settingsecondarylogon
secondarylogon 时间:2021-02-26 阅读:()
2008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
Authernative,Inc.
AuthernativeCryptographicModuleSoftwareVersion:1.
0.
0FIPS140-2SecurityPolicyLevel1ValidationDocumentVersion1.
1Preparedfor:Preparedby:Authernative,Inc.
CorsecSecurity,Inc.
201RedwoodShoresParkway,Suite275RedwoodCity,CA9406510340DemocracyLane,Suite201Fairfax,VA22030Phone:(650)587-5263Phone:(703)267-6050Fax:(650)587-5259Fax:(703)267-6810http://www.
authernative.
comhttp://www.
corsec.
comSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage2of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
RevisionHistoryVersionModificationDateModifiedByDescriptionofChanges0.
12007-09-21XiaoyuRuanInitialdraft0.
22008-01-10XiaoyuRuanAddedECBBlockCipher.
class;removedDESEngine.
class0.
32008-01-23XiaoyuRuanAddedzeroizemethod;PutCAVPnumbers0.
42008-01-25XiaoyuRuanAddressedLabcomments0.
52008-02-05XiaoyuRuanAddressedLabcomments1.
02008-05-01XiaoyuRuanAddressCMVPcomments1.
12008-05-09XiaoyuRuanAddressCMVPcommentsSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage3of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
TableofContents1INTRODUCTION61.
1PURPOSE.
61.
2REFERENCES.
61.
3DOCUMENTORGANIZATION62AUTHGUARDANDPASSENABLER.
72.
1OVERVIEW.
72.
2CLIENT-SERVERENCRYPTIONANDAUTHENTICATION.
82.
3BITVU,BYTEVU,ANDBBVU.
93AUTHERNATIVECRYPTOGRAPHICMODULE103.
1OVERVIEW.
103.
2MODULEINTERFACES.
103.
3ROLESANDSERVICES.
143.
4PHYSICALSECURITY193.
5OPERATIONALENVIRONMENT.
193.
6CRYPTOGRAPHICKEYMANAGEMENT.
193.
6.
1KeyGeneration.
203.
6.
2KeyInput/Output203.
6.
3KeyStorageandProtection.
203.
6.
4KeyZeroization.
203.
7EMI/EMC203.
8SELF-TESTS213.
9MITIGATIONOFOTHERATTACKS.
214SECUREOPERATION.
224.
1OPERATINGSYSTEMCONFIGURATION224.
2APPROVEDMODECONFIGURATION224.
3CSPZEROIZATION.
234.
4STATUSMONITORING.
235ACRONYMS.
24SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage4of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
TableofFiguresFIGURE1–COMPONENTSOFTHEAUTHGUARDPRODUCT.
8FIGURE2–LOGICALCRYPTOGRAPHICBOUNDARY11FIGURE3–LOGICALCRYPTOGRAPHICBOUNDARYANDINTERACTIONSWITHSURROUNDINGCOMPONENTS12FIGURE4–PHYSICALBLOCKDIAGRAMOFASTANDARDGPC13SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage5of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
TableofTablesTABLE1–BINARYFORMOFTHEMODULE10TABLE2–SECURITYLEVELPERFIPS140-2SECTION.
10TABLE3–AUTHERNATIVECLASSESINAUTHCRYPTOAPI.
JAR.
11TABLE4–LOGICAL,PHYSICAL,ANDMODULEINTERFACEMAPPING.
13TABLE5–CRYPTOOFFICERSERVICES15TABLE6–USERSERVICES.
16TABLE7–LISTOFCRYPTOGRAPHICKEYS,CRYPTOGRAPHICKEYCOMPONENTS,ANDCSPS.
19TABLE8–ACRONYMS24SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage6of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
1Introduction1.
1PurposeThisdocumentisanon-proprietaryCryptographicModuleSecurityPolicyfortheAuthernativeCryptographicModulefromAuthernative,Inc.
ThisSecurityPolicydescribeshowtheAuthernativeCryptographicModulemeetsthesecurityrequirementsofFIPS140-2andhowtorunthemoduleinasecureFIPS140-2modeofoperation.
ThispolicywaspreparedaspartoftheLevel1FIPS140-2validationoftheAuthernativeCryptographicModule.
FIPS140-2(FederalInformationProcessingStandardsPublication140-2–SecurityRequirementsforCryptographicModules)detailstheU.
S.
andCanadiangovernmentrequirementsforcryptographicmodules.
MoreinformationabouttheFIPS140-2standardandvalidationprogramisavailableontheNationalInstituteofStandardsandTechnology(NIST)CryptographicModuleValidationProgram(CMVP)websiteat:http://csrc.
nist.
gov/groups/STM/index.
html.
Inthisdocument,theAuthernativeCryptographicModuleisreferredtoas"themodule".
TheapplicationrepresentsAuthernative'ssoftwareproducts,suchasAuthGuard,linkedwiththecryptographicmethodsprovidedbytheAuthernativeCryptographicModule.
1.
2ReferencesThisdocumentdealsonlywiththeoperationsandcapabilitiesofthemoduleinthetechnicaltermsofaFIPS140-2cryptographicmodulesecuritypolicy.
Moreinformationisavailableonthemodulefromthefollowingsources:TheAuthernativewebsite(http://www.
authernative.
com/)containsinformationonthefulllineofproductsfromAuthernative.
TheCMVPwebsite(http://csrc.
nist.
gov/groups/STM/index.
html)containscontactinformationforanswerstotechnicalorsales-relatedquestionsforthemodule.
1.
3DocumentOrganizationTheSecurityPolicydocumentisonedocumentinaFIPS140-2submissionpackage.
Inadditiontothisdocument,theSubmissionPackagecontains:VendorEvidenceFiniteStateMachineOthersupportingdocumentationasadditionalreferencesThisSecurityPolicyandtheothervalidationsubmissiondocumentationhavebeenproducedbyCorsecSecurity,Inc.
undercontracttoAuthernative.
WiththeexceptionofthisNon-ProprietarySecurityPolicy,theFIPS140-2ValidationDocumentationisproprietarytoAuthernativeandisreleasableonlyunderappropriatenon-disclosureagreements.
Foraccesstothesedocuments,pleasecontactAuthernative.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage7of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
2AuthGuardandPassEnablerAuthernative,Inc.
isasoftwarecompanythatdevelops,markets,andsellsenterpriseandconsumerlevelsecuritysolutions.
Authernative'sgrantedandpendingU.
S.
andInternationalpatentsintheareaofprivateandsecurefinancialtransactions,authenticationalgorithms,protocols,andencryptionschemesarethefoundationforthecompanytechnologyandcommercialproductofferings.
Authernativeprovidesintegratedsecuritysolutionsforidentitymanagement,strongauthenticationtoaccessnetworkresources,andefficientauthorization,administrationandauditingcontrol.
Authernativeapproachessecurityasacomplexsystemhavingscientific,technological,engineering,marketing,andsocialcomponents.
Thecompanybelievesthatonlyaharmonizedmixtureofthesecomponentsimplementedinsecurityproductsandbackedwithexcellentservicescanbringlong-lastingsuccessandcustomersatisfaction.
Authernativecurrentlysellstwoseparateandcomplementaryproducts:AuthGuardandPassEnabler.
BothAuthGuardandPassEnablerareapplicationsthatusetheAuthernativeCryptographicModule.
However,AuthGuardandPassEnablerarenotbeingvalidatedforFIPScompliancebecausealltheirsecurity-relevantfunctionsareprovidedbytheAuthernativeCryptographicModule.
2.
1OverviewAuthGuardisanauthenticationproduct.
Itprovidesanauthenticationserverthatsupportsandmanagesmultipleauthenticationoptions.
ThoseoptionsallowAuthGuardtooffermultifactorauthentication,strongauthentication,orlayeredauthenticationservices.
PassEnablerallowsadministratorstodefinewhatresourcesauthorizedusershaveaccesstoandprovidesasecureauthorization,administration,auditing,andwebsingle-sign-onengine.
PassEnablerisintegratedwithAuthGuard.
PassEnablerenablescorporateidentityandaccessmanagementusingtheauthenticationcapabilitiesofAuthGuard.
AuthGuardandPassEnablercanbeusedeitherseparatelyortogetherascomplementarytoolswithinatoolsuite.
TheAuthGuardproductisimplementedusingfivecomponents(asdepictedinFigure1):AuthGuardServerAdministrativeUtilityConfigurationUtilityLicensingAuthGuardClientThecentralcomponentistheAuthGuardServer,whichprovidesauthenticationservicesinanetworkedenvironment.
UsersattemptingtoaccessvarioussystemsareredirectedtotheAuthGuardServer.
ThisprovidesthemwithaGraphicalUserInterface(GUI)toperformauthentication.
TheGUIisprovidedbydownloadingtheAuthGuardClienttoabrowser.
TheAuthGuardClientGUIchangesdependingonwhatformsofauthenticationarebeingperformed,andcommunicateswiththeAuthGuardServer.
AuthernativehasdevelopedtwoutilitiestomanagetheAuthGuardproduct.
ThefirstutilityistheAdministrativeUtility,whichprovidesanadministrativeconsoleformanagementoftheAuthGuardServer.
TheAdministrativeUtilityprovidesaGUItotweakroughlyfiftyoptionsandfeaturesoftheconfigurationoftheAuthGuardServer,settingtheuserpermissionsandauthentication.
AnadministratorusestheAdministrativeUtilitytoinitiallyconfigurethesystem.
ThesecondutilityistheConfigurationUtility,whichisadesktopconfigurationtoolthatgivestheadministratortheabilitytoperformuseraccountprovisioning,manageroles,createusers,andperformauditing.
TheConfigurationUtilityalsoallowsauditingtobeperformedonusersandadministratoractivitiesonthenetworkfromdataintheAuthGuardServer'slogs.
TheproductallowsausertoviewnetworkresourcesandtodefineresourcesthatareplacedunderAuthGuard'sauthenticationcontrol.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage8of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
Figure1–ComponentsoftheAuthGuardProduct2.
2Client-ServerEncryptionandAuthenticationCommunicationsbetweentheAuthGuardServerandtheAuthGuardClientareencryptedusingtheAdvancedEncryptionStandard(AES)algorithm.
TheAuthGuardServerisimplementedasaJavaservletwithinanApacheTomcatcontainer,andcontainsallrequiredsecurityfunctionality.
TheAuthGuardClientisdistributedasaJavaappletbytheAuthGuardServer.
Theappletisloadedintoauser'sbrowser.
TheClientthenprovidesthecompleteuserGUIandperformstheencryptionoperationsenablingsecurecommunicationswiththeAuthGuardServer.
Furthermore,theappletprovidesinterfacesappropriatetotheadministrator-selectedauthenticationmethodsandguidestheuserthroughauthenticationtotheAuthGuardServerandaccesstoresources.
NetworkusersencountertheAuthGuardServerwhentheybringupabrowserandrequestaccesstoanauthenticatedresource.
TheserequestsareredirectedbytheresourcetotheAuthGuardServeriftherequesthasnotyetbeenauthenticated.
Optionally,userscanpointdirectlytoanAuthGuardServertobeginauthenticationsteps.
Oncecontacted,theAuthGuardServersendsbacktheClientapplettotheuseralongwithaSessionRandomKey(SRK),whichcanbeeitheranAESoratripleDataEncryptionStandard(DES)key.
TheSRKsareusedtoinitializesecuresessions,andarecreatedbytheAuthGuardServer.
WhentheservletfortheAuthGuardServerisinitialized,itstartsgeneratinganewstoreofSRKsdestinedforfutureuse.
TheSRKsareplacedinanarraythatisconstantlyupdatedbytheServer,andSRKscreatedbytheServerareassignedalifetime.
