settingsecondarylogon
secondarylogon 时间:2021-02-26 阅读:()
2008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
Authernative,Inc.
AuthernativeCryptographicModuleSoftwareVersion:1.
0.
0FIPS140-2SecurityPolicyLevel1ValidationDocumentVersion1.
1Preparedfor:Preparedby:Authernative,Inc.
CorsecSecurity,Inc.
201RedwoodShoresParkway,Suite275RedwoodCity,CA9406510340DemocracyLane,Suite201Fairfax,VA22030Phone:(650)587-5263Phone:(703)267-6050Fax:(650)587-5259Fax:(703)267-6810http://www.
authernative.
comhttp://www.
corsec.
comSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage2of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
RevisionHistoryVersionModificationDateModifiedByDescriptionofChanges0.
12007-09-21XiaoyuRuanInitialdraft0.
22008-01-10XiaoyuRuanAddedECBBlockCipher.
class;removedDESEngine.
class0.
32008-01-23XiaoyuRuanAddedzeroizemethod;PutCAVPnumbers0.
42008-01-25XiaoyuRuanAddressedLabcomments0.
52008-02-05XiaoyuRuanAddressedLabcomments1.
02008-05-01XiaoyuRuanAddressCMVPcomments1.
12008-05-09XiaoyuRuanAddressCMVPcommentsSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage3of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
TableofContents1INTRODUCTION61.
1PURPOSE.
61.
2REFERENCES.
61.
3DOCUMENTORGANIZATION62AUTHGUARDANDPASSENABLER.
72.
1OVERVIEW.
72.
2CLIENT-SERVERENCRYPTIONANDAUTHENTICATION.
82.
3BITVU,BYTEVU,ANDBBVU.
93AUTHERNATIVECRYPTOGRAPHICMODULE103.
1OVERVIEW.
103.
2MODULEINTERFACES.
103.
3ROLESANDSERVICES.
143.
4PHYSICALSECURITY193.
5OPERATIONALENVIRONMENT.
193.
6CRYPTOGRAPHICKEYMANAGEMENT.
193.
6.
1KeyGeneration.
203.
6.
2KeyInput/Output203.
6.
3KeyStorageandProtection.
203.
6.
4KeyZeroization.
203.
7EMI/EMC203.
8SELF-TESTS213.
9MITIGATIONOFOTHERATTACKS.
214SECUREOPERATION.
224.
1OPERATINGSYSTEMCONFIGURATION224.
2APPROVEDMODECONFIGURATION224.
3CSPZEROIZATION.
234.
4STATUSMONITORING.
235ACRONYMS.
24SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage4of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
TableofFiguresFIGURE1–COMPONENTSOFTHEAUTHGUARDPRODUCT.
8FIGURE2–LOGICALCRYPTOGRAPHICBOUNDARY11FIGURE3–LOGICALCRYPTOGRAPHICBOUNDARYANDINTERACTIONSWITHSURROUNDINGCOMPONENTS12FIGURE4–PHYSICALBLOCKDIAGRAMOFASTANDARDGPC13SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage5of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
TableofTablesTABLE1–BINARYFORMOFTHEMODULE10TABLE2–SECURITYLEVELPERFIPS140-2SECTION.
10TABLE3–AUTHERNATIVECLASSESINAUTHCRYPTOAPI.
JAR.
11TABLE4–LOGICAL,PHYSICAL,ANDMODULEINTERFACEMAPPING.
13TABLE5–CRYPTOOFFICERSERVICES15TABLE6–USERSERVICES.
16TABLE7–LISTOFCRYPTOGRAPHICKEYS,CRYPTOGRAPHICKEYCOMPONENTS,ANDCSPS.
19TABLE8–ACRONYMS24SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage6of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
1Introduction1.
1PurposeThisdocumentisanon-proprietaryCryptographicModuleSecurityPolicyfortheAuthernativeCryptographicModulefromAuthernative,Inc.
ThisSecurityPolicydescribeshowtheAuthernativeCryptographicModulemeetsthesecurityrequirementsofFIPS140-2andhowtorunthemoduleinasecureFIPS140-2modeofoperation.
ThispolicywaspreparedaspartoftheLevel1FIPS140-2validationoftheAuthernativeCryptographicModule.
FIPS140-2(FederalInformationProcessingStandardsPublication140-2–SecurityRequirementsforCryptographicModules)detailstheU.
S.
andCanadiangovernmentrequirementsforcryptographicmodules.
MoreinformationabouttheFIPS140-2standardandvalidationprogramisavailableontheNationalInstituteofStandardsandTechnology(NIST)CryptographicModuleValidationProgram(CMVP)websiteat:http://csrc.
nist.
gov/groups/STM/index.
html.
Inthisdocument,theAuthernativeCryptographicModuleisreferredtoas"themodule".
TheapplicationrepresentsAuthernative'ssoftwareproducts,suchasAuthGuard,linkedwiththecryptographicmethodsprovidedbytheAuthernativeCryptographicModule.
1.
2ReferencesThisdocumentdealsonlywiththeoperationsandcapabilitiesofthemoduleinthetechnicaltermsofaFIPS140-2cryptographicmodulesecuritypolicy.
Moreinformationisavailableonthemodulefromthefollowingsources:TheAuthernativewebsite(http://www.
authernative.
com/)containsinformationonthefulllineofproductsfromAuthernative.
TheCMVPwebsite(http://csrc.
nist.
gov/groups/STM/index.
html)containscontactinformationforanswerstotechnicalorsales-relatedquestionsforthemodule.
1.
3DocumentOrganizationTheSecurityPolicydocumentisonedocumentinaFIPS140-2submissionpackage.
Inadditiontothisdocument,theSubmissionPackagecontains:VendorEvidenceFiniteStateMachineOthersupportingdocumentationasadditionalreferencesThisSecurityPolicyandtheothervalidationsubmissiondocumentationhavebeenproducedbyCorsecSecurity,Inc.
undercontracttoAuthernative.
WiththeexceptionofthisNon-ProprietarySecurityPolicy,theFIPS140-2ValidationDocumentationisproprietarytoAuthernativeandisreleasableonlyunderappropriatenon-disclosureagreements.
Foraccesstothesedocuments,pleasecontactAuthernative.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage7of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
2AuthGuardandPassEnablerAuthernative,Inc.
isasoftwarecompanythatdevelops,markets,andsellsenterpriseandconsumerlevelsecuritysolutions.
Authernative'sgrantedandpendingU.
S.
andInternationalpatentsintheareaofprivateandsecurefinancialtransactions,authenticationalgorithms,protocols,andencryptionschemesarethefoundationforthecompanytechnologyandcommercialproductofferings.
Authernativeprovidesintegratedsecuritysolutionsforidentitymanagement,strongauthenticationtoaccessnetworkresources,andefficientauthorization,administrationandauditingcontrol.
Authernativeapproachessecurityasacomplexsystemhavingscientific,technological,engineering,marketing,andsocialcomponents.
Thecompanybelievesthatonlyaharmonizedmixtureofthesecomponentsimplementedinsecurityproductsandbackedwithexcellentservicescanbringlong-lastingsuccessandcustomersatisfaction.
Authernativecurrentlysellstwoseparateandcomplementaryproducts:AuthGuardandPassEnabler.
BothAuthGuardandPassEnablerareapplicationsthatusetheAuthernativeCryptographicModule.
However,AuthGuardandPassEnablerarenotbeingvalidatedforFIPScompliancebecausealltheirsecurity-relevantfunctionsareprovidedbytheAuthernativeCryptographicModule.
2.
1OverviewAuthGuardisanauthenticationproduct.
Itprovidesanauthenticationserverthatsupportsandmanagesmultipleauthenticationoptions.
ThoseoptionsallowAuthGuardtooffermultifactorauthentication,strongauthentication,orlayeredauthenticationservices.
PassEnablerallowsadministratorstodefinewhatresourcesauthorizedusershaveaccesstoandprovidesasecureauthorization,administration,auditing,andwebsingle-sign-onengine.
PassEnablerisintegratedwithAuthGuard.
PassEnablerenablescorporateidentityandaccessmanagementusingtheauthenticationcapabilitiesofAuthGuard.
AuthGuardandPassEnablercanbeusedeitherseparatelyortogetherascomplementarytoolswithinatoolsuite.
TheAuthGuardproductisimplementedusingfivecomponents(asdepictedinFigure1):AuthGuardServerAdministrativeUtilityConfigurationUtilityLicensingAuthGuardClientThecentralcomponentistheAuthGuardServer,whichprovidesauthenticationservicesinanetworkedenvironment.
UsersattemptingtoaccessvarioussystemsareredirectedtotheAuthGuardServer.
ThisprovidesthemwithaGraphicalUserInterface(GUI)toperformauthentication.
TheGUIisprovidedbydownloadingtheAuthGuardClienttoabrowser.
TheAuthGuardClientGUIchangesdependingonwhatformsofauthenticationarebeingperformed,andcommunicateswiththeAuthGuardServer.
AuthernativehasdevelopedtwoutilitiestomanagetheAuthGuardproduct.
ThefirstutilityistheAdministrativeUtility,whichprovidesanadministrativeconsoleformanagementoftheAuthGuardServer.
TheAdministrativeUtilityprovidesaGUItotweakroughlyfiftyoptionsandfeaturesoftheconfigurationoftheAuthGuardServer,settingtheuserpermissionsandauthentication.
AnadministratorusestheAdministrativeUtilitytoinitiallyconfigurethesystem.
ThesecondutilityistheConfigurationUtility,whichisadesktopconfigurationtoolthatgivestheadministratortheabilitytoperformuseraccountprovisioning,manageroles,createusers,andperformauditing.
TheConfigurationUtilityalsoallowsauditingtobeperformedonusersandadministratoractivitiesonthenetworkfromdataintheAuthGuardServer'slogs.
TheproductallowsausertoviewnetworkresourcesandtodefineresourcesthatareplacedunderAuthGuard'sauthenticationcontrol.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage8of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
Figure1–ComponentsoftheAuthGuardProduct2.
2Client-ServerEncryptionandAuthenticationCommunicationsbetweentheAuthGuardServerandtheAuthGuardClientareencryptedusingtheAdvancedEncryptionStandard(AES)algorithm.
TheAuthGuardServerisimplementedasaJavaservletwithinanApacheTomcatcontainer,andcontainsallrequiredsecurityfunctionality.
TheAuthGuardClientisdistributedasaJavaappletbytheAuthGuardServer.
Theappletisloadedintoauser'sbrowser.
TheClientthenprovidesthecompleteuserGUIandperformstheencryptionoperationsenablingsecurecommunicationswiththeAuthGuardServer.
Furthermore,theappletprovidesinterfacesappropriatetotheadministrator-selectedauthenticationmethodsandguidestheuserthroughauthenticationtotheAuthGuardServerandaccesstoresources.
NetworkusersencountertheAuthGuardServerwhentheybringupabrowserandrequestaccesstoanauthenticatedresource.
TheserequestsareredirectedbytheresourcetotheAuthGuardServeriftherequesthasnotyetbeenauthenticated.
Optionally,userscanpointdirectlytoanAuthGuardServertobeginauthenticationsteps.
Oncecontacted,theAuthGuardServersendsbacktheClientapplettotheuseralongwithaSessionRandomKey(SRK),whichcanbeeitheranAESoratripleDataEncryptionStandard(DES)key.
TheSRKsareusedtoinitializesecuresessions,andarecreatedbytheAuthGuardServer.
WhentheservletfortheAuthGuardServerisinitialized,itstartsgeneratinganewstoreofSRKsdestinedforfutureuse.
TheSRKsareplacedinanarraythatisconstantlyupdatedbytheServer,andSRKscreatedbytheServerareassignedalifetime.
