FEITIAN Technologies Company, LTD ePass Token Hardware Version: 1.0.0 FIPS 140-2 Non-Proprietary Security Policy FIPS Security Level: 3 Document Version: 1.0 Prepared for: Prepared by: FEITIAN Technologies Company, LTD Corsec Security, Inc. Floor 17th, Tower B, Huizhi Mansion 13135 Lee Jackson Memorial Highway No.9 Xueqing Road Suite 220 Haidian District, Beijing 100085 Fairfax, Virginia 22033 China United States of America Phone: +(86) 010-62304466 Phone: +1 (703) 267-6050 Email: world.sales@ftsafe.com Email: info@corsec.com http://www.FTSafe.com http://www.corsec.com Security Policy, Version 1.0 July 1, 2014 Table of Contents 1 INTRODUCTION ................................................................................................................... 3 1.1 PURPOSE ................................................................................................................................................................ 3 1.2 REFERENCES .......................................................................................................................................................... 3 1.3 DOCUMENT ORGANIZATION ............................................................................................................................ 3 2 EPASS TOKEN ........................................................................................................................ 4 2.1 OVERVIEW ............................................................................................................................................................. 4 2.2 MODULE SPECIFICATION ..................................................................................................................................... 5 2.3 MODULE INTERFACES .......................................................................................................................................... 6 2.4 ROLES AND SERVICES ........................................................................................................................................... 7 2.4.1 Crypto-Officer Role.................................................................................................................................................9 2.4.2 User Role ................................................................................................................................................................ 14 2.4.3 Additional Services............................................................................................................................................... 17 2.5 PHYSICAL SECURITY ...........................................................................................................................................19 2.6 OPERATIONAL ENVIRONMENT.........................................................................................................................19 2.7 CRYPTOGRAPHIC KEY MANAGEMENT ............................................................................................................20 2.8 EMI/EMC ............................................................................................................................................................28 2.9 SELF-TESTS ..........................................................................................................................................................28 2.9.1 Power-Up Self-Tests ............................................................................................................................................ 28 2.9.2 Conditional Self-Tests ......................................................................................................................................... 28 2.10 MITIGATION OF OTHER ATTACKS ..................................................................................................................28 3 SECURE OPERATION ......................................................................................................... 29 3.1 DETECTING A FIPS CRYPTOGRAPHIC MODULE ............................................................................................29 3.2 INITIAL SETUP......................................................................................................................................................30 3.2.1 Zeroization ............................................................................................................................................................ 30 3.3 NON-APPROVED MODE ...................................................................................................................................30 4 ACRONYMS .......................................................................................................................... 31 Table of Figures FIGURE 1 – FEITIAN'S EPASS TOKEN.....................................................................................................................................4 FIGURE 2 – PHYSICAL CRYPTOGRAPHIC BOUNDARY ..........................................................................................................6 FIGURE 3 - "FIPS" LABEL LOCATION ................................................................................................................................... 29 FIGURE 4 - "FIPS-MODE-DETECT" TOOL ........................................................................................................................... 29 List of Tables TABLE 1 – SECURITY LEVEL PER FIPS 140-2 SECTION .........................................................................................................4 TABLE 2 – OPERATOR AUTHENTICATION MECHANISM ......................................................................................................7 TABLE 3 – APDU COMMAND STRUCTURE ...........................................................................................................................8 TABLE 4 – APDU COMMAND RESPONSE STRUCTURE ........................................................................................................8 TABLE 5 – MAPPING OF CRYPTO-OFFICER ROLE’S SERVICES TO INPUTS, OUTPUTS, CSPS, AND TYPE OF ACCESS ...9 TABLE 6 – MAPPING OF USER ROLE’S SERVICES TO INPUTS, OUTPUTS, CSPS, AND TYPE OF ACCESS ...................... 14 TABLE 7 – MAPPING OF UNAUTHENTICATED SERVICES TO INPUTS, OUTPUTS, CSPS, AND TYPE OF ACCESS ........ 18 TABLE 8 – FIPS-APPROVED ALGORITHM IMPLEMENTATIONS .......................................................................................... 20 TABLE 9 – FIPS-ALLOWED ALGORITHM IMPLEMENTATIONS ........................................................................................... 20 TABLE 10 – LIST OF CRYPTOGRAPHIC KEYS, CRYPTOGRAPHIC KEY COMPONENTS, AND CSPS .............................. 21 TABLE 11 – NON-APPROVED SERVICES .............................................................................................................................. 30 TABLE 12 – ACRONYMS ........................................................................................................................................................ 