settingsecondarylogon
secondarylogon 时间:2021-02-26 阅读:()
2008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
Authernative,Inc.
AuthernativeCryptographicModuleSoftwareVersion:1.
0.
0FIPS140-2SecurityPolicyLevel1ValidationDocumentVersion1.
1Preparedfor:Preparedby:Authernative,Inc.
CorsecSecurity,Inc.
201RedwoodShoresParkway,Suite275RedwoodCity,CA9406510340DemocracyLane,Suite201Fairfax,VA22030Phone:(650)587-5263Phone:(703)267-6050Fax:(650)587-5259Fax:(703)267-6810http://www.
authernative.
comhttp://www.
corsec.
comSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage2of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
RevisionHistoryVersionModificationDateModifiedByDescriptionofChanges0.
12007-09-21XiaoyuRuanInitialdraft0.
22008-01-10XiaoyuRuanAddedECBBlockCipher.
class;removedDESEngine.
class0.
32008-01-23XiaoyuRuanAddedzeroizemethod;PutCAVPnumbers0.
42008-01-25XiaoyuRuanAddressedLabcomments0.
52008-02-05XiaoyuRuanAddressedLabcomments1.
02008-05-01XiaoyuRuanAddressCMVPcomments1.
12008-05-09XiaoyuRuanAddressCMVPcommentsSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage3of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
TableofContents1INTRODUCTION61.
1PURPOSE.
61.
2REFERENCES.
61.
3DOCUMENTORGANIZATION62AUTHGUARDANDPASSENABLER.
72.
1OVERVIEW.
72.
2CLIENT-SERVERENCRYPTIONANDAUTHENTICATION.
82.
3BITVU,BYTEVU,ANDBBVU.
93AUTHERNATIVECRYPTOGRAPHICMODULE103.
1OVERVIEW.
103.
2MODULEINTERFACES.
103.
3ROLESANDSERVICES.
143.
4PHYSICALSECURITY193.
5OPERATIONALENVIRONMENT.
193.
6CRYPTOGRAPHICKEYMANAGEMENT.
193.
6.
1KeyGeneration.
203.
6.
2KeyInput/Output203.
6.
3KeyStorageandProtection.
203.
6.
4KeyZeroization.
203.
7EMI/EMC203.
8SELF-TESTS213.
9MITIGATIONOFOTHERATTACKS.
214SECUREOPERATION.
224.
1OPERATINGSYSTEMCONFIGURATION224.
2APPROVEDMODECONFIGURATION224.
3CSPZEROIZATION.
234.
4STATUSMONITORING.
235ACRONYMS.
24SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage4of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
TableofFiguresFIGURE1–COMPONENTSOFTHEAUTHGUARDPRODUCT.
8FIGURE2–LOGICALCRYPTOGRAPHICBOUNDARY11FIGURE3–LOGICALCRYPTOGRAPHICBOUNDARYANDINTERACTIONSWITHSURROUNDINGCOMPONENTS12FIGURE4–PHYSICALBLOCKDIAGRAMOFASTANDARDGPC13SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage5of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
TableofTablesTABLE1–BINARYFORMOFTHEMODULE10TABLE2–SECURITYLEVELPERFIPS140-2SECTION.
10TABLE3–AUTHERNATIVECLASSESINAUTHCRYPTOAPI.
JAR.
11TABLE4–LOGICAL,PHYSICAL,ANDMODULEINTERFACEMAPPING.
13TABLE5–CRYPTOOFFICERSERVICES15TABLE6–USERSERVICES.
16TABLE7–LISTOFCRYPTOGRAPHICKEYS,CRYPTOGRAPHICKEYCOMPONENTS,ANDCSPS.
19TABLE8–ACRONYMS24SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage6of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
1Introduction1.
1PurposeThisdocumentisanon-proprietaryCryptographicModuleSecurityPolicyfortheAuthernativeCryptographicModulefromAuthernative,Inc.
ThisSecurityPolicydescribeshowtheAuthernativeCryptographicModulemeetsthesecurityrequirementsofFIPS140-2andhowtorunthemoduleinasecureFIPS140-2modeofoperation.
ThispolicywaspreparedaspartoftheLevel1FIPS140-2validationoftheAuthernativeCryptographicModule.
FIPS140-2(FederalInformationProcessingStandardsPublication140-2–SecurityRequirementsforCryptographicModules)detailstheU.
S.
andCanadiangovernmentrequirementsforcryptographicmodules.
MoreinformationabouttheFIPS140-2standardandvalidationprogramisavailableontheNationalInstituteofStandardsandTechnology(NIST)CryptographicModuleValidationProgram(CMVP)websiteat:http://csrc.
nist.
gov/groups/STM/index.
html.
Inthisdocument,theAuthernativeCryptographicModuleisreferredtoas"themodule".
TheapplicationrepresentsAuthernative'ssoftwareproducts,suchasAuthGuard,linkedwiththecryptographicmethodsprovidedbytheAuthernativeCryptographicModule.
1.
2ReferencesThisdocumentdealsonlywiththeoperationsandcapabilitiesofthemoduleinthetechnicaltermsofaFIPS140-2cryptographicmodulesecuritypolicy.
Moreinformationisavailableonthemodulefromthefollowingsources:TheAuthernativewebsite(http://www.
authernative.
com/)containsinformationonthefulllineofproductsfromAuthernative.
TheCMVPwebsite(http://csrc.
nist.
gov/groups/STM/index.
html)containscontactinformationforanswerstotechnicalorsales-relatedquestionsforthemodule.
1.
3DocumentOrganizationTheSecurityPolicydocumentisonedocumentinaFIPS140-2submissionpackage.
Inadditiontothisdocument,theSubmissionPackagecontains:VendorEvidenceFiniteStateMachineOthersupportingdocumentationasadditionalreferencesThisSecurityPolicyandtheothervalidationsubmissiondocumentationhavebeenproducedbyCorsecSecurity,Inc.
undercontracttoAuthernative.
WiththeexceptionofthisNon-ProprietarySecurityPolicy,theFIPS140-2ValidationDocumentationisproprietarytoAuthernativeandisreleasableonlyunderappropriatenon-disclosureagreements.
Foraccesstothesedocuments,pleasecontactAuthernative.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage7of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
2AuthGuardandPassEnablerAuthernative,Inc.
isasoftwarecompanythatdevelops,markets,andsellsenterpriseandconsumerlevelsecuritysolutions.
Authernative'sgrantedandpendingU.
S.
andInternationalpatentsintheareaofprivateandsecurefinancialtransactions,authenticationalgorithms,protocols,andencryptionschemesarethefoundationforthecompanytechnologyandcommercialproductofferings.
Authernativeprovidesintegratedsecuritysolutionsforidentitymanagement,strongauthenticationtoaccessnetworkresources,andefficientauthorization,administrationandauditingcontrol.
Authernativeapproachessecurityasacomplexsystemhavingscientific,technological,engineering,marketing,andsocialcomponents.
Thecompanybelievesthatonlyaharmonizedmixtureofthesecomponentsimplementedinsecurityproductsandbackedwithexcellentservicescanbringlong-lastingsuccessandcustomersatisfaction.
Authernativecurrentlysellstwoseparateandcomplementaryproducts:AuthGuardandPassEnabler.
BothAuthGuardandPassEnablerareapplicationsthatusetheAuthernativeCryptographicModule.
However,AuthGuardandPassEnablerarenotbeingvalidatedforFIPScompliancebecausealltheirsecurity-relevantfunctionsareprovidedbytheAuthernativeCryptographicModule.
2.
1OverviewAuthGuardisanauthenticationproduct.
Itprovidesanauthenticationserverthatsupportsandmanagesmultipleauthenticationoptions.
ThoseoptionsallowAuthGuardtooffermultifactorauthentication,strongauthentication,orlayeredauthenticationservices.
PassEnablerallowsadministratorstodefinewhatresourcesauthorizedusershaveaccesstoandprovidesasecureauthorization,administration,auditing,andwebsingle-sign-onengine.
PassEnablerisintegratedwithAuthGuard.
PassEnablerenablescorporateidentityandaccessmanagementusingtheauthenticationcapabilitiesofAuthGuard.
AuthGuardandPassEnablercanbeusedeitherseparatelyortogetherascomplementarytoolswithinatoolsuite.
TheAuthGuardproductisimplementedusingfivecomponents(asdepictedinFigure1):AuthGuardServerAdministrativeUtilityConfigurationUtilityLicensingAuthGuardClientThecentralcomponentistheAuthGuardServer,whichprovidesauthenticationservicesinanetworkedenvironment.
UsersattemptingtoaccessvarioussystemsareredirectedtotheAuthGuardServer.
ThisprovidesthemwithaGraphicalUserInterface(GUI)toperformauthentication.
TheGUIisprovidedbydownloadingtheAuthGuardClienttoabrowser.
TheAuthGuardClientGUIchangesdependingonwhatformsofauthenticationarebeingperformed,andcommunicateswiththeAuthGuardServer.
AuthernativehasdevelopedtwoutilitiestomanagetheAuthGuardproduct.
ThefirstutilityistheAdministrativeUtility,whichprovidesanadministrativeconsoleformanagementoftheAuthGuardServer.
TheAdministrativeUtilityprovidesaGUItotweakroughlyfiftyoptionsandfeaturesoftheconfigurationoftheAuthGuardServer,settingtheuserpermissionsandauthentication.
AnadministratorusestheAdministrativeUtilitytoinitiallyconfigurethesystem.
ThesecondutilityistheConfigurationUtility,whichisadesktopconfigurationtoolthatgivestheadministratortheabilitytoperformuseraccountprovisioning,manageroles,createusers,andperformauditing.
TheConfigurationUtilityalsoallowsauditingtobeperformedonusersandadministratoractivitiesonthenetworkfromdataintheAuthGuardServer'slogs.
TheproductallowsausertoviewnetworkresourcesandtodefineresourcesthatareplacedunderAuthGuard'sauthenticationcontrol.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage8of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
Figure1–ComponentsoftheAuthGuardProduct2.
2Client-ServerEncryptionandAuthenticationCommunicationsbetweentheAuthGuardServerandtheAuthGuardClientareencryptedusingtheAdvancedEncryptionStandard(AES)algorithm.
TheAuthGuardServerisimplementedasaJavaservletwithinanApacheTomcatcontainer,andcontainsallrequiredsecurityfunctionality.
TheAuthGuardClientisdistributedasaJavaappletbytheAuthGuardServer.
Theappletisloadedintoauser'sbrowser.
TheClientthenprovidesthecompleteuserGUIandperformstheencryptionoperationsenablingsecurecommunicationswiththeAuthGuardServer.
Furthermore,theappletprovidesinterfacesappropriatetotheadministrator-selectedauthenticationmethodsandguidestheuserthroughauthenticationtotheAuthGuardServerandaccesstoresources.
NetworkusersencountertheAuthGuardServerwhentheybringupabrowserandrequestaccesstoanauthenticatedresource.
TheserequestsareredirectedbytheresourcetotheAuthGuardServeriftherequesthasnotyetbeenauthenticated.
Optionally,userscanpointdirectlytoanAuthGuardServertobeginauthenticationsteps.
Oncecontacted,theAuthGuardServersendsbacktheClientapplettotheuseralongwithaSessionRandomKey(SRK),whichcanbeeitheranAESoratripleDataEncryptionStandard(DES)key.
TheSRKsareusedtoinitializesecuresessions,andarecreatedbytheAuthGuardServer.
WhentheservletfortheAuthGuardServerisinitialized,itstartsgeneratinganewstoreofSRKsdestinedforfutureuse.
TheSRKsareplacedinanarraythatisconstantlyupdatedbytheServer,andSRKscreatedbytheServerareassignedalifetime.