AfteranSRKhasexpired,itwillnotbeusedtosecureanewconnection.
EachSRKisassociatedwithanarrayofDataRandomKeys(DRKs),whichiscreatedforaparticularsession.
ThearrayofDRKsiserasediftheSRKiserased.
TheServercanbeconfiguredtocreateaspecificnumberofSRKs,andwillthenupdatethemperiodically.
Foranindividualsession,asingleunusedSRKisselected,andthensenttotheclientintheclearencodedasanarrayofbytesinaJavaclass.
TheSRKisthenusedbytheClienttoinitiatethesessionbetweentheClientandtheServer.
TheClientfirstobtainsausernamefromtheGUI,andsendsthistotheserverencryptedwiththeSRK.
TheServerreceivesthisanddecryptstheusername.
AftertheexchangeofausernameandSRK,theServerselectsaDRKfromthearrayassociatedwiththeSRK,andsendsittotheClientencryptedwiththeSRK.
Theencryptedbitsareadditionallybyte-veiled,orbit-veiledasdescribedinthenextsubsection.
Atthispoint,theClientretrievestheDRK,anddisplaysaGUItotheusertocollectpasswordinformation.
Meanwhile,theClienthashestheDRK,encryptsthehashwiththeDRK,andsendstheresultbacktotheServertoindicatethattheDRKwassuccessfullyreceivedanddecrypted.
TheServerchecksthatthisiscorrectbycomputingthesamevalue.
Atthispoint,theServerandClienthaveexchangedanSRK,DRK,andusernamebuthavenotauthenticatedeitherside,orexchangedakeynotsubjecttoman-in-the-middleattacks.
Now,theServerselectsasecondDRK(DRK2)fromtheDRKarray.
Theserverthenretrievestheuser'spasswordinformationfromitsdatabase.
TheServerthenencryptsDRK2withDRKandbit-veils,byte-veils,orbothintoaconversionarrayusingvaluesfromaRandomNumberGenerator(RNG)seededwiththeuser'spasswordinformation.
ThisistransmittedtotheClientwhocanthenusethesamepasswordinformationtoreconstructDRK2.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage9of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
TheClientthenhashesDRK2,hidesitinaconversionarrayusingthepasswordinformation,encryptstheconversionarraywithDRK2,andsendsitbacktotheservertoindicatehehasDRK2.
ThisstepperformsClientauthenticationbasedonpossessionoftheuser'spasswordinformation,andsharesDRK2withbothsides.
ThesamestepisthenperformedbytheServertoauthenticatetheServertotheClientusingDRK2andtheServerpassword.
TheServersendsahashofDRK2inaconversionarrayusingtheServerpasswordtoseedtheRNGforbit-orbyte-veiling,andencryptingthearraywithDRK2.
TheClientalreadyhastheServerpasswordandusesittoauthenticatetheServer.
Atthispointclienthaveperformedmutualauthentication,andshareasessionencryptionkey.
Userpasswordinformationcanbeasimplepassword,orcanuseAuthernative'spassline(achosenpatterninagrid),pass-step(anout-of-bandchallengesenttoemailorphonetobeentered),crossline(achallengeembeddedinagrid),orpassfield(image,colors,andagrid).
Eachoftheseprocessesallowstheusertoselectsecretpasswordinformation,allorpartofwhichcanbeprovidedinresponsetochallenges.
TheauthenticationstepofexchangingaDRKusingpasswordinformationforthebit-andbyte-veilingcanbeiteratedasoftenasdesiredtoprovideaDRK3,DRK4,etc.
Securitycanbelayeredtousemultipleauthenticationsteps,wheredifferentpasswordinformationformsareemployed.
Forexample,ausercouldemploybothasimplepasswordandusepassline.
ThepasswordwouldbeusedforDRK2,andthenpasslinewouldbeusedforDRK3,andthatexchangewouldalsodependuponDRK2.
Atthispoint,theDRKarenotusedbyAuthGuardforsecuredataencryption,andaresimplytreatedasabyproductoftheauthentication.
OtherproductsmayinthefutureusetheDRKsforsecurecontentexchange,buttheyarecurrentlyusedonlyforauthentication.
2.
3BitVU,ByteVU,andBBVUAuthernativehassecuredthreepatentsontheprocessesdescribedabove,withclaimsinthepatentsthatcovertheuseofaconversionarray,keygeneration,andbit-andbyte-veiling.
Theprocessof"Bit-Veil-Unveil(BitVU),Byte-Veil-Unveil(ByteVU),andByte-Bit-Veil-Unveil(BBVU)"mentionedabovearethesubjectofthepatents,andareintegraltotheauthenticationprocess.
TheBitVUandByteVUprocessestakeanarrayofrandomdataandeffectivelyhideorinterspersemessagedatawithinthearray.
Thearrayofrandomdatawiththeinterspersedmessagesisreferredtoasaconversionarray,andmaybefurtherencryptedbeforetransmissionwithintheAuthGuardschemesdescribed.
ThelocationsofthemessagedatawithintheconversionarrayaredeterminedbyadeterministicRNGseededwithasecretvalue.
TwopartiesthatsharethissecretvaluecanbothusethesameRNGtocomputethelocationsofthedatawithintheconversionarray.
TheprocessofByteVUinvolvesgeneratingaconversionarray,and"veiling"individualbytesofthemessagedatabysparselydistributingthemthroughtheconversionarray.
TheprocessofBitVUdoesthesame,butonabit-wisebasis.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage10of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
3AuthernativeCryptographicModule3.
1OverviewThemodulewasdevelopedandtestedonMicrosoftWindowsXP(ServicePackage2)withSunJavaRuntimeEnvironment(JRE)1.
5.
ThemodulecanrunonanyJavaVirtualMachine(JVM)regardlessofoperatingsystem(OS)andcomputerarchitecture.
TheminimumversionoftheJREsupportedbythemoduleis1.
5.
LogicallythemoduleisasingleJavaARchival(JAR),AuthCryptoApi.
jar.
Table1showstheOSandnameofthebinaryfile.
Table1–BinaryFormoftheModuleWhenOperatingSystemBinaryFileNameDevelopmentWindowsXPwithSunJRE1.
5AuthCryptoApi.
jarRuntimeAnyJVMwithJRE1.
5orlaterregardlessofOSandcomputerarchitectureAuthCryptoApi.
jarThemoduleisstoredontheharddiskandisloadedinmemorywhenaclientapplicationcallscryptographicservicesexportedbythemodule.
Asofthiswriting,theclientapplicationisAuthGuard.
However,Authernativemaydevelopmoreapplicationsmakinguseofthemoduleinthefuture.
WhenoperatingintheApprovedmodeofoperation,theAuthernativeCryptographicModuleisvalidatedatFIPS140-2sectionlevelsshowninTable1.
NotethatinTable2,EMIandEMCmeanElectromagneticInterferenceandElectromagneticCompatibility,respectively,andN/Aindicates"NotApplicable".
Table2–SecurityLevelperFIPS140-2SectionSectionSectionTitleLevel1CryptographicModuleSpecification12CryptographicModulePortsandInterfaces13Roles,Services,andAuthentication14FiniteStateModel15PhysicalSecurityN/A6OperationalEnvironment17CryptographicKeyManagement18EMI/EMC19Self-Tests110DesignAssurance111MitigationofOtherAttacksN/A3.
2ModuleInterfacesThemodule,AuthCryptoApi.
jar,providesclientapplicationswithasetofcryptographicservicesintheformofApplicationProgrammingInterface(API)calls.
Figure2showsthelogicalcryptographicboundaryforthemodule.
ThemoduleisaJARfilethatconsistsof42javaclasses.
Outofthe42classes,29areBouncyCastleclassesthatimplementunderlyingcryptographicalgorithms.
BouncyCastleisanopen-sourceJavalibraryavailableatSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage11of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
http://www.
bouncycastle.
org/.
TheBouncyCastleclassesdonothavepublicmethods.
Theother13classes,developedbyAuthernative,implementpublicmethodsofthemodule.
TheJARfilemanifest,MANIFEST.
MF,containsthesignatureoftheJAR(usedinthepower-upintegritytest).
Figure2–LogicalCryptographicBoundaryThedescriptionsoftheAuthernativeclassesaredescribedinTable3–AuthernativeClassesinAuthCryptoApi.
jar.
Acompletelistofexportedmethodsisavailableinthemodule'sAPIreferencemanual.
Table3–AuthernativeClassesinAuthCryptoApi.
jarClassDescriptionAuthApiException.
classTheclassimplementstheexceptionthrownwhenandifthereisanerrorstateintheAPI.
AuthApiStatus.
classTheclassimplementsmethodsthatreportconfigurationsandstatusoftheAPI.
AuthCryptoApi.
classThisisthecoreAPIclassandcontainsallthepublicmethods.
Thisclasssimplycollectstheinterfacesintoasingleobject.
Mostofthefunctionsofthemoduleareimplementedbytheotherclasses.
Base64.
classTheclassimplementsthebase64encodinganddecodingmethods.
ConversionArray.
classTheclassimplementsAuthernative'spatentedBitVU,ByteVU,andBBVUtechnology.
SeeSection2.
3ofthisdocumentforadescriptionofthistechnique.
CryptoFunctions.
classTheclasscontainsallthecryptographicfunctionsrealizedbythemodule.
KeyGen$KeyThread.
classTheclassisasubclassoftheKeyGenclass.
Thisclassimplementsthemechanismofgeneratinganewkeyevery60seconds.
KeyGen.
classTheclassimplementskeygenerationmethods.
LicParams.
classTheclassstoresthelicensinginformationofthemodule.
RCConst.
classTheclasscontainsallthereturncodesfortheAPIerrorsforusewiththeAuthApiExceptionclass.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage12of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
ClassDescriptionSecureRNG.
classTheclassimplementstheAmericanNationalStandardsInstitute(ANSI)X9.
31AppendixA.
2.
4RNG.
AuthCipher.
classThisisanAuthernativewrapperclasstoenhanceusabilityforalloftheBouncyCastlecipherfunctionality.
AuthDigest.
classThisisanAuthernativewrapperclasstoenhanceusabilityforalloftheBouncyCastledigestfunctionality.
Themodule'sinteractionswithsurroundingcomponents,includingCentralProcessingUnit(CPU),harddisk,memory,clientapplication,andtheOSaredemonstratedinFigure3.
Figure3–LogicalCryptographicBoundaryandInteractionswithSurroundingComponentsThemoduleisvalidatedforuseontheplatformslistedinthesecondcolumnofTable1.
Inadditiontothebinaries,thephysicaldeviceconsistsoftheintegratedcircuitsofthemotherboard,theCPU,RandomAccessMemory(RAM),Read-OnlyMemory(ROM),computercase,keyboard,mouse,videointerfaces,expansioncards,andotherhardwarecomponentsincludedinthecomputersuchasharddisk,floppydisk,CompactDiscROM(CD-ROM)drive,powersupply,andfans.
Thephysicalcryptographicboundaryofthemoduleistheopaquehardmetalandplasticenclosureoftheserverrunningthemodule.
Theblockdiagramforastandardgeneral-purposecomputerSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage13of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
(GPC)isshowninFigure4.
Notethatinthisfigure,I/OmeansInput/Output,BIOSstandsforBasicInput/OutputSystem,PCIstandsforPeripheralComponentInterconnect,ISAstandsforInstructionSetArchitecture,andIDErepresentsIntegratedDriveElectronics.
Figure4–PhysicalBlockDiagramofaStandardGPCAllofthesephysicalportsareseparatedintologicalinterfacesdefinedbyFIPS140-2,asdescribedinTable3.