31 FEITIAN ePass Token Page 2 of 33 © 2014 FEITIAN Technologies Company, LTD This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 July 1, 2014 1 Introduction 1.1 Purpose This is a non-proprietary Cryptographic Module Security Policy for the ePass Token from FEITIAN Technologies Company, LTD. This Security Policy describes how the ePass Token meets the security requirements of Federal Information Processing Standards (FIPS) Publication 140-2, which details the U.S. and Canadian Government requirements for cryptographic modules. More information about the FIPS 140-2 standard and validation program is available on the National Institute of Standards and Technology (NIST) and the Communications Security Establishment Canada (CSEC) Cryptographic Module Validation Program (CMVP) website at http://csrc.nist.gov/groups/STM/cmvp. This document also describes how to run the module in a secure FIPS-Approved mode of operation. This policy was prepared as part of the Level 3 FIPS 140-2 validation of the module. The ePass Token is referred to in this document as ePass Token, crypto-module, or the module. 1.2 References This document deals only with operations and capabilities of the module in the technical terms of a FIPS 140-2 cryptographic module security policy. More information is available on the module from the following sources: • The FEITIAN website (http://www.ftsafe.com) contains information on the full line of products from FEITIAN. • The CMVP website (http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm) contains contact information for individuals to answer technical or sales-related questions for the module. 1.3 Document Organization The Security Policy document is one document in a FIPS 140-2 Submission Package. In addition to this document, the Submission Package contains: • Vendor Evidence document • Finite State Model document • Other supporting documentation as additional references This Security Policy and the other validation submission documentation were produced by Corsec Security, Inc. under contract to FEITIAN. With the exception of this Non-Proprietary Security Policy, the FIPS 140-2 Submission Package is proprietary to FEITIAN and is releasable only under appropriate non- disclosure agreements. For access to these documents, please contact FEITIAN. FEITIAN ePass Token Page 3 of 33 © 2014 FEITIAN Technologies Company, LTD This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 July 1, 2014 2 ePass Token 2.1 Overview FEITIAN is a leading innovator of smart card and Chip Operating System (COS) based security technologies and applications. Their product offerings include devices that provide software protection, strong authentication, and smart card operating systems. Evidence of FEITIAN’s continued leadership and innovation is demonstrated within this Security Policy, which specifies their second FIPS 140-2 validated cryptographic module. This new module, referred to as the ePass Token, is a USB1 token containing FEITIAN’s own FEITIAN-FIPS-COS cryptographic operating system. The FEITIAN-FIPS-COS (FIPS 140-2 Certificate #1927) is embedded in an ST23YT66 Integrated Circuit (IC) chip and has been developed to support FEITIAN’s ePass USB token (Figure 1). The ePass token is designed to provide strong authentication and identification and to support network login, secure online transactions, digital signatures, and sensitive data protection. FEITIAN’s ePass token guarantees safety of its cryptographic IC chip and other components with its hard, semi-transparent, polycarbonate shell. Figure 1 – FEITIAN's ePass Token The ePass Token is validated at the following FIPS 140-2 Section levels (Table 1): Table 1 – Security Level Per FIPS 140-2 Section Section Section Title Level 1 Cryptographic Module Specification 3 2 Cryptographic Module Ports and Interfaces 3 3 Roles, Services, and Authentication 3 4 Finite State Model 3 1 USB – Universal Serial Bus FEITIAN ePass Token Page 4 of 33 © 2014 FEITIAN Technologies Company, LTD This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 July 1, 2014 Section Section Title Level 5 Physical Security 3 6 Operational Environment N/A 7 Cryptographic Key Management 3 2 8 EMI/EMC 3 9 Self-tests 3 10 Design Assurance 3 11 Mitigation of Other Attacks N/A 2.2 Module Specification The ePass Token is a hardware module with a multi-chip standalone embodiment. The overall security level of the module is 3. The logical and physical cryptographic boundaries of the ePass Token are defined by the hard, semi-transparent, polycarbonate casing of the USB token. The ePass Token is comprised of a STMicroelectronics ST23YT66 serial access microcontroller sitting atop a Printed Circuit Board (PCB). The PCB carries the signals and instructions of the microcontroller to the other components contained within the ePass Token. All cryptographic functions and firmware are stored within the microcontroller package and executed by an 8/16-bit ST23 CPU (Core Processing Unit). An LED3 contained within the USB token shows power, initialization, and operation status through the semi-transparent casing of the USB token. All other logical functions take place through the USB connector, covered in Section 2.3 of this document. Please refer to Figure 2 below for a depiction of the physical cryptographic boundary and logical flows of the ePass Token. 2 EMI/EMC – Electromagnetic Interference / Electromagnetic Compatibility 3 LED – Light Emitting Diode FEITIAN ePass Token Page 5 of 33 © 2014 FEITIAN Technologies Company, LTD This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 July 1, 2014 Figure 2 – Physical Cryptographic Boundary The ePass Token is shipped in a FIPS-Approved mode of operation, as indicated on the module and will always operate in a FIPS-Approved mode of operation. Section 3 details how to tell if the module is a FIPS module and is running in a FIPS approved mode of operation. Section 2.7 gives a complete list of FIPS- Approved algorithms within the module. 2.3 Module Interfaces The cryptographic boundary of the ePass token is the outer polycarbonate casing of the USB token. There is only one physical point, the USB connector, at which the module interfaces with equipment outside of the physical boundary. The USB connector facilitates the following logical interfaces: • Data Input • Data output • Control Input • Status Output • Power The USB connector contains 4 pins: Data+ (D+), Data- (D-), VCC4, and Ground (GND). These 4 pins carry out the logical interfaces as defined by FIPS 140-2 and are described below: - The D+ and D- pins carry all Data Input, Data Output, Control Input, and Status Output signals to and from the module. The VCC pin handles up to 5V5 DC6 power input from whatever source the USB connector is - plugged into. 4 VCC – Common Collector Voltage 5 V - Volt FEITIAN ePass Token Page 6 of 33 © 2014 FEITIAN Technologies Company, LTD This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 July 1, 2014 - The GND pin also handles up to 5V DC power and helps to regulate the power consumed by the USB token. An LED contained within the USB token is used for status output. This LED shows power, initialization, and operational status through the semi-transparent casing of the USB token. 