settingsecondarylogon
secondarylogon 时间:2021-02-26 阅读:()
2008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
Authernative,Inc.
AuthernativeCryptographicModuleSoftwareVersion:1.
0.
0FIPS140-2SecurityPolicyLevel1ValidationDocumentVersion1.
1Preparedfor:Preparedby:Authernative,Inc.
CorsecSecurity,Inc.
201RedwoodShoresParkway,Suite275RedwoodCity,CA9406510340DemocracyLane,Suite201Fairfax,VA22030Phone:(650)587-5263Phone:(703)267-6050Fax:(650)587-5259Fax:(703)267-6810http://www.
authernative.
comhttp://www.
corsec.
comSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage2of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
RevisionHistoryVersionModificationDateModifiedByDescriptionofChanges0.
12007-09-21XiaoyuRuanInitialdraft0.
22008-01-10XiaoyuRuanAddedECBBlockCipher.
class;removedDESEngine.
class0.
32008-01-23XiaoyuRuanAddedzeroizemethod;PutCAVPnumbers0.
42008-01-25XiaoyuRuanAddressedLabcomments0.
52008-02-05XiaoyuRuanAddressedLabcomments1.
02008-05-01XiaoyuRuanAddressCMVPcomments1.
12008-05-09XiaoyuRuanAddressCMVPcommentsSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage3of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
TableofContents1INTRODUCTION61.
1PURPOSE.
61.
2REFERENCES.
61.
3DOCUMENTORGANIZATION62AUTHGUARDANDPASSENABLER.
72.
1OVERVIEW.
72.
2CLIENT-SERVERENCRYPTIONANDAUTHENTICATION.
82.
3BITVU,BYTEVU,ANDBBVU.
93AUTHERNATIVECRYPTOGRAPHICMODULE103.
1OVERVIEW.
103.
2MODULEINTERFACES.
103.
3ROLESANDSERVICES.
143.
4PHYSICALSECURITY193.
5OPERATIONALENVIRONMENT.
193.
6CRYPTOGRAPHICKEYMANAGEMENT.
193.
6.
1KeyGeneration.
203.
6.
2KeyInput/Output203.
6.
3KeyStorageandProtection.
203.
6.
4KeyZeroization.
203.
7EMI/EMC203.
8SELF-TESTS213.
9MITIGATIONOFOTHERATTACKS.
214SECUREOPERATION.
224.
1OPERATINGSYSTEMCONFIGURATION224.
2APPROVEDMODECONFIGURATION224.
3CSPZEROIZATION.
234.
4STATUSMONITORING.
235ACRONYMS.
24SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage4of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
TableofFiguresFIGURE1–COMPONENTSOFTHEAUTHGUARDPRODUCT.
8FIGURE2–LOGICALCRYPTOGRAPHICBOUNDARY11FIGURE3–LOGICALCRYPTOGRAPHICBOUNDARYANDINTERACTIONSWITHSURROUNDINGCOMPONENTS12FIGURE4–PHYSICALBLOCKDIAGRAMOFASTANDARDGPC13SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage5of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
TableofTablesTABLE1–BINARYFORMOFTHEMODULE10TABLE2–SECURITYLEVELPERFIPS140-2SECTION.
10TABLE3–AUTHERNATIVECLASSESINAUTHCRYPTOAPI.
JAR.
11TABLE4–LOGICAL,PHYSICAL,ANDMODULEINTERFACEMAPPING.
13TABLE5–CRYPTOOFFICERSERVICES15TABLE6–USERSERVICES.
16TABLE7–LISTOFCRYPTOGRAPHICKEYS,CRYPTOGRAPHICKEYCOMPONENTS,ANDCSPS.
19TABLE8–ACRONYMS24SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage6of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
1Introduction1.
1PurposeThisdocumentisanon-proprietaryCryptographicModuleSecurityPolicyfortheAuthernativeCryptographicModulefromAuthernative,Inc.
ThisSecurityPolicydescribeshowtheAuthernativeCryptographicModulemeetsthesecurityrequirementsofFIPS140-2andhowtorunthemoduleinasecureFIPS140-2modeofoperation.
ThispolicywaspreparedaspartoftheLevel1FIPS140-2validationoftheAuthernativeCryptographicModule.
FIPS140-2(FederalInformationProcessingStandardsPublication140-2–SecurityRequirementsforCryptographicModules)detailstheU.
S.
andCanadiangovernmentrequirementsforcryptographicmodules.
MoreinformationabouttheFIPS140-2standardandvalidationprogramisavailableontheNationalInstituteofStandardsandTechnology(NIST)CryptographicModuleValidationProgram(CMVP)websiteat:http://csrc.
nist.
gov/groups/STM/index.
html.
Inthisdocument,theAuthernativeCryptographicModuleisreferredtoas"themodule".
TheapplicationrepresentsAuthernative'ssoftwareproducts,suchasAuthGuard,linkedwiththecryptographicmethodsprovidedbytheAuthernativeCryptographicModule.
1.
2ReferencesThisdocumentdealsonlywiththeoperationsandcapabilitiesofthemoduleinthetechnicaltermsofaFIPS140-2cryptographicmodulesecuritypolicy.
Moreinformationisavailableonthemodulefromthefollowingsources:TheAuthernativewebsite(http://www.
authernative.
com/)containsinformationonthefulllineofproductsfromAuthernative.
TheCMVPwebsite(http://csrc.
nist.
gov/groups/STM/index.
html)containscontactinformationforanswerstotechnicalorsales-relatedquestionsforthemodule.
1.
3DocumentOrganizationTheSecurityPolicydocumentisonedocumentinaFIPS140-2submissionpackage.
Inadditiontothisdocument,theSubmissionPackagecontains:VendorEvidenceFiniteStateMachineOthersupportingdocumentationasadditionalreferencesThisSecurityPolicyandtheothervalidationsubmissiondocumentationhavebeenproducedbyCorsecSecurity,Inc.
undercontracttoAuthernative.
WiththeexceptionofthisNon-ProprietarySecurityPolicy,theFIPS140-2ValidationDocumentationisproprietarytoAuthernativeandisreleasableonlyunderappropriatenon-disclosureagreements.
Foraccesstothesedocuments,pleasecontactAuthernative.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage7of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
2AuthGuardandPassEnablerAuthernative,Inc.
isasoftwarecompanythatdevelops,markets,andsellsenterpriseandconsumerlevelsecuritysolutions.
Authernative'sgrantedandpendingU.
S.
andInternationalpatentsintheareaofprivateandsecurefinancialtransactions,authenticationalgorithms,protocols,andencryptionschemesarethefoundationforthecompanytechnologyandcommercialproductofferings.
Authernativeprovidesintegratedsecuritysolutionsforidentitymanagement,strongauthenticationtoaccessnetworkresources,andefficientauthorization,administrationandauditingcontrol.
Authernativeapproachessecurityasacomplexsystemhavingscientific,technological,engineering,marketing,andsocialcomponents.
Thecompanybelievesthatonlyaharmonizedmixtureofthesecomponentsimplementedinsecurityproductsandbackedwithexcellentservicescanbringlong-lastingsuccessandcustomersatisfaction.
Authernativecurrentlysellstwoseparateandcomplementaryproducts:AuthGuardandPassEnabler.
BothAuthGuardandPassEnablerareapplicationsthatusetheAuthernativeCryptographicModule.
However,AuthGuardandPassEnablerarenotbeingvalidatedforFIPScompliancebecausealltheirsecurity-relevantfunctionsareprovidedbytheAuthernativeCryptographicModule.
2.
1OverviewAuthGuardisanauthenticationproduct.
Itprovidesanauthenticationserverthatsupportsandmanagesmultipleauthenticationoptions.
ThoseoptionsallowAuthGuardtooffermultifactorauthentication,strongauthentication,orlayeredauthenticationservices.
PassEnablerallowsadministratorstodefinewhatresourcesauthorizedusershaveaccesstoandprovidesasecureauthorization,administration,auditing,andwebsingle-sign-onengine.
PassEnablerisintegratedwithAuthGuard.
PassEnablerenablescorporateidentityandaccessmanagementusingtheauthenticationcapabilitiesofAuthGuard.
AuthGuardandPassEnablercanbeusedeitherseparatelyortogetherascomplementarytoolswithinatoolsuite.
TheAuthGuardproductisimplementedusingfivecomponents(asdepictedinFigure1):AuthGuardServerAdministrativeUtilityConfigurationUtilityLicensingAuthGuardClientThecentralcomponentistheAuthGuardServer,whichprovidesauthenticationservicesinanetworkedenvironment.
UsersattemptingtoaccessvarioussystemsareredirectedtotheAuthGuardServer.
ThisprovidesthemwithaGraphicalUserInterface(GUI)toperformauthentication.
TheGUIisprovidedbydownloadingtheAuthGuardClienttoabrowser.
TheAuthGuardClientGUIchangesdependingonwhatformsofauthenticationarebeingperformed,andcommunicateswiththeAuthGuardServer.
AuthernativehasdevelopedtwoutilitiestomanagetheAuthGuardproduct.
ThefirstutilityistheAdministrativeUtility,whichprovidesanadministrativeconsoleformanagementoftheAuthGuardServer.
TheAdministrativeUtilityprovidesaGUItotweakroughlyfiftyoptionsandfeaturesoftheconfigurationoftheAuthGuardServer,settingtheuserpermissionsandauthentication.
AnadministratorusestheAdministrativeUtilitytoinitiallyconfigurethesystem.
ThesecondutilityistheConfigurationUtility,whichisadesktopconfigurationtoolthatgivestheadministratortheabilitytoperformuseraccountprovisioning,manageroles,createusers,andperformauditing.
TheConfigurationUtilityalsoallowsauditingtobeperformedonusersandadministratoractivitiesonthenetworkfromdataintheAuthGuardServer'slogs.
TheproductallowsausertoviewnetworkresourcesandtodefineresourcesthatareplacedunderAuthGuard'sauthenticationcontrol.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage8of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
Figure1–ComponentsoftheAuthGuardProduct2.
2Client-ServerEncryptionandAuthenticationCommunicationsbetweentheAuthGuardServerandtheAuthGuardClientareencryptedusingtheAdvancedEncryptionStandard(AES)algorithm.
TheAuthGuardServerisimplementedasaJavaservletwithinanApacheTomcatcontainer,andcontainsallrequiredsecurityfunctionality.
TheAuthGuardClientisdistributedasaJavaappletbytheAuthGuardServer.
Theappletisloadedintoauser'sbrowser.
TheClientthenprovidesthecompleteuserGUIandperformstheencryptionoperationsenablingsecurecommunicationswiththeAuthGuardServer.
