FIPS 140-2 Non-Proprietary Security Policy Postal mRevenector GB 2013 Version 1.55 Hardware P/N: 580036020300/01 Firmware Version: Bootloader: 90.0036.0201.00/2011485001 Softwareloader: 90.0036.0206.00/2011485001 GB Application: 90.0036.0215.00/2013463001 Francotyp-Postalia GmbH Triftweg 21-26 16547 Birkenwerder Germany fp-francotyp.com THIS DOCUMENT MAY BE FREELY REPRODUCED AND DISTRIBUTED Postal mRevenector GB 2013 - Security Policy Contents 1 Introduction ........................................................................................................................... 3 2 Cryptographic Module Specification ........................................................................................... 4 3 Cryptographic Ports, Interfaces & Excluded Components ............................................................. 5 4 Rules of Operation .................................................................................................................. 6 5 Roles, Services, Authentication & Identification .......................................................................... 8 6 Physical Security ....................................................................................................................12 7 Operational Environment ........................................................................................................12 8 Cryptographic Functions .........................................................................................................13 9 Cryptographic Keys and Critical Security Parameters ..................................................................14 10 Self-Tests ..........................................................................................................................17 11 Mitigating Other Attacks ......................................................................................................19 Figures Figure: 1 Postal mRevenector GB 2013 ............................................................................................ 3 Tables Table 1: FIPS 140-2 Security Levels................................................................................................. 4 Table 2: Cryptographic Ports & Types .............................................................................................. 5 Table 3: Services and Roles ...........................................................................................................10 Table 4: Cryptographic Functions ...................................................................................................13 Table 5: Critical Security Parameters ..............................................................................................15 Table 6: FIPS 140-2 Cryptographic Algorithm Tests ..........................................................................17 - page 2 of 19 - 1.5 NON-PROPRIETARY Postal mRevenector GB 2013 - Security Policy 1 Introduction 1.1 Overview Francotyp-Postalia (FP) is one of the leading global suppliers of mail center solutions. A major component of the business of FP is the development, manufacture and support of postal franking machines (postage meters). These postal franking machines incorporate a postal security device (PSD) that performs all postage meter cryptographic and postal security functions and which protects both Critical Security Parameters (CSPs) and Postal Relevant Data Items (PRDIs) from unauthorized access. The Postal mRevenector GB Figure: 1 Postal mRevenector GB 2013 2013 is FP’s latest generation of PSD. This document forms a Cryptographic Module Security Policy for the cryptographic module of the device under the terms of the NIST FIPS 140-2 validation. This Security Policy specifies the security rules under which this device operates. 1.2 Implementation The Postal mRevenector GB 2013 is a multiple-chip embedded cryptographic module, based around a cryptographic integrated circuit, together with a small number of support components. The components, mounted on a PCB, are covered by hard opaque potting material. The module has a proprietary electrical connector forming the interface to the module. - page 3 of 19 - 1.5 NON-PROPRIETARY Postal mRevenector GB 2013 - Security Policy 2 Cryptographic Module Specification 2.1 FIPS Security Level Compliance The cryptographic module is designed to meet FIPS 140-2 as shown in the table below: Section Security Requirement Level 1 Cryptographic Module Specification 3 2 Cryptographic Module Ports and Interfaces 3 3 Roles, Services and Authentication 3 4 Finite State Model 3 5 Physical Security 3 + EFP/EFT 6 Operational Environment N/A 7 Cryptographic Key Management 3 8 Electromagnetic Interference/ Electromagnetic 3 Compatibility (EMI/EMC) 9 Self-Tests 3 