AfteranSRKhasexpired,itwillnotbeusedtosecureanewconnection.
EachSRKisassociatedwithanarrayofDataRandomKeys(DRKs),whichiscreatedforaparticularsession.
ThearrayofDRKsiserasediftheSRKiserased.
TheServercanbeconfiguredtocreateaspecificnumberofSRKs,andwillthenupdatethemperiodically.
Foranindividualsession,asingleunusedSRKisselected,andthensenttotheclientintheclearencodedasanarrayofbytesinaJavaclass.
TheSRKisthenusedbytheClienttoinitiatethesessionbetweentheClientandtheServer.
TheClientfirstobtainsausernamefromtheGUI,andsendsthistotheserverencryptedwiththeSRK.
TheServerreceivesthisanddecryptstheusername.
AftertheexchangeofausernameandSRK,theServerselectsaDRKfromthearrayassociatedwiththeSRK,andsendsittotheClientencryptedwiththeSRK.
Theencryptedbitsareadditionallybyte-veiled,orbit-veiledasdescribedinthenextsubsection.
Atthispoint,theClientretrievestheDRK,anddisplaysaGUItotheusertocollectpasswordinformation.
Meanwhile,theClienthashestheDRK,encryptsthehashwiththeDRK,andsendstheresultbacktotheServertoindicatethattheDRKwassuccessfullyreceivedanddecrypted.
TheServerchecksthatthisiscorrectbycomputingthesamevalue.
Atthispoint,theServerandClienthaveexchangedanSRK,DRK,andusernamebuthavenotauthenticatedeitherside,orexchangedakeynotsubjecttoman-in-the-middleattacks.
Now,theServerselectsasecondDRK(DRK2)fromtheDRKarray.
Theserverthenretrievestheuser'spasswordinformationfromitsdatabase.
TheServerthenencryptsDRK2withDRKandbit-veils,byte-veils,orbothintoaconversionarrayusingvaluesfromaRandomNumberGenerator(RNG)seededwiththeuser'spasswordinformation.
ThisistransmittedtotheClientwhocanthenusethesamepasswordinformationtoreconstructDRK2.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage9of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
TheClientthenhashesDRK2,hidesitinaconversionarrayusingthepasswordinformation,encryptstheconversionarraywithDRK2,andsendsitbacktotheservertoindicatehehasDRK2.
ThisstepperformsClientauthenticationbasedonpossessionoftheuser'spasswordinformation,andsharesDRK2withbothsides.
ThesamestepisthenperformedbytheServertoauthenticatetheServertotheClientusingDRK2andtheServerpassword.
TheServersendsahashofDRK2inaconversionarrayusingtheServerpasswordtoseedtheRNGforbit-orbyte-veiling,andencryptingthearraywithDRK2.
TheClientalreadyhastheServerpasswordandusesittoauthenticatetheServer.
Atthispointclienthaveperformedmutualauthentication,andshareasessionencryptionkey.
Userpasswordinformationcanbeasimplepassword,orcanuseAuthernative'spassline(achosenpatterninagrid),pass-step(anout-of-bandchallengesenttoemailorphonetobeentered),crossline(achallengeembeddedinagrid),orpassfield(image,colors,andagrid).
Eachoftheseprocessesallowstheusertoselectsecretpasswordinformation,allorpartofwhichcanbeprovidedinresponsetochallenges.
TheauthenticationstepofexchangingaDRKusingpasswordinformationforthebit-andbyte-veilingcanbeiteratedasoftenasdesiredtoprovideaDRK3,DRK4,etc.
Securitycanbelayeredtousemultipleauthenticationsteps,wheredifferentpasswordinformationformsareemployed.
Forexample,ausercouldemploybothasimplepasswordandusepassline.
ThepasswordwouldbeusedforDRK2,andthenpasslinewouldbeusedforDRK3,andthatexchangewouldalsodependuponDRK2.
Atthispoint,theDRKarenotusedbyAuthGuardforsecuredataencryption,andaresimplytreatedasabyproductoftheauthentication.
OtherproductsmayinthefutureusetheDRKsforsecurecontentexchange,buttheyarecurrentlyusedonlyforauthentication.
2.
3BitVU,ByteVU,andBBVUAuthernativehassecuredthreepatentsontheprocessesdescribedabove,withclaimsinthepatentsthatcovertheuseofaconversionarray,keygeneration,andbit-andbyte-veiling.
Theprocessof"Bit-Veil-Unveil(BitVU),Byte-Veil-Unveil(ByteVU),andByte-Bit-Veil-Unveil(BBVU)"mentionedabovearethesubjectofthepatents,andareintegraltotheauthenticationprocess.
TheBitVUandByteVUprocessestakeanarrayofrandomdataandeffectivelyhideorinterspersemessagedatawithinthearray.
Thearrayofrandomdatawiththeinterspersedmessagesisreferredtoasaconversionarray,andmaybefurtherencryptedbeforetransmissionwithintheAuthGuardschemesdescribed.
ThelocationsofthemessagedatawithintheconversionarrayaredeterminedbyadeterministicRNGseededwithasecretvalue.
TwopartiesthatsharethissecretvaluecanbothusethesameRNGtocomputethelocationsofthedatawithintheconversionarray.
TheprocessofByteVUinvolvesgeneratingaconversionarray,and"veiling"individualbytesofthemessagedatabysparselydistributingthemthroughtheconversionarray.
TheprocessofBitVUdoesthesame,butonabit-wisebasis.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage10of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
3AuthernativeCryptographicModule3.
1OverviewThemodulewasdevelopedandtestedonMicrosoftWindowsXP(ServicePackage2)withSunJavaRuntimeEnvironment(JRE)1.
5.
ThemodulecanrunonanyJavaVirtualMachine(JVM)regardlessofoperatingsystem(OS)andcomputerarchitecture.
TheminimumversionoftheJREsupportedbythemoduleis1.
5.
LogicallythemoduleisasingleJavaARchival(JAR),AuthCryptoApi.
jar.
Table1showstheOSandnameofthebinaryfile.
Table1–BinaryFormoftheModuleWhenOperatingSystemBinaryFileNameDevelopmentWindowsXPwithSunJRE1.
5AuthCryptoApi.
jarRuntimeAnyJVMwithJRE1.
5orlaterregardlessofOSandcomputerarchitectureAuthCryptoApi.
jarThemoduleisstoredontheharddiskandisloadedinmemorywhenaclientapplicationcallscryptographicservicesexportedbythemodule.
Asofthiswriting,theclientapplicationisAuthGuard.
However,Authernativemaydevelopmoreapplicationsmakinguseofthemoduleinthefuture.
WhenoperatingintheApprovedmodeofoperation,theAuthernativeCryptographicModuleisvalidatedatFIPS140-2sectionlevelsshowninTable1.
NotethatinTable2,EMIandEMCmeanElectromagneticInterferenceandElectromagneticCompatibility,respectively,andN/Aindicates"NotApplicable".
Table2–SecurityLevelperFIPS140-2SectionSectionSectionTitleLevel1CryptographicModuleSpecification12CryptographicModulePortsandInterfaces13Roles,Services,andAuthentication14FiniteStateModel15PhysicalSecurityN/A6OperationalEnvironment17CryptographicKeyManagement18EMI/EMC19Self-Tests110DesignAssurance111MitigationofOtherAttacksN/A3.
2ModuleInterfacesThemodule,AuthCryptoApi.
jar,providesclientapplicationswithasetofcryptographicservicesintheformofApplicationProgrammingInterface(API)calls.
Figure2showsthelogicalcryptographicboundaryforthemodule.
ThemoduleisaJARfilethatconsistsof42javaclasses.
Outofthe42classes,29areBouncyCastleclassesthatimplementunderlyingcryptographicalgorithms.
BouncyCastleisanopen-sourceJavalibraryavailableatSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage11of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
http://www.
bouncycastle.
org/.
TheBouncyCastleclassesdonothavepublicmethods.
Theother13classes,developedbyAuthernative,implementpublicmethodsofthemodule.
TheJARfilemanifest,MANIFEST.
MF,containsthesignatureoftheJAR(usedinthepower-upintegritytest).
Figure2–LogicalCryptographicBoundaryThedescriptionsoftheAuthernativeclassesaredescribedinTable3–AuthernativeClassesinAuthCryptoApi.
jar.
Acompletelistofexportedmethodsisavailableinthemodule'sAPIreferencemanual.
Table3–AuthernativeClassesinAuthCryptoApi.
jarClassDescriptionAuthApiException.
classTheclassimplementstheexceptionthrownwhenandifthereisanerrorstateintheAPI.
AuthApiStatus.
classTheclassimplementsmethodsthatreportconfigurationsandstatusoftheAPI.
AuthCryptoApi.
classThisisthecoreAPIclassandcontainsallthepublicmethods.
Thisclasssimplycollectstheinterfacesintoasingleobject.
Mostofthefunctionsofthemoduleareimplementedbytheotherclasses.
Base64.
classTheclassimplementsthebase64encodinganddecodingmethods.
ConversionArray.
classTheclassimplementsAuthernative'spatentedBitVU,ByteVU,andBBVUtechnology.
SeeSection2.
3ofthisdocumentforadescriptionofthistechnique.
CryptoFunctions.
classTheclasscontainsallthecryptographicfunctionsrealizedbythemodule.
KeyGen$KeyThread.
classTheclassisasubclassoftheKeyGenclass.
Thisclassimplementsthemechanismofgeneratinganewkeyevery60seconds.
KeyGen.
classTheclassimplementskeygenerationmethods.
LicParams.
classTheclassstoresthelicensinginformationofthemodule.
RCConst.
classTheclasscontainsallthereturncodesfortheAPIerrorsforusewiththeAuthApiExceptionclass.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage12of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
ClassDescriptionSecureRNG.
classTheclassimplementstheAmericanNationalStandardsInstitute(ANSI)X9.
31AppendixA.
2.
4RNG.
AuthCipher.
classThisisanAuthernativewrapperclasstoenhanceusabilityforalloftheBouncyCastlecipherfunctionality.
AuthDigest.
classThisisanAuthernativewrapperclasstoenhanceusabilityforalloftheBouncyCastledigestfunctionality.
Themodule'sinteractionswithsurroundingcomponents,includingCentralProcessingUnit(CPU),harddisk,memory,clientapplication,andtheOSaredemonstratedinFigure3.
Figure3–LogicalCryptographicBoundaryandInteractionswithSurroundingComponentsThemoduleisvalidatedforuseontheplatformslistedinthesecondcolumnofTable1.
Inadditiontothebinaries,thephysicaldeviceconsistsoftheintegratedcircuitsofthemotherboard,theCPU,RandomAccessMemory(RAM),Read-OnlyMemory(ROM),computercase,keyboard,mouse,videointerfaces,expansioncards,andotherhardwarecomponentsincludedinthecomputersuchasharddisk,floppydisk,CompactDiscROM(CD-ROM)drive,powersupply,andfans.
Thephysicalcryptographicboundaryofthemoduleistheopaquehardmetalandplasticenclosureoftheserverrunningthemodule.
Theblockdiagramforastandardgeneral-purposecomputerSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage13of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
(GPC)isshowninFigure4.
Notethatinthisfigure,I/OmeansInput/Output,BIOSstandsforBasicInput/OutputSystem,PCIstandsforPeripheralComponentInterconnect,ISAstandsforInstructionSetArchitecture,andIDErepresentsIntegratedDriveElectronics.
Figure4–PhysicalBlockDiagramofaStandardGPCAllofthesephysicalportsareseparatedintologicalinterfacesdefinedbyFIPS140-2,asdescribedinTable3.