Furthermore,theappletprovidesinterfacesappropriatetotheadministrator-selectedauthenticationmethodsandguidestheuserthroughauthenticationtotheAuthGuardServerandaccesstoresources.
NetworkusersencountertheAuthGuardServerwhentheybringupabrowserandrequestaccesstoanauthenticatedresource.
TheserequestsareredirectedbytheresourcetotheAuthGuardServeriftherequesthasnotyetbeenauthenticated.
Optionally,userscanpointdirectlytoanAuthGuardServertobeginauthenticationsteps.
Oncecontacted,theAuthGuardServersendsbacktheClientapplettotheuseralongwithaSessionRandomKey(SRK),whichcanbeeitheranAESoratripleDataEncryptionStandard(DES)key.
TheSRKsareusedtoinitializesecuresessions,andarecreatedbytheAuthGuardServer.
WhentheservletfortheAuthGuardServerisinitialized,itstartsgeneratinganewstoreofSRKsdestinedforfutureuse.
TheSRKsareplacedinanarraythatisconstantlyupdatedbytheServer,andSRKscreatedbytheServerareassignedalifetime.
AfteranSRKhasexpired,itwillnotbeusedtosecureanewconnection.
EachSRKisassociatedwithanarrayofDataRandomKeys(DRKs),whichiscreatedforaparticularsession.
ThearrayofDRKsiserasediftheSRKiserased.
TheServercanbeconfiguredtocreateaspecificnumberofSRKs,andwillthenupdatethemperiodically.
Foranindividualsession,asingleunusedSRKisselected,andthensenttotheclientintheclearencodedasanarrayofbytesinaJavaclass.
TheSRKisthenusedbytheClienttoinitiatethesessionbetweentheClientandtheServer.
TheClientfirstobtainsausernamefromtheGUI,andsendsthistotheserverencryptedwiththeSRK.
TheServerreceivesthisanddecryptstheusername.
AftertheexchangeofausernameandSRK,theServerselectsaDRKfromthearrayassociatedwiththeSRK,andsendsittotheClientencryptedwiththeSRK.
Theencryptedbitsareadditionallybyte-veiled,orbit-veiledasdescribedinthenextsubsection.
Atthispoint,theClientretrievestheDRK,anddisplaysaGUItotheusertocollectpasswordinformation.
Meanwhile,theClienthashestheDRK,encryptsthehashwiththeDRK,andsendstheresultbacktotheServertoindicatethattheDRKwassuccessfullyreceivedanddecrypted.
TheServerchecksthatthisiscorrectbycomputingthesamevalue.
Atthispoint,theServerandClienthaveexchangedanSRK,DRK,andusernamebuthavenotauthenticatedeitherside,orexchangedakeynotsubjecttoman-in-the-middleattacks.
Now,theServerselectsasecondDRK(DRK2)fromtheDRKarray.
Theserverthenretrievestheuser'spasswordinformationfromitsdatabase.
TheServerthenencryptsDRK2withDRKandbit-veils,byte-veils,orbothintoaconversionarrayusingvaluesfromaRandomNumberGenerator(RNG)seededwiththeuser'spasswordinformation.
ThisistransmittedtotheClientwhocanthenusethesamepasswordinformationtoreconstructDRK2.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage9of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
TheClientthenhashesDRK2,hidesitinaconversionarrayusingthepasswordinformation,encryptstheconversionarraywithDRK2,andsendsitbacktotheservertoindicatehehasDRK2.
ThisstepperformsClientauthenticationbasedonpossessionoftheuser'spasswordinformation,andsharesDRK2withbothsides.
ThesamestepisthenperformedbytheServertoauthenticatetheServertotheClientusingDRK2andtheServerpassword.
TheServersendsahashofDRK2inaconversionarrayusingtheServerpasswordtoseedtheRNGforbit-orbyte-veiling,andencryptingthearraywithDRK2.
TheClientalreadyhastheServerpasswordandusesittoauthenticatetheServer.
Atthispointclienthaveperformedmutualauthentication,andshareasessionencryptionkey.
Userpasswordinformationcanbeasimplepassword,orcanuseAuthernative'spassline(achosenpatterninagrid),pass-step(anout-of-bandchallengesenttoemailorphonetobeentered),crossline(achallengeembeddedinagrid),orpassfield(image,colors,andagrid).
Eachoftheseprocessesallowstheusertoselectsecretpasswordinformation,allorpartofwhichcanbeprovidedinresponsetochallenges.
TheauthenticationstepofexchangingaDRKusingpasswordinformationforthebit-andbyte-veilingcanbeiteratedasoftenasdesiredtoprovideaDRK3,DRK4,etc.
Securitycanbelayeredtousemultipleauthenticationsteps,wheredifferentpasswordinformationformsareemployed.
Forexample,ausercouldemploybothasimplepasswordandusepassline.
ThepasswordwouldbeusedforDRK2,andthenpasslinewouldbeusedforDRK3,andthatexchangewouldalsodependuponDRK2.
Atthispoint,theDRKarenotusedbyAuthGuardforsecuredataencryption,andaresimplytreatedasabyproductoftheauthentication.
OtherproductsmayinthefutureusetheDRKsforsecurecontentexchange,buttheyarecurrentlyusedonlyforauthentication.
2.
3BitVU,ByteVU,andBBVUAuthernativehassecuredthreepatentsontheprocessesdescribedabove,withclaimsinthepatentsthatcovertheuseofaconversionarray,keygeneration,andbit-andbyte-veiling.
Theprocessof"Bit-Veil-Unveil(BitVU),Byte-Veil-Unveil(ByteVU),andByte-Bit-Veil-Unveil(BBVU)"mentionedabovearethesubjectofthepatents,andareintegraltotheauthenticationprocess.
TheBitVUandByteVUprocessestakeanarrayofrandomdataandeffectivelyhideorinterspersemessagedatawithinthearray.
Thearrayofrandomdatawiththeinterspersedmessagesisreferredtoasaconversionarray,andmaybefurtherencryptedbeforetransmissionwithintheAuthGuardschemesdescribed.
ThelocationsofthemessagedatawithintheconversionarrayaredeterminedbyadeterministicRNGseededwithasecretvalue.
TwopartiesthatsharethissecretvaluecanbothusethesameRNGtocomputethelocationsofthedatawithintheconversionarray.
TheprocessofByteVUinvolvesgeneratingaconversionarray,and"veiling"individualbytesofthemessagedatabysparselydistributingthemthroughtheconversionarray.
TheprocessofBitVUdoesthesame,butonabit-wisebasis.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage10of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
3AuthernativeCryptographicModule3.
1OverviewThemodulewasdevelopedandtestedonMicrosoftWindowsXP(ServicePackage2)withSunJavaRuntimeEnvironment(JRE)1.
5.
ThemodulecanrunonanyJavaVirtualMachine(JVM)regardlessofoperatingsystem(OS)andcomputerarchitecture.
TheminimumversionoftheJREsupportedbythemoduleis1.
5.
LogicallythemoduleisasingleJavaARchival(JAR),AuthCryptoApi.
jar.
Table1showstheOSandnameofthebinaryfile.
Table1–BinaryFormoftheModuleWhenOperatingSystemBinaryFileNameDevelopmentWindowsXPwithSunJRE1.
5AuthCryptoApi.
jarRuntimeAnyJVMwithJRE1.
5orlaterregardlessofOSandcomputerarchitectureAuthCryptoApi.
jarThemoduleisstoredontheharddiskandisloadedinmemorywhenaclientapplicationcallscryptographicservicesexportedbythemodule.
Asofthiswriting,theclientapplicationisAuthGuard.
However,Authernativemaydevelopmoreapplicationsmakinguseofthemoduleinthefuture.
WhenoperatingintheApprovedmodeofoperation,theAuthernativeCryptographicModuleisvalidatedatFIPS140-2sectionlevelsshowninTable1.
NotethatinTable2,EMIandEMCmeanElectromagneticInterferenceandElectromagneticCompatibility,respectively,andN/Aindicates"NotApplicable".
Table2–SecurityLevelperFIPS140-2SectionSectionSectionTitleLevel1CryptographicModuleSpecification12CryptographicModulePortsandInterfaces13Roles,Services,andAuthentication14FiniteStateModel15PhysicalSecurityN/A6OperationalEnvironment17CryptographicKeyManagement18EMI/EMC19Self-Tests110DesignAssurance111MitigationofOtherAttacksN/A3.
2ModuleInterfacesThemodule,AuthCryptoApi.
jar,providesclientapplicationswithasetofcryptographicservicesintheformofApplicationProgrammingInterface(API)calls.
Figure2showsthelogicalcryptographicboundaryforthemodule.
ThemoduleisaJARfilethatconsistsof42javaclasses.
Outofthe42classes,29areBouncyCastleclassesthatimplementunderlyingcryptographicalgorithms.
BouncyCastleisanopen-sourceJavalibraryavailableatSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage11of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
http://www.
bouncycastle.
org/.
TheBouncyCastleclassesdonothavepublicmethods.
Theother13classes,developedbyAuthernative,implementpublicmethodsofthemodule.
TheJARfilemanifest,MANIFEST.
MF,containsthesignatureoftheJAR(usedinthepower-upintegritytest).
Figure2–LogicalCryptographicBoundaryThedescriptionsoftheAuthernativeclassesaredescribedinTable3–AuthernativeClassesinAuthCryptoApi.
jar.
Acompletelistofexportedmethodsisavailableinthemodule'sAPIreferencemanual.
Table3–AuthernativeClassesinAuthCryptoApi.
jarClassDescriptionAuthApiException.
classTheclassimplementstheexceptionthrownwhenandifthereisanerrorstateintheAPI.
AuthApiStatus.
classTheclassimplementsmethodsthatreportconfigurationsandstatusoftheAPI.
AuthCryptoApi.
classThisisthecoreAPIclassandcontainsallthepublicmethods.
Thisclasssimplycollectstheinterfacesintoasingleobject.
Mostofthefunctionsofthemoduleareimplementedbytheotherclasses.
Base64.
classTheclassimplementsthebase64encodinganddecodingmethods.
ConversionArray.
classTheclassimplementsAuthernative'spatentedBitVU,ByteVU,andBBVUtechnology.
SeeSection2.
3ofthisdocumentforadescriptionofthistechnique.
CryptoFunctions.
classTheclasscontainsallthecryptographicfunctionsrealizedbythemodule.
KeyGen$KeyThread.
classTheclassisasubclassoftheKeyGenclass.
Thisclassimplementsthemechanismofgeneratinganewkeyevery60seconds.
KeyGen.
classTheclassimplementskeygenerationmethods.
LicParams.
classTheclassstoresthelicensinginformationofthemodule.
