SecureMetric Technology ST3 ACE Token Hardware Version: 1.0.0 FIPS 140-2 Non-Proprietary Security Policy Prepared by: KUALA LUMPUR (HQ) SecureMetric Technology Sdn. Bhd. 2-2, Incubator 2, Technology Park Malaysia, Lebuhraya Sg Besi - Puchong, Bukit Jalil, 57000 Kuala Lumpur, Malaysia T +603 8996 8225 F +603 8996 7225 JAKARTA SINGAPORE HANOI HO CHI MINH CITY MANILA Security Policy, Version 1.0 SEP 2014 Table of Contents 1 Introduction .................................................................................................................................................. 4 1.1 Purpose .................................................................................................................................................. 4 1.2 References ............................................................................................................................................. 4 2 ST3 ACE Token............................................................................................................................................... 5 2.1 Overview................................................................................................................................................ 5 2.2 Module Specification............................................................................................................................. 6 2.3 Module Interfaces ................................................................................................................................. 7 2.4 Roles and Services................................................................................................................................. 8 2.4.1 Crypto-Officer Role ......................................................................................................................10 2.4.2 User Role ......................................................................................................................................15 2.4.3 Additional Services .......................................................................................................................18 2.5 Physical Security .................................................................................................................................20 2.6 Operational Environment ....................................................................................................................20 2.7 Cryptographic Key Management.........................................................................................................21 2.8 EMI/EMC ............................................................................................................................................28 2.9 Self-Tests .............................................................................................................................................28 2.9.1 Power-Up Self-Tests .....................................................................................................................28 2.9.2 Conditional Self-Tests ..................................................................................................................28 2.10 Mitigation of Other Attacks ...............................................................................................................28 3 SECURE OPERATIONS ...........................................................................................................................29 3.1 Detecting a FIPS Cryptographic Module ............................................................................................29 3.2 Initial Setup .........................................................................................................................................30 3.2.1 Zeroization........................................................................................................................................30 3.3 Non-Approved Mode...........................................................................................................................30 4 ACRONYMS .................................................................................................................................................31 2014 SECUREMETRIC TECHNOLOGY SDN BHD This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 2 of 33 Security Policy, Version 1.0 SEP 2014 Figures List Figure 1 – SECUREMETRIC's ST3 ACE Token ............................................................................................ 5 Figure 2 – Physical Cryptographic Boundary ................................................................................................. 7 Figure 3 -"FIPS" Label Location ...................................................................................................................29 Figure 4 -"FIPS-Mode-Detect" Tool..............................................................................................................29 Tables List Table 1 – Security Level Per FIPS 140-2 Section ........................................................................................... 5 Table 2 – Operator Authentication Mechanism ............................................................................................... 8 Table 3 – APDU Command Structure ............................................................................................................. 9 Table 4 – APDU Command Response Structure ............................................................................................. 9 Table 5 – Mapping of Crypto-Officer Role’s Services to Inputs, Outputs, CSPs, and Type of Access .........10 Table 6 – Mapping of User Role’s Services to Inputs, Outputs, CSPs, and Type of Access .........................15 Table 7 – Mapping of Unauthenticated Services to Inputs, Outputs, CSPs, and Type of Access ..................19 Table 8 – FIPS-Approved Algorithm Implementations .................................................................................21 Table 9 – FIPS-Allowed Algorithm Implementations ...................................................................................21 Table 10 – List of Cryptographic Keys, Cryptographic Key Components, and CSPs ..................................22 Table 11 – Non-Approved Services ...............................................................................................................30 Table 12– Acronyms ......................................................................................................................................31 2014 SECUREMETRIC TECHNOLOGY SDN BHD This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 3 of 33 Security Policy, Version 1.0 SEP 2014 1 Introduction 1.1 Purpose This is a non-proprietary Cryptographic Module Security Policy for the ST3 ACE Token from SecureMetric Technology Sdn. Bhd. This Security Policy describes how the ST3 ACE Token meets the security requirements of Federal Information Processing Standards (FIPS) Publication 140-2, which details the U.S. and Canadian Government requirements for cryptographic modules. More information about the FIPS 140-2 standard and validation program is available on the National Institute of Standards and Technology (NIST) and the Communications Security Establishment Canada (CSEC) Cryptographic Module Validation Program (CMVP) website at http://csrc.nist.gov/groups/STM/cmvp. This document also describes how to run the module in a secure FIPS-Approved mode of operation. This policy was prepared as part of the Level 3 FIPS 140-2 validation of the module. The ST3 ACE Token is referred to in this document as ST3 ACE Token, crypto-module, or the module. 