Table4–Logical,Physical,andModuleInterfaceMappingLogicalInterfacePhysicalPortMappingModuleMappingDataInputKeyboard,mouse,CD-ROM,floppydisk,andserial/USB/parallel/networkportsArgumentsforAPIcallsthatcontaindatatobeusedorprocessedbythemoduleDataOutputHardDisk,floppydisk,monitor,andserial/USB/parallel/networkportsArgumentsforAPIcallsthatcontainmoduleresponsedatatobeusedorprocessedbythecallerControlInputKeyboard,CD-ROM,floppydisk,mouse,andserial/USB/parallel/networkportAPIcallsStatusOutputHarddisk,floppydisk,monitor,andserial/USB/parallel/networkportsArgumentsforAPIcalls,returnvalue,errormessageSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage14of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
3.
3RolesandServicesTheoperatorsofthemodulecanassumetworolesasrequiredbyFIPS140-2:aCryptoOfficerroleandaUserrole.
Theoperatorofthemoduleassumeseitheroftherolesbasedontheoperationsperformed.
Theoperatorisnotrequiredtoauthenticatetothemodulebeforeaccessingservices.
ThemoduleprovidesanAPIforclientapplications.
Table5–CryptoOfficerServicesshowsthepublicmethodsthatarerunbytheCryptoOfficerrole.
Themethodnameisshowninthefirstcolumn("Service").
Itsfunctionisdescribedinthesecondcolumn("Description").
EachmethodexportedbythemoduleisanindividualCryptoOfficerservice.
Userservices(seeTable6–UserServices)arealsoavailabletotheCryptoOfficerrole.
Table6–UserServicesshowsthepublicmethodsthatarerunbytheUserrole.
SimilartoTable5–CryptoOfficerServices,themethodnameisshowninthefirstcolumn("Service").
Itsfunctionisdescribedinthesecondcolumn("Description").
EachmethodexportedbythemoduleisanindividualUserservice.
UserservicesarealsoavailabletotheCryptoOfficerrole.
TheCriticalSecurityParameters(CSPs)mentionedintherightmostcolumnscorrespondtotheoneslistedinTable7–ListofCryptographicKeys,CryptographicKeyComponents,andCSPs.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage15of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
Table5–CryptoOfficerServicesServiceDescriptionInputOutputCSPandTypeofAccessInstallationToinstallthemoduleCommandStatusNoneUninstallationTouninstallthemoduleCommandStatusAllCSPs–overwriteAuthCryptoApiTheAPI'sonlyconstructor.
TheinstanceoftheAPIwillbedefinedbytheparametersthatarepassedinCryptotype,hashtype,cryptomode,keysize,paddingschemeStatusNonegetInstanceThismethodisprovidedforsingletonuseoftheAPICryptotype,hashtype,cryptomode,keysize,paddingschemeStatus,theinstanceofAutghCryptoApiNoneprintByteArrayPrintsoutabytearrayinhexadecimalnotationTextstring,bytearrayStatus,theprintoutNoneprintByteArrayPrintsoutabytearrayinhexadecimalnotationBytearrayStatus,theprintoutNonehexStrToByteArrayConvertsahexadecimalstringintoabytearrayHexadecimalstringStatus,bytearrayNonecheckLicenseChecksthelicenseLicensestringfromapplication,clientinformationStatusNonegetStatusGetsinformationandconfigurationabouttheAPINoneStatus,APIobjectinformationandconfigurationNonesetSeedSetstheseed,date/time(DT)value,andTripleDESkeytorandomnumbers(generatedbythenon-ApprovedRNG)fortheANSIX9.
31RNGNoneStatusANSIX9.
31RNGseedforkeygenerationmethods–write,overwriteANSIX9.
31RNGDTvalueforkeygenerationmethods–write,overwriteANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–write,overwritesetSeedSetstheTripleDESkeytospecifiedvaluesfortheANSIX9.
31RNGTripleDESkeyStatusANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–write,overwriteSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage16of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
ServiceDescriptionInputOutputCSPandTypeofAccesssetSeedSetstheseed,DTvalue,andTripleDESkeytospecifiedvaluesfortheANSIX9.
31RNGSeed,TripleDESkey,DTvalueStatusANSIX9.
31RNGseedforkeygenerationmethods–write,overwriteANSIX9.
31RNGDTvalueforkeygenerationmethods–write,overwriteANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–write,overwritenextIntGeneratesarandomnumberNoneStatus,randomnumberANSIX9.
31RNGseedforkeygenerationmethods–readANSIX9.
31RNGDTvalueforkeygenerationmethods–readANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–readnextIntGeneratesarandomnumberbetweenzeroandthespecifiedintegerAninteger(rangeoftherandomnumber)Status,randomnumberANSIX9.
31RNGseedforkeygenerationmethods–readANSIX9.
31RNGDTvalueforkeygenerationmethods–readANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–readnextBytesGeneratesarandomnumberarrayPointertoabytearrayStatus,randomnumberarrayANSIX9.
31RNGseedforkeygenerationmethods–readANSIX9.
31RNGDTvalueforkeygenerationmethods–readANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–readzeroizeZeroizesCSPsNoneStatusAllCSPsinHashMapandfilesystem–overwriteTable6–UserServicesServiceDescriptionInputOutputCSPandTypeofAccesssetNumberOfKeysSetsthemaximumnumberofkeysthatthekeygeneratorwillcreatebeforerestartingatzeroNumberofkeysStatusNonesetPersistenceSetsthewaythekeyswillbesavedforthekeygeneratorMode(saveinkeysinfilesystemormemory)StatusNonesetPathSetsthelocationthatthekeyswillbesavedtothefilesystemPathofthefilesystemStatusNoneSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage17of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
ServiceDescriptionInputOutputCSPandTypeofAccessgetSecretKeyCreatesandreturnsaJavasecretkey(javax.
crypto.
SecretKey)NoneStatus,asecretkey(javax.
crypto.
SecretKey)AESkeyorTripleDESkeyforcalleruse–write,readgetRawKeyCreatesandreturnsaJavasecretkey(bytearray)NoneStatus,asecretkey(bytearray)AESkeyorTripleDESkeyforcalleruse–write,readstartKeyGenStartsathreadthatwillperformkeygenerationandsavethekeys.
Keyswillbegeneratedevery60secondsNoneStatusTripleDESkeyforveilingandunveilingmethods–writestopKeyGenStopsthekeygenerationNoneStatusTripleDESkeyforveilingandunveilingmethods–overwritegetSecretKeyFromReposGetsakey(javax.
crypto.
SecretKey)fromtherepositorythatiscreatedbythestartKeyGenmethodcallIndextotherepositoryStatus,asecretkey(javax.
crypto.
SecretKey)TripleDESkeyforveilingandunveilingmethods–readgetRawKeyFromReposGetsakey(bytearray)fromtherepositorythatiscreatedbythestartKeyGenmethodcallIndextotherepositoryStatus,asecretkey(bytearray)TripleDESkeyforveilingandunveilingmethods–readsetSecretKeySetsthesecretkey(bytearray)tobeusedincryptooperationsSecretkeyStatusAESkeyorTripleDESkeyforencryptionanddecryptionmethods–write,overwritesetSecretKeySetsthesecretkey(javax.
crypto.
SecretKey)tobeusedincryptooperationsSecretkeyStatusAESkeyorTripleDESkeyforencryptionanddecryptionmethods–write,overwritesetIVSetstheinitializationvectorifcryptousesCBCmodeInitializationvectorStatusNoneupdateHashUpdatesthecurrentmessageforhashingBytearrayaddedtothemessageStatusNonehashValuePerformsthefinalhashingformessageBytearrayaddedtothemessagebeforethefinalhashingisdoneStatus,hashvalueNoneupdateEncryptedUpdatesthecurrentplaintextforencryptionBytearrayaddedtotheplaintexttobeencryptedStatusNoneSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage18of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
ServiceDescriptionInputOutputCSPandTypeofAccessencryptValuePerformsthefinalencryptionfortheplaintextBytearrayaddedtotheplaintextbeforethefinalencryptionisdoneStatus,ciphertextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readdecryptValueDecryptsciphertextPlaintextStatus,plaintextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readencryptValueEncryptsplaintextwithspecifiedsecretkey(javax.
crypto.
SecretKey)Plaintext,secretkey(javax.
crypto.
SecretKey)Status,ciphertextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readdecryptValueDecryptsciphertextwithspecifiedsecretkey(javax.
crypto.
SecretKey)Ciphertext,secretkey(javax.
crypto.
SecretKey)Status,plaintextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readencryptValueEncryptsplaintextwithspecifiedsecretkey(bytearray)Plaintext,secretkey(bytearray)Status,ciphertextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readdecryptValueDecryptsciphertextwithspecifiedsecretkey(bytearray)Ciphertext,secretkey(bytearray)Status,plaintextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readencodePerformsBase64encodingonbytesBytestobeencodedEncodedbytesNoneencodePerformsBase64encodingonstringsStringstobeencodedEncodedstringNonedecodePerformsBase64decodingonbytesBytestobedecodedDecodedbytesNonedecodePerformsBase64decodingonstringsStringstobedecodedDecodedstringNoneveilDataHidesbits,bytes,orbitsandbytesinalargerarrayMode(bit,byte,orbitandbyte),bytearraytobehidden,TripleDESkeyfortheANSIX9.
31RNGConversionarraywithhiddenbytearrayTripleDESkeyforveilingandunveilingmethods–write,readunveilDataExtractsthedatafromconversionarrayMode(bit,byte,orbitandbyte),conversionarray,TripleDESkeyfortheANSIX9.
31RNGOriginalbytearrayTripleDESkeyforveilingandunveilingmethods–write,readSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage19of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
3.
4PhysicalSecurityTheAuthernativeCryptographicModuleisamulti-chipstandalonemodule.
Thephysicalsecurityrequirementsdonotapplytothismodule,sinceitispurelyasoftwaremoduleanddoesnotimplementanyphysicalsecuritymechanisms.
3.
5OperationalEnvironmentThemodulewastestedandvalidatedongeneral-purposeMicrosoftWindowsXPwithServicePackage2withSunJRE1.
5.
ThemodulecanrunonanyJVMregardlessofOSandcomputerarchitecture.
TheminimumversionoftheJREsupportedbythemoduleis1.
5.
ThemodulemustbeconfiguredinsingleusermodeaspertheinstructionsprovidedinSection4.
1ofthisdocument.
RecommendedconfigurationchangesforthesupportedOScanalsobefoundinSection4.
1.
3.
6CryptographicKeyManagementThemoduleimplementsthefollowingFIPS-approvedalgorithmsintheApprovedmodeofoperation.
SHA-1,SHA-256,SHA-384,SHA-512(certificate#725).
SHAmeansSecureHashAlgorithm.
HMAC-SHA-1(certificate#375).
HMACmeansKeyed-HashMessageAuthenticationCode.
TripleDES:112and168bits,inECBandCBCmodes(certificate#629).
ECBandCBCmeanElectronicCodebookandCipherBlockChaining,respectively.
AES:128,192,and256bits,inECBandCBCmodes(certificate#697)ANSIX9.
31AppendixA.
2.
4RNGwith2-keyTripleDES(certificate#408)IntheApprovedmodeofoperation,themoduleusesanon-ApprovedRNGtoseedtheANSIX9.
31RNG.
Thisnon-ApprovedRNGistheSecureRandomclassprovidedbytheJREandisnotimplementedbythemoduleitself.
Thenon-ApprovedRNGisoutsidethecryptographicboundaryofthemoduleandisusedbythemoduleonlyforseedingtheANSIX9.
31RNG.
Inthenon-Approvedmodeofoperation,themodulesupportsMD5.