RCConst.
classTheclasscontainsallthereturncodesfortheAPIerrorsforusewiththeAuthApiExceptionclass.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage12of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
ClassDescriptionSecureRNG.
classTheclassimplementstheAmericanNationalStandardsInstitute(ANSI)X9.
31AppendixA.
2.
4RNG.
AuthCipher.
classThisisanAuthernativewrapperclasstoenhanceusabilityforalloftheBouncyCastlecipherfunctionality.
AuthDigest.
classThisisanAuthernativewrapperclasstoenhanceusabilityforalloftheBouncyCastledigestfunctionality.
Themodule'sinteractionswithsurroundingcomponents,includingCentralProcessingUnit(CPU),harddisk,memory,clientapplication,andtheOSaredemonstratedinFigure3.
Figure3–LogicalCryptographicBoundaryandInteractionswithSurroundingComponentsThemoduleisvalidatedforuseontheplatformslistedinthesecondcolumnofTable1.
Inadditiontothebinaries,thephysicaldeviceconsistsoftheintegratedcircuitsofthemotherboard,theCPU,RandomAccessMemory(RAM),Read-OnlyMemory(ROM),computercase,keyboard,mouse,videointerfaces,expansioncards,andotherhardwarecomponentsincludedinthecomputersuchasharddisk,floppydisk,CompactDiscROM(CD-ROM)drive,powersupply,andfans.
Thephysicalcryptographicboundaryofthemoduleistheopaquehardmetalandplasticenclosureoftheserverrunningthemodule.
Theblockdiagramforastandardgeneral-purposecomputerSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage13of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
(GPC)isshowninFigure4.
Notethatinthisfigure,I/OmeansInput/Output,BIOSstandsforBasicInput/OutputSystem,PCIstandsforPeripheralComponentInterconnect,ISAstandsforInstructionSetArchitecture,andIDErepresentsIntegratedDriveElectronics.
Figure4–PhysicalBlockDiagramofaStandardGPCAllofthesephysicalportsareseparatedintologicalinterfacesdefinedbyFIPS140-2,asdescribedinTable3.
Table4–Logical,Physical,andModuleInterfaceMappingLogicalInterfacePhysicalPortMappingModuleMappingDataInputKeyboard,mouse,CD-ROM,floppydisk,andserial/USB/parallel/networkportsArgumentsforAPIcallsthatcontaindatatobeusedorprocessedbythemoduleDataOutputHardDisk,floppydisk,monitor,andserial/USB/parallel/networkportsArgumentsforAPIcallsthatcontainmoduleresponsedatatobeusedorprocessedbythecallerControlInputKeyboard,CD-ROM,floppydisk,mouse,andserial/USB/parallel/networkportAPIcallsStatusOutputHarddisk,floppydisk,monitor,andserial/USB/parallel/networkportsArgumentsforAPIcalls,returnvalue,errormessageSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage14of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
3.
3RolesandServicesTheoperatorsofthemodulecanassumetworolesasrequiredbyFIPS140-2:aCryptoOfficerroleandaUserrole.
Theoperatorofthemoduleassumeseitheroftherolesbasedontheoperationsperformed.
Theoperatorisnotrequiredtoauthenticatetothemodulebeforeaccessingservices.
ThemoduleprovidesanAPIforclientapplications.
Table5–CryptoOfficerServicesshowsthepublicmethodsthatarerunbytheCryptoOfficerrole.
Themethodnameisshowninthefirstcolumn("Service").
Itsfunctionisdescribedinthesecondcolumn("Description").
EachmethodexportedbythemoduleisanindividualCryptoOfficerservice.
Userservices(seeTable6–UserServices)arealsoavailabletotheCryptoOfficerrole.
Table6–UserServicesshowsthepublicmethodsthatarerunbytheUserrole.
SimilartoTable5–CryptoOfficerServices,themethodnameisshowninthefirstcolumn("Service").
Itsfunctionisdescribedinthesecondcolumn("Description").
EachmethodexportedbythemoduleisanindividualUserservice.
UserservicesarealsoavailabletotheCryptoOfficerrole.
TheCriticalSecurityParameters(CSPs)mentionedintherightmostcolumnscorrespondtotheoneslistedinTable7–ListofCryptographicKeys,CryptographicKeyComponents,andCSPs.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage15of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
Table5–CryptoOfficerServicesServiceDescriptionInputOutputCSPandTypeofAccessInstallationToinstallthemoduleCommandStatusNoneUninstallationTouninstallthemoduleCommandStatusAllCSPs–overwriteAuthCryptoApiTheAPI'sonlyconstructor.
TheinstanceoftheAPIwillbedefinedbytheparametersthatarepassedinCryptotype,hashtype,cryptomode,keysize,paddingschemeStatusNonegetInstanceThismethodisprovidedforsingletonuseoftheAPICryptotype,hashtype,cryptomode,keysize,paddingschemeStatus,theinstanceofAutghCryptoApiNoneprintByteArrayPrintsoutabytearrayinhexadecimalnotationTextstring,bytearrayStatus,theprintoutNoneprintByteArrayPrintsoutabytearrayinhexadecimalnotationBytearrayStatus,theprintoutNonehexStrToByteArrayConvertsahexadecimalstringintoabytearrayHexadecimalstringStatus,bytearrayNonecheckLicenseChecksthelicenseLicensestringfromapplication,clientinformationStatusNonegetStatusGetsinformationandconfigurationabouttheAPINoneStatus,APIobjectinformationandconfigurationNonesetSeedSetstheseed,date/time(DT)value,andTripleDESkeytorandomnumbers(generatedbythenon-ApprovedRNG)fortheANSIX9.
31RNGNoneStatusANSIX9.
31RNGseedforkeygenerationmethods–write,overwriteANSIX9.
31RNGDTvalueforkeygenerationmethods–write,overwriteANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–write,overwritesetSeedSetstheTripleDESkeytospecifiedvaluesfortheANSIX9.
31RNGTripleDESkeyStatusANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–write,overwriteSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage16of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
ServiceDescriptionInputOutputCSPandTypeofAccesssetSeedSetstheseed,DTvalue,andTripleDESkeytospecifiedvaluesfortheANSIX9.
31RNGSeed,TripleDESkey,DTvalueStatusANSIX9.
31RNGseedforkeygenerationmethods–write,overwriteANSIX9.
31RNGDTvalueforkeygenerationmethods–write,overwriteANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–write,overwritenextIntGeneratesarandomnumberNoneStatus,randomnumberANSIX9.
31RNGseedforkeygenerationmethods–readANSIX9.
31RNGDTvalueforkeygenerationmethods–readANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–readnextIntGeneratesarandomnumberbetweenzeroandthespecifiedintegerAninteger(rangeoftherandomnumber)Status,randomnumberANSIX9.
31RNGseedforkeygenerationmethods–readANSIX9.
31RNGDTvalueforkeygenerationmethods–readANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–readnextBytesGeneratesarandomnumberarrayPointertoabytearrayStatus,randomnumberarrayANSIX9.
31RNGseedforkeygenerationmethods–readANSIX9.
31RNGDTvalueforkeygenerationmethods–readANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–readzeroizeZeroizesCSPsNoneStatusAllCSPsinHashMapandfilesystem–overwriteTable6–UserServicesServiceDescriptionInputOutputCSPandTypeofAccesssetNumberOfKeysSetsthemaximumnumberofkeysthatthekeygeneratorwillcreatebeforerestartingatzeroNumberofkeysStatusNonesetPersistenceSetsthewaythekeyswillbesavedforthekeygeneratorMode(saveinkeysinfilesystemormemory)StatusNonesetPathSetsthelocationthatthekeyswillbesavedtothefilesystemPathofthefilesystemStatusNoneSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage17of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
ServiceDescriptionInputOutputCSPandTypeofAccessgetSecretKeyCreatesandreturnsaJavasecretkey(javax.
crypto.
SecretKey)NoneStatus,asecretkey(javax.
crypto.
SecretKey)AESkeyorTripleDESkeyforcalleruse–write,readgetRawKeyCreatesandreturnsaJavasecretkey(bytearray)NoneStatus,asecretkey(bytearray)AESkeyorTripleDESkeyforcalleruse–write,readstartKeyGenStartsathreadthatwillperformkeygenerationandsavethekeys.
Keyswillbegeneratedevery60secondsNoneStatusTripleDESkeyforveilingandunveilingmethods–writestopKeyGenStopsthekeygenerationNoneStatusTripleDESkeyforveilingandunveilingmethods–overwritegetSecretKeyFromReposGetsakey(javax.
crypto.
SecretKey)fromtherepositorythatiscreatedbythestartKeyGenmethodcallIndextotherepositoryStatus,asecretkey(javax.
crypto.
SecretKey)TripleDESkeyforveilingandunveilingmethods–readgetRawKeyFromReposGetsakey(bytearray)fromtherepositorythatiscreatedbythestartKeyGenmethodcallIndextotherepositoryStatus,asecretkey(bytearray)TripleDESkeyforveilingandunveilingmethods–readsetSecretKeySetsthesecretkey(bytearray)tobeusedincryptooperationsSecretkeyStatusAESkeyorTripleDESkeyforencryptionanddecryptionmethods–write,overwritesetSecretKeySetsthesecretkey(javax.
crypto.
SecretKey)tobeusedincryptooperationsSecretkeyStatusAESkeyorTripleDESkeyforencryptionanddecryptionmethods–write,overwritesetIVSetstheinitializationvectorifcryptousesCBCmodeInitializationvectorStatusNoneupdateHashUpdatesthecurrentmessageforhashingBytearrayaddedtothemessageStatusNonehashValuePerformsthefinalhashingformessageBytearrayaddedtothemessagebeforethefinalhashingisdoneStatus,hashvalueNoneupdateEncryptedUpdatesthecurrentplaintextforencryptionBytearrayaddedtotheplaintexttobeencryptedStatusNoneSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage18of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
ServiceDescriptionInputOutputCSPandTypeofAccessencryptValuePerformsthefinalencryptionfortheplaintextBytearrayaddedtotheplaintextbeforethefinalencryptionisdoneStatus,ciphertextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readdecryptValueDecryptsciphertextPlaintextStatus,plaintextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readencryptValueEncryptsplaintextwithspecifiedsecretkey(javax.
crypto.
SecretKey)Plaintext,secretkey(javax.
crypto.
SecretKey)Status,ciphertextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readdecryptValueDecryptsciphertextwithspecifiedsecretkey(javax.
crypto.
SecretKey)Ciphertext,secretkey(javax.
crypto.