10 Design Assurance 3 11 Mitigation of Other Attacks 3 Table 1: FIPS 140-2 Security Levels - page 4 of 19 - 1.5 NON-PROPRIETARY Postal mRevenector GB 2013 - Security Policy 3 Cryptographic Ports, Interfaces & Excluded Components 3.1 Physical Interface The cryptographic module uses a 36 pin card edge connector. The usage of these physical ports for FIPS 140-2 logical interfaces is detailed in the table below: Type Pin Data Input A4, A5, A10, A11, A12, A13, A14, A15 Data Output A4, A5, A10, A11, A12, A13, A14, A15 Control Input A4, A5, A8, A9, A10, A11, A12, A13, A14, A15 Status Output A2, A3, A4, A5, A10, A11, A12, A13, A14, A15 Power A1, A6, A7, A16, A17, A18, B1, B7, B8, B9, B10, B11, B16, B17, B18 Not Used B2, B3, B4, B5, B6, B12, B13, B14, B15 Table 2: Cryptographic Ports & Types 3.2 Cryptographic boundary The cryptographic boundary is defined to be the outer edge of both the epoxy covered printed circuit board and the exposed battery. The battery is excluded from the requirements of FIPS 140-2. It is connected to the circuitry of the module in such a way that it cannot be used to compromise the security of the module. - page 5 of 19 - 1.5 NON-PROPRIETARY Postal mRevenector GB 2013 - Security Policy 4 Rules of Operation 4.1 FIPS 140-2 Related Security Rules The Postal mRevenector GB 2013 shall: 1. Support only an Approved mode of operation. The Approved mode indicator is returned via the Get Device Status service. 2. Not allow unauthenticated operators to have any access to the module’s cryptographic services. 3. Inhibit data output during self-tests and error states. 4. Logically disconnect data output from the processes performing zeroization and key generation. 5. Enforce identity-based authentication for roles that access Approved algorithms and CSPs. 6. Not retain the authentication of an operator following power-off or reboot. 7. Support the following roles: Default User, User, and Cryptographic Officer. 8. Not permit the output of plaintext cryptographic keys or other CSPs. 9. Not support a bypass mode or maintenance mode. 10. Perform the self-test as described in section 10 of this document. 11. Support the following logically distinct interfaces:  Data input interface  Data output interface  Control input interface  Status output interface  Power interface. 12. Implement all software using a high-level language, except the limited use of low-level languages to enhance performance. 13. Protect critical security parameters from unauthorized disclosure, modification and substitution. 14. Provide means to ensure that a key entered into or stored within the device is associated with the correct entities to which the key is assigned. 15. Support a FIPS approved deterministic random bit generator (DRBG) as specified in NIST 800- 90a section 10.2.1 16. Perform the self tests listed in section 10 during power-on and on-demand when the corresponding service is used. 17. Store an error indication whenever an error state is entered. As a result the error indication can be read by the Get Device Status Service. 18. Not perform any cryptographic functions while in an error state. 19. Not support multiple concurrent operators. - page 6 of 19 - 1.5 NON-PROPRIETARY Postal mRevenector GB 2013 - Security Policy 4.2 Royal Mail Related Security Rules Based on the specifications of the Royal Mail (RM) the Postal mRevenector GB 2013 shall: 20. Protect the postal registers against unauthorized substitution or modification. 21. Never zeroize the postal registers. 22. Comply with the specifications of the Royal Mail (RM) for MailmarkTM. 23. Provide mechanisms to disable the Accounting-Service when it has no connection with its partnering infrastructure on a regular basis. 24. Provide mechanisms to re-key the indicia key on a regular basis 25. Provide services for protecting postal related data inside its hosting system against unauthorized substitution or modification. - page 7 of 19 - 1.5 NON-PROPRIETARY Postal mRevenector GB 2013 - Security Policy 5 Roles, Services, Authentication & Identification 5.1 Roles The Postal mRevenector GB 2013 supports three distinct roles:  Default User  User  Cryptographic Officer Any services which do not read, update, modify or generate critical security parameters (CSPs) do not require authentication. 5.2 Default User Role By default the device enters the Default user role, which is an unauthenticated role, for services that do not require authentication. The Host System typically acts on behalf of the Default operator and can request unauthenticated services. 5.3 User Role The User is authenticated using an identity based authentication method. This method is based on a three way handshake protocol using secret passphrases and user identifications (UIDs) known to both parties. The Host System typically acts on behalf of the User and can request authenticated services. 