1.2 References This document deals only with operations and capabilities of the module in the technical terms of a FIPS 140-2 cryptographic module security policy. More information is available on the module from the following sources: • The SecureMetric website (http://www.securemetric.com) contains information on the full line of products from SECUREMETRIC. • The CMVP website (http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm) contains contact information for individuals to answer technical or sales-related questions for the module. 2014 SECUREMETRIC TECHNOLOGY SDN BHD This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 4 of 33 Security Policy, Version 1.0 SEP 2014 2 ST3 ACE Token 2.1 Overview SECUREMETRIC is a leading innovator of smart card and Chip Operating System (COS) based security technologies and applications. Their product offerings include devices that provide software protection, strong authentication, and smart card operating systems. Evidence of SECUREMETRIC’s continued leadership and innovation is demonstrated within this Security Policy, which specifies their second FIPS 140-2 validated cryptographic module. This new module, referred to as the ST3 ACE Token, is a USB token containing SECUREMETRIC’s own SECUREMETRIC-FIPS-COS cryptographic operating system. The SECUREMETRIC-FIPS-COS is embedded in an ST23YT66 Integrated Circuit (IC) chip and has been developed to support SECUREMETRIC’s ST3 ACE USB token (Figure 1). The ST3 ACE Token is designed to provide strong authentication and identification and to support network login, secure online transactions, digital signatures, and sensitive data protection. SECUREMETRIC’s ST3 ACE Token guarantees safety of its cryptographic IC chip and other components with its hard, semi-transparent, polycarbonate shell. Figure 1 – SECUREMETRIC's ST3 ACE Token The ST3 ACE Token is validated at the following FIPS 140-2 Section levels (Table 1): Table 1 – Security Level Per FIPS 140-2 Section Section Section Title Level 1 Cryptographic Module Specification 3 2 Cryptographic Module Ports and Interfaces 3 3 Roles, Services, and Authentication 3 4 Finite State Model 3 ___________________ 1 USB – Universal Serial Bus 2014 SECUREMETRIC TECHNOLOGY SDN BHD This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 5 of 33 Security Policy, Version 1.0 SEP 2014 Section Section Title Level 5 Physical Security 3 6 Operational Environment N/A 7 Cryptographic Key Management 3 8 EMI/EMC2 3 9 Self-tests 3 10 Design Assurance 3 11 Mitigation of Other Attacks N/A 2.2 Module Specification The ST3 ACE Token is a hardware module with a multi-chip standalone embodiment. The overall security level of the module is 3. The logical and physical cryptographic boundaries of the ST3 ACE Token are defined by the hard, semi-transparent, polycarbonate casing of the USB token. The ST3 ACE Token is comprised of a STMicroelectronics ST23YT66 serial access microcontroller sitting atop a Printed Circuit Board (PCB). The PCB carries the signals and instructions of the microcontroller to the other components contained within the ST3 ACE Token. All cryptographic functions and firmware are stored within the microcontroller package and executed by an 8/16-bit ST23 CPU (Core 3 Processing Unit). A LED contained within the USB token shows power, initialization, and operation status through the semi-transparent casing of the USB token. All other logical functions take place through the USB connector, covered in Section 2.3 of this document. Please refer to Figure 2 below for a depiction of the physical cryptographic boundary and logical flows of the ST3 ACE Token. ___________________________________________________________________________________ 2 EMI/EMC – Electromagnetic Interference / Electromagnetic Compatibility 3 LED – Light Emitting Diode 2014 SECUREMETRIC TECHNOLOGY SDN BHD This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 6 of 33 Security Policy, Version 1.0 SEP 2014 Figure 2 – Physical Cryptographic Boundary The ST3 ACE Token is shipped in a FIPS-Approved mode of operation, as indicated on the module and will always operate in a FIPS-Approved mode of operation. Section 3 details how to tell if the module is a FIPS module and is running in a FIPS approved mode of operation. Section 2.7 gives a complete list of FIPS-Approved algorithms within the module. 2.3 Module Interfaces The cryptographic boundary of the ST3 ACE Token is the outer polycarbonate casing of the USB token. There is only one physical point, the USB connector, at which the module interfaces with equipment outside of the physical boundary. The USB connector facilitates the following logical interfaces: • Data Input • Data output • Control Input • Status Output • Power 4 The USB connector contains 4 pins: Data+ (D+), Data-(D-), VCC , and Ground (GND). These 4 pins carry out the logical interfaces as defined by FIPS 140-2 and are described below: • The D+ and D-pins carry all Data Input, Data Output, Control Input, and Status Output signals to and from the module. • 5 6 The VCC pin handles up to 5V DC power input from whatever source the USB connector is plugged into. __________________________________________________________________________ 4 VCC – Common Collector Voltage 5 V -Volt 2014 SECUREMETRIC TECHNOLOGY SDN BHD This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 7 of 33 Security Policy, Version 1.0 SEP 2014 • The GND pin also handles up to 5V DC power and helps to regulate the power consumed by the USB token. An LED contained within the USB token is used for status output. This LED shows power, initialization, and operational status through the semi-transparent casing of the USB token. 