ThemodulesupportsthefollowingCSPsintheApprovedmodeofoperation:Table7–ListofCryptographicKeys,CryptographicKeyComponents,andCSPsKeyKeyTypeGeneration/InputOutputStorageZeroizationUseTripleDESkeyforcalleruseTripleDESsymmetrickeysGeneratedbyANSIX9.
31RNGInplaintext1.
Plaintextinvolatilememory;2.
PlaintextinfilesystemZeroizedwhenthezeroizemethodiscalledUseisatthediscretionofthecallerAESkeyforcalleruseAESsymmetrickeyGeneratedbyANSIX9.
31RNGInplaintext1.
Plaintextinvolatilememory;2.
PlaintextinfilesystemZeroizedwhenthezeroizemethodiscalledUseisatthediscretionofthecallerTripleDESkeyforencryptionanddecryptionmethodsTripleDESsymmetrickeysInputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedafterencryptionordecryptionisdoneEncryptplaintextordecryptciphertextAESkeyforencryptionanddecryptionmethodsAESsymmetrickeyInputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedafterencryptionordecryptionisdoneEncryptplaintextordecryptciphertextSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage20of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
KeyKeyTypeGeneration/InputOutputStorageZeroizationUseTripleDESkeyforveilingandunveilingmethodsTripleDESsymmetrickeysInputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedafterveilingorunveilingisdoneVeilorunveildataANSIX9.
31RNGDTvalueforkeygenerationmethodsDate/timevariable1.
Generatedinternallybyretrievingsystemdate/timevalue2.
InputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedwhennewDTvalueisgeneratedGeneratekeysANSIX9.
31RNGTripleDESkeyforkeygenerationmethodsTripleDESsymmetrickeys1.
Generatedusingthenon-ApprovedRNG2.
InputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedwhennewTripleDESkeyisgeneratedGeneratekeysANSIX9.
31RNGseedforkeygenerationmethodsSeed1.
Generatedusingthenon-ApprovedRNG2.
InputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedwhennewseedisgeneratedGeneratekeysSoftwareintegritytestkey512-bitHMAC-SHA-1keyHardcodedNeverPlaintextinnonvolatilememoryZeroizedwhenthemoduleisuninstalledUsedinsoftwareintegritytest3.
6.
1KeyGenerationThemoduleusesanANSIX9.
31RNGwith2-keyTripleDEStogeneratecryptographickeys.
ThisRNGisaFIPS-ApprovedRNGasspecifiedinAnnexCtoFIPS140-2.
3.
6.
2KeyInput/OutputSymmetrickeysareinputtoandoutputfromthemoduleinplaintext.
Themoduledoesnotuseasymmetric-keycryptography.
3.
6.
3KeyStorageandProtectionKeysandotherCSPsarestoredinvolatilememoryorfilesysteminplaintext.
Allkeydataresidesininternallyallocateddatastructuresandcanonlybeoutputusingthemodule'sdefinedAPI.
TheOSandJREprotectmemoryandprocessspacefromunauthorizedaccess.
3.
6.
4KeyZeroizationGenerallyspeaking,CSPsresidesininternaldatastructuresthatarecleanedupbyJVM'sgarbagecollector.
Javahandlesmemoryinunpredictablewaysthataretransparenttotheuser.
TheCryptoOfficermaymanuallyinvokethezeroizationofkeysstoredinHashMapandfilesystembycallingthezeroizemethod.
3.
7EMI/EMCAlthoughthemoduleconsistsentirelyofsoftware,theFIPS140-2platformisaserverthathasbeentestedforandmeetsapplicableFederalCommunicationsCommission(FCC)EMIandEMCrequirementsforbusinessuseasdefinedinSubpartBofFCCPart15.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage21of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
3.
8Self-TestsThepower-upself-testsaretriggeredbyinstantiationofanobjectoftheAuthCryptoApiclass.
TheAuthernativeCryptographicModuleperformsthefollowingpower-upself-tests:SoftwareintegritytestusingHMAC-SHA-1KnownAnswerTest(KAT)on2-keyTripleDESinECBmodeKATon128-bitAESinECBmodeKATsonSHA-1,SHA-256,SHA-384,andSHA-512KATonANSIX9.
31RNGThemoduleimplementsthefollowingconditionalself-tests.
ContinuoustestfortheANSIX9.
31RNGContinuoustestforthenon-ApprovedRNGIftheself-testsfail,anexceptionwillbethrownonthefailure.
Theapplicationisthenalertedthattheself-testsfailed,andthemodulewillnotloadandwillenteranerrorstate.
Whenintheerrorstate,executionofthemoduleishaltedanddataoutputfromthemoduleisinhibited.
3.
9MitigationofOtherAttacksThissectionisnotapplicable.
NoclaimismadethatthemodulemitigatesagainstanyattacksbeyondtheFIPS140-2level1requirementsforthisvalidation.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage22of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
4SecureOperationTheAuthernativeCryptographicModulemeetsLevel1requirementsforFIPS140-2.
ThesubsectionsbelowdescribehowtoplaceandkeepthemoduleintheApprovedmodeofoperation.
4.
1OperatingSystemConfigurationTheuserofthemoduleisasoftwareapplication.
FIPS140-2mandatesthatacryptographicmodulebelimitedtoasingleuseratatime.
AsingleinstantiationoftheAuthernativeCryptographicModuleshallonlybeaccessedbyoneclientapplication,whichistheUserofthisinstantiationoftheAuthernativeCryptographicModule.
Forenhancedsecurity,itisrecommendedthattheCryptoOfficerconfiguretheOStodisallowremotelogin.
ToconfigureWindowsXPtodisallowremotelogin,theCryptoOfficershouldensurethatallremoteguestaccountsaredisabledinordertoensurethatonlyonehumanoperatorcanlogintoWindowsXPatatime.
TheservicesthatneedtobeturnedoffforWindowsXPareFast-userswitching(irrelevantifserverisadomainmember)TerminalservicesRemoteregistryserviceSecondarylogonserviceTelnetserviceRemotedesktopandremoteassistanceserviceOnceWindowsXPhasbeenconfiguredtodisableremotelogin,theCryptoOfficercanusethesystem"Administrator"accounttoinstallsoftware,uninstallsoftware,andadministerthemodule.
ACMVPpublicdocument,FrequentlyAskedQuestionsfortheCryptographicModuleValidationProgram1,givesinstructionsinSection5.
3forconfiguringvariousUnix-basedoperatingsystemsforsingleusermode.
4.
2ApprovedModeConfigurationTheAuthernativeCryptographicModuleitselfisnotanend-userproduct.
Itisprovidedtotheend-usersaspartoftheapplication(e.
g.
,AuthGuard).
Themoduleisinstalledduringinstallationoftheapplication.
Theinstallationprocedureisdescribedintheinstallationmanualfortheapplication.
Inordertoaccessfunctionsofthemodule,theapplicationhastoexecutetheconstructorofclassAuthCryptoApibyinstantiatinganobjectofclassAuthCryptoApi.
TheconstructorofclassAuthCryptoApiis:publicAuthSecurityApi(intcrpytoType,inthashType,intcodeBook,intkeySize,intpadding)IfthevaluepassedintotheargumentinthashTypeisSHA(integervalue1,2,3,or4),thenthemoduleisoperatingintheApprovedmodeofoperation.
IfthevaluepassedintotheargumentinthashTypeisMD5(integervalue0),thenthemoduleisoperatinginthenon-Approvedmodeofoperation.
TheconstructorofclassAuthCryptoApiperformsallrequiredpower-upself-tests.
Ifallpower-upself-testsarepassed,thenaninternalflagwillbesettotrue.
Allotherpublicmethodsofthemodulecheckthisinternalflagandensureitistruebeforeperforminganyotherfunctions.
1Availableathttp://csrc.
nist.
gov/groups/STM/cmvp/documents/CMVPFAQ.
pdf.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage23of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
NoticethattheApprovedmodeconfigurationdescribedaboveistransparenttoanoperator.
Theconfigurationisperformedbytheclientapplication.
4.
3CSPZeroizationTheCryptoOfficershouldzeroizeCSPswhentheyarenolongerneeded.
SeeSection3.
6.
4ofthisdocumentfordetailsonCSPzeroization.
4.
4StatusMonitoringThemodule'scryptographicfunctionalityandsecurityservicesareprovidedviatheapplication.
Themoduleisnotmeanttobeusedwithoutanassociatedapplication.
End-userinstructionsandguidanceareprovidedintheusermanualandtechnicalsupportdocumentsoftheapplicationsoftware.
Althoughend-usersdonothaveprivilegestomodifyconfigurationsofthemodule,theyshouldmakesurethattheApprovedmodeofoperationisenforcedintheapplication,therebyensuringthatthepropercryptographicprotectionisprovided.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage24of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
5AcronymsTable8–AcronymsAcronymDefinitionAESAdvancedEncryptionStandardANSIAmericanNationalStandardsInstituteAPIApplicationProgrammingInterfaceBBVUByte-Bit-Veil-UnveilBIOSBasicInput/OutputSystemBitVUBit-Veil-UnveilByteVUByte-Veil-UnveilCBCCipherBlockChainingCD-ROMCompactDiscRead-OnlyMemoryCMVPCryptographicModuleValidationProgramCPUCentralProcessingUnitCSPCriticalSecurityParameterDESDataEncryptionStandardDRKDataRandomKeyDTDate/TimeECBElectronicCodebookEMCElectromagneticCompatibilityEMIElectromagneticInterferenceFCCFederalCommunicationsCommissionFIPSFederalInformationProcessingStandardGPCGeneral-PurposeComputerGUIGraphicalUserInterfaceHDDHardDriveHMACKeyed-HashMessageAuthenticationCodeIDEIntegratedDriveElectronicsIEEEInstituteofElectricalandElectronicsEngineersI/OInput/OutputIRInfraredISAInstructionSetArchitectureJARJavaARchivalJREJavaRuntimeEnvironmentJVMJavaVirtualMachineKATKnownAnswerTestSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage25of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
AcronymDefinitionMACMessageAuthenticationCodeN/ANotApplicableOSOperatingSystemPCIPeripheralComponentInterconnectRAMRandomAccessMemoryRNGRandomNumberGeneratorROMReadOnlyMemorySHASecureHashAlgorithmSRKSessionRandomKeyUARTUniversalAsynchronousReceiver/TransmitterUSBUniversalSerialBus
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
Authernative,Inc.
AuthernativeCryptographicModuleSoftwareVersion:1.
0.
0FIPS140-2SecurityPolicyLevel1ValidationDocumentVersion1.
1Preparedfor:Preparedby:Authernative,Inc.
CorsecSecurity,Inc.
201RedwoodShoresParkway,Suite275RedwoodCity,CA9406510340DemocracyLane,Suite201Fairfax,VA22030Phone:(650)587-5263Phone:(703)267-6050Fax:(650)587-5259Fax:(703)267-6810http://www.
authernative.
comhttp://www.
corsec.
comSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage2of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
RevisionHistoryVersionModificationDateModifiedByDescriptionofChanges0.
12007-09-21XiaoyuRuanInitialdraft0.
22008-01-10XiaoyuRuanAddedECBBlockCipher.
class;removedDESEngine.
class0.
32008-01-23XiaoyuRuanAddedzeroizemethod;PutCAVPnumbers0.
42008-01-25XiaoyuRuanAddressedLabcomments0.
52008-02-05XiaoyuRuanAddressedLabcomments1.
02008-05-01XiaoyuRuanAddressCMVPcomments1.
12008-05-09XiaoyuRuanAddressCMVPcommentsSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage3of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
TableofContents1INTRODUCTION61.
1PURPOSE.
61.
2REFERENCES.
61.