2.4 Roles and Services The module supports the two roles required by FIPS 140-2: Crypto-Officer and User. The Crypto-Officer is the role responsible for module initialization, including file system management, key management, and access control management. The User role is the everyday user of the device. Once authenticated, the Crypto-officer and User role is implicitly selected, allowing the operator to access services from both roles. Please see Table 2 for details regarding the authentication mechanism. Table 5 and Table 6 below specify the full list of services per supported role. Unauthenticated services are also supported by the module. The services not requiring authentication are listed in Table 7. Table 2 – Operator Authentication Mechanism Authentication Authentication Data Authentication Mechanism Mechanism 128-bit AES7 Key Shared Secret Identity-based The AES key is 128 bits in length. The probability that a random attempt will succeed or a false acceptance occur is no greater than 1/2^128, which is less than 1/1,000,000. The module will allow fewer than 600 authentication attempts in a one minute period. Therefore, the random success rate for multiple retries is 600/2^128, which is less than 1/100,000. Identity-based 3-key Triple-DES Shared Secret Each Triple-DES key is effectively 56 bits in length, resulting in a total of 168 bits of total keying material. The probability that a random attempt will succeed or a false acceptance occur is no greater than 1/2^168, which is less than 1/1,000,000. The module will allow fewer than 600 authentication attempts in a one minute period. Therefore, the random success rate for multiple retries is 600/2^168, which is less than 1/100,000. 6 DC – Direct Current 7 AES – Advanced Encryption Standard FEITIAN ePass Token Page 7 of 33 © 2014 FEITIAN Technologies Company, LTD This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 July 1, 2014 Authentication Authentication Data Authentication Mechanism Mechanism Identity-based RSA Key Pairs The modules supports RSA public key authentication. Using conservative estimates and equating a 2048-bit RSA key to an 112-bit symmetric key, the probability for a random attempt to succeed is 1/2112 The module will allow fewer than 600 authentication attempts in a one minute period. Therefore, the random success rate for multiple retries is 600/2^112, which is less than 1/100,000. All services provided by ePass Token are implemented in accordance with ISO8/IEC9 7816-4, which defines the interface available as a command and response pair referred to as an Application Protocol Data Unit (APDU). The module will process only one command at a time, per channel (of four available logical channels), and must process and respond before allowing another command to be processed over any given channel. Table 3 and Table 4 show a typical ADPU command structure and command response structure used by the module, respectively. Table 3 – APDU Command Structure Header Lc Field Data Field Le Field CLA INS 1 byte Input Data (1 or 3 bytes) 1 byte ADPU command structure descriptions: • CLA – The Class byte indicates the class of the command as follows: o If the class of the command is inter-industry or not o If secure messaging is required o Logical channel 0-3 • INS – The Instruction byte indicates the command to process as follows: o Command word o Data encoding • Lc – Length in bytes of the data field • Data Field – Data input with command for processing • Le – Maximum number of bytes expected in the response Table 4 – APDU Command Response Structure Data Field Trailer Response data Status bytes ADPU command response structure descriptions: • Data Field – Data output, if applicable • Trailer – Status bytes (e.g. 9000, 64XX) 8 ISO – International Organization for Standardization 9 IEC – International Electrotechnical Commission FEITIAN ePass Token Page 8 of 33 © 2014 FEITIAN Technologies Company, LTD This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 July 1, 2014 2.4.1 Crypto-Officer Role This section provides a list of all services accessible to a Crypto-Officer (Table 5). The list includes a full description of each service, and in addition, it describes the type of access that each service has to a CSP10. NOTE: • R – Read: The CSP is read. • W – Write: The CSP is established, generated, modified, or zeroized. • X – Execute: The CSP is used within an Approved or Allowed security function or authentication mechanism. Table 5 – Mapping of Crypto-Officer Role’s Services to Inputs, Outputs, CSPs, and Type of Access Service INS Description Input Output CSP and Type of Access • • Read Binary B0 Allows read access to a No CSPs are accessed via Offset address of File data or binary file. A binary file is this service. the binary file to “Nonexistent” • a file whose content is a read Status (e.g. 9000, • sequential string of bits. Length of the data 6283, 6284, 6A80, to be read 6A81, 6A82, 6A86, 6A87) • • Update Binary D6 Allows write access to a Status (e.g. 9000, No CSPs are accessed via Offset address of binary file. 6283, 6284, 6A80, this service. the binary file to read 6A81, 6A82, 6A86, • 6A87) Length of the data to be read • • Read Record B2 Allows read access to a No CSPs are accessed via Record number Record data or • record. A record is a this service. “Nonexistent” Read parameter • type of data storage (i.e, all records Status (e.g. 9000, structure as defied within starting at 6283, 6284, 6A80, ISO 7816. Records are specified record 6A81, 6A82, 6A86, stored in files. number, or just 6A87) one record) • • Update DC Allows write access to a Status (e.g. 9000, No CSPs are accessed via Record number • Record record. 6283, 6284, 6A80, this service. Length of record • 6A81, 6A82, 6A86, Record data • 6A87) Read parameter (i.e, update the record specified by the record number) 10 CSP – Critical Security Parameter FEITIAN ePass Token Page 9 of 33 © 2014 FEITIAN Technologies Company, LTD This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 July 1, 2014 Service INS Description Input Output CSP and Type of Access • • Append E2 Allows a record to be Status (e.g. 9000, No CSPs are accessed via Record number • Record appended 6283, 6284, 6A80, this service. Current file • 6A81, 6A82, 6A86, Length of record • 6A87) Record data • Read parameter (i.e, update the record specified by the record number) • • External 82 Authenticates an external Status (e.g. 9000) Initiate a secure session: Initiate a secure • INIT_KEYenc: R, X • Authenticate entity to the session: Retry number for • • INIT_KEYmac: R, X cryptographic module. Authentication the referenced key • Kenc: R, X This service may also be data of external incremented by used to both authenticate • Kmac: R, X entity (32 bytes) one. and initiate a secure plus the MAC11 (8 • KSenc: W session with an external bytes) NOTE: If successful, this • KSmac :W entity. number is then reset to the Or maximum. Or NOTE: Prerequisite to • this service is the use of Authenticate only: Authenticate Only: Get Challenge service. • • Symmetric key: R, Algorithm type The key as referenced (AES, Triple-DES12, X within the service call RSA13) • RSA Private Key: exists under the current • Key ID (Key R, X file. Index) • Length of data in the field • Authentication data (data