Table4–Logical,Physical,andModuleInterfaceMappingLogicalInterfacePhysicalPortMappingModuleMappingDataInputKeyboard,mouse,CD-ROM,floppydisk,andserial/USB/parallel/networkportsArgumentsforAPIcallsthatcontaindatatobeusedorprocessedbythemoduleDataOutputHardDisk,floppydisk,monitor,andserial/USB/parallel/networkportsArgumentsforAPIcallsthatcontainmoduleresponsedatatobeusedorprocessedbythecallerControlInputKeyboard,CD-ROM,floppydisk,mouse,andserial/USB/parallel/networkportAPIcallsStatusOutputHarddisk,floppydisk,monitor,andserial/USB/parallel/networkportsArgumentsforAPIcalls,returnvalue,errormessageSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage14of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
3.
3RolesandServicesTheoperatorsofthemodulecanassumetworolesasrequiredbyFIPS140-2:aCryptoOfficerroleandaUserrole.
Theoperatorofthemoduleassumeseitheroftherolesbasedontheoperationsperformed.
Theoperatorisnotrequiredtoauthenticatetothemodulebeforeaccessingservices.
ThemoduleprovidesanAPIforclientapplications.
Table5–CryptoOfficerServicesshowsthepublicmethodsthatarerunbytheCryptoOfficerrole.
Themethodnameisshowninthefirstcolumn("Service").
Itsfunctionisdescribedinthesecondcolumn("Description").
EachmethodexportedbythemoduleisanindividualCryptoOfficerservice.
Userservices(seeTable6–UserServices)arealsoavailabletotheCryptoOfficerrole.
Table6–UserServicesshowsthepublicmethodsthatarerunbytheUserrole.
SimilartoTable5–CryptoOfficerServices,themethodnameisshowninthefirstcolumn("Service").
Itsfunctionisdescribedinthesecondcolumn("Description").
EachmethodexportedbythemoduleisanindividualUserservice.
UserservicesarealsoavailabletotheCryptoOfficerrole.
TheCriticalSecurityParameters(CSPs)mentionedintherightmostcolumnscorrespondtotheoneslistedinTable7–ListofCryptographicKeys,CryptographicKeyComponents,andCSPs.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage15of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
Table5–CryptoOfficerServicesServiceDescriptionInputOutputCSPandTypeofAccessInstallationToinstallthemoduleCommandStatusNoneUninstallationTouninstallthemoduleCommandStatusAllCSPs–overwriteAuthCryptoApiTheAPI'sonlyconstructor.
TheinstanceoftheAPIwillbedefinedbytheparametersthatarepassedinCryptotype,hashtype,cryptomode,keysize,paddingschemeStatusNonegetInstanceThismethodisprovidedforsingletonuseoftheAPICryptotype,hashtype,cryptomode,keysize,paddingschemeStatus,theinstanceofAutghCryptoApiNoneprintByteArrayPrintsoutabytearrayinhexadecimalnotationTextstring,bytearrayStatus,theprintoutNoneprintByteArrayPrintsoutabytearrayinhexadecimalnotationBytearrayStatus,theprintoutNonehexStrToByteArrayConvertsahexadecimalstringintoabytearrayHexadecimalstringStatus,bytearrayNonecheckLicenseChecksthelicenseLicensestringfromapplication,clientinformationStatusNonegetStatusGetsinformationandconfigurationabouttheAPINoneStatus,APIobjectinformationandconfigurationNonesetSeedSetstheseed,date/time(DT)value,andTripleDESkeytorandomnumbers(generatedbythenon-ApprovedRNG)fortheANSIX9.
31RNGNoneStatusANSIX9.
31RNGseedforkeygenerationmethods–write,overwriteANSIX9.
31RNGDTvalueforkeygenerationmethods–write,overwriteANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–write,overwritesetSeedSetstheTripleDESkeytospecifiedvaluesfortheANSIX9.
31RNGTripleDESkeyStatusANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–write,overwriteSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage16of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
ServiceDescriptionInputOutputCSPandTypeofAccesssetSeedSetstheseed,DTvalue,andTripleDESkeytospecifiedvaluesfortheANSIX9.
31RNGSeed,TripleDESkey,DTvalueStatusANSIX9.
31RNGseedforkeygenerationmethods–write,overwriteANSIX9.
31RNGDTvalueforkeygenerationmethods–write,overwriteANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–write,overwritenextIntGeneratesarandomnumberNoneStatus,randomnumberANSIX9.
31RNGseedforkeygenerationmethods–readANSIX9.
31RNGDTvalueforkeygenerationmethods–readANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–readnextIntGeneratesarandomnumberbetweenzeroandthespecifiedintegerAninteger(rangeoftherandomnumber)Status,randomnumberANSIX9.
31RNGseedforkeygenerationmethods–readANSIX9.
31RNGDTvalueforkeygenerationmethods–readANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–readnextBytesGeneratesarandomnumberarrayPointertoabytearrayStatus,randomnumberarrayANSIX9.
31RNGseedforkeygenerationmethods–readANSIX9.
31RNGDTvalueforkeygenerationmethods–readANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–readzeroizeZeroizesCSPsNoneStatusAllCSPsinHashMapandfilesystem–overwriteTable6–UserServicesServiceDescriptionInputOutputCSPandTypeofAccesssetNumberOfKeysSetsthemaximumnumberofkeysthatthekeygeneratorwillcreatebeforerestartingatzeroNumberofkeysStatusNonesetPersistenceSetsthewaythekeyswillbesavedforthekeygeneratorMode(saveinkeysinfilesystemormemory)StatusNonesetPathSetsthelocationthatthekeyswillbesavedtothefilesystemPathofthefilesystemStatusNoneSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage17of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
ServiceDescriptionInputOutputCSPandTypeofAccessgetSecretKeyCreatesandreturnsaJavasecretkey(javax.
crypto.
SecretKey)NoneStatus,asecretkey(javax.
crypto.
SecretKey)AESkeyorTripleDESkeyforcalleruse–write,readgetRawKeyCreatesandreturnsaJavasecretkey(bytearray)NoneStatus,asecretkey(bytearray)AESkeyorTripleDESkeyforcalleruse–write,readstartKeyGenStartsathreadthatwillperformkeygenerationandsavethekeys.
Keyswillbegeneratedevery60secondsNoneStatusTripleDESkeyforveilingandunveilingmethods–writestopKeyGenStopsthekeygenerationNoneStatusTripleDESkeyforveilingandunveilingmethods–overwritegetSecretKeyFromReposGetsakey(javax.
crypto.
SecretKey)fromtherepositorythatiscreatedbythestartKeyGenmethodcallIndextotherepositoryStatus,asecretkey(javax.
crypto.
SecretKey)TripleDESkeyforveilingandunveilingmethods–readgetRawKeyFromReposGetsakey(bytearray)fromtherepositorythatiscreatedbythestartKeyGenmethodcallIndextotherepositoryStatus,asecretkey(bytearray)TripleDESkeyforveilingandunveilingmethods–readsetSecretKeySetsthesecretkey(bytearray)tobeusedincryptooperationsSecretkeyStatusAESkeyorTripleDESkeyforencryptionanddecryptionmethods–write,overwritesetSecretKeySetsthesecretkey(javax.
crypto.
SecretKey)tobeusedincryptooperationsSecretkeyStatusAESkeyorTripleDESkeyforencryptionanddecryptionmethods–write,overwritesetIVSetstheinitializationvectorifcryptousesCBCmodeInitializationvectorStatusNoneupdateHashUpdatesthecurrentmessageforhashingBytearrayaddedtothemessageStatusNonehashValuePerformsthefinalhashingformessageBytearrayaddedtothemessagebeforethefinalhashingisdoneStatus,hashvalueNoneupdateEncryptedUpdatesthecurrentplaintextforencryptionBytearrayaddedtotheplaintexttobeencryptedStatusNoneSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage18of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
ServiceDescriptionInputOutputCSPandTypeofAccessencryptValuePerformsthefinalencryptionfortheplaintextBytearrayaddedtotheplaintextbeforethefinalencryptionisdoneStatus,ciphertextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readdecryptValueDecryptsciphertextPlaintextStatus,plaintextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readencryptValueEncryptsplaintextwithspecifiedsecretkey(javax.
crypto.
SecretKey)Plaintext,secretkey(javax.
crypto.
SecretKey)Status,ciphertextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readdecryptValueDecryptsciphertextwithspecifiedsecretkey(javax.
crypto.
SecretKey)Ciphertext,secretkey(javax.
crypto.
SecretKey)Status,plaintextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readencryptValueEncryptsplaintextwithspecifiedsecretkey(bytearray)Plaintext,secretkey(bytearray)Status,ciphertextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readdecryptValueDecryptsciphertextwithspecifiedsecretkey(bytearray)Ciphertext,secretkey(bytearray)Status,plaintextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readencodePerformsBase64encodingonbytesBytestobeencodedEncodedbytesNoneencodePerformsBase64encodingonstringsStringstobeencodedEncodedstringNonedecodePerformsBase64decodingonbytesBytestobedecodedDecodedbytesNonedecodePerformsBase64decodingonstringsStringstobedecodedDecodedstringNoneveilDataHidesbits,bytes,orbitsandbytesinalargerarrayMode(bit,byte,orbitandbyte),bytearraytobehidden,TripleDESkeyfortheANSIX9.
31RNGConversionarraywithhiddenbytearrayTripleDESkeyforveilingandunveilingmethods–write,readunveilDataExtractsthedatafromconversionarrayMode(bit,byte,orbitandbyte),conversionarray,TripleDESkeyfortheANSIX9.
31RNGOriginalbytearrayTripleDESkeyforveilingandunveilingmethods–write,readSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage19of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
3.
4PhysicalSecurityTheAuthernativeCryptographicModuleisamulti-chipstandalonemodule.
Thephysicalsecurityrequirementsdonotapplytothismodule,sinceitispurelyasoftwaremoduleanddoesnotimplementanyphysicalsecuritymechanisms.
3.
5OperationalEnvironmentThemodulewastestedandvalidatedongeneral-purposeMicrosoftWindowsXPwithServicePackage2withSunJRE1.
5.
ThemodulecanrunonanyJVMregardlessofOSandcomputerarchitecture.
TheminimumversionoftheJREsupportedbythemoduleis1.
5.
ThemodulemustbeconfiguredinsingleusermodeaspertheinstructionsprovidedinSection4.
1ofthisdocument.
RecommendedconfigurationchangesforthesupportedOScanalsobefoundinSection4.
1.
3.
6CryptographicKeyManagementThemoduleimplementsthefollowingFIPS-approvedalgorithmsintheApprovedmodeofoperation.
SHA-1,SHA-256,SHA-384,SHA-512(certificate#725).
SHAmeansSecureHashAlgorithm.
HMAC-SHA-1(certificate#375).
HMACmeansKeyed-HashMessageAuthenticationCode.
TripleDES:112and168bits,inECBandCBCmodes(certificate#629).
ECBandCBCmeanElectronicCodebookandCipherBlockChaining,respectively.
AES:128,192,and256bits,inECBandCBCmodes(certificate#697)ANSIX9.
31AppendixA.
2.
4RNGwith2-keyTripleDES(certificate#408)IntheApprovedmodeofoperation,themoduleusesanon-ApprovedRNGtoseedtheANSIX9.
31RNG.
Thisnon-ApprovedRNGistheSecureRandomclassprovidedbytheJREandisnotimplementedbythemoduleitself.
Thenon-ApprovedRNGisoutsidethecryptographicboundaryofthemoduleandisusedbythemoduleonlyforseedingtheANSIX9.
31RNG.
Inthenon-Approvedmodeofoperation,themodulesupportsMD5.
