settingsecondarylogon
secondarylogon 时间:2021-02-26 阅读:()
2008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
Authernative,Inc.
AuthernativeCryptographicModuleSoftwareVersion:1.
0.
0FIPS140-2SecurityPolicyLevel1ValidationDocumentVersion1.
1Preparedfor:Preparedby:Authernative,Inc.
CorsecSecurity,Inc.
201RedwoodShoresParkway,Suite275RedwoodCity,CA9406510340DemocracyLane,Suite201Fairfax,VA22030Phone:(650)587-5263Phone:(703)267-6050Fax:(650)587-5259Fax:(703)267-6810http://www.
authernative.
comhttp://www.
corsec.
comSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage2of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
RevisionHistoryVersionModificationDateModifiedByDescriptionofChanges0.
12007-09-21XiaoyuRuanInitialdraft0.
22008-01-10XiaoyuRuanAddedECBBlockCipher.
class;removedDESEngine.
class0.
32008-01-23XiaoyuRuanAddedzeroizemethod;PutCAVPnumbers0.
42008-01-25XiaoyuRuanAddressedLabcomments0.
52008-02-05XiaoyuRuanAddressedLabcomments1.
02008-05-01XiaoyuRuanAddressCMVPcomments1.
12008-05-09XiaoyuRuanAddressCMVPcommentsSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage3of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
TableofContents1INTRODUCTION61.
1PURPOSE.
61.
2REFERENCES.
61.
3DOCUMENTORGANIZATION62AUTHGUARDANDPASSENABLER.
72.
1OVERVIEW.
72.
2CLIENT-SERVERENCRYPTIONANDAUTHENTICATION.
82.
3BITVU,BYTEVU,ANDBBVU.
93AUTHERNATIVECRYPTOGRAPHICMODULE103.
1OVERVIEW.
103.
2MODULEINTERFACES.
103.
3ROLESANDSERVICES.
143.
4PHYSICALSECURITY193.
5OPERATIONALENVIRONMENT.
193.
6CRYPTOGRAPHICKEYMANAGEMENT.
193.
6.
1KeyGeneration.
203.
6.
2KeyInput/Output203.
6.
3KeyStorageandProtection.
203.
6.
4KeyZeroization.
203.
7EMI/EMC203.
8SELF-TESTS213.
9MITIGATIONOFOTHERATTACKS.
214SECUREOPERATION.
224.
1OPERATINGSYSTEMCONFIGURATION224.
2APPROVEDMODECONFIGURATION224.
3CSPZEROIZATION.
234.
4STATUSMONITORING.
235ACRONYMS.
24SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage4of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
TableofFiguresFIGURE1–COMPONENTSOFTHEAUTHGUARDPRODUCT.
8FIGURE2–LOGICALCRYPTOGRAPHICBOUNDARY11FIGURE3–LOGICALCRYPTOGRAPHICBOUNDARYANDINTERACTIONSWITHSURROUNDINGCOMPONENTS12FIGURE4–PHYSICALBLOCKDIAGRAMOFASTANDARDGPC13SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage5of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
TableofTablesTABLE1–BINARYFORMOFTHEMODULE10TABLE2–SECURITYLEVELPERFIPS140-2SECTION.
10TABLE3–AUTHERNATIVECLASSESINAUTHCRYPTOAPI.
JAR.
11TABLE4–LOGICAL,PHYSICAL,ANDMODULEINTERFACEMAPPING.
13TABLE5–CRYPTOOFFICERSERVICES15TABLE6–USERSERVICES.
16TABLE7–LISTOFCRYPTOGRAPHICKEYS,CRYPTOGRAPHICKEYCOMPONENTS,ANDCSPS.
19TABLE8–ACRONYMS24SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage6of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
1Introduction1.
1PurposeThisdocumentisanon-proprietaryCryptographicModuleSecurityPolicyfortheAuthernativeCryptographicModulefromAuthernative,Inc.
ThisSecurityPolicydescribeshowtheAuthernativeCryptographicModulemeetsthesecurityrequirementsofFIPS140-2andhowtorunthemoduleinasecureFIPS140-2modeofoperation.
ThispolicywaspreparedaspartoftheLevel1FIPS140-2validationoftheAuthernativeCryptographicModule.
FIPS140-2(FederalInformationProcessingStandardsPublication140-2–SecurityRequirementsforCryptographicModules)detailstheU.
S.
andCanadiangovernmentrequirementsforcryptographicmodules.
MoreinformationabouttheFIPS140-2standardandvalidationprogramisavailableontheNationalInstituteofStandardsandTechnology(NIST)CryptographicModuleValidationProgram(CMVP)websiteat:http://csrc.
nist.
gov/groups/STM/index.
html.
Inthisdocument,theAuthernativeCryptographicModuleisreferredtoas"themodule".
TheapplicationrepresentsAuthernative'ssoftwareproducts,suchasAuthGuard,linkedwiththecryptographicmethodsprovidedbytheAuthernativeCryptographicModule.
1.
2ReferencesThisdocumentdealsonlywiththeoperationsandcapabilitiesofthemoduleinthetechnicaltermsofaFIPS140-2cryptographicmodulesecuritypolicy.
Moreinformationisavailableonthemodulefromthefollowingsources:TheAuthernativewebsite(http://www.
authernative.
com/)containsinformationonthefulllineofproductsfromAuthernative.
TheCMVPwebsite(http://csrc.
nist.
gov/groups/STM/index.
html)containscontactinformationforanswerstotechnicalorsales-relatedquestionsforthemodule.
1.
3DocumentOrganizationTheSecurityPolicydocumentisonedocumentinaFIPS140-2submissionpackage.
Inadditiontothisdocument,theSubmissionPackagecontains:VendorEvidenceFiniteStateMachineOthersupportingdocumentationasadditionalreferencesThisSecurityPolicyandtheothervalidationsubmissiondocumentationhavebeenproducedbyCorsecSecurity,Inc.
undercontracttoAuthernative.
WiththeexceptionofthisNon-ProprietarySecurityPolicy,theFIPS140-2ValidationDocumentationisproprietarytoAuthernativeandisreleasableonlyunderappropriatenon-disclosureagreements.
Foraccesstothesedocuments,pleasecontactAuthernative.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage7of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
2AuthGuardandPassEnablerAuthernative,Inc.
isasoftwarecompanythatdevelops,markets,andsellsenterpriseandconsumerlevelsecuritysolutions.
Authernative'sgrantedandpendingU.
S.
andInternationalpatentsintheareaofprivateandsecurefinancialtransactions,authenticationalgorithms,protocols,andencryptionschemesarethefoundationforthecompanytechnologyandcommercialproductofferings.
Authernativeprovidesintegratedsecuritysolutionsforidentitymanagement,strongauthenticationtoaccessnetworkresources,andefficientauthorization,administrationandauditingcontrol.
Authernativeapproachessecurityasacomplexsystemhavingscientific,technological,engineering,marketing,andsocialcomponents.
Thecompanybelievesthatonlyaharmonizedmixtureofthesecomponentsimplementedinsecurityproductsandbackedwithexcellentservicescanbringlong-lastingsuccessandcustomersatisfaction.
Authernativecurrentlysellstwoseparateandcomplementaryproducts:AuthGuardandPassEnabler.
BothAuthGuardandPassEnablerareapplicationsthatusetheAuthernativeCryptographicModule.
However,AuthGuardandPassEnablerarenotbeingvalidatedforFIPScompliancebecausealltheirsecurity-relevantfunctionsareprovidedbytheAuthernativeCryptographicModule.
2.
1OverviewAuthGuardisanauthenticationproduct.
Itprovidesanauthenticationserverthatsupportsandmanagesmultipleauthenticationoptions.
ThoseoptionsallowAuthGuardtooffermultifactorauthentication,strongauthentication,orlayeredauthenticationservices.
PassEnablerallowsadministratorstodefinewhatresourcesauthorizedusershaveaccesstoandprovidesasecureauthorization,administration,auditing,andwebsingle-sign-onengine.
PassEnablerisintegratedwithAuthGuard.
PassEnablerenablescorporateidentityandaccessmanagementusingtheauthenticationcapabilitiesofAuthGuard.
AuthGuardandPassEnablercanbeusedeitherseparatelyortogetherascomplementarytoolswithinatoolsuite.
TheAuthGuardproductisimplementedusingfivecomponents(asdepictedinFigure1):AuthGuardServerAdministrativeUtilityConfigurationUtilityLicensingAuthGuardClientThecentralcomponentistheAuthGuardServer,whichprovidesauthenticationservicesinanetworkedenvironment.
UsersattemptingtoaccessvarioussystemsareredirectedtotheAuthGuardServer.
ThisprovidesthemwithaGraphicalUserInterface(GUI)toperformauthentication.
TheGUIisprovidedbydownloadingtheAuthGuardClienttoabrowser.
TheAuthGuardClientGUIchangesdependingonwhatformsofauthenticationarebeingperformed,andcommunicateswiththeAuthGuardServer.
AuthernativehasdevelopedtwoutilitiestomanagetheAuthGuardproduct.
ThefirstutilityistheAdministrativeUtility,whichprovidesanadministrativeconsoleformanagementoftheAuthGuardServer.
TheAdministrativeUtilityprovidesaGUItotweakroughlyfiftyoptionsandfeaturesoftheconfigurationoftheAuthGuardServer,settingtheuserpermissionsandauthentication.
AnadministratorusestheAdministrativeUtilitytoinitiallyconfigurethesystem.
ThesecondutilityistheConfigurationUtility,whichisadesktopconfigurationtoolthatgivestheadministratortheabilitytoperformuseraccountprovisioning,manageroles,createusers,andperformauditing.
TheConfigurationUtilityalsoallowsauditingtobeperformedonusersandadministratoractivitiesonthenetworkfromdataintheAuthGuardServer'slogs.
TheproductallowsausertoviewnetworkresourcesandtodefineresourcesthatareplacedunderAuthGuard'sauthenticationcontrol.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage8of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
Figure1–ComponentsoftheAuthGuardProduct2.
2Client-ServerEncryptionandAuthenticationCommunicationsbetweentheAuthGuardServerandtheAuthGuardClientareencryptedusingtheAdvancedEncryptionStandard(AES)algorithm.
TheAuthGuardServerisimplementedasaJavaservletwithinanApacheTomcatcontainer,andcontainsallrequiredsecurityfunctionality.
TheAuthGuardClientisdistributedasaJavaappletbytheAuthGuardServer.
Theappletisloadedintoauser'sbrowser.
TheClientthenprovidesthecompleteuserGUIandperformstheencryptionoperationsenablingsecurecommunicationswiththeAuthGuardServer.
Furthermore,theappletprovidesinterfacesappropriatetotheadministrator-selectedauthenticationmethodsandguidestheuserthroughauthenticationtotheAuthGuardServerandaccesstoresources.
NetworkusersencountertheAuthGuardServerwhentheybringupabrowserandrequestaccesstoanauthenticatedresource.
TheserequestsareredirectedbytheresourcetotheAuthGuardServeriftherequesthasnotyetbeenauthenticated.
Optionally,userscanpointdirectlytoanAuthGuardServertobeginauthenticationsteps.
Oncecontacted,theAuthGuardServersendsbacktheClientapplettotheuseralongwithaSessionRandomKey(SRK),whichcanbeeitheranAESoratripleDataEncryptionStandard(DES)key.
TheSRKsareusedtoinitializesecuresessions,andarecreatedbytheAuthGuardServer.
WhentheservletfortheAuthGuardServerisinitialized,itstartsgeneratinganewstoreofSRKsdestinedforfutureuse.
TheSRKsareplacedinanarraythatisconstantlyupdatedbytheServer,andSRKscreatedbytheServerareassignedalifetime.