field) • • Internal 88 Authenticates the Authentication data Authenticate Only: Algorithm type • Symmetric key: R, • Authenticate cryptographic module to (AES,Triple-DES, Status (e.g. 9000, an external entity RSA) X 6300, 62CX, 6581, • • RSA Private Key: Key ID (Key 6700, 6982, 6984, NOTE: In order for this Index) 6A81, 6A2, 6A86, R, X • service to be utilized, the 6A88) Length of data in external entity must have the field privileged access to the • Random data (data referenced key. field) 11 MAC – Message Authentication Code 12 DES – Data Encryption Standard 13 RSA – Rivest, Adleman, and Shamir FEITIAN ePass Token Page 10 of 33 © 2014 FEITIAN Technologies Company, LTD This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 July 1, 2014 Service INS Description Input Output CSP and Type of Access • • • Provides PIN14 Verify 20 Reference to the Status (e.g. 9000, PIN: R, X verification. PIN 6300, 62CX, 6581, • PID15 6700, 6982, 6984, • NOTE: In order for this 6A81, 6A2, 6A86, Data to be verified service to be utilized, the 6A88) external entity must have privileged access to the referenced PIN. • • • Change 24 Modify the PIN Old PIN Status (e.g. 9000, PIN: R, W, X • Reference 6300, 62CX, 6581, New PIN • Data NOTE: In order for this 6700, 6982, 6984, Reference to the service to be utilized the 6A81, 6A2, 6A86, PIN external entity must have • 6A88) PID privileged access to the referenced PIN. • • Enable 28 Modifies a PIN’s state Status (e.g. 9000, No CSPs are accessed via Reference to the Verification from invalid to valid. 6300, 62CX, 6581, this service. PIN • Requirement 6700, 6982, 6984, PID NOTE: Utilization of this 6A81, 6A2, 6A86, service requires 6A88) permission to activate the PIN. • • Disable 26 Modifies a PINs state Status (e.g. 9000, No CSPs are accessed via Reference to the Verification from valid to invalid. 6300, 62CX, 6581, this service. PIN • Requirement 6700, 6982, 6984, PID NOTE: Utilization of this 6A81, 6A2, 6A86, service requires 6A88) permission to invalidate the PIN. • • Reset Retry 2C Resets the retry counter Status (e.g. 9000, No CSPs are accessed via Reset parameter Counter of the PIN to its initial 6300, 62CX, 6581, this service. (resets recount value. maximum number 6700, 6982, 6984, and remaining 6A81, 6A2, 6A86, NOTE: Utilization of this count to default) 6A88) • service requires Restore parameter permission to modify (restores recount PIN. to initial default value) • Reference to PIN • PID 14 PIN – Personal Identification Number 15 PID – Personal Identification number index FEITIAN ePass Token Page 11 of 33 © 2014 FEITIAN Technologies Company, LTD This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 July 1, 2014 Service INS Description Input Output CSP and Type of Access • • • Generate 46 Generates an Key parameter Status (e.g. 9000, RSA Private Key: Asymmetric Asymmetric key pair information 6300, 62CX, 6581, W • • Key Pair 6700, 6982, 6984, Algorithm ID RSA Public Key: W • • 6A81, 6A2, 6A86, DRBG16 Seed: Modulus Length • 6A88) R,W, X Private Key File Identifier (FID) • • • Encrypt 2A Performs an encrypt Plaintext data Ciphertext data Symmetric key: R, • operation using an X Status (e.g. 9000, • Approved security RSA Public Key: R, 6300, 62CX, 6581, function. 6700, 6982, 6984, X 6A81, 6A2, 6A86, NOTE: The MSE service 6A88) must have previously been utilized to choose the algorithm and key for the security operation. • • • Decrypt 2A Performs a decrypt Ciphertext Plaintext Symmetric key: R, operation X • RSA Private Key: NOTE: The MSE service R, X must have previously been utilized to choose the algorithm and key for the security operation. • • • Verify Digital 2A Verifies a digital signature Data Object of the Status of the RSA Private Key: using RSA PKCS17#1 Signature signed data plus verification R, X the digital signature • • • Compute 2A Computes a digital Input data for Digital Signature RSA Public Key: R, Digital signature using RSA generating the X Signature PKCS#1. digital signature • • • Verify 2A Performs AES or Triple- Plaintext data Status (e.g. 9000, Symmetric Key: R, Cryptographic DES checksum object plus the 6300) X Checksum verification. cryptographic checksum data • • • Compute 2A Computes an AES or The data used to Cryptographic Symmetric Key: R, Cryptographic Triple-DES checksum. compute the checksum X Checksum The length of the cryptographic checksum is 8 bytes. checksum 16 DRBG – Deterministic Random Bit Generator 17 PKCS - Public-Key Cryptography Standards FEITIAN ePass Token Page 12 of 33 © 2014 FEITIAN Technologies Company, LTD This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 July 1, 2014 Service INS Description Input Output CSP and Type of Access • • Create File E0 Creates a file No CSPs are accessed via File control Status (e.g. 9000) this service. parameters (data field) • Length of data field • • Delete File E4 Deletes a file and all files No CSPs are accessed via File ID Status (e.g. 9000) which exist within that this service. file • • Terminate FE Terminates all No CSPs are accessed via None None Card applications on the card this service. • • • Install Secret E3 This service is used to Encrypted PIN or Status (eg. 9000, Kenc : W • enter AES keys, Triple- Key data 6700, 6982, 6986, Kmac : W • • DES keys, and PINs. The 6A8, 6A82, 6B00, “Final” secret or Internal Auth key: keys which may be 6CXX) “Not Final” secret W entered are as follows: • flag External Auth key: • Kenc W • Kmac • Symmetric Key: W • Internal Auth • PIN: W key • External Auth key • Symmetric Key • PIN • • • Update Key E5 Allows the updating of INIT_KEYs Status (eg. 9000, Symmetric Key: W • • the INIT_KEYs or secret 6700, 6982, 6986, Secret Key data INIT_KEYenc : W • • file keys. 6A8, 6A82, 6B00, New error INIT_KEYmac: W • 6CXX) counter plus the Kenc : W • key value Kmac : W • Internal Auth key: W • External Auth key: W • • Get File List 34 Allows the reading of the No CSPs are accessed via None FID list or FID list of child files of this service. “Nonexistent” • the current file. Status (eg. 9000, 6700, 6982, 6986, 6A8, 6A82, 6B00, 6CXX) FEITIAN ePass Token Page 13 of 33 © 2014 FEITIAN Technologies Company, LTD This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 July 1, 2014 Service INS Description Input Output CSP and Type of Access • • Read Public B4 Allows the output of a No CSPs are accessed via FID of the public Public Key data or Key public key this service. key “Nonexistent” • • Public Key Status (eg. 9000, component read 6700, 6982, 6986, parameter (Read 6A8, 6A82, 6B00, all component, 6CXX) read E component, or read N component) • • • Import RSA E7 Allows the input of an Encrypted key data Status (eg. 9000, RSA key pair: W • Key RSA key. 6700, 6982, 6986, FID of the RSA 6A8, 6A82, 6B00, Key 6CXX) 2.4.2 User Role This section provides a list of all services accessible to a User (Table 6). The list includes a full description of each service and, in addition, it describes the type of access that each service has to CSPs. NOTE: • R – Read: The CSP is read. • W – Write: The CSP is established, generated, modified, or zeroized. • X – Execute: The CSP is used within an Approved or allowed security function or authentication mechanism. Table 6 – Mapping of User