SecretKey)Status,plaintextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readencryptValueEncryptsplaintextwithspecifiedsecretkey(bytearray)Plaintext,secretkey(bytearray)Status,ciphertextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readdecryptValueDecryptsciphertextwithspecifiedsecretkey(bytearray)Ciphertext,secretkey(bytearray)Status,plaintextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readencodePerformsBase64encodingonbytesBytestobeencodedEncodedbytesNoneencodePerformsBase64encodingonstringsStringstobeencodedEncodedstringNonedecodePerformsBase64decodingonbytesBytestobedecodedDecodedbytesNonedecodePerformsBase64decodingonstringsStringstobedecodedDecodedstringNoneveilDataHidesbits,bytes,orbitsandbytesinalargerarrayMode(bit,byte,orbitandbyte),bytearraytobehidden,TripleDESkeyfortheANSIX9.
31RNGConversionarraywithhiddenbytearrayTripleDESkeyforveilingandunveilingmethods–write,readunveilDataExtractsthedatafromconversionarrayMode(bit,byte,orbitandbyte),conversionarray,TripleDESkeyfortheANSIX9.
31RNGOriginalbytearrayTripleDESkeyforveilingandunveilingmethods–write,readSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage19of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
3.
4PhysicalSecurityTheAuthernativeCryptographicModuleisamulti-chipstandalonemodule.
Thephysicalsecurityrequirementsdonotapplytothismodule,sinceitispurelyasoftwaremoduleanddoesnotimplementanyphysicalsecuritymechanisms.
3.
5OperationalEnvironmentThemodulewastestedandvalidatedongeneral-purposeMicrosoftWindowsXPwithServicePackage2withSunJRE1.
5.
ThemodulecanrunonanyJVMregardlessofOSandcomputerarchitecture.
TheminimumversionoftheJREsupportedbythemoduleis1.
5.
ThemodulemustbeconfiguredinsingleusermodeaspertheinstructionsprovidedinSection4.
1ofthisdocument.
RecommendedconfigurationchangesforthesupportedOScanalsobefoundinSection4.
1.
3.
6CryptographicKeyManagementThemoduleimplementsthefollowingFIPS-approvedalgorithmsintheApprovedmodeofoperation.
SHA-1,SHA-256,SHA-384,SHA-512(certificate#725).
SHAmeansSecureHashAlgorithm.
HMAC-SHA-1(certificate#375).
HMACmeansKeyed-HashMessageAuthenticationCode.
TripleDES:112and168bits,inECBandCBCmodes(certificate#629).
ECBandCBCmeanElectronicCodebookandCipherBlockChaining,respectively.
AES:128,192,and256bits,inECBandCBCmodes(certificate#697)ANSIX9.
31AppendixA.
2.
4RNGwith2-keyTripleDES(certificate#408)IntheApprovedmodeofoperation,themoduleusesanon-ApprovedRNGtoseedtheANSIX9.
31RNG.
Thisnon-ApprovedRNGistheSecureRandomclassprovidedbytheJREandisnotimplementedbythemoduleitself.
Thenon-ApprovedRNGisoutsidethecryptographicboundaryofthemoduleandisusedbythemoduleonlyforseedingtheANSIX9.
31RNG.
Inthenon-Approvedmodeofoperation,themodulesupportsMD5.
ThemodulesupportsthefollowingCSPsintheApprovedmodeofoperation:Table7–ListofCryptographicKeys,CryptographicKeyComponents,andCSPsKeyKeyTypeGeneration/InputOutputStorageZeroizationUseTripleDESkeyforcalleruseTripleDESsymmetrickeysGeneratedbyANSIX9.
31RNGInplaintext1.
Plaintextinvolatilememory;2.
PlaintextinfilesystemZeroizedwhenthezeroizemethodiscalledUseisatthediscretionofthecallerAESkeyforcalleruseAESsymmetrickeyGeneratedbyANSIX9.
31RNGInplaintext1.
Plaintextinvolatilememory;2.
PlaintextinfilesystemZeroizedwhenthezeroizemethodiscalledUseisatthediscretionofthecallerTripleDESkeyforencryptionanddecryptionmethodsTripleDESsymmetrickeysInputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedafterencryptionordecryptionisdoneEncryptplaintextordecryptciphertextAESkeyforencryptionanddecryptionmethodsAESsymmetrickeyInputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedafterencryptionordecryptionisdoneEncryptplaintextordecryptciphertextSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage20of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
KeyKeyTypeGeneration/InputOutputStorageZeroizationUseTripleDESkeyforveilingandunveilingmethodsTripleDESsymmetrickeysInputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedafterveilingorunveilingisdoneVeilorunveildataANSIX9.
31RNGDTvalueforkeygenerationmethodsDate/timevariable1.
Generatedinternallybyretrievingsystemdate/timevalue2.
InputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedwhennewDTvalueisgeneratedGeneratekeysANSIX9.
31RNGTripleDESkeyforkeygenerationmethodsTripleDESsymmetrickeys1.
Generatedusingthenon-ApprovedRNG2.
InputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedwhennewTripleDESkeyisgeneratedGeneratekeysANSIX9.
31RNGseedforkeygenerationmethodsSeed1.
Generatedusingthenon-ApprovedRNG2.
InputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedwhennewseedisgeneratedGeneratekeysSoftwareintegritytestkey512-bitHMAC-SHA-1keyHardcodedNeverPlaintextinnonvolatilememoryZeroizedwhenthemoduleisuninstalledUsedinsoftwareintegritytest3.
6.
1KeyGenerationThemoduleusesanANSIX9.
31RNGwith2-keyTripleDEStogeneratecryptographickeys.
ThisRNGisaFIPS-ApprovedRNGasspecifiedinAnnexCtoFIPS140-2.
3.
6.
2KeyInput/OutputSymmetrickeysareinputtoandoutputfromthemoduleinplaintext.
Themoduledoesnotuseasymmetric-keycryptography.
3.
6.
3KeyStorageandProtectionKeysandotherCSPsarestoredinvolatilememoryorfilesysteminplaintext.
Allkeydataresidesininternallyallocateddatastructuresandcanonlybeoutputusingthemodule'sdefinedAPI.
TheOSandJREprotectmemoryandprocessspacefromunauthorizedaccess.
3.
6.
4KeyZeroizationGenerallyspeaking,CSPsresidesininternaldatastructuresthatarecleanedupbyJVM'sgarbagecollector.
Javahandlesmemoryinunpredictablewaysthataretransparenttotheuser.
TheCryptoOfficermaymanuallyinvokethezeroizationofkeysstoredinHashMapandfilesystembycallingthezeroizemethod.
3.
7EMI/EMCAlthoughthemoduleconsistsentirelyofsoftware,theFIPS140-2platformisaserverthathasbeentestedforandmeetsapplicableFederalCommunicationsCommission(FCC)EMIandEMCrequirementsforbusinessuseasdefinedinSubpartBofFCCPart15.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage21of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
3.
8Self-TestsThepower-upself-testsaretriggeredbyinstantiationofanobjectoftheAuthCryptoApiclass.
TheAuthernativeCryptographicModuleperformsthefollowingpower-upself-tests:SoftwareintegritytestusingHMAC-SHA-1KnownAnswerTest(KAT)on2-keyTripleDESinECBmodeKATon128-bitAESinECBmodeKATsonSHA-1,SHA-256,SHA-384,andSHA-512KATonANSIX9.
31RNGThemoduleimplementsthefollowingconditionalself-tests.
ContinuoustestfortheANSIX9.
31RNGContinuoustestforthenon-ApprovedRNGIftheself-testsfail,anexceptionwillbethrownonthefailure.
Theapplicationisthenalertedthattheself-testsfailed,andthemodulewillnotloadandwillenteranerrorstate.
Whenintheerrorstate,executionofthemoduleishaltedanddataoutputfromthemoduleisinhibited.
3.
9MitigationofOtherAttacksThissectionisnotapplicable.
NoclaimismadethatthemodulemitigatesagainstanyattacksbeyondtheFIPS140-2level1requirementsforthisvalidation.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage22of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
4SecureOperationTheAuthernativeCryptographicModulemeetsLevel1requirementsforFIPS140-2.
ThesubsectionsbelowdescribehowtoplaceandkeepthemoduleintheApprovedmodeofoperation.
4.
1OperatingSystemConfigurationTheuserofthemoduleisasoftwareapplication.
FIPS140-2mandatesthatacryptographicmodulebelimitedtoasingleuseratatime.
AsingleinstantiationoftheAuthernativeCryptographicModuleshallonlybeaccessedbyoneclientapplication,whichistheUserofthisinstantiationoftheAuthernativeCryptographicModule.
Forenhancedsecurity,itisrecommendedthattheCryptoOfficerconfiguretheOStodisallowremotelogin.
ToconfigureWindowsXPtodisallowremotelogin,theCryptoOfficershouldensurethatallremoteguestaccountsaredisabledinordertoensurethatonlyonehumanoperatorcanlogintoWindowsXPatatime.
TheservicesthatneedtobeturnedoffforWindowsXPareFast-userswitching(irrelevantifserverisadomainmember)TerminalservicesRemoteregistryserviceSecondarylogonserviceTelnetserviceRemotedesktopandremoteassistanceserviceOnceWindowsXPhasbeenconfiguredtodisableremotelogin,theCryptoOfficercanusethesystem"Administrator"accounttoinstallsoftware,uninstallsoftware,andadministerthemodule.
ACMVPpublicdocument,FrequentlyAskedQuestionsfortheCryptographicModuleValidationProgram1,givesinstructionsinSection5.
3forconfiguringvariousUnix-basedoperatingsystemsforsingleusermode.
4.
2ApprovedModeConfigurationTheAuthernativeCryptographicModuleitselfisnotanend-userproduct.
Itisprovidedtotheend-usersaspartoftheapplication(e.
g.
,AuthGuard).
Themoduleisinstalledduringinstallationoftheapplication.
Theinstallationprocedureisdescribedintheinstallationmanualfortheapplication.
Inordertoaccessfunctionsofthemodule,theapplicationhastoexecutetheconstructorofclassAuthCryptoApibyinstantiatinganobjectofclassAuthCryptoApi.
TheconstructorofclassAuthCryptoApiis:publicAuthSecurityApi(intcrpytoType,inthashType,intcodeBook,intkeySize,intpadding)IfthevaluepassedintotheargumentinthashTypeisSHA(integervalue1,2,3,or4),thenthemoduleisoperatingintheApprovedmodeofoperation.
IfthevaluepassedintotheargumentinthashTypeisMD5(integervalue0),thenthemoduleisoperatinginthenon-Approvedmodeofoperation.
TheconstructorofclassAuthCryptoApiperformsallrequiredpower-upself-tests.
Ifallpower-upself-testsarepassed,thenaninternalflagwillbesettotrue.
Allotherpublicmethodsofthemodulecheckthisinternalflagandensureitistruebeforeperforminganyotherfunctions.