2.4 Roles and Services The module supports the two roles required by FIPS 140-2: Crypto-Officer and User. The Crypto-Officer is the role responsible for module initialization, including file system management, key management, and access control management. The User role is the everyday user of the device. Once authenticated, the Crypto-officer and User role is implicitly selected, allowing the operator to access services from both roles. Please see Table 2 for details regarding the authentication mechanism. Table 5 and Table 6 below specify the full list of services per supported role. Unauthenticated services are also supported by the module. The services not requiring authentication are listed in Table 7. Table 2 – Operator Authentication Mechanism Authentication Authentication Data Authentication Mechanism Mechanism Identity-based 128-bit AES Key Shared The AES key is 128 bits in length. The probability that a random 7 Secret attempt will succeed or a false acceptance occur is no greater than 1/2^128, which is less than 1/1,000,000. The module will allow fewer than 600 authentication attempts in a one minute period. Therefore, the random success rate for multiple retries is 600/2^128, which is less than 1/100,000. Identity-based 3-key Triple-DES Shared Each Triple-DES key is effectively 56 bits in length, resulting in a Secret total of 168 bits of total keying material. The probability that a random attempt will succeed or a false acceptance occur is no greater than 1/2^168, which is less than 1/1,000,000. The module will allow fewer than 600 authentication attempts in a one minute period. Therefore, the random success rate for multiple retries is 600/2^168, which is less than 1/100,000. ______________________________________________________________________ DC – Direct Current 6 AES – Advanced Encryption Standard 7 2014 SECUREMETRIC TECHNOLOGY SDN BHD This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 8 of 33 Security Policy, Version 1.0 SEP 2014 Authentication Authentication Data Authentication Mechanism Mechanism The modules supports RSA public key authentication. Using Identity-based RSA Key Pairs conservative estimates and equating a 2048-bit RSA key to an 112-bit symmetric key, the probability for a random attempt to succeed is 1/2 112 . The module will allow fewer than 600 authentication attempts in a one minute period. Therefore, the random success rate for multiple retries is 600/2^112, which is less than 1/100,000. 8 9 All services provided by ST3 ACE Token are implemented in accordance with ISO /IEC 7816-4, which defines the interface available as a command and response pair referred to as an Application Protocol Data Unit (APDU). The module will process only one command at a time, per channel (of four available logical channels), and must process and respond before allowing another command to be processed over any given channel. Table 3 and Table 4 show a typical ADPU command structure and command response structure used by the module, respectively. Table 3 – APDU Command Structure Header Lc Field Data Field Le Field CLA INS 1 byte Input Data (1 or 3 bytes) 1 byte ADPU command structure descriptions: • CLA – The Class byte indicates the class of the command as follows: o If the class of the command is inter-industry or not o If secure messaging is required o Logical channel 0-3 • INS – The Instruction byte indicates the command to process as follows: o Command word o Data encoding • Lc – Length in bytes of the data field • Data Field – Data input with command for processing • Le – Maximum number of bytes expected in the response Table 4 – APDU Command Response Structure Data Field Trailer Response data Status bytes ADPU command response structure descriptions: o Data Field – Data output, if applicable o Trailer – Status bytes (e.g. 9000, 64XX) _____________________________________________ 8 ISO – International Organization for Standardization 9 IEC – International Electrotechnical Commission 2014 SECUREMETRIC TECHNOLOGY SDN BHD This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 9 of 33 Security Policy, Version 1.0 SEP 2014 2.4.1 Crypto-Officer Role This section provides a list of all services accessible to a Crypto-Officer (Table 5). The list includes a full description 10 of each service, and in addition, it describes the type of access that each service has to a CSP . NOTE: • R – Read: The CSP is read. • W – Write: The CSP is established, generated, modified, or zeroized. • X – Execute: The CSP is used within an Approved or Allowed security function or authentication mechanism. Table 5 – Mapping of Crypto-Officer Role’s Services to Inputs, Outputs, CSPs, and Type of Access Service INS Description Input Output CSP and Type of Access • Offset address of the Read B0 Allows read access to a binary • File data or “Nonexistent” No CSPs are accessed Binary file. A binary file is a file • Status (e.g. 9000, 6283, via this service. binary file to read • Length of the data to be whose content is a sequential 6284, 6A80, 6A81, 6A82, string of bits. 6A86, 6A87) read • Offset address of the Update D6 Allows write access to a • Status (e.g. 9000, 6283, No CSPs are accessed Binary binary file. 6284, 6A80, 6A81, 6A82, via this service. binary file to read • Length of the data to be 6A86, 6A87) read • Record number Read B2 Allows read access to a • Record data or No CSPs are accessed • Read parameter (i.e, all Record record. A record is a type of “Nonexistent” via this service. data storage structure as • Status (e.g. 9000, 6283, records starting at defied within ISO 7816. 6284, 6A80, 6A81, 6A82, specified record number, Records are stored in files. 6A86, 6A87) or just one record) • Record number Update DC Allows write access to a • Status (e.g. 9000, 6283, No CSPs are accessed • Length of record Record record. 6284, 6A80, 6A81, 6A82, via this service. • Record data 6A86, 6A87) • Read parameter (i.e, update the record specified by the record number) ______________________ 10 CSP – Critical Security Parameter 2014 SECUREMETRIC TECHNOLOGY SDN BHD This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 10 of 33 Security Policy, Version 1.0 SEP 2014 Service INS Description Input Output CSP and Type of Access Append E2 Allows a record to be • Record number • Status (e.g. 9000, No CSPs are accessed Record appended • Current file 6283, 6284, 6A80, via this service • Length of record 6A81, 6A82, 6A86, • Record data 6A87) • Read parameter (i.e, update the record specified by the record number) External 82 Authenticates an external • Initiate a secure sessions • Status (e.g. 9000) Initiate a secure Authenticate entity to the cryptographic • Retry number for the session: module. This service may • Authentication data of referenced key incremented • INIT_KEYenc: R, X also be used to both external entity (32 bytes) plus by one. • INIT_KEYmac: R, X 11 authenticate and initiate a the MAC (8 bytes) • Kenc: R, X secure session with an NOTE: If successful, this • Kmac: R, X external entity. number is then reset to the • KSenc: W Or maximum • KSmac :W NOTE: Prerequisite to this • Authenticate only: service is the use of Get • Algorithm type (AES, Or 12 13 Challenge service. The key Triple-DES , RSA ) Authenticate Only: as referenced within the • Key ID (Key Index) • Symmetric key: R, X service call exists under the • Length of data in the field • RSA Private Key: R, current file. • Authentication data (data X field) Internal 88 Authenticates the • Algorithm type • Authentication data Authenticate Only: Authenticate cryptographic module to (AES,Triple-DES, • Status (e.g. 9000, • Symmetric key: R, an external entity RSA) 6300, 62CX, 6581, X • Key ID (Key 6700, 6982, 6984, • RSA Private Key: NOTE: In order for this Index) 6A81, 6A2, 6A86, R, X service to be utilized, the • Length of data in 6A88) external entity must have the field privileged access to the • Random data (data referenced