AfteranSRKhasexpired,itwillnotbeusedtosecureanewconnection.
EachSRKisassociatedwithanarrayofDataRandomKeys(DRKs),whichiscreatedforaparticularsession.
ThearrayofDRKsiserasediftheSRKiserased.
TheServercanbeconfiguredtocreateaspecificnumberofSRKs,andwillthenupdatethemperiodically.
Foranindividualsession,asingleunusedSRKisselected,andthensenttotheclientintheclearencodedasanarrayofbytesinaJavaclass.
TheSRKisthenusedbytheClienttoinitiatethesessionbetweentheClientandtheServer.
TheClientfirstobtainsausernamefromtheGUI,andsendsthistotheserverencryptedwiththeSRK.
TheServerreceivesthisanddecryptstheusername.
AftertheexchangeofausernameandSRK,theServerselectsaDRKfromthearrayassociatedwiththeSRK,andsendsittotheClientencryptedwiththeSRK.
Theencryptedbitsareadditionallybyte-veiled,orbit-veiledasdescribedinthenextsubsection.
Atthispoint,theClientretrievestheDRK,anddisplaysaGUItotheusertocollectpasswordinformation.
Meanwhile,theClienthashestheDRK,encryptsthehashwiththeDRK,andsendstheresultbacktotheServertoindicatethattheDRKwassuccessfullyreceivedanddecrypted.
TheServerchecksthatthisiscorrectbycomputingthesamevalue.
Atthispoint,theServerandClienthaveexchangedanSRK,DRK,andusernamebuthavenotauthenticatedeitherside,orexchangedakeynotsubjecttoman-in-the-middleattacks.
Now,theServerselectsasecondDRK(DRK2)fromtheDRKarray.
Theserverthenretrievestheuser'spasswordinformationfromitsdatabase.
TheServerthenencryptsDRK2withDRKandbit-veils,byte-veils,orbothintoaconversionarrayusingvaluesfromaRandomNumberGenerator(RNG)seededwiththeuser'spasswordinformation.
ThisistransmittedtotheClientwhocanthenusethesamepasswordinformationtoreconstructDRK2.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage9of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
TheClientthenhashesDRK2,hidesitinaconversionarrayusingthepasswordinformation,encryptstheconversionarraywithDRK2,andsendsitbacktotheservertoindicatehehasDRK2.
ThisstepperformsClientauthenticationbasedonpossessionoftheuser'spasswordinformation,andsharesDRK2withbothsides.
ThesamestepisthenperformedbytheServertoauthenticatetheServertotheClientusingDRK2andtheServerpassword.
TheServersendsahashofDRK2inaconversionarrayusingtheServerpasswordtoseedtheRNGforbit-orbyte-veiling,andencryptingthearraywithDRK2.
TheClientalreadyhastheServerpasswordandusesittoauthenticatetheServer.
Atthispointclienthaveperformedmutualauthentication,andshareasessionencryptionkey.
Userpasswordinformationcanbeasimplepassword,orcanuseAuthernative'spassline(achosenpatterninagrid),pass-step(anout-of-bandchallengesenttoemailorphonetobeentered),crossline(achallengeembeddedinagrid),orpassfield(image,colors,andagrid).
Eachoftheseprocessesallowstheusertoselectsecretpasswordinformation,allorpartofwhichcanbeprovidedinresponsetochallenges.
TheauthenticationstepofexchangingaDRKusingpasswordinformationforthebit-andbyte-veilingcanbeiteratedasoftenasdesiredtoprovideaDRK3,DRK4,etc.
Securitycanbelayeredtousemultipleauthenticationsteps,wheredifferentpasswordinformationformsareemployed.
Forexample,ausercouldemploybothasimplepasswordandusepassline.
ThepasswordwouldbeusedforDRK2,andthenpasslinewouldbeusedforDRK3,andthatexchangewouldalsodependuponDRK2.
Atthispoint,theDRKarenotusedbyAuthGuardforsecuredataencryption,andaresimplytreatedasabyproductoftheauthentication.
OtherproductsmayinthefutureusetheDRKsforsecurecontentexchange,buttheyarecurrentlyusedonlyforauthentication.
2.
3BitVU,ByteVU,andBBVUAuthernativehassecuredthreepatentsontheprocessesdescribedabove,withclaimsinthepatentsthatcovertheuseofaconversionarray,keygeneration,andbit-andbyte-veiling.
Theprocessof"Bit-Veil-Unveil(BitVU),Byte-Veil-Unveil(ByteVU),andByte-Bit-Veil-Unveil(BBVU)"mentionedabovearethesubjectofthepatents,andareintegraltotheauthenticationprocess.
TheBitVUandByteVUprocessestakeanarrayofrandomdataandeffectivelyhideorinterspersemessagedatawithinthearray.
Thearrayofrandomdatawiththeinterspersedmessagesisreferredtoasaconversionarray,andmaybefurtherencryptedbeforetransmissionwithintheAuthGuardschemesdescribed.
ThelocationsofthemessagedatawithintheconversionarrayaredeterminedbyadeterministicRNGseededwithasecretvalue.
TwopartiesthatsharethissecretvaluecanbothusethesameRNGtocomputethelocationsofthedatawithintheconversionarray.
TheprocessofByteVUinvolvesgeneratingaconversionarray,and"veiling"individualbytesofthemessagedatabysparselydistributingthemthroughtheconversionarray.
TheprocessofBitVUdoesthesame,butonabit-wisebasis.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage10of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
3AuthernativeCryptographicModule3.
1OverviewThemodulewasdevelopedandtestedonMicrosoftWindowsXP(ServicePackage2)withSunJavaRuntimeEnvironment(JRE)1.
5.
ThemodulecanrunonanyJavaVirtualMachine(JVM)regardlessofoperatingsystem(OS)andcomputerarchitecture.
TheminimumversionoftheJREsupportedbythemoduleis1.
5.
LogicallythemoduleisasingleJavaARchival(JAR),AuthCryptoApi.
jar.
Table1showstheOSandnameofthebinaryfile.
Table1–BinaryFormoftheModuleWhenOperatingSystemBinaryFileNameDevelopmentWindowsXPwithSunJRE1.
5AuthCryptoApi.
jarRuntimeAnyJVMwithJRE1.
5orlaterregardlessofOSandcomputerarchitectureAuthCryptoApi.
jarThemoduleisstoredontheharddiskandisloadedinmemorywhenaclientapplicationcallscryptographicservicesexportedbythemodule.
Asofthiswriting,theclientapplicationisAuthGuard.
However,Authernativemaydevelopmoreapplicationsmakinguseofthemoduleinthefuture.
WhenoperatingintheApprovedmodeofoperation,theAuthernativeCryptographicModuleisvalidatedatFIPS140-2sectionlevelsshowninTable1.
NotethatinTable2,EMIandEMCmeanElectromagneticInterferenceandElectromagneticCompatibility,respectively,andN/Aindicates"NotApplicable".
Table2–SecurityLevelperFIPS140-2SectionSectionSectionTitleLevel1CryptographicModuleSpecification12CryptographicModulePortsandInterfaces13Roles,Services,andAuthentication14FiniteStateModel15PhysicalSecurityN/A6OperationalEnvironment17CryptographicKeyManagement18EMI/EMC19Self-Tests110DesignAssurance111MitigationofOtherAttacksN/A3.
2ModuleInterfacesThemodule,AuthCryptoApi.
jar,providesclientapplicationswithasetofcryptographicservicesintheformofApplicationProgrammingInterface(API)calls.
Figure2showsthelogicalcryptographicboundaryforthemodule.
ThemoduleisaJARfilethatconsistsof42javaclasses.
Outofthe42classes,29areBouncyCastleclassesthatimplementunderlyingcryptographicalgorithms.
BouncyCastleisanopen-sourceJavalibraryavailableatSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage11of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
http://www.
bouncycastle.
org/.
TheBouncyCastleclassesdonothavepublicmethods.
Theother13classes,developedbyAuthernative,implementpublicmethodsofthemodule.
TheJARfilemanifest,MANIFEST.
MF,containsthesignatureoftheJAR(usedinthepower-upintegritytest).
Figure2–LogicalCryptographicBoundaryThedescriptionsoftheAuthernativeclassesaredescribedinTable3–AuthernativeClassesinAuthCryptoApi.
jar.
Acompletelistofexportedmethodsisavailableinthemodule'sAPIreferencemanual.
Table3–AuthernativeClassesinAuthCryptoApi.
jarClassDescriptionAuthApiException.
classTheclassimplementstheexceptionthrownwhenandifthereisanerrorstateintheAPI.
AuthApiStatus.
classTheclassimplementsmethodsthatreportconfigurationsandstatusoftheAPI.
AuthCryptoApi.
classThisisthecoreAPIclassandcontainsallthepublicmethods.
Thisclasssimplycollectstheinterfacesintoasingleobject.
Mostofthefunctionsofthemoduleareimplementedbytheotherclasses.
Base64.
classTheclassimplementsthebase64encodinganddecodingmethods.
ConversionArray.
classTheclassimplementsAuthernative'spatentedBitVU,ByteVU,andBBVUtechnology.
SeeSection2.
3ofthisdocumentforadescriptionofthistechnique.
CryptoFunctions.
classTheclasscontainsallthecryptographicfunctionsrealizedbythemodule.
KeyGen$KeyThread.
classTheclassisasubclassoftheKeyGenclass.
Thisclassimplementsthemechanismofgeneratinganewkeyevery60seconds.
KeyGen.
classTheclassimplementskeygenerationmethods.
LicParams.
classTheclassstoresthelicensinginformationofthemodule.
RCConst.
classTheclasscontainsallthereturncodesfortheAPIerrorsforusewiththeAuthApiExceptionclass.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage12of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
ClassDescriptionSecureRNG.
classTheclassimplementstheAmericanNationalStandardsInstitute(ANSI)X9.
31AppendixA.
2.
4RNG.
AuthCipher.
classThisisanAuthernativewrapperclasstoenhanceusabilityforalloftheBouncyCastlecipherfunctionality.
AuthDigest.
classThisisanAuthernativewrapperclasstoenhanceusabilityforalloftheBouncyCastledigestfunctionality.
Themodule'sinteractionswithsurroundingcomponents,includingCentralProcessingUnit(CPU),harddisk,memory,clientapplication,andtheOSaredemonstratedinFigure3.
Figure3–LogicalCryptographicBoundaryandInteractionswithSurroundingComponentsThemoduleisvalidatedforuseontheplatformslistedinthesecondcolumnofTable1.
Inadditiontothebinaries,thephysicaldeviceconsistsoftheintegratedcircuitsofthemotherboard,theCPU,RandomAccessMemory(RAM),Read-OnlyMemory(ROM),computercase,keyboard,mouse,videointerfaces,expansioncards,andotherhardwarecomponentsincludedinthecomputersuchasharddisk,floppydisk,CompactDiscROM(CD-ROM)drive,powersupply,andfans.
Thephysicalcryptographicboundaryofthemoduleistheopaquehardmetalandplasticenclosureoftheserverrunningthemodule.
Theblockdiagramforastandardgeneral-purposecomputerSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage13of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
(GPC)isshowninFigure4.
Notethatinthisfigure,I/OmeansInput/Output,BIOSstandsforBasicInput/OutputSystem,PCIstandsforPeripheralComponentInterconnect,ISAstandsforInstructionSetArchitecture,andIDErepresentsIntegratedDriveElectronics.
Figure4–PhysicalBlockDiagramofaStandardGPCAllofthesephysicalportsareseparatedintologicalinterfacesdefinedbyFIPS140-2,asdescribedinTable3.