AfteranSRKhasexpired,itwillnotbeusedtosecureanewconnection.
EachSRKisassociatedwithanarrayofDataRandomKeys(DRKs),whichiscreatedforaparticularsession.
ThearrayofDRKsiserasediftheSRKiserased.
TheServercanbeconfiguredtocreateaspecificnumberofSRKs,andwillthenupdatethemperiodically.
Foranindividualsession,asingleunusedSRKisselected,andthensenttotheclientintheclearencodedasanarrayofbytesinaJavaclass.
TheSRKisthenusedbytheClienttoinitiatethesessionbetweentheClientandtheServer.
TheClientfirstobtainsausernamefromtheGUI,andsendsthistotheserverencryptedwiththeSRK.
TheServerreceivesthisanddecryptstheusername.
AftertheexchangeofausernameandSRK,theServerselectsaDRKfromthearrayassociatedwiththeSRK,andsendsittotheClientencryptedwiththeSRK.
Theencryptedbitsareadditionallybyte-veiled,orbit-veiledasdescribedinthenextsubsection.
Atthispoint,theClientretrievestheDRK,anddisplaysaGUItotheusertocollectpasswordinformation.
Meanwhile,theClienthashestheDRK,encryptsthehashwiththeDRK,andsendstheresultbacktotheServertoindicatethattheDRKwassuccessfullyreceivedanddecrypted.
TheServerchecksthatthisiscorrectbycomputingthesamevalue.
Atthispoint,theServerandClienthaveexchangedanSRK,DRK,andusernamebuthavenotauthenticatedeitherside,orexchangedakeynotsubjecttoman-in-the-middleattacks.
Now,theServerselectsasecondDRK(DRK2)fromtheDRKarray.
Theserverthenretrievestheuser'spasswordinformationfromitsdatabase.
TheServerthenencryptsDRK2withDRKandbit-veils,byte-veils,orbothintoaconversionarrayusingvaluesfromaRandomNumberGenerator(RNG)seededwiththeuser'spasswordinformation.
ThisistransmittedtotheClientwhocanthenusethesamepasswordinformationtoreconstructDRK2.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage9of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
TheClientthenhashesDRK2,hidesitinaconversionarrayusingthepasswordinformation,encryptstheconversionarraywithDRK2,andsendsitbacktotheservertoindicatehehasDRK2.
ThisstepperformsClientauthenticationbasedonpossessionoftheuser'spasswordinformation,andsharesDRK2withbothsides.
ThesamestepisthenperformedbytheServertoauthenticatetheServertotheClientusingDRK2andtheServerpassword.
TheServersendsahashofDRK2inaconversionarrayusingtheServerpasswordtoseedtheRNGforbit-orbyte-veiling,andencryptingthearraywithDRK2.
TheClientalreadyhastheServerpasswordandusesittoauthenticatetheServer.
Atthispointclienthaveperformedmutualauthentication,andshareasessionencryptionkey.
Userpasswordinformationcanbeasimplepassword,orcanuseAuthernative'spassline(achosenpatterninagrid),pass-step(anout-of-bandchallengesenttoemailorphonetobeentered),crossline(achallengeembeddedinagrid),orpassfield(image,colors,andagrid).
Eachoftheseprocessesallowstheusertoselectsecretpasswordinformation,allorpartofwhichcanbeprovidedinresponsetochallenges.
TheauthenticationstepofexchangingaDRKusingpasswordinformationforthebit-andbyte-veilingcanbeiteratedasoftenasdesiredtoprovideaDRK3,DRK4,etc.
Securitycanbelayeredtousemultipleauthenticationsteps,wheredifferentpasswordinformationformsareemployed.
Forexample,ausercouldemploybothasimplepasswordandusepassline.
ThepasswordwouldbeusedforDRK2,andthenpasslinewouldbeusedforDRK3,andthatexchangewouldalsodependuponDRK2.
Atthispoint,theDRKarenotusedbyAuthGuardforsecuredataencryption,andaresimplytreatedasabyproductoftheauthentication.
OtherproductsmayinthefutureusetheDRKsforsecurecontentexchange,buttheyarecurrentlyusedonlyforauthentication.
2.
3BitVU,ByteVU,andBBVUAuthernativehassecuredthreepatentsontheprocessesdescribedabove,withclaimsinthepatentsthatcovertheuseofaconversionarray,keygeneration,andbit-andbyte-veiling.
Theprocessof"Bit-Veil-Unveil(BitVU),Byte-Veil-Unveil(ByteVU),andByte-Bit-Veil-Unveil(BBVU)"mentionedabovearethesubjectofthepatents,andareintegraltotheauthenticationprocess.
TheBitVUandByteVUprocessestakeanarrayofrandomdataandeffectivelyhideorinterspersemessagedatawithinthearray.
Thearrayofrandomdatawiththeinterspersedmessagesisreferredtoasaconversionarray,andmaybefurtherencryptedbeforetransmissionwithintheAuthGuardschemesdescribed.
ThelocationsofthemessagedatawithintheconversionarrayaredeterminedbyadeterministicRNGseededwithasecretvalue.
TwopartiesthatsharethissecretvaluecanbothusethesameRNGtocomputethelocationsofthedatawithintheconversionarray.
TheprocessofByteVUinvolvesgeneratingaconversionarray,and"veiling"individualbytesofthemessagedatabysparselydistributingthemthroughtheconversionarray.
TheprocessofBitVUdoesthesame,butonabit-wisebasis.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage10of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
3AuthernativeCryptographicModule3.
1OverviewThemodulewasdevelopedandtestedonMicrosoftWindowsXP(ServicePackage2)withSunJavaRuntimeEnvironment(JRE)1.
5.
ThemodulecanrunonanyJavaVirtualMachine(JVM)regardlessofoperatingsystem(OS)andcomputerarchitecture.
TheminimumversionoftheJREsupportedbythemoduleis1.
5.
LogicallythemoduleisasingleJavaARchival(JAR),AuthCryptoApi.
jar.
Table1showstheOSandnameofthebinaryfile.
Table1–BinaryFormoftheModuleWhenOperatingSystemBinaryFileNameDevelopmentWindowsXPwithSunJRE1.
5AuthCryptoApi.
jarRuntimeAnyJVMwithJRE1.
5orlaterregardlessofOSandcomputerarchitectureAuthCryptoApi.
jarThemoduleisstoredontheharddiskandisloadedinmemorywhenaclientapplicationcallscryptographicservicesexportedbythemodule.
Asofthiswriting,theclientapplicationisAuthGuard.
However,Authernativemaydevelopmoreapplicationsmakinguseofthemoduleinthefuture.
WhenoperatingintheApprovedmodeofoperation,theAuthernativeCryptographicModuleisvalidatedatFIPS140-2sectionlevelsshowninTable1.
NotethatinTable2,EMIandEMCmeanElectromagneticInterferenceandElectromagneticCompatibility,respectively,andN/Aindicates"NotApplicable".
Table2–SecurityLevelperFIPS140-2SectionSectionSectionTitleLevel1CryptographicModuleSpecification12CryptographicModulePortsandInterfaces13Roles,Services,andAuthentication14FiniteStateModel15PhysicalSecurityN/A6OperationalEnvironment17CryptographicKeyManagement18EMI/EMC19Self-Tests110DesignAssurance111MitigationofOtherAttacksN/A3.
2ModuleInterfacesThemodule,AuthCryptoApi.
jar,providesclientapplicationswithasetofcryptographicservicesintheformofApplicationProgrammingInterface(API)calls.
Figure2showsthelogicalcryptographicboundaryforthemodule.
ThemoduleisaJARfilethatconsistsof42javaclasses.
Outofthe42classes,29areBouncyCastleclassesthatimplementunderlyingcryptographicalgorithms.
BouncyCastleisanopen-sourceJavalibraryavailableatSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage11of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
http://www.
bouncycastle.
org/.
TheBouncyCastleclassesdonothavepublicmethods.
Theother13classes,developedbyAuthernative,implementpublicmethodsofthemodule.
TheJARfilemanifest,MANIFEST.
MF,containsthesignatureoftheJAR(usedinthepower-upintegritytest).
Figure2–LogicalCryptographicBoundaryThedescriptionsoftheAuthernativeclassesaredescribedinTable3–AuthernativeClassesinAuthCryptoApi.
jar.
Acompletelistofexportedmethodsisavailableinthemodule'sAPIreferencemanual.
Table3–AuthernativeClassesinAuthCryptoApi.
jarClassDescriptionAuthApiException.
classTheclassimplementstheexceptionthrownwhenandifthereisanerrorstateintheAPI.
AuthApiStatus.
classTheclassimplementsmethodsthatreportconfigurationsandstatusoftheAPI.
AuthCryptoApi.
classThisisthecoreAPIclassandcontainsallthepublicmethods.
Thisclasssimplycollectstheinterfacesintoasingleobject.
Mostofthefunctionsofthemoduleareimplementedbytheotherclasses.
Base64.
classTheclassimplementsthebase64encodinganddecodingmethods.
ConversionArray.
classTheclassimplementsAuthernative'spatentedBitVU,ByteVU,andBBVUtechnology.
SeeSection2.
3ofthisdocumentforadescriptionofthistechnique.
CryptoFunctions.
classTheclasscontainsallthecryptographicfunctionsrealizedbythemodule.
KeyGen$KeyThread.
classTheclassisasubclassoftheKeyGenclass.
Thisclassimplementsthemechanismofgeneratinganewkeyevery60seconds.
KeyGen.
classTheclassimplementskeygenerationmethods.
LicParams.
classTheclassstoresthelicensinginformationofthemodule.
RCConst.
classTheclasscontainsallthereturncodesfortheAPIerrorsforusewiththeAuthApiExceptionclass.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage12of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
ClassDescriptionSecureRNG.
classTheclassimplementstheAmericanNationalStandardsInstitute(ANSI)X9.
31AppendixA.
2.
4RNG.
AuthCipher.
classThisisanAuthernativewrapperclasstoenhanceusabilityforalloftheBouncyCastlecipherfunctionality.
AuthDigest.
classThisisanAuthernativewrapperclasstoenhanceusabilityforalloftheBouncyCastledigestfunctionality.
Themodule'sinteractionswithsurroundingcomponents,includingCentralProcessingUnit(CPU),harddisk,memory,clientapplication,andtheOSaredemonstratedinFigure3.
Figure3–LogicalCryptographicBoundaryandInteractionswithSurroundingComponentsThemoduleisvalidatedforuseontheplatformslistedinthesecondcolumnofTable1.
Inadditiontothebinaries,thephysicaldeviceconsistsoftheintegratedcircuitsofthemotherboard,theCPU,RandomAccessMemory(RAM),Read-OnlyMemory(ROM),computercase,keyboard,mouse,videointerfaces,expansioncards,andotherhardwarecomponentsincludedinthecomputersuchasharddisk,floppydisk,CompactDiscROM(CD-ROM)drive,powersupply,andfans.
Thephysicalcryptographicboundaryofthemoduleistheopaquehardmetalandplasticenclosureoftheserverrunningthemodule.
Theblockdiagramforastandardgeneral-purposecomputerSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage13of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
(GPC)isshowninFigure4.
Notethatinthisfigure,I/OmeansInput/Output,BIOSstandsforBasicInput/OutputSystem,PCIstandsforPeripheralComponentInterconnect,ISAstandsforInstructionSetArchitecture,andIDErepresentsIntegratedDriveElectronics.
Figure4–PhysicalBlockDiagramofaStandardGPCAllofthesephysicalportsareseparatedintologicalinterfacesdefinedbyFIPS140-2,asdescribedinTable3.