ThemodulesupportsthefollowingCSPsintheApprovedmodeofoperation:Table7–ListofCryptographicKeys,CryptographicKeyComponents,andCSPsKeyKeyTypeGeneration/InputOutputStorageZeroizationUseTripleDESkeyforcalleruseTripleDESsymmetrickeysGeneratedbyANSIX9.
31RNGInplaintext1.
Plaintextinvolatilememory;2.
PlaintextinfilesystemZeroizedwhenthezeroizemethodiscalledUseisatthediscretionofthecallerAESkeyforcalleruseAESsymmetrickeyGeneratedbyANSIX9.
31RNGInplaintext1.
Plaintextinvolatilememory;2.
PlaintextinfilesystemZeroizedwhenthezeroizemethodiscalledUseisatthediscretionofthecallerTripleDESkeyforencryptionanddecryptionmethodsTripleDESsymmetrickeysInputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedafterencryptionordecryptionisdoneEncryptplaintextordecryptciphertextAESkeyforencryptionanddecryptionmethodsAESsymmetrickeyInputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedafterencryptionordecryptionisdoneEncryptplaintextordecryptciphertextSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage20of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
KeyKeyTypeGeneration/InputOutputStorageZeroizationUseTripleDESkeyforveilingandunveilingmethodsTripleDESsymmetrickeysInputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedafterveilingorunveilingisdoneVeilorunveildataANSIX9.
31RNGDTvalueforkeygenerationmethodsDate/timevariable1.
Generatedinternallybyretrievingsystemdate/timevalue2.
InputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedwhennewDTvalueisgeneratedGeneratekeysANSIX9.
31RNGTripleDESkeyforkeygenerationmethodsTripleDESsymmetrickeys1.
Generatedusingthenon-ApprovedRNG2.
InputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedwhennewTripleDESkeyisgeneratedGeneratekeysANSIX9.
31RNGseedforkeygenerationmethodsSeed1.
Generatedusingthenon-ApprovedRNG2.
InputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedwhennewseedisgeneratedGeneratekeysSoftwareintegritytestkey512-bitHMAC-SHA-1keyHardcodedNeverPlaintextinnonvolatilememoryZeroizedwhenthemoduleisuninstalledUsedinsoftwareintegritytest3.
6.
1KeyGenerationThemoduleusesanANSIX9.
31RNGwith2-keyTripleDEStogeneratecryptographickeys.
ThisRNGisaFIPS-ApprovedRNGasspecifiedinAnnexCtoFIPS140-2.
3.
6.
2KeyInput/OutputSymmetrickeysareinputtoandoutputfromthemoduleinplaintext.
Themoduledoesnotuseasymmetric-keycryptography.
3.
6.
3KeyStorageandProtectionKeysandotherCSPsarestoredinvolatilememoryorfilesysteminplaintext.
Allkeydataresidesininternallyallocateddatastructuresandcanonlybeoutputusingthemodule'sdefinedAPI.
TheOSandJREprotectmemoryandprocessspacefromunauthorizedaccess.
3.
6.
4KeyZeroizationGenerallyspeaking,CSPsresidesininternaldatastructuresthatarecleanedupbyJVM'sgarbagecollector.
Javahandlesmemoryinunpredictablewaysthataretransparenttotheuser.
TheCryptoOfficermaymanuallyinvokethezeroizationofkeysstoredinHashMapandfilesystembycallingthezeroizemethod.
3.
7EMI/EMCAlthoughthemoduleconsistsentirelyofsoftware,theFIPS140-2platformisaserverthathasbeentestedforandmeetsapplicableFederalCommunicationsCommission(FCC)EMIandEMCrequirementsforbusinessuseasdefinedinSubpartBofFCCPart15.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage21of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
3.
8Self-TestsThepower-upself-testsaretriggeredbyinstantiationofanobjectoftheAuthCryptoApiclass.
TheAuthernativeCryptographicModuleperformsthefollowingpower-upself-tests:SoftwareintegritytestusingHMAC-SHA-1KnownAnswerTest(KAT)on2-keyTripleDESinECBmodeKATon128-bitAESinECBmodeKATsonSHA-1,SHA-256,SHA-384,andSHA-512KATonANSIX9.
31RNGThemoduleimplementsthefollowingconditionalself-tests.
ContinuoustestfortheANSIX9.
31RNGContinuoustestforthenon-ApprovedRNGIftheself-testsfail,anexceptionwillbethrownonthefailure.
Theapplicationisthenalertedthattheself-testsfailed,andthemodulewillnotloadandwillenteranerrorstate.
Whenintheerrorstate,executionofthemoduleishaltedanddataoutputfromthemoduleisinhibited.
3.
9MitigationofOtherAttacksThissectionisnotapplicable.
NoclaimismadethatthemodulemitigatesagainstanyattacksbeyondtheFIPS140-2level1requirementsforthisvalidation.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage22of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
4SecureOperationTheAuthernativeCryptographicModulemeetsLevel1requirementsforFIPS140-2.
ThesubsectionsbelowdescribehowtoplaceandkeepthemoduleintheApprovedmodeofoperation.
4.
1OperatingSystemConfigurationTheuserofthemoduleisasoftwareapplication.
FIPS140-2mandatesthatacryptographicmodulebelimitedtoasingleuseratatime.
AsingleinstantiationoftheAuthernativeCryptographicModuleshallonlybeaccessedbyoneclientapplication,whichistheUserofthisinstantiationoftheAuthernativeCryptographicModule.
Forenhancedsecurity,itisrecommendedthattheCryptoOfficerconfiguretheOStodisallowremotelogin.
ToconfigureWindowsXPtodisallowremotelogin,theCryptoOfficershouldensurethatallremoteguestaccountsaredisabledinordertoensurethatonlyonehumanoperatorcanlogintoWindowsXPatatime.
TheservicesthatneedtobeturnedoffforWindowsXPareFast-userswitching(irrelevantifserverisadomainmember)TerminalservicesRemoteregistryserviceSecondarylogonserviceTelnetserviceRemotedesktopandremoteassistanceserviceOnceWindowsXPhasbeenconfiguredtodisableremotelogin,theCryptoOfficercanusethesystem"Administrator"accounttoinstallsoftware,uninstallsoftware,andadministerthemodule.
ACMVPpublicdocument,FrequentlyAskedQuestionsfortheCryptographicModuleValidationProgram1,givesinstructionsinSection5.
3forconfiguringvariousUnix-basedoperatingsystemsforsingleusermode.
4.
2ApprovedModeConfigurationTheAuthernativeCryptographicModuleitselfisnotanend-userproduct.
Itisprovidedtotheend-usersaspartoftheapplication(e.
g.
,AuthGuard).
Themoduleisinstalledduringinstallationoftheapplication.
Theinstallationprocedureisdescribedintheinstallationmanualfortheapplication.
Inordertoaccessfunctionsofthemodule,theapplicationhastoexecutetheconstructorofclassAuthCryptoApibyinstantiatinganobjectofclassAuthCryptoApi.
TheconstructorofclassAuthCryptoApiis:publicAuthSecurityApi(intcrpytoType,inthashType,intcodeBook,intkeySize,intpadding)IfthevaluepassedintotheargumentinthashTypeisSHA(integervalue1,2,3,or4),thenthemoduleisoperatingintheApprovedmodeofoperation.
IfthevaluepassedintotheargumentinthashTypeisMD5(integervalue0),thenthemoduleisoperatinginthenon-Approvedmodeofoperation.
TheconstructorofclassAuthCryptoApiperformsallrequiredpower-upself-tests.
Ifallpower-upself-testsarepassed,thenaninternalflagwillbesettotrue.
Allotherpublicmethodsofthemodulecheckthisinternalflagandensureitistruebeforeperforminganyotherfunctions.
1Availableathttp://csrc.
nist.
gov/groups/STM/cmvp/documents/CMVPFAQ.
pdf.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage23of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
NoticethattheApprovedmodeconfigurationdescribedaboveistransparenttoanoperator.
Theconfigurationisperformedbytheclientapplication.
4.
3CSPZeroizationTheCryptoOfficershouldzeroizeCSPswhentheyarenolongerneeded.
SeeSection3.
6.
4ofthisdocumentfordetailsonCSPzeroization.
4.
4StatusMonitoringThemodule'scryptographicfunctionalityandsecurityservicesareprovidedviatheapplication.
Themoduleisnotmeanttobeusedwithoutanassociatedapplication.
End-userinstructionsandguidanceareprovidedintheusermanualandtechnicalsupportdocumentsoftheapplicationsoftware.
Althoughend-usersdonothaveprivilegestomodifyconfigurationsofthemodule,theyshouldmakesurethattheApprovedmodeofoperationisenforcedintheapplication,therebyensuringthatthepropercryptographicprotectionisprovided.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage24of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
5AcronymsTable8–AcronymsAcronymDefinitionAESAdvancedEncryptionStandardANSIAmericanNationalStandardsInstituteAPIApplicationProgrammingInterfaceBBVUByte-Bit-Veil-UnveilBIOSBasicInput/OutputSystemBitVUBit-Veil-UnveilByteVUByte-Veil-UnveilCBCCipherBlockChainingCD-ROMCompactDiscRead-OnlyMemoryCMVPCryptographicModuleValidationProgramCPUCentralProcessingUnitCSPCriticalSecurityParameterDESDataEncryptionStandardDRKDataRandomKeyDTDate/TimeECBElectronicCodebookEMCElectromagneticCompatibilityEMIElectromagneticInterferenceFCCFederalCommunicationsCommissionFIPSFederalInformationProcessingStandardGPCGeneral-PurposeComputerGUIGraphicalUserInterfaceHDDHardDriveHMACKeyed-HashMessageAuthenticationCodeIDEIntegratedDriveElectronicsIEEEInstituteofElectricalandElectronicsEngineersI/OInput/OutputIRInfraredISAInstructionSetArchitectureJARJavaARchivalJREJavaRuntimeEnvironmentJVMJavaVirtualMachineKATKnownAnswerTestSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage25of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
AcronymDefinitionMACMessageAuthenticationCodeN/ANotApplicableOSOperatingSystemPCIPeripheralComponentInterconnectRAMRandomAccessMemoryRNGRandomNumberGeneratorROMReadOnlyMemorySHASecureHashAlgorithmSRKSessionRandomKeyUARTUniversalAsynchronousReceiver/TransmitterUSBUniversalSerialBus
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
Authernative,Inc.
AuthernativeCryptographicModuleSoftwareVersion:1.
0.
0FIPS140-2SecurityPolicyLevel1ValidationDocumentVersion1.
1Preparedfor:Preparedby:Authernative,Inc.
CorsecSecurity,Inc.
201RedwoodShoresParkway,Suite275RedwoodCity,CA9406510340DemocracyLane,Suite201Fairfax,VA22030Phone:(650)587-5263Phone:(703)267-6050Fax:(650)587-5259Fax:(703)267-6810http://www.
authernative.
comhttp://www.
corsec.
comSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage2of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
RevisionHistoryVersionModificationDateModifiedByDescriptionofChanges0.
12007-09-21XiaoyuRuanInitialdraft0.
22008-01-10XiaoyuRuanAddedECBBlockCipher.
class;removedDESEngine.
class0.
32008-01-23XiaoyuRuanAddedzeroizemethod;PutCAVPnumbers0.
42008-01-25XiaoyuRuanAddressedLabcomments0.
52008-02-05XiaoyuRuanAddressedLabcomments1.
02008-05-01XiaoyuRuanAddressCMVPcomments1.
12008-05-09XiaoyuRuanAddressCMVPcommentsSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage3of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
TableofContents1INTRODUCTION61.