5.4 Cryptographic Officer Role The Cryptographic Officer is authenticated using an identity based authentication method based on an RSA signature verification process, which utilizes a 2048-bit RSA public key over the CO’s identifier. This method uses two pairs of asymmetric keys and two distinguished names. The public parts and distinguished names are each known to the other party. In this way, the PSD and the infrastructure are able to identify and authenticate themselves to the other by verifying the exchanged distinguished name and signature. In addition the Diffie-Hellman key agreement protocol is used to establish secret keys that may be used for further key encryption and authentication of data exchange. The Cryptographic Officer role shall provide those services necessary to initialize, authorize and validate the Postal mRevenector GB 2013. This role provides those services which enter, modify or generate critical security parameters. A Francotyp-Postalia Infrastructure server typically acts on behalf of a Cryptographic Officer. 5.5 Services and Roles The following abbreviations are used in the service and roles matrix: Roles: U = User, DU = Default User, CO= Cryptographic Officer Access Rights: R = read, W = write, Z = zeroize, G = generate - page 8 of 19 - 1.5 NON-PROPRIETARY Postal mRevenector GB 2013 - Security Policy The following services are offered by the cryptographic module: Approved Associated CSPs Note Security Service Access Rights Roles Functions Used Get Device Status None None - DU Echo None None - DU Echoes back data payload. Passphrase W Local Session Enters postal configuration data and registers Postal Module AES-CBC, HMAC- Authentication Key R U the module in the country and initializes the Registration SHA256, DRBG Local Session Encryption module for postal usage. R Key Reboot Device None None - DU Service to cause the device to reboot. Data Encryption Master Z DU Key Data Authentication Z Master Key Scrap None Zeroizes all plaintext CSPs. Z Working Encryption Key Z Working Authentication Key - DU Setup Parameter None None Enters postal configuration data. - DU Self-test All listed in chapter 6 None Logoff None None - CO, U Leaves the CO or User role. R Passphrase, Local Session Encryption AES-CBC, W Key The passphrase is used for authentication as Local Login HMAC-SHA256, DU Local Session part of a 3-way challenge response protocol. W DRBG Authentication Key DRBG State R,W PSD Transport Key Pair R KAS, PSD Keys Pair R DSA Key Generation RSA 2048 Sign & Remote Login Remote Session W DU Required to enter the CO role. Verify with SHA- Encryption Key 256, W Remote Session DRBG Authentication Key R,W DRBG State Verify Mac None FP Mac Secret R U Authenticates a data payload. G PSD Key Pair RSA 2048 Sign/Verify Remote Session using SHA-256, R Encryption Key Initialize the device according to the UK Postal Initialization 3-Key Triple DES CBC, CO Remote Session Mailmark and IPMAR requirements. R HMAC-SHA1, Authentication Key DRBG DRBG State R,W HMAC-SHA1, Remote Session Authorize the device according to the UK Postal Authorization R CO DRBG Authentication Key Mailmark and IPMAR requirements. - page 9 of 19 - 1.5 NON-PROPRIETARY Postal mRevenector GB 2013 - Security Policy Approved Associated CSPs Note Security Service Access Rights Roles Functions Used G Indicia Key Remote Session R 3-Key Triple DES CBC, Encryption Key Generate Indicia Key CO Generating and re-keying indicia key HMAC-SHA1, DRBG Remote Session R Authentication Key DRBG State R,W Remote Session R Postage Value 3-Key Triple DES CBC, Encryption Key CO Finance service, managing postal funds Download HMAC-SHA1 Remote Session R Authentication Key Debits the postal funds and returns indicia Accounting HMAC-SHA256 Indicia Key R U content. Remote Session R 3-Key Triple DES CBC, Encryption Key Postage Value Refund CO Finance service, managing postal funds. HMAC-SHA1 Remote Session R Authentication Key Remote Session Re-Authorization HMAC-SHA1 R CO Updates customer configuration data Authentication Key Remote Session Re-Initialization HMAC-SHA1 R CO Updates postal configuration data Authentication Key Remote Session R Encryption Key 3-Key Triple DES CBC, Enters FP Mac Secret used to authenticate Reenter FP Mac Secret Remote Session R CO HMAC-SHA1 proprietary data Authentication Key W FP Mac Secret 3-Key Triple DES CBC, PSD Key Pair, R,W RSA 2048 Remote Session Rekey PSD key Sign/Verify using Encryption Key R CO SHA-256, Remote Session R HMAC-SHA1, DRBG Authentication Key RSA 2048 Verify using Renew PKM key None CO Loads signed PKM certificate SHA-256 Remote Session R 3-Key Triple DES CBC, Encryption Key