21531_IDPRIME MD 830_SP-L2 Rev: 1.8 28/05/2014 Page 11/50 © Copyright Gemalto 2013. May be reproduced only in its entirety [without revision]. IDPrime MD 830 with OATH & MPCOS applets - FIPS 140-2 Cryptographic Module Security Policy Level 2 3 Cryptographic Module Specification 3.1 Firmware and Logical Cryptographic Boundary Figure below depicts the Module operational environment and applets. Figure 3 - Module Block Diagram The CM supports [ISO7816] T=0 and T=1 communication protocols. The CM provides services to both external devices and internal applets as the IDPrime MD. Applets on the CM, such as IDPrime MD, have access to functionalities via internal API entry points that are not exposed to external entities. External devices have access to CM services by sending APDU commands. The CM provides an execution sandbox for the IDPrime MD Applet, the OATH Applet and the MPCOS Applet and performs the requested services according to its roles and services security policy. Ref: R0R21531_IDPRIME MD 830_SP-L2 Rev: 1.8 28/05/2014 Page 12/50 © Copyright Gemalto 2013. May be reproduced only in its entirety [without revision]. IDPrime MD 830 with OATH & MPCOS applets - FIPS 140-2 Cryptographic Module Security Policy Level 2 The CM inhibits all data output via the data output interface while the module is in error state and during self-tests. The JavaCard API is an internal interface, available to applets. Only applet services are available at the card edge (the interfaces that cross the cryptographic boundary). The Javacard Runtime Environment implements the dispatcher, registry, loader, logical channel and RMI functionalities. The Virtual Machine implements the byte code interpreter, firewall, exception management and byte code optimizer functionalities. The Card Manager is the card administration entity – allowing authorized users to manage the card content, keys, and life cycle states. The Memory Manager implements services such as memory access, allocation, deletion, garbage collector. The Communication handler deals with the implementation of ATR, PSS, T=0 and T=1 protocols. The Cryptography Libraries implement the algorithms listed in section 2. 3.2 Versions and mode of operation Hardware: SLE78CFX3009P Firmware: IDCore 30 Build 1.17, IDPrime MD Applet version V4.1.2.F with MSPNP Applet V1.0, OATH Applet V2.11 and MPCOS Applet V3.8 The CM is always in the approved mode of operation. To verify that a CM is in the approved mode of operation, select the Card Manager and send the GET DATA commands shown below: Field CLA INS P1-P2 (Tag) Le (Expected response length) Purpose Get CPLC data 9F-7F 2A Value 00 CA Identification information (proprietary tag) 01-03 1D Ref: R0R21531_IDPRIME MD 830_SP-L2 Rev: 1.8 28/05/2014 Page 13/50 © Copyright Gemalto 2013. May be reproduced only in its entirety [without revision]. IDPrime MD 830 with OATH & MPCOS applets - FIPS 140-2 Cryptographic Module Security Policy Level 2 The CM responds with the following information: G259 Mask - CPLC data (tag 9F7F) Byte Description Value Value meaning 1-2 IC fabricator Infineon 4090h 7871h 3-4 IC type SLE78CFX3009P 1291h 5-6 Operating system identifier Gemalto Operating system release date 2012 – 30th of April 7-8 2121h (YDDD) – Y=Year, DDD=Day in the year 0100h 9-10 Operating system release level V1.0 xxxxh 11-12 IC fabrication date Filled in during IC manufacturing xxxxxxxxh 13-16 IC serial number Filled in during IC manufacturing xxxxh 17-18 IC batch identifier Filled in during IC manufacturing xxxxh 19-20 IC module fabricator Filled in during module manufacturing xxxxh 21-22 IC module packaging date Filled in during module manufacturing xxxxh 23-24 ICC manufacturer Filled in during module embedding xxxxh 25-26 IC embedding date Filled in during module embedding xxxxh 27-28 IC pre-personalizer Filled in during smartcard preperso xxxxh 29-30 IC pre-personalization date Filled in during smartcard preperso xxxxxxxxh 31-34 IC pre-personalization equipment identifier Filled in during smartcard preperso xxxxh 35-36 IC personalizer Filled in during smartcard personalization xxxxh 37-38 IC personalization date Filled in during smartcard personalization xxxxxxxxh 39-42 IC personalization equipment identifier Filled in during smartcard personalization Ref: R0R21531_IDPRIME MD 830_SP-L2 Rev: 1.8 28/05/2014 Page 14/50 © Copyright Gemalto 2013. May be reproduced only in its entirety [without revision]. IDPrime MD 830 with OATH & MPCOS applets - FIPS 140-2 Cryptographic Module Security Policy Level 2 G259 Mask - Identification data (tag 0103) Byte Description Value Value meaning 1 Gemalto Family Name Javacard B0h 84h 2 Gemalto OS Name IDCore family (OA) 3 Gemalto Mask Number G259 41h 3Dh 4 Gemalto Product Name IDCore30 X is the type of SCP: 1xh for SCP0105 flows  2xh for SCP0300 flows   3xh for SCP0310 flows Y: is the version of the flow (x=1 for version 01). 5 Gemalto Flow Version XYh For instance: 11h = SCP0105 - flow 01 (version 01)  21h = SCP0300 - flow 01 (version 01)  31h = SCP0310 - flow 01 (version 01)  Major nibble: filter family = 00h  00h 6 Gemalto Filter Set Lower nibble: version of the filter = 00h  4090h 7-8 Chip Manufacturer Infineon 9-10 Chip Version SLE78CFX3009P 7871h MSByte: b8 : 1 = conformity to FIPS certificate b7 : 0 = not applicable b6 : 0 = not applicable b5 : 0 = not applicable b4 : 1 = ECC supported b3 : 1 = RSA CRT supported 8x00h 11-12 FIPS configuration b2 : 1 = RSA STD supported b1 : 1 = AES supported LSByte: b8 .. b5 : 0 = not applicable b4 : 0 = not applicable (ECC in contactless) b3 : 0 = not applicable (RSA CRT in contactless) b2 : 0 = not applicable (RSA STD in contactless) Ref: R0R21531_IDPRIME MD 830_SP-L2 Rev: 1.8 28/05/2014 Page 15/50 © Copyright Gemalto 2013. May be reproduced only in its entirety [without revision]. IDPrime MD 830 with OATH & MPCOS applets - FIPS 140-2 Cryptographic Module Security Policy Level 2 b1 : 0 = not applicable (AES in contactless) For instance: 8F 00 = FIPS enable (CT only)–AES-RSA CRT/STD-ECC (Full FIPS) 8D 00 = FIPS enable (CT only)–AES-RSA CRT-ECC (FIPS PK CRT) * 85 00 = FIPS enable (CT only)–AES-RSA CRT (FIPS RSA CRT) 00 00 = FIPS disable (CT only)–No FIPS mode (No FIPS) (* default configuration) 03 = FIPS Level 3 FIPS Level for IDPrime 13 02h 02 = FIPS Level 2 (default) MD product xx..xxh 14-29 RFU - Table 6 –Versions and Mode of Operations Indicators Ref: R0R21531_IDPRIME MD 830_SP-L2 Rev: 1.8 28/05/2014 Page 16/50 © Copyright Gemalto 2013. May be reproduced only in its entirety [without revision]. IDPrime MD 830 with OATH & MPCOS applets - FIPS 140-2 Cryptographic Module Security Policy Level 2 The IDPrimeMD 830 is identified with an applet version and a software version as follow: Field CLA INS P1-P2 (Tag) Le (Expected response length) Purpose Get Applet Version DF-30 07 Value 00 CA Get Software Version 7F-30 19 Table 7 – Applet Version and Software Version imput data The Applet version is returned without any TLV format as follows: IDPrimeMD 830 – Applet Version Data (tag DF30) Value Value Meaning Applet Version 34 2E 31 2E 32 2E 46 Display value = ‘4.1.2.F’ Table 8 –Applet Version returned value The Software Version is returned in TLV format as follows: IDPrimeMD 830 – Software Version Data (tag 7F30) Tag Length 7F30 17 Tag Length Value Value meaning Software Version C0 0E 34 2E 31 2E 32 2E 46 Display value = ‘4.1.2.F’ Applet Label 49 41 53 20 43 6C 61 73 73 69 C1 07 63 20 76 34 Display value = ‘IAS Classic v4’ Table 9 –Software Version returned values Ref: R0R21531_IDPRIME MD 830_SP-L2 Rev: 1.8 28/05/2014 Page 17/50 © Copyright Gemalto 2013. May be reproduced only in its entirety [without revision]. IDPrime MD 830 with OATH & MPCOS applets - FIPS 140-2 Cryptographic Module Security Policy Level 2 The OATH applet is identified with an applet version as follow: Field CLA INS P1-P2 (Tag) Le (Expected response length) Purpose Get Version command Value 00 E7 05-00 05 Table 10 – Applet Version and Software Version imput data The Applet version is returned without any TLV format as follows: OATH – Applet Version Data (tag 05 00) Value Value Meaning Applet Version 76 32 2E 31 31 Display value = ‘v2.11’ Table 11 –Applet Version returned value The MPCOS applet is identified with an applet version as follow: The Get Information command with P1P2 equal to 02A4h is used to get the Pre-issuing Data:  The CIV byte 38h in the card response indicates the applet version 3.8 (.14 describes the secure API version used for this Applet). 