Role’s Services to Inputs, Outputs, CSPs, and Type of Access Service INS Description Input Output CSP and Type of Access • • Read Binary B0 Allows read access No CSPs are accessed via Offset address of the File data or to a binary file. this service. binary file to read “Nonexistent” • • Length of the data to Status (e.g. 9000, be read 6283, 6284, 6A80, 6A81, 6A82, 6A86, 6A87) FEITIAN ePass Token Page 14 of 33 © 2014 FEITIAN Technologies Company, LTD This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 July 1, 2014 Service INS Description Input Output CSP and Type of Access • • Read Record B2 Allows read access No CSPs are accessed via Record number Record data or • to a record. this service. “Nonexistent” Read parameter (i.e, • all records starting at Status (e.g. 9000, specified record 6283, 6284, 6A80, number, or just one 6A81, 6A82, 6A86, record) 6A87) • • Status (e.g. 9000) External 82 Authenticates an Initiate a secure session: Initiate a secure • Kenc: R, X • Retry number for Authenticate external entity to session: • • Kmac: R, X the cryptographic Authentication data the referenced key • KSenc: W module. This of external entity (32 incremented by one. service may also be • KSmac :W bytes) plus the MAC used to both (8 bytes) NOTE: If successful this authenticate and number is then reset to the Or initiate a secure Or maximum. session with an Authenticate Only: • external entity. • Symmetric key: R, Authenticate only: • Algorithm type (AES, X NOTE: Prerequisite • RSA Private Key: R, Triple-DES, RSA) to this service is the • Key ID (Key Index) X use of Get • Length of data in the Challenge service. field The key as • Authentication data referenced within (data field) the service call exists under the current file. • • • Internal 88 Authenticates the Algorithm type (AES, Authentication data Symmetric key: R, • Authenticate cryptographic Triple-DES, RSA) X Status (e.g. 9000, • • module to an Key ID (Key Index) 6300, 62CX, 6581, RSA Private Key: R, • external entity. 6700, 6982, 6984, X Length of data in the 6A81, 6A2, 6A86, field NOTE: In order for • 6A88) Random data (data this service to be field) utilized the external entity must have privileged access to the referenced key. • • • Verify 20 Provides PIN Reference to the PIN Status (e.g. 9000, PIN: R, X • verification. 6300, 62CX, 6581, PID • 6700, 6982, 6984, Data to be verified NOTE: In order for 6A81, 6A2, 6A86, this service to be 6A88) utilized the external entity must have privileged access to the referenced PIN. FEITIAN ePass Token Page 15 of 33 © 2014 FEITIAN Technologies Company, LTD This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 July 1, 2014 Service INS Description Input Output CSP and Type of Access • • • Change 24 Modifies the PIN. Old PIN Status (e.g. 9000, PIN: R, W, X • Reference 6300, 62CX, 6581, New PIN • Data NOTE: In order for 6700, 6982, 6984, Reference to the this service to be 6A81, 6A2, 6A86, password utilized the external • 6A88) PID entity must have privileged access to the referenced PIN. • • Reset Retry 2C Resets the retry No CSPs are accessed via Reset parameter Status (e.g. 9000, Counter counter of the PIN this service. (resets recount 6300, 62CX, 6581, to its initial value. maximum number 6700, 6982, 6984, and remaining count 6A81, 6A2, 6A86, NOTE: Utilization to default) 6A88) • of this service Restore parameter requires permission (restores recount to to modify PIN. initial default value) • Reference to PIN • PID • • • Generate 46 Generates an Key parameter Status (e.g. 9000, RSA Private Key: Asymmetric asymmetric key pair. information 6300, 62CX, 6581, W • Algorithm ID • Key Pair 6700, 6982, 6984, RSA Public Key: W • Modulus Length • 6A81, 6A2, 6A86, DRBG Seed: R,W, • Private Key File 6A88) X Identifier (FID) • • • Encrypt 2A Performs an encrypt Plaintext data Ciphertext data Symmetric key: R, • operation using an X Status (e.g. 9000, • Approved security RSA Public Key: R, 6300, 62CX, 6581, function. 6700, 6982, 6984, X 6A81, 6A2, 6A86, NOTE: The MSE 6A88) service must have previously been utilized to chose the algorithm and key for the security operation. • • • Decrypt 2A Performs a decrypt Ciphertext Plaintext Symmetric key: R, operation. X • RSA Private Key: R, NOTE: The MSE X service must have previously been utilized to chose the algorithm and key for the security operation. FEITIAN ePass Token Page 16 of 33 © 2014 FEITIAN Technologies Company, LTD This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 July 1, 2014 Service INS Description Input Output CSP and Type of Access • • • Verify Digital 2A Verifies a digital Data Object of the Status of the RSA Public Key: R, Signature signature using RSA signed data plus the verification X PCKS#1. digital signature • • • Compute 2A Computes a digital Input data for Digital Signature RSA Private Key: R, Digital signature using RSA generating the digital X Signature PCKS#1. signature • • • Verify 2A Performs and AES Plaintext data object Status (e.g. 9000, Symmetric Key: R, Cryptographic or Triple-DES plus the 6300) X Checksum checksum cryptographic verification. checksum data • • • Compute 2A Performs an AES or The data used to Cryptographic Symmetric Key: R, Cryptographic Triple-DES compute the checksum X Checksum checksum. The cryptographic length of the checksum checksum is 8 bytes. • • Get File List 34 This command is No CSPs are accessed via None FID list or used to read the this service. “Nonexistent” • FID list of child files Status (eg. 9000, of the current file. 6700, 6982, 6986, 6A8, 6A82, 6B00, 6CXX) • • Read Public B4 Allows the output No CSPs are accessed via FID of the public key Public Key data or • Key of a public key. this service. “Nonexistent” Public Key • component read Status (eg. 9000, parameter (Read all 6700, 6982, 6986, component, read E 6A8, 6A82, 6B00, component, or read 6CXX) N component) • • • Import RSA E7 Allows the input of Encrypted key data Status (eg. 9000, RSA key pair: W • Key an RSA key. 6700, 6982, 6986, FID of the RSA Key 6A8, 6A82, 6B00, 6CXX) 2.4.3 Additional Services The module provides a limited amount of services for which the operator does not have to assume an authorized role. Table 7 provides the list of services for which the operator is not required to assume an authorized role. The list includes a full description of each service and, in addition, it describes the type of access that each service has to CSPs. None of the services listed in the table disclose cryptographic keys and CSPs or otherwise affect the security of the module NOTE: • R – Read: The CSP is read. • W – Write: The CSP is established, generated, modified, or zeroized. • X – Execute: The CSP is used within an Approved or allowed security function or authentication mechanism. FEITIAN ePass Token Page 17 of 33 © 2014 FEITIAN Technologies Company, LTD This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 July 1, 2014 Table 7 – Mapping of Unauthenticated Services to Inputs, Outputs, CSPs, and Type of Access Service INS Description Input Output CSP and Type of Access • • Put Data DA Allows data to be No CSPs are accessed via Data object tag (‘81’ Status (e.g. 9000, received and stored this service. which indicates OEM 6283, 6284, 6A80, by the cryptographic info, followed by up 6A81, 6A82, 6A86, module. In the Put to 32 bits of OEM 6A87) Data service, only info. • the OEM Length of object data information is allowed to be set. • • Get Data CA This service allows No CSPs are accessed via Data object tag (e.g., Content of object • data to be retrieved. this service. ‘80’ which indicates Status (e.g. 9000, Data refers to global card serial number) 6283, 6284, 6A80, data, which belongs 6A81, 6A82, 6A86, to the cryptographic 6A87) module, such as the serial number, OEM information, chip information which includes algorithm support, RAM size. • • • Get Challenge 84 Requests a random None Random value DRBG Key Value: • value that will be R, W, X Status (e.g. 9000, • used as a challenge 6283, 6284, 6A80, DRBG ’V’ Value: R; within the External 6A81, 6A82, 6A86, W, X Authenticate 6A87) service. • • CRDO19 Manage 22 Prepares the No CSPs are accessed via Status (e.g. 9000, • Security cryptographic this service. 