1PURPOSE.
61.
2REFERENCES.
61.
3DOCUMENTORGANIZATION62AUTHGUARDANDPASSENABLER.
72.
1OVERVIEW.
72.
2CLIENT-SERVERENCRYPTIONANDAUTHENTICATION.
82.
3BITVU,BYTEVU,ANDBBVU.
93AUTHERNATIVECRYPTOGRAPHICMODULE103.
1OVERVIEW.
103.
2MODULEINTERFACES.
103.
3ROLESANDSERVICES.
143.
4PHYSICALSECURITY193.
5OPERATIONALENVIRONMENT.
193.
6CRYPTOGRAPHICKEYMANAGEMENT.
193.
6.
1KeyGeneration.
203.
6.
2KeyInput/Output203.
6.
3KeyStorageandProtection.
203.
6.
4KeyZeroization.
203.
7EMI/EMC203.
8SELF-TESTS213.
9MITIGATIONOFOTHERATTACKS.
214SECUREOPERATION.
224.
1OPERATINGSYSTEMCONFIGURATION224.
2APPROVEDMODECONFIGURATION224.
3CSPZEROIZATION.
234.
4STATUSMONITORING.
235ACRONYMS.
24SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage4of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
TableofFiguresFIGURE1–COMPONENTSOFTHEAUTHGUARDPRODUCT.
8FIGURE2–LOGICALCRYPTOGRAPHICBOUNDARY11FIGURE3–LOGICALCRYPTOGRAPHICBOUNDARYANDINTERACTIONSWITHSURROUNDINGCOMPONENTS12FIGURE4–PHYSICALBLOCKDIAGRAMOFASTANDARDGPC13SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage5of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
TableofTablesTABLE1–BINARYFORMOFTHEMODULE10TABLE2–SECURITYLEVELPERFIPS140-2SECTION.
10TABLE3–AUTHERNATIVECLASSESINAUTHCRYPTOAPI.
JAR.
11TABLE4–LOGICAL,PHYSICAL,ANDMODULEINTERFACEMAPPING.
13TABLE5–CRYPTOOFFICERSERVICES15TABLE6–USERSERVICES.
16TABLE7–LISTOFCRYPTOGRAPHICKEYS,CRYPTOGRAPHICKEYCOMPONENTS,ANDCSPS.
19TABLE8–ACRONYMS24SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage6of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
1Introduction1.
1PurposeThisdocumentisanon-proprietaryCryptographicModuleSecurityPolicyfortheAuthernativeCryptographicModulefromAuthernative,Inc.
ThisSecurityPolicydescribeshowtheAuthernativeCryptographicModulemeetsthesecurityrequirementsofFIPS140-2andhowtorunthemoduleinasecureFIPS140-2modeofoperation.
ThispolicywaspreparedaspartoftheLevel1FIPS140-2validationoftheAuthernativeCryptographicModule.
FIPS140-2(FederalInformationProcessingStandardsPublication140-2–SecurityRequirementsforCryptographicModules)detailstheU.
S.
andCanadiangovernmentrequirementsforcryptographicmodules.
MoreinformationabouttheFIPS140-2standardandvalidationprogramisavailableontheNationalInstituteofStandardsandTechnology(NIST)CryptographicModuleValidationProgram(CMVP)websiteat:http://csrc.
nist.
gov/groups/STM/index.
html.
Inthisdocument,theAuthernativeCryptographicModuleisreferredtoas"themodule".
TheapplicationrepresentsAuthernative'ssoftwareproducts,suchasAuthGuard,linkedwiththecryptographicmethodsprovidedbytheAuthernativeCryptographicModule.
1.
2ReferencesThisdocumentdealsonlywiththeoperationsandcapabilitiesofthemoduleinthetechnicaltermsofaFIPS140-2cryptographicmodulesecuritypolicy.
Moreinformationisavailableonthemodulefromthefollowingsources:TheAuthernativewebsite(http://www.
authernative.
com/)containsinformationonthefulllineofproductsfromAuthernative.
TheCMVPwebsite(http://csrc.
nist.
gov/groups/STM/index.
html)containscontactinformationforanswerstotechnicalorsales-relatedquestionsforthemodule.
1.
3DocumentOrganizationTheSecurityPolicydocumentisonedocumentinaFIPS140-2submissionpackage.
Inadditiontothisdocument,theSubmissionPackagecontains:VendorEvidenceFiniteStateMachineOthersupportingdocumentationasadditionalreferencesThisSecurityPolicyandtheothervalidationsubmissiondocumentationhavebeenproducedbyCorsecSecurity,Inc.
undercontracttoAuthernative.
WiththeexceptionofthisNon-ProprietarySecurityPolicy,theFIPS140-2ValidationDocumentationisproprietarytoAuthernativeandisreleasableonlyunderappropriatenon-disclosureagreements.
Foraccesstothesedocuments,pleasecontactAuthernative.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage7of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
2AuthGuardandPassEnablerAuthernative,Inc.
isasoftwarecompanythatdevelops,markets,andsellsenterpriseandconsumerlevelsecuritysolutions.
Authernative'sgrantedandpendingU.
S.
andInternationalpatentsintheareaofprivateandsecurefinancialtransactions,authenticationalgorithms,protocols,andencryptionschemesarethefoundationforthecompanytechnologyandcommercialproductofferings.
Authernativeprovidesintegratedsecuritysolutionsforidentitymanagement,strongauthenticationtoaccessnetworkresources,andefficientauthorization,administrationandauditingcontrol.
Authernativeapproachessecurityasacomplexsystemhavingscientific,technological,engineering,marketing,andsocialcomponents.
Thecompanybelievesthatonlyaharmonizedmixtureofthesecomponentsimplementedinsecurityproductsandbackedwithexcellentservicescanbringlong-lastingsuccessandcustomersatisfaction.
Authernativecurrentlysellstwoseparateandcomplementaryproducts:AuthGuardandPassEnabler.
BothAuthGuardandPassEnablerareapplicationsthatusetheAuthernativeCryptographicModule.
However,AuthGuardandPassEnablerarenotbeingvalidatedforFIPScompliancebecausealltheirsecurity-relevantfunctionsareprovidedbytheAuthernativeCryptographicModule.
2.
1OverviewAuthGuardisanauthenticationproduct.
Itprovidesanauthenticationserverthatsupportsandmanagesmultipleauthenticationoptions.
ThoseoptionsallowAuthGuardtooffermultifactorauthentication,strongauthentication,orlayeredauthenticationservices.
PassEnablerallowsadministratorstodefinewhatresourcesauthorizedusershaveaccesstoandprovidesasecureauthorization,administration,auditing,andwebsingle-sign-onengine.
PassEnablerisintegratedwithAuthGuard.
PassEnablerenablescorporateidentityandaccessmanagementusingtheauthenticationcapabilitiesofAuthGuard.
AuthGuardandPassEnablercanbeusedeitherseparatelyortogetherascomplementarytoolswithinatoolsuite.
TheAuthGuardproductisimplementedusingfivecomponents(asdepictedinFigure1):AuthGuardServerAdministrativeUtilityConfigurationUtilityLicensingAuthGuardClientThecentralcomponentistheAuthGuardServer,whichprovidesauthenticationservicesinanetworkedenvironment.
UsersattemptingtoaccessvarioussystemsareredirectedtotheAuthGuardServer.
ThisprovidesthemwithaGraphicalUserInterface(GUI)toperformauthentication.
TheGUIisprovidedbydownloadingtheAuthGuardClienttoabrowser.
TheAuthGuardClientGUIchangesdependingonwhatformsofauthenticationarebeingperformed,andcommunicateswiththeAuthGuardServer.
AuthernativehasdevelopedtwoutilitiestomanagetheAuthGuardproduct.
ThefirstutilityistheAdministrativeUtility,whichprovidesanadministrativeconsoleformanagementoftheAuthGuardServer.
TheAdministrativeUtilityprovidesaGUItotweakroughlyfiftyoptionsandfeaturesoftheconfigurationoftheAuthGuardServer,settingtheuserpermissionsandauthentication.
AnadministratorusestheAdministrativeUtilitytoinitiallyconfigurethesystem.
ThesecondutilityistheConfigurationUtility,whichisadesktopconfigurationtoolthatgivestheadministratortheabilitytoperformuseraccountprovisioning,manageroles,createusers,andperformauditing.
TheConfigurationUtilityalsoallowsauditingtobeperformedonusersandadministratoractivitiesonthenetworkfromdataintheAuthGuardServer'slogs.
TheproductallowsausertoviewnetworkresourcesandtodefineresourcesthatareplacedunderAuthGuard'sauthenticationcontrol.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage8of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
Figure1–ComponentsoftheAuthGuardProduct2.
2Client-ServerEncryptionandAuthenticationCommunicationsbetweentheAuthGuardServerandtheAuthGuardClientareencryptedusingtheAdvancedEncryptionStandard(AES)algorithm.
TheAuthGuardServerisimplementedasaJavaservletwithinanApacheTomcatcontainer,andcontainsallrequiredsecurityfunctionality.
TheAuthGuardClientisdistributedasaJavaappletbytheAuthGuardServer.
Theappletisloadedintoauser'sbrowser.
TheClientthenprovidesthecompleteuserGUIandperformstheencryptionoperationsenablingsecurecommunicationswiththeAuthGuardServer.
Furthermore,theappletprovidesinterfacesappropriatetotheadministrator-selectedauthenticationmethodsandguidestheuserthroughauthenticationtotheAuthGuardServerandaccesstoresources.
NetworkusersencountertheAuthGuardServerwhentheybringupabrowserandrequestaccesstoanauthenticatedresource.
TheserequestsareredirectedbytheresourcetotheAuthGuardServeriftherequesthasnotyetbeenauthenticated.
Optionally,userscanpointdirectlytoanAuthGuardServertobeginauthenticationsteps.
Oncecontacted,theAuthGuardServersendsbacktheClientapplettotheuseralongwithaSessionRandomKey(SRK),whichcanbeeitheranAESoratripleDataEncryptionStandard(DES)key.
TheSRKsareusedtoinitializesecuresessions,andarecreatedbytheAuthGuardServer.
WhentheservletfortheAuthGuardServerisinitialized,itstartsgeneratinganewstoreofSRKsdestinedforfutureuse.
TheSRKsareplacedinanarraythatisconstantlyupdatedbytheServer,andSRKscreatedbytheServerareassignedalifetime.
AfteranSRKhasexpired,itwillnotbeusedtosecureanewconnection.
EachSRKisassociatedwithanarrayofDataRandomKeys(DRKs),whichiscreatedforaparticularsession.
ThearrayofDRKsiserasediftheSRKiserased.
TheServercanbeconfiguredtocreateaspecificnumberofSRKs,andwillthenupdatethemperiodically.
Foranindividualsession,asingleunusedSRKisselected,andthensenttotheclientintheclearencodedasanarrayofbytesinaJavaclass.
TheSRKisthenusedbytheClienttoinitiatethesessionbetweentheClientandtheServer.
TheClientfirstobtainsausernamefromtheGUI,andsendsthistotheserverencryptedwiththeSRK.
TheServerreceivesthisanddecryptstheusername.
AftertheexchangeofausernameandSRK,theServerselectsaDRKfromthearrayassociatedwiththeSRK,andsendsittotheClientencryptedwiththeSRK.
Theencryptedbitsareadditionallybyte-veiled,orbit-veiledasdescribedinthenextsubsection.
Atthispoint,theClientretrievestheDRK,anddisplaysaGUItotheusertocollectpasswordinformation.
Meanwhile,theClienthashestheDRK,encryptsthehashwiththeDRK,andsendstheresultbacktotheServertoindicatethattheDRKwassuccessfullyreceivedanddecrypted.