key. field) _____________________________________________________ MAC – Message Authentication Code 11 DES – Data Encryption Standard 12 RSA – Rivest, Adleman, and Shamir 13 2014 SECUREMETRIC TECHNOLOGY SDN BHD This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 11 of 33 Security Policy, Version 1.0 SEP 2014 Service INS Description Input Output CSP and Type of Access 14 Verify 20 Provides PIN verification. • Reference to the PIN • Status (e.g. 9000, 6300, • PIN: R, X 15 • PID 62CX, 6581, 6700, 6982, NOTE: In order for this • Data to be verified 6984, 6A81, 6A2, 6A86, service to be utilized, the 6A88) external entity must have privileged access to the referenced PIN. Change 24 Modify the PIN • Old PIN • Status (e.g. 9000, • PIN: R, W, X Reference • New PIN 6300, 62CX, 6581, Data NOTE: In order for this • Reference to the PIN 6700, 6982, 6984, 6A81, service to be utilized the • PID 6A2, 6A86, 6A88) external entity must have privileged access to the referenced PIN. Enable 28 Modifies a PIN’s state • Reference to the • Status (e.g. 9000, No CSPs are accessed Verification from invalid to valid. PIN 6300, 62CX, 6581, via Requirement • PID 6700, 6982, 6984, 6A81, this service. NOTE: Utilization of this 6A2, 6A86, 6A88) service requires permission to activate the PIN. Disable 26 Modifies a PINs state • Reference to the • Status (e.g. 9000, No CSPs are accessed Verification from valid to invalid. PIN 6300, 62CX, 6581, via Requirement • PID 6700, 6982, 6984, 6A81, this service. NOTE: Utilization of this 6A2, 6A86, 6A88) service requires permission to invalidate the PIN. Reset Retry 2C Resets the retry counter of • Reset parameter (resets • Status (e.g. 9000, 6300, No CSPs are accessed Counter the PIN to its initial value. recount maximum number and 62CX, 6581, 6700, 6982, via this service. remaining count to default) 6984, 6A81, 6A2, 6A86, NOTE: Utilization of this • Restore parameter (restores 6A88) service requires permission recount to initial default value) to modify PIN. • Reference to PIN • PID ____________________________________________________ PIN – Personal Identification Number 14 PID – Personal Identification number index 15 2014 SECUREMETRIC TECHNOLOGY SDN BHD This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 12 of 33 Security Policy, Version 1.0 SEP 2014 Service INS Description Input Output CSP and Type of Access Generate 46 Generates an Asymmetric •Key parameter information • Status (e.g. 9000, 6300, • RSA Private Key:W • RSA Public Key: W Asymmetric key pair •Algorithm ID 62CX, 6581, 6700, 6982, • DRBG16 Seed: Key Pair • Modulus Length 6984, 6A81, 6A2, 6A86, R,W, X • Private Key File Identifier 6A88) (FID) Encrypt 2A Performs an encrypt • Plaintext data • Ciphertext data • Status • Symmetric key: R, operation using an (e.g. 9000, 6300, 62CX, X Approved security 6581, 6700, 6982, 6984, • RSA Public Key: R, function. 6A81, 6A2, 6A86,6A88) X NOTE: The MSE service must have previously been utilized to choose the algorithm and key for the security operation. Decrypt 2A Performs a decrypt • Ciphertext • Plaintext • Symmetric key: R, operation X • RSA Private Key: NOTE: The MSE service R, X must have previously been utilized to choose the algorithm and key for the security operation. Verify 2A Verifies a digital signature • Data Object of the signed • Status of the verification • RSA Private Key: 17 Digital using RSA PKCS #1 data plus the digital signature R, X Signature Compute 2A Computes a digital • Input data for generating the • Digital Signature • RSA Public Key: R, Digital signature using RSA digital signature X Signature PKCS#1. Verify 2A Performs AES or Triple¬ • Plaintext data • Status (e.g. 9000, 6300) • Symmetric Key: Cryptograp DES checksum object plus the R,X hic verification. cryptographic checksum data Checksum Compute 2A Computes an AES or • The data used to • Cryptographic checksum • Symmetric Key: Cryptograp Triple-DES checksum. compute the R,X hic The length of the cryptographic checksum Checksum checksum is 8 bytes. 2014 SECUREMETRIC TECHNOLOGY SDN BHD This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 13 of 33 Security Policy, Version 1.0 SEP 2014 ___________________________________________________________________________________ 16 DRBG – Deterministic Random Bit Generator 17 PKCS -Public-Key Cryptography Standards Service INS Description Input Output CSP and Type of Access Create File E0 Creates a file •File control parameters (data • Status (e.g. 9000) No CSPs are field) accessed via this •Length of data field service. Delete File E4 Deletes a file and all files •File ID • Status (e.g. 9000) No CSPs are which exist within that accessed via this file service. Terminate FE Terminates all •None • None No CSPs are Card applications on the card accessed via this service. Install E3 This service is used to •Encrypted PIN or Key data • Status (eg. 9000, 6700, • Kenc : W Secret enter AES keys, • “Final” secret or “Not 6982, 6986, 6A8, 6A82, • Kmac : W Triple-DES keys, and Final” secret flag 6B00, 6CXX) • Internal Auth key: PINs. The keys which W may be entered are as • External Auth key: follows: W • Kenc • Symmetric Key: W • Kmac • PIN: W • Internal Auth key • External Auth key • Symmetric Key • PIN Update E5 Allows the updating of •INIT_KEYs •Secret Key • Status (eg. 9000, 6700, • Symmetric Key: W Key the INIT_KEYs or secret data 6982, 6986, 6A8, 6A82, • INIT_KEYenc : W file keys. •New error counter plus the 6B00, 6CXX) • INIT_KEYmac: W key value • Kenc : W • Kmac : W • Internal Auth key: W • External Auth key: W Get File 34 Allows the reading of the None • FID list or “Nonexistent” No CSPs are List FID list of child files of • Status (eg. 9000, 6700, accessed via this the current file. 6982, 6986, 6A8, 6A82, service. 6B00, 6CXX) 2014 SECUREMETRIC TECHNOLOGY SDN BHD This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 14 of 33 Security Policy, Version 1.0 SEP 2014 Service INS Description Input Output CSP and Type of Access Read B4 Allows the output of a • FID of the public key • Public Key data or No CSPs are Public Key public key • Public Key component read “Nonexistent” accessed via this parameter (Read all • Status (eg. 9000, 6700, service. component, read E 6982, 6986, 6A8, 6A82, component, or read N 6B00, 6CXX) component) Import E7 Allows the input of an • Encrypted key data • Status (eg. 9000, 6700, • RSA key pair: W RSA Key RSA key. • FID of the RSA Key 6982, 6986, 6A8, 6A82, 6B00, 6CXX) 2.4.2 User Role This section provides a list of all services accessible to a User (Table 6). The list includes a full description of each service and, in addition, it describes the type of access that each service has to CSPs. NOTE: · R – Read: The CSP is read. · W – Write: The CSP is established, generated, modified, or zeroized. · X – Execute: The CSP is used within an Approved or allowed security function or authentication mechanism. Table 6 – Mapping of User Role’s Services to Inputs, Outputs, CSPs, and Type of Access Service INS Description Input Output CSP and Type of Access Read B0 Allows read access to a • Offset address of the binary • File data or “Nonexistent” No