3.3 Cryptographic functionality The Module operating system implements the FIPS Approved and Non-FIPS Approved cryptographic function listed in Tables below. Algorithm Description Cert # PRNG [ANS X9.31] Pseudo Random number generator 1128 [SP 800-67] Triple Data Encryption Algorithm. The Module supports the 2- 1413 Key1 and 3-Key options; CBC and ECB modes. Note that the Module does Triple-DES not support a mechanism that would allow collection of plaintext / ciphertext pairs aside from authentication, limited in use by a counter. [FIPS 113] Triple-DES Message Authentication Code. Vendor affirmed, 1413 Triple-DES MAC based on validated Triple-DES. 1 Per NIST SP 800-131A: Through December 31, 2015, the use of 2-key Triple DES for encryption is restricted: the total number of blocks of data encrypted with the same cryptographic key shall not be greater than 220. After December 31, 2015, 2-key Triple DES shall not be used for encryption. Decryption using 2-key Triple DES is allowed for legacy-use. Ref: R0R21531_IDPRIME MD 830_SP-L2 Rev: 1.8 28/05/2014 Page 18/50 © Copyright Gemalto 2013. May be reproduced only in its entirety [without revision]. IDPrime MD 830 with OATH & MPCOS applets - FIPS 140-2 Cryptographic Module Security Policy Level 2 Algorithm Description Cert # [FIPS 197] Advanced Encryption Standard algorithm. The Module supports 2261 AES 128-, 192- and 256-bit key lengths with ECB and CBC modes. AES CMAC AES CMAC The Module supports 128-, 192- and 256-bit key lengths. 2261 [FIPS 186-3] RSA 1158 Key pair generation: 2048-bit RSA Signature generation: 2048-bit using SHA-2 Signature verification: 1024 and 2048-bit using SHA-1 and SHA-2 [FIPS 186-3] RSA 1163 Key pair generation: 2048-bit RSA CRT Signature generation: 2048-bit using SHA-2 Signature verification: 1024 and 2048-bit using SHA-1 and SHA-2 [FIPS 186-3] Elliptic Curve Digital Signature Algorithm 363 Key pair generation: P-224, P-256, P-384 and P-521 curves ECDSA Signature generation: P-224, P-256, P-384 and P-521 curves using SHA-2 Signature verification: P-192, P-224, P-256, P-384 and P-521 curves using SHA-1 and SHA-2 [SP 800-56A] The Section 5.7.1.2 ECC CDH Primitive. P-224, P-256, P-384 41 ECC-CDH and P-521 curves. SHA [FIPS 180-4] Secure Hash Standard compliant one-way (hash) algorithms. 1946 SHA-1, SHA-2 (SHA-224, SHA-256, SHA-384, SHA-512) Table 12 – FIPS Approved Cryptographic Functions Algorithm Description EC Diffie-Hellman key SP 800-56A; non-compliant - NIST defined P-224, P-256, P-384 and P-521 curves; agreement provides between 112 and 256 bits of security 2-key Triple-DES key wrapping (Cert. #1413); provides 112 bits of security2 Triple-DES key wrap AES key wrapping using 128, 192, or 256-bit keys (Cert. #2261); provides between AES key wrap 128 and 256 bits of security RSA key wrap RSA key wrapping using 2048-bit keys; provides 112 bits of security Table 13 – Non-FIPS Approved But Allowed Cryptographic Functions The CM includes an uncallable DES implementation. This algorithm is not used and no security claims are made for its presence in the Module. 2 The 112 bit claim for 2-key Triple-DES is valid because the module does not provide the means for an attacker to collect plaintext / ciphertext pairs to attempt the meet in the middle attack described in SP 800-131A. Ref: R0R21531_IDPRIME MD 830_SP-L2 Rev: 1.8 28/05/2014 Page 19/50 © Copyright Gemalto 2013. May be reproduced only in its entirety [without revision]. IDPrime MD 830 with OATH & MPCOS applets - FIPS 140-2 Cryptographic Module Security Policy Level 2 The module implements algorithms, modes and key sizes that are disallowed as of January 1, 2014 per the NIST SP 800-131A transitions. Algorithms providing less than 112 bits of security strength (Disallowed per NIST SP 800-131A) are not allowed in the FIPS Approved mode of operation for use by Federal agencies. The Disallowed algorithms, modes and key sizes are listed in the table below. Algorithm Description Cert # [FIPS 186-3] RSA 1158 Key pair generation: 1024-bit RSA Signature generation: 1024-bit using SHA-1/SHA-2 and 2048-bit using SHA-1 [FIPS 186-3] RSA 1163 Key pair generation: 1024-bit RSA CRT Signature generation: 1024-bit using SHA-1/SHA-2 and 2048-bit using SHA-1 [FIPS 186-3] Elliptic Curve Digital Signature Algorithm 363 Key pair generation: P-192 curve ECDSA Signature generation: P-192 curve using SHA-1/SHA-2; P-224, P-256, P-384 and P-521 curves using SHA-1 ECC-CDH [SP 800-56A] The Section 5.7.1.2 ECC CDH Primitive. P-192 curve. 41 EC Diffie-Hellman key NIST defined P-192 curve; provides 80 bits of security (non-compliant) N/A agreement RSA key wrapping using 1024-bit keys; provides 80 bits of security (non- N/A RSA key wrap compliant) Table 14 - Cryptographic Functions Disallowed per NIST SP 800-131A Transitions FIPS approved security functions used specifically by the IDPrime MD Applet are:  PRNG  Triple-DES  Triple-DES MAC  AES CMAC  AES  RSA  ECDSA  SHA-1, SHA-224, SHA-256, SHA-384, SHA-512  ECC-CDH (Note: no security function is used in MSPNP applet) FIPS approved security functions used specifically by the OATH Applet are:  Triple-DES  SHA-1  P-RNG Ref: R0R21531_IDPRIME MD 830_SP-L2 Rev: 1.8 28/05/2014 Page 20/50 © Copyright Gemalto 2013. May be reproduced only in its entirety [without revision]. IDPrime MD 830 with OATH & MPCOS applets - FIPS 140-2 Cryptographic Module Security Policy Level 2 FIPS approved security functions used specifically by the MPCOS Applet are:  Triple-DES  P-RNG Ref: R0R21531_IDPRIME MD 830_SP-L2 Rev: 1.8 28/05/2014 Page 21/50 © Copyright Gemalto 2013. May be reproduced only in its entirety [without revision]. IDPrime MD 830 with OATH & MPCOS applets - FIPS 140-2 Cryptographic Module Security Policy Level 2 4 Platform Critical Security Parameters All CSPs used by the CM are described in this section. All usages of these CSPs by the CM are described in the services detailed in Section 5. Key Description / Usage AES-128 random key loaded into the card during pre-personalization of the card used OS-RNG-SEED-KEY as a seed key for the [ANS X9.31] RNG implementation. 16-byte random value and 16-byte counter value used in the [ANS X9.31] RNG OS-RNG-STATE implementation. 4 to 16 bytes Global PIN value managed by the ISD. Character space is not restricted OS-GLOBALPIN by the module. 2-Key Triple-DES (SCP01/02) or AES-128/192/256 (SCP03) key used to encrypt OS- OS-MKDK GLOBALPIN value 2-Key Triple-DES (SCP01/02) or AES-128/192/256 (SCP03) Master key used by the SD-KENC CO role to generate SD-SENC 2-Key Triple-DES (SCP01/02) or AES-128/192/256 (SCP03) Master key used by the SD-KMAC CO role operator to generate SD-SMAC 2-Key Triple-DES (SCP01/02) or AES-128/192/256 (SCP03) Sensitive data decryption key used by the USR role to decrypt CSPs for SCP01/03, and used to SD-KDEK generate SD-SDEK in case of SCP02. 2-Key Triple-DES (SCP01/02) or AES-128/192/256 (SCP03) Session encryption key SD-SENC used by the CO role to encrypt / decrypt secure channel data. 2-Key Triple-DES (SCP01/02) or AES-128/192/256 (SCP03) Session MAC key used SD-SMAC by the CO role to verify inbound secure channel data integrity. 2-Key Triple-DES (SCP01) or AES-128/192/256 (SCP03) Session DEK key used by SD-SDEK the CO role to decrypt CSPs. 2-Key Triple-DES (SCP01/02) or AES-128/192/256 (SCP03) key optionally loaded in DAP-SYM the field and used to verify the signature of packages loaded into the Module. Table 15 - Platform Critical Security Parameters Keys with the “SD-“ prefix pertain to a Global Platform Security Domain key set. The module supports the Issuer Security Domain at minimum, and can be configured to support Supplemental Security Domains. 