1Availableathttp://csrc.
nist.
gov/groups/STM/cmvp/documents/CMVPFAQ.
pdf.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage23of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
NoticethattheApprovedmodeconfigurationdescribedaboveistransparenttoanoperator.
Theconfigurationisperformedbytheclientapplication.
4.
3CSPZeroizationTheCryptoOfficershouldzeroizeCSPswhentheyarenolongerneeded.
SeeSection3.
6.
4ofthisdocumentfordetailsonCSPzeroization.
4.
4StatusMonitoringThemodule'scryptographicfunctionalityandsecurityservicesareprovidedviatheapplication.
Themoduleisnotmeanttobeusedwithoutanassociatedapplication.
End-userinstructionsandguidanceareprovidedintheusermanualandtechnicalsupportdocumentsoftheapplicationsoftware.
Althoughend-usersdonothaveprivilegestomodifyconfigurationsofthemodule,theyshouldmakesurethattheApprovedmodeofoperationisenforcedintheapplication,therebyensuringthatthepropercryptographicprotectionisprovided.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage24of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
5AcronymsTable8–AcronymsAcronymDefinitionAESAdvancedEncryptionStandardANSIAmericanNationalStandardsInstituteAPIApplicationProgrammingInterfaceBBVUByte-Bit-Veil-UnveilBIOSBasicInput/OutputSystemBitVUBit-Veil-UnveilByteVUByte-Veil-UnveilCBCCipherBlockChainingCD-ROMCompactDiscRead-OnlyMemoryCMVPCryptographicModuleValidationProgramCPUCentralProcessingUnitCSPCriticalSecurityParameterDESDataEncryptionStandardDRKDataRandomKeyDTDate/TimeECBElectronicCodebookEMCElectromagneticCompatibilityEMIElectromagneticInterferenceFCCFederalCommunicationsCommissionFIPSFederalInformationProcessingStandardGPCGeneral-PurposeComputerGUIGraphicalUserInterfaceHDDHardDriveHMACKeyed-HashMessageAuthenticationCodeIDEIntegratedDriveElectronicsIEEEInstituteofElectricalandElectronicsEngineersI/OInput/OutputIRInfraredISAInstructionSetArchitectureJARJavaARchivalJREJavaRuntimeEnvironmentJVMJavaVirtualMachineKATKnownAnswerTestSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage25of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
AcronymDefinitionMACMessageAuthenticationCodeN/ANotApplicableOSOperatingSystemPCIPeripheralComponentInterconnectRAMRandomAccessMemoryRNGRandomNumberGeneratorROMReadOnlyMemorySHASecureHashAlgorithmSRKSessionRandomKeyUARTUniversalAsynchronousReceiver/TransmitterUSBUniversalSerialBus
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
Authernative,Inc.
AuthernativeCryptographicModuleSoftwareVersion:1.
0.
0FIPS140-2SecurityPolicyLevel1ValidationDocumentVersion1.
1Preparedfor:Preparedby:Authernative,Inc.
CorsecSecurity,Inc.
201RedwoodShoresParkway,Suite275RedwoodCity,CA9406510340DemocracyLane,Suite201Fairfax,VA22030Phone:(650)587-5263Phone:(703)267-6050Fax:(650)587-5259Fax:(703)267-6810http://www.
authernative.
comhttp://www.
corsec.
comSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage2of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
RevisionHistoryVersionModificationDateModifiedByDescriptionofChanges0.
12007-09-21XiaoyuRuanInitialdraft0.
22008-01-10XiaoyuRuanAddedECBBlockCipher.
class;removedDESEngine.
class0.
32008-01-23XiaoyuRuanAddedzeroizemethod;PutCAVPnumbers0.
42008-01-25XiaoyuRuanAddressedLabcomments0.
52008-02-05XiaoyuRuanAddressedLabcomments1.
02008-05-01XiaoyuRuanAddressCMVPcomments1.
12008-05-09XiaoyuRuanAddressCMVPcommentsSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage3of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
TableofContents1INTRODUCTION61.
1PURPOSE.
61.
2REFERENCES.
61.
3DOCUMENTORGANIZATION62AUTHGUARDANDPASSENABLER.
72.
1OVERVIEW.
72.
2CLIENT-SERVERENCRYPTIONANDAUTHENTICATION.
82.
3BITVU,BYTEVU,ANDBBVU.
93AUTHERNATIVECRYPTOGRAPHICMODULE103.
1OVERVIEW.
103.
2MODULEINTERFACES.
103.
3ROLESANDSERVICES.
143.
4PHYSICALSECURITY193.
5OPERATIONALENVIRONMENT.
193.
6CRYPTOGRAPHICKEYMANAGEMENT.
193.
6.
1KeyGeneration.
203.
6.
2KeyInput/Output203.
6.
3KeyStorageandProtection.
203.
6.
4KeyZeroization.
203.
7EMI/EMC203.
8SELF-TESTS213.
9MITIGATIONOFOTHERATTACKS.
214SECUREOPERATION.
224.
1OPERATINGSYSTEMCONFIGURATION224.
2APPROVEDMODECONFIGURATION224.
3CSPZEROIZATION.
234.
4STATUSMONITORING.
235ACRONYMS.
24SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage4of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
TableofFiguresFIGURE1–COMPONENTSOFTHEAUTHGUARDPRODUCT.
8FIGURE2–LOGICALCRYPTOGRAPHICBOUNDARY11FIGURE3–LOGICALCRYPTOGRAPHICBOUNDARYANDINTERACTIONSWITHSURROUNDINGCOMPONENTS12FIGURE4–PHYSICALBLOCKDIAGRAMOFASTANDARDGPC13SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage5of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
TableofTablesTABLE1–BINARYFORMOFTHEMODULE10TABLE2–SECURITYLEVELPERFIPS140-2SECTION.
10TABLE3–AUTHERNATIVECLASSESINAUTHCRYPTOAPI.
JAR.
11TABLE4–LOGICAL,PHYSICAL,ANDMODULEINTERFACEMAPPING.
13TABLE5–CRYPTOOFFICERSERVICES15TABLE6–USERSERVICES.
16TABLE7–LISTOFCRYPTOGRAPHICKEYS,CRYPTOGRAPHICKEYCOMPONENTS,ANDCSPS.
19TABLE8–ACRONYMS24SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage6of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
1Introduction1.
1PurposeThisdocumentisanon-proprietaryCryptographicModuleSecurityPolicyfortheAuthernativeCryptographicModulefromAuthernative,Inc.
ThisSecurityPolicydescribeshowtheAuthernativeCryptographicModulemeetsthesecurityrequirementsofFIPS140-2andhowtorunthemoduleinasecureFIPS140-2modeofoperation.
ThispolicywaspreparedaspartoftheLevel1FIPS140-2validationoftheAuthernativeCryptographicModule.
FIPS140-2(FederalInformationProcessingStandardsPublication140-2–SecurityRequirementsforCryptographicModules)detailstheU.
S.
andCanadiangovernmentrequirementsforcryptographicmodules.
MoreinformationabouttheFIPS140-2standardandvalidationprogramisavailableontheNationalInstituteofStandardsandTechnology(NIST)CryptographicModuleValidationProgram(CMVP)websiteat:http://csrc.
nist.
gov/groups/STM/index.
html.
Inthisdocument,theAuthernativeCryptographicModuleisreferredtoas"themodule".
TheapplicationrepresentsAuthernative'ssoftwareproducts,suchasAuthGuard,linkedwiththecryptographicmethodsprovidedbytheAuthernativeCryptographicModule.
1.
2ReferencesThisdocumentdealsonlywiththeoperationsandcapabilitiesofthemoduleinthetechnicaltermsofaFIPS140-2cryptographicmodulesecuritypolicy.
Moreinformationisavailableonthemodulefromthefollowingsources:TheAuthernativewebsite(http://www.
authernative.
com/)containsinformationonthefulllineofproductsfromAuthernative.
TheCMVPwebsite(http://csrc.
nist.
gov/groups/STM/index.
html)containscontactinformationforanswerstotechnicalorsales-relatedquestionsforthemodule.
1.
3DocumentOrganizationTheSecurityPolicydocumentisonedocumentinaFIPS140-2submissionpackage.
Inadditiontothisdocument,theSubmissionPackagecontains:VendorEvidenceFiniteStateMachineOthersupportingdocumentationasadditionalreferencesThisSecurityPolicyandtheothervalidationsubmissiondocumentationhavebeenproducedbyCorsecSecurity,Inc.
undercontracttoAuthernative.
WiththeexceptionofthisNon-ProprietarySecurityPolicy,theFIPS140-2ValidationDocumentationisproprietarytoAuthernativeandisreleasableonlyunderappropriatenon-disclosureagreements.
Foraccesstothesedocuments,pleasecontactAuthernative.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage7of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
2AuthGuardandPassEnablerAuthernative,Inc.
isasoftwarecompanythatdevelops,markets,andsellsenterpriseandconsumerlevelsecuritysolutions.
Authernative'sgrantedandpendingU.
S.
andInternationalpatentsintheareaofprivateandsecurefinancialtransactions,authenticationalgorithms,protocols,andencryptionschemesarethefoundationforthecompanytechnologyandcommercialproductofferings.
Authernativeprovidesintegratedsecuritysolutionsforidentitymanagement,strongauthenticationtoaccessnetworkresources,andefficientauthorization,administrationandauditingcontrol.
Authernativeapproachessecurityasacomplexsystemhavingscientific,technological,engineering,marketing,andsocialcomponents.
Thecompanybelievesthatonlyaharmonizedmixtureofthesecomponentsimplementedinsecurityproductsandbackedwithexcellentservicescanbringlong-lastingsuccessandcustomersatisfaction.
Authernativecurrentlysellstwoseparateandcomplementaryproducts:AuthGuardandPassEnabler.
BothAuthGuardandPassEnablerareapplicationsthatusetheAuthernativeCryptographicModule.
However,AuthGuardandPassEnablerarenotbeingvalidatedforFIPScompliancebecausealltheirsecurity-relevantfunctionsareprovidedbytheAuthernativeCryptographicModule.
2.
1OverviewAuthGuardisanauthenticationproduct.
Itprovidesanauthenticationserverthatsupportsandmanagesmultipleauthenticationoptions.
ThoseoptionsallowAuthGuardtooffermultifactorauthentication,strongauthentication,orlayeredauthenticationservices.
PassEnablerallowsadministratorstodefinewhatresourcesauthorizedusershaveaccesstoandprovidesasecureauthorization,administration,auditing,andwebsingle-sign-onengine.
PassEnablerisintegratedwithAuthGuard.
PassEnablerenablescorporateidentityandaccessmanagementusingtheauthenticationcapabilitiesofAuthGuard.