CSPs are accessed Binary binary file. file to read • Status (e.g. 9000, 6283, via this service. • Length of the data to be read 6284, 6A80, 6A81, 6A82, 6A86, 6A87) 2014 SECUREMETRIC TECHNOLOGY SDN BHD This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 15 of 33 Security Policy, Version 1.0 SEP 2014 Service INS Description Input Output CSP and Type of Access Read Record B2 Allows read access to a •Record number • Record data or No CSPs are record. •Read parameter (i.e, all “Nonexistent” accessed via this records starting at specified • Status (e.g. 9000, 6283, service. record number, or just one 6284, 6A80, 6A81, 6A82, record) 6A86, 6A87) External 82 Authenticates an • Initiate a secure • Status (e.g. 9000) Initiate a secure Authenticate external entity to the session: • Retry number for the session: cryptographic module. •Authentication data of referenced key incremented • Kenc: R, X This service may also be external entity (32 bytes) plus by one. • Kmac: R, X used to both authenticate the MAC (8 bytes) • KSenc: W and initiate a secure NOTE: If successful this • KSmac :W session with an external OR number is then reset to the entity. maximum. Or •Authenticate only: NOTE: Prerequisite to •Algorithm type (AES, Authenticate Only: this service is the use of Triple-DES, RSA) • Symmetric key: R, Get Challenge service. •Key ID (Key Index) •Length X • RSA Private The key as referenced of data in the field Key: R, X within the service call •Authentication data (data exists under the current field) file. Internal 88 Authenticates the •Algorithm type (AES, • Authentication data • Symmetric key: R, Authenticate cryptographic module to •Triple-DES, RSA) • Status (e.g. 9000, 6300, X an external entity. •Key ID (Key Index) •Length 62CX, 6581, 6700, 6982, • RSA Private Key: of data in the field •Random 6984, 6A81, 6A2, 6A86, R, X NOTE: In order for this data (data field) 6A88) service to be utilized the external entity must have privileged access to the referenced key. Verify 20 Provides PIN •Reference to the PIN • Status (e.g. 9000, 6300, • PIN: R, X verification. •PID 62CX, 6581, 6700, 6982, •Data to be verified 6984, 6A81, 6A2, 6A86, NOTE: In order for this 6A88) service to be utilized the external entity must have privileged access to the referenced PIN. 2014 SECUREMETRIC TECHNOLOGY SDN BHD This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 16 of 33 Security Policy, Version 1.0 SEP 2014 Service INS Description Input Output CSP and Type of Access Change 24 Modifies the PIN. • Old PIN •Status (e.g. 9000, • PIN: R, W, X Reference • New PIN 6300, 62CX, 6581, Data NOTE: In order for this • Reference to the password 6700, 6982, 6984, 6A81, service to be utilized the • PID 6A2, 6A86, 6A88) external entity must have privileged access to the referenced PIN. Reset Retry 2C Resets the retry counter • Reset parameter (resets •Status (e.g. 9000, 6300, No CSPs are Counter of the PIN to its initial recount maximum number 62CX, 6581, 6700, 6982, accessed via this value. and remaining count to 6984, 6A81, 6A2, 6A86, service. default) 6A88) NOTE: Utilization of this • Restore parameter (restores service requires recount to initial default permission to modify value) PIN. • Reference to PIN • PID Generate 46 Generates an asymmetric • Key parameter information • •Status (e.g. 9000, 6300, • RSA Private Key: Asymmetric key pair. Algorithm ID 62CX, 6581, 6700, 6982, W Key Pair • Modulus Length 6984, 6A81, 6A2, 6A86, • RSA Public Key: • Private Key File Identifier 6A88) W (FID) • DRBG Seed: R,W, X Encrypt 2A Performs an encrypt • Plaintext data •Ciphertext data Status • Symmetric key: R, operation using an (e.g. 9000, 6300, 62CX, X Approved security 6581, 6700, 6982, 6984, • RSA Public Key: function. 6A81, 6A2, 6A86, 6A88) R, X NOTE: The MSE service must have previously been utilized to chose the algorithm and key for the security operation. Decrypt 2A Performs a decrypt • Ciphertext •Plaintext • Symmetric key: R, operation. X NOTE: The MSE service • RSA Private Key: must have previously R, X been utilized to chose the algorithm and key for the security operation. 2014 SECUREMETRIC TECHNOLOGY SDN BHD This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 17 of 33 Security Policy, Version 1.0 SEP 2014 Service INS Description Input Output CSP and Type of Access Verify Digital 2A Verifies a digital •Data Object of the signed •Status of the verification • RSA Public Signature signature using RSA data plus the digital Key: R, X PCKS#1. signature Compute Digital 2A Computes a digital •Input data for generating •Digital Signature • RSA Private Signature signature using RSA the digital signature Key: R, X PCKS#1. Verify 2A Performs and AES •Plaintext data object •Status (e.g. 9000, • Symmetric Cryptographic or Triple-DES plus the cryptographic 6300) Key: R, Checksum checksum verification checksum data X Compute 2A Performs an AES or •The data used to •Cryptographic • Symmetric Cryptographic Triple-DES compute the checksum Key: R, X Checksum checksum. The length cryptographic checksum of the checksum is 8 bytes. Get File List 34 This command is used •None •FID list or “Nonexistent” No CSPs are to read the FID list of •Status (eg. 9000, 6700, 6982, accessed via this child files of the current 6986, 6A8, 6A82, 6B00, service. file. 6CXX) Read Public Key B4 Allows the output of a •FID of the public key •Public Key data or No CSPs are public key. •Public Key component “Nonexistent” accessed via this read parameter (Read all •Status (eg. 9000, 6700, 6982, service. component, read E 6986, 6A8, 6A82, 6B00, component, or read N 6CXX) component) Import RSA Key E7 Allows the input of an •Encrypted key data •Status (eg. 9000, 6700, 6982, • RSA key pair: RSA key. •FID of the RSA Key 6986, 6A8, 6A82, 6B00, W 6CXX) 2.4.3 Additional Services The module provides a limited amount of services for which the operator does not have to assume an authorized role. Table 7 provides the list of services for which the operator is not required to assume an authorized role. The list includes a full description of each service and, in addition, it describes the type of access that each service has to CSPs. None of the services listed in the table disclose cryptographic keys and CSPs or otherwise affect the security of the module NOTE: • R – Read: the CSP read. • W – Write: The CSP is established, generated, modified, or zeroized. • X – Execute: The CSP is used within an Approved or allowed security function or authentication mechanism. 