Table4–Logical,Physical,andModuleInterfaceMappingLogicalInterfacePhysicalPortMappingModuleMappingDataInputKeyboard,mouse,CD-ROM,floppydisk,andserial/USB/parallel/networkportsArgumentsforAPIcallsthatcontaindatatobeusedorprocessedbythemoduleDataOutputHardDisk,floppydisk,monitor,andserial/USB/parallel/networkportsArgumentsforAPIcallsthatcontainmoduleresponsedatatobeusedorprocessedbythecallerControlInputKeyboard,CD-ROM,floppydisk,mouse,andserial/USB/parallel/networkportAPIcallsStatusOutputHarddisk,floppydisk,monitor,andserial/USB/parallel/networkportsArgumentsforAPIcalls,returnvalue,errormessageSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage14of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
3.
3RolesandServicesTheoperatorsofthemodulecanassumetworolesasrequiredbyFIPS140-2:aCryptoOfficerroleandaUserrole.
Theoperatorofthemoduleassumeseitheroftherolesbasedontheoperationsperformed.
Theoperatorisnotrequiredtoauthenticatetothemodulebeforeaccessingservices.
ThemoduleprovidesanAPIforclientapplications.
Table5–CryptoOfficerServicesshowsthepublicmethodsthatarerunbytheCryptoOfficerrole.
Themethodnameisshowninthefirstcolumn("Service").
Itsfunctionisdescribedinthesecondcolumn("Description").
EachmethodexportedbythemoduleisanindividualCryptoOfficerservice.
Userservices(seeTable6–UserServices)arealsoavailabletotheCryptoOfficerrole.
Table6–UserServicesshowsthepublicmethodsthatarerunbytheUserrole.
SimilartoTable5–CryptoOfficerServices,themethodnameisshowninthefirstcolumn("Service").
Itsfunctionisdescribedinthesecondcolumn("Description").
EachmethodexportedbythemoduleisanindividualUserservice.
UserservicesarealsoavailabletotheCryptoOfficerrole.
TheCriticalSecurityParameters(CSPs)mentionedintherightmostcolumnscorrespondtotheoneslistedinTable7–ListofCryptographicKeys,CryptographicKeyComponents,andCSPs.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage15of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
Table5–CryptoOfficerServicesServiceDescriptionInputOutputCSPandTypeofAccessInstallationToinstallthemoduleCommandStatusNoneUninstallationTouninstallthemoduleCommandStatusAllCSPs–overwriteAuthCryptoApiTheAPI'sonlyconstructor.
TheinstanceoftheAPIwillbedefinedbytheparametersthatarepassedinCryptotype,hashtype,cryptomode,keysize,paddingschemeStatusNonegetInstanceThismethodisprovidedforsingletonuseoftheAPICryptotype,hashtype,cryptomode,keysize,paddingschemeStatus,theinstanceofAutghCryptoApiNoneprintByteArrayPrintsoutabytearrayinhexadecimalnotationTextstring,bytearrayStatus,theprintoutNoneprintByteArrayPrintsoutabytearrayinhexadecimalnotationBytearrayStatus,theprintoutNonehexStrToByteArrayConvertsahexadecimalstringintoabytearrayHexadecimalstringStatus,bytearrayNonecheckLicenseChecksthelicenseLicensestringfromapplication,clientinformationStatusNonegetStatusGetsinformationandconfigurationabouttheAPINoneStatus,APIobjectinformationandconfigurationNonesetSeedSetstheseed,date/time(DT)value,andTripleDESkeytorandomnumbers(generatedbythenon-ApprovedRNG)fortheANSIX9.
31RNGNoneStatusANSIX9.
31RNGseedforkeygenerationmethods–write,overwriteANSIX9.
31RNGDTvalueforkeygenerationmethods–write,overwriteANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–write,overwritesetSeedSetstheTripleDESkeytospecifiedvaluesfortheANSIX9.
31RNGTripleDESkeyStatusANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–write,overwriteSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage16of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
ServiceDescriptionInputOutputCSPandTypeofAccesssetSeedSetstheseed,DTvalue,andTripleDESkeytospecifiedvaluesfortheANSIX9.
31RNGSeed,TripleDESkey,DTvalueStatusANSIX9.
31RNGseedforkeygenerationmethods–write,overwriteANSIX9.
31RNGDTvalueforkeygenerationmethods–write,overwriteANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–write,overwritenextIntGeneratesarandomnumberNoneStatus,randomnumberANSIX9.
31RNGseedforkeygenerationmethods–readANSIX9.
31RNGDTvalueforkeygenerationmethods–readANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–readnextIntGeneratesarandomnumberbetweenzeroandthespecifiedintegerAninteger(rangeoftherandomnumber)Status,randomnumberANSIX9.
31RNGseedforkeygenerationmethods–readANSIX9.
31RNGDTvalueforkeygenerationmethods–readANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–readnextBytesGeneratesarandomnumberarrayPointertoabytearrayStatus,randomnumberarrayANSIX9.
31RNGseedforkeygenerationmethods–readANSIX9.
31RNGDTvalueforkeygenerationmethods–readANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–readzeroizeZeroizesCSPsNoneStatusAllCSPsinHashMapandfilesystem–overwriteTable6–UserServicesServiceDescriptionInputOutputCSPandTypeofAccesssetNumberOfKeysSetsthemaximumnumberofkeysthatthekeygeneratorwillcreatebeforerestartingatzeroNumberofkeysStatusNonesetPersistenceSetsthewaythekeyswillbesavedforthekeygeneratorMode(saveinkeysinfilesystemormemory)StatusNonesetPathSetsthelocationthatthekeyswillbesavedtothefilesystemPathofthefilesystemStatusNoneSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage17of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
ServiceDescriptionInputOutputCSPandTypeofAccessgetSecretKeyCreatesandreturnsaJavasecretkey(javax.
crypto.
SecretKey)NoneStatus,asecretkey(javax.
crypto.
SecretKey)AESkeyorTripleDESkeyforcalleruse–write,readgetRawKeyCreatesandreturnsaJavasecretkey(bytearray)NoneStatus,asecretkey(bytearray)AESkeyorTripleDESkeyforcalleruse–write,readstartKeyGenStartsathreadthatwillperformkeygenerationandsavethekeys.
Keyswillbegeneratedevery60secondsNoneStatusTripleDESkeyforveilingandunveilingmethods–writestopKeyGenStopsthekeygenerationNoneStatusTripleDESkeyforveilingandunveilingmethods–overwritegetSecretKeyFromReposGetsakey(javax.
crypto.
SecretKey)fromtherepositorythatiscreatedbythestartKeyGenmethodcallIndextotherepositoryStatus,asecretkey(javax.
crypto.
SecretKey)TripleDESkeyforveilingandunveilingmethods–readgetRawKeyFromReposGetsakey(bytearray)fromtherepositorythatiscreatedbythestartKeyGenmethodcallIndextotherepositoryStatus,asecretkey(bytearray)TripleDESkeyforveilingandunveilingmethods–readsetSecretKeySetsthesecretkey(bytearray)tobeusedincryptooperationsSecretkeyStatusAESkeyorTripleDESkeyforencryptionanddecryptionmethods–write,overwritesetSecretKeySetsthesecretkey(javax.
crypto.
SecretKey)tobeusedincryptooperationsSecretkeyStatusAESkeyorTripleDESkeyforencryptionanddecryptionmethods–write,overwritesetIVSetstheinitializationvectorifcryptousesCBCmodeInitializationvectorStatusNoneupdateHashUpdatesthecurrentmessageforhashingBytearrayaddedtothemessageStatusNonehashValuePerformsthefinalhashingformessageBytearrayaddedtothemessagebeforethefinalhashingisdoneStatus,hashvalueNoneupdateEncryptedUpdatesthecurrentplaintextforencryptionBytearrayaddedtotheplaintexttobeencryptedStatusNoneSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage18of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
ServiceDescriptionInputOutputCSPandTypeofAccessencryptValuePerformsthefinalencryptionfortheplaintextBytearrayaddedtotheplaintextbeforethefinalencryptionisdoneStatus,ciphertextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readdecryptValueDecryptsciphertextPlaintextStatus,plaintextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readencryptValueEncryptsplaintextwithspecifiedsecretkey(javax.
crypto.
SecretKey)Plaintext,secretkey(javax.
crypto.
SecretKey)Status,ciphertextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readdecryptValueDecryptsciphertextwithspecifiedsecretkey(javax.
crypto.
SecretKey)Ciphertext,secretkey(javax.
crypto.
SecretKey)Status,plaintextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readencryptValueEncryptsplaintextwithspecifiedsecretkey(bytearray)Plaintext,secretkey(bytearray)Status,ciphertextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readdecryptValueDecryptsciphertextwithspecifiedsecretkey(bytearray)Ciphertext,secretkey(bytearray)Status,plaintextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readencodePerformsBase64encodingonbytesBytestobeencodedEncodedbytesNoneencodePerformsBase64encodingonstringsStringstobeencodedEncodedstringNonedecodePerformsBase64decodingonbytesBytestobedecodedDecodedbytesNonedecodePerformsBase64decodingonstringsStringstobedecodedDecodedstringNoneveilDataHidesbits,bytes,orbitsandbytesinalargerarrayMode(bit,byte,orbitandbyte),bytearraytobehidden,TripleDESkeyfortheANSIX9.
31RNGConversionarraywithhiddenbytearrayTripleDESkeyforveilingandunveilingmethods–write,readunveilDataExtractsthedatafromconversionarrayMode(bit,byte,orbitandbyte),conversionarray,TripleDESkeyfortheANSIX9.
31RNGOriginalbytearrayTripleDESkeyforveilingandunveilingmethods–write,readSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage19of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
3.
4PhysicalSecurityTheAuthernativeCryptographicModuleisamulti-chipstandalonemodule.
Thephysicalsecurityrequirementsdonotapplytothismodule,sinceitispurelyasoftwaremoduleanddoesnotimplementanyphysicalsecuritymechanisms.
3.
5OperationalEnvironmentThemodulewastestedandvalidatedongeneral-purposeMicrosoftWindowsXPwithServicePackage2withSunJRE1.
5.
ThemodulecanrunonanyJVMregardlessofOSandcomputerarchitecture.
TheminimumversionoftheJREsupportedbythemoduleis1.
5.
ThemodulemustbeconfiguredinsingleusermodeaspertheinstructionsprovidedinSection4.
1ofthisdocument.
RecommendedconfigurationchangesforthesupportedOScanalsobefoundinSection4.
1.
3.
6CryptographicKeyManagementThemoduleimplementsthefollowingFIPS-approvedalgorithmsintheApprovedmodeofoperation.
SHA-1,SHA-256,SHA-384,SHA-512(certificate#725).
SHAmeansSecureHashAlgorithm.
HMAC-SHA-1(certificate#375).
HMACmeansKeyed-HashMessageAuthenticationCode.
TripleDES:112and168bits,inECBandCBCmodes(certificate#629).
ECBandCBCmeanElectronicCodebookandCipherBlockChaining,respectively.
AES:128,192,and256bits,inECBandCBCmodes(certificate#697)ANSIX9.
31AppendixA.
2.
4RNGwith2-keyTripleDES(certificate#408)IntheApprovedmodeofoperation,themoduleusesanon-ApprovedRNGtoseedtheANSIX9.
31RNG.
Thisnon-ApprovedRNGistheSecureRandomclassprovidedbytheJREandisnotimplementedbythemoduleitself.
Thenon-ApprovedRNGisoutsidethecryptographicboundaryofthemoduleandisusedbythemoduleonlyforseedingtheANSIX9.
31RNG.
Inthenon-Approvedmodeofoperation,themodulesupportsMD5.