4.1 Platform Public key Key Description / Usage RSA 1024 Global Platform Data Authentication Public Key. Optionally used to verify DAP-SVK the signature of packages loaded into the Module. Table 16 – Platform Public Keys Ref: R0R21531_IDPRIME MD 830_SP-L2 Rev: 1.8 28/05/2014 Page 22/50 © Copyright Gemalto 2013. May be reproduced only in its entirety [without revision]. IDPrime MD 830 with OATH & MPCOS applets - FIPS 140-2 Cryptographic Module Security Policy Level 2 4.2 IDPrime MD Applet Critical Security Parameters Key Description / Usage IAS-SC-DKMAC-AES AES 128/192/256 Derived Key used for Mutual Authentication IAS-SC-DKENC-AES AES 128/192/256 Derived Key used for Mutual Authentication 2-Key Triple-DES Derived Key used for Mutual Authentication IAS-SC-DKMAC- TDES 2-Key Triple-DES Derived Key used for Mutual Authentication IAS-SC-DKENC- TDES IAS-SC-SMAC-AES AES 128/192/256 Session key used for Secure Messaging (MAC) IAS-SC-SENC-AES AES 128/192/256 Session key used for Secure Messaging (Decryption) IAS-SC-SMAC-TDES 2-Key Triple-DES Session key used for Secure Messaging (MAC) IAS-SC-SENC-TDES 2-Key Triple-DES Session key used for Secure Messaging (Decryption) IAS-AS-RSA* 1024-, 2048- private part of the RSA key pair used for Asymmetric Signature IAS-AS-ECDSA P-224, P-256, P-384, P-512, P-521 private part of the ECDSA key pair used for Asymmetric signature IAS-AC-RSA* 1024-, 2048- private part of the RSA key pair used for Asymmetric Cipher (key wrap, key unwrap) IAS-ECDH-ECC P-224, P-256, P-384, P-512, P-521 private part of the ECDH key pair used for shared key mechanism IAS-KG-AS-RSA* 1024-, 2048- private part of the RSA generated key pair used for Asymmetric signature IAS-KG-AS-ECDSA P-224, P-256, P-384, P-512, P-521 private part of the ECDSA generated key pair used for Asymmetric signature IAS-KG-AC-RSA* 1024-, 2048- private part of the RSA generated key pair used for Asymmetric cipher (key wrap, key unwrap) IAS-KG-AC-ECDH P-224, P-256, P-384, P-512, P-521 private part of the ECDSA generated key pair used for shared key mechanism IAS-AS-AUTH-RSA* 1024-, 2048- private part of the RSA key pair used to Authenticate the Card IAS-ECDSA-AUTH- P-224, P-256, P-384, P-512, P-521 private part of the ECDSA key used to Authenticate the ECC card IAS-SC-DES3 3-Key Triple-DES key used for authentication. IAS-SC-P-SKI-AES AES 128/192/256 Session key used for Secure Key Injection IAS-SC-T-SKI-AES AES 128/192/256 Session key used for Secure Key Injection Ref: R0R21531_IDPRIME MD 830_SP-L2 Rev: 1.8 28/05/2014 Page 23/50 © Copyright Gemalto 2013. May be reproduced only in its entirety [without revision]. IDPrime MD 830 with OATH & MPCOS applets - FIPS 140-2 Cryptographic Module Security Policy Level 2 IAS-SC-PIN-TDES 2-Key Triple-DES key used for PIN encryption (PIN History) IAS-OWNERPIN 4 to 64 byte PIN value managed by the Applet. Table 17 – IDPrime MD Applet Critical Security Parameters * CSPs impacted by the SP 800-131A algorithm transitions. It is the responsibility of the module operator to ensure that algorithms, modes, and key sizes Disallowed per NIST SP 800-131A are not used (see Table 14). 4.3 IDPrime MD Applet Public Keys Key Description / Usage IAS-KA-RSA- 1024-, 2048- RSA DH key used for Key Agreement (Session Key computation) DH* P-224, P-256, P-384, P-512, P-521 ECDH key pair used for Key Agreement (Session Key IAS-KA-ECDH computation) IASAS-CA-RSA- 1024-, 2048- CA RSA Asymmetric Public Key entered into the module used for CA certificate PUB Verification IASAS-CA- P-224, P-256, P-384, P-512, P-521 CA ECDSA Asymmetric public key entered into the module used ECDSA-PUB for CA Certificate Verification. IASAS-IFD-RSA- 1024-, 2048- IFD RSA Asymmetric Public Key entered into the module used for IFD Authentication PUB IASAS-IFD- P-224, P-256, P-384, P-512, P-521 IFD ECDSA Asymmetric public key entered into the module used ECDSA-PUB for IFD Authentication. IAS-AS-RSA- 1024, 2048- public part of RSA key pair used for Asymmetric Signature PUB IAS-AS-ECDSA- P-224, P-256, P-384, P-512, P-521 public part of ECDSA key pair used for Asymmetric signature PUB IAS-AC-RSA- 1024, 2048- public part of the RSA key pair used for Asymmetric Cipher (key wrap, key unwrap) PUB* IAS-ECDH-ECC- P-224, P-256, P-384, P-512, P-521 public part of the ECDH key pair used for shared key mechanism PUB IAS-KG-AS- 1024, 2048- public part of the RSA generated key pair used for Asymmetric signature RSA-PUB IAS-KG-AS- P-224, P-256, P-384, P-512, P-521 public part of the ECDSA generated key pair used for Asymmetric ECDSA-PUB signature IAS-KG-AC- 1024, 2048- public part of the RSA generated key pair used for Asymmetric cipher (key wrap, key RSA-PUB unwrap) IAS-KG-AC- P-224, P-256, P-384, P-512, P-521 public part of the ECDSA generated key pair used for shared key ECDH-PUB mechanism IAS-AS-AUTH- 1024, 2048 public part of the RSA key pair used to Authenticate the Card RSA-PUB Ref: R0R21531_IDPRIME MD 830_SP-L2 Rev: 1.8 28/05/2014 Page 24/50 © Copyright Gemalto 2013. May be reproduced only in its entirety [without revision]. IDPrime MD 830 with OATH & MPCOS applets - FIPS 140-2 Cryptographic Module Security Policy Level 2 IAS-ECDSA- P-224, P-256, P-384, P-512, P-521 public part of the ECDSA key used to Authenticate the card AUTH-ECC-PUB * CSPs impacted by the SP 800-131A algorithm transitions. It is the responsibility of the module operator to ensure that algorithms, modes, and key sizes Disallowed per NIST SP 800-131A are not used (see Table 14). Table 18 – IDPrime MD Applet Public Keys Ref: R0R21531_IDPRIME MD 830_SP-L2 Rev: 1.8 28/05/2014 Page 25/50 © Copyright Gemalto 2013. May be reproduced only in its entirety [without revision]. IDPrime MD 830 with OATH & MPCOS applets - FIPS 140-2 Cryptographic Module Security Policy Level 2 4.4 OATH Applet Critical Security Parameters CSP Description / Usage OTP-SC-APPLET-KMAC- 2-Key Triple-DES Applet Key used for Administrative Secure Messaging TDES (MAC) OTP-SC-APPLET-KENC- 2-Key Triple-DES Applet Key used for Administrative Decipher operation TDES (ENC) 2-Key Triple-DES Service Key used for Administrative Secure Messaging OTP-SC-SERV-KMAC-TDES (MAC) 2-Key Triple-DES Service Key used for Administrative Decipher operation OTP-SC-SERV-KENC-TDES (ENC) OTP-SC-SESSION-MAC- 2-Key Triple-DES Session Key used for Administrative Secure Messaging TDES (MAC) OTP-SC-SESSION-KENC- 2-Key Triple-DES Session Key used for Administrative Decipher operation TDES (ENC) OTP-SEED Data used as Seed for OTP generation OTP-SERVSEED Data used as Server Seed for OTP generation OTP-SC-SEED-TDES 2-Key Triple-DES Key used to diversify Seed used for OTP generation OTP-SC-SERVSEED-TDES 2-Key Triple-DES Key used to diversify Server Seed used OTP generation OTP-OWNERPIN 4 to 8 byte PIN value managed by the Applet. Table 19 – OATH Applet Critical Security Parameters 4.5 MPCOS Applet Critical Security Parameters CSP Description / Usage 2-Key Triple-DES Key used to generate a session Key for Administrative MPC-SC-ADMIN-TDES Secure Messaging (MAC and ENC) MPC-SC-PAY-TDES 2-Key Triple-DES Key used for Transaction certificates MPC-SC-MULT-TDES 2-Key Triple-DES Key used for Multi-purpose function MPC-SC-AUTH-TDES 2-Key Triple-DES Key used for Authentication MPC-SC-SIGN-TDES 2-Key Triple-DES Key used for signature 2-Key Triple-DES Session Key used as Session Key for Secure Messaging MPC-SC-SESSION-TDES and Payment MPC-SC-SAUTH-TDES 2-Key Triple-DES Key used for Authentication and Session Key generation MPC-SC-TEMP-TDES 2-Key Triple-DES Key used for Payment and Session Key generation MPC-PSWD 4 bytes Password Table 20 – MPCOS Applet Critical Security Parameters Ref: R0R21531_IDPRIME MD 830_SP-L2 Rev: 1.8 28/05/2014 Page 26/50 © Copyright Gemalto 2013. May be reproduced only in its entirety [without revision]. IDPrime MD 830 with OATH & MPCOS applets - FIPS 140-2 Cryptographic Module Security Policy Level 2 5 Roles, authentication and services Next table lists all operator roles supported by the Module. This Module does not support a maintenance role. The Module clears previous authentications on power cycle. The Module supports GP logical channels, allowing multiple concurrent operators. Authentication of each operator and their access to roles and services is as described in this section, independent of logical channel usage. Only one operator at a time is permitted on a channel. Applet de-selection (including Card Manager), card reset or power down terminates the current authentication; re-authentication is required after any of these events for access to authenticated services. Authentication data is encrypted during entry (by SD-SDEK), is stored encrypted (by OS-MKDK) and is only accessible by authenticated services. Role ID Role Description CO (Cryptographic Officer) This role is responsible for card issuance and management of card data via the Card Manager applet. Authenticated using the SCP authentication method with SD-SENC. IUSR (User) The IDPrime MD User, authenticated by the IDPrime MD applet – see below for authentication mechanism. ICAA (Card Application Administrator) The IDPrime MD Card Application Administrator authenticated by the IDPrime MD applet – see below for authentication mechanism. OUSR (User) The OATH user role is responsible for ensuring the ownership of his CM, and for not communicating his PIN to other parties. The OATH Applet authenticates the OATH user by verifying the PIN value. OCAA (Card Application Administrator) The OATH Card Application Administrator role represents an external application requesting the services offered by the OATH Applet. An applet authenticates the Application Administrator role by verifying possession of the OATH Card Application Administrator keys. MUSR (User) The MPCOS user role is responsible for ensuring the ownership of the CM, and not communicating his PIN to other parties. The MPCOS applet