Barco ICMP FIPS 140-2 Non-Proprietary Security Policy
10
www.barco.com
Page 10 of 26
ICMP
4 Critical Security Parameters
4.1 Private keys, secret keys and other CSPs
All CSPs hosted on the module are listed below. These parameters are protected from
unauthorized modification, substitution and disclosure, and therefore submitted to active
zeroization.
IMB-Projector Identity private key: RSA 2048 bits private key used for key
unwrapping, data decryption and TLS server operations
IMB Log Signer private key: RSA 2048 bits private key used for document signing
SMS Identity private key: RSA 2048 bits private key used for TLS client operations
HTTPS Server private key: RSA 2048 bits private key used for HTTPS server
operations
TLS pre-master secret: transient data used in TLS 1.0 key establishment
TLS master secret: transient data used in TLS 1.0 key establishment
TLS AES keys: transient AES 128 bits keys used in TLS 1.0 bulk encryption
TLS HMAC keys: transient HMAC key used in TLS 1.0 integrity mechanism
ANSI X9.31 DRNG seed values: transient data used to seed the Approved ANSI
X9.31 DRNG
ANSI X9.31 DRNG states: ANSI X9.31 DRNG internal states
Essence keys: transient AES 128 bits keys used to protect digital cinema content
Essence HMAC keys: transient HMAC keys used to check digital cinema content
integrity
CSP wrapping key: AES 128 bits key used to encrypt CSPs on the module
User authentication secret: authentication data used for identity-based
authentication
User authentication data: authentication data used for identity-based
authentication
Update Package decryption key: AES 128 bits key used to decrypt module update
packages
FIPS 186-2 DRNG XKEY: seed key for Approved FIPS 186-2 DRNG
FIPS 186-2 DRNG states: FIPS 186-2 DRNG internal states