MVC201 Security Policy Date: 2014-03-04 Document Revision: 1.01 MikroM GmbH Dovestr. 1 10587 Berlin Germany Phone: +49 30 398839 0 Fax: +49 30 398839 29 Web: www.mikrom.com MVC201 – non-proprietary Security Policy may be reproduced only in its original entirety V1.01 [2/27] [without revision]. Table of Contents Table of Contents Table of Contents ...................................................................................... 3  1 Introduction .......................................................................................... 4  1.1 Purpose .......................................................................................... 5  1.2 Revisions ........................................................................................ 5  1.3 Security Levels ................................................................................ 7  1.4 Approved Mode of Operation .............................................................. 7  2 Ports and Interfaces ............................................................................... 8  3 Security Functions .................................................................................11  3.1 Approved Security Functions .............................................................11  3.2 Allowed Key Establishment and Key Transport Protocols........................11  3.3 Non-Approved Security Functions ......................................................11  4 Cryptographic Keys and CSPs ..................................................................12  4.1 Public Keys ....................................................................................12  5 Self-Tests .............................................................................................14  5.1 Power-Up Self-Tests .........................................................................14  5.2 Conditional Tests .............................................................................14  6 Security ...............................................................................................15  6.1 Operational Environment ..................................................................15  7 Physical Security Policy ..........................................................................16  7.1 Physical Security .............................................................................16  7.2 Zeroization .....................................................................................17  8 Identification and Authentication Policy ....................................................18  8.1 Authentication ................................................................................18  9 Access Control Policy .............................................................................19  9.1 Services for Authorized Roles ............................................................19  9.2 Services for Unauthorized Roles ........................................................20  9.3 Access Rights within Services ...........................................................20  10 Mitigation of Other Attacks Policy ...........................................................24  11 Appendix ............................................................................................25  11.1 Acronyms .....................................................................................25  11.2 References ...................................................................................26  11.3 Document History .........................................................................27  MVC201 – non-proprietary Security Policy may be reproduced only in its original entirety V1.01 [3/27] [without revision]. Introduction 1 Introduction The MikroM MVC201 cryptographic module is a high-end multi-chip hardware decoder targeting the professional application Digital Cinema. Based on re- programmable (FPGA) hardware and a powerful on-board microprocessor the MVC201 represents a solution for real-time decoding of JPEG2000 and MPEG-2 MP@HL video streams. The MVC201 complies with the Digital Cinema System Specification V1.2 released on