authenticates the MPCOS user by verifying the PIN value. MCAA (Card Application Administrator) The MPCOS Card Application Administrator role represents an external application requesting the services offered by the MPCOS Applet (Administrative, Authentication). An applet authenticates the MCAA role by verifying possession of the MPCOS Card Application Administrator keys. MCAAP (Card Application Administrator for Payment) The MPCOS Card Application Administrator for Payment role represents an external application requesting the services offered by the MPCOS Applet (Payment, Multi-purpose, Signature). An applet authenticates the MCAAP role by verifying possession of the MPCOS Card Application Administrator for Payment keys. UA Unauthenticated role Table 21 - Role description Ref: R0R21531_IDPRIME MD 830_SP-L2 Rev: 1.8 28/05/2014 Page 27/50 © Copyright Gemalto 2013. May be reproduced only in its entirety [without revision]. IDPrime MD 830 with OATH & MPCOS applets - FIPS 140-2 Cryptographic Module Security Policy Level 2 5.1 Secure Channel Protocol (SCP) Authentication for ID Prime MD CO The Open Platform Secure Channel Protocol authentication method is performed when the EXTERNAL AUTHENTICATE service is invoked after successful execution of the INITIALIZE UPDATE command. These two commands operate as described next. The SD-KENC and SD-KMAC keys are used along with other information to derive the SD-SENC and SD-SMAC keys, respectively. The SD-SENC key is used to create a cryptogram; the external entity participating in the mutual authentication also creates this cryptogram. Each participant compares the received cryptogram to the calculated cryptogram and if this succeeds, the two participants are mutually authenticated (the external entity is authenticated to the Module in the CO role). For SCP01 or SCP02 [SP 800-131A] Section A.1 provides the NIST rationale for 2-Key Triple-DES security strength. 2-Key Triple-DES is used for Global Platform secure channel operations, in which the Module derives session keys from the master keys and a handshake process, performs mutual authentication, and decrypts data for internal use only. The Module encrypts a total of one block (the mutual authentication cryptogram) over the life of the session encryption key; no decrypted data is output by the Module. The Module claims 112-bit security strength for its 2-Key Triple-DES operations, as the meet-in-the-middle attack rationale described in [SP 800-131A] does not apply unless the attacker has access to encrypt/decrypt pairs. 2-Key Triple-DES key establishment provides 112 bits of security strength. The Module uses the SD- KDEK key to decrypt critical security parameters, and does not perform encryption with this key or output data decrypted with this key.  The probability that a random attempt at authentication will succeed is 1/2^64 (based on block size)  Based on the maximum count value of the failed authentication blocking mechanism, the probability that a random attempt will succeed over a one minute period is 255/2^64 For SCP03, AES-128, AES-192 or AES-256 keys are used instead of 2-key Triple-DES. Operations are identical to those previously described. Therefore, AES key establishment provides a minimum of 128 bits of security strength. The Module uses the SD-KDEK key to decrypt critical security parameters, and does not perform encryption with this key or output data decrypted with this key. The strength of GP mutual authentication relies on AES key length: 1    for AES 16-byte-long keys;   128  2  1    for AES 24-byte-long keys;   192  2  1    for AES 32-byte-long keys;   256  2  Based on the maximum count value of the failed authentication blocking mechanism, the minimum probability that a random attempt will succeed over a one minute period is 255/2^128. Ref: R0R21531_IDPRIME MD 830_SP-L2 Rev: 1.8 28/05/2014 Page 28/50 © Copyright Gemalto 2013. May be reproduced only in its entirety [without revision]. IDPrime MD 830 with OATH & MPCOS applets - FIPS 140-2 Cryptographic Module Security Policy Level 2 5.2 IDPrime MD User authentication This authentication method compares a PIN value sent to the Module to the stored PIN values if the two values are equal, the operator is authenticated. This method is used in the IDPrime MD Applet services to authenticate to the IUSR role. The module enforces string length of 4 bytes minimum (16 bytes maximum) for the Global PIN and 8 bytes for the Session PIN. For the Global PIN, an embedded PIN Policy allows at least a combination of Numeric value (‘30’ to ‘39’) or alphabetic upper case (‘A’ to ‘Z’) or alphabetic lower case (‘a’ to z’), so the possible combination of value for the Global PIN is greater than 10^6. Then the strength of this authentication method is as follow:  The probability that a random attempt at authentication will succeed is lower than 1/10^6  Based on a maximum count of 15 for consecutive failed service authentication attempts, the probability that a random attempt will succeed over a one minute period is lower than 15/10^6 5.3 IDPrime MD Card Application Administrator authentication a) The 3-Key Triple-DES key establishment provides 168 bits of security strength. The Module uses the IAS-SC-DES3 to authenticate the ICAA role.  The probability that a random attempt at authentication will succeed is 1/2^64 (based on block size)  Based on the maximum count value of the failed authentication blocking mechanism, the probability that a random attempt will succeed over a one minute period is 255/2^64 b) PIN authentication This authentication method compares a PIN value sent to the Module to the stored OWNERPIN values if the two values are equal, the operator is authenticated. This method is used in the IDPrime MD Applet services to authenticate the ICAA role. The module enforces string length of 4 bytes minimum (64 bytes maximum). An embedded PIN Policy allows at least a combination of Numeric value (‘30’ to ‘39’) or alphabetic upper case (‘A’ to ‘Z’) or alphabetic lower case (‘a’ to z’), so the possible combination of value for the Global PIN is greater than 10^6. Then the strength of this authentication method is as follow:  The probability that a random attempt at authentication will succeed is lower than 1/10^6  Based on a maximum count of 15 for consecutive failed service authentication attempts, the probability that a random attempt will succeed over a one minute period is lower than 15/10^6 5.4 OATH User authentication PIN verification is the responsibility of the OATH Applet that defines and maintains its own security policy regarding PIN but uses the PIN management services provided by the platform. The module enforces string length of 4 bytes minimum (16 bytes maximum) for the Global PIN, allowing all characters, so the strength of this authentication method is as follow: • The probability that a random attempt at authentication will succeed is 1/256^4 • Based on a maximum count of 15 for consecutive failed service authentication attempts, the probability that a random attempt will succeed over a one minute period is 15/256^4 Ref: R0R21531_IDPRIME MD 830_SP-L2 Rev: 1.8 28/05/2014 Page 29/50 © Copyright Gemalto 2013. May be reproduced only in its entirety [without revision]. IDPrime MD 830 with OATH & MPCOS applets - FIPS 140-2 Cryptographic Module Security Policy Level 2 5.5 OATH Card Application Administrator authentication OCAA authentication is the responsibility of the OATH Applet using Mutual Authenticate command that involves verifying decryption of a challenge using the secret 2-Key Triple-DES key.  The probability that a random attempt at authentication will succeed is 1/2^64 (based on block size)  Based on the maximum rate at which the module can process authentication attempts, the probability that a random attempt will succeed over a one minute period is approximately 495/2^64 5.6 MPCOS User authentication This authentication method compares a PIN value sent to the Module to the stored PIN values if the two values are equal, the operator is authenticated. This method is used in the MPCOS Applet services to authenticate to the MUSR role. The module enforces string length of 4 bytes for the Owner PIN, allowing all characters, so the strength of this authentication method is as follow:  The probability that a random attempt at authentication will succeed is 1/256^4  Based on a maximum count of 7 for consecutive failed service authentication attempts, the probability that a random attempt will succeed over a one minute period is 7/256^4 5.7 MPCOS Card Application Administrator authentication Using the 2-Key Triple-DES key establishment provides 112 bits of security strength. The Module uses the MPC-SC-ADMIN-TDES to authenticate the MCAA role.  