Feitian Technologies Co., Ltd. FEITIAN-FIPS-COS HW Version 1.0.0; FW Version 1.0.0 FIPS 140-2 Non-Proprietary Security Policy FIPS Security Level: 2 Document Version: 1.4 Prepared for: Prepared by: Feitian Technologies Co., Ltd. Corsec Security, Inc. Floor 17th, Tower B, Huizhi Mansion 13135 Lee Jackson Memorial Highway No.9 Xueqing Road Suite 220 Haidian District, Beijing 100085 Fairfax, VA 22033 China United States of America Phone: +(86)010-62304466 Phone: (703) 267-6050 Email: world.sales@ftsafe.com Email: info@corsec.com http://www.FTSafe.com http://www.corsec.com Security Policy, Version 1.4 March 27, 2013 Table of Contents 1 INTRODUCTION ................................................................................................................................................................. 3 1.1 PURPOSE ........................................................................................................................................................................ 3 1.2 REFERENCES .................................................................................................................................................................. 3 1.3 DOCUMENT ORGANIZATION .......................................................................................................................................... 3 2 FEITIAN-FIPS-COS............................................................................................................................................................. 4 2.1 OVERVIEW ..................................................................................................................................................................... 4 2.2 MODULE SPECIFICATION ............................................................................................................................................... 5 2.3 MODULE PORTS AND INTERFACES ................................................................................................................................. 5 2.4 ROLES AND SERVICES .................................................................................................................................................... 6 2.4.1 Crypto-Officer Role .......................................................................................................................................... 8 2.4.2 User Role ........................................................................................................................................................ 17 2.4.3 Unauthenticated Services ............................................................................................................................... 22 2.5 PHYSICAL SECURITY .................................................................................................................................................... 25 2.6 OPERATIONAL ENVIRONMENT ..................................................................................................................................... 25 2.7 CRYPTOGRAPHIC KEY MANAGEMENT ......................................................................................................................... 25 2.8 EMI/EMC ................................................................................................................................................................... 34 2.9 SELF-TESTS ................................................................................................................................................................. 34 2.10 MITIGATION OF OTHER ATTACKS ................................................................................................................................ 34 3 SECURE OPERATION ..................................................................................................................................................... 35 3.1 INITIAL SETUP.............................................................................................................................................................. 35 3.1.1 Zeroization ...................................................................................................................................................... 35 4 ACRONYMS AND TERMS............................................................................................................................................... 36 5 REFERENCES .................................................................................................................................................................... 38 Table of Figures FIGURE 1 – FEITIAN-FIPS-COS CRYPTOGRAPHIC MODULE ......................................................................................................... 4 FIGURE 2 – PHYSICAL PORTS .......................................................................................................................................................... 5 Table of Tables TABLE 1 – SECURITY LEVEL PER FIPS 140-2 SECTION ................................................................................................................... 4 TABLE 2 – FIPS 140-2 LOGICAL INTERFACES ................................................................................................................................. 5 TABLE 3 – OPERATOR AUTHENTICATION MECHANISM ................................................................................................................... 6 TABLE 4 – APDU COMMAND STRUCTURE....................................................................................................................................... 7 TABLE 5 – APDU COMMAND RESPONSE STRUCTURE ...................................................................................................................... 7 TABLE 6 – MAPPING OF CRYPTO-OFFICER ROLE’S SERVICES TO INPUTS, OUTPUTS, CSPS, AND TYPE OF ACCESS ........................ 8 TABLE 7 – MAPPING OF USER ROLE’S SERVICES TO INPUTS, OUTPUTS, CSPS, AND TYPE OF ACCESS.......................................... 17 TABLE 8 – MAPPING OF UNAUTHENTICATED SERVICES TO INPUTS, OUTPUTS, CSPS, AND TYPE OF ACCESS ............................... 22 TABLE 9 – FIPS-APPROVED ALGORITHM IMPLEMENTATIONS ...................................................................................................... 25 TABLE 10 – FIPS-ALLOWED ALGORITHM IMPLEMENTATIONS ..................................................................................................... 25 TABLE 11 – FIPS NON-APPROVED ALGORITHM IMPLEMENTATIONS ............................................................................................ 26 TABLE 12 – LIST OF CRYPTOGRAPHIC KEYS, CRYPTOGRAPHIC KEY COMPONENTS, AND CSPS ................................................... 