6300, 62CX, 6581, Algorithm Reference • Environment module for the 6700, 6982, 6984, Key Reference (MSE) subsequent • 6A81, 6A2, 6A86, File Reference commands, SET, 6A88) • Length of CRDOs STORE, RESTORE, SEID, and ERASE. • • Select A4 Allows the selection No CSPs are accessed via File identifier File control • of a specified file. this service. information Dedicated file Name • • Status (e.g. 9000, File path starting at 6283, 6284, 6A80, master file • 6A81, 6A82, 6A86, File path starting at 6A87) dedicated file 19 CRDO – Control Reference Data Object FEITIAN ePass Token Page 18 of 33 © 2014 FEITIAN Technologies Company, LTD This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 July 1, 2014 Service INS Description Input Output CSP and Type of Access • • Manage 70 Allows the No CSPs are accessed via Number of logical Status (e.g. 9000, Channel assignment; opening, this service. channel to be 6283, 6284, 6A80, and closing of a assigned, opened, or 6A81, 6A82, 6A86, logical channel. A closed (01-03). 6A87) logical channel is a logical link between the host system and a file on the smart card. • • Hash 2A Performs a hash Hash result or None No CSPs are accessed via Input data using SHA20-1 or this service. SHA-256. 2.5 Physical Security The ePass Token is a multi-chip standalone cryptographic module as defined by FIPS 140-2 and is designed to meet Level 3 physical security requirements. The ePass Token is a made of a completely hardened, production-grade polycarbonate. The colored polycarbonate obscures a clear view of the hardware components within. There is a removable cap that reveals the plastic USB connector and a hard, non-malleable metal casing surrounding the USB connector. The USB connector is made of hard production-grade, black plastic. The coloring of the module obscures any visible writing on the PCB. The visible critical components within the module are further covered to meet FIPS 140-2 level 3 physical security requirements. The ST23YT66 microcontroller is covered with a black, opaque, tamper-resistant, epoxy encapsulate, thus completely covering all critical cryptographic components from plain view. All other non-critical viewable components are unmarked and unidentifiable. The USB connector located outside of the plastic casing of the USB token is made of a hardened, production grade plastic and prevents access to the rest of the USB token. Any attempt at removal or penetration of the plastic enclosure has a high probability of causing serious damage to the module and the hardware components within the enclosure, which will reveal clear tamper evidence. Removal of the metal surrounding the USB connector will result in the physical damage of the USB connector and its associated pins, rendering the entire cryptographic module useless. If the USB connector is exposed, there is no power going to the USB token. Once power is removed from the cryptographic module, all plaintext keys and unprotected CSPs are zeroized. 2.6 Operational Environment The operational environment for the ePass Token includes the ST23YT66 microcontroller containing an 8/16-bit ST23 CPU. The token’s operational environment is non-modifiable and does not possess a general purpose operating system. 20 SHA – Secure Hash Algorithm FEITIAN ePass Token Page 19 of 33 © 2014 FEITIAN Technologies Company, LTD This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 July 1, 2014 2.7 Cryptographic Key Management The module implements the FIPS-Approved algorithms show in Table 8: Table 8 – FIPS-Approved Algorithm Implementations Algorithm Certificate Number AES in ECB21, CBC22 modes using 128-bit key sizes 1473 Triple-DES in ECB, CBC modes using Keying Option 1 991 RSA PKCS#1 v1.5 signature generation– using 2048-bit keys 720 RSA PKCS#1 v1.5 signature verification – using 1024- and 2048- 720 bit keys ANSI23 X9.31 Key Pair Generation 720 SHA-1 and SHA-256 1332 24 25 SP 800-90 CTR _DRBG 58 Caveat: Additional information concerning SHA-1 and specific guidance on transitions to the use of stronger cryptographic keys and more robust algorithms is contained in NIST Special Publication 800-131A. Table 9 lists the non-Approved algorithms implemented in the module which are allowed in a FIPS- Approved mode of operation. Table 9 – FIPS-Allowed Algorithm Implementations Algorithm Non-Deterministic Random Number Generator (NDRNG) RSA PKCS#1v1.5 2048-bit (Key establishment methodology provides 112 bits of security; non-compliant less than 112 bits of encryption strength) 21 ECB – Electronic Codebook 22 CBC – Cipher-Block Chaining 23 ANSI – American National Standards Institute 24 SP – Special Publication 25 CTR - Counter FEITIAN ePass Token Page 20 of 33 © 2014 FEITIAN Technologies Company, LTD This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 July 1, 2014 The module supports the critical security parameters (CSPs) listed below in Table 10. Internally generated keys are generated following scenario 1 of Implementation Guidance number 7.8. Table 10 – List of Cryptographic Keys, Cryptographic Key Components, and CSPs Generation / Key To Key Key Type Use Output Storage Zeroization Input Entity Symmetric Key AES 128-bit These keys are Generation: N/A: The These keys are Procedurally Storage: 4-bit key; Triple- used to This key is not module does stored in overwrite keys key ID EEPROM26 in DES 168-bit encrypt/decrypt generated not support with arbitrary Key data, or within within the the output of special files data using the Input/Output: a symmetric module. this key. used to store Update Key This key is MAC algorithm symmetric keys service. associated with to generate Input: This key and PINs. the Crypto- authentication may be input Officer role data. encrypted during Input. within a secure channel. Internal Auth AES 128-bit These keys are Generation: N/A: The These keys are Procedurally Storage: 4-bit Key key; Triple- used to This key is not module does stored in overwrite keys key ID DES 168-bit authenticate generated not support EEPROM in with arbitrary Key the module to within the the output of special files data using the Input/Output: an external module. this key. used to store Update Key This key is entity. symmetric keys service. associated with Input: This key and PINs. the Crypto- may be input Officer role encrypted during Input within a secure channel. 