Table4–Logical,Physical,andModuleInterfaceMappingLogicalInterfacePhysicalPortMappingModuleMappingDataInputKeyboard,mouse,CD-ROM,floppydisk,andserial/USB/parallel/networkportsArgumentsforAPIcallsthatcontaindatatobeusedorprocessedbythemoduleDataOutputHardDisk,floppydisk,monitor,andserial/USB/parallel/networkportsArgumentsforAPIcallsthatcontainmoduleresponsedatatobeusedorprocessedbythecallerControlInputKeyboard,CD-ROM,floppydisk,mouse,andserial/USB/parallel/networkportAPIcallsStatusOutputHarddisk,floppydisk,monitor,andserial/USB/parallel/networkportsArgumentsforAPIcalls,returnvalue,errormessageSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage14of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
3.
3RolesandServicesTheoperatorsofthemodulecanassumetworolesasrequiredbyFIPS140-2:aCryptoOfficerroleandaUserrole.
Theoperatorofthemoduleassumeseitheroftherolesbasedontheoperationsperformed.
Theoperatorisnotrequiredtoauthenticatetothemodulebeforeaccessingservices.
ThemoduleprovidesanAPIforclientapplications.
Table5–CryptoOfficerServicesshowsthepublicmethodsthatarerunbytheCryptoOfficerrole.
Themethodnameisshowninthefirstcolumn("Service").
Itsfunctionisdescribedinthesecondcolumn("Description").
EachmethodexportedbythemoduleisanindividualCryptoOfficerservice.
Userservices(seeTable6–UserServices)arealsoavailabletotheCryptoOfficerrole.
Table6–UserServicesshowsthepublicmethodsthatarerunbytheUserrole.
SimilartoTable5–CryptoOfficerServices,themethodnameisshowninthefirstcolumn("Service").
Itsfunctionisdescribedinthesecondcolumn("Description").
EachmethodexportedbythemoduleisanindividualUserservice.
UserservicesarealsoavailabletotheCryptoOfficerrole.
TheCriticalSecurityParameters(CSPs)mentionedintherightmostcolumnscorrespondtotheoneslistedinTable7–ListofCryptographicKeys,CryptographicKeyComponents,andCSPs.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage15of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
Table5–CryptoOfficerServicesServiceDescriptionInputOutputCSPandTypeofAccessInstallationToinstallthemoduleCommandStatusNoneUninstallationTouninstallthemoduleCommandStatusAllCSPs–overwriteAuthCryptoApiTheAPI'sonlyconstructor.
TheinstanceoftheAPIwillbedefinedbytheparametersthatarepassedinCryptotype,hashtype,cryptomode,keysize,paddingschemeStatusNonegetInstanceThismethodisprovidedforsingletonuseoftheAPICryptotype,hashtype,cryptomode,keysize,paddingschemeStatus,theinstanceofAutghCryptoApiNoneprintByteArrayPrintsoutabytearrayinhexadecimalnotationTextstring,bytearrayStatus,theprintoutNoneprintByteArrayPrintsoutabytearrayinhexadecimalnotationBytearrayStatus,theprintoutNonehexStrToByteArrayConvertsahexadecimalstringintoabytearrayHexadecimalstringStatus,bytearrayNonecheckLicenseChecksthelicenseLicensestringfromapplication,clientinformationStatusNonegetStatusGetsinformationandconfigurationabouttheAPINoneStatus,APIobjectinformationandconfigurationNonesetSeedSetstheseed,date/time(DT)value,andTripleDESkeytorandomnumbers(generatedbythenon-ApprovedRNG)fortheANSIX9.
31RNGNoneStatusANSIX9.
31RNGseedforkeygenerationmethods–write,overwriteANSIX9.
31RNGDTvalueforkeygenerationmethods–write,overwriteANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–write,overwritesetSeedSetstheTripleDESkeytospecifiedvaluesfortheANSIX9.
31RNGTripleDESkeyStatusANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–write,overwriteSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage16of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
ServiceDescriptionInputOutputCSPandTypeofAccesssetSeedSetstheseed,DTvalue,andTripleDESkeytospecifiedvaluesfortheANSIX9.
31RNGSeed,TripleDESkey,DTvalueStatusANSIX9.
31RNGseedforkeygenerationmethods–write,overwriteANSIX9.
31RNGDTvalueforkeygenerationmethods–write,overwriteANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–write,overwritenextIntGeneratesarandomnumberNoneStatus,randomnumberANSIX9.
31RNGseedforkeygenerationmethods–readANSIX9.
31RNGDTvalueforkeygenerationmethods–readANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–readnextIntGeneratesarandomnumberbetweenzeroandthespecifiedintegerAninteger(rangeoftherandomnumber)Status,randomnumberANSIX9.
31RNGseedforkeygenerationmethods–readANSIX9.
31RNGDTvalueforkeygenerationmethods–readANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–readnextBytesGeneratesarandomnumberarrayPointertoabytearrayStatus,randomnumberarrayANSIX9.
31RNGseedforkeygenerationmethods–readANSIX9.
31RNGDTvalueforkeygenerationmethods–readANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–readzeroizeZeroizesCSPsNoneStatusAllCSPsinHashMapandfilesystem–overwriteTable6–UserServicesServiceDescriptionInputOutputCSPandTypeofAccesssetNumberOfKeysSetsthemaximumnumberofkeysthatthekeygeneratorwillcreatebeforerestartingatzeroNumberofkeysStatusNonesetPersistenceSetsthewaythekeyswillbesavedforthekeygeneratorMode(saveinkeysinfilesystemormemory)StatusNonesetPathSetsthelocationthatthekeyswillbesavedtothefilesystemPathofthefilesystemStatusNoneSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage17of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
ServiceDescriptionInputOutputCSPandTypeofAccessgetSecretKeyCreatesandreturnsaJavasecretkey(javax.
crypto.
SecretKey)NoneStatus,asecretkey(javax.
crypto.
SecretKey)AESkeyorTripleDESkeyforcalleruse–write,readgetRawKeyCreatesandreturnsaJavasecretkey(bytearray)NoneStatus,asecretkey(bytearray)AESkeyorTripleDESkeyforcalleruse–write,readstartKeyGenStartsathreadthatwillperformkeygenerationandsavethekeys.
Keyswillbegeneratedevery60secondsNoneStatusTripleDESkeyforveilingandunveilingmethods–writestopKeyGenStopsthekeygenerationNoneStatusTripleDESkeyforveilingandunveilingmethods–overwritegetSecretKeyFromReposGetsakey(javax.
crypto.
SecretKey)fromtherepositorythatiscreatedbythestartKeyGenmethodcallIndextotherepositoryStatus,asecretkey(javax.
crypto.
SecretKey)TripleDESkeyforveilingandunveilingmethods–readgetRawKeyFromReposGetsakey(bytearray)fromtherepositorythatiscreatedbythestartKeyGenmethodcallIndextotherepositoryStatus,asecretkey(bytearray)TripleDESkeyforveilingandunveilingmethods–readsetSecretKeySetsthesecretkey(bytearray)tobeusedincryptooperationsSecretkeyStatusAESkeyorTripleDESkeyforencryptionanddecryptionmethods–write,overwritesetSecretKeySetsthesecretkey(javax.
crypto.
SecretKey)tobeusedincryptooperationsSecretkeyStatusAESkeyorTripleDESkeyforencryptionanddecryptionmethods–write,overwritesetIVSetstheinitializationvectorifcryptousesCBCmodeInitializationvectorStatusNoneupdateHashUpdatesthecurrentmessageforhashingBytearrayaddedtothemessageStatusNonehashValuePerformsthefinalhashingformessageBytearrayaddedtothemessagebeforethefinalhashingisdoneStatus,hashvalueNoneupdateEncryptedUpdatesthecurrentplaintextforencryptionBytearrayaddedtotheplaintexttobeencryptedStatusNoneSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage18of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
ServiceDescriptionInputOutputCSPandTypeofAccessencryptValuePerformsthefinalencryptionfortheplaintextBytearrayaddedtotheplaintextbeforethefinalencryptionisdoneStatus,ciphertextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readdecryptValueDecryptsciphertextPlaintextStatus,plaintextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readencryptValueEncryptsplaintextwithspecifiedsecretkey(javax.
crypto.
SecretKey)Plaintext,secretkey(javax.
crypto.
SecretKey)Status,ciphertextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readdecryptValueDecryptsciphertextwithspecifiedsecretkey(javax.
crypto.
SecretKey)Ciphertext,secretkey(javax.
crypto.
SecretKey)Status,plaintextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readencryptValueEncryptsplaintextwithspecifiedsecretkey(bytearray)Plaintext,secretkey(bytearray)Status,ciphertextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readdecryptValueDecryptsciphertextwithspecifiedsecretkey(bytearray)Ciphertext,secretkey(bytearray)Status,plaintextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readencodePerformsBase64encodingonbytesBytestobeencodedEncodedbytesNoneencodePerformsBase64encodingonstringsStringstobeencodedEncodedstringNonedecodePerformsBase64decodingonbytesBytestobedecodedDecodedbytesNonedecodePerformsBase64decodingonstringsStringstobedecodedDecodedstringNoneveilDataHidesbits,bytes,orbitsandbytesinalargerarrayMode(bit,byte,orbitandbyte),bytearraytobehidden,TripleDESkeyfortheANSIX9.
31RNGConversionarraywithhiddenbytearrayTripleDESkeyforveilingandunveilingmethods–write,readunveilDataExtractsthedatafromconversionarrayMode(bit,byte,orbitandbyte),conversionarray,TripleDESkeyfortheANSIX9.
31RNGOriginalbytearrayTripleDESkeyforveilingandunveilingmethods–write,readSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage19of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
3.
4PhysicalSecurityTheAuthernativeCryptographicModuleisamulti-chipstandalonemodule.
Thephysicalsecurityrequirementsdonotapplytothismodule,sinceitispurelyasoftwaremoduleanddoesnotimplementanyphysicalsecuritymechanisms.
3.
5OperationalEnvironmentThemodulewastestedandvalidatedongeneral-purposeMicrosoftWindowsXPwithServicePackage2withSunJRE1.
5.
ThemodulecanrunonanyJVMregardlessofOSandcomputerarchitecture.
TheminimumversionoftheJREsupportedbythemoduleis1.
5.
ThemodulemustbeconfiguredinsingleusermodeaspertheinstructionsprovidedinSection4.
1ofthisdocument.
RecommendedconfigurationchangesforthesupportedOScanalsobefoundinSection4.
1.
3.
6CryptographicKeyManagementThemoduleimplementsthefollowingFIPS-approvedalgorithmsintheApprovedmodeofoperation.
SHA-1,SHA-256,SHA-384,SHA-512(certificate#725).
SHAmeansSecureHashAlgorithm.
HMAC-SHA-1(certificate#375).
HMACmeansKeyed-HashMessageAuthenticationCode.
TripleDES:112and168bits,inECBandCBCmodes(certificate#629).
ECBandCBCmeanElectronicCodebookandCipherBlockChaining,respectively.
AES:128,192,and256bits,inECBandCBCmodes(certificate#697)ANSIX9.
31AppendixA.
2.
4RNGwith2-keyTripleDES(certificate#408)IntheApprovedmodeofoperation,themoduleusesanon-ApprovedRNGtoseedtheANSIX9.
31RNG.
Thisnon-ApprovedRNGistheSecureRandomclassprovidedbytheJREandisnotimplementedbythemoduleitself.
Thenon-ApprovedRNGisoutsidethecryptographicboundaryofthemoduleandisusedbythemoduleonlyforseedingtheANSIX9.
31RNG.
Inthenon-Approvedmodeofoperation,themodulesupportsMD5.