March 07, 2008 by the DCI. The whole Image Media Block (IMB) functionality is integrated in the MVC201, making it a very strong and intrinsically secure component in terms of content protection. It meets the requirements of FIPS 140-2 Security Level 3 (Ref. [FIPS 140-2]). The validation of the whole MVC201 only maintains if the version numbers correspond to those listed under Section 1.2. The MVC201 is a printed circuit board (PCB) designed for integration into a Texas Instruments (TI) Series 2 DLP Cinema projector. The module’s cryptographic boundary is the outer edge of the PCB. All parts outside the physically protected area on the board are excluded from the requirements of FIPS 140-2 because they are non-security relevant and cannot be used to compromise the security of the module. Figure 1 – MVC201 – front MVC201 – non-proprietary Security Policy may be reproduced only in its original entirety V1.01 [4/27] [without revision]. Introduction Figure 2 – MVC201 - back 1.1 Purpose This document is the security policy for the MVC201 cryptographic module. It describes the security behavior of the module and how it meets the requirements of FIPS Publication 140-2 Security Level 3. The FIPS PUB 140-2 is a U.S. government computer security standard used to validate cryptographic modules. The security level 3 describes a “production grade” module, which is physically and logically tamper-resistant and has the functionality to protect and in case of an attack to erase all secure content. 1.2 Revisions Six configurations of the MVC201 are included in this validation, as follows: 1. MVC201-IS1 rev.1.1 2. MVC201-IF1 rev.1.1 3. MVC201-MS1 rev.1.1 4. MVC201-MF1 rev.1.1 5. MVC201-RS1 rev.1.1 6. MVC201-RS2 rev.1.1 All components within the physically protected security region are identical for all six configurations; the only difference is in the available ports. MVC201 – non-proprietary Security Policy may be reproduced only in its original entirety V1.01 [5/27] [without revision]. Introduction Please see Table 2 for a listing of the ports available for each configuration. The PCB revision can be validated by visual inspection of the bottom side of the board, where it is etched in the copper layer. The PCB revision is also denoted on the serial number label which is located on the top side of the board. Both items are shown in Figure 3. Furthermore a function is provided which can be used to obtain the PCB version. Figure 3 - Etched revision and S/N label The validated firmware versions are equal to: Firmware Versions: 1.10.65.18189, 1.10.68.18200 Bootloader Versions: 1.3.5.17849, 1.3.7.18217, 1.3.7.17798 The drivers API provides a function which can be used to obtain the overall firmware revision as well as the revisions of the different firmware modules contained in this revision. MVC201 – non-proprietary Security Policy may be reproduced only in its original entirety V1.01 [6/27] [without revision]. Introduction 1.3 Security Levels The MVC201 is designed, developed and tested to meet the requirements of DCI Digital Cinema System Specification V1.2 as well as the requirements of FIPS 140-2 Security Level 3, which is requested by the DCI (Ref. [DCI DCSS]). The following table lists the compliance level of each section: Security Requirements Section Level Cryptographic Module Specification 3 Module Ports and Interfaces 3 Roles, Services and Authentication 3 Finite State Model 3 Physical Security 3 Operating Environment N/A Cryptographic Key Management 3 EMI/EMC 3 Self-Tests 3 Design Assurance 3 Mitigation of Other Attacks N/A Table 1 - Levels of security requirements 1.4 Approved Mode of Operation The module only provides the FIPS 140-2 approved mode of operation. This mode is invoked automatically at boot up of the cryptographic module. To verify that the module is in approved mode of operation, the operator shall check for version numbers matching those listed on the validation certificate (refer to Section 1.2) using the Show Status service. MVC201 – non-proprietary Security Policy may be reproduced only in its original entirety V1.01 [7/27] [without revision]. Ports and Interfaces 2 