ThemodulesupportsthefollowingCSPsintheApprovedmodeofoperation:Table7–ListofCryptographicKeys,CryptographicKeyComponents,andCSPsKeyKeyTypeGeneration/InputOutputStorageZeroizationUseTripleDESkeyforcalleruseTripleDESsymmetrickeysGeneratedbyANSIX9.
31RNGInplaintext1.
Plaintextinvolatilememory;2.
PlaintextinfilesystemZeroizedwhenthezeroizemethodiscalledUseisatthediscretionofthecallerAESkeyforcalleruseAESsymmetrickeyGeneratedbyANSIX9.
31RNGInplaintext1.
Plaintextinvolatilememory;2.
PlaintextinfilesystemZeroizedwhenthezeroizemethodiscalledUseisatthediscretionofthecallerTripleDESkeyforencryptionanddecryptionmethodsTripleDESsymmetrickeysInputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedafterencryptionordecryptionisdoneEncryptplaintextordecryptciphertextAESkeyforencryptionanddecryptionmethodsAESsymmetrickeyInputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedafterencryptionordecryptionisdoneEncryptplaintextordecryptciphertextSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage20of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
KeyKeyTypeGeneration/InputOutputStorageZeroizationUseTripleDESkeyforveilingandunveilingmethodsTripleDESsymmetrickeysInputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedafterveilingorunveilingisdoneVeilorunveildataANSIX9.
31RNGDTvalueforkeygenerationmethodsDate/timevariable1.
Generatedinternallybyretrievingsystemdate/timevalue2.
InputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedwhennewDTvalueisgeneratedGeneratekeysANSIX9.
31RNGTripleDESkeyforkeygenerationmethodsTripleDESsymmetrickeys1.
Generatedusingthenon-ApprovedRNG2.
InputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedwhennewTripleDESkeyisgeneratedGeneratekeysANSIX9.
31RNGseedforkeygenerationmethodsSeed1.
Generatedusingthenon-ApprovedRNG2.
InputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedwhennewseedisgeneratedGeneratekeysSoftwareintegritytestkey512-bitHMAC-SHA-1keyHardcodedNeverPlaintextinnonvolatilememoryZeroizedwhenthemoduleisuninstalledUsedinsoftwareintegritytest3.
6.
1KeyGenerationThemoduleusesanANSIX9.
31RNGwith2-keyTripleDEStogeneratecryptographickeys.
ThisRNGisaFIPS-ApprovedRNGasspecifiedinAnnexCtoFIPS140-2.
3.
6.
2KeyInput/OutputSymmetrickeysareinputtoandoutputfromthemoduleinplaintext.
Themoduledoesnotuseasymmetric-keycryptography.
3.
6.
3KeyStorageandProtectionKeysandotherCSPsarestoredinvolatilememoryorfilesysteminplaintext.
Allkeydataresidesininternallyallocateddatastructuresandcanonlybeoutputusingthemodule'sdefinedAPI.
TheOSandJREprotectmemoryandprocessspacefromunauthorizedaccess.
3.
6.
4KeyZeroizationGenerallyspeaking,CSPsresidesininternaldatastructuresthatarecleanedupbyJVM'sgarbagecollector.
Javahandlesmemoryinunpredictablewaysthataretransparenttotheuser.
TheCryptoOfficermaymanuallyinvokethezeroizationofkeysstoredinHashMapandfilesystembycallingthezeroizemethod.
3.
7EMI/EMCAlthoughthemoduleconsistsentirelyofsoftware,theFIPS140-2platformisaserverthathasbeentestedforandmeetsapplicableFederalCommunicationsCommission(FCC)EMIandEMCrequirementsforbusinessuseasdefinedinSubpartBofFCCPart15.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage21of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
3.
8Self-TestsThepower-upself-testsaretriggeredbyinstantiationofanobjectoftheAuthCryptoApiclass.
TheAuthernativeCryptographicModuleperformsthefollowingpower-upself-tests:SoftwareintegritytestusingHMAC-SHA-1KnownAnswerTest(KAT)on2-keyTripleDESinECBmodeKATon128-bitAESinECBmodeKATsonSHA-1,SHA-256,SHA-384,andSHA-512KATonANSIX9.
31RNGThemoduleimplementsthefollowingconditionalself-tests.
ContinuoustestfortheANSIX9.
31RNGContinuoustestforthenon-ApprovedRNGIftheself-testsfail,anexceptionwillbethrownonthefailure.
Theapplicationisthenalertedthattheself-testsfailed,andthemodulewillnotloadandwillenteranerrorstate.
Whenintheerrorstate,executionofthemoduleishaltedanddataoutputfromthemoduleisinhibited.
3.
9MitigationofOtherAttacksThissectionisnotapplicable.
NoclaimismadethatthemodulemitigatesagainstanyattacksbeyondtheFIPS140-2level1requirementsforthisvalidation.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage22of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
4SecureOperationTheAuthernativeCryptographicModulemeetsLevel1requirementsforFIPS140-2.
ThesubsectionsbelowdescribehowtoplaceandkeepthemoduleintheApprovedmodeofoperation.
4.
1OperatingSystemConfigurationTheuserofthemoduleisasoftwareapplication.
FIPS140-2mandatesthatacryptographicmodulebelimitedtoasingleuseratatime.
AsingleinstantiationoftheAuthernativeCryptographicModuleshallonlybeaccessedbyoneclientapplication,whichistheUserofthisinstantiationoftheAuthernativeCryptographicModule.
Forenhancedsecurity,itisrecommendedthattheCryptoOfficerconfiguretheOStodisallowremotelogin.
ToconfigureWindowsXPtodisallowremotelogin,theCryptoOfficershouldensurethatallremoteguestaccountsaredisabledinordertoensurethatonlyonehumanoperatorcanlogintoWindowsXPatatime.
TheservicesthatneedtobeturnedoffforWindowsXPareFast-userswitching(irrelevantifserverisadomainmember)TerminalservicesRemoteregistryserviceSecondarylogonserviceTelnetserviceRemotedesktopandremoteassistanceserviceOnceWindowsXPhasbeenconfiguredtodisableremotelogin,theCryptoOfficercanusethesystem"Administrator"accounttoinstallsoftware,uninstallsoftware,andadministerthemodule.
ACMVPpublicdocument,FrequentlyAskedQuestionsfortheCryptographicModuleValidationProgram1,givesinstructionsinSection5.
3forconfiguringvariousUnix-basedoperatingsystemsforsingleusermode.
4.
2ApprovedModeConfigurationTheAuthernativeCryptographicModuleitselfisnotanend-userproduct.
Itisprovidedtotheend-usersaspartoftheapplication(e.
g.
,AuthGuard).
Themoduleisinstalledduringinstallationoftheapplication.
Theinstallationprocedureisdescribedintheinstallationmanualfortheapplication.
Inordertoaccessfunctionsofthemodule,theapplicationhastoexecutetheconstructorofclassAuthCryptoApibyinstantiatinganobjectofclassAuthCryptoApi.
TheconstructorofclassAuthCryptoApiis:publicAuthSecurityApi(intcrpytoType,inthashType,intcodeBook,intkeySize,intpadding)IfthevaluepassedintotheargumentinthashTypeisSHA(integervalue1,2,3,or4),thenthemoduleisoperatingintheApprovedmodeofoperation.
IfthevaluepassedintotheargumentinthashTypeisMD5(integervalue0),thenthemoduleisoperatinginthenon-Approvedmodeofoperation.
TheconstructorofclassAuthCryptoApiperformsallrequiredpower-upself-tests.
Ifallpower-upself-testsarepassed,thenaninternalflagwillbesettotrue.
Allotherpublicmethodsofthemodulecheckthisinternalflagandensureitistruebeforeperforminganyotherfunctions.
1Availableathttp://csrc.
nist.
gov/groups/STM/cmvp/documents/CMVPFAQ.
pdf.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage23of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
NoticethattheApprovedmodeconfigurationdescribedaboveistransparenttoanoperator.
Theconfigurationisperformedbytheclientapplication.
4.
3CSPZeroizationTheCryptoOfficershouldzeroizeCSPswhentheyarenolongerneeded.
SeeSection3.
6.
4ofthisdocumentfordetailsonCSPzeroization.
4.
4StatusMonitoringThemodule'scryptographicfunctionalityandsecurityservicesareprovidedviatheapplication.
Themoduleisnotmeanttobeusedwithoutanassociatedapplication.
End-userinstructionsandguidanceareprovidedintheusermanualandtechnicalsupportdocumentsoftheapplicationsoftware.
Althoughend-usersdonothaveprivilegestomodifyconfigurationsofthemodule,theyshouldmakesurethattheApprovedmodeofoperationisenforcedintheapplication,therebyensuringthatthepropercryptographicprotectionisprovided.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage24of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
5AcronymsTable8–AcronymsAcronymDefinitionAESAdvancedEncryptionStandardANSIAmericanNationalStandardsInstituteAPIApplicationProgrammingInterfaceBBVUByte-Bit-Veil-UnveilBIOSBasicInput/OutputSystemBitVUBit-Veil-UnveilByteVUByte-Veil-UnveilCBCCipherBlockChainingCD-ROMCompactDiscRead-OnlyMemoryCMVPCryptographicModuleValidationProgramCPUCentralProcessingUnitCSPCriticalSecurityParameterDESDataEncryptionStandardDRKDataRandomKeyDTDate/TimeECBElectronicCodebookEMCElectromagneticCompatibilityEMIElectromagneticInterferenceFCCFederalCommunicationsCommissionFIPSFederalInformationProcessingStandardGPCGeneral-PurposeComputerGUIGraphicalUserInterfaceHDDHardDriveHMACKeyed-HashMessageAuthenticationCodeIDEIntegratedDriveElectronicsIEEEInstituteofElectricalandElectronicsEngineersI/OInput/OutputIRInfraredISAInstructionSetArchitectureJARJavaARchivalJREJavaRuntimeEnvironmentJVMJavaVirtualMachineKATKnownAnswerTestSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage25of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
AcronymDefinitionMACMessageAuthenticationCodeN/ANotApplicableOSOperatingSystemPCIPeripheralComponentInterconnectRAMRandomAccessMemoryRNGRandomNumberGeneratorROMReadOnlyMemorySHASecureHashAlgorithmSRKSessionRandomKeyUARTUniversalAsynchronousReceiver/TransmitterUSBUniversalSerialBus
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
Authernative,Inc.
AuthernativeCryptographicModuleSoftwareVersion:1.
0.
0FIPS140-2SecurityPolicyLevel1ValidationDocumentVersion1.
1Preparedfor:Preparedby:Authernative,Inc.
CorsecSecurity,Inc.
201RedwoodShoresParkway,Suite275RedwoodCity,CA9406510340DemocracyLane,Suite201Fairfax,VA22030Phone:(650)587-5263Phone:(703)267-6050Fax:(650)587-5259Fax:(703)267-6810http://www.
authernative.
comhttp://www.
corsec.
comSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage2of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
RevisionHistoryVersionModificationDateModifiedByDescriptionofChanges0.
12007-09-21XiaoyuRuanInitialdraft0.
22008-01-10XiaoyuRuanAddedECBBlockCipher.
class;removedDESEngine.
class0.
32008-01-23XiaoyuRuanAddedzeroizemethod;PutCAVPnumbers0.
42008-01-25XiaoyuRuanAddressedLabcomments0.
52008-02-05XiaoyuRuanAddressedLabcomments1.
02008-05-01XiaoyuRuanAddressCMVPcomments1.
12008-05-09XiaoyuRuanAddressCMVPcommentsSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage3of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
TableofContents1INTRODUCTION61.
1PURPOSE.
61.
2REFERENCES.
61.
3DOCUMENTORGANIZATION62AUTHGUARDANDPASSENABLER.