ThemodulesupportsthefollowingCSPsintheApprovedmodeofoperation:Table7–ListofCryptographicKeys,CryptographicKeyComponents,andCSPsKeyKeyTypeGeneration/InputOutputStorageZeroizationUseTripleDESkeyforcalleruseTripleDESsymmetrickeysGeneratedbyANSIX9.
31RNGInplaintext1.
Plaintextinvolatilememory;2.
PlaintextinfilesystemZeroizedwhenthezeroizemethodiscalledUseisatthediscretionofthecallerAESkeyforcalleruseAESsymmetrickeyGeneratedbyANSIX9.
31RNGInplaintext1.
Plaintextinvolatilememory;2.
PlaintextinfilesystemZeroizedwhenthezeroizemethodiscalledUseisatthediscretionofthecallerTripleDESkeyforencryptionanddecryptionmethodsTripleDESsymmetrickeysInputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedafterencryptionordecryptionisdoneEncryptplaintextordecryptciphertextAESkeyforencryptionanddecryptionmethodsAESsymmetrickeyInputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedafterencryptionordecryptionisdoneEncryptplaintextordecryptciphertextSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage20of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
KeyKeyTypeGeneration/InputOutputStorageZeroizationUseTripleDESkeyforveilingandunveilingmethodsTripleDESsymmetrickeysInputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedafterveilingorunveilingisdoneVeilorunveildataANSIX9.
31RNGDTvalueforkeygenerationmethodsDate/timevariable1.
Generatedinternallybyretrievingsystemdate/timevalue2.
InputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedwhennewDTvalueisgeneratedGeneratekeysANSIX9.
31RNGTripleDESkeyforkeygenerationmethodsTripleDESsymmetrickeys1.
Generatedusingthenon-ApprovedRNG2.
InputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedwhennewTripleDESkeyisgeneratedGeneratekeysANSIX9.
31RNGseedforkeygenerationmethodsSeed1.
Generatedusingthenon-ApprovedRNG2.
InputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedwhennewseedisgeneratedGeneratekeysSoftwareintegritytestkey512-bitHMAC-SHA-1keyHardcodedNeverPlaintextinnonvolatilememoryZeroizedwhenthemoduleisuninstalledUsedinsoftwareintegritytest3.
6.
1KeyGenerationThemoduleusesanANSIX9.
31RNGwith2-keyTripleDEStogeneratecryptographickeys.
ThisRNGisaFIPS-ApprovedRNGasspecifiedinAnnexCtoFIPS140-2.
3.
6.
2KeyInput/OutputSymmetrickeysareinputtoandoutputfromthemoduleinplaintext.
Themoduledoesnotuseasymmetric-keycryptography.
3.
6.
3KeyStorageandProtectionKeysandotherCSPsarestoredinvolatilememoryorfilesysteminplaintext.
Allkeydataresidesininternallyallocateddatastructuresandcanonlybeoutputusingthemodule'sdefinedAPI.
TheOSandJREprotectmemoryandprocessspacefromunauthorizedaccess.
3.
6.
4KeyZeroizationGenerallyspeaking,CSPsresidesininternaldatastructuresthatarecleanedupbyJVM'sgarbagecollector.
Javahandlesmemoryinunpredictablewaysthataretransparenttotheuser.
TheCryptoOfficermaymanuallyinvokethezeroizationofkeysstoredinHashMapandfilesystembycallingthezeroizemethod.
3.
7EMI/EMCAlthoughthemoduleconsistsentirelyofsoftware,theFIPS140-2platformisaserverthathasbeentestedforandmeetsapplicableFederalCommunicationsCommission(FCC)EMIandEMCrequirementsforbusinessuseasdefinedinSubpartBofFCCPart15.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage21of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
3.
8Self-TestsThepower-upself-testsaretriggeredbyinstantiationofanobjectoftheAuthCryptoApiclass.
TheAuthernativeCryptographicModuleperformsthefollowingpower-upself-tests:SoftwareintegritytestusingHMAC-SHA-1KnownAnswerTest(KAT)on2-keyTripleDESinECBmodeKATon128-bitAESinECBmodeKATsonSHA-1,SHA-256,SHA-384,andSHA-512KATonANSIX9.
31RNGThemoduleimplementsthefollowingconditionalself-tests.
ContinuoustestfortheANSIX9.
31RNGContinuoustestforthenon-ApprovedRNGIftheself-testsfail,anexceptionwillbethrownonthefailure.
Theapplicationisthenalertedthattheself-testsfailed,andthemodulewillnotloadandwillenteranerrorstate.
Whenintheerrorstate,executionofthemoduleishaltedanddataoutputfromthemoduleisinhibited.
3.
9MitigationofOtherAttacksThissectionisnotapplicable.
NoclaimismadethatthemodulemitigatesagainstanyattacksbeyondtheFIPS140-2level1requirementsforthisvalidation.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage22of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
4SecureOperationTheAuthernativeCryptographicModulemeetsLevel1requirementsforFIPS140-2.
ThesubsectionsbelowdescribehowtoplaceandkeepthemoduleintheApprovedmodeofoperation.
4.
1OperatingSystemConfigurationTheuserofthemoduleisasoftwareapplication.
FIPS140-2mandatesthatacryptographicmodulebelimitedtoasingleuseratatime.
AsingleinstantiationoftheAuthernativeCryptographicModuleshallonlybeaccessedbyoneclientapplication,whichistheUserofthisinstantiationoftheAuthernativeCryptographicModule.
Forenhancedsecurity,itisrecommendedthattheCryptoOfficerconfiguretheOStodisallowremotelogin.
ToconfigureWindowsXPtodisallowremotelogin,theCryptoOfficershouldensurethatallremoteguestaccountsaredisabledinordertoensurethatonlyonehumanoperatorcanlogintoWindowsXPatatime.
TheservicesthatneedtobeturnedoffforWindowsXPareFast-userswitching(irrelevantifserverisadomainmember)TerminalservicesRemoteregistryserviceSecondarylogonserviceTelnetserviceRemotedesktopandremoteassistanceserviceOnceWindowsXPhasbeenconfiguredtodisableremotelogin,theCryptoOfficercanusethesystem"Administrator"accounttoinstallsoftware,uninstallsoftware,andadministerthemodule.
ACMVPpublicdocument,FrequentlyAskedQuestionsfortheCryptographicModuleValidationProgram1,givesinstructionsinSection5.
3forconfiguringvariousUnix-basedoperatingsystemsforsingleusermode.
4.
2ApprovedModeConfigurationTheAuthernativeCryptographicModuleitselfisnotanend-userproduct.
Itisprovidedtotheend-usersaspartoftheapplication(e.
g.
,AuthGuard).
Themoduleisinstalledduringinstallationoftheapplication.
Theinstallationprocedureisdescribedintheinstallationmanualfortheapplication.
Inordertoaccessfunctionsofthemodule,theapplicationhastoexecutetheconstructorofclassAuthCryptoApibyinstantiatinganobjectofclassAuthCryptoApi.
TheconstructorofclassAuthCryptoApiis:publicAuthSecurityApi(intcrpytoType,inthashType,intcodeBook,intkeySize,intpadding)IfthevaluepassedintotheargumentinthashTypeisSHA(integervalue1,2,3,or4),thenthemoduleisoperatingintheApprovedmodeofoperation.
IfthevaluepassedintotheargumentinthashTypeisMD5(integervalue0),thenthemoduleisoperatinginthenon-Approvedmodeofoperation.
TheconstructorofclassAuthCryptoApiperformsallrequiredpower-upself-tests.
Ifallpower-upself-testsarepassed,thenaninternalflagwillbesettotrue.
Allotherpublicmethodsofthemodulecheckthisinternalflagandensureitistruebeforeperforminganyotherfunctions.
1Availableathttp://csrc.
nist.
gov/groups/STM/cmvp/documents/CMVPFAQ.
pdf.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage23of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
NoticethattheApprovedmodeconfigurationdescribedaboveistransparenttoanoperator.
Theconfigurationisperformedbytheclientapplication.
4.
3CSPZeroizationTheCryptoOfficershouldzeroizeCSPswhentheyarenolongerneeded.
SeeSection3.
6.
4ofthisdocumentfordetailsonCSPzeroization.
4.
4StatusMonitoringThemodule'scryptographicfunctionalityandsecurityservicesareprovidedviatheapplication.
Themoduleisnotmeanttobeusedwithoutanassociatedapplication.
End-userinstructionsandguidanceareprovidedintheusermanualandtechnicalsupportdocumentsoftheapplicationsoftware.
Althoughend-usersdonothaveprivilegestomodifyconfigurationsofthemodule,theyshouldmakesurethattheApprovedmodeofoperationisenforcedintheapplication,therebyensuringthatthepropercryptographicprotectionisprovided.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage24of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
5AcronymsTable8–AcronymsAcronymDefinitionAESAdvancedEncryptionStandardANSIAmericanNationalStandardsInstituteAPIApplicationProgrammingInterfaceBBVUByte-Bit-Veil-UnveilBIOSBasicInput/OutputSystemBitVUBit-Veil-UnveilByteVUByte-Veil-UnveilCBCCipherBlockChainingCD-ROMCompactDiscRead-OnlyMemoryCMVPCryptographicModuleValidationProgramCPUCentralProcessingUnitCSPCriticalSecurityParameterDESDataEncryptionStandardDRKDataRandomKeyDTDate/TimeECBElectronicCodebookEMCElectromagneticCompatibilityEMIElectromagneticInterferenceFCCFederalCommunicationsCommissionFIPSFederalInformationProcessingStandardGPCGeneral-PurposeComputerGUIGraphicalUserInterfaceHDDHardDriveHMACKeyed-HashMessageAuthenticationCodeIDEIntegratedDriveElectronicsIEEEInstituteofElectricalandElectronicsEngineersI/OInput/OutputIRInfraredISAInstructionSetArchitectureJARJavaARchivalJREJavaRuntimeEnvironmentJVMJavaVirtualMachineKATKnownAnswerTestSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage25of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
AcronymDefinitionMACMessageAuthenticationCodeN/ANotApplicableOSOperatingSystemPCIPeripheralComponentInterconnectRAMRandomAccessMemoryRNGRandomNumberGeneratorROMReadOnlyMemorySHASecureHashAlgorithmSRKSessionRandomKeyUARTUniversalAsynchronousReceiver/TransmitterUSBUniversalSerialBus
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
Authernative,Inc.
AuthernativeCryptographicModuleSoftwareVersion:1.
0.
0FIPS140-2SecurityPolicyLevel1ValidationDocumentVersion1.
1Preparedfor:Preparedby:Authernative,Inc.
CorsecSecurity,Inc.
201RedwoodShoresParkway,Suite275RedwoodCity,CA9406510340DemocracyLane,Suite201Fairfax,VA22030Phone:(650)587-5263Phone:(703)267-6050Fax:(650)587-5259Fax:(703)267-6810http://www.
authernative.
comhttp://www.
corsec.
comSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage2of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
RevisionHistoryVersionModificationDateModifiedByDescriptionofChanges0.
12007-09-21XiaoyuRuanInitialdraft0.
22008-01-10XiaoyuRuanAddedECBBlockCipher.
class;removedDESEngine.
class0.
32008-01-23XiaoyuRuanAddedzeroizemethod;PutCAVPnumbers0.
42008-01-25XiaoyuRuanAddressedLabcomments0.
52008-02-05XiaoyuRuanAddressedLabcomments1.
02008-05-01XiaoyuRuanAddressCMVPcomments1.
12008-05-09XiaoyuRuanAddressCMVPcommentsSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage3of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
TableofContents1INTRODUCTION61.
1PURPOSE.
61.