The probability that a random attempt at authentication will succeed is 1/2^64 (based on block size)  Based on the maximum rate at which the module can process authentication attempts, the probability that a random attempt will succeed over a one minute period is 1200/2^64 Using PIN authentication the module enforces string length of 4 bytes for the PIN, allowing all characters, so the strength of this authentication method is as follow:  The probability that a random attempt at authentication will succeed is 1/256^4  Based on a maximum count of 7 for consecutive failed service authentication attempts, the probability that a random attempt will succeed over a one minute period is 7/256^4 5.8 MPCOS Card Application Administrator for Payment authentication The 2-Key Triple-DES key establishment provides 112 bits of security strength. The Module uses the MPC-SC-PAY--TDES, the MPC-SC-MULT-TDES, or the MPC-SC-SIGN-TDES to authenticate the MCAAP role.  The probability that a random attempt at authentication will succeed is 1/2^64 (based on block size)  Based on the maximum rate at which the module can process authentication attempts, the probability that a random attempt will succeed over a one minute period is 1200/2^64 Ref: R0R21531_IDPRIME MD 830_SP-L2 Rev: 1.8 28/05/2014 Page 30/50 © Copyright Gemalto 2013. May be reproduced only in its entirety [without revision]. IDPrime MD 830 with OATH & MPCOS applets - FIPS 140-2 Cryptographic Module Security Policy Level 2 5.9 Platform Services All services implemented by the Module are listed in the tables below. Each service description also describes all usage of CSPs by the service. Service Description Power cycle the Module by removing and reinserting it into the contact reader slot, or by reader assertion of the RST signal. The Card Reset service will invoke the power on self-tests described in Section §10-Self-test. Moreover, on any card reset, the Module overwrites with zeros the RAM copy of, Card Reset OS-RNG-STATE, SD-SENC, SD-SMAC and SD-SDEK. (Self-test) The Module can also write the values of all CSPs stored in EEPROM as a consequence of restoring values in the event of card tearing or a similar event. During the self-tests, the module generates the RAM copy of OS-RNG-STATE and updates the EEPROM copy of OS-RNG-STATE. Authenticates the operator and establishes a secure channel. Must be preceded by EXTERNAL a successful INITIALIZE UPDATE. Uses SD-SENC and SD-SMAC. AUTHENTICATE Initializes the Secure Channel; to be followed by EXTERNAL AUTHENTICATE. INITIALIZE UPDATE Uses the SD-KENC, SD-KMAC and SD-KDEK master keys to generate the SD- SENC, SD-SMAC and SD-SDEK session keys, respectively. GET DATA Retrieve a single data object. Optionally uses SD-SENC, SD-SMAC (SCP). Open and close supplementary logical channels. Optionally uses SD-SENC, SD- MANAGE CHANNEL SMAC (SCP). SELECT Select an applet. Does not use CSPs. Table 22 - Unauthenticated Services and CSP Usage Ref: R0R21531_IDPRIME MD 830_SP-L2 Rev: 1.8 28/05/2014 Page 31/50 © Copyright Gemalto 2013. May be reproduced only in its entirety [without revision]. IDPrime MD 830 with OATH & MPCOS applets - FIPS 140-2 Cryptographic Module Security Policy Level 2 Service CO Description Delete an applet from EEPROM. This service is provided for the situation where an applet exists on the X DELETE card, and does not impact platform CSPs. Optionally uses SD-SENC, SD-SMAC (SCP). Retrieve information about the card. Does not use CSPs. Optionally GET STATUS X uses SD-SENC, SD-SMAC (SCP). Perform Card Content management. Optionally uses SD-SENC, SD- SMAC (SCP). INSTALL X Optionally, the Module uses the DAP-SYM key to verify the package signature. Load a load file (e.g. an applet). Optionally uses SD-SENC, SD-SMAC X LOAD (SCP). Transfer data to an application during command processing. Optionally X PUT DATA uses SD-SENC, SD-SMAC (SCP). Load Card Manager keys X PUT KEY The Module uses the SD-KDEK key to decrypt the keys to be loaded. Optionally uses SD-SENC, SD-SMAC (SCP). Modify the card or applet life cycle status. Optionally uses SD-SENC, X SET STATUS SD-SMAC (SCP). Transfer data to an application or the security domain (ISD) processing X the command. STORE DATA Optionally, updates OS-GLOBALPIN. Optionally uses SD-SENC, SD-SMAC (SCP). Monitor the memory space available on the card. Optionally uses SD- X GET MEMORY SPACE SENC, SD-SMAC (SCP). X SET ATR Change the card ATR. Optionally uses SD-SENC, SD-SMAC (SCP). Table 23 – Authenticated Card Manager Services and CSP Usage All of the above commands use the SD-SENC and SD-SMAC keys for secure channel communications, and SD-SMAC for firmware load integrity. The card life cycle state determines which modes are available for the secure channel. In the SECURED card life cycle state, all command data must be secured by at least a MAC. As specified in the GP specification, there exist earlier states (before card issuance) in which a MAC might not be necessary to send Issuer Security Domain commands. Note that the LOAD service enforces MAC usage. Ref: R0R21531_IDPRIME MD 830_SP-L2 Rev: 1.8 28/05/2014 Page 32/50 © Copyright Gemalto 2013. May be reproduced only in its entirety [without revision]. IDPrime MD 830 with OATH & MPCOS applets - FIPS 140-2 Cryptographic Module Security Policy Level 2 5.10 IDPRIME MD Services All services implemented by the IDPrime MD applet are listed in the table below. Each service description also describes all usage of CSPs by the service. Service Description ICAA IUSR UA Authenticates the external terminal to the card. Sets the secure channel mode. For symmetric keys: Must be preceded by a successful GET CHALLENGE, and uses IAS-SC-DKMAC-AES, IAS-SC-DKENC-AES, IAS-SC-DKMAC-TDES, IAS-SC-DKENC-TDES or IAS-SC-DES3, EXTERNAL X X X AUTHENTICATE to generate IAS-SC-SMAC-AES, IAS-SC-SENC- AES, IAS-SC-SMAC-TDES, IAS-SC-SENC- TDES session keys, respectively. For Asymmetric keys: Must be preceded by a successful PSO – VERIFY CERTIFICATE, and uses IASAS-IFD- RSA-PUB or IASAS-IFD-ECDSA-PUB. Authenticates the card to the terminal. Uses IAS-AS-AUTH-RSA or IAS-ECDSA-AUTH- INTERNAL ECC, with the use of: X X X AUTHENTICATE* IAS-SC-SMAC-TDES, IAS-SC-SENC-TDES, IAS-SC-SMAC-AES, or IAS-SC-SENC-AES session keys. Selects a DF or an EF by its file ID, path or name (in the case of DFs). SELECT X X X Does not use CSPs. Changes the value of a PIN. Uses OS-GLOBALPIN or IAS-OWNERPIN. CHANGE Optionally uses IAS-SC-PIN-TDES, or IAS-SC- X X REFERENCE DATA SMAC-TDES, IAS-SC-SENC-TDES, IAS-SC- SMAC-AES, or IAS-SC-SENC-AES session keys. Unblock and optionally change the value of a PIN. RESET RETRY Uses the OS-GLOBALPIN or the IAS- X COUNTER OWNERPIN. Optionally uses IAS-SC-SMAC-TDES, IAS-SC- SENC-TDES, IAS-SC-SMAC-AES, or IAS-SC- Ref: R0R21531_IDPRIME MD 830_SP-L2 Rev: 1.8 28/05/2014 Page 33/50 © Copyright Gemalto 2013. May be reproduced only in its entirety [without revision]. IDPrime MD 830 with OATH & MPCOS applets - FIPS 140-2 Cryptographic Module Security Policy Level 2 Service Description ICAA IUSR UA SENC-AES session keys. Authenticates the IUSR. Uses the OS-GLOBALPIN or the IAS- OWNERPIN. X VERIFY PIN X X Optionally uses IAS-SC-SMAC-TDES, IAS-SC- SENC-TDES, IAS-SC-SMAC-AES, or IAS-SC- SENC-AES session keys. Creates an EF under the root or the currently selected DF or creates a DF under the root. CREATE FILE X X Optionally uses IAS-SC-SMAC-TDES, IAS-SC- SENC-TDES, IAS-SC-SMAC-AES, or IAS-SC- SENC-AES session keys. Deletes the current DF or EF. Optionally uses IAS-SC-SMAC-TDES, IAS-SC- DELETE FILE X X SENC-TDES, IAS-SC-SMAC-AES, or IAS-SC- SENC-AES session keys. Deletes an RSA or ECDSA Asymmetric Key Pair: IAS-AS-RSA, IAS-AS-ECDSA, IAS-AC-RSA, IAS-ECDH-ECC, IAS-KG-AS-RSA, IAS-KG-AS- ECDSA, IAS-KG-AC-RSA, IAS-KG-AC-ECDH, DELETE IAS-AS-RSA-PUB, IAS-AS-ECDSA-PUB, IAS- ASYMMETRIC KEY X X AC-RSA-PUB, IAS-ECDH-ECC-PUB, IAS-KG- PAIR AS-RSA-PUB, IAS-KG-AS-ECDSA-PUB, IAS- KG-AC-RSA-PUB, IAS-KG-AC-ECDH-PUB. Optionally uses IAS-SC-SMAC-TDES, IAS-SC- SENC-TDES, IAS-SC-SMAC-AES, or IAS-SC- SENC-AES session keys. Erases an RSA or ELC Asymmetric Key Pair: IAS-AS-RSA, IAS-AS-ECDSA, IAS-AC-RSA, IAS-ECDH-ECC, IAS-KG-AS-RSA, IAS-KG-AS- ECDSA, IAS-KG-AC-RSA, IAS-KG-AC-ECDH, IAS-AS-RSA-PUB, IAS-AS-ECDSA-PUB, IAS- ERASE X X AC-RSA-PUB, IAS-ECDH-ECC-PUB, IAS-KG- ASYMMETRIC KEY AS-RSA-PUB, IAS-KG-AS-ECDSA-PUB, IAS- KG-AC-RSA-PUB, IAS-KG-AC-ECDH-PUB. Optionally uses IAS-SC-SMAC-TDES, IAS-SC- SENC-TDES, IAS-SC-SMAC-AES, or IAS-SC- SENC-AES session keys. Ref: R0R21531_IDPRIME MD 830_SP-L2 Rev: 1.8 28/05/2014 Page 34/50 © Copyright Gemalto 2013. May be reproduced