3DOCUMENTORGANIZATION62AUTHGUARDANDPASSENABLER.
72.
1OVERVIEW.
72.
2CLIENT-SERVERENCRYPTIONANDAUTHENTICATION.
82.
3BITVU,BYTEVU,ANDBBVU.
93AUTHERNATIVECRYPTOGRAPHICMODULE103.
1OVERVIEW.
103.
2MODULEINTERFACES.
103.
3ROLESANDSERVICES.
143.
4PHYSICALSECURITY193.
5OPERATIONALENVIRONMENT.
193.
6CRYPTOGRAPHICKEYMANAGEMENT.
193.
6.
1KeyGeneration.
203.
6.
2KeyInput/Output203.
6.
3KeyStorageandProtection.
203.
6.
4KeyZeroization.
203.
7EMI/EMC203.
8SELF-TESTS213.
9MITIGATIONOFOTHERATTACKS.
214SECUREOPERATION.
224.
1OPERATINGSYSTEMCONFIGURATION224.
2APPROVEDMODECONFIGURATION224.
3CSPZEROIZATION.
234.
4STATUSMONITORING.
235ACRONYMS.
24SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage4of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
TableofFiguresFIGURE1–COMPONENTSOFTHEAUTHGUARDPRODUCT.
8FIGURE2–LOGICALCRYPTOGRAPHICBOUNDARY11FIGURE3–LOGICALCRYPTOGRAPHICBOUNDARYANDINTERACTIONSWITHSURROUNDINGCOMPONENTS12FIGURE4–PHYSICALBLOCKDIAGRAMOFASTANDARDGPC13SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage5of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
TableofTablesTABLE1–BINARYFORMOFTHEMODULE10TABLE2–SECURITYLEVELPERFIPS140-2SECTION.
10TABLE3–AUTHERNATIVECLASSESINAUTHCRYPTOAPI.
JAR.
11TABLE4–LOGICAL,PHYSICAL,ANDMODULEINTERFACEMAPPING.
13TABLE5–CRYPTOOFFICERSERVICES15TABLE6–USERSERVICES.
16TABLE7–LISTOFCRYPTOGRAPHICKEYS,CRYPTOGRAPHICKEYCOMPONENTS,ANDCSPS.
19TABLE8–ACRONYMS24SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage6of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
1Introduction1.
1PurposeThisdocumentisanon-proprietaryCryptographicModuleSecurityPolicyfortheAuthernativeCryptographicModulefromAuthernative,Inc.
ThisSecurityPolicydescribeshowtheAuthernativeCryptographicModulemeetsthesecurityrequirementsofFIPS140-2andhowtorunthemoduleinasecureFIPS140-2modeofoperation.
ThispolicywaspreparedaspartoftheLevel1FIPS140-2validationoftheAuthernativeCryptographicModule.
FIPS140-2(FederalInformationProcessingStandardsPublication140-2–SecurityRequirementsforCryptographicModules)detailstheU.
S.
andCanadiangovernmentrequirementsforcryptographicmodules.
MoreinformationabouttheFIPS140-2standardandvalidationprogramisavailableontheNationalInstituteofStandardsandTechnology(NIST)CryptographicModuleValidationProgram(CMVP)websiteat:http://csrc.
nist.
gov/groups/STM/index.
html.
Inthisdocument,theAuthernativeCryptographicModuleisreferredtoas"themodule".
TheapplicationrepresentsAuthernative'ssoftwareproducts,suchasAuthGuard,linkedwiththecryptographicmethodsprovidedbytheAuthernativeCryptographicModule.
1.
2ReferencesThisdocumentdealsonlywiththeoperationsandcapabilitiesofthemoduleinthetechnicaltermsofaFIPS140-2cryptographicmodulesecuritypolicy.
Moreinformationisavailableonthemodulefromthefollowingsources:TheAuthernativewebsite(http://www.
authernative.
com/)containsinformationonthefulllineofproductsfromAuthernative.
TheCMVPwebsite(http://csrc.
nist.
gov/groups/STM/index.
html)containscontactinformationforanswerstotechnicalorsales-relatedquestionsforthemodule.
1.
3DocumentOrganizationTheSecurityPolicydocumentisonedocumentinaFIPS140-2submissionpackage.
Inadditiontothisdocument,theSubmissionPackagecontains:VendorEvidenceFiniteStateMachineOthersupportingdocumentationasadditionalreferencesThisSecurityPolicyandtheothervalidationsubmissiondocumentationhavebeenproducedbyCorsecSecurity,Inc.
undercontracttoAuthernative.
WiththeexceptionofthisNon-ProprietarySecurityPolicy,theFIPS140-2ValidationDocumentationisproprietarytoAuthernativeandisreleasableonlyunderappropriatenon-disclosureagreements.
Foraccesstothesedocuments,pleasecontactAuthernative.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage7of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
2AuthGuardandPassEnablerAuthernative,Inc.
isasoftwarecompanythatdevelops,markets,andsellsenterpriseandconsumerlevelsecuritysolutions.
Authernative'sgrantedandpendingU.
S.
andInternationalpatentsintheareaofprivateandsecurefinancialtransactions,authenticationalgorithms,protocols,andencryptionschemesarethefoundationforthecompanytechnologyandcommercialproductofferings.
Authernativeprovidesintegratedsecuritysolutionsforidentitymanagement,strongauthenticationtoaccessnetworkresources,andefficientauthorization,administrationandauditingcontrol.
Authernativeapproachessecurityasacomplexsystemhavingscientific,technological,engineering,marketing,andsocialcomponents.
Thecompanybelievesthatonlyaharmonizedmixtureofthesecomponentsimplementedinsecurityproductsandbackedwithexcellentservicescanbringlong-lastingsuccessandcustomersatisfaction.
Authernativecurrentlysellstwoseparateandcomplementaryproducts:AuthGuardandPassEnabler.
BothAuthGuardandPassEnablerareapplicationsthatusetheAuthernativeCryptographicModule.
However,AuthGuardandPassEnablerarenotbeingvalidatedforFIPScompliancebecausealltheirsecurity-relevantfunctionsareprovidedbytheAuthernativeCryptographicModule.
2.
1OverviewAuthGuardisanauthenticationproduct.
Itprovidesanauthenticationserverthatsupportsandmanagesmultipleauthenticationoptions.
ThoseoptionsallowAuthGuardtooffermultifactorauthentication,strongauthentication,orlayeredauthenticationservices.
PassEnablerallowsadministratorstodefinewhatresourcesauthorizedusershaveaccesstoandprovidesasecureauthorization,administration,auditing,andwebsingle-sign-onengine.
PassEnablerisintegratedwithAuthGuard.
PassEnablerenablescorporateidentityandaccessmanagementusingtheauthenticationcapabilitiesofAuthGuard.
AuthGuardandPassEnablercanbeusedeitherseparatelyortogetherascomplementarytoolswithinatoolsuite.
TheAuthGuardproductisimplementedusingfivecomponents(asdepictedinFigure1):AuthGuardServerAdministrativeUtilityConfigurationUtilityLicensingAuthGuardClientThecentralcomponentistheAuthGuardServer,whichprovidesauthenticationservicesinanetworkedenvironment.
UsersattemptingtoaccessvarioussystemsareredirectedtotheAuthGuardServer.
ThisprovidesthemwithaGraphicalUserInterface(GUI)toperformauthentication.
TheGUIisprovidedbydownloadingtheAuthGuardClienttoabrowser.
TheAuthGuardClientGUIchangesdependingonwhatformsofauthenticationarebeingperformed,andcommunicateswiththeAuthGuardServer.
AuthernativehasdevelopedtwoutilitiestomanagetheAuthGuardproduct.
ThefirstutilityistheAdministrativeUtility,whichprovidesanadministrativeconsoleformanagementoftheAuthGuardServer.
TheAdministrativeUtilityprovidesaGUItotweakroughlyfiftyoptionsandfeaturesoftheconfigurationoftheAuthGuardServer,settingtheuserpermissionsandauthentication.
AnadministratorusestheAdministrativeUtilitytoinitiallyconfigurethesystem.
ThesecondutilityistheConfigurationUtility,whichisadesktopconfigurationtoolthatgivestheadministratortheabilitytoperformuseraccountprovisioning,manageroles,createusers,andperformauditing.
TheConfigurationUtilityalsoallowsauditingtobeperformedonusersandadministratoractivitiesonthenetworkfromdataintheAuthGuardServer'slogs.
TheproductallowsausertoviewnetworkresourcesandtodefineresourcesthatareplacedunderAuthGuard'sauthenticationcontrol.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage8of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
Figure1–ComponentsoftheAuthGuardProduct2.
2Client-ServerEncryptionandAuthenticationCommunicationsbetweentheAuthGuardServerandtheAuthGuardClientareencryptedusingtheAdvancedEncryptionStandard(AES)algorithm.
TheAuthGuardServerisimplementedasaJavaservletwithinanApacheTomcatcontainer,andcontainsallrequiredsecurityfunctionality.
TheAuthGuardClientisdistributedasaJavaappletbytheAuthGuardServer.
Theappletisloadedintoauser'sbrowser.
TheClientthenprovidesthecompleteuserGUIandperformstheencryptionoperationsenablingsecurecommunicationswiththeAuthGuardServer.
Furthermore,theappletprovidesinterfacesappropriatetotheadministrator-selectedauthenticationmethodsandguidestheuserthroughauthenticationtotheAuthGuardServerandaccesstoresources.
NetworkusersencountertheAuthGuardServerwhentheybringupabrowserandrequestaccesstoanauthenticatedresource.
TheserequestsareredirectedbytheresourcetotheAuthGuardServeriftherequesthasnotyetbeenauthenticated.
Optionally,userscanpointdirectlytoanAuthGuardServertobeginauthenticationsteps.
Oncecontacted,theAuthGuardServersendsbacktheClientapplettotheuseralongwithaSessionRandomKey(SRK),whichcanbeeitheranAESoratripleDataEncryptionStandard(DES)key.
TheSRKsareusedtoinitializesecuresessions,andarecreatedbytheAuthGuardServer.
WhentheservletfortheAuthGuardServerisinitialized,itstartsgeneratinganewstoreofSRKsdestinedforfutureuse.
TheSRKsareplacedinanarraythatisconstantlyupdatedbytheServer,andSRKscreatedbytheServerareassignedalifetime.
AfteranSRKhasexpired,itwillnotbeusedtosecureanewconnection.
EachSRKisassociatedwithanarrayofDataRandomKeys(DRKs),whichiscreatedforaparticularsession.
ThearrayofDRKsiserasediftheSRKiserased.
TheServercanbeconfiguredtocreateaspecificnumberofSRKs,andwillthenupdatethemperiodically.
Foranindividualsession,asingleunusedSRKisselected,andthensenttotheclientintheclearencodedasanarrayofbytesinaJavaclass.
TheSRKisthenusedbytheClienttoinitiatethesessionbetweentheClientandtheServer.
TheClientfirstobtainsausernamefromtheGUI,andsendsthistotheserverencryptedwiththeSRK.
TheServerreceivesthisanddecryptstheusername.
AftertheexchangeofausernameandSRK,theServerselectsaDRKfromthearrayassociatedwiththeSRK,andsendsittotheClientencryptedwiththeSRK.
Theencryptedbitsareadditionallybyte-veiled,orbit-veiledasdescribedinthenextsubsection.
Atthispoint,theClientretrievestheDRK,anddisplaysaGUItotheusertocollectpasswordinformation.
Meanwhile,theClienthashestheDRK,encryptsthehashwiththeDRK,andsendstheresultbacktotheServertoindicatethattheDRKwassuccessfullyreceivedanddecrypted.
TheServerchecksthatthisiscorrectbycomputingthesamevalue.