2REFERENCES.
61.
3DOCUMENTORGANIZATION62AUTHGUARDANDPASSENABLER.
72.
1OVERVIEW.
72.
2CLIENT-SERVERENCRYPTIONANDAUTHENTICATION.
82.
3BITVU,BYTEVU,ANDBBVU.
93AUTHERNATIVECRYPTOGRAPHICMODULE103.
1OVERVIEW.
103.
2MODULEINTERFACES.
103.
3ROLESANDSERVICES.
143.
4PHYSICALSECURITY193.
5OPERATIONALENVIRONMENT.
193.
6CRYPTOGRAPHICKEYMANAGEMENT.
193.
6.
1KeyGeneration.
203.
6.
2KeyInput/Output203.
6.
3KeyStorageandProtection.
203.
6.
4KeyZeroization.
203.
7EMI/EMC203.
8SELF-TESTS213.
9MITIGATIONOFOTHERATTACKS.
214SECUREOPERATION.
224.
1OPERATINGSYSTEMCONFIGURATION224.
2APPROVEDMODECONFIGURATION224.
3CSPZEROIZATION.
234.
4STATUSMONITORING.
235ACRONYMS.
24SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage4of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
TableofFiguresFIGURE1–COMPONENTSOFTHEAUTHGUARDPRODUCT.
8FIGURE2–LOGICALCRYPTOGRAPHICBOUNDARY11FIGURE3–LOGICALCRYPTOGRAPHICBOUNDARYANDINTERACTIONSWITHSURROUNDINGCOMPONENTS12FIGURE4–PHYSICALBLOCKDIAGRAMOFASTANDARDGPC13SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage5of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
TableofTablesTABLE1–BINARYFORMOFTHEMODULE10TABLE2–SECURITYLEVELPERFIPS140-2SECTION.
10TABLE3–AUTHERNATIVECLASSESINAUTHCRYPTOAPI.
JAR.
11TABLE4–LOGICAL,PHYSICAL,ANDMODULEINTERFACEMAPPING.
13TABLE5–CRYPTOOFFICERSERVICES15TABLE6–USERSERVICES.
16TABLE7–LISTOFCRYPTOGRAPHICKEYS,CRYPTOGRAPHICKEYCOMPONENTS,ANDCSPS.
19TABLE8–ACRONYMS24SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage6of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
1Introduction1.
1PurposeThisdocumentisanon-proprietaryCryptographicModuleSecurityPolicyfortheAuthernativeCryptographicModulefromAuthernative,Inc.
ThisSecurityPolicydescribeshowtheAuthernativeCryptographicModulemeetsthesecurityrequirementsofFIPS140-2andhowtorunthemoduleinasecureFIPS140-2modeofoperation.
ThispolicywaspreparedaspartoftheLevel1FIPS140-2validationoftheAuthernativeCryptographicModule.
FIPS140-2(FederalInformationProcessingStandardsPublication140-2–SecurityRequirementsforCryptographicModules)detailstheU.
S.
andCanadiangovernmentrequirementsforcryptographicmodules.
MoreinformationabouttheFIPS140-2standardandvalidationprogramisavailableontheNationalInstituteofStandardsandTechnology(NIST)CryptographicModuleValidationProgram(CMVP)websiteat:http://csrc.
nist.
gov/groups/STM/index.
html.
Inthisdocument,theAuthernativeCryptographicModuleisreferredtoas"themodule".
TheapplicationrepresentsAuthernative'ssoftwareproducts,suchasAuthGuard,linkedwiththecryptographicmethodsprovidedbytheAuthernativeCryptographicModule.
1.
2ReferencesThisdocumentdealsonlywiththeoperationsandcapabilitiesofthemoduleinthetechnicaltermsofaFIPS140-2cryptographicmodulesecuritypolicy.
Moreinformationisavailableonthemodulefromthefollowingsources:TheAuthernativewebsite(http://www.
authernative.
com/)containsinformationonthefulllineofproductsfromAuthernative.
TheCMVPwebsite(http://csrc.
nist.
gov/groups/STM/index.
html)containscontactinformationforanswerstotechnicalorsales-relatedquestionsforthemodule.
1.
3DocumentOrganizationTheSecurityPolicydocumentisonedocumentinaFIPS140-2submissionpackage.
Inadditiontothisdocument,theSubmissionPackagecontains:VendorEvidenceFiniteStateMachineOthersupportingdocumentationasadditionalreferencesThisSecurityPolicyandtheothervalidationsubmissiondocumentationhavebeenproducedbyCorsecSecurity,Inc.
undercontracttoAuthernative.
WiththeexceptionofthisNon-ProprietarySecurityPolicy,theFIPS140-2ValidationDocumentationisproprietarytoAuthernativeandisreleasableonlyunderappropriatenon-disclosureagreements.
Foraccesstothesedocuments,pleasecontactAuthernative.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage7of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
2AuthGuardandPassEnablerAuthernative,Inc.
isasoftwarecompanythatdevelops,markets,andsellsenterpriseandconsumerlevelsecuritysolutions.
Authernative'sgrantedandpendingU.
S.
andInternationalpatentsintheareaofprivateandsecurefinancialtransactions,authenticationalgorithms,protocols,andencryptionschemesarethefoundationforthecompanytechnologyandcommercialproductofferings.
Authernativeprovidesintegratedsecuritysolutionsforidentitymanagement,strongauthenticationtoaccessnetworkresources,andefficientauthorization,administrationandauditingcontrol.
Authernativeapproachessecurityasacomplexsystemhavingscientific,technological,engineering,marketing,andsocialcomponents.
Thecompanybelievesthatonlyaharmonizedmixtureofthesecomponentsimplementedinsecurityproductsandbackedwithexcellentservicescanbringlong-lastingsuccessandcustomersatisfaction.
Authernativecurrentlysellstwoseparateandcomplementaryproducts:AuthGuardandPassEnabler.
BothAuthGuardandPassEnablerareapplicationsthatusetheAuthernativeCryptographicModule.
However,AuthGuardandPassEnablerarenotbeingvalidatedforFIPScompliancebecausealltheirsecurity-relevantfunctionsareprovidedbytheAuthernativeCryptographicModule.
2.
1OverviewAuthGuardisanauthenticationproduct.
Itprovidesanauthenticationserverthatsupportsandmanagesmultipleauthenticationoptions.
ThoseoptionsallowAuthGuardtooffermultifactorauthentication,strongauthentication,orlayeredauthenticationservices.
PassEnablerallowsadministratorstodefinewhatresourcesauthorizedusershaveaccesstoandprovidesasecureauthorization,administration,auditing,andwebsingle-sign-onengine.
PassEnablerisintegratedwithAuthGuard.
PassEnablerenablescorporateidentityandaccessmanagementusingtheauthenticationcapabilitiesofAuthGuard.
AuthGuardandPassEnablercanbeusedeitherseparatelyortogetherascomplementarytoolswithinatoolsuite.
TheAuthGuardproductisimplementedusingfivecomponents(asdepictedinFigure1):AuthGuardServerAdministrativeUtilityConfigurationUtilityLicensingAuthGuardClientThecentralcomponentistheAuthGuardServer,whichprovidesauthenticationservicesinanetworkedenvironment.
UsersattemptingtoaccessvarioussystemsareredirectedtotheAuthGuardServer.
ThisprovidesthemwithaGraphicalUserInterface(GUI)toperformauthentication.
TheGUIisprovidedbydownloadingtheAuthGuardClienttoabrowser.
TheAuthGuardClientGUIchangesdependingonwhatformsofauthenticationarebeingperformed,andcommunicateswiththeAuthGuardServer.
AuthernativehasdevelopedtwoutilitiestomanagetheAuthGuardproduct.
ThefirstutilityistheAdministrativeUtility,whichprovidesanadministrativeconsoleformanagementoftheAuthGuardServer.
TheAdministrativeUtilityprovidesaGUItotweakroughlyfiftyoptionsandfeaturesoftheconfigurationoftheAuthGuardServer,settingtheuserpermissionsandauthentication.
AnadministratorusestheAdministrativeUtilitytoinitiallyconfigurethesystem.
ThesecondutilityistheConfigurationUtility,whichisadesktopconfigurationtoolthatgivestheadministratortheabilitytoperformuseraccountprovisioning,manageroles,createusers,andperformauditing.
TheConfigurationUtilityalsoallowsauditingtobeperformedonusersandadministratoractivitiesonthenetworkfromdataintheAuthGuardServer'slogs.
TheproductallowsausertoviewnetworkresourcesandtodefineresourcesthatareplacedunderAuthGuard'sauthenticationcontrol.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage8of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
Figure1–ComponentsoftheAuthGuardProduct2.
2Client-ServerEncryptionandAuthenticationCommunicationsbetweentheAuthGuardServerandtheAuthGuardClientareencryptedusingtheAdvancedEncryptionStandard(AES)algorithm.
TheAuthGuardServerisimplementedasaJavaservletwithinanApacheTomcatcontainer,andcontainsallrequiredsecurityfunctionality.
TheAuthGuardClientisdistributedasaJavaappletbytheAuthGuardServer.
Theappletisloadedintoauser'sbrowser.
TheClientthenprovidesthecompleteuserGUIandperformstheencryptionoperationsenablingsecurecommunicationswiththeAuthGuardServer.
Furthermore,theappletprovidesinterfacesappropriatetotheadministrator-selectedauthenticationmethodsandguidestheuserthroughauthenticationtotheAuthGuardServerandaccesstoresources.
NetworkusersencountertheAuthGuardServerwhentheybringupabrowserandrequestaccesstoanauthenticatedresource.
TheserequestsareredirectedbytheresourcetotheAuthGuardServeriftherequesthasnotyetbeenauthenticated.
Optionally,userscanpointdirectlytoanAuthGuardServertobeginauthenticationsteps.
Oncecontacted,theAuthGuardServersendsbacktheClientapplettotheuseralongwithaSessionRandomKey(SRK),whichcanbeeitheranAESoratripleDataEncryptionStandard(DES)key.
TheSRKsareusedtoinitializesecuresessions,andarecreatedbytheAuthGuardServer.
WhentheservletfortheAuthGuardServerisinitialized,itstartsgeneratinganewstoreofSRKsdestinedforfutureuse.
TheSRKsareplacedinanarraythatisconstantlyupdatedbytheServer,andSRKscreatedbytheServerareassignedalifetime.
AfteranSRKhasexpired,itwillnotbeusedtosecureanewconnection.
EachSRKisassociatedwithanarrayofDataRandomKeys(DRKs),whichiscreatedforaparticularsession.
ThearrayofDRKsiserasediftheSRKiserased.
TheServercanbeconfiguredtocreateaspecificnumberofSRKs,andwillthenupdatethemperiodically.
Foranindividualsession,asingleunusedSRKisselected,andthensenttotheclientintheclearencodedasanarrayofbytesinaJavaclass.
TheSRKisthenusedbytheClienttoinitiatethesessionbetweentheClientandtheServer.
TheClientfirstobtainsausernamefromtheGUI,andsendsthistotheserverencryptedwiththeSRK.
TheServerreceivesthisanddecryptstheusername.
AftertheexchangeofausernameandSRK,theServerselectsaDRKfromthearrayassociatedwiththeSRK,andsendsittotheClientencryptedwiththeSRK.
Theencryptedbitsareadditionallybyte-veiled,orbit-veiledasdescribedinthenextsubsection.
Atthispoint,theClientretrievestheDRK,anddisplaysaGUItotheusertocollectpasswordinformation.
Meanwhile,theClienthashestheDRK,encryptsthehashwiththeDRK,andsendstheresultbacktotheServertoindicatethattheDRKwassuccessfullyreceivedanddecrypted.