72.
1OVERVIEW.
72.
2CLIENT-SERVERENCRYPTIONANDAUTHENTICATION.
82.
3BITVU,BYTEVU,ANDBBVU.
93AUTHERNATIVECRYPTOGRAPHICMODULE103.
1OVERVIEW.
103.
2MODULEINTERFACES.
103.
3ROLESANDSERVICES.
143.
4PHYSICALSECURITY193.
5OPERATIONALENVIRONMENT.
193.
6CRYPTOGRAPHICKEYMANAGEMENT.
193.
6.
1KeyGeneration.
203.
6.
2KeyInput/Output203.
6.
3KeyStorageandProtection.
203.
6.
4KeyZeroization.
203.
7EMI/EMC203.
8SELF-TESTS213.
9MITIGATIONOFOTHERATTACKS.
214SECUREOPERATION.
224.
1OPERATINGSYSTEMCONFIGURATION224.
2APPROVEDMODECONFIGURATION224.
3CSPZEROIZATION.
234.
4STATUSMONITORING.
235ACRONYMS.
24SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage4of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
TableofFiguresFIGURE1–COMPONENTSOFTHEAUTHGUARDPRODUCT.
8FIGURE2–LOGICALCRYPTOGRAPHICBOUNDARY11FIGURE3–LOGICALCRYPTOGRAPHICBOUNDARYANDINTERACTIONSWITHSURROUNDINGCOMPONENTS12FIGURE4–PHYSICALBLOCKDIAGRAMOFASTANDARDGPC13SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage5of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
TableofTablesTABLE1–BINARYFORMOFTHEMODULE10TABLE2–SECURITYLEVELPERFIPS140-2SECTION.
10TABLE3–AUTHERNATIVECLASSESINAUTHCRYPTOAPI.
JAR.
11TABLE4–LOGICAL,PHYSICAL,ANDMODULEINTERFACEMAPPING.
13TABLE5–CRYPTOOFFICERSERVICES15TABLE6–USERSERVICES.
16TABLE7–LISTOFCRYPTOGRAPHICKEYS,CRYPTOGRAPHICKEYCOMPONENTS,ANDCSPS.
19TABLE8–ACRONYMS24SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage6of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
1Introduction1.
1PurposeThisdocumentisanon-proprietaryCryptographicModuleSecurityPolicyfortheAuthernativeCryptographicModulefromAuthernative,Inc.
ThisSecurityPolicydescribeshowtheAuthernativeCryptographicModulemeetsthesecurityrequirementsofFIPS140-2andhowtorunthemoduleinasecureFIPS140-2modeofoperation.
ThispolicywaspreparedaspartoftheLevel1FIPS140-2validationoftheAuthernativeCryptographicModule.
FIPS140-2(FederalInformationProcessingStandardsPublication140-2–SecurityRequirementsforCryptographicModules)detailstheU.
S.
andCanadiangovernmentrequirementsforcryptographicmodules.
MoreinformationabouttheFIPS140-2standardandvalidationprogramisavailableontheNationalInstituteofStandardsandTechnology(NIST)CryptographicModuleValidationProgram(CMVP)websiteat:http://csrc.
nist.
gov/groups/STM/index.
html.
Inthisdocument,theAuthernativeCryptographicModuleisreferredtoas"themodule".
TheapplicationrepresentsAuthernative'ssoftwareproducts,suchasAuthGuard,linkedwiththecryptographicmethodsprovidedbytheAuthernativeCryptographicModule.
1.
2ReferencesThisdocumentdealsonlywiththeoperationsandcapabilitiesofthemoduleinthetechnicaltermsofaFIPS140-2cryptographicmodulesecuritypolicy.
Moreinformationisavailableonthemodulefromthefollowingsources:TheAuthernativewebsite(http://www.
authernative.
com/)containsinformationonthefulllineofproductsfromAuthernative.
TheCMVPwebsite(http://csrc.
nist.
gov/groups/STM/index.
html)containscontactinformationforanswerstotechnicalorsales-relatedquestionsforthemodule.
1.
3DocumentOrganizationTheSecurityPolicydocumentisonedocumentinaFIPS140-2submissionpackage.
Inadditiontothisdocument,theSubmissionPackagecontains:VendorEvidenceFiniteStateMachineOthersupportingdocumentationasadditionalreferencesThisSecurityPolicyandtheothervalidationsubmissiondocumentationhavebeenproducedbyCorsecSecurity,Inc.
undercontracttoAuthernative.
WiththeexceptionofthisNon-ProprietarySecurityPolicy,theFIPS140-2ValidationDocumentationisproprietarytoAuthernativeandisreleasableonlyunderappropriatenon-disclosureagreements.
Foraccesstothesedocuments,pleasecontactAuthernative.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage7of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
2AuthGuardandPassEnablerAuthernative,Inc.
isasoftwarecompanythatdevelops,markets,andsellsenterpriseandconsumerlevelsecuritysolutions.
Authernative'sgrantedandpendingU.
S.
andInternationalpatentsintheareaofprivateandsecurefinancialtransactions,authenticationalgorithms,protocols,andencryptionschemesarethefoundationforthecompanytechnologyandcommercialproductofferings.
Authernativeprovidesintegratedsecuritysolutionsforidentitymanagement,strongauthenticationtoaccessnetworkresources,andefficientauthorization,administrationandauditingcontrol.
Authernativeapproachessecurityasacomplexsystemhavingscientific,technological,engineering,marketing,andsocialcomponents.
Thecompanybelievesthatonlyaharmonizedmixtureofthesecomponentsimplementedinsecurityproductsandbackedwithexcellentservicescanbringlong-lastingsuccessandcustomersatisfaction.
Authernativecurrentlysellstwoseparateandcomplementaryproducts:AuthGuardandPassEnabler.
BothAuthGuardandPassEnablerareapplicationsthatusetheAuthernativeCryptographicModule.
However,AuthGuardandPassEnablerarenotbeingvalidatedforFIPScompliancebecausealltheirsecurity-relevantfunctionsareprovidedbytheAuthernativeCryptographicModule.
2.
1OverviewAuthGuardisanauthenticationproduct.
Itprovidesanauthenticationserverthatsupportsandmanagesmultipleauthenticationoptions.
ThoseoptionsallowAuthGuardtooffermultifactorauthentication,strongauthentication,orlayeredauthenticationservices.
PassEnablerallowsadministratorstodefinewhatresourcesauthorizedusershaveaccesstoandprovidesasecureauthorization,administration,auditing,andwebsingle-sign-onengine.
PassEnablerisintegratedwithAuthGuard.
PassEnablerenablescorporateidentityandaccessmanagementusingtheauthenticationcapabilitiesofAuthGuard.
AuthGuardandPassEnablercanbeusedeitherseparatelyortogetherascomplementarytoolswithinatoolsuite.
TheAuthGuardproductisimplementedusingfivecomponents(asdepictedinFigure1):AuthGuardServerAdministrativeUtilityConfigurationUtilityLicensingAuthGuardClientThecentralcomponentistheAuthGuardServer,whichprovidesauthenticationservicesinanetworkedenvironment.
UsersattemptingtoaccessvarioussystemsareredirectedtotheAuthGuardServer.
ThisprovidesthemwithaGraphicalUserInterface(GUI)toperformauthentication.
TheGUIisprovidedbydownloadingtheAuthGuardClienttoabrowser.
TheAuthGuardClientGUIchangesdependingonwhatformsofauthenticationarebeingperformed,andcommunicateswiththeAuthGuardServer.
AuthernativehasdevelopedtwoutilitiestomanagetheAuthGuardproduct.
ThefirstutilityistheAdministrativeUtility,whichprovidesanadministrativeconsoleformanagementoftheAuthGuardServer.
TheAdministrativeUtilityprovidesaGUItotweakroughlyfiftyoptionsandfeaturesoftheconfigurationoftheAuthGuardServer,settingtheuserpermissionsandauthentication.
AnadministratorusestheAdministrativeUtilitytoinitiallyconfigurethesystem.
ThesecondutilityistheConfigurationUtility,whichisadesktopconfigurationtoolthatgivestheadministratortheabilitytoperformuseraccountprovisioning,manageroles,createusers,andperformauditing.
TheConfigurationUtilityalsoallowsauditingtobeperformedonusersandadministratoractivitiesonthenetworkfromdataintheAuthGuardServer'slogs.
TheproductallowsausertoviewnetworkresourcesandtodefineresourcesthatareplacedunderAuthGuard'sauthenticationcontrol.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage8of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
Figure1–ComponentsoftheAuthGuardProduct2.
2Client-ServerEncryptionandAuthenticationCommunicationsbetweentheAuthGuardServerandtheAuthGuardClientareencryptedusingtheAdvancedEncryptionStandard(AES)algorithm.
TheAuthGuardServerisimplementedasaJavaservletwithinanApacheTomcatcontainer,andcontainsallrequiredsecurityfunctionality.
TheAuthGuardClientisdistributedasaJavaappletbytheAuthGuardServer.
Theappletisloadedintoauser'sbrowser.
TheClientthenprovidesthecompleteuserGUIandperformstheencryptionoperationsenablingsecurecommunicationswiththeAuthGuardServer.
Furthermore,theappletprovidesinterfacesappropriatetotheadministrator-selectedauthenticationmethodsandguidestheuserthroughauthenticationtotheAuthGuardServerandaccesstoresources.
NetworkusersencountertheAuthGuardServerwhentheybringupabrowserandrequestaccesstoanauthenticatedresource.
TheserequestsareredirectedbytheresourcetotheAuthGuardServeriftherequesthasnotyetbeenauthenticated.
Optionally,userscanpointdirectlytoanAuthGuardServertobeginauthenticationsteps.
Oncecontacted,theAuthGuardServersendsbacktheClientapplettotheuseralongwithaSessionRandomKey(SRK),whichcanbeeitheranAESoratripleDataEncryptionStandard(DES)key.
TheSRKsareusedtoinitializesecuresessions,andarecreatedbytheAuthGuardServer.
WhentheservletfortheAuthGuardServerisinitialized,itstartsgeneratinganewstoreofSRKsdestinedforfutureuse.
TheSRKsareplacedinanarraythatisconstantlyupdatedbytheServer,andSRKscreatedbytheServerareassignedalifetime.
AfteranSRKhasexpired,itwillnotbeusedtosecureanewconnection.
EachSRKisassociatedwithanarrayofDataRandomKeys(DRKs),whichiscreatedforaparticularsession.
ThearrayofDRKsiserasediftheSRKiserased.
TheServercanbeconfiguredtocreateaspecificnumberofSRKs,andwillthenupdatethemperiodically.
Foranindividualsession,asingleunusedSRKisselected,andthensenttotheclientintheclearencodedasanarrayofbytesinaJavaclass.
TheSRKisthenusedbytheClienttoinitiatethesessionbetweentheClientandtheServer.
TheClientfirstobtainsausernamefromtheGUI,andsendsthistotheserverencryptedwiththeSRK.
TheServerreceivesthisanddecryptstheusername.
AftertheexchangeofausernameandSRK,theServerselectsaDRKfromthearrayassociatedwiththeSRK,andsendsittotheClientencryptedwiththeSRK.
Theencryptedbitsareadditionallybyte-veiled,orbit-veiledasdescribedinthenextsubsection.
Atthispoint,theClientretrievestheDRK,anddisplaysaGUItotheusertocollectpasswordinformation.
Meanwhile,theClienthashestheDRK,encryptsthehashwiththeDRK,andsendstheresultbacktotheServertoindicatethattheDRKwassuccessfullyreceivedanddecrypted.
TheServerchecksthatthisiscorrectbycomputingthesamevalue.