Atthispoint,theServerandClienthaveexchangedanSRK,DRK,andusernamebuthavenotauthenticatedeitherside,orexchangedakeynotsubjecttoman-in-the-middleattacks.
Now,theServerselectsasecondDRK(DRK2)fromtheDRKarray.
Theserverthenretrievestheuser'spasswordinformationfromitsdatabase.
TheServerthenencryptsDRK2withDRKandbit-veils,byte-veils,orbothintoaconversionarrayusingvaluesfromaRandomNumberGenerator(RNG)seededwiththeuser'spasswordinformation.
ThisistransmittedtotheClientwhocanthenusethesamepasswordinformationtoreconstructDRK2.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage9of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
TheClientthenhashesDRK2,hidesitinaconversionarrayusingthepasswordinformation,encryptstheconversionarraywithDRK2,andsendsitbacktotheservertoindicatehehasDRK2.
ThisstepperformsClientauthenticationbasedonpossessionoftheuser'spasswordinformation,andsharesDRK2withbothsides.
ThesamestepisthenperformedbytheServertoauthenticatetheServertotheClientusingDRK2andtheServerpassword.
TheServersendsahashofDRK2inaconversionarrayusingtheServerpasswordtoseedtheRNGforbit-orbyte-veiling,andencryptingthearraywithDRK2.
TheClientalreadyhastheServerpasswordandusesittoauthenticatetheServer.
Atthispointclienthaveperformedmutualauthentication,andshareasessionencryptionkey.
Userpasswordinformationcanbeasimplepassword,orcanuseAuthernative'spassline(achosenpatterninagrid),pass-step(anout-of-bandchallengesenttoemailorphonetobeentered),crossline(achallengeembeddedinagrid),orpassfield(image,colors,andagrid).
Eachoftheseprocessesallowstheusertoselectsecretpasswordinformation,allorpartofwhichcanbeprovidedinresponsetochallenges.
TheauthenticationstepofexchangingaDRKusingpasswordinformationforthebit-andbyte-veilingcanbeiteratedasoftenasdesiredtoprovideaDRK3,DRK4,etc.
Securitycanbelayeredtousemultipleauthenticationsteps,wheredifferentpasswordinformationformsareemployed.
Forexample,ausercouldemploybothasimplepasswordandusepassline.
ThepasswordwouldbeusedforDRK2,andthenpasslinewouldbeusedforDRK3,andthatexchangewouldalsodependuponDRK2.
Atthispoint,theDRKarenotusedbyAuthGuardforsecuredataencryption,andaresimplytreatedasabyproductoftheauthentication.
OtherproductsmayinthefutureusetheDRKsforsecurecontentexchange,buttheyarecurrentlyusedonlyforauthentication.
2.
3BitVU,ByteVU,andBBVUAuthernativehassecuredthreepatentsontheprocessesdescribedabove,withclaimsinthepatentsthatcovertheuseofaconversionarray,keygeneration,andbit-andbyte-veiling.
Theprocessof"Bit-Veil-Unveil(BitVU),Byte-Veil-Unveil(ByteVU),andByte-Bit-Veil-Unveil(BBVU)"mentionedabovearethesubjectofthepatents,andareintegraltotheauthenticationprocess.
TheBitVUandByteVUprocessestakeanarrayofrandomdataandeffectivelyhideorinterspersemessagedatawithinthearray.
Thearrayofrandomdatawiththeinterspersedmessagesisreferredtoasaconversionarray,andmaybefurtherencryptedbeforetransmissionwithintheAuthGuardschemesdescribed.
ThelocationsofthemessagedatawithintheconversionarrayaredeterminedbyadeterministicRNGseededwithasecretvalue.
TwopartiesthatsharethissecretvaluecanbothusethesameRNGtocomputethelocationsofthedatawithintheconversionarray.
TheprocessofByteVUinvolvesgeneratingaconversionarray,and"veiling"individualbytesofthemessagedatabysparselydistributingthemthroughtheconversionarray.
TheprocessofBitVUdoesthesame,butonabit-wisebasis.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage10of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
3AuthernativeCryptographicModule3.
1OverviewThemodulewasdevelopedandtestedonMicrosoftWindowsXP(ServicePackage2)withSunJavaRuntimeEnvironment(JRE)1.
5.
ThemodulecanrunonanyJavaVirtualMachine(JVM)regardlessofoperatingsystem(OS)andcomputerarchitecture.
TheminimumversionoftheJREsupportedbythemoduleis1.
5.
LogicallythemoduleisasingleJavaARchival(JAR),AuthCryptoApi.
jar.
Table1showstheOSandnameofthebinaryfile.
Table1–BinaryFormoftheModuleWhenOperatingSystemBinaryFileNameDevelopmentWindowsXPwithSunJRE1.
5AuthCryptoApi.
jarRuntimeAnyJVMwithJRE1.
5orlaterregardlessofOSandcomputerarchitectureAuthCryptoApi.
jarThemoduleisstoredontheharddiskandisloadedinmemorywhenaclientapplicationcallscryptographicservicesexportedbythemodule.
Asofthiswriting,theclientapplicationisAuthGuard.
However,Authernativemaydevelopmoreapplicationsmakinguseofthemoduleinthefuture.
WhenoperatingintheApprovedmodeofoperation,theAuthernativeCryptographicModuleisvalidatedatFIPS140-2sectionlevelsshowninTable1.
NotethatinTable2,EMIandEMCmeanElectromagneticInterferenceandElectromagneticCompatibility,respectively,andN/Aindicates"NotApplicable".
Table2–SecurityLevelperFIPS140-2SectionSectionSectionTitleLevel1CryptographicModuleSpecification12CryptographicModulePortsandInterfaces13Roles,Services,andAuthentication14FiniteStateModel15PhysicalSecurityN/A6OperationalEnvironment17CryptographicKeyManagement18EMI/EMC19Self-Tests110DesignAssurance111MitigationofOtherAttacksN/A3.
2ModuleInterfacesThemodule,AuthCryptoApi.
jar,providesclientapplicationswithasetofcryptographicservicesintheformofApplicationProgrammingInterface(API)calls.
Figure2showsthelogicalcryptographicboundaryforthemodule.
ThemoduleisaJARfilethatconsistsof42javaclasses.
Outofthe42classes,29areBouncyCastleclassesthatimplementunderlyingcryptographicalgorithms.
BouncyCastleisanopen-sourceJavalibraryavailableatSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage11of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
http://www.
bouncycastle.
org/.
TheBouncyCastleclassesdonothavepublicmethods.
Theother13classes,developedbyAuthernative,implementpublicmethodsofthemodule.
TheJARfilemanifest,MANIFEST.
MF,containsthesignatureoftheJAR(usedinthepower-upintegritytest).
Figure2–LogicalCryptographicBoundaryThedescriptionsoftheAuthernativeclassesaredescribedinTable3–AuthernativeClassesinAuthCryptoApi.
jar.
Acompletelistofexportedmethodsisavailableinthemodule'sAPIreferencemanual.
Table3–AuthernativeClassesinAuthCryptoApi.
jarClassDescriptionAuthApiException.
classTheclassimplementstheexceptionthrownwhenandifthereisanerrorstateintheAPI.
AuthApiStatus.
classTheclassimplementsmethodsthatreportconfigurationsandstatusoftheAPI.
AuthCryptoApi.
classThisisthecoreAPIclassandcontainsallthepublicmethods.
Thisclasssimplycollectstheinterfacesintoasingleobject.
Mostofthefunctionsofthemoduleareimplementedbytheotherclasses.
Base64.
classTheclassimplementsthebase64encodinganddecodingmethods.
ConversionArray.
classTheclassimplementsAuthernative'spatentedBitVU,ByteVU,andBBVUtechnology.
SeeSection2.
3ofthisdocumentforadescriptionofthistechnique.
CryptoFunctions.
classTheclasscontainsallthecryptographicfunctionsrealizedbythemodule.
KeyGen$KeyThread.
classTheclassisasubclassoftheKeyGenclass.
Thisclassimplementsthemechanismofgeneratinganewkeyevery60seconds.
KeyGen.
classTheclassimplementskeygenerationmethods.
LicParams.
classTheclassstoresthelicensinginformationofthemodule.
RCConst.
classTheclasscontainsallthereturncodesfortheAPIerrorsforusewiththeAuthApiExceptionclass.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage12of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
ClassDescriptionSecureRNG.
classTheclassimplementstheAmericanNationalStandardsInstitute(ANSI)X9.
31AppendixA.
2.
4RNG.
AuthCipher.
classThisisanAuthernativewrapperclasstoenhanceusabilityforalloftheBouncyCastlecipherfunctionality.
AuthDigest.
classThisisanAuthernativewrapperclasstoenhanceusabilityforalloftheBouncyCastledigestfunctionality.
Themodule'sinteractionswithsurroundingcomponents,includingCentralProcessingUnit(CPU),harddisk,memory,clientapplication,andtheOSaredemonstratedinFigure3.
Figure3–LogicalCryptographicBoundaryandInteractionswithSurroundingComponentsThemoduleisvalidatedforuseontheplatformslistedinthesecondcolumnofTable1.
Inadditiontothebinaries,thephysicaldeviceconsistsoftheintegratedcircuitsofthemotherboard,theCPU,RandomAccessMemory(RAM),Read-OnlyMemory(ROM),computercase,keyboard,mouse,videointerfaces,expansioncards,andotherhardwarecomponentsincludedinthecomputersuchasharddisk,floppydisk,CompactDiscROM(CD-ROM)drive,powersupply,andfans.
Thephysicalcryptographicboundaryofthemoduleistheopaquehardmetalandplasticenclosureoftheserverrunningthemodule.
Theblockdiagramforastandardgeneral-purposecomputerSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage13of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
(GPC)isshowninFigure4.
Notethatinthisfigure,I/OmeansInput/Output,BIOSstandsforBasicInput/OutputSystem,PCIstandsforPeripheralComponentInterconnect,ISAstandsforInstructionSetArchitecture,andIDErepresentsIntegratedDriveElectronics.
Figure4–PhysicalBlockDiagramofaStandardGPCAllofthesephysicalportsareseparatedintologicalinterfacesdefinedbyFIPS140-2,asdescribedinTable3.
Table4–Logical,Physical,andModuleInterfaceMappingLogicalInterfacePhysicalPortMappingModuleMappingDataInputKeyboard,mouse,CD-ROM,floppydisk,andserial/USB/parallel/networkportsArgumentsforAPIcallsthatcontaindatatobeusedorprocessedbythemoduleDataOutputHardDisk,floppydisk,monitor,andserial/USB/parallel/networkportsArgumentsforAPIcallsthatcontainmoduleresponsedatatobeusedorprocessedbythecallerControlInputKeyboard,CD-ROM,floppydisk,mouse,andserial/USB/parallel/networkportAPIcallsStatusOutputHarddisk,floppydisk,monitor,andserial/USB/parallel/networkportsArgumentsforAPIcalls,returnvalue,errormessageSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage14of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
3.
3RolesandServicesTheoperatorsofthemodulecanassumetworolesasrequiredbyFIPS140-2:aCryptoOfficerroleandaUserrole.
Theoperatorofthemoduleassumeseitheroftherolesbasedontheoperationsperformed.
Theoperatorisnotrequiredtoauthenticatetothemodulebeforeaccessingservices.
ThemoduleprovidesanAPIforclientapplications.
Table5–CryptoOfficerServicesshowsthepublicmethodsthatarerunbytheCryptoOfficerrole.
Themethodnameisshowninthefirstcolumn("Service").
Itsfunctionisdescribedinthesecondcolumn("Description").
EachmethodexportedbythemoduleisanindividualCryptoOfficerservice.