TheServerchecksthatthisiscorrectbycomputingthesamevalue.
Atthispoint,theServerandClienthaveexchangedanSRK,DRK,andusernamebuthavenotauthenticatedeitherside,orexchangedakeynotsubjecttoman-in-the-middleattacks.
Now,theServerselectsasecondDRK(DRK2)fromtheDRKarray.
Theserverthenretrievestheuser'spasswordinformationfromitsdatabase.
TheServerthenencryptsDRK2withDRKandbit-veils,byte-veils,orbothintoaconversionarrayusingvaluesfromaRandomNumberGenerator(RNG)seededwiththeuser'spasswordinformation.
ThisistransmittedtotheClientwhocanthenusethesamepasswordinformationtoreconstructDRK2.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage9of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
TheClientthenhashesDRK2,hidesitinaconversionarrayusingthepasswordinformation,encryptstheconversionarraywithDRK2,andsendsitbacktotheservertoindicatehehasDRK2.
ThisstepperformsClientauthenticationbasedonpossessionoftheuser'spasswordinformation,andsharesDRK2withbothsides.
ThesamestepisthenperformedbytheServertoauthenticatetheServertotheClientusingDRK2andtheServerpassword.
TheServersendsahashofDRK2inaconversionarrayusingtheServerpasswordtoseedtheRNGforbit-orbyte-veiling,andencryptingthearraywithDRK2.
TheClientalreadyhastheServerpasswordandusesittoauthenticatetheServer.
Atthispointclienthaveperformedmutualauthentication,andshareasessionencryptionkey.
Userpasswordinformationcanbeasimplepassword,orcanuseAuthernative'spassline(achosenpatterninagrid),pass-step(anout-of-bandchallengesenttoemailorphonetobeentered),crossline(achallengeembeddedinagrid),orpassfield(image,colors,andagrid).
Eachoftheseprocessesallowstheusertoselectsecretpasswordinformation,allorpartofwhichcanbeprovidedinresponsetochallenges.
TheauthenticationstepofexchangingaDRKusingpasswordinformationforthebit-andbyte-veilingcanbeiteratedasoftenasdesiredtoprovideaDRK3,DRK4,etc.
Securitycanbelayeredtousemultipleauthenticationsteps,wheredifferentpasswordinformationformsareemployed.
Forexample,ausercouldemploybothasimplepasswordandusepassline.
ThepasswordwouldbeusedforDRK2,andthenpasslinewouldbeusedforDRK3,andthatexchangewouldalsodependuponDRK2.
Atthispoint,theDRKarenotusedbyAuthGuardforsecuredataencryption,andaresimplytreatedasabyproductoftheauthentication.
OtherproductsmayinthefutureusetheDRKsforsecurecontentexchange,buttheyarecurrentlyusedonlyforauthentication.
2.
3BitVU,ByteVU,andBBVUAuthernativehassecuredthreepatentsontheprocessesdescribedabove,withclaimsinthepatentsthatcovertheuseofaconversionarray,keygeneration,andbit-andbyte-veiling.
Theprocessof"Bit-Veil-Unveil(BitVU),Byte-Veil-Unveil(ByteVU),andByte-Bit-Veil-Unveil(BBVU)"mentionedabovearethesubjectofthepatents,andareintegraltotheauthenticationprocess.
TheBitVUandByteVUprocessestakeanarrayofrandomdataandeffectivelyhideorinterspersemessagedatawithinthearray.
Thearrayofrandomdatawiththeinterspersedmessagesisreferredtoasaconversionarray,andmaybefurtherencryptedbeforetransmissionwithintheAuthGuardschemesdescribed.
ThelocationsofthemessagedatawithintheconversionarrayaredeterminedbyadeterministicRNGseededwithasecretvalue.
TwopartiesthatsharethissecretvaluecanbothusethesameRNGtocomputethelocationsofthedatawithintheconversionarray.
TheprocessofByteVUinvolvesgeneratingaconversionarray,and"veiling"individualbytesofthemessagedatabysparselydistributingthemthroughtheconversionarray.
TheprocessofBitVUdoesthesame,butonabit-wisebasis.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage10of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
3AuthernativeCryptographicModule3.
1OverviewThemodulewasdevelopedandtestedonMicrosoftWindowsXP(ServicePackage2)withSunJavaRuntimeEnvironment(JRE)1.
5.
ThemodulecanrunonanyJavaVirtualMachine(JVM)regardlessofoperatingsystem(OS)andcomputerarchitecture.
TheminimumversionoftheJREsupportedbythemoduleis1.
5.
LogicallythemoduleisasingleJavaARchival(JAR),AuthCryptoApi.
jar.
Table1showstheOSandnameofthebinaryfile.
Table1–BinaryFormoftheModuleWhenOperatingSystemBinaryFileNameDevelopmentWindowsXPwithSunJRE1.
5AuthCryptoApi.
jarRuntimeAnyJVMwithJRE1.
5orlaterregardlessofOSandcomputerarchitectureAuthCryptoApi.
jarThemoduleisstoredontheharddiskandisloadedinmemorywhenaclientapplicationcallscryptographicservicesexportedbythemodule.
Asofthiswriting,theclientapplicationisAuthGuard.
However,Authernativemaydevelopmoreapplicationsmakinguseofthemoduleinthefuture.
WhenoperatingintheApprovedmodeofoperation,theAuthernativeCryptographicModuleisvalidatedatFIPS140-2sectionlevelsshowninTable1.
NotethatinTable2,EMIandEMCmeanElectromagneticInterferenceandElectromagneticCompatibility,respectively,andN/Aindicates"NotApplicable".
Table2–SecurityLevelperFIPS140-2SectionSectionSectionTitleLevel1CryptographicModuleSpecification12CryptographicModulePortsandInterfaces13Roles,Services,andAuthentication14FiniteStateModel15PhysicalSecurityN/A6OperationalEnvironment17CryptographicKeyManagement18EMI/EMC19Self-Tests110DesignAssurance111MitigationofOtherAttacksN/A3.
2ModuleInterfacesThemodule,AuthCryptoApi.
jar,providesclientapplicationswithasetofcryptographicservicesintheformofApplicationProgrammingInterface(API)calls.
Figure2showsthelogicalcryptographicboundaryforthemodule.
ThemoduleisaJARfilethatconsistsof42javaclasses.
Outofthe42classes,29areBouncyCastleclassesthatimplementunderlyingcryptographicalgorithms.
BouncyCastleisanopen-sourceJavalibraryavailableatSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage11of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
http://www.
bouncycastle.
org/.
TheBouncyCastleclassesdonothavepublicmethods.
Theother13classes,developedbyAuthernative,implementpublicmethodsofthemodule.
TheJARfilemanifest,MANIFEST.
MF,containsthesignatureoftheJAR(usedinthepower-upintegritytest).
Figure2–LogicalCryptographicBoundaryThedescriptionsoftheAuthernativeclassesaredescribedinTable3–AuthernativeClassesinAuthCryptoApi.
jar.
Acompletelistofexportedmethodsisavailableinthemodule'sAPIreferencemanual.
Table3–AuthernativeClassesinAuthCryptoApi.
jarClassDescriptionAuthApiException.
classTheclassimplementstheexceptionthrownwhenandifthereisanerrorstateintheAPI.
AuthApiStatus.
classTheclassimplementsmethodsthatreportconfigurationsandstatusoftheAPI.
AuthCryptoApi.
classThisisthecoreAPIclassandcontainsallthepublicmethods.
Thisclasssimplycollectstheinterfacesintoasingleobject.
Mostofthefunctionsofthemoduleareimplementedbytheotherclasses.
Base64.
classTheclassimplementsthebase64encodinganddecodingmethods.
ConversionArray.
classTheclassimplementsAuthernative'spatentedBitVU,ByteVU,andBBVUtechnology.
SeeSection2.
3ofthisdocumentforadescriptionofthistechnique.
CryptoFunctions.
classTheclasscontainsallthecryptographicfunctionsrealizedbythemodule.
KeyGen$KeyThread.
classTheclassisasubclassoftheKeyGenclass.
Thisclassimplementsthemechanismofgeneratinganewkeyevery60seconds.
KeyGen.
classTheclassimplementskeygenerationmethods.
LicParams.
classTheclassstoresthelicensinginformationofthemodule.
RCConst.
classTheclasscontainsallthereturncodesfortheAPIerrorsforusewiththeAuthApiExceptionclass.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage12of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
ClassDescriptionSecureRNG.
classTheclassimplementstheAmericanNationalStandardsInstitute(ANSI)X9.
31AppendixA.
2.
4RNG.
AuthCipher.
classThisisanAuthernativewrapperclasstoenhanceusabilityforalloftheBouncyCastlecipherfunctionality.
AuthDigest.
classThisisanAuthernativewrapperclasstoenhanceusabilityforalloftheBouncyCastledigestfunctionality.
Themodule'sinteractionswithsurroundingcomponents,includingCentralProcessingUnit(CPU),harddisk,memory,clientapplication,andtheOSaredemonstratedinFigure3.
Figure3–LogicalCryptographicBoundaryandInteractionswithSurroundingComponentsThemoduleisvalidatedforuseontheplatformslistedinthesecondcolumnofTable1.
Inadditiontothebinaries,thephysicaldeviceconsistsoftheintegratedcircuitsofthemotherboard,theCPU,RandomAccessMemory(RAM),Read-OnlyMemory(ROM),computercase,keyboard,mouse,videointerfaces,expansioncards,andotherhardwarecomponentsincludedinthecomputersuchasharddisk,floppydisk,CompactDiscROM(CD-ROM)drive,powersupply,andfans.
Thephysicalcryptographicboundaryofthemoduleistheopaquehardmetalandplasticenclosureoftheserverrunningthemodule.
Theblockdiagramforastandardgeneral-purposecomputerSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage13of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
(GPC)isshowninFigure4.
Notethatinthisfigure,I/OmeansInput/Output,BIOSstandsforBasicInput/OutputSystem,PCIstandsforPeripheralComponentInterconnect,ISAstandsforInstructionSetArchitecture,andIDErepresentsIntegratedDriveElectronics.
Figure4–PhysicalBlockDiagramofaStandardGPCAllofthesephysicalportsareseparatedintologicalinterfacesdefinedbyFIPS140-2,asdescribedinTable3.
Table4–Logical,Physical,andModuleInterfaceMappingLogicalInterfacePhysicalPortMappingModuleMappingDataInputKeyboard,mouse,CD-ROM,floppydisk,andserial/USB/parallel/networkportsArgumentsforAPIcallsthatcontaindatatobeusedorprocessedbythemoduleDataOutputHardDisk,floppydisk,monitor,andserial/USB/parallel/networkportsArgumentsforAPIcallsthatcontainmoduleresponsedatatobeusedorprocessedbythecallerControlInputKeyboard,CD-ROM,floppydisk,mouse,andserial/USB/parallel/networkportAPIcallsStatusOutputHarddisk,floppydisk,monitor,andserial/USB/parallel/networkportsArgumentsforAPIcalls,returnvalue,errormessageSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage14of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
3.
3RolesandServicesTheoperatorsofthemodulecanassumetworolesasrequiredbyFIPS140-2:aCryptoOfficerroleandaUserrole.
Theoperatorofthemoduleassumeseitheroftherolesbasedontheoperationsperformed.
Theoperatorisnotrequiredtoauthenticatetothemodulebeforeaccessingservices.
ThemoduleprovidesanAPIforclientapplications.
Table5–CryptoOfficerServicesshowsthepublicmethodsthatarerunbytheCryptoOfficerrole.
Themethodnameisshowninthefirstcolumn("Service").
Itsfunctionisdescribedinthesecondcolumn("Description").