only in its entirety [without revision]. IDPrime MD 830 with OATH & MPCOS applets - FIPS 140-2 Cryptographic Module Security Policy Level 2 Service Description ICAA IUSR UA Retrieves the following information: ■ CPLC data ■ Applet version ■ Software version (includes applet version - GET DATA BER-TLV format) X X X (IDPrime MD Applet ■ Available EEPROM memory Specific) ■ Additional applet parameters ■ PIN Policy Error Optionally uses IAS-SC-SMAC-TDES, IAS-SC- SENC-TDES, IAS-SC-SMAC-AES, or IAS-SC- SENC-AES session keys. Retrieves the following information: ■ Public key elements: IAS-AS-RSA-PUB, IAS-AS-ECDSA-PUB, IAS- AC-RSA-PUB, IAS-ECDH-ECC-PUB, IAS-KG- AS-RSA-PUB, IAS-KG-AS-ECDSA-PUB, IAS- KG-AC-RSA-PUB, IAS-KG-AC-ECDH-PUB IAS-AS-AUTH-RSA-PUB, IAS-ECDSA-AUTH- GET DATA OBJECT X X X ECC-PUB. ■ KICC: generates IAS-KA-RSA-DH. ■ The contents of a specified SE ■ Information about a specified PIN Optionally uses IAS-SC-SMAC-TDES, IAS-SC- SENC-TDES, IAS-SC-SMAC-AES, or IAS-SC- SENC-AES session keys. Creates or updates a data object ■ Create container3 ■ Update public/private keys3 PUT DATA IAS-AS-RSA, IAS-AS-ECDSA, IAS-AC-RSA, IAS-ECDH-ECC (private keys), X (IDPrime MD Applet Specific)* IAS-AS-RSA-PUB, IAS-AS-ECDSA-PUB, IAS- AC-RSA-PUB, IAS-ECDH-ECC-PUB (public keys). Optionally uses IAS-SC-SMAC-TDES, IAS-SC- SENC-TDES, IAS-SC-SMAC-AES, or IAS-SC- 3 Secure Messaging in Confidentiality is mandatory Ref: R0R21531_IDPRIME MD 830_SP-L2 Rev: 1.8 28/05/2014 Page 35/50 © Copyright Gemalto 2013. May be reproduced only in its entirety [without revision]. IDPrime MD 830 with OATH & MPCOS applets - FIPS 140-2 Cryptographic Module Security Policy Level 2 Service Description ICAA IUSR UA SENC-AES session keys (for public keys). It becomes mandatory for private keys. Creates or updates a data object ■ Access Conditions ■ Applet Parameters (Admin Key, Card Read PUT DATA Only and Admin Key Try Limit ): IAS-SC-DES3 X (IDPrime MD Applet ■ PIN info Specific) Uses IAS-SC-SMAC-TDES, IAS-SC-SENC- TDES, IAS-SC-SMAC-AES, or IAS-SC-SENC- AES session keys. Creates or updates a data object ■ Update DES or AES Secret keys3 : PUT DATA IAS-SC-DKMAC-AES, IAS-SC-DKENC-AES, X X (IDPrime MD Applet IAS-SC-DKMAC-TDES, IAS-SC-DKENC-TDES. Specific) Uses IAS-SC-SMAC-TDES, IAS-SC-SENC- TDES, IAS-SC-SMAC-AES, or IAS-SC-SENC- AES session keys. Imports securely an AES session key or RSA/ECC Key Pair (secure key injection). Uses IAS-AC-RSA-PUB or IAS-KG-AC-RSA- PUB (for encryption), and IAS-AC-RSA or IAS- PUT SECURE KEY* X KG-AC-RSA (for decryption) to store IAS-SC-T- SKI-AES into the card. Optionally uses IAS-SC-SMAC-AES, IAS-SC- SENC-AES, IAS-SC-SMAC-TDES, or IAS-SC- SENC-TDES session keys. Reads part of a binary file. Optionally uses IAS-SC-SMAC-TDES, IAS-SC- READ BINARY X X X SENC-TDES, IAS-SC-SMAC-AES, or IAS-SC- SENC-AES session keys. Erases part of a binary file. Optionally uses IAS-SC-SMAC-TDES, IAS-SC- ERASE BINARY X X SENC-TDES, IAS-SC-SMAC-AES, or IAS-SC- SENC-AES session keys. Updates part of a binary file. Optionally uses IAS-SC-SMAC-TDES, IAS-SC- UPDATE BINARY X X SENC-TDES, IAS-SC-SMAC-AES, or IAS-SC- SENC-AES session keys. Ref: R0R21531_IDPRIME MD 830_SP-L2 Rev: 1.8 28/05/2014 Page 36/50 © Copyright Gemalto 2013. May be reproduced only in its entirety [without revision]. IDPrime MD 830 with OATH & MPCOS applets - FIPS 140-2 Cryptographic Module Security Policy Level 2 Service Description ICAA IUSR UA Changes the state of a file to OPERATIONAL (DEACTIVATED). DEACTIVATE FILE X X Optionally uses IAS-SC-SMAC-TDES, IAS-SC- SENC-TDES, IAS-SC-SMAC-AES, or IAS-SC- SENC-AES session keys. Changes the state of a file to OPERATIONAL (ACTIVATED). ACTIVATE FILE X X Optionally uses IAS-SC-SMAC-TDES, IAS-SC- SENC-TDES, IAS-SC-SMAC-AES, or IAS-SC- SENC-AES session keys. Used to generate secure messaging session keys between both entities (IFD and ICC) as GENERAL part of elliptic curve asymmetric key mutual X X X AUTHENTICATE authentication. Generates IAS-KA-ECDH session key. Generates an RSA or ECDSA key pair and stores both keys in the card: IAS-KG-AS-RSA, IAS-KG-AS-ECDSA, IAS-KG- AC-RSA, IAS-KG-AC-ECDH (private keys), and GENERATE KEY X PAIR* IAS-KG-AS-RSA-PUB, IAS-KG-AS-ECDSA- PUB, IAS-KG-AC-RSA-PUB, IAS-KG-AC- ECDH-PUB (public keys). It returns the public part as its response. Sends the IFD certificate C_CV.IFD.AUT used in asymmetric key mutual authentication to the card for verification. No real reason to use it in the personalization phase, but it is allowed. Uses IAS-CA-RSA-PUB or IAS-CA-ECDSA- PSO – VERIFY PUB. CERTIFICATE X Stores IASAS-IFD-RSA-PUB or IASAS-IFD- ECDSA-PUB. To be followed by EXTERNAL AUTHENTICATE. Uses IAS-SC-SMAC-AES and IAS-SC-SENC- AES session keys (for ECC keys only). Entirely or partially hashes data prior to a PSO– Compute Digital Signature command or PSO - HASH X prepares the data if hashed externally. Does not use CSPs. Ref: R0R21531_IDPRIME MD 830_SP-L2 Rev: 1.8 28/05/2014 Page 37/50 © Copyright Gemalto 2013. May be reproduced only in its entirety [without revision]. IDPrime MD 830 with OATH & MPCOS applets - FIPS 140-2 Cryptographic Module Security Policy Level 2 Service Description ICAA IUSR UA (RSA) Deciphers an encrypted message using a decipher key stored in the card. Uses IAS-AC-RSA, IAS-KG-AC-RSA. PSO – DECIPHER* X (ECDSA) Generates a symmetric key used by the terminal. Uses IAS-ECDH-ECC, IAS-KG-AC-ECDH. Computes a digital signature. Uses IAS-AS-RSA, IAS-KG-AS-RSA, IAS-KG- PSO – COMPUTE AC-RSA, IAS-AS-ECDSA, IAS-KG-AS-ECDSA. DIGITAL X Optionally uses IAS-SC-SMAC-TDES, IAS-SC- SIGNATURE* SENC-TDES, IAS-SC-SMAC-AES, or IAS-SC- SENC-AES session keys. Tells the terminal if the card has been reset or the applet has been reselected since the previous time that the command was performed. CHECK RESET AND X X X APPLET SELECTION Generates two 4-byte-long random numbers and returns them to IFD. Does not use CSPs. Generates an 8 or 16-byte random number. GET CHALLENGE X Uses IAS-SC-SMAC-AES and IAS-SC-SENC- AES session keys (for ECC keys only). Supports two functions, Restore and Set. ■ Restore: replaces the current SE by an SE stored in the card. MANAGE SECURITY ■ Set: sets or replaces one component of the X ENVIRONMENT current SE. Optionally uses IAS-SC-SMAC-TDES, IAS-SC- SENC-TDES, IAS-SC-SMAC-AES, or IAS-SC- SENC-AES session keys. Table 24 – IDPrime MD applet Services and CSP Usage * Services impacted by the SP 800-131A algorithm transitions. It is the responsibility of the module operator to ensure that algorithms, modes, and key sizes Disallowed per NIST SP 800-131A are not used (see Table 14). Ref: R0R21531_IDPRIME MD 830_SP-L2 Rev: 1.8 28/05/2014 Page 38/50 © Copyright Gemalto 2013. May be reproduced only in its entirety [without revision]. IDPrime MD 830 with OATH & MPCOS applets - FIPS 140-2 Cryptographic Module Security Policy Level 2 All services implemented by the MSPNP applet are listed in the table below. Service Description ICAA IUSR UA Retrieves the following information: GET DATA X ■ GUID (MSPNP applet specific) Does not use CSPs. Table 25 – MSPNP applet Services Ref: R0R21531_IDPRIME MD 830_SP-L2 Rev: 1.8 28/05/2014 Page 39/50 © Copyright Gemalto 2013. May be reproduced only in its entirety [without revision]. IDPrime MD 830 with OATH & MPCOS applets - FIPS 140-2 Cryptographic Module Security Policy Level 2 5.11 OATH Services All services implemented by the OATH applet are listed in the table below. Each service description also describes all usage of CSPs by the service. Service Description OCAA OUSR UA Select an applet (managed by the SELECT X X X Platform). Does not use CSPs. Compute an OTP without verification of the COMPUTE OTP (No Pin X X X PIN. Uses OTP-SEED. verification required) Compute an OTP with verification of the COMPUTE OTP (Pin X OS-GLOBALPIN or the OTP-OWNERPIN verification required) prior the computation. Uses OTP-SEED. Get Data to retrieve OTP information:  Profile byte GET DATA (OATH Applet X X X  Display duration Specific)  URL address Does not use CSPs. Authenticates the OUSR. Uses the OS- X X X VERIFY PIN GLOBALPIN or the OTP-OWNERPIN. Get Data to retrieve OTP information: GET TOKEN DATA (Token ID,  OTP counter X X X OTP Counter)  Token ID Does not use CSPs. Get Data to retrieve OTP information. GET TOKEN DATA ( OTP, No X X X PIN) Does not use CSPs. Get Data to retrieve OTP information. X GET TOKEN DATA ( OTP, PIN) Does not use CSPs. Retrieve part of the Menu. X X X GET MENU Does not use CSPs. Retrieve the information: “Menu has been changed”? X X X IS MENU CHANGED Does not use CSPs. Retrieve the information on : GET VERSION & BATTERY X X X The version of the application.  COUNTER The applet code source version.  