AuthGuardandPassEnablercanbeusedeitherseparatelyortogetherascomplementarytoolswithinatoolsuite.
TheAuthGuardproductisimplementedusingfivecomponents(asdepictedinFigure1):AuthGuardServerAdministrativeUtilityConfigurationUtilityLicensingAuthGuardClientThecentralcomponentistheAuthGuardServer,whichprovidesauthenticationservicesinanetworkedenvironment.
UsersattemptingtoaccessvarioussystemsareredirectedtotheAuthGuardServer.
ThisprovidesthemwithaGraphicalUserInterface(GUI)toperformauthentication.
TheGUIisprovidedbydownloadingtheAuthGuardClienttoabrowser.
TheAuthGuardClientGUIchangesdependingonwhatformsofauthenticationarebeingperformed,andcommunicateswiththeAuthGuardServer.
AuthernativehasdevelopedtwoutilitiestomanagetheAuthGuardproduct.
ThefirstutilityistheAdministrativeUtility,whichprovidesanadministrativeconsoleformanagementoftheAuthGuardServer.
TheAdministrativeUtilityprovidesaGUItotweakroughlyfiftyoptionsandfeaturesoftheconfigurationoftheAuthGuardServer,settingtheuserpermissionsandauthentication.
AnadministratorusestheAdministrativeUtilitytoinitiallyconfigurethesystem.
ThesecondutilityistheConfigurationUtility,whichisadesktopconfigurationtoolthatgivestheadministratortheabilitytoperformuseraccountprovisioning,manageroles,createusers,andperformauditing.
TheConfigurationUtilityalsoallowsauditingtobeperformedonusersandadministratoractivitiesonthenetworkfromdataintheAuthGuardServer'slogs.
TheproductallowsausertoviewnetworkresourcesandtodefineresourcesthatareplacedunderAuthGuard'sauthenticationcontrol.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage8of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
Figure1–ComponentsoftheAuthGuardProduct2.
2Client-ServerEncryptionandAuthenticationCommunicationsbetweentheAuthGuardServerandtheAuthGuardClientareencryptedusingtheAdvancedEncryptionStandard(AES)algorithm.
TheAuthGuardServerisimplementedasaJavaservletwithinanApacheTomcatcontainer,andcontainsallrequiredsecurityfunctionality.
TheAuthGuardClientisdistributedasaJavaappletbytheAuthGuardServer.
Theappletisloadedintoauser'sbrowser.
TheClientthenprovidesthecompleteuserGUIandperformstheencryptionoperationsenablingsecurecommunicationswiththeAuthGuardServer.
Furthermore,theappletprovidesinterfacesappropriatetotheadministrator-selectedauthenticationmethodsandguidestheuserthroughauthenticationtotheAuthGuardServerandaccesstoresources.
NetworkusersencountertheAuthGuardServerwhentheybringupabrowserandrequestaccesstoanauthenticatedresource.
TheserequestsareredirectedbytheresourcetotheAuthGuardServeriftherequesthasnotyetbeenauthenticated.
Optionally,userscanpointdirectlytoanAuthGuardServertobeginauthenticationsteps.
Oncecontacted,theAuthGuardServersendsbacktheClientapplettotheuseralongwithaSessionRandomKey(SRK),whichcanbeeitheranAESoratripleDataEncryptionStandard(DES)key.
TheSRKsareusedtoinitializesecuresessions,andarecreatedbytheAuthGuardServer.
WhentheservletfortheAuthGuardServerisinitialized,itstartsgeneratinganewstoreofSRKsdestinedforfutureuse.
TheSRKsareplacedinanarraythatisconstantlyupdatedbytheServer,andSRKscreatedbytheServerareassignedalifetime.
AfteranSRKhasexpired,itwillnotbeusedtosecureanewconnection.
EachSRKisassociatedwithanarrayofDataRandomKeys(DRKs),whichiscreatedforaparticularsession.
ThearrayofDRKsiserasediftheSRKiserased.
TheServercanbeconfiguredtocreateaspecificnumberofSRKs,andwillthenupdatethemperiodically.
Foranindividualsession,asingleunusedSRKisselected,andthensenttotheclientintheclearencodedasanarrayofbytesinaJavaclass.
TheSRKisthenusedbytheClienttoinitiatethesessionbetweentheClientandtheServer.
TheClientfirstobtainsausernamefromtheGUI,andsendsthistotheserverencryptedwiththeSRK.
TheServerreceivesthisanddecryptstheusername.
AftertheexchangeofausernameandSRK,theServerselectsaDRKfromthearrayassociatedwiththeSRK,andsendsittotheClientencryptedwiththeSRK.
Theencryptedbitsareadditionallybyte-veiled,orbit-veiledasdescribedinthenextsubsection.
Atthispoint,theClientretrievestheDRK,anddisplaysaGUItotheusertocollectpasswordinformation.
Meanwhile,theClienthashestheDRK,encryptsthehashwiththeDRK,andsendstheresultbacktotheServertoindicatethattheDRKwassuccessfullyreceivedanddecrypted.
TheServerchecksthatthisiscorrectbycomputingthesamevalue.
Atthispoint,theServerandClienthaveexchangedanSRK,DRK,andusernamebuthavenotauthenticatedeitherside,orexchangedakeynotsubjecttoman-in-the-middleattacks.
Now,theServerselectsasecondDRK(DRK2)fromtheDRKarray.
Theserverthenretrievestheuser'spasswordinformationfromitsdatabase.
TheServerthenencryptsDRK2withDRKandbit-veils,byte-veils,orbothintoaconversionarrayusingvaluesfromaRandomNumberGenerator(RNG)seededwiththeuser'spasswordinformation.
ThisistransmittedtotheClientwhocanthenusethesamepasswordinformationtoreconstructDRK2.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage9of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
TheClientthenhashesDRK2,hidesitinaconversionarrayusingthepasswordinformation,encryptstheconversionarraywithDRK2,andsendsitbacktotheservertoindicatehehasDRK2.
ThisstepperformsClientauthenticationbasedonpossessionoftheuser'spasswordinformation,andsharesDRK2withbothsides.
ThesamestepisthenperformedbytheServertoauthenticatetheServertotheClientusingDRK2andtheServerpassword.
TheServersendsahashofDRK2inaconversionarrayusingtheServerpasswordtoseedtheRNGforbit-orbyte-veiling,andencryptingthearraywithDRK2.
TheClientalreadyhastheServerpasswordandusesittoauthenticatetheServer.
Atthispointclienthaveperformedmutualauthentication,andshareasessionencryptionkey.
Userpasswordinformationcanbeasimplepassword,orcanuseAuthernative'spassline(achosenpatterninagrid),pass-step(anout-of-bandchallengesenttoemailorphonetobeentered),crossline(achallengeembeddedinagrid),orpassfield(image,colors,andagrid).
Eachoftheseprocessesallowstheusertoselectsecretpasswordinformation,allorpartofwhichcanbeprovidedinresponsetochallenges.
TheauthenticationstepofexchangingaDRKusingpasswordinformationforthebit-andbyte-veilingcanbeiteratedasoftenasdesiredtoprovideaDRK3,DRK4,etc.
Securitycanbelayeredtousemultipleauthenticationsteps,wheredifferentpasswordinformationformsareemployed.
Forexample,ausercouldemploybothasimplepasswordandusepassline.
ThepasswordwouldbeusedforDRK2,andthenpasslinewouldbeusedforDRK3,andthatexchangewouldalsodependuponDRK2.
Atthispoint,theDRKarenotusedbyAuthGuardforsecuredataencryption,andaresimplytreatedasabyproductoftheauthentication.
OtherproductsmayinthefutureusetheDRKsforsecurecontentexchange,buttheyarecurrentlyusedonlyforauthentication.
2.
3BitVU,ByteVU,andBBVUAuthernativehassecuredthreepatentsontheprocessesdescribedabove,withclaimsinthepatentsthatcovertheuseofaconversionarray,keygeneration,andbit-andbyte-veiling.
Theprocessof"Bit-Veil-Unveil(BitVU),Byte-Veil-Unveil(ByteVU),andByte-Bit-Veil-Unveil(BBVU)"mentionedabovearethesubjectofthepatents,andareintegraltotheauthenticationprocess.
TheBitVUandByteVUprocessestakeanarrayofrandomdataandeffectivelyhideorinterspersemessagedatawithinthearray.
Thearrayofrandomdatawiththeinterspersedmessagesisreferredtoasaconversionarray,andmaybefurtherencryptedbeforetransmissionwithintheAuthGuardschemesdescribed.
ThelocationsofthemessagedatawithintheconversionarrayaredeterminedbyadeterministicRNGseededwithasecretvalue.
TwopartiesthatsharethissecretvaluecanbothusethesameRNGtocomputethelocationsofthedatawithintheconversionarray.
TheprocessofByteVUinvolvesgeneratingaconversionarray,and"veiling"individualbytesofthemessagedatabysparselydistributingthemthroughtheconversionarray.
TheprocessofBitVUdoesthesame,butonabit-wisebasis.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage10of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
3AuthernativeCryptographicModule3.
1OverviewThemodulewasdevelopedandtestedonMicrosoftWindowsXP(ServicePackage2)withSunJavaRuntimeEnvironment(JRE)1.
5.
ThemodulecanrunonanyJavaVirtualMachine(JVM)regardlessofoperatingsystem(OS)andcomputerarchitecture.
TheminimumversionoftheJREsupportedbythemoduleis1.
5.
LogicallythemoduleisasingleJavaARchival(JAR),AuthCryptoApi.
jar.
Table1showstheOSandnameofthebinaryfile.
Table1–BinaryFormoftheModuleWhenOperatingSystemBinaryFileNameDevelopmentWindowsXPwithSunJRE1.
5AuthCryptoApi.
jarRuntimeAnyJVMwithJRE1.
5orlaterregardlessofOSandcomputerarchitectureAuthCryptoApi.
jarThemoduleisstoredontheharddiskandisloadedinmemorywhenaclientapplicationcallscryptographicservicesexportedbythemodule.
Asofthiswriting,theclientapplicationisAuthGuard.
However,Authernativemaydevelopmoreapplicationsmakinguseofthemoduleinthefuture.
WhenoperatingintheApprovedmodeofoperation,theAuthernativeCryptographicModuleisvalidatedatFIPS140-2sectionlevelsshowninTable1.
NotethatinTable2,EMIandEMCmeanElectromagneticInterferenceandElectromagneticCompatibility,respectively,andN/Aindicates"NotApplicable".