2014 SECUREMETRIC TECHNOLOGY SDN BHD This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 18 of 33 Security Policy, Version 1.0 SEP 2014 Table 7 – Mapping of Unauthenticated Services to Inputs, Outputs, CSPs, and Type of Access Service INS Description Input Output CSP and Type of Access Put Data DA Allows data to be received • Data object tag (‘81’ •Status (e.g. 9000, 6283, No CSPs are and stored by the which indicates OEM 6284, 6A80, 6A81, 6A82, accessed via this cryptographic module. In the info, followed by up to 6A86, 6A87) service. Put Data service, only the 32 bits of OEM info. OEM information is allowed • Length of object data to be set. Get Data CA This service allows data to • Data object tag (e.g., •Content of object No CSPs are be retrieved. Data refers to ‘80’ which indicates •Status (e.g. 9000, 6283, accessed via this global data, which belongs to card serial number) 6284, 6A80, 6A81, 6A82, service. the cryptographic module, 6A86, 6A87) such as the serial number, OEM information, chip information which includes algorithm support, RAM size. •Random value Get 84 Requests a random value that • None • DRBG Key •Status (e.g. 9000, 6283, Challenge will be used as a challenge Value: R, W, X within the External • DRBG ’V’ 6284, 6A80, 6A81, 6A82, Authenticate service. Value: R; W, X 6A86, 6A87) • CRDO19 Manage 22 Prepares the •Status (e.g. 9000, No CSPs are Security cryptographic • Algorithm Reference 6300, 62CX, 6581, accessed via Environment module for the • Key Reference 6700, 6982, 6984, (MSE) subsequent commands, SET, • File Reference 6A81, 6A2, 6A86, 6A88) STORE, RESTORE, SEID, • Length of CRDOs and ERASE. Select A4 Allows the selection of a • File identifier •File control information No CSPs are specified file. • Dedicated file Name •Status (e.g. 9000, 6283, accessed via • File path starting at 6284, 6A80, 6A81, 6A82, this service. master file 6A86, 6A87) • File path starting at dedicated file _________________________________________________________________________ 19 CRDO – Control Reference Data Object 2014 SECUREMETRIC TECHNOLOGY SDN BHD This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 19 of 33 Security Policy, Version 1.0 SEP 2014 Service INS Description Input Output CSP and Type of Access Manage 70 Allows the assignment; • Number of logical • Status (e.g. 9000, No CSPs are accessed via Channel opening, and closing of a channel to be assigned, 6283, 6284, 6A80, this service. logical channel. A logical opened, or closed 6A81, 6A82, 6A86, channel is a logical link (01-03). 6A87) between the host system and a file on the smart card. Hash 2A Performs a hash using • Input data • Hash result or None No CSPs are accessed via 20 SHA -1 or SHA-256. this service. 2.5 Physical Security The ST3 ACE Token is a multi-chip standalone cryptographic module as defined by FIPS 140-2 and is designed to meet Level 3 physical security requirements. The ST3 ACE Token is a made of a completely hardened, production-grade polycarbonate. The colored polycarbonate obscures a clear view of the hardware components within. There is a removable cap that reveals the plastic USB connector and a hard, non-malleable metal casing surrounding the USB connector. The USB connector is made of hard production-grade, black plastic. The coloring of the module obscures any visible writing on the PCB. The visible critical components within the module are further covered to meet FIPS 140-2 level 3 physical security requirements. The ST23YT66 microcontroller is covered with a black, opaque, tamper-resistant, epoxy encapsulate, thus completely covering all critical cryptographic components from plain view. All other non-critical viewable components are unmarked and unidentifiable. The USB connector located outside of the plastic casing of the USB token is made of a hardened, production grade plastic and prevents access to the rest of the USB token. Any attempt at removal or penetration of the plastic enclosure has a high probability of causing serious damage to the module and the hardware components within the enclosure, which will reveal clear tamper evidence. Removal of the metal surrounding the USB connector will result in the physical damage of the USB connector and its associated pins, rendering the entire cryptographic module useless. If the USB connector is exposed, there is no power going to the USB token. Once power is removed from the cryptographic module, all plaintext keys and unprotected CSPs are zeroized. 2.6 Operational Environment The operational environment for the ST3 ACE Token includes the ST23YT66 microcontroller containing an 8/16-bit ST23 CPU. The token’s operational environment is non-modifiable and does not possess a general purpose operating system. ______________________________________ 20 SHA – Secure Hash Algorithm 2014 SECUREMETRIC TECHNOLOGY SDN BHD This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 20 of 33 Security Policy, Version 1.0 SEP 2014 2.7 Cryptographic Key Management The module implements the FIPS-Approved algorithms show in Table 8: Table 8 – FIPS-Approved Algorithm Implementations Algorithm Certificate Number AES in ECB , CBC modes using 128-bit key sizes 1473 21 21 Triple-DES in ECB, CBC modes using Keying 991 Option 1 RSA PKCS#1 v1.5 signature generation– using 720 2048-bit keys RSA PKCS#1 v1.5 signature verification – using 720 1024-and 2048bit keys ANSI X9.31 Key Pair Generation 720 23 SHA-1 and SHA-256 1332 SP 800-90 CTR _DRBG 58 24 25 Caveat: Additional information concerning SHA-1 and specific guidance on transitions to the use of stronger cryptographic keys and more robust algorithms is contained in NIST Special Publication 800-131A. Table 9 lists the non-Approved algorithms implemented in the module which are allowed in a FIPS-Approved mode of operation. Table 9 – FIPS-Allowed Algorithm Implementations Algorithm Non-Deterministic Random Number Generator (NDRNG) RSA PKCS#1v1.5 2048-bit (Key establishment methodology provides 112 bits of security; non-compliant less than 112 bits of encryption strength) ECB –Electronic Codebook 21 CBC – Cipher-Block Chaining 22 ANSI – American National Standards Institute 23 SP – Special Publication 24 CTR – Counter 25 2014 SECUREMETRIC TECHNOLOGY SDN BHD This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 21 of 33 Security Policy, Version 1.0 SEP 2014 The module supports the critical security parameters (CSPs) listed below in Table 10. Internally generated keys are generated following scenario 1 of Implementation Guidance number 7.8. Table 10 – List of Cryptographic Keys, Cryptographic Key Components, and CSPs Key Key Type Use Generation / Output Storage Zeroization Key To Input Entity Symmetric AES These keys are N/A: The These keys Procedurally Storage: 4-bit Generation: Key 128-bit key; used to This key is not module does are stored in overwrite key ID Triple-DES encrypt/decrypt generated not support EEPROM in keys with 26 168-bit Key data, or within a within the the output of special files arbitrary data Input/Output: symmetric MAC module. this key. used to store using the This key is algorithm to symmetric Update Key associated generate Input: This keys and service. with the authentication key may be PINs. Crypto-Office data. input encrypted r role during within a secure Input. channel. Internal Auth AES These keys are N/A: The These keys Procedurally Storage: 4-bit Generation: Key 128-bit used to This key is not module does are overwrite key ID key; authenticate the generated not support stored in keys with Triple-DES module to an within the the output of EEPROM in arbitrary data Input/Output: 168-bit Key external entity. module. this key. special files using the This key is used to store