Userservices(seeTable6–UserServices)arealsoavailabletotheCryptoOfficerrole.
Table6–UserServicesshowsthepublicmethodsthatarerunbytheUserrole.
SimilartoTable5–CryptoOfficerServices,themethodnameisshowninthefirstcolumn("Service").
Itsfunctionisdescribedinthesecondcolumn("Description").
EachmethodexportedbythemoduleisanindividualUserservice.
UserservicesarealsoavailabletotheCryptoOfficerrole.
TheCriticalSecurityParameters(CSPs)mentionedintherightmostcolumnscorrespondtotheoneslistedinTable7–ListofCryptographicKeys,CryptographicKeyComponents,andCSPs.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage15of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
Table5–CryptoOfficerServicesServiceDescriptionInputOutputCSPandTypeofAccessInstallationToinstallthemoduleCommandStatusNoneUninstallationTouninstallthemoduleCommandStatusAllCSPs–overwriteAuthCryptoApiTheAPI'sonlyconstructor.
TheinstanceoftheAPIwillbedefinedbytheparametersthatarepassedinCryptotype,hashtype,cryptomode,keysize,paddingschemeStatusNonegetInstanceThismethodisprovidedforsingletonuseoftheAPICryptotype,hashtype,cryptomode,keysize,paddingschemeStatus,theinstanceofAutghCryptoApiNoneprintByteArrayPrintsoutabytearrayinhexadecimalnotationTextstring,bytearrayStatus,theprintoutNoneprintByteArrayPrintsoutabytearrayinhexadecimalnotationBytearrayStatus,theprintoutNonehexStrToByteArrayConvertsahexadecimalstringintoabytearrayHexadecimalstringStatus,bytearrayNonecheckLicenseChecksthelicenseLicensestringfromapplication,clientinformationStatusNonegetStatusGetsinformationandconfigurationabouttheAPINoneStatus,APIobjectinformationandconfigurationNonesetSeedSetstheseed,date/time(DT)value,andTripleDESkeytorandomnumbers(generatedbythenon-ApprovedRNG)fortheANSIX9.
31RNGNoneStatusANSIX9.
31RNGseedforkeygenerationmethods–write,overwriteANSIX9.
31RNGDTvalueforkeygenerationmethods–write,overwriteANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–write,overwritesetSeedSetstheTripleDESkeytospecifiedvaluesfortheANSIX9.
31RNGTripleDESkeyStatusANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–write,overwriteSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage16of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
ServiceDescriptionInputOutputCSPandTypeofAccesssetSeedSetstheseed,DTvalue,andTripleDESkeytospecifiedvaluesfortheANSIX9.
31RNGSeed,TripleDESkey,DTvalueStatusANSIX9.
31RNGseedforkeygenerationmethods–write,overwriteANSIX9.
31RNGDTvalueforkeygenerationmethods–write,overwriteANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–write,overwritenextIntGeneratesarandomnumberNoneStatus,randomnumberANSIX9.
31RNGseedforkeygenerationmethods–readANSIX9.
31RNGDTvalueforkeygenerationmethods–readANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–readnextIntGeneratesarandomnumberbetweenzeroandthespecifiedintegerAninteger(rangeoftherandomnumber)Status,randomnumberANSIX9.
31RNGseedforkeygenerationmethods–readANSIX9.
31RNGDTvalueforkeygenerationmethods–readANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–readnextBytesGeneratesarandomnumberarrayPointertoabytearrayStatus,randomnumberarrayANSIX9.
31RNGseedforkeygenerationmethods–readANSIX9.
31RNGDTvalueforkeygenerationmethods–readANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–readzeroizeZeroizesCSPsNoneStatusAllCSPsinHashMapandfilesystem–overwriteTable6–UserServicesServiceDescriptionInputOutputCSPandTypeofAccesssetNumberOfKeysSetsthemaximumnumberofkeysthatthekeygeneratorwillcreatebeforerestartingatzeroNumberofkeysStatusNonesetPersistenceSetsthewaythekeyswillbesavedforthekeygeneratorMode(saveinkeysinfilesystemormemory)StatusNonesetPathSetsthelocationthatthekeyswillbesavedtothefilesystemPathofthefilesystemStatusNoneSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage17of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
ServiceDescriptionInputOutputCSPandTypeofAccessgetSecretKeyCreatesandreturnsaJavasecretkey(javax.
crypto.
SecretKey)NoneStatus,asecretkey(javax.
crypto.
SecretKey)AESkeyorTripleDESkeyforcalleruse–write,readgetRawKeyCreatesandreturnsaJavasecretkey(bytearray)NoneStatus,asecretkey(bytearray)AESkeyorTripleDESkeyforcalleruse–write,readstartKeyGenStartsathreadthatwillperformkeygenerationandsavethekeys.
Keyswillbegeneratedevery60secondsNoneStatusTripleDESkeyforveilingandunveilingmethods–writestopKeyGenStopsthekeygenerationNoneStatusTripleDESkeyforveilingandunveilingmethods–overwritegetSecretKeyFromReposGetsakey(javax.
crypto.
SecretKey)fromtherepositorythatiscreatedbythestartKeyGenmethodcallIndextotherepositoryStatus,asecretkey(javax.
crypto.
SecretKey)TripleDESkeyforveilingandunveilingmethods–readgetRawKeyFromReposGetsakey(bytearray)fromtherepositorythatiscreatedbythestartKeyGenmethodcallIndextotherepositoryStatus,asecretkey(bytearray)TripleDESkeyforveilingandunveilingmethods–readsetSecretKeySetsthesecretkey(bytearray)tobeusedincryptooperationsSecretkeyStatusAESkeyorTripleDESkeyforencryptionanddecryptionmethods–write,overwritesetSecretKeySetsthesecretkey(javax.
crypto.
SecretKey)tobeusedincryptooperationsSecretkeyStatusAESkeyorTripleDESkeyforencryptionanddecryptionmethods–write,overwritesetIVSetstheinitializationvectorifcryptousesCBCmodeInitializationvectorStatusNoneupdateHashUpdatesthecurrentmessageforhashingBytearrayaddedtothemessageStatusNonehashValuePerformsthefinalhashingformessageBytearrayaddedtothemessagebeforethefinalhashingisdoneStatus,hashvalueNoneupdateEncryptedUpdatesthecurrentplaintextforencryptionBytearrayaddedtotheplaintexttobeencryptedStatusNoneSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage18of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
ServiceDescriptionInputOutputCSPandTypeofAccessencryptValuePerformsthefinalencryptionfortheplaintextBytearrayaddedtotheplaintextbeforethefinalencryptionisdoneStatus,ciphertextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readdecryptValueDecryptsciphertextPlaintextStatus,plaintextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readencryptValueEncryptsplaintextwithspecifiedsecretkey(javax.
crypto.
SecretKey)Plaintext,secretkey(javax.
crypto.
SecretKey)Status,ciphertextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readdecryptValueDecryptsciphertextwithspecifiedsecretkey(javax.
crypto.
SecretKey)Ciphertext,secretkey(javax.
crypto.
SecretKey)Status,plaintextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readencryptValueEncryptsplaintextwithspecifiedsecretkey(bytearray)Plaintext,secretkey(bytearray)Status,ciphertextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readdecryptValueDecryptsciphertextwithspecifiedsecretkey(bytearray)Ciphertext,secretkey(bytearray)Status,plaintextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readencodePerformsBase64encodingonbytesBytestobeencodedEncodedbytesNoneencodePerformsBase64encodingonstringsStringstobeencodedEncodedstringNonedecodePerformsBase64decodingonbytesBytestobedecodedDecodedbytesNonedecodePerformsBase64decodingonstringsStringstobedecodedDecodedstringNoneveilDataHidesbits,bytes,orbitsandbytesinalargerarrayMode(bit,byte,orbitandbyte),bytearraytobehidden,TripleDESkeyfortheANSIX9.
31RNGConversionarraywithhiddenbytearrayTripleDESkeyforveilingandunveilingmethods–write,readunveilDataExtractsthedatafromconversionarrayMode(bit,byte,orbitandbyte),conversionarray,TripleDESkeyfortheANSIX9.
31RNGOriginalbytearrayTripleDESkeyforveilingandunveilingmethods–write,readSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage19of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
3.
4PhysicalSecurityTheAuthernativeCryptographicModuleisamulti-chipstandalonemodule.
Thephysicalsecurityrequirementsdonotapplytothismodule,sinceitispurelyasoftwaremoduleanddoesnotimplementanyphysicalsecuritymechanisms.
3.
5OperationalEnvironmentThemodulewastestedandvalidatedongeneral-purposeMicrosoftWindowsXPwithServicePackage2withSunJRE1.
5.
ThemodulecanrunonanyJVMregardlessofOSandcomputerarchitecture.
TheminimumversionoftheJREsupportedbythemoduleis1.
5.
ThemodulemustbeconfiguredinsingleusermodeaspertheinstructionsprovidedinSection4.
1ofthisdocument.
RecommendedconfigurationchangesforthesupportedOScanalsobefoundinSection4.
1.
3.
6CryptographicKeyManagementThemoduleimplementsthefollowingFIPS-approvedalgorithmsintheApprovedmodeofoperation.
SHA-1,SHA-256,SHA-384,SHA-512(certificate#725).
SHAmeansSecureHashAlgorithm.
HMAC-SHA-1(certificate#375).
HMACmeansKeyed-HashMessageAuthenticationCode.
TripleDES:112and168bits,inECBandCBCmodes(certificate#629).
ECBandCBCmeanElectronicCodebookandCipherBlockChaining,respectively.
AES:128,192,and256bits,inECBandCBCmodes(certificate#697)ANSIX9.
31AppendixA.
2.
4RNGwith2-keyTripleDES(certificate#408)IntheApprovedmodeofoperation,themoduleusesanon-ApprovedRNGtoseedtheANSIX9.
31RNG.
Thisnon-ApprovedRNGistheSecureRandomclassprovidedbytheJREandisnotimplementedbythemoduleitself.
Thenon-ApprovedRNGisoutsidethecryptographicboundaryofthemoduleandisusedbythemoduleonlyforseedingtheANSIX9.
31RNG.
Inthenon-Approvedmodeofoperation,themodulesupportsMD5.
ThemodulesupportsthefollowingCSPsintheApprovedmodeofoperation:Table7–ListofCryptographicKeys,CryptographicKeyComponents,andCSPsKeyKeyTypeGeneration/InputOutputStorageZeroizationUseTripleDESkeyforcalleruseTripleDESsymmetrickeysGeneratedbyANSIX9.
31RNGInplaintext1.
Plaintextinvolatilememory;2.
PlaintextinfilesystemZeroizedwhenthezeroizemethodiscalledUseisatthediscretionofthecallerAESkeyforcalleruseAESsymmetrickeyGeneratedbyANSIX9.
31RNGInplaintext1.
Plaintextinvolatilememory;2.
PlaintextinfilesystemZeroizedwhenthezeroizemethodiscalledUseisatthediscretionofthecallerTripleDESkeyforencryptionanddecryptionmethodsTripleDESsymmetrickeysInputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedafterencryptionordecryptionisdoneEncryptplaintextordecryptciphertextAESkeyforencryptionanddecryptionmethodsAESsymmetrickeyInputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedafterencryptionordecryptionisdoneEncryptplaintextordecryptciphertextSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage20of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
KeyKeyTypeGeneration/InputOutputStorageZeroizationUseTripleDESkeyforveilingandunveilingmethodsTripleDESsymmetrickeysInputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedafterveilingorunveilingisdoneVeilorunveildataANSIX9.
31RNGDTvalueforkeygenerationmethodsDate/timevariable1.