Table2–SecurityLevelperFIPS140-2SectionSectionSectionTitleLevel1CryptographicModuleSpecification12CryptographicModulePortsandInterfaces13Roles,Services,andAuthentication14FiniteStateModel15PhysicalSecurityN/A6OperationalEnvironment17CryptographicKeyManagement18EMI/EMC19Self-Tests110DesignAssurance111MitigationofOtherAttacksN/A3.
2ModuleInterfacesThemodule,AuthCryptoApi.
jar,providesclientapplicationswithasetofcryptographicservicesintheformofApplicationProgrammingInterface(API)calls.
Figure2showsthelogicalcryptographicboundaryforthemodule.
ThemoduleisaJARfilethatconsistsof42javaclasses.
Outofthe42classes,29areBouncyCastleclassesthatimplementunderlyingcryptographicalgorithms.
BouncyCastleisanopen-sourceJavalibraryavailableatSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage11of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
http://www.
bouncycastle.
org/.
TheBouncyCastleclassesdonothavepublicmethods.
Theother13classes,developedbyAuthernative,implementpublicmethodsofthemodule.
TheJARfilemanifest,MANIFEST.
MF,containsthesignatureoftheJAR(usedinthepower-upintegritytest).
Figure2–LogicalCryptographicBoundaryThedescriptionsoftheAuthernativeclassesaredescribedinTable3–AuthernativeClassesinAuthCryptoApi.
jar.
Acompletelistofexportedmethodsisavailableinthemodule'sAPIreferencemanual.
Table3–AuthernativeClassesinAuthCryptoApi.
jarClassDescriptionAuthApiException.
classTheclassimplementstheexceptionthrownwhenandifthereisanerrorstateintheAPI.
AuthApiStatus.
classTheclassimplementsmethodsthatreportconfigurationsandstatusoftheAPI.
AuthCryptoApi.
classThisisthecoreAPIclassandcontainsallthepublicmethods.
Thisclasssimplycollectstheinterfacesintoasingleobject.
Mostofthefunctionsofthemoduleareimplementedbytheotherclasses.
Base64.
classTheclassimplementsthebase64encodinganddecodingmethods.
ConversionArray.
classTheclassimplementsAuthernative'spatentedBitVU,ByteVU,andBBVUtechnology.
SeeSection2.
3ofthisdocumentforadescriptionofthistechnique.
CryptoFunctions.
classTheclasscontainsallthecryptographicfunctionsrealizedbythemodule.
KeyGen$KeyThread.
classTheclassisasubclassoftheKeyGenclass.
Thisclassimplementsthemechanismofgeneratinganewkeyevery60seconds.
KeyGen.
classTheclassimplementskeygenerationmethods.
LicParams.
classTheclassstoresthelicensinginformationofthemodule.
RCConst.
classTheclasscontainsallthereturncodesfortheAPIerrorsforusewiththeAuthApiExceptionclass.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage12of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
ClassDescriptionSecureRNG.
classTheclassimplementstheAmericanNationalStandardsInstitute(ANSI)X9.
31AppendixA.
2.
4RNG.
AuthCipher.
classThisisanAuthernativewrapperclasstoenhanceusabilityforalloftheBouncyCastlecipherfunctionality.
AuthDigest.
classThisisanAuthernativewrapperclasstoenhanceusabilityforalloftheBouncyCastledigestfunctionality.
Themodule'sinteractionswithsurroundingcomponents,includingCentralProcessingUnit(CPU),harddisk,memory,clientapplication,andtheOSaredemonstratedinFigure3.
Figure3–LogicalCryptographicBoundaryandInteractionswithSurroundingComponentsThemoduleisvalidatedforuseontheplatformslistedinthesecondcolumnofTable1.
Inadditiontothebinaries,thephysicaldeviceconsistsoftheintegratedcircuitsofthemotherboard,theCPU,RandomAccessMemory(RAM),Read-OnlyMemory(ROM),computercase,keyboard,mouse,videointerfaces,expansioncards,andotherhardwarecomponentsincludedinthecomputersuchasharddisk,floppydisk,CompactDiscROM(CD-ROM)drive,powersupply,andfans.
Thephysicalcryptographicboundaryofthemoduleistheopaquehardmetalandplasticenclosureoftheserverrunningthemodule.
Theblockdiagramforastandardgeneral-purposecomputerSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage13of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
(GPC)isshowninFigure4.
Notethatinthisfigure,I/OmeansInput/Output,BIOSstandsforBasicInput/OutputSystem,PCIstandsforPeripheralComponentInterconnect,ISAstandsforInstructionSetArchitecture,andIDErepresentsIntegratedDriveElectronics.
Figure4–PhysicalBlockDiagramofaStandardGPCAllofthesephysicalportsareseparatedintologicalinterfacesdefinedbyFIPS140-2,asdescribedinTable3.
Table4–Logical,Physical,andModuleInterfaceMappingLogicalInterfacePhysicalPortMappingModuleMappingDataInputKeyboard,mouse,CD-ROM,floppydisk,andserial/USB/parallel/networkportsArgumentsforAPIcallsthatcontaindatatobeusedorprocessedbythemoduleDataOutputHardDisk,floppydisk,monitor,andserial/USB/parallel/networkportsArgumentsforAPIcallsthatcontainmoduleresponsedatatobeusedorprocessedbythecallerControlInputKeyboard,CD-ROM,floppydisk,mouse,andserial/USB/parallel/networkportAPIcallsStatusOutputHarddisk,floppydisk,monitor,andserial/USB/parallel/networkportsArgumentsforAPIcalls,returnvalue,errormessageSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage14of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
3.
3RolesandServicesTheoperatorsofthemodulecanassumetworolesasrequiredbyFIPS140-2:aCryptoOfficerroleandaUserrole.
Theoperatorofthemoduleassumeseitheroftherolesbasedontheoperationsperformed.
Theoperatorisnotrequiredtoauthenticatetothemodulebeforeaccessingservices.
ThemoduleprovidesanAPIforclientapplications.
Table5–CryptoOfficerServicesshowsthepublicmethodsthatarerunbytheCryptoOfficerrole.
Themethodnameisshowninthefirstcolumn("Service").
Itsfunctionisdescribedinthesecondcolumn("Description").
EachmethodexportedbythemoduleisanindividualCryptoOfficerservice.
Userservices(seeTable6–UserServices)arealsoavailabletotheCryptoOfficerrole.
Table6–UserServicesshowsthepublicmethodsthatarerunbytheUserrole.
SimilartoTable5–CryptoOfficerServices,themethodnameisshowninthefirstcolumn("Service").
Itsfunctionisdescribedinthesecondcolumn("Description").
EachmethodexportedbythemoduleisanindividualUserservice.
UserservicesarealsoavailabletotheCryptoOfficerrole.
TheCriticalSecurityParameters(CSPs)mentionedintherightmostcolumnscorrespondtotheoneslistedinTable7–ListofCryptographicKeys,CryptographicKeyComponents,andCSPs.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage15of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
Table5–CryptoOfficerServicesServiceDescriptionInputOutputCSPandTypeofAccessInstallationToinstallthemoduleCommandStatusNoneUninstallationTouninstallthemoduleCommandStatusAllCSPs–overwriteAuthCryptoApiTheAPI'sonlyconstructor.
TheinstanceoftheAPIwillbedefinedbytheparametersthatarepassedinCryptotype,hashtype,cryptomode,keysize,paddingschemeStatusNonegetInstanceThismethodisprovidedforsingletonuseoftheAPICryptotype,hashtype,cryptomode,keysize,paddingschemeStatus,theinstanceofAutghCryptoApiNoneprintByteArrayPrintsoutabytearrayinhexadecimalnotationTextstring,bytearrayStatus,theprintoutNoneprintByteArrayPrintsoutabytearrayinhexadecimalnotationBytearrayStatus,theprintoutNonehexStrToByteArrayConvertsahexadecimalstringintoabytearrayHexadecimalstringStatus,bytearrayNonecheckLicenseChecksthelicenseLicensestringfromapplication,clientinformationStatusNonegetStatusGetsinformationandconfigurationabouttheAPINoneStatus,APIobjectinformationandconfigurationNonesetSeedSetstheseed,date/time(DT)value,andTripleDESkeytorandomnumbers(generatedbythenon-ApprovedRNG)fortheANSIX9.
31RNGNoneStatusANSIX9.
31RNGseedforkeygenerationmethods–write,overwriteANSIX9.
31RNGDTvalueforkeygenerationmethods–write,overwriteANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–write,overwritesetSeedSetstheTripleDESkeytospecifiedvaluesfortheANSIX9.
31RNGTripleDESkeyStatusANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–write,overwriteSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage16of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
ServiceDescriptionInputOutputCSPandTypeofAccesssetSeedSetstheseed,DTvalue,andTripleDESkeytospecifiedvaluesfortheANSIX9.
31RNGSeed,TripleDESkey,DTvalueStatusANSIX9.
31RNGseedforkeygenerationmethods–write,overwriteANSIX9.
31RNGDTvalueforkeygenerationmethods–write,overwriteANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–write,overwritenextIntGeneratesarandomnumberNoneStatus,randomnumberANSIX9.
31RNGseedforkeygenerationmethods–readANSIX9.
31RNGDTvalueforkeygenerationmethods–readANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–readnextIntGeneratesarandomnumberbetweenzeroandthespecifiedintegerAninteger(rangeoftherandomnumber)Status,randomnumberANSIX9.
31RNGseedforkeygenerationmethods–readANSIX9.
31RNGDTvalueforkeygenerationmethods–readANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–readnextBytesGeneratesarandomnumberarrayPointertoabytearrayStatus,randomnumberarrayANSIX9.
31RNGseedforkeygenerationmethods–readANSIX9.
31RNGDTvalueforkeygenerationmethods–readANSIX9.
31RNGTripleDESkeyforkeygenerationmethods–readzeroizeZeroizesCSPsNoneStatusAllCSPsinHashMapandfilesystem–overwriteTable6–UserServicesServiceDescriptionInputOutputCSPandTypeofAccesssetNumberOfKeysSetsthemaximumnumberofkeysthatthekeygeneratorwillcreatebeforerestartingatzeroNumberofkeysStatusNonesetPersistenceSetsthewaythekeyswillbesavedforthekeygeneratorMode(saveinkeysinfilesystemormemory)StatusNonesetPathSetsthelocationthatthekeyswillbesavedtothefilesystemPathofthefilesystemStatusNoneSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage17of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
ServiceDescriptionInputOutputCSPandTypeofAccessgetSecretKeyCreatesandreturnsaJavasecretkey(javax.
crypto.
SecretKey)NoneStatus,asecretkey(javax.
crypto.
SecretKey)AESkeyorTripleDESkeyforcalleruse–write,readgetRawKeyCreatesandreturnsaJavasecretkey(bytearray)NoneStatus,asecretkey(bytearray)AESkeyorTripleDESkeyforcalleruse–write,readstartKeyGenStartsathreadthatwillperformkeygenerationandsavethekeys.