27 TABLE 13 – ACRONYMS AND TERMS ............................................................................................................................................ 36 TABLE 14 – REFERENCES .............................................................................................................................................................. 38 FEITIAN-FIPS-COS Page 2 of 39 © 2013 Feitian Technologies Co., Ltd. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 27, 2013 1 Introduction 1.1 Purpose This is a non-proprietary Cryptographic Module Security Policy for the FEITIAN-FIPS-COS from Feitian Technologies Co., Ltd. This Security Policy describes how the FEITIAN-FIPS-COS meets the security requirements of FIPS 140-2 and how to run the module in a secure FIPS 140-2 mode. This policy was prepared as part of the Level 2 FIPS 140-2 validation of the module. FIPS 140-2 (Federal Information Processing Standards Publication 140-2 – Security Requirements for Cryptographic Modules) details the U.S. and Canadian Government requirements for cryptographic modules. More information about the FIPS 140-2 standard and validation program is available on the Cryptographic Module Validation Program (CMVP) website, which is maintained by National Institute of Standards and Technology (NIST) and Communication Security Establishment Canada (CSEC): http://csrc.nist.gov/groups/STM/index.html. The FEITIAN-FIPS-COS is also referred to in this document as cryptographic module or module. 1.2 References This document deals only with operations and capabilities of the module in the technical terms of a FIPS 140-2 cryptographic module security policy. More information is available on the module from the following sources: • The Feitian website (http://www.FTSafe.com/) contains information on the full line of products from Feitian. • The CMVP website (http://csrc.nist.gov/cryptval/) contains contact information for answers to technical or sales-related questions for the module. 1.3 Document Organization The Security Policy document is one document in a FIPS 140-2 Submission Package. In addition to this document, the Submission Package contains: • Vendor Evidence document • Finite State Machine • Other supporting documentation as additional references This Security Policy and the other validation submission documentation were produced by Corsec Security, Inc. under contract to Feitian. With the exception of this Non-Proprietary Security Policy, the FIPS 140-2 Validation Documentation is proprietary to Feitian and is releasable only under appropriate non-disclosure agreements. For access to these documents, please contact Feitian. FEITIAN-FIPS-COS Page 3 of 39 © 2013 Feitian Technologies Co., Ltd. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 27, 2013 2 FEITIAN-FIPS-COS 2.1 Overview Feitian is the leading innovator of smart card and Chip Operating System (COS) based security technologies and applications. Their product offerings include devices that provide software protection, strong authentication, and smart card operating systems. Evidence of Feitian’s continued leadership and innovation is demonstrated within this Security Policy, which specifies their first FIPS 140-2 validated cryptographic module. This new module, referred to as the FEITIAN-FIPS-COS, is both an integrated circuit and an operating system, and has been developed to support their ePass series USB1 tokens. FEITIAN-FIPS-COS is designed to provide strong authentication and identification and to support network logon, secure online transactions, digital signatures, and sensitive data protection. The FEITIAN-FIPS- COS provides all cryptographic functionality for Feitian’s ePass line of products. FEITIAN-FIPS-COS supports dual-factor authentication with an ISO27816-12 USB interface for the PC host connection acting as a smart card reader. Figure 1 – FEITIAN-FIPS-COS Cryptographic Module The FEITIAN-FIPS-COS has been validated to the FIPS 140-2 Security Levels listed in Table 1: Table 1 – Security Level Per FIPS 140-2 Section Section Section Title Level 1 Cryptographic Module Specification 2 2 Cryptographic Module Ports and Interfaces 2 3 Roles, Services, and Authentication 2 4 Finite State Model 2 5 Physical Security 3 6 Operational Environment N/A 7 Cryptographic Key Management 2 3 8 EMI/EMC 2 9 Self-tests 2 10 Design Assurance 2 11 Mitigation of Other Attacks N/A 1 USB – Universal Serial Bus 2 ISO – International Organization for Standardization 3 EMI/EMC – Electromagnetic Interference / Electromagnetic Compatibility FEITIAN-FIPS-COS Page 4 of 39 © 2013 Feitian Technologies Co., Ltd. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 27, 2013 2.2 Module Specification The FEITIAN-FIPS-COS is a hardware type module with a single-chip embodiment that meets overall level 2 FIPS 140-2 requirements. The module consists of two major components, a 16-bit Integrated Circuit (IC) and a COS. The cryptographic boundary of the FEITIAN-FIPS-COS is the outer IC packaging, which encompasses all module components. Please see Figure 1 for a depiction of the module. The FEITIAN-FIPS-COS supports both a FIPS-Approved and non-FIPS-Approved mode of operation. In the FIPS-Approved mode of operation, only the FIPS-Approved or Allowed algorithms are available for use. In a non-FIPS-Approved mode, the non-Approved algorithms are also available for use. Please see Section 3.1 for instructions specifying how to configure FIPS mode. 2.3 Module Ports and Interfaces The physical ports provided by the module are shown in Figure 2. The red dotted line indicates the cryptographic boundary. It should be noted that although the module provides 20 physical pins, the only pins that are enabled are the eight pins specified in Table 2. All other pins are disabled, as they are not supported by the FEITIAN-FIPS- COS operating system. Therefore, any signals input over them are not interpreted by the hardware or firmware. Figure 2 – Physical Ports The logical interfaces as defined by FIPS 140-2 are accessible through the module’s enabled physical ports. The mapping between the physical ports and logical interfaces is provided in Table 2 below: Table 2 – FIPS 140-2 Logical Interfaces FIPS 140-2 Logical FEITIAN-FIPS-COS ISO Pin and module interface Interface 7816 Port • Data Input I/O DP - USB data + differential input • DM - USB data + differential input • XIN - Crystal oscillator input FEITIAN-FIPS-COS Page 5 of 39 © 2013 Feitian Technologies Co., Ltd. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 27, 2013 FIPS 140-2 Logical FEITIAN-FIPS-COS ISO Pin and module interface Interface 7816 Port • Data Output I/O DP - USB data + differential input • DM - USB data + differential input • XOUT - crystal oscillator output • Control Input I/O, Reset DP - USB data + differential input • DM - USB data + differential input • /RST - Reset • Status Output I/O DP - USB data + differential input • DM - USB data + differential input • PA4 - Output to external LED • Power VCC, Ground VPS - Power • GND - Ground 2.4 Roles and Services The module supports the two roles required by FIPS 140-2: Crypto-Officer and User. The Crypto-Officer is the role responsible for module initialization, including file system management, key management, and access control management. The User role is the everyday user of the device. Once authenticated, the operator is authorized to assume both the Crypto-Officer and User roles. Please see Table 3 for details regarding the authentication mechanism. Role selection is implicit and is based upon the service accessed. Table 6 and Table 7 below specify the full list of services per supported role. Table 3 – Operator Authentication Mechanism Authentication Authentication Data Authentication Mechanism Mechanism 128-bit AES4 Key Pair Role-based Each AES key is 128 bits in length. The probability that a random attempt will succeed or a false acceptance occur is no greater than 1/2^128, which is less than 1/1,000,000. The module will allow fewer than 600 authentication attempts in a one minute period. Therefore, the random success rate for multiple retries is 600/2^128, which is less than 1/100,000. All services provided by FEITIAN-FIPS-COS are implemented in accordance with ISO/IEC5 7816-4, which defines the interface available as a command and response pair referred to as an Application Protocol Data Unit (APDU). The module will process only one command at a time, per channel (of four available logical channels), and must process and respond before allowing another command to be processed over any given channel [1]. Table 4 and Table 5 show the ADPU command and response structure, respectively. 4 AES – Advanced Encryption Standard 5 IEC – International Electrotechnical Commission FEITIAN-FIPS-COS Page 6 of 39 © 2013 Feitian Technologies Co., Ltd. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 27, 2013 Table 4 – APDU command structure Header Lc Field Data Field Le Field CLA INS 1 byte Input Data (1 or 3 bytes) 1 byte • CLA – The Class byte indicates the class of the command as follows: o If the class of the command is inter-industry or not o If secure messaging is required o Logical channel 0-3 • INS – The Instruction byte indicates the command to process as follows: o Command word o Data encoding • Lc – Length in bytes of the data field • Data Field – Data input with command for processing • Le – Maximum number of bytes expected in the response Table 5 – APDU command response structure Data Field Trailer Response data Status bytes • Data Field – Data output, if applicable • Trailer – Status bytes (e.g. 9000, 64XX) FEITIAN-FIPS-COS Page 7 of 39 © 2013 Feitian Technologies Co., Ltd. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 27, 2013 2.4.1 Crypto-Officer Role This section provides a list of all services accessible to a Crypto-Officer. The list includes a full description of each service, and in addition, it describes the type of access that each service has to a CSP6. NOTE: • R – Read: The CSP is read. • W – Write: The CSP is established, generated, modified, or zeroized. • X – Execute: The CSP is used within an Approved or Allowed security function or authentication mechanism. Table 6 – Mapping of Crypto-Officer Role’s Services to Inputs, Outputs, CSPs, and Type of Access INS7 Description Service Input Output CSP and Type of Access • • Read Binary B0 Allows read access to a No CSPs are accessed via Offset address of File data or binary file. A binary file is this service. the binary file to “Nonexistent” • a file whose content is a read Status (e.g. 9000, • sequential string of bits. Length of the data 6283, 6284, 6A80, to be read 6A81, 6A82, 6A86, 6A87) • • Update Binary D6 Allows write access to a No CSPs are accessed via Offset address of Status (e.g. 9000, binary file. 6283, 6284, 6A80, this service. the binary file to read 6A81, 6A82, 6A86, • 6A87) Length of the data to be read 6 CSP – Critical Security Parameter 7 INS – the value in hex of the instruction byte of the command message FEITIAN-FIPS-COS Page 8 of 39 © 2013 Feitian Technologies Co., Ltd. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 27, 2013 INS7 Description Service Input Output CSP and Type of Access • • Read Record B2 Allows read access to a No CSPs are accessed via Record number Record data or • record. A record is a this service. “Nonexistent” Read parameter • type of data storage (i.e, all records Status (e.g. 9000, structure as defied within starting at 6283, 6284, 6A80, ISO 7816. Records are specified record 6A81, 6A82, 6A86, stored in files. number, or just 6A87) one record) • • Update DC Allows write access to a No CSPs are accessed via Record number Status (e.g. 9000, • Record record. 6283, 6284, 6A80, this service. Length of record • 6A81, 6A82, 6A86, Record data • 6A87) Read parameter (i.e, update the record specified by the record number) • • Append E2 Allows a record to be No CSPs are accessed via Record number Status (e.g. 9000, • Record appended 6283, 6284, 6A80, this service. Current file • 6A81, 6A82, 6A86, Length of record • 6A87) Record data • Read parameter (i.e, update the record specified by the record number) FEITIAN-FIPS-COS Page 9 of 39 © 2013 Feitian Technologies Co., Ltd. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 27, 2013 INS7 Description Service Input Output CSP and Type of Access • • External 82 Authenticates an external Initiate a secure session: Initiate a secure Status (e.g. 9000) • INIT_KEYenc : R, • Authenticate entity to the session: Retry number for • cryptographic module. X Authentication the referenced key • INIT_KEYmac: R, This service may also be data of external incremented by used to both authenticate entity (32 bytes) one. X • Kenc: R, X and initiate a secure plus the MAC8 (8 session with an external • Kmac: R, X bytes) NOTE: If successful, this entity. • KSenc: W number is then reset to the Or maximum. • Ksmac :W • Authenticate only: Or • Algorithm type (AES, DES9, RSA10) Authenticate Only: • • Symmetric key: R, Key ID (Key Index) X • • RSA Private Key: Length of data in the field R, X • Authentication data (data field) • • • Internal 88 Authenticates the Algorithm type Authentication data Symmetric key: R, • Authenticate cryptographic module to (AES, DES, RSA) X Status (e.g. 9000, • • an external entity Key ID (Key 6300, 62CX, 6581, RSA Private Key: Index) 6700, 6982, 6984, R, X • NOTE: In order for this 6A81, 6A2, 6A86, Length of data in service to be utilized, the 6A88) the field external entity must have • Random data (data privileged access to the field) referenced key. 8 MAC – Message Authentication Code 9 DES – Data Encryption Standard 10 RSA – Rivest, Adleman, and Shamir FEITIAN-FIPS-COS Page 10 of 39 © 2013 Feitian Technologies Co., Ltd. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 27, 2013 INS7 Description Service Input Output CSP and Type of Access • • • Verify 20 Provides PIN verification. Reference to the Status (e.g. 9000, PIN: R, X PIN 6300, 62CX, 6581, • NOTE: In order for this PID11 6700, 6982, 6984, • service to be utilized, the 6A81, 6A2, 6A86, Data to be verified external entity must have 6A88) privileged access to the referenced PIN. • • • Change 24 Modify the PIN Old PIN Status (e.g. 9000, PIN: R, W, X • Reference 6300, 62CX, 6581, New PIN • Data NOTE: In order for this 6700, 6982, 6984, Reference to the service to be utilized the 6A81, 6A2, 6A86, PIN external entity must have • 6A88) PID privileged access to the referenced PIN. • • Enable 28 Modifies a PIN’s state No CSPs are accessed via Reference to the Status (e.g. 9000, Verification from invalid to valid. 6300, 62CX, 6581, this service. PIN • Requirement 6700, 6982, 6984, PID NOTE: Utilization of this 6A81, 6A2, 6A86, service requires 6A88) permission to activate the PIN. • • Disable 26 Modifies a PINs state No CSPs are accessed via Reference to the Status (e.g. 9000, Verification from valid to invalid. 6300, 62CX, 6581, this service. PIN • Requirement 6700, 6982, 6984, PID NOTE: Utilization of this 6A81, 6A2, 6A86, service requires 6A88) permission to invalidate the PIN. 11 PID – Personal Identification number inDex FEITIAN-FIPS-COS Page 11 of 39 © 2013 Feitian Technologies Co., Ltd. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 27, 2013 INS7 Description Service Input Output CSP and Type of Access • • Reset Retry 2C Resets the retry counter No CSPs are accessed via Reset parameter Status (e.g. 9000, Counter of the PIN to its initial 6300, 62CX, 6581, this service. (resets recount value. maximum number 6700, 6982, 6984, and remaining 6A81, 6A2, 6A86, NOTE: Utilization of this count to default) 6A88) • service requires Restore parameter permission to modify (restores recount PIN. to initial default value) • Reference to PIN • PID • • • Generate 46 Generates an Key parameter Status (e.g. 9000, RSA Private Key: Asymmetric Asymmetric key pair information 6300, 62CX, 6581, W • • Key Pair 6700, 6982, 6984, Algorithm ID RSA Public Key: W • • 6A81, 6A2, 6A86, DRBG12 Seed and Modulus Length • 6A88) Seed Key: R,W, X Private Key File Identifier (FID) • • • Encrypt 2A Performs an encrypt Plaintext data Ciphertext data Symmetric key: R, • operation using an X Status (e.g. 9000, • Approved security RSA Public Key: R, 6300, 62CX, 6581, function. 6700, 6982, 6984, X 6A81, 6A2, 6A86, NOTE: The MSE service 6A88) must have previously been utilized to choose the algorithm and key for the security operation. 12 DRBG – Deterministic Random Bit Generator FEITIAN-FIPS-COS Page 12 of 39 © 2013 Feitian Technologies Co., Ltd. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 27, 2013 INS7 Description Service Input Output CSP and Type of Access • • • Decrypt 2A Performs a decrypt Ciphertext Plaintext Symmetric key: R, operation X • RSA Private Key: NOTE: The MSE service R, X must have previously been utilized to choose the algorithm and key for the security operation. • • • Verify Digital 2A Verifies a digital signature Data Object of the Status of the RSA Public Key: R, using RSA PKCS13#1 Signature signed data plus verification X the digital signature • • • Compute 2A Computes a digital Input data for Digital Signature RSA Private Key: Digital signature using RSA generating the R, X Signature PKCS#1. digital signature • • • Verify 2A Performs AES or Triple- Plaintext data Status (e.g. 9000, Symmetric Key: R, Cryptographic DES checksum object plus the 6300) X Checksum verification. cryptographic checksum data • • • Compute 2A Computes an AES or The data used to Cryptographic Symmetric Key: R, Cryptographic Triple-DES checksum. compute the checksum X Checksum The length of the cryptographic checksum is 8 bytes. checksum 13 Public-Key Cryptography Standards FEITIAN-FIPS-COS Page 13 of 39 © 2013 Feitian Technologies Co., Ltd. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 27, 2013 INS7 Description Service Input Output CSP and Type of Access • • • Create File E0 Creates a file File control Status (e.g. 9000) INIT_KEYenc : R, parameters (data X • field) INIT_KEYmac: R, • Patch data X • parameter Ksenc : W, X • • Length of data field Ksmac : W, X • • Delete File E4 Deletes a file and all files No CSPs are accessed via File ID Status (e.g. 9000) which exist within that this service. file • • Terminate FE Terminates all No CSPs are accessed via None None Card applications on the card this service. • • • Install Secret E3 This service is used to Encrypted PIN or Status (eg. 9000, Kenc : W • enter AES keys, DES Key data 6700, 6982, 6986, Kmac : W • • keys, and PINs. The keys 6A8, 6A82, 6B00, “Final” secret or Internal Auth key: which may be entered 6CXX) “Not Final” secret W are as follows: • flag External Auth key: • Kenc W • Kmac • Symmetric Key: W • Internal Auth • PIN: W key • External Auth key • Symmetric Key • PIN FEITIAN-FIPS-COS Page 14 of 39 © 2013 Feitian Technologies Co., Ltd. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 27, 2013 INS7 Description Service Input Output CSP and Type of Access • • • Update Key E5 Allows the updating of INIT_KEYs Status (eg. 9000, Symmetric Key: W • • the INIT_KEYs or secret 6700, 6982, 6986, Secret Key data INIT_KEYenc : W • • file keys. 6A8, 6A82, 6B00, New error INIT_KEYmac: W • 6CXX) counter plus the Kenc : W • key value Kmac : W • Internal Auth key: W • External Auth key: W • • Get File List 34 Allows the reading of the No CSPs are accessed via None FID list or FID list of child files of this service. “Nonexistent” • the current file. Status (eg. 9000, 6700, 6982, 6986, 6A8, 6A82, 6B00, 6CXX) FEITIAN-FIPS-COS Page 15 of 39 © 2013 Feitian Technologies Co., Ltd. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 27, 2013 INS7 Description Service Input Output CSP and Type of Access • • Read Public B4 Allows the output of a No CSPs are accessed via FID of the public Public Key data or Key public key this service. key “Nonexistent” • • Public Key Status (eg. 9000, component read 6700, 6982, 6986, parameter (Read 6A8, 6A82, 6B00, all component, 6CXX) read E component, or read N component) • • • Import RSA E7 Allows the input of an Encrypted key data Status (eg. 9000, RSA key pair: W • Key RSA key. 6700, 6982, 6986, FID of the RSA 6A8, 6A82, 6B00, Key 6CXX) FEITIAN-FIPS-COS Page 16 of 39 © 2013 Feitian Technologies Co., Ltd. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 27, 2013 2.4.2 User Role This section provides a list of all services accessible to a User. The list includes a full description of each service and, in addition, it describes the type of access that each service has to CSPs. NOTE: • R – Read: The CSP is read. • W – Write: The CSP is established, generated, modified, or zeroized. • X – Execute: The CSP is used within an Approved or allowed security function or authentication mechanism. Table 7 – Mapping of User Role’s Services to Inputs, Outputs, CSPs, and Type of Access Service INS Description Input Output CSP and Type of Access • • Read Binary B0 Allows read access No CSPs are accessed via Offset address of the File data or to a binary file. this service. binary file to read “Nonexistent” • • Length of the data to Status (e.g. 9000, be read 6283, 6284, 6A80, 6A81, 6A82, 6A86, 6A87) • • Read Record B2 Allows read access No CSPs are accessed via Record number Record data or • to a record. this service. “Nonexistent” Read parameter (i.e, • all records starting at Status (e.g. 9000, specified record 6283, 6284, 6A80, number, or just one 6A81, 6A82, 6A86, record) 6A87) FEITIAN-FIPS-COS Page 17 of 39 © 2013 Feitian Technologies Co., Ltd. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 27, 2013 Service INS Description Input Output CSP and Type of Access • • Status (e.g. 9000) External 82 Authenticates an Initiate a secure session: Initiate a secure • INIT_KEYenc : R, • Retry number for Authenticate external entity to session: • the cryptographic X Authentication data the referenced key • INIT_KEYmac: R, module. This service of external entity (32 incremented by one. may also be used to bytes) plus the MAC X • Kenc: R, X both authenticate (8 bytes) NOTE: If successful this and initiate a secure • Kmac: R, X number is then reset to the session with an • KSenc: W Or maximum. external entity. • Ksmac :W • Authenticate only: • Algorithm type (AES, Or DES, RSA) • Key ID (Key Index) Authenticate Only: • • Symmetric key: R, Length of data in the field X • • RSA Private Key: R, Authentication data (data field) X • • • Internal 88 Authenticates the Algorithm type (AES, Authentication data Symmetric key: R, • Authenticate cryptographic DES, RSA) X Status (e.g. 9000, • • module to an Key ID (Key Index) 6300, 62CX, 6581, RSA Private Key: R, • external entity 6700, 6982, 6984, X Length of data in the 6A81, 6A2, 6A86, field NOTE: In order for • 6A88) Random data (data this service to be field) utilized the external entity must have privileged access to the referenced key. FEITIAN-FIPS-COS Page 18 of 39 © 2013 Feitian Technologies Co., Ltd. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 27, 2013 Service INS Description Input Output CSP and Type of Access • • • Verify 20 Provides PIN Reference to the PIN Status (e.g. 9000, PIN: R, X • verification. 6300, 62CX, 6581, PID • 6700, 6982, 6984, Data to be verified NOTE: In order for 6A81, 6A2, 6A86, this service to be 6A88) utilized the external entity must have privileged access to the referenced PIN. • • • Change 24 Modify the PIN Old PIN Status (e.g. 9000, PIN: R, W, X • Reference 6300, 62CX, 6581, New PIN • Data NOTE: In order for 6700, 6982, 6984, Reference to the this service to be 6A81, 6A2, 6A86, password utilized the external • 6A88) PID entity must have privileged access to the referenced PIN. • • Reset Retry 2C Resets the retry No CSPs are accessed via Reset parameter Status (e.g. 9000, Counter counter of the PIN this service. (resets recount 6300, 62CX, 6581, to its initial value. maximum number 6700, 6982, 6984, and remaining count 6A81, 6A2, 6A86, NOTE: Utilization to default) 6A88) • of this service Restore parameter requires permission (restores recount to to modify PIN. initial default value) • Reference to PIN • PID FEITIAN-FIPS-COS Page 19 of 39 © 2013 Feitian Technologies Co., Ltd. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 27, 2013 Service INS Description Input Output CSP and Type of Access • • • Generate 46 Generates an Key parameter Status (e.g. 9000, RSA Private Key: Asymmetric asymmetric key pair information 6300, 62CX, 6581, W • Algorithm ID • Key Pair 6700, 6982, 6984, RSA Public Key: W • Modulus Length • 6A81, 6A2, 6A86, DRBG Seed and • Private Key File 6A88) Seed Key: R,W, X Identifier (FID) • • • Encrypt 2A Perform an encrypt Plaintext data Ciphertext data Symmetric key: R, • operation using an X Status (e.g. 9000, • Approved security RSA Public Key: R, 6300, 62CX, 6581, function. 6700, 6982, 6984, X 6A81, 6A2, 6A86, 6A88) • • • Decrypt 2A Performs a decrypt Ciphertext Plaintext Symmetric key: R, operation X • RSA Private Key: R, X • • • Verify Digital 2A Verifies a digital Data Object of the Status of the RSA Public Key: R, Signature signature using RSA signed data plus the verification X PCKS#1 digital signature FEITIAN-FIPS-COS Page 20 of 39 © 2013 Feitian Technologies Co., Ltd. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 27, 2013 Service INS Description Input Output CSP and Type of Access • • • Compute 2A Computes a digital Input data for Digital Signature RSA Private Key: R, Digital signature using RSA generating the digital X Signature PCKS#1. signature • • • Verify 2A Performs and AES Plaintext data object Status (e.g. 9000, Symmetric Key: R, Cryptographic or Triple-DES plus the 6300) X Checksum checksum cryptographic verification. checksum data • • • Compute 2A Performs an AES or The data used to Cryptographic Symmetric Key: R, Cryptographic Triple-DES compute the checksum X Checksum checksum. The cryptographic length of the checksum checksum is 8 bytes. • • Get File List 34 This command is No CSPs are accessed via None FID list or used to read the this service. “Nonexistent” • FID list of child files Status (eg. 9000, of the current file. 6700, 6982, 6986, 6A8, 6A82, 6B00, 6CXX) • • Read Public B4 Allows the output No CSPs are accessed via FID of the public key Public Key data or • Key of a public key this service. “Nonexistent” Public Key • component read Status (eg. 9000, parameter (Read all 6700, 6982, 6986, component, read E 6A8, 6A82, 6B00, component, or read 6CXX) N component) FEITIAN-FIPS-COS Page 21 of 39 © 2013 Feitian Technologies Co., Ltd. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 27, 2013 Service INS Description Input Output CSP and Type of Access • • • Import RSA E7 Allows the input of Encrypted key data Status (eg. 9000, RSA key pair: W • Key an RSA key. 6700, 6982, 6986, FID of the RSA Key 6A8, 6A82, 6B00, 6CXX) 2.4.3 Unauthenticated Services This section provides a list of all services accessible to an unauthenticated operator. The list includes a full description of each service and, in addition, it describes the type of access that each service has to CSPs. NOTE: • R – Read: The CSP is read. • W – Write: The CSP is established, generated, modified, or zeroized. • X – Execute: The CSP is used within an Approved or allowed security function or authentication mechanism. Table 8 – Mapping of Unauthenticated Services to Inputs, Outputs, CSPs, and Type of Access Service INS Description Input Output CSP and Type of Access • • Put Data DA Allows data to be No CSPs are accessed via Data object tag (‘81’ Status (e.g. 9000, received and stored this service. which indicates OEM 6283, 6284, 6A80, by the cryptographic info, followed by up 6A81, 6A82, 6A86, module. In the Put to 32 bits of OEM 6A87) Data service, only info. • the OEM Length of object data information is allowed to be set. FEITIAN-FIPS-COS Page 22 of 39 © 2013 Feitian Technologies Co., Ltd. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 27, 2013 Service INS Description Input Output CSP and Type of Access • • Get Data CA This service allows No CSPs are accessed via Data object tag (e.g., Content of object • data to be retrieved. this service. ‘80’ which indicates Status (e.g. 9000, Data refers to global card serial number) 6283, 6284, 6A80, data, which belongs 6A81, 6A82, 6A86, to the cryptographic 6A87) module, such as the serial number, OEM information, chip information which includes algorithm support, RAM size. • • • Get Challenge 84 Requests a random None Random value DRBG Seed: R, W, • value that will be X Status (e.g. 9000, • used as a challenge 6283, 6284, 6A80, DRBG Seed Key: R; within the External 6A81, 6A82, 6A86, W, X Authenticate 6A87) service. • • Manage 22 Prepares the No CSPs are accessed via CRDO Status (e.g. 9000, • Security cryptographic this service. 6300, 62CX, 6581, Algorithm Reference • Environment module for the 6700, 6982, 6984, Key Reference (MSE) subsequent • 6A81, 6A2, 6A86, File Reference commands, SET, 6A88) • Length of CRDOs STORE, RESTORE, SEID, and ERASE. • • Select A4 Allows the selection No CSPs are accessed via File identifier File control • of a specified file. this service. information Dedicated file Name • • Status (e.g. 9000, File path starting at 6283, 6284, 6A80, master file • 6A81, 6A82, 6A86, File path starting at 6A87) dedicated file FEITIAN-FIPS-COS Page 23 of 39 © 2013 Feitian Technologies Co., Ltd. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 27, 2013 Service INS Description Input Output CSP and Type of Access • • Manage 70 Allows the No CSPs are accessed via Number of logical Status (e.g. 9000, Channel assignment; opening, this service. channel to be 6283, 6284, 6A80, and closing of a assigned, opened, or 6A81, 6A82, 6A86, logical channel. A closed (01-03). 6A87) logical channel is a logical link between the host system and a file on the smart card. • • Hash 2A Performs a hash Hash result or None No CSPs are accessed via Input data using SHA-1 or this service. SHA-256. FEITIAN-FIPS-COS Page 24 of 39 © 2013 Feitian Technologies Co., Ltd. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 27, 2013 2.5 Physical Security The FEITIAN-FIPS-COS is a production grade, single-chip cryptographic module as defined by FIPS 140- 2 and is designed to meet Level 3 physical security requirements. The FEITIAN-FIPS-COS is covered with a hard opaque epoxy coating that provides evidence of attempts to tamper with the module and was tested at temperatures of 0 to 80 degrees Celsius. The FEITIAN-FIPS- COS does not contain any doors, removable covers, or ventilation holes or slits. No maintenance access interface is available. No special procedures are required to maintain physical security of the module while delivering to operators. 2.6 Operational Environment The operational environment requirements do not apply to the FEITIAN-FIPS-COS as it only supports a limited operational environment. 2.7 Cryptographic Key Management The module implements the FIPS-Approved algorithms listed in Table 9: Table 9 – FIPS-Approved Algorithm Implementations Algorithm Certificate Number AES in ECB, CBC14 modes using 128-bit key sizes 1473 Triple-DES in ECB, CBC modes using 168-bit key sizes 991 RSA PKCS#1 v1.5 signature generation/verification – using 720 1024- and 2048-bit keys ANSI15 X9.31 Key Pair Generation 720 SHA-1 and SHA-256 1332 SP800-90 DRBG 58 Additionally, the module utilizes the non-FIPS-Approved algorithm implementations listed in Table 10 and Table 11: Table 10 – FIPS-Allowed Algorithm Implementations Algorithm Non-Deterministic Random Number Generator (NDRNG) RSA PKCS#1v1.5 1024, 2048 bit encrypt/decrypt to provide key establishment (Key establishment methodology provides 80-112 bits of security) 14 CBC – Cipher-Block Chaining 15 ANSI – American National Standards Institute FEITIAN-FIPS-COS Page 25 of 39 © 2013 Feitian Technologies Co., Ltd. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 27, 2013 Table 11 – FIPS Non-Approved Algorithm Implementations Algorithm DES ECB and CBC AES CBC-MAC [Non-Compliant] FEITIAN-FIPS-COS Page 26 of 39 © 2013 Feitian Technologies Co., Ltd. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 27, 2013 The module supports the critical security parameters listed in Table 12. Caveat: The module generates cryptographic keys whose strengths are modified by available entropy. Table 12 – List of Cryptographic Keys, Cryptographic Key Components, and CSPs Generation / Key To Key Key Type Use Output Storage Zeroization Input Entity Symmetric Key AES or Triple- These keys are Generation: N/A: The These keys are Procedurally Storage: 4-bit DES 128-bit used to This key is not module does stored overwrite keys key ID key encrypt/decrypt generated not support obfuscated in with arbitrary EEPROM16. data, or within within the the output of data using the Input/Output: a symmetric module. this key. Update Key This key is MAC algorithm service. associated with to generate Input: This key the Crypto- authentication may be input Officer role data. encrypted during Input via within a secure the usage of channel. the AES MAC. Internal Auth AES 128-bit, These keys are Generation: N/A: The These keys are Procedurally Storage: 4-bit Key Triple-DES 112 used to This key is not module does stored overwrite keys key ID and 168 -bit, authenticate generated not support obfuscated in with arbitrary or DES key the module to within the the output of EEPROM. data using the Input/Output: an external module. this key. Update Key This key is entity. service. associated with Input: This key the Crypto- may be input Officer role encrypted during Input via within a secure the usage of channel. the AES MAC. 16 EEPROM - Electronically Erasable Programmable Read-Only Memory FEITIAN-FIPS-COS Page 27 of 39 © 2013 Feitian Technologies Co., Ltd. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 27, 2013 Generation / Key To Key Key Type Use Output Storage Zeroization Input Entity External Auth AES 128-bit, These keys are Generation: N/A: The These keys are Procedurally Storage: 4-bit Key Triple-DES 112 used to modify This key is not module does stored in overwrite keys key ID and 168 -bit, the security generated not support obfuscated with arbitrary or DES key state of the within the the output of EEPROM data using the Input/Output: currently module. this key. within a special Update Key This key is selected DF17. files used to service. associated with Input: This key store the Crypto- may be input symmetric keys Officer role encrypted and PINs. during Input via within a secure the usage of channel. the AES MAC. INIT_KEYenc AES 128-bit This key is used Generation: N/A: The This key is Procedurally Storage: 4-bit key to derive a This key is not module does stored overwrite key key ID session key generated not support obfuscated with arbitrary which is then within the the output of under the data using the Input/Output: used to module. It is a this key. reserved file in Update Key N/A encrypt/decrypt factory-set key EEPROM. service. data over a which is used secure session only in the between an initialized state authorized of the module. external entity and the Input: This key module. is factor-set and cannot be modified or input outside of manufacturing. 17 DF – Dedicated File FEITIAN-FIPS-COS Page 28 of 39 © 2013 Feitian Technologies Co., Ltd. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 27, 2013 Generation / Key To Key Key Type Use Output Storage Zeroization Input Entity INIT_KEYmac AES 128-bit This key is used Generation: N/A: The This key is Procedurally Storage: 4-bit key to derive a This key is not module does stored overwrite keys key ID session key generated not support obfuscated with arbitrary which is then within the the output of under the data using the Input/Output: used to module. It is a this key. reserved file in Update Key N/A authenticate an factory-set key EEPROM. service. operator or which is used data over a only in the secure session initialized state between an of the module. authorized external entity Input: This key and the is factor-set and module. cannot be modified or input outside of manufacturing. Kenc AES 128-bit, This key is used Generation: N/A: The These keys are Procedurally Storage: 4-bit Triple-DES 112 to derive a This key is not module does stored overwrite keys key ID and 168 -bit session key generated not support obfuscated at with arbitrary which is then within the the output of index 0x00 of data using the Input/Output: used to module. this key. the currently Update Key N/A encrypt/decrypt selected DF. service. data over a Input: This key secure session may be input between an encrypted authorized within a secure external entity channel. and the module. FEITIAN-FIPS-COS Page 29 of 39 © 2013 Feitian Technologies Co., Ltd. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 27, 2013 Generation / Key To Key Key Type Use Output Storage Zeroization Input Entity Kmac AES 128-bit, This key is used Generation: N/A: The These keys are Procedurally Storage: 4 bit Triple-DES 112 to derive a This key is not module does stored overwrite keys key ID and 168 -bit session key generated not support obfuscated at with arbitrary which is then within the the output of index 0x00 of data using the Input/Output: used to module. this key. the currently Update Key N/A authenticate an selected DF. service. operator or Input: This key data over a may be input secure session encrypted between an within a secure authorized channel. external entity and the module. KSenc AES 128-bit, This key is used Generation: N/A: The These keys are Power cycle Storage: This Triple-DES 112 to Generated from module does stored in the module. key is and 168 -bit encrypt/decrypt the INIT_KEYenc not support plaintext, associated with data over a or Kenc key as the output of within module a logical secure session. part of the this key. RAM. channel ID (0- Secure Channel 3) for which it Protocol v01 as is being used specified within to secure Global Platform messaging. v2.1. Input/Output: Input: This key N/A, this key is cannot be input. not output FEITIAN-FIPS-COS Page 30 of 39 © 2013 Feitian Technologies Co., Ltd. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 27, 2013 Generation / Key To Key Key Type Use Output Storage Zeroization Input Entity KSmac AES 128-bit, This key is used Generation: N/A: The These keys are Power cycle Storage: This Triple-DES 112 to authenticate Generated from module does stored in the module. key is and 168 -bit data over a the not support plaintext, associated with secure session. INIT_KEYmac or the output of within module a logical Kmac key as part this key. RAM. channel ID (0- of the Secure 3) for which it Channel is being used Protocol v01 as to secure specified within messaging. Global Platform v2.1. Input/Output: N/A, this key is Input: This key not output cannot be input. Personal 6-16 byte This key is used Generation: N/A: The These secrets Procedurally Storage: 4-bit Identification secret to modify the This key is not module does are stored overwrite keys key ID Number (PIN) security state generated not support obfuscated in with arbitrary of the currently within the the output of EEPROM. data using the selected DF. module. this key. Update Key service. Input: This key may be input encrypted within a secure channel. FEITIAN-FIPS-COS Page 31 of 39 © 2013 Feitian Technologies Co., Ltd. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 27, 2013 Generation / Key To Key Key Type Use Output Storage Zeroization Input Entity RSA Private 1024-, 2048- This key is used Generation: N/A: The These keys are Procedurally Storage: 4-bit Key and 3072-bit to decrypt or This key is module does stored overwrite keys File ID RSA private sign data. generated using not support obfuscated in with arbitrary key the Approved the output of EEPROM. data using the NOTE: Only SP800-90 this key. Import RSA one RSA DRBG. Key service. Private key may be stored Input: This key in an RSA may be input Private Key encrypted file. within a secure channel. RSA Public Key 1024, 2048 and This key is used Generation: Output in These keys are N/A: this key is Storage: 4-bit 3072, bit RSA to decrypt or This key is plaintext using stored a public key File ID public key. verify data. generated using the Read obfuscated in and therefore the Approved Public key EEPROM. does not have NOTE: Only SP800-90 command. to be zeroized. one RSA Public DRBG. key may be stored in an Input: This key RSA Public Key may be input file. encrypted within a secure channel. DRBG Seed 256-bit 256-bit seed Generation: N/A: The Stored in Power cycle Associated random value value used as This CSP is module does plaintext in the module. with an input into the generated using not support module RAM. internal SP800-90 the modules the output of module DRBG non- this CSP. variable. deterministic RNG. FEITIAN-FIPS-COS Page 32 of 39 © 2013 Feitian Technologies Co., Ltd. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 27, 2013 Generation / Key To Key Key Type Use Output Storage Zeroization Input Entity DRBG Seed 192-bit Triple- 192-bit seed Generation: N/A: The Stored in Power cycle Associated Key DES Seed Key value used as This CSP is module does plaintext in the module. with an input into the generated using not support module RAM. internal SP800-90 the modules the output of module DRBG non- this CSP. variable. deterministic RNG. FEITIAN-FIPS-COS Page 33 of 39 © 2013 Feitian Technologies Co., Ltd. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 27, 2013 2.8 EMI/EMC The FEITIAN-FIPS-COS conforms to the EMI/EMC requirements specified by 47 Code of Federal Regulations, Part 15, Subpart B, Unintentional Radiators, Digital Devices, Class A (i.e., for business use): 2.9 Self-Tests The FEITIAN-FIPS-COS performs the following self-tests at power-up: • Firmware integrity test using a 16-bit CRC18 • Cryptographic Known Answer Tests (KATs) o AES KAT o Triple-DES KAT o SHA-1 KAT o SHA-256 KAT o RSA signature generation/verification KAT o DRBG KAT The module performs the following conditional self-tests: • Continuous Random Number Generator test for both the NDRNG and the SP800-90 DRBG. • RSA pairwise consistency test for sign/verify and encrypt/decrypt The module supports only one error condition, referred to as the FIPS Error State. Any failure of a FIPS self-test will cause the module to enter the FIPS error state, which does not allow for any data output and/or cryptographic service usage. If an operator attempts to utilize any module services, the service will not be invoked and status output will be provided via the return value of the APDU. The status output provided in the APDU response packet will be ‘6F 00’. In order to transition out of the FIPS error state, the module must be power-cycled. 2.10 Mitigation of Other Attacks The FEITIAN-FIPS-COS is not designed to mitigate any specific attacks outside of those required by FIPS 140-2, including but not limited to power consumption, timing, fault induction, or TEMPEST attacks. 18 CRC – Cyclical Redundancy Check FEITIAN-FIPS-COS Page 34 of 39 © 2013 Feitian Technologies Co., Ltd. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 27, 2013 3 Secure Operation The FEITIAN-FIPS-COS meets Level 2 requirements for FIPS 140-2. The sections below describe how to place and keep the module in FIPS-approved mode of operation. 3.1 Initial Setup The module is delivered with a pair of AES Keys (INIT_KEYenc and INIT_KEYmac) to allow authentication and secure initialization of the module. All communications to initialize the module will require a secure session using this key pair which will encrypt and authenticate all data input. It is the Crypto-Officer’s responsibility to configure the module into the FIPS-Approved mode or operation. In order to do this the Crypto-Officer shall ensure the following: • Only keys of the proper length shall be loaded into the module. o Symmetric Keys which are input shall be greater than or equal to 112 bits. o All RSA Keys input shall be greater than or equal to 1024 bits. • The Crypto-Officer role shall ensure that all files require Secure Channel Protocol to access For additional information regarding module initialization please refer to the FEITIAN-FIPS-COS User Manual [3]. 3.1.1 Zeroization In the case that zeroization is required, the Crypto-Officer shall maintain sole physical possession of the cryptographic module until all keys have been zeroized. FEITIAN-FIPS-COS Page 35 of 39 © 2013 Feitian Technologies Co., Ltd. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 27, 2013 4 Acronyms and Terms This section describes the acronyms and terms. Table 13 – Acronyms and Terms Acronym Definition AES Advanced Encryption Standard ANSI American National Standards Institute APDU Application Protocol Data Unit API Application Programming Interface CA Certification Authority CBC Cipher-Block Chaining CLA Class Byte of the APDU message header CMVP Cryptographic Module Validation Program COS Card Operating System CRC Cyclical Redundancy Check CRDO Control Reference Data Object CSEC Communications Security Establishment Canada CSP Critical Security Parameter DRBG Deterministic Random Bit Generator ECB Electronic Code Book EEPROM Electronically Erasable Programmable Read-Only Memory EMC Electromagnetic Compatibility EMI Electromagnetic Interference FID File Identifier FIPS Federal Information Processing Standard FW Firmware GND Ground HW Hardware IC Integrated Circuit ID Identifier IEC International Electrotechnical Commission FEITIAN-FIPS-COS Page 36 of 39 © 2013 Feitian Technologies Co., Ltd. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 27, 2013 Acronym Definition INS Instruction byte of the APDU message header ISO International Organization for Standardization KAT Known Answer Test KDF Key Derivation Function MAC Message Authentication Code MF Master File MSE Manage Security Environment NDRNG Non-Deterministic Random Number Generator NIST National Institute of Standards and Technology OEM Original Equipment Manufacturer PC Personal Computer PKCS Public-Key Cryptography Standards PID Personal Identification Number Index PIN Personal Identification Number RAM Random Access Memory RNG Random Number Generator RSA Rivest Shamir and Adleman SHA Secure Hash Algorithm Triple- Triple Data Encryption Standard DES FEITIAN-FIPS-COS Page 37 of 39 © 2013 Feitian Technologies Co., Ltd. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.4 March 27, 2013 5 References This section describes the acronyms and terms. Table 14 – References Reference Reference Number 1 ISO/IEC 7816-4:2005 (E) : Identification cards – Integrated circuit cards – Part 4, Second edition, 2005-01-15 2 Design Solution for the FT_FIPS_COS, 1.0.0 3 FEITIAN-FIPS-COS User Manual, V1.0 FEITIAN-FIPS-COS Page 38 of 39 © 2013 Feitian Technologies Co., Ltd. This document may be freely reproduced and distributed whole and intact including this copyright notice. Prepared by: Corsec Security, Inc. 13135 Lee Jackson Memorial Highway, Suite 220 Fairfax, VA 22033 United States of America Phone: (703) 267-6050 Email: info@corsec.com http://www.corsec.com FEITIAN-FIPS-COS Page 39 of 39 © 2013 Feitian Technologies Co., Ltd. This document may be freely reproduced and distributed whole and intact including this copyright notice.