26 EEPROM - Electronically Erasable Programmable Read-Only Memory FEITIAN ePass Token Page 21 of 33 © 2014 FEITIAN Technologies Company, LTD This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 July 1, 2014 Generation / Key To Key Key Type Use Output Storage Zeroization Input Entity External Auth AES 128-bit These keys are Generation: N/A: The These keys are Procedurally Storage: 4-bit Key key; Triple- used to modify This key is not module does stored in overwrite keys key ID DES 168-bit the security generated not support EEPROM in with arbitrary Key; RSA state of the within the the output of special files data using the Input/Output: 2048-bit key currently module. this key. used to store Update Key This key is selected DF27. symmetric keys service. associated with Input: This key and PINs. the Crypto- may be input Officer role encrypted during Input within a secure channel. INIT_KEYenc AES 128-bit This key is used Generation: N/A: The This key is Procedurally Storage: 4-bit key to derive a This key is not module does stored under overwrite key key ID session key generated not support in the reserved with arbitrary which is then within the the output of file in data using the Input/Output: used to module. It is a this key. EEPROM. Update Key N/A encrypt/decrypt factory-set key service. data over a which is used secure session only in the between an initialized state authorized of the module. external entity and the Input: This key module. is factory-set and cannot be modified or input outside of manufacturing. 27 DF – Dedicated File FEITIAN ePass Token Page 22 of 33 © 2014 FEITIAN Technologies Company, LTD This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 July 1, 2014 Generation / Key To Key Key Type Use Output Storage Zeroization Input Entity INIT_KEYmac AES 128-bit This key is used Generation: N/A: The This key is Procedurally Storage: 4-bit key to derive a This key is not module does stored under overwrite keys key ID session key generated not support in the reserved with arbitrary which is then within the the output of file in data using the Input/Output: used to module. It is a this key. EEPROM. Update Key N/A authenticate an factory-set key service. operator or which is used data over a only in the secure session initialized state between an of the module. authorized external entity Input: This key and the is factory-set module. and cannot be modified or input outside of manufacturing. Kenc AES 128-bit This key is used Generation: N/A: The These keys are Procedurally Storage: 4-bit key to derive a This key is not module does stored index overwrite keys key ID session key generated not support 0x00 of the with arbitrary which is then within the the output of currently data using the Input/Output: used to module. this key. selected DF. Update Key N/A encrypt/decrypt service. data over a Input: This key secure session may be input between an encrypted authorized within a secure external entity channel. and the module. FEITIAN ePass Token Page 23 of 33 © 2014 FEITIAN Technologies Company, LTD This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 July 1, 2014 Generation / Key To Key Key Type Use Output Storage Zeroization Input Entity Kmac AES 128-bit This key is used Generation: N/A: The These keys are Procedurally Storage: 4 bit key to derive a This key is not module does stored index overwrite keys key ID session key generated not support 0x00 of the with arbitrary which is then within the the output of currently data using the Input/Output: used to module. this key. selected DF. Update Key N/A authenticate an service. operator or Input: This key data over a may be input secure session encrypted between an within a secure authorized channel. external entity and the module. KSenc AES 128-bit This key is used Generation: N/A: The Stored in Power cycle Storage: This key to Generated from module does module RAM. the module. key is encrypt/decrypt the INIT_KEYenc not support associated with data over a or Kenc key as the output of a logical secure session. part of the this key. channel ID (0- Secure Channel 3) for which it Protocol v01 as is being used specified within to secure Global Platform messaging. v2.1. Input/Output: Input: This key N/A, this key is cannot be input. not output FEITIAN ePass Token Page 24 of 33 © 2014 FEITIAN Technologies Company, LTD This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 July 1, 2014 Generation / Key To Key Key Type Use Output Storage Zeroization Input Entity KSmac AES 128-bit This key is used Generation: N/A: The Stored in Power cycle Storage: This key to authenticate Generated from module does module RAM. the module. key is data over a the not support associated with secure session. INIT_KEYmac or the output of a logical Kmac key as part this key. channel ID (0- of the Secure 3) for which it Channel is being used Protocol v01 as to secure specified within messaging. Global Platform v2.1. Input/Output: N/A, this key is Input: This key not output cannot be input. Personal 6-16 byte This key is used Generation: N/A: The EEPROM in Procedurally Storage: 4-bit Identification secret to modify the This key is not module does plaintext overwrite keys key ID Number (PIN) security state generated not support with arbitrary of the currently within the the output of data using the selected DF. module. this key. Update Key service. Input: This key may be input encrypted within a secure channel. FEITIAN ePass Token Page 25 of 33 © 2014 FEITIAN Technologies Company, LTD This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 July 1, 2014 Generation / Key To Key Key Type Use Output Storage Zeroization Input Entity RSA Private 2048-bit RSA This key is used Generation: N/A: The EEPROM in Procedurally Storage: 4-bit Key private key to decrypt or This key is module does plaintext overwrite keys File ID verify data. generated using not support with arbitrary the Approved the output of data using the NOTE: Only SP800-90 this key. Import RSA one RSA DRBG. Key service. Private key may be stored Input: This key in an RSA may be input Private Key encrypted file. within a secure channel. RSA Public Key 2048-bit RSA This key is used Generation: Output in EEPROM in N/A: this key is Storage: 4-bit public key to encrypt or This key is plaintext using plaintext a public key File ID sign data. generated using the Read and therefore the Approved Public key does not have NOTE: Only SP800-90 command. to be zeroized. one RSA Public DRBG. key may be stored in an Input: This key RSA Public Key may be input file. encrypted within a secure channel. DRBG ‘V’ Internal CTR Used for SP Internally Never Plaintext in Power Cycle Associated Value DRBG state 800-90 Generated volatile with an value CTR_DRBG memory internal module variable FEITIAN ePass Token Page 26 of 33 © 2014 FEITIAN Technologies Company, LTD This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 July 1, 2014 Generation / Key To Key Key Type Use Output Storage Zeroization Input Entity DRBG Key Internal CTR Used for SP Internally Never Plaintext in Power Cycle Associated Value DRBG state 800-90 Generated volatile with an value CTR_DRBG memory internal module variable FEITIAN ePass Token Page 27 of 33 © 2014 FEITIAN Technologies Company, LTD This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 July 1, 2014 2.8 EMI/EMC The ePass Token conforms to the EMI/EMC requirements specified by 47 Code of Federal Regulations, Part 15, Subpart B, Unintentional Radiators, Digital Devices, Class B (i.e., for home use). 