Atthispoint,theServerandClienthaveexchangedanSRK,DRK,andusernamebuthavenotauthenticatedeitherside,orexchangedakeynotsubjecttoman-in-the-middleattacks.
Now,theServerselectsasecondDRK(DRK2)fromtheDRKarray.
Theserverthenretrievestheuser'spasswordinformationfromitsdatabase.
TheServerthenencryptsDRK2withDRKandbit-veils,byte-veils,orbothintoaconversionarrayusingvaluesfromaRandomNumberGenerator(RNG)seededwiththeuser'spasswordinformation.
ThisistransmittedtotheClientwhocanthenusethesamepasswordinformationtoreconstructDRK2.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage9of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
TheClientthenhashesDRK2,hidesitinaconversionarrayusingthepasswordinformation,encryptstheconversionarraywithDRK2,andsendsitbacktotheservertoindicatehehasDRK2.
ThisstepperformsClientauthenticationbasedonpossessionoftheuser'spasswordinformation,andsharesDRK2withbothsides.
ThesamestepisthenperformedbytheServertoauthenticatetheServertotheClientusingDRK2andtheServerpassword.
TheServersendsahashofDRK2inaconversionarrayusingtheServerpasswordtoseedtheRNGforbit-orbyte-veiling,andencryptingthearraywithDRK2.
TheClientalreadyhastheServerpasswordandusesittoauthenticatetheServer.
Atthispointclienthaveperformedmutualauthentication,andshareasessionencryptionkey.
Userpasswordinformationcanbeasimplepassword,orcanuseAuthernative'spassline(achosenpatterninagrid),pass-step(anout-of-bandchallengesenttoemailorphonetobeentered),crossline(achallengeembeddedinagrid),orpassfield(image,colors,andagrid).
Eachoftheseprocessesallowstheusertoselectsecretpasswordinformation,allorpartofwhichcanbeprovidedinresponsetochallenges.
TheauthenticationstepofexchangingaDRKusingpasswordinformationforthebit-andbyte-veilingcanbeiteratedasoftenasdesiredtoprovideaDRK3,DRK4,etc.
Securitycanbelayeredtousemultipleauthenticationsteps,wheredifferentpasswordinformationformsareemployed.
Forexample,ausercouldemploybothasimplepasswordandusepassline.
ThepasswordwouldbeusedforDRK2,andthenpasslinewouldbeusedforDRK3,andthatexchangewouldalsodependuponDRK2.
Atthispoint,theDRKarenotusedbyAuthGuardforsecuredataencryption,andaresimplytreatedasabyproductoftheauthentication.
OtherproductsmayinthefutureusetheDRKsforsecurecontentexchange,buttheyarecurrentlyusedonlyforauthentication.
2.
3BitVU,ByteVU,andBBVUAuthernativehassecuredthreepatentsontheprocessesdescribedabove,withclaimsinthepatentsthatcovertheuseofaconversionarray,keygeneration,andbit-andbyte-veiling.
Theprocessof"Bit-Veil-Unveil(BitVU),Byte-Veil-Unveil(ByteVU),andByte-Bit-Veil-Unveil(BBVU)"mentionedabovearethesubjectofthepatents,andareintegraltotheauthenticationprocess.
TheBitVUandByteVUprocessestakeanarrayofrandomdataandeffectivelyhideorinterspersemessagedatawithinthearray.
Thearrayofrandomdatawiththeinterspersedmessagesisreferredtoasaconversionarray,andmaybefurtherencryptedbeforetransmissionwithintheAuthGuardschemesdescribed.
ThelocationsofthemessagedatawithintheconversionarrayaredeterminedbyadeterministicRNGseededwithasecretvalue.
TwopartiesthatsharethissecretvaluecanbothusethesameRNGtocomputethelocationsofthedatawithintheconversionarray.
TheprocessofByteVUinvolvesgeneratingaconversionarray,and"veiling"individualbytesofthemessagedatabysparselydistributingthemthroughtheconversionarray.
TheprocessofBitVUdoesthesame,butonabit-wisebasis.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage10of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
3AuthernativeCryptographicModule3.
1OverviewThemodulewasdevelopedandtestedonMicrosoftWindowsXP(ServicePackage2)withSunJavaRuntimeEnvironment(JRE)1.
5.
ThemodulecanrunonanyJavaVirtualMachine(JVM)regardlessofoperatingsystem(OS)andcomputerarchitecture.
TheminimumversionoftheJREsupportedbythemoduleis1.
5.
LogicallythemoduleisasingleJavaARchival(JAR),AuthCryptoApi.
jar.
Table1showstheOSandnameofthebinaryfile.
Table1–BinaryFormoftheModuleWhenOperatingSystemBinaryFileNameDevelopmentWindowsXPwithSunJRE1.
5AuthCryptoApi.
jarRuntimeAnyJVMwithJRE1.
5orlaterregardlessofOSandcomputerarchitectureAuthCryptoApi.
jarThemoduleisstoredontheharddiskandisloadedinmemorywhenaclientapplicationcallscryptographicservicesexportedbythemodule.
Asofthiswriting,theclientapplicationisAuthGuard.
However,Authernativemaydevelopmoreapplicationsmakinguseofthemoduleinthefuture.
WhenoperatingintheApprovedmodeofoperation,theAuthernativeCryptographicModuleisvalidatedatFIPS140-2sectionlevelsshowninTable1.
NotethatinTable2,EMIandEMCmeanElectromagneticInterferenceandElectromagneticCompatibility,respectively,andN/Aindicates"NotApplicable".
Table2–SecurityLevelperFIPS140-2SectionSectionSectionTitleLevel1CryptographicModuleSpecification12CryptographicModulePortsandInterfaces13Roles,Services,andAuthentication14FiniteStateModel15PhysicalSecurityN/A6OperationalEnvironment17CryptographicKeyManagement18EMI/EMC19Self-Tests110DesignAssurance111MitigationofOtherAttacksN/A3.
2ModuleInterfacesThemodule,AuthCryptoApi.
jar,providesclientapplicationswithasetofcryptographicservicesintheformofApplicationProgrammingInterface(API)calls.
Figure2showsthelogicalcryptographicboundaryforthemodule.
ThemoduleisaJARfilethatconsistsof42javaclasses.
Outofthe42classes,29areBouncyCastleclassesthatimplementunderlyingcryptographicalgorithms.
BouncyCastleisanopen-sourceJavalibraryavailableatSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage11of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
http://www.
bouncycastle.
org/.
TheBouncyCastleclassesdonothavepublicmethods.
Theother13classes,developedbyAuthernative,implementpublicmethodsofthemodule.
TheJARfilemanifest,MANIFEST.
MF,containsthesignatureoftheJAR(usedinthepower-upintegritytest).
Figure2–LogicalCryptographicBoundaryThedescriptionsoftheAuthernativeclassesaredescribedinTable3–AuthernativeClassesinAuthCryptoApi.
jar.
Acompletelistofexportedmethodsisavailableinthemodule'sAPIreferencemanual.
Table3–AuthernativeClassesinAuthCryptoApi.
jarClassDescriptionAuthApiException.
classTheclassimplementstheexceptionthrownwhenandifthereisanerrorstateintheAPI.
AuthApiStatus.
classTheclassimplementsmethodsthatreportconfigurationsandstatusoftheAPI.
AuthCryptoApi.
classThisisthecoreAPIclassandcontainsallthepublicmethods.
Thisclasssimplycollectstheinterfacesintoasingleobject.
Mostofthefunctionsofthemoduleareimplementedbytheotherclasses.
Base64.
classTheclassimplementsthebase64encodinganddecodingmethods.
ConversionArray.
classTheclassimplementsAuthernative'spatentedBitVU,ByteVU,andBBVUtechnology.
SeeSection2.
3ofthisdocumentforadescriptionofthistechnique.
CryptoFunctions.
classTheclasscontainsallthecryptographicfunctionsrealizedbythemodule.
KeyGen$KeyThread.
classTheclassisasubclassoftheKeyGenclass.
Thisclassimplementsthemechanismofgeneratinganewkeyevery60seconds.
KeyGen.
classTheclassimplementskeygenerationmethods.
LicParams.
classTheclassstoresthelicensinginformationofthemodule.
RCConst.
classTheclasscontainsallthereturncodesfortheAPIerrorsforusewiththeAuthApiExceptionclass.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage12of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
ClassDescriptionSecureRNG.
classTheclassimplementstheAmericanNationalStandardsInstitute(ANSI)X9.
31AppendixA.
2.
4RNG.
AuthCipher.
classThisisanAuthernativewrapperclasstoenhanceusabilityforalloftheBouncyCastlecipherfunctionality.
AuthDigest.
classThisisanAuthernativewrapperclasstoenhanceusabilityforalloftheBouncyCastledigestfunctionality.
Themodule'sinteractionswithsurroundingcomponents,includingCentralProcessingUnit(CPU),harddisk,memory,clientapplication,andtheOSaredemonstratedinFigure3.
Figure3–LogicalCryptographicBoundaryandInteractionswithSurroundingComponentsThemoduleisvalidatedforuseontheplatformslistedinthesecondcolumnofTable1.
Inadditiontothebinaries,thephysicaldeviceconsistsoftheintegratedcircuitsofthemotherboard,theCPU,RandomAccessMemory(RAM),Read-OnlyMemory(ROM),computercase,keyboard,mouse,videointerfaces,expansioncards,andotherhardwarecomponentsincludedinthecomputersuchasharddisk,floppydisk,CompactDiscROM(CD-ROM)drive,powersupply,andfans.
Thephysicalcryptographicboundaryofthemoduleistheopaquehardmetalandplasticenclosureoftheserverrunningthemodule.
Theblockdiagramforastandardgeneral-purposecomputerSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage13of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
(GPC)isshowninFigure4.
Notethatinthisfigure,I/OmeansInput/Output,BIOSstandsforBasicInput/OutputSystem,PCIstandsforPeripheralComponentInterconnect,ISAstandsforInstructionSetArchitecture,andIDErepresentsIntegratedDriveElectronics.
Figure4–PhysicalBlockDiagramofaStandardGPCAllofthesephysicalportsareseparatedintologicalinterfacesdefinedbyFIPS140-2,asdescribedinTable3.
Table4–Logical,Physical,andModuleInterfaceMappingLogicalInterfacePhysicalPortMappingModuleMappingDataInputKeyboard,mouse,CD-ROM,floppydisk,andserial/USB/parallel/networkportsArgumentsforAPIcallsthatcontaindatatobeusedorprocessedbythemoduleDataOutputHardDisk,floppydisk,monitor,andserial/USB/parallel/networkportsArgumentsforAPIcallsthatcontainmoduleresponsedatatobeusedorprocessedbythecallerControlInputKeyboard,CD-ROM,floppydisk,mouse,andserial/USB/parallel/networkportAPIcallsStatusOutputHarddisk,floppydisk,monitor,andserial/USB/parallel/networkportsArgumentsforAPIcalls,returnvalue,errormessageSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage14of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
3.
3RolesandServicesTheoperatorsofthemodulecanassumetworolesasrequiredbyFIPS140-2:aCryptoOfficerroleandaUserrole.
Theoperatorofthemoduleassumeseitheroftherolesbasedontheoperationsperformed.
Theoperatorisnotrequiredtoauthenticatetothemodulebeforeaccessingservices.
ThemoduleprovidesanAPIforclientapplications.
Table5–CryptoOfficerServicesshowsthepublicmethodsthatarerunbytheCryptoOfficerrole.
Themethodnameisshowninthefirstcolumn("Service").
Itsfunctionisdescribedinthesecondcolumn("Description").
EachmethodexportedbythemoduleisanindividualCryptoOfficerservice.