Echoes back data payload within a secure Secure Echo CO HMAC-SHA1 Remote Session session. R Authentication Key Remote Session R Secure Update 3-Key Triple DES CBC, Encryption Key Updates security relevant postal configuration CO Parameters HMAC-SHA1 Remote Session data. R Authentication Key Remote Session Secure Get Status HMAC-SHA1 R CO Provides status within a secure session. Authentication Key Remote Session Secure Set Time HMAC-SHA1 R CO Synchronizes the RTC within a secure session. Authentication Key Private PMD Key R AES-CBC, HMAC- Local Session SHA256 Sign postal related items and communication Sign PMD Data Authentication Key R U RSA 2048 Sign using data. Local Session Encryption SHA-256 R Key RSA- PKCS#1 V1.5 Working Encryption Receives firmware from an external source R Program FLASH verification using Working Authentication U and programs it into the cryptographic with Firmware R 2048 and SHA-256 keys module’s FLASH memory. Select Programmed None None - DU Configures the bootloader. Firmware Table 3: Services and Roles - page 10 of 19 - 1.5 NON-PROPRIETARY Postal mRevenector GB 2013 - Security Policy 5.6 Authentication Strength 5.6.1 Cryptographic Officer Role The probability that a random attempt will succeed or a false acceptance will occur shall be less than one in 1,000,000. This is achieved through use of a 2048 bit RSA key to authenticate the role, which has been determined to have an effective strength of 112-bits. The probability that a random attempt will succeed is therefore 1/(2112), which is less than 1/1,000,000. Should multiple attempts be made to authenticate during a one-minute period, the probability shall be less than one in 100,000 that a random attempt will succeed or a false acceptance will occur. This is achieved by inserting a delay of 1 second after any failed attempt resulting in a maximum of 60 attempts per minute. The probability is therefore 60/(2112), which is less than 1/100,000. 5.6.2 User Role The passphrase contains at least 6 randomly chosen characters for the User resulting in a total of more than 626 combinations (alphanumeric input). The probability that a random attempt will succeed is therefore 1/(626), which is less than 1/1,000,000. Should multiple attempts be made to authenticate during a one-minute period, the probability shall be less than one in 100,000 that a random attempt will succeed or a false acceptance will occur. This is achieved by inserting a delay of 1 second after any failed attempt resulting in a maximum of 60 attempts per minute. The probability is therefore 60/(626), which is less than 1/100,000. - page 11 of 19 - 1.5 NON-PROPRIETARY Postal mRevenector GB 2013 - Security Policy 6 Physical Security All the components of the device, except the battery and the card edge connector, are covered with a hard, tamper-evident potting material, which is tamper evident and opaque within the visible spectrum. The module is inspected for tamper evidence each time it is retrieved from the field. Because of the potting material it is not possible to physically access any internal components without seriously damaging the module or causing zeroization. Hardness testing was performed at ambient temperature; no assurance is provided for Level 3 hardness conformance at any other temperature. 7 Operational Environment The cryptographic module’s operational environment is a limited operational environment. - page 12 of 19 - 1.5 NON-PROPRIETARY Postal mRevenector GB 2013 - Security Policy 8 Cryptographic Functions The module has one mode of operation, the FIPS mode of operation. It implements the following FIPS approved algorithms: Security Function Usage Certificate SHA-1, SHA-256 Hashing NIST Certificate #1346 DRBG On key generation NIST Certificate #61 AES 128 (ECB & CBC) On data encryption and authentication NIST Certificate #1493 HMAC-SHA-1, On message authentication, on indicia NIST Certificate #878 HMAC-SHA-256 authentication Key Agreement Scheme On key establishment (provides 112 bits of NIST Certificate #16 SP800-56A security strength) RSA PKCS#1 V1.5 Signature On signature verification NIST Certificate #732 Verification using RSA 2048 and SHA-256 RSA PKCS#1 V1.5 Signature On signature verification or generation NIST Certificate #785 Generation or Verification using RSA 2048 and SHA-256 3-Key Triple DES (ECB & CBC) On data encryption and decryption NIST Certificate #1122 DSA On key generation for KAS NIST Certificate #522 Table 4: Cryptographic Functions The module has the following non-approved security functions (allowed in FIPS mode of operation):  Non-Deterministic Random Number Generator (NDRNG), used for seeding the DRBG.  