Ref: R0R21531_IDPRIME MD 830_SP-L2 Rev: 1.8 28/05/2014 Page 40/50 © Copyright Gemalto 2013. May be reproduced only in its entirety [without revision]. IDPrime MD 830 with OATH & MPCOS applets - FIPS 140-2 Cryptographic Module Security Policy Level 2  The BATTERY_COUNTER. Does not use CSPs. Initializes a secure channel and computes X X X internal challenge (8 bytes); to be followed GET CHALLENGE by MUTUAL AUTHENTICATE. Authenticates the OCAA and establishes a secure channel. Must be preceded by a successful GET CHALLENGE. Uses OTP-SC-APPLET-KENC-TDES, X X X MUTUAL AUTHENTICATE OTP-SC-APPLET-KMAC-TDES keys to generate OTP-SC-SESSION-KENC-TDES, OTP-SC-SESSION-KMAC-TDES session keys, respectively. Set the menu composed of menu items. Uses OTP-SC-SESSION-KENC-TDES, X PUT MENU OTP-SC-SESSION-KMAC-TDES session keys. Set the following data into the card:  OTP seed  OTP counter  Server seed  Token ID. X PUT OTP DATA & TOKEN ID Uses OTP-SC-SESSION-KENC-TDES, OTP-SC-SESSION-KMAC-TDES session keys. Updates OTP-SEED, OTP- SERVSEED using OTP-SC-SEED-TDES, OTP-SC-SERVSEED-TDES respectively. Set or Update data into the OTP referenced service. PUT DATA (OATH Applet X Uses OTP-SC-SESSION-KENC-TDES, Specific) OTP-SC-SESSION-KMAC-TDES session keys. Compute an OTP (OCRA) with verification of the OS-GLOBALPIN or the OTP- OWNERPIN prior the computation. Must be COMPUTE OCRA – One way X preceded by a successful GET challenge response (PIN) CHALLENGE for OCRA (using the challenge returned by the command and OTP counter). Compute an OTP (OCRA) without COMPUTE OCRA – One way verification of the PIN. Must be preceded X X X challenge response (No PIN) by a successful GET CHALLENGE for OCRA (using the challenge returned by the Ref: R0R21531_IDPRIME MD 830_SP-L2 Rev: 1.8 28/05/2014 Page 41/50 © Copyright Gemalto 2013. May be reproduced only in its entirety [without revision]. IDPrime MD 830 with OATH & MPCOS applets - FIPS 140-2 Cryptographic Module Security Policy Level 2 command and OTP counter). Compute an OTP (OCRA) with verification of the OS-GLOBALPIN or the OTP- COMPUTE OCRA – Response OWNERPIN prior the computation. X Only (PIN) Uses the OTP counter and optional information. Compute an OTP (OCRA) without verification of the PIN. COMPUTE OCRA – Response X X X Only (No PIN) Uses the OTP counter and optional information. Computes internal challenge (8 bytes); to be followed by Compute OCRA Challenge X X X GET CHALLENGE for OCRA Response. Compute an OTP (OCRA) with verification of the OS-GLOBALPIN or the OTP- OWNERPIN prior the computation. COMPUTE OCRA – Mutual X Challenge Response (PIN) Mutual Authentication of the client and the server, using a client-challenge & a server- challenge. Uses OTP-SERVSEED. Compute an OTP (OCRA) without verification of the PIN. COMPUTE OCRA – Mutual X X X Mutual Authentication of the client and the Challenge Response (No PIN) server, using a client-challenge & a server- challenge. Uses OTP-SERVSEED. Table 26 – OATH Applet Services Access Ref: R0R21531_IDPRIME MD 830_SP-L2 Rev: 1.8 28/05/2014 Page 42/50 © Copyright Gemalto 2013. May be reproduced only in its entirety [without revision]. IDPrime MD 830 with OATH & MPCOS applets - FIPS 140-2 Cryptographic Module Security Policy Level 2 5.12 MPCOS Services All services implemented by the MPCOS applet are listed in the table below. Each service description also describes all usage of CSPs by the service. Service MCAAP MCAA MUSR UA Description This command selects either a DF or an EF file. SELECT FILE X X X X Does not use CSPs. The Append Record command is used to format a structured file by appending (and initializing) a new record. APPEND RECORD X X X X This command is only available for Linear Fixed EF (Not allowed for Secret Code and Keys files). Optionally uses MPC-SC-SESSION-TDES (SM). The External Authenticate command is intended to make the Card authenticate the Outside World. Must be preceded by a successful GET CHALLENGE. EXTERNAL AUTH X X X X Uses MPC-SC-ADMIN-TDES key to generate MPC- SC-SESSION-TDES session keys. The Get Challenge command is the first step of an EXTERNAL AUTHENTICATE process and is used GET CHALLENGE X X X X to make the Card generate a 8 bytes long Random Number. The aim of the command is to make the Outside World authenticate the Card, by checking the INTERNAL consistency of the cryptogram. X X X X AUTHENITICATE Uses MPC-SC-AUTH-TDES key to generate MPC- SC-SAUTH-TDES session keys. This command is used to read data from the transparent file. READ BINARY X X X X This command cannot be applicable to Secret Code and Keys files. Optionally uses MPC-SC-SESSION-TDES (SM). The Read Record command is used to read data in a structured file. This command is only available for Linear Fixed EF (Not allowed for Secret Code and READ RECORD X X X X Keys files). Optionally uses MPC-SC-SESSION-TDES (SM). This command is intended to set up a Session Key SELECT FILE KEY X X X X before issuing non-payment oriented commands with Ref: R0R21531_IDPRIME MD 830_SP-L2 Rev: 1.8 28/05/2014 Page 43/50 © Copyright Gemalto 2013. May be reproduced only in its entirety [without revision]. IDPrime MD 830 with OATH & MPCOS applets - FIPS 140-2 Cryptographic Module Security Policy Level 2 Service MCAAP MCAA MUSR UA Description secure messaging. Uses MPC-SC-AUTH-TDES key to generate MPC- SC-SAUTH-TDES session keys. This command is used either to unblock or to modify (substitute) the value of an existing secret code with SET SECRET a new value. X CODE It uses and updates MPC-PSWD. Optionally uses MPC-SC-SESSION-TDES (SM). This command allows initiating the update of the bits already present in an EF with the bits given in the UPDATE BINARY command. X X X X (Non sensitive Data Optionally uses MPC-SC-SESSION-TDES (SM). file) (This command cannot be applicable to Secret Code) This command allows initiating the update of the bits already present in an EF with the bits given in the UPDATE BINARY command. X (Key File) Optionally uses MPC-SC-SESSION-TDES (SM). (This command cannot be applicable to Secret Code) The Update Record command is used to update data in a structured file. UPDATE RECORD X X X X Optionally uses MPC-SC-SESSION-TDES (SM). This command is only available for Linear Fixed EF. (Not allowed for Secret Code and Keys files) This command is used to verify secret code to give authorization for some access conditions. VERIFY X Uses the MPC-PSWD to authenticate the MUSR role. Optionally uses MPC-SC-SESSION-TDES (SM). This command allows to initiates the writing of binary WRITE BINARY values into an EF using a logical OR of the bits X X X X already present in the EF with the bits given in the (non sensitive data command. file) (This command cannot be applicable to Secret Code) This command allows to initiates the writing of binary values into an EF using a logical OR of the bits WRITE BINARY already present in the EF with the bits given in the X (Key file) command. Optionally uses MPC-SC-SESSION-TDES (SM). Ref: R0R21531_IDPRIME MD 830_SP-L2 Rev: 1.8 28/05/2014 Page 44/50 © Copyright Gemalto 2013. May be reproduced only in its entirety [without revision]. IDPrime MD 830 with OATH & MPCOS applets - FIPS 140-2 Cryptographic Module Security Policy Level 2 Service MCAAP MCAA MUSR UA Description (This command cannot be applicable to Secret Code) This command allows the retrieval of the card serial GET INFO number. The data may be obtained at any moment in X X X X a session. Does not use CSPs. This command is used to retrieve the data prepared in RAM by the previous command. It can also be GET RESPONSE X X X X issued immediately after the ATR. Does not use CSPs. This command is used to read the card serial READ MEMORY X X X X number. It may be issued at any moment during a card session. Does not use CSPs. This command is used to write the 3 bits in the lock SET CARD STATUS X X X X byte. It can be performed only once during the life cycle of the application. Does not use CSPs. Get Data for Tag 9F17 (PIN Try Counter) is to be supported to get the PIN Try Counter for Global PIN. GET DATA PTC X X X X Does not use CSPs. This command is used to credit an amount into the purse in EF purse. CREDIT X Uses either: MPC-SC-PAY-TDES, MPC-SC-MULT- TDES or MPC-SC-SIGN-TDES keys, and MPC-SC- TEMP-TDES session key. The Debit command is used to debit a purse. DEBIT X X X Uses MPC-SC-PAY-TDES key and MPC-SC-TEMP- TDES session key. The Read Balance command is used to read the balance value of a given purse. READ BALANCE X X X Uses MPC-SC-TEMP-TDES session key. This command is intended to set up a Session Key before issuing payment-oriented commands. SELECT PURSE X X X KEY Uses MPC-SC-PAY-TDES, MPC-SC-MULT-TDES