Generatedinternallybyretrievingsystemdate/timevalue2.
InputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedwhennewDTvalueisgeneratedGeneratekeysANSIX9.
31RNGTripleDESkeyforkeygenerationmethodsTripleDESsymmetrickeys1.
Generatedusingthenon-ApprovedRNG2.
InputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedwhennewTripleDESkeyisgeneratedGeneratekeysANSIX9.
31RNGseedforkeygenerationmethodsSeed1.
Generatedusingthenon-ApprovedRNG2.
InputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedwhennewseedisgeneratedGeneratekeysSoftwareintegritytestkey512-bitHMAC-SHA-1keyHardcodedNeverPlaintextinnonvolatilememoryZeroizedwhenthemoduleisuninstalledUsedinsoftwareintegritytest3.
6.
1KeyGenerationThemoduleusesanANSIX9.
31RNGwith2-keyTripleDEStogeneratecryptographickeys.
ThisRNGisaFIPS-ApprovedRNGasspecifiedinAnnexCtoFIPS140-2.
3.
6.
2KeyInput/OutputSymmetrickeysareinputtoandoutputfromthemoduleinplaintext.
Themoduledoesnotuseasymmetric-keycryptography.
3.
6.
3KeyStorageandProtectionKeysandotherCSPsarestoredinvolatilememoryorfilesysteminplaintext.
Allkeydataresidesininternallyallocateddatastructuresandcanonlybeoutputusingthemodule'sdefinedAPI.
TheOSandJREprotectmemoryandprocessspacefromunauthorizedaccess.
3.
6.
4KeyZeroizationGenerallyspeaking,CSPsresidesininternaldatastructuresthatarecleanedupbyJVM'sgarbagecollector.
Javahandlesmemoryinunpredictablewaysthataretransparenttotheuser.
TheCryptoOfficermaymanuallyinvokethezeroizationofkeysstoredinHashMapandfilesystembycallingthezeroizemethod.
3.
7EMI/EMCAlthoughthemoduleconsistsentirelyofsoftware,theFIPS140-2platformisaserverthathasbeentestedforandmeetsapplicableFederalCommunicationsCommission(FCC)EMIandEMCrequirementsforbusinessuseasdefinedinSubpartBofFCCPart15.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage21of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
3.
8Self-TestsThepower-upself-testsaretriggeredbyinstantiationofanobjectoftheAuthCryptoApiclass.
TheAuthernativeCryptographicModuleperformsthefollowingpower-upself-tests:SoftwareintegritytestusingHMAC-SHA-1KnownAnswerTest(KAT)on2-keyTripleDESinECBmodeKATon128-bitAESinECBmodeKATsonSHA-1,SHA-256,SHA-384,andSHA-512KATonANSIX9.
31RNGThemoduleimplementsthefollowingconditionalself-tests.
ContinuoustestfortheANSIX9.
31RNGContinuoustestforthenon-ApprovedRNGIftheself-testsfail,anexceptionwillbethrownonthefailure.
Theapplicationisthenalertedthattheself-testsfailed,andthemodulewillnotloadandwillenteranerrorstate.
Whenintheerrorstate,executionofthemoduleishaltedanddataoutputfromthemoduleisinhibited.
3.
9MitigationofOtherAttacksThissectionisnotapplicable.
NoclaimismadethatthemodulemitigatesagainstanyattacksbeyondtheFIPS140-2level1requirementsforthisvalidation.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage22of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
4SecureOperationTheAuthernativeCryptographicModulemeetsLevel1requirementsforFIPS140-2.
ThesubsectionsbelowdescribehowtoplaceandkeepthemoduleintheApprovedmodeofoperation.
4.
1OperatingSystemConfigurationTheuserofthemoduleisasoftwareapplication.
FIPS140-2mandatesthatacryptographicmodulebelimitedtoasingleuseratatime.
AsingleinstantiationoftheAuthernativeCryptographicModuleshallonlybeaccessedbyoneclientapplication,whichistheUserofthisinstantiationoftheAuthernativeCryptographicModule.
Forenhancedsecurity,itisrecommendedthattheCryptoOfficerconfiguretheOStodisallowremotelogin.
ToconfigureWindowsXPtodisallowremotelogin,theCryptoOfficershouldensurethatallremoteguestaccountsaredisabledinordertoensurethatonlyonehumanoperatorcanlogintoWindowsXPatatime.
TheservicesthatneedtobeturnedoffforWindowsXPareFast-userswitching(irrelevantifserverisadomainmember)TerminalservicesRemoteregistryserviceSecondarylogonserviceTelnetserviceRemotedesktopandremoteassistanceserviceOnceWindowsXPhasbeenconfiguredtodisableremotelogin,theCryptoOfficercanusethesystem"Administrator"accounttoinstallsoftware,uninstallsoftware,andadministerthemodule.
ACMVPpublicdocument,FrequentlyAskedQuestionsfortheCryptographicModuleValidationProgram1,givesinstructionsinSection5.
3forconfiguringvariousUnix-basedoperatingsystemsforsingleusermode.
4.
2ApprovedModeConfigurationTheAuthernativeCryptographicModuleitselfisnotanend-userproduct.
Itisprovidedtotheend-usersaspartoftheapplication(e.
g.
,AuthGuard).
Themoduleisinstalledduringinstallationoftheapplication.
Theinstallationprocedureisdescribedintheinstallationmanualfortheapplication.
Inordertoaccessfunctionsofthemodule,theapplicationhastoexecutetheconstructorofclassAuthCryptoApibyinstantiatinganobjectofclassAuthCryptoApi.
TheconstructorofclassAuthCryptoApiis:publicAuthSecurityApi(intcrpytoType,inthashType,intcodeBook,intkeySize,intpadding)IfthevaluepassedintotheargumentinthashTypeisSHA(integervalue1,2,3,or4),thenthemoduleisoperatingintheApprovedmodeofoperation.
IfthevaluepassedintotheargumentinthashTypeisMD5(integervalue0),thenthemoduleisoperatinginthenon-Approvedmodeofoperation.
TheconstructorofclassAuthCryptoApiperformsallrequiredpower-upself-tests.
Ifallpower-upself-testsarepassed,thenaninternalflagwillbesettotrue.
Allotherpublicmethodsofthemodulecheckthisinternalflagandensureitistruebeforeperforminganyotherfunctions.
1Availableathttp://csrc.
nist.
gov/groups/STM/cmvp/documents/CMVPFAQ.
pdf.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage23of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
NoticethattheApprovedmodeconfigurationdescribedaboveistransparenttoanoperator.
Theconfigurationisperformedbytheclientapplication.
4.
3CSPZeroizationTheCryptoOfficershouldzeroizeCSPswhentheyarenolongerneeded.
SeeSection3.
6.
4ofthisdocumentfordetailsonCSPzeroization.
4.
4StatusMonitoringThemodule'scryptographicfunctionalityandsecurityservicesareprovidedviatheapplication.
Themoduleisnotmeanttobeusedwithoutanassociatedapplication.
End-userinstructionsandguidanceareprovidedintheusermanualandtechnicalsupportdocumentsoftheapplicationsoftware.
Althoughend-usersdonothaveprivilegestomodifyconfigurationsofthemodule,theyshouldmakesurethattheApprovedmodeofoperationisenforcedintheapplication,therebyensuringthatthepropercryptographicprotectionisprovided.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage24of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
5AcronymsTable8–AcronymsAcronymDefinitionAESAdvancedEncryptionStandardANSIAmericanNationalStandardsInstituteAPIApplicationProgrammingInterfaceBBVUByte-Bit-Veil-UnveilBIOSBasicInput/OutputSystemBitVUBit-Veil-UnveilByteVUByte-Veil-UnveilCBCCipherBlockChainingCD-ROMCompactDiscRead-OnlyMemoryCMVPCryptographicModuleValidationProgramCPUCentralProcessingUnitCSPCriticalSecurityParameterDESDataEncryptionStandardDRKDataRandomKeyDTDate/TimeECBElectronicCodebookEMCElectromagneticCompatibilityEMIElectromagneticInterferenceFCCFederalCommunicationsCommissionFIPSFederalInformationProcessingStandardGPCGeneral-PurposeComputerGUIGraphicalUserInterfaceHDDHardDriveHMACKeyed-HashMessageAuthenticationCodeIDEIntegratedDriveElectronicsIEEEInstituteofElectricalandElectronicsEngineersI/OInput/OutputIRInfraredISAInstructionSetArchitectureJARJavaARchivalJREJavaRuntimeEnvironmentJVMJavaVirtualMachineKATKnownAnswerTestSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage25of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
AcronymDefinitionMACMessageAuthenticationCodeN/ANotApplicableOSOperatingSystemPCIPeripheralComponentInterconnectRAMRandomAccessMemoryRNGRandomNumberGeneratorROMReadOnlyMemorySHASecureHashAlgorithmSRKSessionRandomKeyUARTUniversalAsynchronousReceiver/TransmitterUSBUniversalSerialBus
- settingsecondarylogon相关文档
- additionalsecondarylogon
- Logoffstatusmessagessecondarylogon
- POSIXsecondarylogon
- Levelsecondarylogon
- secondarylogon魔兽世界下载器不动Secondary Logon 在哪?
- secondarylogonSecondary Logon 等等是什么意思?
阿里云秋季促销活动 轻量云服务器2G5M配置新购年60元
已经有一段时间没有分享阿里云服务商的促销活动,主要原因在于他们以前的促销都仅限新用户,而且我们大部分人都已经有过账户基本上促销活动和我们无缘。即便老用户可选新产品购买,也是比较配置较高的,所以就懒得分享。这不看到有阿里云金秋活动,有不错的促销活动可以允许产品新购。即便我们是老用户,但是比如你没有购买过他们轻量服务器,也是可以享受优惠活动的。这次轻量服务器在金秋活动中力度折扣比较大,2G5M配置年付...
傲游主机38.4元起,韩国CN2/荷兰VPS全场8折vps香港高防
傲游主机怎么样?傲游主机是一家成立于2010年的老牌国外VPS服务商,在澳大利亚及美国均注册公司,是由在澳洲留学的害羞哥、主机论坛知名版主组长等大佬创建,拥有多家海外直连线路机房资源,提供基于VPS主机和独立服务器租用等,其中VPS基于KVM或者XEN架构,可选机房包括中国香港、美国洛杉矶、韩国、日本、德国、荷兰等,均为CN2或者国内直连优秀线路。傲游主机提供8折优惠码:haixiuge,适用于全...
HostMem,最新优惠促销,全场75折优惠,大硬盘VPS特价优惠,美国洛杉矶QuadraNet机房,KVM虚拟架构,KVM虚拟架构,2核2G内存240GB SSD,100Mbps带宽,27美元/年
HostMem近日发布了最新的优惠消息,全场云服务器产品一律75折优惠,美国洛杉矶QuadraNet机房,基于KVM虚拟架构,2核心2G内存240G SSD固态硬盘100Mbps带宽4TB流量,27美元/年,线路方面电信CN2 GT,联通CU移动CM,有需要美国大硬盘VPS云服务器的朋友可以关注一下。HostMem怎么样?HostMem服务器好不好?HostMem值不值得购买?HostMem是一家...
secondarylogon为你推荐
-
找不到光驱为什么我的电脑光驱找不到?郭吉军郭吉军和管鹏这两个站长怎么样?群里有人骂郭吉军什么叫做广告联盟显卡温度多少正常显卡温度多少正常童之磊华硕的四核平板电脑,怎么样?如何建立自己的网站如何建立自己的网站硬盘人500G的硬盘容量是多少啊?奇虎论坛360有论坛中心?怎么升级ios6苹果iPhone6怎么升级系统iphone6上市时间苹果6是什么时候出的 ?