Automated key output via a secure session based on 3-Key Triple DES CBC (Cert. #1122) and HMAC-SHA-1 (Cert. #878) (key wrapping; key establishment methodology provides 112 bits of encryption strength) - page 13 of 19 - 1.5 NON-PROPRIETARY Postal mRevenector GB 2013 - Security Policy 9 Cryptographic Keys and Critical Security Parameters The following section lists the critical and public security parameters that are retained by the device. The device generates cryptographic keys whose strengths are modified by available entropy of the DRBG to a maximum of 128-bits. Critical Security Parameters The table below lists the critical security parameters: Name Algorithm Storage Generation Establishment Destruction Purpose DRBG State CTR_DRBG Encrypted Seeded by N/A N/A Internal state of the using AES internal Deterministic 128 NDRNG Random Bit Generator. Data Encryption AES CBC Plaintext Internal N/A Scrap service Serve to encrypt and Master Key DRBG or tamper decrypt critical (MKEK) event security parameters. (128 bit key) Data HMAC- Plaintext Internal N/A Scrap service Serve to Authentication SHA256 DRBG or tamper authenticate critical Master Key event security parameters. (MKAK) (128 bit key) Working Plaintext Internal N/A Scrap service, Serve to encrypt and AES CBC Encryption Key DRBG tamper event decrypt other (VDEK) or power cycle internally used data. (128 bit key) Working Plaintext Internal N/A Scrap service, Serve to HMAC- Authentication Key DRBG tamper event authenticate other SHA256 (VDAK) or power cycle internally used data. Data Encryption Encrypted Internal N/A N/A Serve to encrypt and AES CBC Key (NVDEK) DRBG decrypt other internally stored (128 bit key) critical security parameters. Data HMAC- Encrypted Internal N/A N/A Serve to Authentication-Key SHA256 DRBG authenticate other (NVDAK) internally stored critical security (128 bit key) parameters. Transport Signing RSA PKCS#1 Encrypted Internal N/A N/A Serves to properly (private) Key V1.5 DRBG identify device after shipping and to (2048 bit key) establish initial secure session. PMD Signing RSA PKCS#1 Encrypted Internal N/A N/A Used to support (private) Key V1.5 DRBG hosting device during its (2048 bit key) authentication services. - page 14 of 19 - 1.5 NON-PROPRIETARY Postal mRevenector GB 2013 - Security Policy Name Algorithm Storage Generation Establishment Destruction Purpose PSD Signing RSA PKCS#1 Encrypted Internal N/A N/A Serves to setup (private) Key V1.5 DRBG regular secure sessions. (2048 bit key) Indicia Key HMAC- Encrypted Internal Encrypted Output N/A Serves to SHA256 DRBG authenticate indicia (256 bit key) (barcode part). Ephemeral Diffie- KAS SP800- Not Internal N/A Zeroized after Serves to derive Hellman Client 56A persistently DRBG use session keys for the (private) Key stored Cryptographic Officer. (224 bit key) Remote Session HMAC -SHA1 Not N/A Key Agreement/ Zeroized after Serves to Authentication Key persistently Derivation use authenticate data (RSAK) stored during a remote secure session (CO (160 bit key, 112 role) bits of strength) Remote Session 3-Key Triple- Not N/A Key Agreement/ Zeroized after Serves to encrypt Encryption Key DES CBC persistently Derivation use and decrypt data (RSEK) stored during a remote secure session (CO (192 bit key, 112 role). bits of strength) Local Session HMAC – Not N/A PBKDF Zeroized after Serves to Authentication Key SHA256 persistently use authenticate data (LSAK) stored during a local secure session (User role) (256 bit key) Local Session AES CBC Not N/A PBKDF Zeroized after Serves to encrypt Encryption Key persistently use and decrypt data (LSEK) stored during a local secure session (User role). (128 bit key) FP Mac Secret N/A Encrypted N/A Encrypted Entry N/A Used to authenticate proprietary data Passphrase N/A Encrypted N/A N/A N/A Used for User Identity based authentication Table 5: Critical Security Parameters - page 15 of 19 - 1.5 NON-PROPRIETARY Postal mRevenector GB 2013 - Security Policy Public Security Parameters. The following public keys are stored in the device: Name of certificate Algorithm Storage Generation Purpose or public key FPRootCACert & public 2048 bit RSA Plaintext N/A Serves to authenticate FDC and PKM keys key key FDCCert & public key 2048 bit RSA Plaintext N/A Serves to authenticate TransportKey key PKMCert & public key 2048 bit RSA Plaintext N/A Serves to authenticate Cryptographic Officer key TransportCert & public 2048 bit RSA Plaintext Internal Serves to initially authenticate Postal key key DRBG mRevenector GB 2013 PSDKey (certificate & 2048 bit RSA Plaintext Internal Serves to authenticate Postal mRevenector GB public key) key DRBG 2013 RootCABCCert & 2048 bit RSA Plaintext N/A Serves to authenticate FDCBC and PMD keys public key key FDCBCCert & 2048 bit RSA Plaintext N/A Serves to authenticate PMDKey public key key PMDKeyCert & 2048 bit