Update Key associated symmetric Input: This service. with the keys and key may be Crypto-Office PINs. input encrypted r role during within a secure Input channel. _____________________________ EEPROM - Electronically Erasable Programmable Read-Only Memory 26 2014 SECUREMETRIC TECHNOLOGY SDN BHD This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 22 of 33 Security Policy, Version 1.0 SEP 2014 Key Key Type Use Generation / Output Storage Zeroization Key To Input Entity External Auth AES 128-bit These keys are N/A: The These keys Procedurally Storage: 4-bit Generation: Key key; used to modify This key is not module does are overwrite key ID Triple-DES the security generated not support stored in keys with 168-bit Key; state of the within the the output of EEPROM in arbitrary data Input/Output: RSA 2048-bit currently module. this key. special files using the This key is 27 key selected DF . used to store Update Key associated Input: This symmetric service. with the key may be keys and Crypto-Office input encrypted PINs. r role during within a secure Input channel. INIT_KEYenc AES 128-bit This key is N/A: The This key is Procedurally Storage: 4-bit Generation: key used to derive a This key is not module does stored under overwrite key key ID session key generated not support in the with arbitrary which is then within the the output of reserved file data using the Input/Output: used to module. It is a this key. in EEPROM. Update Key N/A encrypt/decrypt factory-set key service. data over a which is used secure session only in the between an initialized state authorized of the module. external entity and the Input: This module. key is factory-set and cannot be modified or input outside of manufacturing. __________________________ DF – Dedicated File 27 2014 SECUREMETRIC TECHNOLOGY SDN BHD This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 23 of 33 Security Policy, Version 1.0 SEP 2014 Key Key Type Use Generation / Output Storage Zeroization Key To Input Entity INIT_KEYmac AES This key is used N/A: The This key is Procedurally Storage: 4-bit Generation: 128-bit key to derive a This key is not module does stored under overwrite keys key ID session key generated not support in the reserved with arbitrary which is then within the the output of file in data using the Input/Output: used to module. It is a this key. EEPROM. Update Key N/A authenticate an factory-set key service. operator or data which is used over a secure only in the session between initialized state an authorized of the module. external entity Input: This and the module. key is factory-set and cannot be modified or input outside of manufacturing. Kenc AES This key is used N/A: The These keys Procedurally Storage: 4-bit Generation: 128-bit key to derive a This key is not module does are stored overwrite keys key ID session key generated not support index 0x00 of with arbitrary which is then within the the output of the currently data using the Input/Output: used to module. this key. selected DF. Update Key N/A encrypt/decrypt service. data over a Input: This secure session key may be between an input encrypted authorized within a secure external entity channel. and the module. 2014 SECUREMETRIC TECHNOLOGY SDN BHD This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 24 of 33 Security Policy, Version 1.0 SEP 2014 Key Key Type Use Generation / Output Storage Zeroization Key To Input Entity Kmac AES 128-bit This key is N/A: The These keys Procedurally Storage: 4 bit Generation: key used to derive This key is not module does are stored overwrite keys key ID a session key generated not support index 0x00 of with arbitrary which is then within the the output of the currently data using the Input/Output: used to module. this key. selected DF. Update Key N/A authenticate an service. operator or Input: This data over a key may be secure session input encrypted between an within a secure authorized channel. external entity and the module. KSenc AES 128-bit This key is N/A: The Stored in Power cycle Storage: This Generation: key used to Generated from module does module RAM. the module. key is encrypt/decryp the not support associated t data over a INIT_KEYenc the output of with a logical secure session. or Kenc key as this key. channel ID (0- part of the 3) for which it Secure Channel is being used Protocol v01 as to secure specified messaging. within Global Platform v2.1. Input/Output: N/A, this key Input: This is not output key cannot be input. 2014 SECUREMETRIC TECHNOLOGY SDN BHD This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 25 of 33 Security Policy, Version 1.0 SEP 2014 Key Key Type Use Generation / Output Storage Zeroization Key To Input Entity KSmac AES This key is used N/A: The Stored in Power cycle Storage: This Generation: 128-bit key to authenticate Generated from module does module RAM. the module. key is data over a the not support associated secure session. INIT_KEYmac the output of with a logical or Kmac key as this key. channel ID part of the (0-3) for Secure Channel which it is Protocol v01 as being used to specified secure within Global messaging. Platform v2.1. Input/Output: Input: This N/A, this key key cannot be is not output input. Personal 6-16 byte This key is used N/A: The EEPROM in Procedurally Storage: 4-bit Generation: Identification secret to modify the This key is not module does plaintext overwrite keys key ID Number (PIN) security state of generated not support with arbitrary the currently within the the output of data using the selected DF. module. this key. Update Key service. Input: This key may be input encrypted within a secure channel. 2014 SECUREMETRIC TECHNOLOGY SDN BHD This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 26 of 33 Security Policy, Version 1.0 SEP 2014 Key Key Type Use Generation / Output Storage Zeroization Key To Input Entity RSA Private 2048-bit This key is used N/A: The EEPROM in Procedurally Storage: 4-bit Generation: Key RSA to decrypt or This key is module does plaintext overwrite keys File ID private key verify data. generated using not support with arbitrary the Approved the output of data using the NOTE: Only SP800-90 this key. Import RSA one RSA DRBG. Key service. Private key may be stored Input: This in an RSA key may be Private Key input encrypted file. within a secure channel. RSA Public 2048-bit This key is used Output in EEPROM in N/A: this key Storage: 4-bit Generation: Key RSA public to encrypt or This key is plaintext plaintext is a public key File ID key sign data. generated using using the and therefore the Approved Read Public does not have NOTE: Only SP800-90 key to be zeroized. one RSA DRBG. command. Public key may be stored Input: This in an RSA key may be Public Key input encrypted file. within a secure channel. DRBG ‘V’ Internal Used for SP Internally Never Plaintext in Power Cycle Associated Value CTR 800-90 Generated volatile with an DRBG state CTR_DRBG memory internal value module variable DRBG Key Internal Used for SP Internally Never Plaintext in Power Cycle Associated Value CTR DRBG 800-90 Generated volatile with an state CTR_DRBG memory internal value module variable 2014 SECUREMETRIC TECHNOLOGY SDN BHD This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 27 of 33 Security Policy, Version 1.0 SEP 2014 2.8 EMI/EMC The ST3 ACE Token conforms to the EMI/EMC requirements specified by 47 Code of Federal Regulations, Part 15, Subpart B, Unintentional Radiators, Digital Devices, Class B (i.e., for home use). 