Ports and Interfaces The MVC201 cryptographic module has several physical ports, i.e. connectors, which are used for single or multiple purposes. The MVC201 provides the following physical ports: Figure 4 – Physical connectors MVC201 – non-proprietary Security Policy may be reproduced only in its original entirety V1.01 [8/27] [without revision]. Ports and Interfaces The following table describes how the physical ports relate to logical interfaces. Location Physical Protocol Quantity per HW Version Logical Port Interface IS1 IF1 MS1 MF1 RS1 RS2 PCI PCI Express 1 1 1 1 1 1 1 Data input, Express Base Control input, Specification (Qseven Data output, Revision 1.1 connector) Status output, IMB TI 2 1 1 1 1 1 1 Data output, interface proprietary Control input, Status output, Power input AES/EBU 3 AES3 2 2 2 2 2 2 Data output Audio (RJ45) 3G-SDI 4 SMPTE424M 0 2 0 2 0 0 Data input input SMPTE425M (BNC) 3G-SDI 5 SMPTE424M 0 2 0 2 2 2 Data input input SMPTE425M (SMB) HD-SDI 6 SMPTE292M 0 1 0 1 0 0 Data output output (BNC) HD-SDI Unused. Legacy 7 SMPTE292M 0 1 0 1 0 0 output component (SMB) Auxiliary Proprietary Unused. Legacy 8 1 1 1 1 1 1 interface GPIO component (Pin Header) Service 9 UART 1 1 1 1 1 1 Status output, interface (contact pads) Gigabit IEEE 10 2 2 1 1 1 1 Data input, Ethernet 802.3ab Control input, (RJ45) Data output, Status output Serial ATA SATA 11 2 2 2 2 2 2 Data input Revision 1.0a MVC201 – non-proprietary Security Policy may be reproduced only in its original entirety V1.01 [9/27] [without revision]. Ports and Interfaces Location Physical Logical Protocol Quantity per HW Version Port Interface IS1 IF1 MS1 MF1 RS1 RS2 USB 12 USB 2.0 2 2 2 2 2 2 Data input Specification Revision 2.0 13 SD-Card SDIO 0 1 1 1 0 0 Data input 14 LEDs N/A 4 4 4 4 4 4 Status output 15 Battery N/A 1 1 1 1 1 1 Power input Table 2 - Relation of ports and interfaces . No maintenance access interface is present. MVC201 – non-proprietary Security Policy may be reproduced only in its original entirety V1.01 [10/27] [without revision]. Security Functions 3 Security Functions The MVC201 cryptographic module supports FIPS 140-2 approved cryptographic algorithms, allowed key establishment protocols and other approved and non- approved security functions. 3.1 Approved Security Functions 1. RSA-2048 (Cert. #1034), used for sign/verify (Ref. [PKCS #1 v2.1, 8.2 – RSASSA-PKCS #1 v1.5] and [FIPS 186-2]) 2. AES-128, -256 (Cert. #1994), in CBC mode (Encryption/decryption) (Ref. [FIPS 197]) 3. AES-128, -256 (Cert. #1995, 1996, 1997), in CBC mode (decryption only) (Ref. [FIPS 197]) 4. RNG (Cert. #1047), ANSI X9.31 RNG using AES (Ref. [ANSI X9.31 Appendix A.2.4] and [FIPS 140-2 IG, 7.6]) 5. HMAC-SHA-1 (Cert. #1206, 1207), (Ref. [FIPS 180-3]) 6. SHA-1 (Cert. #1748, 1750) (Ref. [FIPS 180-3]) 7. SHA-256 (Cert. #1748, 1749) 3.2 Allowed Key Establishment and Key Transport Protocols 1. Key transport using RSA (key wrapping, uses key size 2048 bit, ref. [FIPS 140-2 IG, 7.1]) key establishment methodology provides 112 bits of encryption strength. 3.3 Non-Approved Security Functions 1. Hardware RNG is the non-deterministic RNG (physical hardware) utilized for seeding the DRNG 2. TI S-Box, proprietary algorithm used for projector communication and is not relied upon to provide FIPS 140-2 cryptographic strength 3. EC Diffie-Hellman, used to establish communication channel with the projector and is not relied upon to provide FIPS 140-2 cryptographic strength 4. SP 800-135rev1 KDF within TLS (not CAVP tested) 5. MD5 within TLS MVC201 – non-proprietary Security Policy may be reproduced only in its original entirety V1.01 [11/27] [without revision]. Cryptographic Keys and CSPs 4 Cryptographic Keys and CSPs The MVC201 cryptographic module contains the following CSPs: ZK (AES-256): System Master Key used as key encrypting key for CSP  decryption. The used key size is 256 bits. IMBPrDecK (RSA-2048): System Private Decryption Key, used for  content key unwrapping. The used key size is 2048 bits. IMBPrSignK (RSA-2048): System Private Signature Key, used to sign  log messages, for TLS authentication and projector marriage. The used key size is 2048 bits. CONTKi (AES-128): Content Keys, used to decrypt content. The used  key size is 128 bits. FWSymK (AES-128): Firmware image decryption key.  