EachmethodexportedbythemoduleisanindividualCryptoOfficerservice.
Userservices(seeTable6–UserServices)arealsoavailabletotheCryptoOfficerrole.
Table6–UserServicesshowsthepublicmethodsthatarerunbytheUserrole.
SimilartoTable5–CryptoOfficerServices,themethodnameisshowninthefirstcolumn("Service").
Itsfunctionisdescribedinthesecondcolumn("Description").
EachmethodexportedbythemoduleisanindividualUserservice.
UserservicesarealsoavailabletotheCryptoOfficerrole.
TheCriticalSecurityParameters(CSPs)mentionedintherightmostcolumnscorrespondtotheoneslistedinTable7–ListofCryptographicKeys,CryptographicKeyComponents,andCSPs.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage15of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
Table5–CryptoOfficerServicesServiceDescriptionInputOutputCSPandTypeofAccessInstallationToinstallthemoduleCommandStatusNoneUninstallationTouninstallthemoduleCommandStatusAllCSPs–overwriteAuthCryptoApiTheAPI'sonlyconstructor.
TheinstanceoftheAPIwillbedefinedbytheparametersthatarepassedinCryptotype,hashtype,cryptomode,keysize,paddingschemeStatusNonegetInstanceThismethodisprovidedforsingletonuseoftheAPICryptotype,hashtype,cryptomode,keysize,paddingschemeStatus,theinstanceofAutghCryptoApiNoneprintByteArrayPrintsoutabytearrayinhexadecimalnotationTextstring,bytearrayStatus,theprintoutNoneprintByteArrayPrintsoutabytearrayinhexadecimalnotationBytearrayStatus,theprintoutNonehexStrToByteArrayConvertsahexadecimalstringintoabytearrayHexadecimalstringStatus,bytearrayNonecheckLicenseChecksthelicenseLicensestringfromapplication,clientinformationStatusNonegetStatusGetsinformationandconfigurationabouttheAPINoneStatus,APIobjectinformationandconfigurationNonesetSeedSetstheseed,date/time(DT)value,andTripleDESkeytorandomnumbers(generatedbythenon-ApprovedRNG)fortheANSIX9.
31RNGNoneStatusANSIX9.
31RNGseedforkeygenerationmethods–write,overwriteANSIX9.
31RNGDTvalueforkeygenerationmethods–write,overwriteANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–write,overwritesetSeedSetstheTripleDESkeytospecifiedvaluesfortheANSIX9.
31RNGTripleDESkeyStatusANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–write,overwriteSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage16of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
ServiceDescriptionInputOutputCSPandTypeofAccesssetSeedSetstheseed,DTvalue,andTripleDESkeytospecifiedvaluesfortheANSIX9.
31RNGSeed,TripleDESkey,DTvalueStatusANSIX9.
31RNGseedforkeygenerationmethods–write,overwriteANSIX9.
31RNGDTvalueforkeygenerationmethods–write,overwriteANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–write,overwritenextIntGeneratesarandomnumberNoneStatus,randomnumberANSIX9.
31RNGseedforkeygenerationmethods–readANSIX9.
31RNGDTvalueforkeygenerationmethods–readANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–readnextIntGeneratesarandomnumberbetweenzeroandthespecifiedintegerAninteger(rangeoftherandomnumber)Status,randomnumberANSIX9.
31RNGseedforkeygenerationmethods–readANSIX9.
31RNGDTvalueforkeygenerationmethods–readANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–readnextBytesGeneratesarandomnumberarrayPointertoabytearrayStatus,randomnumberarrayANSIX9.
31RNGseedforkeygenerationmethods–readANSIX9.
31RNGDTvalueforkeygenerationmethods–readANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–readzeroizeZeroizesCSPsNoneStatusAllCSPsinHashMapandfilesystem–overwriteTable6–UserServicesServiceDescriptionInputOutputCSPandTypeofAccesssetNumberOfKeysSetsthemaximumnumberofkeysthatthekeygeneratorwillcreatebeforerestartingatzeroNumberofkeysStatusNonesetPersistenceSetsthewaythekeyswillbesavedforthekeygeneratorMode(saveinkeysinfilesystemormemory)StatusNonesetPathSetsthelocationthatthekeyswillbesavedtothefilesystemPathofthefilesystemStatusNoneSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage17of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
ServiceDescriptionInputOutputCSPandTypeofAccessgetSecretKeyCreatesandreturnsaJavasecretkey(javax.
crypto.
SecretKey)NoneStatus,asecretkey(javax.
crypto.
SecretKey)AESkeyorTripleDESkeyforcalleruse–write,readgetRawKeyCreatesandreturnsaJavasecretkey(bytearray)NoneStatus,asecretkey(bytearray)AESkeyorTripleDESkeyforcalleruse–write,readstartKeyGenStartsathreadthatwillperformkeygenerationandsavethekeys.
Keyswillbegeneratedevery60secondsNoneStatusTripleDESkeyforveilingandunveilingmethods–writestopKeyGenStopsthekeygenerationNoneStatusTripleDESkeyforveilingandunveilingmethods–overwritegetSecretKeyFromReposGetsakey(javax.
crypto.
SecretKey)fromtherepositorythatiscreatedbythestartKeyGenmethodcallIndextotherepositoryStatus,asecretkey(javax.
crypto.
SecretKey)TripleDESkeyforveilingandunveilingmethods–readgetRawKeyFromReposGetsakey(bytearray)fromtherepositorythatiscreatedbythestartKeyGenmethodcallIndextotherepositoryStatus,asecretkey(bytearray)TripleDESkeyforveilingandunveilingmethods–readsetSecretKeySetsthesecretkey(bytearray)tobeusedincryptooperationsSecretkeyStatusAESkeyorTripleDESkeyforencryptionanddecryptionmethods–write,overwritesetSecretKeySetsthesecretkey(javax.
crypto.
SecretKey)tobeusedincryptooperationsSecretkeyStatusAESkeyorTripleDESkeyforencryptionanddecryptionmethods–write,overwritesetIVSetstheinitializationvectorifcryptousesCBCmodeInitializationvectorStatusNoneupdateHashUpdatesthecurrentmessageforhashingBytearrayaddedtothemessageStatusNonehashValuePerformsthefinalhashingformessageBytearrayaddedtothemessagebeforethefinalhashingisdoneStatus,hashvalueNoneupdateEncryptedUpdatesthecurrentplaintextforencryptionBytearrayaddedtotheplaintexttobeencryptedStatusNoneSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage18of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
ServiceDescriptionInputOutputCSPandTypeofAccessencryptValuePerformsthefinalencryptionfortheplaintextBytearrayaddedtotheplaintextbeforethefinalencryptionisdoneStatus,ciphertextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readdecryptValueDecryptsciphertextPlaintextStatus,plaintextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readencryptValueEncryptsplaintextwithspecifiedsecretkey(javax.
crypto.
SecretKey)Plaintext,secretkey(javax.
crypto.
SecretKey)Status,ciphertextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readdecryptValueDecryptsciphertextwithspecifiedsecretkey(javax.
crypto.
SecretKey)Ciphertext,secretkey(javax.
crypto.
SecretKey)Status,plaintextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readencryptValueEncryptsplaintextwithspecifiedsecretkey(bytearray)Plaintext,secretkey(bytearray)Status,ciphertextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readdecryptValueDecryptsciphertextwithspecifiedsecretkey(bytearray)Ciphertext,secretkey(bytearray)Status,plaintextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readencodePerformsBase64encodingonbytesBytestobeencodedEncodedbytesNoneencodePerformsBase64encodingonstringsStringstobeencodedEncodedstringNonedecodePerformsBase64decodingonbytesBytestobedecodedDecodedbytesNonedecodePerformsBase64decodingonstringsStringstobedecodedDecodedstringNoneveilDataHidesbits,bytes,orbitsandbytesinalargerarrayMode(bit,byte,orbitandbyte),bytearraytobehidden,TripleDESkeyfortheANSIX9.
31RNGConversionarraywithhiddenbytearrayTripleDESkeyforveilingandunveilingmethods–write,readunveilDataExtractsthedatafromconversionarrayMode(bit,byte,orbitandbyte),conversionarray,TripleDESkeyfortheANSIX9.
31RNGOriginalbytearrayTripleDESkeyforveilingandunveilingmethods–write,readSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage19of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
3.
4PhysicalSecurityTheAuthernativeCryptographicModuleisamulti-chipstandalonemodule.
Thephysicalsecurityrequirementsdonotapplytothismodule,sinceitispurelyasoftwaremoduleanddoesnotimplementanyphysicalsecuritymechanisms.
3.
5OperationalEnvironmentThemodulewastestedandvalidatedongeneral-purposeMicrosoftWindowsXPwithServicePackage2withSunJRE1.
5.
ThemodulecanrunonanyJVMregardlessofOSandcomputerarchitecture.
TheminimumversionoftheJREsupportedbythemoduleis1.
5.
ThemodulemustbeconfiguredinsingleusermodeaspertheinstructionsprovidedinSection4.
1ofthisdocument.
RecommendedconfigurationchangesforthesupportedOScanalsobefoundinSection4.
1.
3.
6CryptographicKeyManagementThemoduleimplementsthefollowingFIPS-approvedalgorithmsintheApprovedmodeofoperation.
SHA-1,SHA-256,SHA-384,SHA-512(certificate#725).
SHAmeansSecureHashAlgorithm.
HMAC-SHA-1(certificate#375).
HMACmeansKeyed-HashMessageAuthenticationCode.
TripleDES:112and168bits,inECBandCBCmodes(certificate#629).
ECBandCBCmeanElectronicCodebookandCipherBlockChaining,respectively.
AES:128,192,and256bits,inECBandCBCmodes(certificate#697)ANSIX9.
31AppendixA.
2.
4RNGwith2-keyTripleDES(certificate#408)IntheApprovedmodeofoperation,themoduleusesanon-ApprovedRNGtoseedtheANSIX9.
31RNG.
Thisnon-ApprovedRNGistheSecureRandomclassprovidedbytheJREandisnotimplementedbythemoduleitself.
Thenon-ApprovedRNGisoutsidethecryptographicboundaryofthemoduleandisusedbythemoduleonlyforseedingtheANSIX9.
31RNG.
Inthenon-Approvedmodeofoperation,themodulesupportsMD5.
ThemodulesupportsthefollowingCSPsintheApprovedmodeofoperation:Table7–ListofCryptographicKeys,CryptographicKeyComponents,andCSPsKeyKeyTypeGeneration/InputOutputStorageZeroizationUseTripleDESkeyforcalleruseTripleDESsymmetrickeysGeneratedbyANSIX9.
31RNGInplaintext1.
Plaintextinvolatilememory;2.
PlaintextinfilesystemZeroizedwhenthezeroizemethodiscalledUseisatthediscretionofthecallerAESkeyforcalleruseAESsymmetrickeyGeneratedbyANSIX9.
31RNGInplaintext1.
Plaintextinvolatilememory;2.
PlaintextinfilesystemZeroizedwhenthezeroizemethodiscalledUseisatthediscretionofthecallerTripleDESkeyforencryptionanddecryptionmethodsTripleDESsymmetrickeysInputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedafterencryptionordecryptionisdoneEncryptplaintextordecryptciphertextAESkeyforencryptionanddecryptionmethodsAESsymmetrickeyInputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedafterencryptionordecryptionisdoneEncryptplaintextordecryptciphertextSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage20of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
KeyKeyTypeGeneration/InputOutputStorageZeroizationUseTripleDESkeyforveilingandunveilingmethodsTripleDESsymmetrickeysInputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedafterveilingorunveilingisdoneVeilorunveildataANSIX9.
