Page 10

Cyberflex Access E-gate V3

Cryptographic Module Security Policy

SEP

Applicable on: 16 April 2007

Ref: SP_D1033918.doc

Rev:1.0

Page 10/24

This document may be reproduced only in its original entirety (without revision).

5. ROLES & SERVICES

5.1 ROLES

The Cyberflex Access E-gate V3 cryptographic module defines two distinct roles that are supported by the internal

cryptographic system: the Cryptographic Officer and the User/Applet Provider.

Cryptographic Officer: This role is the internal security controller. The Cryptographic Officer establishes his

identity on the module by demonstrating to the Card Manager application that he possesses the knowledge of a

TDES key set stored within the Card Manager. By successfully executing a series of commands, the Cryptographic

Officer establishes a secure channel to the Card Manager. The establishment of this channel includes mutual

authentication of identities between the Cryptographic Officer and the Card Manager. Once a secure channel is

established, the Card Manager grants authorization (on the module) to information and services. The Card

Manager Security Domain corresponds to Card Issuer Security Domain.

User/Applet Provider: The Applet Provider is the applet developer that uses Java API, provided by the module.

Cryptographic services provided by the Cyberflex Access E-gate V3 cryptographic module are delivered through

the use of appropriate APIs. An applet has its own Security Domain (Applet Provider Security Domain).

Identity based Authentication

Identification. The operator identifies himself by selecting the application appropriate for his role and the key set

inside the application. The application of Cryptographic Officer is the Card Manager. The application of the

User/Applet Provider is his own applet. Selection of the application is done by a SELECT command. Selection of

the key set is done in the INITIALIZE UPDATE command, the first command of the two commands to open a

Secure Channel.

Authentication. The operator authenticates himself using a mutual authentication comprising two commands,

INITIALIZE UPDATE and EXTERNAL AUTHENTICATION. During this mutual authentication, the operator has to

encrypt a message sent by the card, proving knowledge of the TDES key set, which was referenced during the

identification.

Notes:

The Cardholder is the end user of the Cyberflex Access E-gate V3 cryptographic module (when applets are

loaded), who is in charge of insuring the ownership of his Cyberflex Access E-gate V3 cryptographic module...

Applets that will be downloaded onto the Cyberflex Access E-gate V3 cryptographic module may define other

distinct roles that will be part of the applet's validation.

The Card Manager is the controlling application on the Cyberflex Access E-gate V3 cryptographic module. It is invoked

following every Cyberflex Access E-gate V3 cryptographic module reset and initialization operation.