TheServerchecksthatthisiscorrectbycomputingthesamevalue.
Atthispoint,theServerandClienthaveexchangedanSRK,DRK,andusernamebuthavenotauthenticatedeitherside,orexchangedakeynotsubjecttoman-in-the-middleattacks.
Now,theServerselectsasecondDRK(DRK2)fromtheDRKarray.
Theserverthenretrievestheuser'spasswordinformationfromitsdatabase.
TheServerthenencryptsDRK2withDRKandbit-veils,byte-veils,orbothintoaconversionarrayusingvaluesfromaRandomNumberGenerator(RNG)seededwiththeuser'spasswordinformation.
ThisistransmittedtotheClientwhocanthenusethesamepasswordinformationtoreconstructDRK2.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage9of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
TheClientthenhashesDRK2,hidesitinaconversionarrayusingthepasswordinformation,encryptstheconversionarraywithDRK2,andsendsitbacktotheservertoindicatehehasDRK2.
ThisstepperformsClientauthenticationbasedonpossessionoftheuser'spasswordinformation,andsharesDRK2withbothsides.
ThesamestepisthenperformedbytheServertoauthenticatetheServertotheClientusingDRK2andtheServerpassword.
TheServersendsahashofDRK2inaconversionarrayusingtheServerpasswordtoseedtheRNGforbit-orbyte-veiling,andencryptingthearraywithDRK2.
TheClientalreadyhastheServerpasswordandusesittoauthenticatetheServer.
Atthispointclienthaveperformedmutualauthentication,andshareasessionencryptionkey.
Userpasswordinformationcanbeasimplepassword,orcanuseAuthernative'spassline(achosenpatterninagrid),pass-step(anout-of-bandchallengesenttoemailorphonetobeentered),crossline(achallengeembeddedinagrid),orpassfield(image,colors,andagrid).
Eachoftheseprocessesallowstheusertoselectsecretpasswordinformation,allorpartofwhichcanbeprovidedinresponsetochallenges.
TheauthenticationstepofexchangingaDRKusingpasswordinformationforthebit-andbyte-veilingcanbeiteratedasoftenasdesiredtoprovideaDRK3,DRK4,etc.
Securitycanbelayeredtousemultipleauthenticationsteps,wheredifferentpasswordinformationformsareemployed.
Forexample,ausercouldemploybothasimplepasswordandusepassline.
ThepasswordwouldbeusedforDRK2,andthenpasslinewouldbeusedforDRK3,andthatexchangewouldalsodependuponDRK2.
Atthispoint,theDRKarenotusedbyAuthGuardforsecuredataencryption,andaresimplytreatedasabyproductoftheauthentication.
OtherproductsmayinthefutureusetheDRKsforsecurecontentexchange,buttheyarecurrentlyusedonlyforauthentication.
2.
3BitVU,ByteVU,andBBVUAuthernativehassecuredthreepatentsontheprocessesdescribedabove,withclaimsinthepatentsthatcovertheuseofaconversionarray,keygeneration,andbit-andbyte-veiling.
Theprocessof"Bit-Veil-Unveil(BitVU),Byte-Veil-Unveil(ByteVU),andByte-Bit-Veil-Unveil(BBVU)"mentionedabovearethesubjectofthepatents,andareintegraltotheauthenticationprocess.
TheBitVUandByteVUprocessestakeanarrayofrandomdataandeffectivelyhideorinterspersemessagedatawithinthearray.
Thearrayofrandomdatawiththeinterspersedmessagesisreferredtoasaconversionarray,andmaybefurtherencryptedbeforetransmissionwithintheAuthGuardschemesdescribed.
ThelocationsofthemessagedatawithintheconversionarrayaredeterminedbyadeterministicRNGseededwithasecretvalue.
TwopartiesthatsharethissecretvaluecanbothusethesameRNGtocomputethelocationsofthedatawithintheconversionarray.
TheprocessofByteVUinvolvesgeneratingaconversionarray,and"veiling"individualbytesofthemessagedatabysparselydistributingthemthroughtheconversionarray.
TheprocessofBitVUdoesthesame,butonabit-wisebasis.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage10of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
3AuthernativeCryptographicModule3.
1OverviewThemodulewasdevelopedandtestedonMicrosoftWindowsXP(ServicePackage2)withSunJavaRuntimeEnvironment(JRE)1.
5.
ThemodulecanrunonanyJavaVirtualMachine(JVM)regardlessofoperatingsystem(OS)andcomputerarchitecture.
TheminimumversionoftheJREsupportedbythemoduleis1.
5.
LogicallythemoduleisasingleJavaARchival(JAR),AuthCryptoApi.
jar.
Table1showstheOSandnameofthebinaryfile.
Table1–BinaryFormoftheModuleWhenOperatingSystemBinaryFileNameDevelopmentWindowsXPwithSunJRE1.
5AuthCryptoApi.
jarRuntimeAnyJVMwithJRE1.
5orlaterregardlessofOSandcomputerarchitectureAuthCryptoApi.
jarThemoduleisstoredontheharddiskandisloadedinmemorywhenaclientapplicationcallscryptographicservicesexportedbythemodule.
Asofthiswriting,theclientapplicationisAuthGuard.
However,Authernativemaydevelopmoreapplicationsmakinguseofthemoduleinthefuture.
WhenoperatingintheApprovedmodeofoperation,theAuthernativeCryptographicModuleisvalidatedatFIPS140-2sectionlevelsshowninTable1.
NotethatinTable2,EMIandEMCmeanElectromagneticInterferenceandElectromagneticCompatibility,respectively,andN/Aindicates"NotApplicable".
Table2–SecurityLevelperFIPS140-2SectionSectionSectionTitleLevel1CryptographicModuleSpecification12CryptographicModulePortsandInterfaces13Roles,Services,andAuthentication14FiniteStateModel15PhysicalSecurityN/A6OperationalEnvironment17CryptographicKeyManagement18EMI/EMC19Self-Tests110DesignAssurance111MitigationofOtherAttacksN/A3.
2ModuleInterfacesThemodule,AuthCryptoApi.
jar,providesclientapplicationswithasetofcryptographicservicesintheformofApplicationProgrammingInterface(API)calls.
Figure2showsthelogicalcryptographicboundaryforthemodule.
ThemoduleisaJARfilethatconsistsof42javaclasses.
Outofthe42classes,29areBouncyCastleclassesthatimplementunderlyingcryptographicalgorithms.
BouncyCastleisanopen-sourceJavalibraryavailableatSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage11of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
http://www.
bouncycastle.
org/.
TheBouncyCastleclassesdonothavepublicmethods.
Theother13classes,developedbyAuthernative,implementpublicmethodsofthemodule.
TheJARfilemanifest,MANIFEST.
MF,containsthesignatureoftheJAR(usedinthepower-upintegritytest).
Figure2–LogicalCryptographicBoundaryThedescriptionsoftheAuthernativeclassesaredescribedinTable3–AuthernativeClassesinAuthCryptoApi.
jar.
Acompletelistofexportedmethodsisavailableinthemodule'sAPIreferencemanual.
Table3–AuthernativeClassesinAuthCryptoApi.
jarClassDescriptionAuthApiException.
classTheclassimplementstheexceptionthrownwhenandifthereisanerrorstateintheAPI.
AuthApiStatus.
classTheclassimplementsmethodsthatreportconfigurationsandstatusoftheAPI.
AuthCryptoApi.
classThisisthecoreAPIclassandcontainsallthepublicmethods.
Thisclasssimplycollectstheinterfacesintoasingleobject.
Mostofthefunctionsofthemoduleareimplementedbytheotherclasses.
Base64.
classTheclassimplementsthebase64encodinganddecodingmethods.
ConversionArray.
classTheclassimplementsAuthernative'spatentedBitVU,ByteVU,andBBVUtechnology.
SeeSection2.
3ofthisdocumentforadescriptionofthistechnique.
CryptoFunctions.
classTheclasscontainsallthecryptographicfunctionsrealizedbythemodule.
KeyGen$KeyThread.
classTheclassisasubclassoftheKeyGenclass.
Thisclassimplementsthemechanismofgeneratinganewkeyevery60seconds.
KeyGen.
classTheclassimplementskeygenerationmethods.
LicParams.
classTheclassstoresthelicensinginformationofthemodule.
RCConst.
classTheclasscontainsallthereturncodesfortheAPIerrorsforusewiththeAuthApiExceptionclass.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage12of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
ClassDescriptionSecureRNG.
classTheclassimplementstheAmericanNationalStandardsInstitute(ANSI)X9.
31AppendixA.
2.
4RNG.
AuthCipher.
classThisisanAuthernativewrapperclasstoenhanceusabilityforalloftheBouncyCastlecipherfunctionality.
AuthDigest.
classThisisanAuthernativewrapperclasstoenhanceusabilityforalloftheBouncyCastledigestfunctionality.
Themodule'sinteractionswithsurroundingcomponents,includingCentralProcessingUnit(CPU),harddisk,memory,clientapplication,andtheOSaredemonstratedinFigure3.
Figure3–LogicalCryptographicBoundaryandInteractionswithSurroundingComponentsThemoduleisvalidatedforuseontheplatformslistedinthesecondcolumnofTable1.
Inadditiontothebinaries,thephysicaldeviceconsistsoftheintegratedcircuitsofthemotherboard,theCPU,RandomAccessMemory(RAM),Read-OnlyMemory(ROM),computercase,keyboard,mouse,videointerfaces,expansioncards,andotherhardwarecomponentsincludedinthecomputersuchasharddisk,floppydisk,CompactDiscROM(CD-ROM)drive,powersupply,andfans.
Thephysicalcryptographicboundaryofthemoduleistheopaquehardmetalandplasticenclosureoftheserverrunningthemodule.
Theblockdiagramforastandardgeneral-purposecomputerSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage13of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
(GPC)isshowninFigure4.
Notethatinthisfigure,I/OmeansInput/Output,BIOSstandsforBasicInput/OutputSystem,PCIstandsforPeripheralComponentInterconnect,ISAstandsforInstructionSetArchitecture,andIDErepresentsIntegratedDriveElectronics.
Figure4–PhysicalBlockDiagramofaStandardGPCAllofthesephysicalportsareseparatedintologicalinterfacesdefinedbyFIPS140-2,asdescribedinTable3.
Table4–Logical,Physical,andModuleInterfaceMappingLogicalInterfacePhysicalPortMappingModuleMappingDataInputKeyboard,mouse,CD-ROM,floppydisk,andserial/USB/parallel/networkportsArgumentsforAPIcallsthatcontaindatatobeusedorprocessedbythemoduleDataOutputHardDisk,floppydisk,monitor,andserial/USB/parallel/networkportsArgumentsforAPIcallsthatcontainmoduleresponsedatatobeusedorprocessedbythecallerControlInputKeyboard,CD-ROM,floppydisk,mouse,andserial/USB/parallel/networkportAPIcallsStatusOutputHarddisk,floppydisk,monitor,andserial/USB/parallel/networkportsArgumentsforAPIcalls,returnvalue,errormessageSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage14of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
3.
3RolesandServicesTheoperatorsofthemodulecanassumetworolesasrequiredbyFIPS140-2:aCryptoOfficerroleandaUserrole.
Theoperatorofthemoduleassumeseitheroftherolesbasedontheoperationsperformed.
Theoperatorisnotrequiredtoauthenticatetothemodulebeforeaccessingservices.
ThemoduleprovidesanAPIforclientapplications.
Table5–CryptoOfficerServicesshowsthepublicmethodsthatarerunbytheCryptoOfficerrole.
Themethodnameisshowninthefirstcolumn("Service").