31RNGDTvalueforkeygenerationmethodsDate/timevariable1.
Generatedinternallybyretrievingsystemdate/timevalue2.
InputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedwhennewDTvalueisgeneratedGeneratekeysANSIX9.
31RNGTripleDESkeyforkeygenerationmethodsTripleDESsymmetrickeys1.
Generatedusingthenon-ApprovedRNG2.
InputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedwhennewTripleDESkeyisgeneratedGeneratekeysANSIX9.
31RNGseedforkeygenerationmethodsSeed1.
Generatedusingthenon-ApprovedRNG2.
InputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedwhennewseedisgeneratedGeneratekeysSoftwareintegritytestkey512-bitHMAC-SHA-1keyHardcodedNeverPlaintextinnonvolatilememoryZeroizedwhenthemoduleisuninstalledUsedinsoftwareintegritytest3.
6.
1KeyGenerationThemoduleusesanANSIX9.
31RNGwith2-keyTripleDEStogeneratecryptographickeys.
ThisRNGisaFIPS-ApprovedRNGasspecifiedinAnnexCtoFIPS140-2.
3.
6.
2KeyInput/OutputSymmetrickeysareinputtoandoutputfromthemoduleinplaintext.
Themoduledoesnotuseasymmetric-keycryptography.
3.
6.
3KeyStorageandProtectionKeysandotherCSPsarestoredinvolatilememoryorfilesysteminplaintext.
Allkeydataresidesininternallyallocateddatastructuresandcanonlybeoutputusingthemodule'sdefinedAPI.
TheOSandJREprotectmemoryandprocessspacefromunauthorizedaccess.
3.
6.
4KeyZeroizationGenerallyspeaking,CSPsresidesininternaldatastructuresthatarecleanedupbyJVM'sgarbagecollector.
Javahandlesmemoryinunpredictablewaysthataretransparenttotheuser.
TheCryptoOfficermaymanuallyinvokethezeroizationofkeysstoredinHashMapandfilesystembycallingthezeroizemethod.
3.
7EMI/EMCAlthoughthemoduleconsistsentirelyofsoftware,theFIPS140-2platformisaserverthathasbeentestedforandmeetsapplicableFederalCommunicationsCommission(FCC)EMIandEMCrequirementsforbusinessuseasdefinedinSubpartBofFCCPart15.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage21of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
3.
8Self-TestsThepower-upself-testsaretriggeredbyinstantiationofanobjectoftheAuthCryptoApiclass.
TheAuthernativeCryptographicModuleperformsthefollowingpower-upself-tests:SoftwareintegritytestusingHMAC-SHA-1KnownAnswerTest(KAT)on2-keyTripleDESinECBmodeKATon128-bitAESinECBmodeKATsonSHA-1,SHA-256,SHA-384,andSHA-512KATonANSIX9.
31RNGThemoduleimplementsthefollowingconditionalself-tests.
ContinuoustestfortheANSIX9.
31RNGContinuoustestforthenon-ApprovedRNGIftheself-testsfail,anexceptionwillbethrownonthefailure.
Theapplicationisthenalertedthattheself-testsfailed,andthemodulewillnotloadandwillenteranerrorstate.
Whenintheerrorstate,executionofthemoduleishaltedanddataoutputfromthemoduleisinhibited.
3.
9MitigationofOtherAttacksThissectionisnotapplicable.
NoclaimismadethatthemodulemitigatesagainstanyattacksbeyondtheFIPS140-2level1requirementsforthisvalidation.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage22of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
4SecureOperationTheAuthernativeCryptographicModulemeetsLevel1requirementsforFIPS140-2.
ThesubsectionsbelowdescribehowtoplaceandkeepthemoduleintheApprovedmodeofoperation.
4.
1OperatingSystemConfigurationTheuserofthemoduleisasoftwareapplication.
FIPS140-2mandatesthatacryptographicmodulebelimitedtoasingleuseratatime.
AsingleinstantiationoftheAuthernativeCryptographicModuleshallonlybeaccessedbyoneclientapplication,whichistheUserofthisinstantiationoftheAuthernativeCryptographicModule.
Forenhancedsecurity,itisrecommendedthattheCryptoOfficerconfiguretheOStodisallowremotelogin.
ToconfigureWindowsXPtodisallowremotelogin,theCryptoOfficershouldensurethatallremoteguestaccountsaredisabledinordertoensurethatonlyonehumanoperatorcanlogintoWindowsXPatatime.
TheservicesthatneedtobeturnedoffforWindowsXPareFast-userswitching(irrelevantifserverisadomainmember)TerminalservicesRemoteregistryserviceSecondarylogonserviceTelnetserviceRemotedesktopandremoteassistanceserviceOnceWindowsXPhasbeenconfiguredtodisableremotelogin,theCryptoOfficercanusethesystem"Administrator"accounttoinstallsoftware,uninstallsoftware,andadministerthemodule.
ACMVPpublicdocument,FrequentlyAskedQuestionsfortheCryptographicModuleValidationProgram1,givesinstructionsinSection5.
3forconfiguringvariousUnix-basedoperatingsystemsforsingleusermode.
4.
2ApprovedModeConfigurationTheAuthernativeCryptographicModuleitselfisnotanend-userproduct.
Itisprovidedtotheend-usersaspartoftheapplication(e.
g.
,AuthGuard).
Themoduleisinstalledduringinstallationoftheapplication.
Theinstallationprocedureisdescribedintheinstallationmanualfortheapplication.
Inordertoaccessfunctionsofthemodule,theapplicationhastoexecutetheconstructorofclassAuthCryptoApibyinstantiatinganobjectofclassAuthCryptoApi.
TheconstructorofclassAuthCryptoApiis:publicAuthSecurityApi(intcrpytoType,inthashType,intcodeBook,intkeySize,intpadding)IfthevaluepassedintotheargumentinthashTypeisSHA(integervalue1,2,3,or4),thenthemoduleisoperatingintheApprovedmodeofoperation.
IfthevaluepassedintotheargumentinthashTypeisMD5(integervalue0),thenthemoduleisoperatinginthenon-Approvedmodeofoperation.
TheconstructorofclassAuthCryptoApiperformsallrequiredpower-upself-tests.
Ifallpower-upself-testsarepassed,thenaninternalflagwillbesettotrue.
Allotherpublicmethodsofthemodulecheckthisinternalflagandensureitistruebeforeperforminganyotherfunctions.
1Availableathttp://csrc.
nist.
gov/groups/STM/cmvp/documents/CMVPFAQ.
pdf.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage23of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
NoticethattheApprovedmodeconfigurationdescribedaboveistransparenttoanoperator.
Theconfigurationisperformedbytheclientapplication.
4.
3CSPZeroizationTheCryptoOfficershouldzeroizeCSPswhentheyarenolongerneeded.
SeeSection3.
6.
4ofthisdocumentfordetailsonCSPzeroization.
4.
4StatusMonitoringThemodule'scryptographicfunctionalityandsecurityservicesareprovidedviatheapplication.
Themoduleisnotmeanttobeusedwithoutanassociatedapplication.
End-userinstructionsandguidanceareprovidedintheusermanualandtechnicalsupportdocumentsoftheapplicationsoftware.
Althoughend-usersdonothaveprivilegestomodifyconfigurationsofthemodule,theyshouldmakesurethattheApprovedmodeofoperationisenforcedintheapplication,therebyensuringthatthepropercryptographicprotectionisprovided.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage24of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
5AcronymsTable8–AcronymsAcronymDefinitionAESAdvancedEncryptionStandardANSIAmericanNationalStandardsInstituteAPIApplicationProgrammingInterfaceBBVUByte-Bit-Veil-UnveilBIOSBasicInput/OutputSystemBitVUBit-Veil-UnveilByteVUByte-Veil-UnveilCBCCipherBlockChainingCD-ROMCompactDiscRead-OnlyMemoryCMVPCryptographicModuleValidationProgramCPUCentralProcessingUnitCSPCriticalSecurityParameterDESDataEncryptionStandardDRKDataRandomKeyDTDate/TimeECBElectronicCodebookEMCElectromagneticCompatibilityEMIElectromagneticInterferenceFCCFederalCommunicationsCommissionFIPSFederalInformationProcessingStandardGPCGeneral-PurposeComputerGUIGraphicalUserInterfaceHDDHardDriveHMACKeyed-HashMessageAuthenticationCodeIDEIntegratedDriveElectronicsIEEEInstituteofElectricalandElectronicsEngineersI/OInput/OutputIRInfraredISAInstructionSetArchitectureJARJavaARchivalJREJavaRuntimeEnvironmentJVMJavaVirtualMachineKATKnownAnswerTestSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage25of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
AcronymDefinitionMACMessageAuthenticationCodeN/ANotApplicableOSOperatingSystemPCIPeripheralComponentInterconnectRAMRandomAccessMemoryRNGRandomNumberGeneratorROMReadOnlyMemorySHASecureHashAlgorithmSRKSessionRandomKeyUARTUniversalAsynchronousReceiver/TransmitterUSBUniversalSerialBus
- settingsecondarylogon相关文档
- additionalsecondarylogon
- Logoffstatusmessagessecondarylogon
- POSIXsecondarylogon
- Levelsecondarylogon
- secondarylogon魔兽世界下载器不动Secondary Logon 在哪?
- secondarylogonSecondary Logon 等等是什么意思?
DMIT:香港国际线路vps,1.5GB内存/20GB SSD空间/4TB流量/1Gbps/KVM,$9.81/月
DMIT怎么样?DMIT是一家美国主机商,主要提供KVM VPS、独立服务器等,主要提供香港CN2、洛杉矶CN2 GIA等KVM VPS,稳定性、网络都很不错。支持中文客服,可Paypal、支付宝付款。2020年推出的香港国际线路的KVM VPS,大带宽,适合中转落地使用。现在有永久9折优惠码:July-4-Lite-10OFF,季付及以上还有折扣,非 中国路由优化;AS4134,AS4837 均...
妮妮云(43元/月 ) 香港 8核8G 43元/月 美国 8核8G
妮妮云的来历妮妮云是 789 陈总 张总 三方共同投资建立的网站 本着“良心 便宜 稳定”的初衷 为小白用户避免被坑妮妮云的市场定位妮妮云主要代理市场稳定速度的云服务器产品,避免新手购买云服务器的时候众多商家不知道如何选择,妮妮云就帮你选择好了产品,无需承担购买风险,不用担心出现被跑路 被诈骗的情况。妮妮云的售后保证妮妮云退款 通过于合作商的友好协商,云服务器提供2天内全额退款,超过2天不退款 物...
Vinahost - 越南VPS主机商月6美元 季付以上赠送时长最多半年
Vinahost,这个主机商还是第一次介绍到,翻看商家的介绍信息,是一家成立于2008年的老牌越南主机商,业务涵盖网站设计、域名、SSL证书、电子邮箱、虚拟主机、越南VPS、云计算、越南服务器出租以及设备托管等,机房主要在越南胡志明市的Viettle和VNPT数据中心,其中VNPT数据中心对于国内是三网直连,速度优。类似很多海外主机商一样,希望拓展自己的业务,必须要降价优惠或者增加机房迎合需求用户...
secondarylogon为你推荐
-
怎么改ip怎么修改IP地址回收站在哪回收站去哪里了?暴风影音怎么截图如何在暴风影音中截图?博客外链怎么用博客发外链?简体翻译成繁体简体字怎么换成繁体。。?办公协同软件最好用的协同办公软件是哪个童之磊华硕的四核平板电脑,怎么样?如何建立一个网站如何建立一个网站彩信中心移动的彩信中心是?主页是?收不到彩信,怎么设置?硬盘人电脑对人有多大辐射?