The used key size is 128 bits. TLS Pre-master Secret: The parameter used for the generation of TLS  Master Secret. TLS Master Secret: The parameter used for the generation of TLS  Session Key and TLS Integrity Key. TLS Session Key (AES-128): The AES key used to protect TLS  connection. TLS Integrity Key (160 bit HMAC key): The HMAC-SHA-1 key used to  check integrity of TLS connection. Seed and Seed Key: Used to initialize the DRNG.  MICKi (HMAC-SHA-1): Message Integrity Check Keys.  The used key size is 160 bits. 4.1 Public Keys The cryptographic module contains the following public keys: MIKCerti (X.509v3): MikroM certificates used to verify the signature of  firmware and feature update images. TSPCerti (X.509v3): TSP certificate chain used to verify SMSCert,  IMBDecCert and IMBSignCert. SMSCert (X.509v3): SMS certificate used by the IMB to authenticate TLS  session between IMB and SMS. Can be verified with TSPCerti. IMBDecCert (X.509v3): IMB decryption certificate. Can be verified with  TSPCerti. IMBSignCert (X.509v3): IMB certificate used by the SMS to authenticate  TLS session between IMB and SMS. Also used by the projector for marriage. Can be verified with TSPCerti. MVC201 – non-proprietary Security Policy may be reproduced only in its original entirety V1.01 [12/27] [without revision]. Cryptographic Keys and CSPs PROJCert (X.509v3): Projector certificate used by the IMB for projector  marriage. This certificate is verified using a Trusted Device List. DCPProvCerti (X.509v3): DCP provider certificate chain used to verify  the signature of Extra-Theater Messages like KDMs. MVC201 – non-proprietary Security Policy may be reproduced only in its original entirety V1.01 [13/27] [without revision]. Self-Tests 5 Self-Tests The MVC201 cryptographic module performs all below mentioned power-up self- tests on boot-up and only enters FIPS 140-2 approved mode of operation if all tests passed successfully. The conditional tests are executed every time the corresponding algorithm is used. 5.1 Power-Up Self-Tests Firmware integrity test (32-bit CRC and SHA-256)  RSA Signature Generation and Signature Verification known answer tests  AES CBC (128 and 256) Decrypt known answer tests  AES CBC (128 and 256) Encrypt and Decrypt known answer tests  SHA-1 known answer tests  SHA-256 known answer tests  ANSI X9.31 RNG known answer test  HMAC-SHA-1 known answer tests  5.2 Conditional Tests Firmware load test (RSA 2048-bit signature verification)  Continuous Random Number Generator Test on Hardware RNG  Continuous Random Number Generator Test on RNG  MVC201 – non-proprietary Security Policy may be reproduced only in its original entirety V1.01 [14/27] [without revision]. Security 6 Security 6.1 Operational Environment The whole firmware of the MVC201 cryptographic module is stored persistently inside the module. During power-up the integrity of the stored firmware is checked before it is loaded and the module enters FIPS 140-2 approved mode of operation and no further firmware can be loaded. All functions stored persistently in the module are static, non-modifiable and do not use an underlying general purpose operating system. Thus the requirements of FIPS 140-2 chapter 4.6.1 (Operational Environment) are not applicable because of the limited operational environment. MVC201 – non-proprietary Security Policy may be reproduced only in its original entirety V1.01 [15/27] [without revision]. Physical Security Policy 7 Physical Security Policy 7.1 Physical Security The MVC201 cryptographic module is a multiple-chip embedded cryptographic module protected by a tamper-resistant metal cover on the upper and on the lower side of the board (see Figure 1 and Figure 2). Both cover shells are mounted stationary and are protected by a tamper detection mechanism as well as tamper-evident coating over the screws which must be checked periodically (refer to Table ). During normal operation the operator only has access to the front panel interfaces