Itsfunctionisdescribedinthesecondcolumn("Description").
EachmethodexportedbythemoduleisanindividualCryptoOfficerservice.
Userservices(seeTable6–UserServices)arealsoavailabletotheCryptoOfficerrole.
Table6–UserServicesshowsthepublicmethodsthatarerunbytheUserrole.
SimilartoTable5–CryptoOfficerServices,themethodnameisshowninthefirstcolumn("Service").
Itsfunctionisdescribedinthesecondcolumn("Description").
EachmethodexportedbythemoduleisanindividualUserservice.
UserservicesarealsoavailabletotheCryptoOfficerrole.
TheCriticalSecurityParameters(CSPs)mentionedintherightmostcolumnscorrespondtotheoneslistedinTable7–ListofCryptographicKeys,CryptographicKeyComponents,andCSPs.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage15of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
Table5–CryptoOfficerServicesServiceDescriptionInputOutputCSPandTypeofAccessInstallationToinstallthemoduleCommandStatusNoneUninstallationTouninstallthemoduleCommandStatusAllCSPs–overwriteAuthCryptoApiTheAPI'sonlyconstructor.
TheinstanceoftheAPIwillbedefinedbytheparametersthatarepassedinCryptotype,hashtype,cryptomode,keysize,paddingschemeStatusNonegetInstanceThismethodisprovidedforsingletonuseoftheAPICryptotype,hashtype,cryptomode,keysize,paddingschemeStatus,theinstanceofAutghCryptoApiNoneprintByteArrayPrintsoutabytearrayinhexadecimalnotationTextstring,bytearrayStatus,theprintoutNoneprintByteArrayPrintsoutabytearrayinhexadecimalnotationBytearrayStatus,theprintoutNonehexStrToByteArrayConvertsahexadecimalstringintoabytearrayHexadecimalstringStatus,bytearrayNonecheckLicenseChecksthelicenseLicensestringfromapplication,clientinformationStatusNonegetStatusGetsinformationandconfigurationabouttheAPINoneStatus,APIobjectinformationandconfigurationNonesetSeedSetstheseed,date/time(DT)value,andTripleDESkeytorandomnumbers(generatedbythenon-ApprovedRNG)fortheANSIX9.
31RNGNoneStatusANSIX9.
31RNGseedforkeygenerationmethods–write,overwriteANSIX9.
31RNGDTvalueforkeygenerationmethods–write,overwriteANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–write,overwritesetSeedSetstheTripleDESkeytospecifiedvaluesfortheANSIX9.
31RNGTripleDESkeyStatusANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–write,overwriteSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage16of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
ServiceDescriptionInputOutputCSPandTypeofAccesssetSeedSetstheseed,DTvalue,andTripleDESkeytospecifiedvaluesfortheANSIX9.
31RNGSeed,TripleDESkey,DTvalueStatusANSIX9.
31RNGseedforkeygenerationmethods–write,overwriteANSIX9.
31RNGDTvalueforkeygenerationmethods–write,overwriteANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–write,overwritenextIntGeneratesarandomnumberNoneStatus,randomnumberANSIX9.
31RNGseedforkeygenerationmethods–readANSIX9.
31RNGDTvalueforkeygenerationmethods–readANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–readnextIntGeneratesarandomnumberbetweenzeroandthespecifiedintegerAninteger(rangeoftherandomnumber)Status,randomnumberANSIX9.
31RNGseedforkeygenerationmethods–readANSIX9.
31RNGDTvalueforkeygenerationmethods–readANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–readnextBytesGeneratesarandomnumberarrayPointertoabytearrayStatus,randomnumberarrayANSIX9.
31RNGseedforkeygenerationmethods–readANSIX9.
31RNGDTvalueforkeygenerationmethods–readANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–readzeroizeZeroizesCSPsNoneStatusAllCSPsinHashMapandfilesystem–overwriteTable6–UserServicesServiceDescriptionInputOutputCSPandTypeofAccesssetNumberOfKeysSetsthemaximumnumberofkeysthatthekeygeneratorwillcreatebeforerestartingatzeroNumberofkeysStatusNonesetPersistenceSetsthewaythekeyswillbesavedforthekeygeneratorMode(saveinkeysinfilesystemormemory)StatusNonesetPathSetsthelocationthatthekeyswillbesavedtothefilesystemPathofthefilesystemStatusNoneSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage17of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
ServiceDescriptionInputOutputCSPandTypeofAccessgetSecretKeyCreatesandreturnsaJavasecretkey(javax.
crypto.
SecretKey)NoneStatus,asecretkey(javax.
crypto.
SecretKey)AESkeyorTripleDESkeyforcalleruse–write,readgetRawKeyCreatesandreturnsaJavasecretkey(bytearray)NoneStatus,asecretkey(bytearray)AESkeyorTripleDESkeyforcalleruse–write,readstartKeyGenStartsathreadthatwillperformkeygenerationandsavethekeys.
Keyswillbegeneratedevery60secondsNoneStatusTripleDESkeyforveilingandunveilingmethods–writestopKeyGenStopsthekeygenerationNoneStatusTripleDESkeyforveilingandunveilingmethods–overwritegetSecretKeyFromReposGetsakey(javax.
crypto.
SecretKey)fromtherepositorythatiscreatedbythestartKeyGenmethodcallIndextotherepositoryStatus,asecretkey(javax.
crypto.
SecretKey)TripleDESkeyforveilingandunveilingmethods–readgetRawKeyFromReposGetsakey(bytearray)fromtherepositorythatiscreatedbythestartKeyGenmethodcallIndextotherepositoryStatus,asecretkey(bytearray)TripleDESkeyforveilingandunveilingmethods–readsetSecretKeySetsthesecretkey(bytearray)tobeusedincryptooperationsSecretkeyStatusAESkeyorTripleDESkeyforencryptionanddecryptionmethods–write,overwritesetSecretKeySetsthesecretkey(javax.
crypto.
SecretKey)tobeusedincryptooperationsSecretkeyStatusAESkeyorTripleDESkeyforencryptionanddecryptionmethods–write,overwritesetIVSetstheinitializationvectorifcryptousesCBCmodeInitializationvectorStatusNoneupdateHashUpdatesthecurrentmessageforhashingBytearrayaddedtothemessageStatusNonehashValuePerformsthefinalhashingformessageBytearrayaddedtothemessagebeforethefinalhashingisdoneStatus,hashvalueNoneupdateEncryptedUpdatesthecurrentplaintextforencryptionBytearrayaddedtotheplaintexttobeencryptedStatusNoneSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage18of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
ServiceDescriptionInputOutputCSPandTypeofAccessencryptValuePerformsthefinalencryptionfortheplaintextBytearrayaddedtotheplaintextbeforethefinalencryptionisdoneStatus,ciphertextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readdecryptValueDecryptsciphertextPlaintextStatus,plaintextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readencryptValueEncryptsplaintextwithspecifiedsecretkey(javax.
crypto.
SecretKey)Plaintext,secretkey(javax.
crypto.
SecretKey)Status,ciphertextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readdecryptValueDecryptsciphertextwithspecifiedsecretkey(javax.
crypto.
SecretKey)Ciphertext,secretkey(javax.
crypto.
SecretKey)Status,plaintextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readencryptValueEncryptsplaintextwithspecifiedsecretkey(bytearray)Plaintext,secretkey(bytearray)Status,ciphertextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readdecryptValueDecryptsciphertextwithspecifiedsecretkey(bytearray)Ciphertext,secretkey(bytearray)Status,plaintextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readencodePerformsBase64encodingonbytesBytestobeencodedEncodedbytesNoneencodePerformsBase64encodingonstringsStringstobeencodedEncodedstringNonedecodePerformsBase64decodingonbytesBytestobedecodedDecodedbytesNonedecodePerformsBase64decodingonstringsStringstobedecodedDecodedstringNoneveilDataHidesbits,bytes,orbitsandbytesinalargerarrayMode(bit,byte,orbitandbyte),bytearraytobehidden,TripleDESkeyfortheANSIX9.
31RNGConversionarraywithhiddenbytearrayTripleDESkeyforveilingandunveilingmethods–write,readunveilDataExtractsthedatafromconversionarrayMode(bit,byte,orbitandbyte),conversionarray,TripleDESkeyfortheANSIX9.
31RNGOriginalbytearrayTripleDESkeyforveilingandunveilingmethods–write,readSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage19of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
3.
4PhysicalSecurityTheAuthernativeCryptographicModuleisamulti-chipstandalonemodule.
Thephysicalsecurityrequirementsdonotapplytothismodule,sinceitispurelyasoftwaremoduleanddoesnotimplementanyphysicalsecuritymechanisms.
3.
5OperationalEnvironmentThemodulewastestedandvalidatedongeneral-purposeMicrosoftWindowsXPwithServicePackage2withSunJRE1.
5.
ThemodulecanrunonanyJVMregardlessofOSandcomputerarchitecture.
TheminimumversionoftheJREsupportedbythemoduleis1.
5.
ThemodulemustbeconfiguredinsingleusermodeaspertheinstructionsprovidedinSection4.
1ofthisdocument.
RecommendedconfigurationchangesforthesupportedOScanalsobefoundinSection4.
1.
3.
6CryptographicKeyManagementThemoduleimplementsthefollowingFIPS-approvedalgorithmsintheApprovedmodeofoperation.
SHA-1,SHA-256,SHA-384,SHA-512(certificate#725).
SHAmeansSecureHashAlgorithm.
HMAC-SHA-1(certificate#375).
HMACmeansKeyed-HashMessageAuthenticationCode.
TripleDES:112and168bits,inECBandCBCmodes(certificate#629).
ECBandCBCmeanElectronicCodebookandCipherBlockChaining,respectively.
AES:128,192,and256bits,inECBandCBCmodes(certificate#697)ANSIX9.
31AppendixA.
2.
4RNGwith2-keyTripleDES(certificate#408)IntheApprovedmodeofoperation,themoduleusesanon-ApprovedRNGtoseedtheANSIX9.
31RNG.
Thisnon-ApprovedRNGistheSecureRandomclassprovidedbytheJREandisnotimplementedbythemoduleitself.
Thenon-ApprovedRNGisoutsidethecryptographicboundaryofthemoduleandisusedbythemoduleonlyforseedingtheANSIX9.
31RNG.
Inthenon-Approvedmodeofoperation,themodulesupportsMD5.
ThemodulesupportsthefollowingCSPsintheApprovedmodeofoperation:Table7–ListofCryptographicKeys,CryptographicKeyComponents,andCSPsKeyKeyTypeGeneration/InputOutputStorageZeroizationUseTripleDESkeyforcalleruseTripleDESsymmetrickeysGeneratedbyANSIX9.
31RNGInplaintext1.
Plaintextinvolatilememory;2.
PlaintextinfilesystemZeroizedwhenthezeroizemethodiscalledUseisatthediscretionofthecallerAESkeyforcalleruseAESsymmetrickeyGeneratedbyANSIX9.
31RNGInplaintext1.
Plaintextinvolatilememory;2.
PlaintextinfilesystemZeroizedwhenthezeroizemethodiscalledUseisatthediscretionofthecallerTripleDESkeyforencryptionanddecryptionmethodsTripleDESsymmetrickeysInputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedafterencryptionordecryptionisdoneEncryptplaintextordecryptciphertextAESkeyforencryptionanddecryptionmethodsAESsymmetrickeyInputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedafterencryptionordecryptionisdoneEncryptplaintextordecryptciphertextSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage20of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
KeyKeyTypeGeneration/InputOutputStorageZeroizationUseTripleDESkeyforveilingandunveilingmethodsTripleDESsymmetrickeysInputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedafterveilingorunveilingisdoneVeilorunveildataANSIX9.