Userservices(seeTable6–UserServices)arealsoavailabletotheCryptoOfficerrole.
Table6–UserServicesshowsthepublicmethodsthatarerunbytheUserrole.
SimilartoTable5–CryptoOfficerServices,themethodnameisshowninthefirstcolumn("Service").
Itsfunctionisdescribedinthesecondcolumn("Description").
EachmethodexportedbythemoduleisanindividualUserservice.
UserservicesarealsoavailabletotheCryptoOfficerrole.
TheCriticalSecurityParameters(CSPs)mentionedintherightmostcolumnscorrespondtotheoneslistedinTable7–ListofCryptographicKeys,CryptographicKeyComponents,andCSPs.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage15of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
Table5–CryptoOfficerServicesServiceDescriptionInputOutputCSPandTypeofAccessInstallationToinstallthemoduleCommandStatusNoneUninstallationTouninstallthemoduleCommandStatusAllCSPs–overwriteAuthCryptoApiTheAPI'sonlyconstructor.
TheinstanceoftheAPIwillbedefinedbytheparametersthatarepassedinCryptotype,hashtype,cryptomode,keysize,paddingschemeStatusNonegetInstanceThismethodisprovidedforsingletonuseoftheAPICryptotype,hashtype,cryptomode,keysize,paddingschemeStatus,theinstanceofAutghCryptoApiNoneprintByteArrayPrintsoutabytearrayinhexadecimalnotationTextstring,bytearrayStatus,theprintoutNoneprintByteArrayPrintsoutabytearrayinhexadecimalnotationBytearrayStatus,theprintoutNonehexStrToByteArrayConvertsahexadecimalstringintoabytearrayHexadecimalstringStatus,bytearrayNonecheckLicenseChecksthelicenseLicensestringfromapplication,clientinformationStatusNonegetStatusGetsinformationandconfigurationabouttheAPINoneStatus,APIobjectinformationandconfigurationNonesetSeedSetstheseed,date/time(DT)value,andTripleDESkeytorandomnumbers(generatedbythenon-ApprovedRNG)fortheANSIX9.
31RNGNoneStatusANSIX9.
31RNGseedforkeygenerationmethods–write,overwriteANSIX9.
31RNGDTvalueforkeygenerationmethods–write,overwriteANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–write,overwritesetSeedSetstheTripleDESkeytospecifiedvaluesfortheANSIX9.
31RNGTripleDESkeyStatusANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–write,overwriteSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage16of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
ServiceDescriptionInputOutputCSPandTypeofAccesssetSeedSetstheseed,DTvalue,andTripleDESkeytospecifiedvaluesfortheANSIX9.
31RNGSeed,TripleDESkey,DTvalueStatusANSIX9.
31RNGseedforkeygenerationmethods–write,overwriteANSIX9.
31RNGDTvalueforkeygenerationmethods–write,overwriteANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–write,overwritenextIntGeneratesarandomnumberNoneStatus,randomnumberANSIX9.
31RNGseedforkeygenerationmethods–readANSIX9.
31RNGDTvalueforkeygenerationmethods–readANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–readnextIntGeneratesarandomnumberbetweenzeroandthespecifiedintegerAninteger(rangeoftherandomnumber)Status,randomnumberANSIX9.
31RNGseedforkeygenerationmethods–readANSIX9.
31RNGDTvalueforkeygenerationmethods–readANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–readnextBytesGeneratesarandomnumberarrayPointertoabytearrayStatus,randomnumberarrayANSIX9.
31RNGseedforkeygenerationmethods–readANSIX9.
31RNGDTvalueforkeygenerationmethods–readANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–readzeroizeZeroizesCSPsNoneStatusAllCSPsinHashMapandfilesystem–overwriteTable6–UserServicesServiceDescriptionInputOutputCSPandTypeofAccesssetNumberOfKeysSetsthemaximumnumberofkeysthatthekeygeneratorwillcreatebeforerestartingatzeroNumberofkeysStatusNonesetPersistenceSetsthewaythekeyswillbesavedforthekeygeneratorMode(saveinkeysinfilesystemormemory)StatusNonesetPathSetsthelocationthatthekeyswillbesavedtothefilesystemPathofthefilesystemStatusNoneSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage17of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
ServiceDescriptionInputOutputCSPandTypeofAccessgetSecretKeyCreatesandreturnsaJavasecretkey(javax.
crypto.
SecretKey)NoneStatus,asecretkey(javax.
crypto.
SecretKey)AESkeyorTripleDESkeyforcalleruse–write,readgetRawKeyCreatesandreturnsaJavasecretkey(bytearray)NoneStatus,asecretkey(bytearray)AESkeyorTripleDESkeyforcalleruse–write,readstartKeyGenStartsathreadthatwillperformkeygenerationandsavethekeys.
Keyswillbegeneratedevery60secondsNoneStatusTripleDESkeyforveilingandunveilingmethods–writestopKeyGenStopsthekeygenerationNoneStatusTripleDESkeyforveilingandunveilingmethods–overwritegetSecretKeyFromReposGetsakey(javax.
crypto.
SecretKey)fromtherepositorythatiscreatedbythestartKeyGenmethodcallIndextotherepositoryStatus,asecretkey(javax.
crypto.
SecretKey)TripleDESkeyforveilingandunveilingmethods–readgetRawKeyFromReposGetsakey(bytearray)fromtherepositorythatiscreatedbythestartKeyGenmethodcallIndextotherepositoryStatus,asecretkey(bytearray)TripleDESkeyforveilingandunveilingmethods–readsetSecretKeySetsthesecretkey(bytearray)tobeusedincryptooperationsSecretkeyStatusAESkeyorTripleDESkeyforencryptionanddecryptionmethods–write,overwritesetSecretKeySetsthesecretkey(javax.
crypto.
SecretKey)tobeusedincryptooperationsSecretkeyStatusAESkeyorTripleDESkeyforencryptionanddecryptionmethods–write,overwritesetIVSetstheinitializationvectorifcryptousesCBCmodeInitializationvectorStatusNoneupdateHashUpdatesthecurrentmessageforhashingBytearrayaddedtothemessageStatusNonehashValuePerformsthefinalhashingformessageBytearrayaddedtothemessagebeforethefinalhashingisdoneStatus,hashvalueNoneupdateEncryptedUpdatesthecurrentplaintextforencryptionBytearrayaddedtotheplaintexttobeencryptedStatusNoneSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage18of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
ServiceDescriptionInputOutputCSPandTypeofAccessencryptValuePerformsthefinalencryptionfortheplaintextBytearrayaddedtotheplaintextbeforethefinalencryptionisdoneStatus,ciphertextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readdecryptValueDecryptsciphertextPlaintextStatus,plaintextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readencryptValueEncryptsplaintextwithspecifiedsecretkey(javax.
crypto.
SecretKey)Plaintext,secretkey(javax.
crypto.
SecretKey)Status,ciphertextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readdecryptValueDecryptsciphertextwithspecifiedsecretkey(javax.
crypto.
SecretKey)Ciphertext,secretkey(javax.
crypto.
SecretKey)Status,plaintextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readencryptValueEncryptsplaintextwithspecifiedsecretkey(bytearray)Plaintext,secretkey(bytearray)Status,ciphertextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readdecryptValueDecryptsciphertextwithspecifiedsecretkey(bytearray)Ciphertext,secretkey(bytearray)Status,plaintextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readencodePerformsBase64encodingonbytesBytestobeencodedEncodedbytesNoneencodePerformsBase64encodingonstringsStringstobeencodedEncodedstringNonedecodePerformsBase64decodingonbytesBytestobedecodedDecodedbytesNonedecodePerformsBase64decodingonstringsStringstobedecodedDecodedstringNoneveilDataHidesbits,bytes,orbitsandbytesinalargerarrayMode(bit,byte,orbitandbyte),bytearraytobehidden,TripleDESkeyfortheANSIX9.
31RNGConversionarraywithhiddenbytearrayTripleDESkeyforveilingandunveilingmethods–write,readunveilDataExtractsthedatafromconversionarrayMode(bit,byte,orbitandbyte),conversionarray,TripleDESkeyfortheANSIX9.
31RNGOriginalbytearrayTripleDESkeyforveilingandunveilingmethods–write,readSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage19of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
3.
4PhysicalSecurityTheAuthernativeCryptographicModuleisamulti-chipstandalonemodule.
Thephysicalsecurityrequirementsdonotapplytothismodule,sinceitispurelyasoftwaremoduleanddoesnotimplementanyphysicalsecuritymechanisms.
3.
5OperationalEnvironmentThemodulewastestedandvalidatedongeneral-purposeMicrosoftWindowsXPwithServicePackage2withSunJRE1.
5.
ThemodulecanrunonanyJVMregardlessofOSandcomputerarchitecture.
TheminimumversionoftheJREsupportedbythemoduleis1.
5.
ThemodulemustbeconfiguredinsingleusermodeaspertheinstructionsprovidedinSection4.
1ofthisdocument.
RecommendedconfigurationchangesforthesupportedOScanalsobefoundinSection4.
1.
3.
6CryptographicKeyManagementThemoduleimplementsthefollowingFIPS-approvedalgorithmsintheApprovedmodeofoperation.
SHA-1,SHA-256,SHA-384,SHA-512(certificate#725).
SHAmeansSecureHashAlgorithm.
HMAC-SHA-1(certificate#375).
HMACmeansKeyed-HashMessageAuthenticationCode.
TripleDES:112and168bits,inECBandCBCmodes(certificate#629).
ECBandCBCmeanElectronicCodebookandCipherBlockChaining,respectively.
AES:128,192,and256bits,inECBandCBCmodes(certificate#697)ANSIX9.
31AppendixA.
2.
4RNGwith2-keyTripleDES(certificate#408)IntheApprovedmodeofoperation,themoduleusesanon-ApprovedRNGtoseedtheANSIX9.
31RNG.
Thisnon-ApprovedRNGistheSecureRandomclassprovidedbytheJREandisnotimplementedbythemoduleitself.
Thenon-ApprovedRNGisoutsidethecryptographicboundaryofthemoduleandisusedbythemoduleonlyforseedingtheANSIX9.
31RNG.
Inthenon-Approvedmodeofoperation,themodulesupportsMD5.
ThemodulesupportsthefollowingCSPsintheApprovedmodeofoperation:Table7–ListofCryptographicKeys,CryptographicKeyComponents,andCSPsKeyKeyTypeGeneration/InputOutputStorageZeroizationUseTripleDESkeyforcalleruseTripleDESsymmetrickeysGeneratedbyANSIX9.
31RNGInplaintext1.
Plaintextinvolatilememory;2.
PlaintextinfilesystemZeroizedwhenthezeroizemethodiscalledUseisatthediscretionofthecallerAESkeyforcalleruseAESsymmetrickeyGeneratedbyANSIX9.
31RNGInplaintext1.
Plaintextinvolatilememory;2.
PlaintextinfilesystemZeroizedwhenthezeroizemethodiscalledUseisatthediscretionofthecallerTripleDESkeyforencryptionanddecryptionmethodsTripleDESsymmetrickeysInputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedafterencryptionordecryptionisdoneEncryptplaintextordecryptciphertextAESkeyforencryptionanddecryptionmethodsAESsymmetrickeyInputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedafterencryptionordecryptionisdoneEncryptplaintextordecryptciphertextSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage20of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
KeyKeyTypeGeneration/InputOutputStorageZeroizationUseTripleDESkeyforveilingandunveilingmethodsTripleDESsymmetrickeysInputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedafterveilingorunveilingisdoneVeilorunveildataANSIX9.
31RNGDTvalueforkeygenerationmethodsDate/timevariable1.
Generatedinternallybyretrievingsystemdate/timevalue2.
InputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedwhennewDTvalueisgeneratedGeneratekeysANSIX9.
31RNGTripleDESkeyforkeygenerationmethodsTripleDESsymmetrickeys1.
Generatedusingthenon-ApprovedRNG2.
InputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedwhennewTripleDESkeyisgeneratedGeneratekeysANSIX9.
31RNGseedforkeygenerationmethodsSeed1.
Generatedusingthenon-ApprovedRNG2.
InputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedwhennewseedisgeneratedGeneratekeysSoftwareintegritytestkey512-bitHMAC-SHA-1keyHardcodedNeverPlaintextinnonvolatilememoryZeroizedwhenthemoduleisuninstalledUsedinsoftwareintegritytest3.
6.
1KeyGenerationThemoduleusesanANSIX9.
31RNGwith2-keyTripleDEStogeneratecryptographickeys.
ThisRNGisaFIPS-ApprovedRNGasspecifiedinAnnexCtoFIPS140-2.
3.
6.
2KeyInput/OutputSymmetrickeysareinputtoandoutputfromthemoduleinplaintext.
Themoduledoesnotuseasymmetric-keycryptography.
3.
6.
3KeyStorageandProtectionKeysandotherCSPsarestoredinvolatilememoryorfilesysteminplaintext.
Allkeydataresidesininternallyallocateddatastructuresandcanonlybeoutputusingthemodule'sdefinedAPI.
TheOSandJREprotectmemoryandprocessspacefromunauthorizedaccess.
3.
6.
4KeyZeroizationGenerallyspeaking,CSPsresidesininternaldatastructuresthatarecleanedupbyJVM'sgarbagecollector.
Javahandlesmemoryinunpredictablewaysthataretransparenttotheuser.
TheCryptoOfficermaymanuallyinvokethezeroizationofkeysstoredinHashMapandfilesystembycallingthezeroizemethod.
3.
7EMI/EMCAlthoughthemoduleconsistsentirelyofsoftware,theFIPS140-2platformisaserverthathasbeentestedforandmeetsapplicableFederalCommunicationsCommission(FCC)EMIandEMCrequirementsforbusinessuseasdefinedinSubpartBofFCCPart15.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage21of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
3.
8Self-TestsThepower-upself-testsaretriggeredbyinstantiationofanobjectoftheAuthCryptoApiclass.
TheAuthernativeCryptographicModuleperformsthefollowingpower-upself-tests:SoftwareintegritytestusingHMAC-SHA-1KnownAnswerTest(KAT)on2-keyTripleDESinECBmodeKATon128-bitAESinECBmodeKATsonSHA-1,SHA-256,SHA-384,andSHA-512KATonANSIX9.
31RNGThemoduleimplementsthefollowingconditionalself-tests.
ContinuoustestfortheANSIX9.
31RNGContinuoustestforthenon-ApprovedRNGIftheself-testsfail,anexceptionwillbethrownonthefailure.
Theapplicationisthenalertedthattheself-testsfailed,andthemodulewillnotloadandwillenteranerrorstate.
Whenintheerrorstate,executionofthemoduleishaltedanddataoutputfromthemoduleisinhibited.
3.
9MitigationofOtherAttacksThissectionisnotapplicable.
NoclaimismadethatthemodulemitigatesagainstanyattacksbeyondtheFIPS140-2level1requirementsforthisvalidation.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage22of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
4SecureOperationTheAuthernativeCryptographicModulemeetsLevel1requirementsforFIPS140-2.
ThesubsectionsbelowdescribehowtoplaceandkeepthemoduleintheApprovedmodeofoperation.
4.
1OperatingSystemConfigurationTheuserofthemoduleisasoftwareapplication.
FIPS140-2mandatesthatacryptographicmodulebelimitedtoasingleuseratatime.
AsingleinstantiationoftheAuthernativeCryptographicModuleshallonlybeaccessedbyoneclientapplication,whichistheUserofthisinstantiationoftheAuthernativeCryptographicModule.
Forenhancedsecurity,itisrecommendedthattheCryptoOfficerconfiguretheOStodisallowremotelogin.
ToconfigureWindowsXPtodisallowremotelogin,theCryptoOfficershouldensurethatallremoteguestaccountsaredisabledinordertoensurethatonlyonehumanoperatorcanlogintoWindowsXPatatime.
TheservicesthatneedtobeturnedoffforWindowsXPareFast-userswitching(irrelevantifserverisadomainmember)TerminalservicesRemoteregistryserviceSecondarylogonserviceTelnetserviceRemotedesktopandremoteassistanceserviceOnceWindowsXPhasbeenconfiguredtodisableremotelogin,theCryptoOfficercanusethesystem"Administrator"accounttoinstallsoftware,uninstallsoftware,andadministerthemodule.
ACMVPpublicdocument,FrequentlyAskedQuestionsfortheCryptographicModuleValidationProgram1,givesinstructionsinSection5.
3forconfiguringvariousUnix-basedoperatingsystemsforsingleusermode.
4.
2ApprovedModeConfigurationTheAuthernativeCryptographicModuleitselfisnotanend-userproduct.
Itisprovidedtotheend-usersaspartoftheapplication(e.
g.
,AuthGuard).
Themoduleisinstalledduringinstallationoftheapplication.
Theinstallationprocedureisdescribedintheinstallationmanualfortheapplication.
Inordertoaccessfunctionsofthemodule,theapplicationhastoexecutetheconstructorofclassAuthCryptoApibyinstantiatinganobjectofclassAuthCryptoApi.
TheconstructorofclassAuthCryptoApiis:publicAuthSecurityApi(intcrpytoType,inthashType,intcodeBook,intkeySize,intpadding)IfthevaluepassedintotheargumentinthashTypeisSHA(integervalue1,2,3,or4),thenthemoduleisoperatingintheApprovedmodeofoperation.
IfthevaluepassedintotheargumentinthashTypeisMD5(integervalue0),thenthemoduleisoperatinginthenon-Approvedmodeofoperation.
TheconstructorofclassAuthCryptoApiperformsallrequiredpower-upself-tests.
Ifallpower-upself-testsarepassed,thenaninternalflagwillbesettotrue.
Allotherpublicmethodsofthemodulecheckthisinternalflagandensureitistruebeforeperforminganyotherfunctions.
1Availableathttp://csrc.
nist.
gov/groups/STM/cmvp/documents/CMVPFAQ.
pdf.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage23of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
NoticethattheApprovedmodeconfigurationdescribedaboveistransparenttoanoperator.
Theconfigurationisperformedbytheclientapplication.
4.
3CSPZeroizationTheCryptoOfficershouldzeroizeCSPswhentheyarenolongerneeded.
SeeSection3.
6.
4ofthisdocumentfordetailsonCSPzeroization.
4.
4StatusMonitoringThemodule'scryptographicfunctionalityandsecurityservicesareprovidedviatheapplication.
Themoduleisnotmeanttobeusedwithoutanassociatedapplication.
End-userinstructionsandguidanceareprovidedintheusermanualandtechnicalsupportdocumentsoftheapplicationsoftware.
Althoughend-usersdonothaveprivilegestomodifyconfigurationsofthemodule,theyshouldmakesurethattheApprovedmodeofoperationisenforcedintheapplication,therebyensuringthatthepropercryptographicprotectionisprovided.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage24of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
5AcronymsTable8–AcronymsAcronymDefinitionAESAdvancedEncryptionStandardANSIAmericanNationalStandardsInstituteAPIApplicationProgrammingInterfaceBBVUByte-Bit-Veil-UnveilBIOSBasicInput/OutputSystemBitVUBit-Veil-UnveilByteVUByte-Veil-UnveilCBCCipherBlockChainingCD-ROMCompactDiscRead-OnlyMemoryCMVPCryptographicModuleValidationProgramCPUCentralProcessingUnitCSPCriticalSecurityParameterDESDataEncryptionStandardDRKDataRandomKeyDTDate/TimeECBElectronicCodebookEMCElectromagneticCompatibilityEMIElectromagneticInterferenceFCCFederalCommunicationsCommissionFIPSFederalInformationProcessingStandardGPCGeneral-PurposeComputerGUIGraphicalUserInterfaceHDDHardDriveHMACKeyed-HashMessageAuthenticationCodeIDEIntegratedDriveElectronicsIEEEInstituteofElectricalandElectronicsEngineersI/OInput/OutputIRInfraredISAInstructionSetArchitectureJARJavaARchivalJREJavaRuntimeEnvironmentJVMJavaVirtualMachineKATKnownAnswerTestSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage25of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
AcronymDefinitionMACMessageAuthenticationCodeN/ANotApplicableOSOperatingSystemPCIPeripheralComponentInterconnectRAMRandomAccessMemoryRNGRandomNumberGeneratorROMReadOnlyMemorySHASecureHashAlgorithmSRKSessionRandomKeyUARTUniversalAsynchronousReceiver/TransmitterUSBUniversalSerialBus
- settingsecondarylogon相关文档
- additionalsecondarylogon
- Logoffstatusmessagessecondarylogon
- POSIXsecondarylogon
- Levelsecondarylogon
- secondarylogon魔兽世界下载器不动Secondary Logon 在哪?
- secondarylogonSecondary Logon 等等是什么意思?
FBICDN,0.1元解决伪墙/假墙攻击,超500 Gbps DDos 防御,每天免费流量高达100G,免费高防网站加速服务
最近很多网站都遭受到了伪墙/假墙攻击,导致网站流量大跌,间歇性打不开网站。这是一种新型的攻击方式,攻击者利用GWF规则漏洞,使用国内服务器绑定host的方式来触发GWF的自动过滤机制,造成GWF暂时性屏蔽你的网站和服务器IP(大概15分钟左右),使你的网站在国内无法打开,如果攻击请求不断,那么你的网站就会是一个一直无法正常访问的状态。常规解决办法:1,快速备案后使用国内服务器,2,使用国内免备案服...
RAKsmart秒杀服务器$30/月,洛杉矶/圣何塞/香港/日本站群特价
RAKsmart发布了9月份优惠促销活动,从9月1日~9月30日期间,爆款美国服务器每日限量抢购最低$30.62-$46/月起,洛杉矶/圣何塞/香港/日本站群大量补货特价销售,美国1-10Gbps大带宽不限流量服务器低价热卖等。RAKsmart是一家华人运营的国外主机商,提供的产品包括独立服务器租用和VPS等,可选数据中心包括美国加州圣何塞、洛杉矶、中国香港、韩国、日本、荷兰等国家和地区数据中心(...
PhotonVPS:$4/月,KVM-2GB/30GB/2TB/洛杉矶&达拉斯&芝加哥等
很久没有分享PhotonVPS的消息,最近看到商家VPS主机套餐有一些更新所以分享下。这是一家成立于2008年的国外VPS服务商,Psychz机房旗下的站点,主要提供VPS和独立服务器等,数据中心包括美国洛杉矶、达拉斯、芝加哥、阿什本等。目前,商家针对Cloud VPS提供8折优惠码,优惠后最低2G内存套餐每月4美元起。下面列出几款主机配置信息。CPU:1core内存:2GB硬盘:30GB NVm...
secondarylogon为你推荐
-
回收站在哪回收站在系统的哪文件夹郭吉军新媒体营销的咨询行业有哪些好的老师?96155北京住房公积金电话96155经常没人接?在线漏洞检测网站检测工具,谁有?中国电信互联星空中国电信互联星空是什么!怎么取消拂晓雅阁推荐一些好玩的贴图论坛godaddyGodaddy域名怎么接受qq怎么发邮件如何通过QQ发送邮件rewritebase为什么我写.htaccess这个 rewriterule 进入死循环了,高手帮忙修改微信电话本怎么用微信电话本如何使用?