of the module, because it is integrated in the projector. It is protected against removal by the projector’s physical and electrical arrangements A maintenance service for the MVC201 is neither required nor allowed. Physical Security Recommended Frequency Inspection Guidance Details Mechanisms of Inspection metal cover together with projector both cover shells shall not be marriage damaged cover fixing bolts together with projector all bolts shall not be damaged marriage Tamper evident together with projector the coating shall not be coating over marriage damaged or look tampered. screws Please refer to figure 5 for a picture of untampered coating. Table 3 - Physical security inspection guidance The seal-protected cover also acts as a heat sink and forms a hard enclosure in means of FIPS 140-2. Figure 5 – Coating over screw MVC201 – non-proprietary Security Policy may be reproduced only in its original entirety V1.01 [16/27] [without revision]. Physical Security Policy As soon as a cover is removed the tamper detection response is triggered, automatically forcing active zeroization of all cryptographic keys as described in Section 7.2 below. 7.2 Zeroization After tamper detection, secret and private cryptographic keys and CSPs are actively and immediately deleted. When an attack is detected and the system is inactive (power-off) only the key encrypting key ZK is zeroized by the tamper detection device and thus also the IMBPrDecK, IMBPrSignK, and FWSymK immediately become unusable. If the system is active (power-on) while being attacked additionally all temporary cryptographic keys and CSPs of the module are zeroized. The module also contains a Zeroize service allocated to the User role. This service zeroizes all secret and private cryptographic keys and CSPs within the module. MVC201 – non-proprietary Security Policy may be reproduced only in its original entirety V1.01 [17/27] [without revision]. Identification and Authentication Policy 8 Identification and Authentication Policy 8.1 Authentication The following table describes the roles and how they are authenticated: Type of Role Authentication Data Authentication User Identity-based 2048-bit digital signature authentication verification Crypto Officer Identity-based 2048-bit digital signature authentication verification Table 4 – Authentication types Authentication Strength of Mechanism Mechanism Digital Signature The RSA private key used to generate the digital signature is Verification 2048-bits. The strength of a 2048-bit RSA key (with SHA- 256) is known to be 112 bits. Therefore, the strength of a 2048-bit digital signature is 1/2^112, which is less than one in 1,000,000. The module can perform RSA signature verifications in approximately 900ms, which is approximately 67 verifications per minute. The probably that a brute force attack will be successful given a minute of time is 67/(2^112), which is less than the required 1/100,000. Table 5 - Strength of Authentication MVC201 – non-proprietary Security Policy may be reproduced only in its original entirety V1.01 [18/27] [without revision]. Access Control Policy 9 Access Control Policy 9.1 Services for Authorized Roles The MVC201 cryptographic module supports two authorized roles. The User role covers general security related services, including cryptographic and other approved security functions. The Crypto Officer (CO) role covers secure firmware update. User CO Service Service Description Role Role x SystemUpdate Update IMB firmware x StartSuite Query the SM to check the auditorium equipment (e.g. marriage status) and start operation x StopSuite Query the SM to stop operation x UploadCPL Upload a Composition Play List to the SM for validation x UploadKDM Upload a Key Delivery Message to the SM for validation and key decryption x PurgeCPL Remove a CPL and all the associated data (CPL, KDMs, keys, etc…). x PlayBack Play a show, send encrypted data and control playback x PlayShow Prepare a show (as a list of CPLs) for playback x StopShow Reject a prepared show x CheckShow Check that a show (as a list of CPLs) is ready for playback at a given time x GetCertificates