2.9 Self-Tests Self-tests are performed by the ePass Token when running in a FIPS-Approved mode of operation. The module will run power-up self-tests when first powered up. The module will run conditional self-tests before a random number is generated or when signing and verifying data. The module supports only one error condition, referred to as the FIPS Error State. Any failure of a FIPS self-test will cause the module to enter the FIPS error state, which does not allow for any data output and/or cryptographic service usage. If an operator attempts to utilize any module services, the service will not be invoked and status output will be provided via the return value of the APDU. The status output provided in the APDU response packet will be ‘6F 00’. In order to transition out of the FIPS error state, the module must be power-cycled. 2.9.1 Power-Up Self-Tests The ePass Token performs the following self-tests at power-up: • Cryptographic Known Answer Tests (KATs) • AES Encrypt KAT • AES Decrypt KAT • Triple-DES Encrypt KAT • Triple-DES Decrypt KAT • SHA-1 KAT • SHA-256 KAT • RSA signature generation/verification KAT • DRBG KAT 2.9.2 Conditional Self-Tests The module performs the following conditional self-tests: • Continuous Random Number Generator test for both the NDRNG and the SP800-90 DRBG. • RSA pairwise consistency test for sign/verify and encrypt/decrypt 2.10 Mitigation of Other Attacks This section is not applicable. The module is not intended to mitigate any attacks beyond the FIPS 140-2 Level 3 requirements for this validation. FEITIAN ePass Token Page 28 of 33 © 2014 FEITIAN Technologies Company, LTD This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 July 1, 2014 3 Secure Operation The ePass Token meets Level 3 requirements for FIPS 140-2. The sections below describe how to place and keep the module in FIPS-approved mode of operation. 3.1 Detecting a FIPS Cryptographic Module The Feitian ePass Token is shipped as a FIPS token that is already operating in a FIPS-approved mode of operation. It is not possible to change the configuration of the token to operate outside of its shipped configuration. To determine if the token is a FIPS token, the Cryptographic Officer should check for a laser-etched “FIPS” on the token casing, located at the top of the token near the USB connector. Please refer to Figure 3 for the location of the “FIPS” label. Figure 3 - "FIPS" Label Location Another way to determine whether the ePass Token is a FIPS token is by executing the supplied “FIPS- Mode-Detect” tool. After inserting the module into an available USB slot, start up the tool and hit the “Detect” button. If the tool reports “FIPS”, that means the module is configured to operate as a FIPS token. See Figure 4 for a screen shot of the “FIPS-Mode-Detect” tool. Figure 4 - "FIPS-Mode-Detect" Tool FEITIAN ePass Token Page 29 of 33 © 2014 FEITIAN Technologies Company, LTD This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 July 1, 2014 3.2 Initial Setup The module is delivered with a pair of AES Keys (INIT_KEYenc and INIT_KEYmac) to allow authentication and secure initialization of the module. All communications to initialize the module will require a secure session using this key pair which will encrypt and authenticate all data input. For additional information regarding module initialization, please refer to the ePass Token User Manual. 3.2.1 Zeroization In the case that zeroization is required, the Crypto-Officer shall obtain possession of the module and then maintain sole physical possession of the cryptographic module until all keys have been zeroized. The Crypto-Officer performs zeroization by procedurally overwriting all of the keys with arbitrary data using the Update Key service. 3.3 Non-Approved Mode The ePass Token ships as a FIPS module and is meant to always operate in FIPS-Approve mode of operation. The module provides access to non-Approved security functions which use non-Approved algorithms and key sizes. Use of these services transitions the module to the non-Approved mode through the duration of the service being performed. Table 11 lists the non-Approved services and associated algorithms and key sizes. Table 11 – Non-Approved Services Non-Approved Service Algorithm Signature Generation RSA 1024-bit SHA-1 Encryption/Decryption Triple-DES (2-key) Key Establishment RSA 1024-bit FEITIAN ePass Token Page 30 of 33 © 2014 FEITIAN Technologies Company, LTD This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 July 1, 2014 4 Acronyms Table 12 defines the acronyms used in this Security Policy. Table 12 – Acronyms Acronym Definition AES Advanced Encryption System APDU Application Protocol Data Unit ANSI American National Standards Institute API Application Programming Interface CBC Cipher Block Chaining CLA Class Byte CMVP Cryptographic Module Validation Program COS Chip Operating System CPU Core Processing Unit CRC Cyclic Redundancy Check CRDO Control Reference Data Objects CSEC Communications Security Establishment Canada CSP Critical Security Parameter CTR Counter DC Direct Current DES Digital Encryption Standard DF Dedicated File DSA Digital Signature Algorithm DRBG Deterministic Random Bit Generator ECB Electronic Codebook EEPROM Electronically Erasable Programmable Read-Only Memory EMC Electromagnetic Compatibility EMI Electromagnetic Interference FID File Identification FIPS Federal Information Processing Standard HMAC (Keyed-) Hash Message Authentication Code IC Integrated Circuit IEC International Electrotechnical Commission INS Instruction Byte ISO International Organization for Standardization FEITIAN ePass Token Page 31 of 33 © 2014 FEITIAN Technologies Company, LTD This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 July 1, 2014 Acronym Definition KAT Known Answer Test LED Light Emitting Diode MAC Message Authentication Code MSE Manage Security Environment NDRNG Non-Deterministic Random Number Generator NIST National Institute of Standards and Technology NVLAP National Voluntary Laboratory Accreditation Program OEM Original Equipment Manufacturer PCB Printed Circuit Board PID Personal Identification number index PIN Personal Identification Number PKCS Public Key Cryptography Standards RAM Random Access Memory RNG Random Number Generator RSA Rivest Shamir and Adleman SHA Secure Hash Algorithm SP Special Publication TCP Transmission Control Protocol USB Universal Serial Bus V Volt VCC Common Collector Voltage FEITIAN ePass Token Page 32 of 33 © 2014 FEITIAN Technologies Company, LTD This document may be freely reproduced and distributed whole and intact including this copyright notice. Prepared by: Corsec Security, Inc. 13135 Lee Jackson Memorial Highway, Suite 220 Fairfax, Virginia 22033 United States of America Phone: (703) 267-6050 Email: info@corsec.com http://www.corsec.com