31RNGDTvalueforkeygenerationmethodsDate/timevariable1.
Generatedinternallybyretrievingsystemdate/timevalue2.
InputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedwhennewDTvalueisgeneratedGeneratekeysANSIX9.
31RNGTripleDESkeyforkeygenerationmethodsTripleDESsymmetrickeys1.
Generatedusingthenon-ApprovedRNG2.
InputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedwhennewTripleDESkeyisgeneratedGeneratekeysANSIX9.
31RNGseedforkeygenerationmethodsSeed1.
Generatedusingthenon-ApprovedRNG2.
InputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedwhennewseedisgeneratedGeneratekeysSoftwareintegritytestkey512-bitHMAC-SHA-1keyHardcodedNeverPlaintextinnonvolatilememoryZeroizedwhenthemoduleisuninstalledUsedinsoftwareintegritytest3.
6.
1KeyGenerationThemoduleusesanANSIX9.
31RNGwith2-keyTripleDEStogeneratecryptographickeys.
ThisRNGisaFIPS-ApprovedRNGasspecifiedinAnnexCtoFIPS140-2.
3.
6.
2KeyInput/OutputSymmetrickeysareinputtoandoutputfromthemoduleinplaintext.
Themoduledoesnotuseasymmetric-keycryptography.
3.
6.
3KeyStorageandProtectionKeysandotherCSPsarestoredinvolatilememoryorfilesysteminplaintext.
Allkeydataresidesininternallyallocateddatastructuresandcanonlybeoutputusingthemodule'sdefinedAPI.
TheOSandJREprotectmemoryandprocessspacefromunauthorizedaccess.
3.
6.
4KeyZeroizationGenerallyspeaking,CSPsresidesininternaldatastructuresthatarecleanedupbyJVM'sgarbagecollector.
Javahandlesmemoryinunpredictablewaysthataretransparenttotheuser.
TheCryptoOfficermaymanuallyinvokethezeroizationofkeysstoredinHashMapandfilesystembycallingthezeroizemethod.
3.
7EMI/EMCAlthoughthemoduleconsistsentirelyofsoftware,theFIPS140-2platformisaserverthathasbeentestedforandmeetsapplicableFederalCommunicationsCommission(FCC)EMIandEMCrequirementsforbusinessuseasdefinedinSubpartBofFCCPart15.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage21of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
3.
8Self-TestsThepower-upself-testsaretriggeredbyinstantiationofanobjectoftheAuthCryptoApiclass.
TheAuthernativeCryptographicModuleperformsthefollowingpower-upself-tests:SoftwareintegritytestusingHMAC-SHA-1KnownAnswerTest(KAT)on2-keyTripleDESinECBmodeKATon128-bitAESinECBmodeKATsonSHA-1,SHA-256,SHA-384,andSHA-512KATonANSIX9.
31RNGThemoduleimplementsthefollowingconditionalself-tests.
ContinuoustestfortheANSIX9.
31RNGContinuoustestforthenon-ApprovedRNGIftheself-testsfail,anexceptionwillbethrownonthefailure.
Theapplicationisthenalertedthattheself-testsfailed,andthemodulewillnotloadandwillenteranerrorstate.
Whenintheerrorstate,executionofthemoduleishaltedanddataoutputfromthemoduleisinhibited.
3.
9MitigationofOtherAttacksThissectionisnotapplicable.
NoclaimismadethatthemodulemitigatesagainstanyattacksbeyondtheFIPS140-2level1requirementsforthisvalidation.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage22of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
4SecureOperationTheAuthernativeCryptographicModulemeetsLevel1requirementsforFIPS140-2.
ThesubsectionsbelowdescribehowtoplaceandkeepthemoduleintheApprovedmodeofoperation.
4.
1OperatingSystemConfigurationTheuserofthemoduleisasoftwareapplication.
FIPS140-2mandatesthatacryptographicmodulebelimitedtoasingleuseratatime.
AsingleinstantiationoftheAuthernativeCryptographicModuleshallonlybeaccessedbyoneclientapplication,whichistheUserofthisinstantiationoftheAuthernativeCryptographicModule.
Forenhancedsecurity,itisrecommendedthattheCryptoOfficerconfiguretheOStodisallowremotelogin.
ToconfigureWindowsXPtodisallowremotelogin,theCryptoOfficershouldensurethatallremoteguestaccountsaredisabledinordertoensurethatonlyonehumanoperatorcanlogintoWindowsXPatatime.
TheservicesthatneedtobeturnedoffforWindowsXPareFast-userswitching(irrelevantifserverisadomainmember)TerminalservicesRemoteregistryserviceSecondarylogonserviceTelnetserviceRemotedesktopandremoteassistanceserviceOnceWindowsXPhasbeenconfiguredtodisableremotelogin,theCryptoOfficercanusethesystem"Administrator"accounttoinstallsoftware,uninstallsoftware,andadministerthemodule.
ACMVPpublicdocument,FrequentlyAskedQuestionsfortheCryptographicModuleValidationProgram1,givesinstructionsinSection5.
3forconfiguringvariousUnix-basedoperatingsystemsforsingleusermode.
4.
2ApprovedModeConfigurationTheAuthernativeCryptographicModuleitselfisnotanend-userproduct.
Itisprovidedtotheend-usersaspartoftheapplication(e.
g.
,AuthGuard).
Themoduleisinstalledduringinstallationoftheapplication.
Theinstallationprocedureisdescribedintheinstallationmanualfortheapplication.
Inordertoaccessfunctionsofthemodule,theapplicationhastoexecutetheconstructorofclassAuthCryptoApibyinstantiatinganobjectofclassAuthCryptoApi.
TheconstructorofclassAuthCryptoApiis:publicAuthSecurityApi(intcrpytoType,inthashType,intcodeBook,intkeySize,intpadding)IfthevaluepassedintotheargumentinthashTypeisSHA(integervalue1,2,3,or4),thenthemoduleisoperatingintheApprovedmodeofoperation.
IfthevaluepassedintotheargumentinthashTypeisMD5(integervalue0),thenthemoduleisoperatinginthenon-Approvedmodeofoperation.
TheconstructorofclassAuthCryptoApiperformsallrequiredpower-upself-tests.
Ifallpower-upself-testsarepassed,thenaninternalflagwillbesettotrue.
Allotherpublicmethodsofthemodulecheckthisinternalflagandensureitistruebeforeperforminganyotherfunctions.
1Availableathttp://csrc.
nist.
gov/groups/STM/cmvp/documents/CMVPFAQ.
pdf.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage23of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
NoticethattheApprovedmodeconfigurationdescribedaboveistransparenttoanoperator.
Theconfigurationisperformedbytheclientapplication.
4.
3CSPZeroizationTheCryptoOfficershouldzeroizeCSPswhentheyarenolongerneeded.
SeeSection3.
6.
4ofthisdocumentfordetailsonCSPzeroization.
4.
4StatusMonitoringThemodule'scryptographicfunctionalityandsecurityservicesareprovidedviatheapplication.
Themoduleisnotmeanttobeusedwithoutanassociatedapplication.
End-userinstructionsandguidanceareprovidedintheusermanualandtechnicalsupportdocumentsoftheapplicationsoftware.
Althoughend-usersdonothaveprivilegestomodifyconfigurationsofthemodule,theyshouldmakesurethattheApprovedmodeofoperationisenforcedintheapplication,therebyensuringthatthepropercryptographicprotectionisprovided.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage24of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
5AcronymsTable8–AcronymsAcronymDefinitionAESAdvancedEncryptionStandardANSIAmericanNationalStandardsInstituteAPIApplicationProgrammingInterfaceBBVUByte-Bit-Veil-UnveilBIOSBasicInput/OutputSystemBitVUBit-Veil-UnveilByteVUByte-Veil-UnveilCBCCipherBlockChainingCD-ROMCompactDiscRead-OnlyMemoryCMVPCryptographicModuleValidationProgramCPUCentralProcessingUnitCSPCriticalSecurityParameterDESDataEncryptionStandardDRKDataRandomKeyDTDate/TimeECBElectronicCodebookEMCElectromagneticCompatibilityEMIElectromagneticInterferenceFCCFederalCommunicationsCommissionFIPSFederalInformationProcessingStandardGPCGeneral-PurposeComputerGUIGraphicalUserInterfaceHDDHardDriveHMACKeyed-HashMessageAuthenticationCodeIDEIntegratedDriveElectronicsIEEEInstituteofElectricalandElectronicsEngineersI/OInput/OutputIRInfraredISAInstructionSetArchitectureJARJavaARchivalJREJavaRuntimeEnvironmentJVMJavaVirtualMachineKATKnownAnswerTestSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage25of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
AcronymDefinitionMACMessageAuthenticationCodeN/ANotApplicableOSOperatingSystemPCIPeripheralComponentInterconnectRAMRandomAccessMemoryRNGRandomNumberGeneratorROMReadOnlyMemorySHASecureHashAlgorithmSRKSessionRandomKeyUARTUniversalAsynchronousReceiver/TransmitterUSBUniversalSerialBus
- settingsecondarylogon相关文档
- additionalsecondarylogon
- Logoffstatusmessagessecondarylogon
- POSIXsecondarylogon
- Levelsecondarylogon
- secondarylogon魔兽世界下载器不动Secondary Logon 在哪?
- secondarylogonSecondary Logon 等等是什么意思?
新加坡云服务器 1核2Gg 46元/月 香港云服务器 1核2G 74元/月 LightNode
LightNode是一家成立于2002年,总部位于香港的VPS服务商。提供基于KVM虚拟化技术.支持CentOS、Ubuntu或者Windows等操作系统。公司名:厦门靠谱云股份有限公司官方网站:https://www.lightnode.com拥有高质量香港CN2 GIA与东南亚节点(河内、曼谷、迪拜等)。最低月付7.71美金,按时付费,可随时取消。灵活满足开发建站、游戏应用、外贸电商等需求。首...
Krypt($120/年),2vCPU/2GB/60GB SSD/3TB
Krypt这两天发布了ION平台9月份优惠信息,提供一款特选套餐年付120美元(原价$162/年),开设在洛杉矶或者圣何塞机房,支持Windows或者Linux操作系统。ion.kryptcloud.com是Krypt机房上线的云主机平台,主要提供基于KVM架构云主机产品,相对于KT主站云服务器要便宜很多,产品可选洛杉矶、圣何塞或者新加坡等地机房。洛杉矶机房CPU:2 cores内存:2GB硬盘:...
RackNerd:美国便宜VPS,洛杉矶DC-02/纽约/芝加哥机房,4TB月流量套餐16.55美元/年
racknerd怎么样?racknerd美国便宜vps又开启促销模式了,机房优秀,有洛杉矶DC-02、纽约、芝加哥机房可选,最低配置4TB月流量套餐16.55美元/年,此外商家之前推出的最便宜的9.49美元/年套餐也补货上架,同时RackNerd美国AMD VPS套餐最低才14.18美元/年,是全网最便宜的AMD VPS套餐!RackNerd主要经营美国圣何塞、洛杉矶、达拉斯、芝加哥、亚特兰大、新...
secondarylogon为你推荐
-
微信对骂群工作微信群里骂人是什么行为?刷网站权重如何刷流量才能提高网站权重照片转手绘有没有一种软件是可以把一张照片变成手绘的图片,给推荐下奇虎论坛360有论坛中心?创维云电视功能创维健康云电视有什么功能?ejb开发什么是EJB?电子商务网站模板网页制作模板宽带接入服务器什么是宽带接入系统?怎样绕过宽带接入系统上网购买流量手机买流量怎么买呀南北互通上海南北高架和中环互通吗?