or keys to generate MPC-SC-TEMP-TDES session key. This command is used to set the options of the Sign command (or to change the default options). SET OPTIONS X X X X Does not use CSPs. This command is used to make the Card compute a SIGN X X certificate of the previous transaction, based on the Ref: R0R21531_IDPRIME MD 830_SP-L2 Rev: 1.8 28/05/2014 Page 45/50 © Copyright Gemalto 2013. May be reproduced only in its entirety [without revision]. IDPrime MD 830 with OATH & MPCOS applets - FIPS 140-2 Cryptographic Module Security Policy Level 2 Service MCAAP MCAA MUSR UA Description value of the Amount parameter in RAM and (option depending) on the Balance of the currently selected Purse. Uses either: MPC-SC-SIGN-TDES, MPC-SC-PAY- TDES, or MPC-SC-MULT-TDES keys and MPC-SC- TEMP-TDES session key. The Substitute Debit command is used to cancel the previous debit performed by a terminal in a purse and to replace it with another one. The amount of this SUBSTITUTE second debit is part of the data ciphered in the X DEBIT cryptogram. Uses MPC-SC-PAY-TDES key and MPC-SC-TEMP- TDES session key. Table 27 – MPCOS Applet Services Access Ref: R0R21531_IDPRIME MD 830_SP-L2 Rev: 1.8 28/05/2014 Page 46/50 © Copyright Gemalto 2013. May be reproduced only in its entirety [without revision]. IDPrime MD 830 with OATH & MPCOS applets - FIPS 140-2 Cryptographic Module Security Policy Level 2 6 Finite State Model The CM is designed using a finite state machine model that explicitly specifies every operational and error state. The CM includes Power on/off states, Cryptographic Officer states, User services states, applet loading states, Key/PIN loading states, Self-test states, Error states, and the GP life cycle states. An additional document (Finite State Machine document) identifies and describes all the states of the module including all corresponding state transitions. 7 Physical security policy The CM is a single-chip implementation that meets commercial-grade specifications for power, temperature, reliability, and shock/vibrations. The CM uses standard passivation techniques and is protected by passive shielding (metal layer coverings opaque to the circuitry below) and active shielding (a grid of top metal layer wires with tamper response). A tamper event detected by the active shield places the Module permanently into the Card Is Killed error state. The CM is mounted in a plastic smartcard; physical inspection of the Module boundaries is not practical after mounting. Physical inspection of modules for tamper evidence is performed using a lot sampling technique during the card assembly process. The Module also provides a key to protect the Module from tamper during transport and the additional physical protections listed in Section 12 below. Hardness testing was performed at ambient temperature. No assurance is provided for Level 3 hardness conformance at any other temperature. 8 Operational Environment This section does not apply to CM. No code modifying the behavior of the CM operating system can be added after its manufacturing process. Only authorized applets can be loaded at post-issuance under control of the Cryptographic Officer. Their execution is controlled by the CM operating system following its security policy rules. 9 Electromagnetic interference and compatibility (EMI/EMC) The Module conforms to the EMI/EMC requirements specified by part 47 Code of Federal Regulations, Part 15, Subpart B, Unintentional Radiators, Digital Devices, Class B. Ref: R0R21531_IDPRIME MD 830_SP-L2 Rev: 1.8 28/05/2014 Page 47/50 © Copyright Gemalto 2013. May be reproduced only in its entirety [without revision]. IDPrime MD 830 with OATH & MPCOS applets - FIPS 140-2 Cryptographic Module Security Policy Level 2 10 Self-test 10.1 Power-on self-test Each time the CM is powered up it tests that the cryptographic algorithms still operate correctly and that sensitive data have not been damaged. Power-on self–tests are available on demand by power cycling the CM. On power-on or reset, the CM performs the self-tests described in table below. All KATs must be completed successfully prior to any other use of cryptography by the CM. If one of the KATs fails, the CM enters the Card Is Mute error state. Test Target Description 16 bit CRC performed over all code located in Flash memory (for OS, Applets and filters). Firmware Integrity RNG Performs ANSI X9.31 KAT with fixed inputs Triple-DES Performs separate encrypt and decrypt KATs using 2-Key Triple-DES in ECB mode. Performs decrypt KAT using an AES 128 key in ECB mode. AES encrypt is self-tested as an AES embedded algorithm of AES-CMAC. Performs an AES-CMAC Generate KAT using an AES 128 key. Note that AES-CMAC Verify AES-CMAC is identical to a Generate KAT (perform Generate then compare to the input) hence a single KAT verifies both functions. Performs separate RSA PKCS#1 signature and verification KATs using an RSA 2048 bit key, RSA and a RSA PKCS#1 signature KAT using the RSA CRT implementation with a 2048 bit key. ECDSA Performs a ECDSA signature and verification KATs using an ECC P-224 key. ECC CDH Performs an ECC CDH KAT using an ECC P-224 key. SHA-1 Performs a SHA-1 KAT. SHA-256 Performs a SHA-256 KAT. SHA-512 Performs a SHA-512 KAT. Table 28 – Power-On Self-Test 10.2 Conditional self-tests On every call to the [ANS X9.31] RNG, the CM performs a stuck fault test to assure that the output is different than the previous value. When any asymmetric key pair is generated (for RSA or ECC keys) the CM performs a pair-wise consistency test. When new firmware is loaded into the CM using the LOAD command, the CM verifies the integrity of the new firmware (applet) using the SD-SMAC key for MAC process. Optionally, the CM may also verify a signature of the new firmware (applet) using the DAP-RSA public key, the DAP-DES key or the DAP-AES Ref: R0R21531_IDPRIME MD 830_SP-L2 Rev: 1.8 28/05/2014 Page 48/50 © Copyright Gemalto 2013. May be reproduced only in its entirety [without revision]. IDPrime MD 830 with OATH & MPCOS applets - FIPS 140-2 Cryptographic Module Security Policy Level 2 key; the signature block in this scenario is signed by an external entity using the private key corresponding to DAP-RSA or the symmetric DAP-DES key or the DAP-AES key. 11 Design Assurance The CM meets the Level 3 Design Assurance section requirements. 11.1 Configuration Management An additional document (Configuration Management Plan document) defines the methods, mechanisms and tools that allow to identify and place under control all the data and information concerning the specification, design, implementation, generation, test and validation of the card software throughout the development and validation cycle. 11.2 Delivery and Operation Some additional documents (‘Delivery and Operation’, ‘Reference Manual’, ‘Card Initialization Specification’ documents) define and describe the steps necessary to deliver and operate the CM securely. 11.3 Guidance Documents The Guidance document provided with CM is intended to be the ‘Reference Manual’. This document includes guidance for secure operation of the CM by its users as defined in the section: Roles, authentication and services. 11.4 Language level The CM operational environment is implemented using a high level language. A limited number of software modules have been written in assembler to optimize speed or size. The Applets are Java applets designed for the Java Card environment. 12 Mitigation of other attacks policy The Module implements defenses against:  Fault attacks  Side channel analysis (Timing Analysis, SPA/DPA, Simple/Differential Electromagnetic Analysis)  Probing attacks  Card tearing 13 Security Rules and Guidance The Module implementation also enforces the following security rules:  No additional interface or service is implemented by the Module which would provide access to CSPs.  Data output is inhibited during key generation, self-tests, zeroization, and error states.  There are no restrictions on which keys or CSPs are zeroized by the zeroization service.  The Module does not support manual key entry, output plaintext CSPs or output intermediate key values.  Status information does not contain CSPs or sensitive data that if misused could lead to a compromise of the Module. Ref: R0R21531_IDPRIME MD 830_SP-L2 Rev: 1.8 28/05/2014 Page 49/50 © Copyright Gemalto 2013. May be reproduced only in its entirety [without revision]. IDPrime MD 830 with OATH & MPCOS applets - FIPS 140-2 Cryptographic Module Security Policy Level 2 END OF DOCUMENT Ref: R0R21531_IDPRIME MD 830_SP-L2 Rev: 1.8 28/05/2014 Page 50/50 © Copyright Gemalto 2013. May be reproduced only in its entirety [without revision].