Retrieve the IMB certificates x GetCPLList Retrieve the list of currently available CPLs x GetKDMList Retrieve the list of available KDMs for a specific CPL x QuerySM Query the SM status x AdjustTime Allow the auditorium operator to adjust the SM clock x GetLogReport Retrieve security logs maintained by the SM x InitiateMarriage Initiate projector marriage procedure x ClearTamper Clear pending service door tamper x Zeroize Zeroize all module cryptographic keys and CSPs Table 6 – Authenticated Services MVC201 – non-proprietary Security Policy may be reproduced only in its original entirety V1.01 [19/27] [without revision]. Access Control Policy 9.2 Services for Unauthorized Roles The module provides the following unauthenticated services: Service Service Description EstablishConnection Start TLS session between the SM and the external SMS ProjectorInterface Query status, initiate marriage and clear service door tamper Playback Plaintext Play a show, send plaintext data and control playback Restart Restart of the IMB causing a reset and reboot. This causes the suite of self-tests to be run. ShowStatus Output the current status of the cryptographic module. Table 7 - Unauthenticated Services 9.3 Access Rights within Services Service Cryptographic Keys and Types of Access CSPs generate/read/write/modify/zeroize SystemUpdate MIKCerti read FWSymK read StartSuite TLS Pre-Master Secret read TLS Master Secret read TLS Session Key read TLS Integrity Key read StopSuite DCPProvCerti zeroize CONTKi zeroize MICKi zeroize TLS Pre-Master Secret read TLS Master Secret read TLS Session Key read TLS Integrity Key read UploadCPL DCPProvCerti read TLS Pre-Master Secret read TLS Master Secret read TLS Session Key read TLS Integrity Key read UploadKDM DCPProvCerti read TLS Pre-Master Secret read TLS Master Secret read TLS Session Key read TLS Integrity Key read CONTKi write MICKi write IMBPrDecK read MVC201 – non-proprietary Security Policy may be reproduced only in its original entirety V1.01 [20/27] [without revision]. Access Control Policy Service Cryptographic Keys and Types of Access CSPs generate/read/write/modify/zeroize PurgeCPL DCPProvCerti zeroize CONTKi zeroize MICKi zeroize TLS Pre-Master Secret read TLS Master Secret read TLS Session Key read TLS Integrity Key read Playback CONTKi read MICKi read PlayShow CONTKi read TLS Pre-Master Secret read TLS Master Secret read TLS Session Key read TLS Integrity Key read StopShow TLS Pre-Master Secret read TLS Master Secret read TLS Session Key read TLS Integrity Key read CheckShow TLS Pre-Master Secret read TLS Master Secret read TLS Session Key read TLS Integrity Key read GetCertificates IMBDecCert read IMBSignCert read MIKCerti read TSPCerti read PROJCert read TLS Pre-Master Secret read TLS Master Secret read TLS Session Key read TLS Integrity Key read GetCPLList TLS Pre-Master Secret read TLS Master Secret read TLS Session Key read TLS Integrity Key read GetKDMList TLS Pre-Master Secret read TLS Master Secret read TLS Session Key read TLS Integrity Key read QuerySM TLS Pre-Master Secret read TLS Master Secret read TLS Session Key read TLS Integrity Key read MVC201 – non-proprietary Security Policy may be reproduced only in its original entirety V1.01 [21/27] [without revision]. Access Control Policy Service Cryptographic Keys and Types of Access CSPs generate/read/write/modify/zeroize AdjustTime TLS Pre-Master Secret read TLS Master Secret read TLS Session Key read TLS Integrity Key read GetLogReport IMBPrSignK read TSPCerti read TLS Pre-Master Secret read TLS Master Secret read TLS Session Key read TLS Integrity Key read InitiateMarriage PROJCert read/write IMBSignCert read TLS Pre-Master Secret read TLS Master Secret read TLS Session Key read TLS Integrity Key read ClearTamper TLS Pre-Master Secret read TLS Master Secret read TLS Session Key read TLS Integrity Key read Zeroize ZK zeroize IMBPrDecK zeroize IMBPrSignK zeroize FWSymK zeroize CONTKi zeroize MICKi zeroize TLS Pre-Master Secret zeroize TLS Master Secret zeroize TLS Session Key zeroize TLS Integrity Key zeroize DRNG State zeroize EstablishConnection IMBPrSignK read IMBSignCert read