RSA Plaintext Internal Used to support hosting device during its public key key DRBG authentication services. Firmware Verification 2048 bit RSA Plaintext N/A Used to verify firmware from Francotyp- Key key Postalia. Ephemeral Diffie- KAS SP800-56A Not Internal Serves to derive session keys for the Hellman Client (public) persistently Cryptographic Officer. Key stored (2048 bit key) Ephemeral Diffie- KAS SP800-56A Not N/A Serves to derive session keys for the Hellman Server (public) persistently Cryptographic Officer. Key stored (2048 bit key) - page 16 of 19 - 1.5 NON-PROPRIETARY Postal mRevenector GB 2013 - Security Policy 10 Self-Tests 10.1 Power on self tests The following self tests are performed when the Postal mRevenector GB 2013 starts: Firmware Integrity Test The mRevenector checks the SHA 256 hash of the Postal mRevenector GB 2013 firmware of the cryptographic module and verifies this against a known hash value generated as part of the PKCS#1 V1.5 (Signature Scheme). Cryptographic Algorithm Tests The following table lists the cryptographic algorithm tests for approved security functions that are performed as part of the power-on self tests. For corresponding NIST certificates see Table 4. Security Function Type of self-test DBRG Known answer test (KAT) AES 128 Encrypt/Decrypt (ECB & CBC) KAT HMAC-SHA-1 & HMAC-SHA-256 KAT (includes SHA tests) Key Agreement Scheme KAT RSA 2048 bit Sign/Verify using SHA-256 KAT RSA 2048 bit Verify using SHA-256 KAT Triple DES Encrypt/Decrypt (ECB & CBC) KAT Table 6: FIPS 140-2 Cryptographic Algorithm Tests Register Consistency Test This test checks the consistency of the redundantly stored postal registers. 10.2 Conditional Tests The following conditional tests are performed: Security Function Performed CTR-DBRG and NDRNG On usage: see FIPS 140-2 section 4.9.2 “Continuous RNG test 1”. Diffie-Hellmann Key Agreement On key establishment: see FIPS 140-2 section 4.9.2 “Pair-wise consistency test 2”. RSA 2048 bit using SHA-256 On key generation: see FIPS 140-2 section 4.9.2 “Pair-wise consistency test 2”. - page 17 of 19 - 1.5 NON-PROPRIETARY Postal mRevenector GB 2013 - Security Policy Security Function Performed Firmware Loading Test On loading of programmed firmware: Performs RSA 2048 SHA 256 signature verification Continuous DRBG Test The cryptographic module uses a Deterministic Random Bit Generator (DRBG) based on a block cipher algorithm as specified in the recommendation NIST SP 800-90. The implemented CTR DRBG uses AES- 128 as its cryptographic function. The entropy input is at least 128 Bits. The DRBG uses a hardware- based random number generator as the entropy source. Consecutive outputs of the DRBG are compared to ensure that they differ. The module has a single, non-approved algorithm, its hardware implemented NDRNG. Consecutive outputs of the NDRNG are compared to ensure that they differ. 10.3 Error States In the event of an error being detected, the Postal mRevenector GB 2013 enters an error state and stores the reason (error identifier) persistently. The error state information can be retrieved via the Get Device Status service. - page 18 of 19 - 1.5 NON-PROPRIETARY Postal mRevenector GB 2013 - Security Policy 11 Mitigating Other Attacks The device includes environmental failure protection means for the battery voltage. If an attack is detected then the contents of the cryptographic IC’s battery powered key storage are automatically zeroized, leaving the module inoperable. The device is designed in such a way that temperature changes outside the normal operating ranges will not compromise the security of the device. The device includes failure protection means for the frequency of the internal Real Time Clock (RTC). If an attack is detected then the contents of the cryptographic IC’s battery powered key storage are automatically zeroized, leaving the module inoperable. The device includes failure protection means for the main input voltage, the internal core voltage, and the main clock frequency. If one of these conditions is outside a defined range the device is held in the reset condition. The cryptographic module’s processor incorporates a layer of metal shielding as one of its layers, used to detect attempts at intrusion at a die level. In the event of an intrusion attempt being detected, the contents of its battery powered key storage are automatically zeroized leaving the module inoperable. The failure protection for the battery voltage and the RTC frequency and the tamper detection for the physical breach of the module’s physical boundary are present using power from the battery even when the device is switched off. The module’s processor responds by destroying the stored plaintext CSPs. - page 19 of 19 - 1.5 NON-PROPRIETARY