2.9 Self-Tests Self-tests are performed by the ST3 ACE Token when running in a FIPS-Approved mode of operation. The module will run power-up self-tests when first powered up. The module will run conditional self-tests before a random number is generated or when signing and verifying data. The module supports only one error condition, referred to as the FIPS Error State. Any failure of a FIPS self-test will cause the module to enter the FIPS error state, which does not allow for any data output and/or cryptographic service usage. If an operator attempts to utilize any module services, the service will not be invoked and status output will be provided via the return value of the APDU. The status output provided in the APDU response packet will be ‘6F 00’. In order to transition out of the FIPS error state, the module must be power-cycled. 2.9.1 Power-Up Self-Tests The ST3 ACE Token performs the following self-tests at power-up: • Cryptographic Known Answer Tests (KATs) • AES Encrypt KAT • AES Decrypt KAT • Triple-DES Encrypt KAT • Triple-DES Decrypt KAT • SHA-1 KAT • SHA-256 KAT • RSA signature generation/verification KAT • DRBG KAT 2.9.2 Conditional Self-Tests The module performs the following conditional self-tests: • Continuous Random Number Generator test for both the NDRNG and the SP800-90 DRBG. • RSA pairwise consistency test for sign/verify and encrypt/decrypt 2.10 Mitigation of Other Attacks This section is not applicable. The module is not intended to mitigate any attacks beyond the FIPS 140-2 Level 3 requirements for this validation. 2014 SECUREMETRIC TECHNOLOGY SDN BHD This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 28 of 33 Security Policy, Version 1.0 SEP 2014 The ST3 ACE Token meets Level 3 requirements for FIPS 140-2. The sections below describe how to place and keep the module in FIPS-approved mode of operation. 3 SECURE OPERATIONS 3.1 Detecting a FIPS Cryptographic Module The SECUREMETRIC ST3 ACE Token is shipped as a FIPS token that is already operating in a FIPS-approved mode of operation. It is not possible to change the configuration of the token to operate outside of its shipped configuration. To determine if the token is a FIPS token, the Cryptographic Officer should check for a laser-etched “FIPS” on the token casing, located at the top of the token near the USB connector. Please refer to Figure 3 for the location of the “FIPS” label. Figure 3 -"FIPS" Label Location Another way to determine whether the ST3 ACE Token is a FIPS token is by executing the supplied “FIPS- Mode-Detect” tool. After inserting the module into an available USB slot, start up the tool and hit the “Detect” button. If the tool reports “FIPS”, that means the module is configured to operate as a FIPS token. See Figure 4 for a screen shot of the “FIPS-Mode-Detect” tool. Figure 4 -"FIPS-Mode-Detect" Tool 2014 SECUREMETRIC TECHNOLOGY SDN BHD This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 29 of 33 Security Policy, Version 1.0 SEP 2014 3.2 Initial Setup The module is delivered with a pair of AES Keys (INIT_KEYenc and INIT_KEYmac) to allow authentication and secure initialization of the module. All communications to initialize the module will require a secure session using this key pair which will encrypt and authenticate all data input. For additional information regarding module initialization, please refer to the ST3 ACE Token User Manual. 3.2.1 Zeroization In the case that zeroization is required, the Crypto-Officer shall obtain possession of the module and then maintain sole physical possession of the cryptographic module until all keys have been zeroized. The Crypto-Officer performs zeroization by procedurally overwriting all of the keys with arbitrary data using the Update Key service. 3.3 Non-Approved Mode The ST3 ACE Token ships as a FIPS module and is meant to always operate in FIPS-Approve mode of operation. The module provides access to non-Approved security functions which use non-Approved algorithms and key sizes. Use of these services transitions the module to the non-Approved mode through the duration of the service being performed. Table 11 lists the non-Approved services and associated algorithms and key sizes. Table 11 – Non-Approved Services Non Approved Service Algorithm Signature Generation RSA 1024-bit SHA-1 Encryption/Decryption Triple-DES (2-key) Key Establishment RSA 1024-bit 2014 SECUREMETRIC TECHNOLOGY SDN BHD This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 30 of 33 Security Policy, Version 1.0 SEP 2014 4 ACRONYMS Table 12 defined the acronyms used in this Security Policy. Table 12– Acronyms Acronym Definition Advanced Encryption System AES Application Protocol Data Unit APDU American National Standards Institute ANSI Application Programming Interface API Cipher Block Chaining CBC Class Byte CLA Cryptographic Module Validation Program CMVP Chip Operating System COS Core Processing Unit CPU Cyclic Redundancy Check CRC Control Reference Data Objects CRDO Communications Security Establishment Canada CSEC Critical Security Parameter CSP Counter CTR Direct Current DC Digital Encryption Standard DES Dedicated File DF Digital Signature Algorithm DSA Deterministic Random Bit Generator DRBG Electronic Codebook ECB Electronically Erasable Programmable Read-Only Memory EEPROM Electromagnetic Compatibility EMC Electromagnetic Interference EMI File Identification FID Federal Information Processing Standard FIPS (Keyed-) Hash Message Authentication Code HMAC Integrated Circuit IC International Electrotechnical Commission IEC Instruction Byte INS International Organization for Standardization ISO 2014 SECUREMETRIC TECHNOLOGY SDN BHD This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 31 of 33 Security Policy, Version 1.0 SEP 2014 Acronym Definition KAT Known Answer Test LED Light Emitting Diode MAC Message Authentication Code MSE Manage Security Environment NDRNG Non-Deterministic Random Number Generator NIST National Institute of Standards and Technology NVLAP National Voluntary Laboratory Accreditation Program OEM Original Equipment Manufacturer PCB Printed Circuit Board PID Personal Identification number index PIN Personal Identification Number PKCS Public Key Cryptography Standards RAM Random Access Memory RNG Random Number Generator RSA Rivest Shamir and Adleman SHA Secure Hash Algorithm SP Special Publication TCP Transmission Control Protocol USB Universal Serial Bus V Volt VCC Common Collector Voltage 2014 SECUREMETRIC TECHNOLOGY SDN BHD This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 32 of 33 Security Policy, Version 1.0 SEP 2014 2014 SECUREMETRIC TECHNOLOGY SDN BHD This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 33 of 33