TSPCerti read SMSCert read/write TLS Pre-Master Secret generate TLS Master Secret generate TLS Session Key generate TLS Integrity Key generate DRNG State generate ProjectorInterface PROJCert read/write IMBSignCert read Playback Plaintext - n/a MVC201 – non-proprietary Security Policy may be reproduced only in its original entirety V1.01 [22/27] [without revision]. Access Control Policy Service Cryptographic Keys and Types of Access CSPs generate/read/write/modify/zeroize Restart IMBPrDecK zeroize IMBPrSignK zeroize FWSymK zeroize CONTKi zeroize MICKi zeroize DCPProvCerti zeroize SMSCert zeroize TLS Pre-Master Secret zeroize TLS Master Secret zeroize TLS Session Key zeroize TLS Integrity Key zeroize DRNG State zeroize ShowStatus - n/a Table 8 - Access Right Mapping MVC201 – non-proprietary Security Policy may be reproduced only in its original entirety V1.01 [23/27] [without revision]. Mitigation of Other Attacks Policy 10 Mitigation of Other Attacks Policy Mitigation of other attacks in the meaning of FIPS PUB 140-2 is not claimed. The module has not been designed to mitigate other attacks outside of the scope of FIPS 140-2. MVC201 – non-proprietary Security Policy may be reproduced only in its original entirety V1.01 [24/27] [without revision]. Appendix 11 Appendix 11.1 Acronyms Acronym Description AES Advanced Encryption Standard AES3 Digital audio interface specified by Audio Engineering Society in standard AES3 CBC Cipher Block Chaining – Block Cipher Mode CPL Composition Play List CSP Critical Security Parameters CTR Counter – Block Cipher Mode DCI Digital Cinema Initiative DES Data Encryption Standard PRNG Deterministic RNG ECB Electronic Codebook – Block Cipher Mode FPGA Field Programmable Gate Array HD-SDI High Definition Serial Digital Interface HRNG Non-deterministic RNG (physical hardware) IMB Image Media Block JPEG Joint Photographic Experts Group KDM Key Delivery Message MPEG Moving Picture Experts Group PCB Printed Circuit Board PCI Peripheral Component Interconnect RNG Random Number Generator RSA Asymmetric Cryptographic Algorithm published by Ron Rivest, Adi Shamir and Leonard Adleman SHA Secure Hash Algorithm SHS Secure Hash Standard SM Security Manager SMPTE Society of Motion Picture and Television Engineers SMS Screen Management System (not part of the validation) TLS Transport Layer Security TSP Theatre System Provider Table 9 - Acronyms MVC201 – non-proprietary Security Policy may be reproduced only in its original entirety V1.01 [25/27] [without revision]. Appendix 11.2 References Reference Description ANSI X9.31 NIST-Recommended Random Number Generator Based on ANSI X9.31 Appendix A.2.4 Using the 3-Key Triple DES and AES Algorithms, 2005, in addition to the referenced Standard ANSI X9.31 Appendix A.2.4 DCI DCSS Digital Cinema System Specification V1.1, 2007 FIPS 140-2 FIPS PUB 140-2, Security Requirements for Cryptographic Modules, 2001, with Change Notices 2002 FIPS 140-2 DTR Derived Test Requirements for FIPS PUB 140-2, Security Requirements for Cryptographic Modules, 2004 Draft FIPS 140-2 IG Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program, 2009 FIPS 180-3 FIPS PUB 180-3, Secure Hash Standard (SHS), 2008 FIPS 186-2 FIPS PUB 186-2, Digital Signature Standard (DSS), 2000 FIPS 197 FIPS PUB 197, Announcing the Advanced Encryption Standard (AES), 2001 FIPS 198 FIPS PUB 198, The Keyed-Hash Message Authentication Code (HMAC), 2002 PKCS #1 v2.1 RSA Cryptography Standard, RSA Laboratories, 2002 SMPTE 429-6 MXF Track File Essence Encryption, 2006 SMPTE 429-7 D-Cinema Operations - Composition Playlist, 2006 SMPTE 430-1 D-Cinema Operations - Key Delivery Message SMPTE 430-2 D-Cinema Operations - Digital Certificate, 2006 Table 10 - References MVC201 – non-proprietary Security Policy may be reproduced only in its original entirety V1.01 [26/27] [without revision]. Appendix 11.3 Document History Editor Date Changes Revision MikroM 2012-12-26 Release 1.00 MikroM 2014-03-04 Updates per CMVP comments 1.01 Table 11 - Document History MVC201 – non-proprietary Security Policy may be reproduced only in its original entirety V1.01 [27/27] [without revision].