Keyswillbegeneratedevery60secondsNoneStatusTripleDESkeyforveilingandunveilingmethods–writestopKeyGenStopsthekeygenerationNoneStatusTripleDESkeyforveilingandunveilingmethods–overwritegetSecretKeyFromReposGetsakey(javax.
crypto.
SecretKey)fromtherepositorythatiscreatedbythestartKeyGenmethodcallIndextotherepositoryStatus,asecretkey(javax.
crypto.
SecretKey)TripleDESkeyforveilingandunveilingmethods–readgetRawKeyFromReposGetsakey(bytearray)fromtherepositorythatiscreatedbythestartKeyGenmethodcallIndextotherepositoryStatus,asecretkey(bytearray)TripleDESkeyforveilingandunveilingmethods–readsetSecretKeySetsthesecretkey(bytearray)tobeusedincryptooperationsSecretkeyStatusAESkeyorTripleDESkeyforencryptionanddecryptionmethods–write,overwritesetSecretKeySetsthesecretkey(javax.
crypto.
SecretKey)tobeusedincryptooperationsSecretkeyStatusAESkeyorTripleDESkeyforencryptionanddecryptionmethods–write,overwritesetIVSetstheinitializationvectorifcryptousesCBCmodeInitializationvectorStatusNoneupdateHashUpdatesthecurrentmessageforhashingBytearrayaddedtothemessageStatusNonehashValuePerformsthefinalhashingformessageBytearrayaddedtothemessagebeforethefinalhashingisdoneStatus,hashvalueNoneupdateEncryptedUpdatesthecurrentplaintextforencryptionBytearrayaddedtotheplaintexttobeencryptedStatusNoneSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage18of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
ServiceDescriptionInputOutputCSPandTypeofAccessencryptValuePerformsthefinalencryptionfortheplaintextBytearrayaddedtotheplaintextbeforethefinalencryptionisdoneStatus,ciphertextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readdecryptValueDecryptsciphertextPlaintextStatus,plaintextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readencryptValueEncryptsplaintextwithspecifiedsecretkey(javax.
crypto.
SecretKey)Plaintext,secretkey(javax.
crypto.
SecretKey)Status,ciphertextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readdecryptValueDecryptsciphertextwithspecifiedsecretkey(javax.
crypto.
SecretKey)Ciphertext,secretkey(javax.
crypto.
SecretKey)Status,plaintextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readencryptValueEncryptsplaintextwithspecifiedsecretkey(bytearray)Plaintext,secretkey(bytearray)Status,ciphertextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readdecryptValueDecryptsciphertextwithspecifiedsecretkey(bytearray)Ciphertext,secretkey(bytearray)Status,plaintextAESkeyorTripleDESkeyforencryptionanddecryptionmethods–readencodePerformsBase64encodingonbytesBytestobeencodedEncodedbytesNoneencodePerformsBase64encodingonstringsStringstobeencodedEncodedstringNonedecodePerformsBase64decodingonbytesBytestobedecodedDecodedbytesNonedecodePerformsBase64decodingonstringsStringstobedecodedDecodedstringNoneveilDataHidesbits,bytes,orbitsandbytesinalargerarrayMode(bit,byte,orbitandbyte),bytearraytobehidden,TripleDESkeyfortheANSIX9.
31RNGConversionarraywithhiddenbytearrayTripleDESkeyforveilingandunveilingmethods–write,readunveilDataExtractsthedatafromconversionarrayMode(bit,byte,orbitandbyte),conversionarray,TripleDESkeyfortheANSIX9.
31RNGOriginalbytearrayTripleDESkeyforveilingandunveilingmethods–write,readSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage19of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
3.
4PhysicalSecurityTheAuthernativeCryptographicModuleisamulti-chipstandalonemodule.
Thephysicalsecurityrequirementsdonotapplytothismodule,sinceitispurelyasoftwaremoduleanddoesnotimplementanyphysicalsecuritymechanisms.
3.
5OperationalEnvironmentThemodulewastestedandvalidatedongeneral-purposeMicrosoftWindowsXPwithServicePackage2withSunJRE1.
5.
ThemodulecanrunonanyJVMregardlessofOSandcomputerarchitecture.
TheminimumversionoftheJREsupportedbythemoduleis1.
5.
ThemodulemustbeconfiguredinsingleusermodeaspertheinstructionsprovidedinSection4.
1ofthisdocument.
RecommendedconfigurationchangesforthesupportedOScanalsobefoundinSection4.
1.
3.
6CryptographicKeyManagementThemoduleimplementsthefollowingFIPS-approvedalgorithmsintheApprovedmodeofoperation.
SHA-1,SHA-256,SHA-384,SHA-512(certificate#725).
SHAmeansSecureHashAlgorithm.
HMAC-SHA-1(certificate#375).
HMACmeansKeyed-HashMessageAuthenticationCode.
TripleDES:112and168bits,inECBandCBCmodes(certificate#629).
ECBandCBCmeanElectronicCodebookandCipherBlockChaining,respectively.
AES:128,192,and256bits,inECBandCBCmodes(certificate#697)ANSIX9.
31AppendixA.
2.
4RNGwith2-keyTripleDES(certificate#408)IntheApprovedmodeofoperation,themoduleusesanon-ApprovedRNGtoseedtheANSIX9.
31RNG.
Thisnon-ApprovedRNGistheSecureRandomclassprovidedbytheJREandisnotimplementedbythemoduleitself.
Thenon-ApprovedRNGisoutsidethecryptographicboundaryofthemoduleandisusedbythemoduleonlyforseedingtheANSIX9.
31RNG.
Inthenon-Approvedmodeofoperation,themodulesupportsMD5.
ThemodulesupportsthefollowingCSPsintheApprovedmodeofoperation:Table7–ListofCryptographicKeys,CryptographicKeyComponents,andCSPsKeyKeyTypeGeneration/InputOutputStorageZeroizationUseTripleDESkeyforcalleruseTripleDESsymmetrickeysGeneratedbyANSIX9.
31RNGInplaintext1.
Plaintextinvolatilememory;2.
PlaintextinfilesystemZeroizedwhenthezeroizemethodiscalledUseisatthediscretionofthecallerAESkeyforcalleruseAESsymmetrickeyGeneratedbyANSIX9.
31RNGInplaintext1.
Plaintextinvolatilememory;2.
PlaintextinfilesystemZeroizedwhenthezeroizemethodiscalledUseisatthediscretionofthecallerTripleDESkeyforencryptionanddecryptionmethodsTripleDESsymmetrickeysInputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedafterencryptionordecryptionisdoneEncryptplaintextordecryptciphertextAESkeyforencryptionanddecryptionmethodsAESsymmetrickeyInputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedafterencryptionordecryptionisdoneEncryptplaintextordecryptciphertextSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage20of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
KeyKeyTypeGeneration/InputOutputStorageZeroizationUseTripleDESkeyforveilingandunveilingmethodsTripleDESsymmetrickeysInputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedafterveilingorunveilingisdoneVeilorunveildataANSIX9.
31RNGDTvalueforkeygenerationmethodsDate/timevariable1.
Generatedinternallybyretrievingsystemdate/timevalue2.
InputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedwhennewDTvalueisgeneratedGeneratekeysANSIX9.
31RNGTripleDESkeyforkeygenerationmethodsTripleDESsymmetrickeys1.
Generatedusingthenon-ApprovedRNG2.
InputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedwhennewTripleDESkeyisgeneratedGeneratekeysANSIX9.
31RNGseedforkeygenerationmethodsSeed1.
Generatedusingthenon-ApprovedRNG2.
InputbycallerinplaintextNeverPlaintextinvolatilememoryZeroizedwhennewseedisgeneratedGeneratekeysSoftwareintegritytestkey512-bitHMAC-SHA-1keyHardcodedNeverPlaintextinnonvolatilememoryZeroizedwhenthemoduleisuninstalledUsedinsoftwareintegritytest3.
6.
1KeyGenerationThemoduleusesanANSIX9.
31RNGwith2-keyTripleDEStogeneratecryptographickeys.
ThisRNGisaFIPS-ApprovedRNGasspecifiedinAnnexCtoFIPS140-2.
3.
6.
2KeyInput/OutputSymmetrickeysareinputtoandoutputfromthemoduleinplaintext.
Themoduledoesnotuseasymmetric-keycryptography.
3.
6.
3KeyStorageandProtectionKeysandotherCSPsarestoredinvolatilememoryorfilesysteminplaintext.
Allkeydataresidesininternallyallocateddatastructuresandcanonlybeoutputusingthemodule'sdefinedAPI.
TheOSandJREprotectmemoryandprocessspacefromunauthorizedaccess.
3.
6.
4KeyZeroizationGenerallyspeaking,CSPsresidesininternaldatastructuresthatarecleanedupbyJVM'sgarbagecollector.
Javahandlesmemoryinunpredictablewaysthataretransparenttotheuser.
TheCryptoOfficermaymanuallyinvokethezeroizationofkeysstoredinHashMapandfilesystembycallingthezeroizemethod.
3.
7EMI/EMCAlthoughthemoduleconsistsentirelyofsoftware,theFIPS140-2platformisaserverthathasbeentestedforandmeetsapplicableFederalCommunicationsCommission(FCC)EMIandEMCrequirementsforbusinessuseasdefinedinSubpartBofFCCPart15.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage21of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
3.
8Self-TestsThepower-upself-testsaretriggeredbyinstantiationofanobjectoftheAuthCryptoApiclass.
TheAuthernativeCryptographicModuleperformsthefollowingpower-upself-tests:SoftwareintegritytestusingHMAC-SHA-1KnownAnswerTest(KAT)on2-keyTripleDESinECBmodeKATon128-bitAESinECBmodeKATsonSHA-1,SHA-256,SHA-384,andSHA-512KATonANSIX9.
31RNGThemoduleimplementsthefollowingconditionalself-tests.
ContinuoustestfortheANSIX9.
31RNGContinuoustestforthenon-ApprovedRNGIftheself-testsfail,anexceptionwillbethrownonthefailure.
Theapplicationisthenalertedthattheself-testsfailed,andthemodulewillnotloadandwillenteranerrorstate.
Whenintheerrorstate,executionofthemoduleishaltedanddataoutputfromthemoduleisinhibited.
3.
9MitigationofOtherAttacksThissectionisnotapplicable.
NoclaimismadethatthemodulemitigatesagainstanyattacksbeyondtheFIPS140-2level1requirementsforthisvalidation.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage22of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
4SecureOperationTheAuthernativeCryptographicModulemeetsLevel1requirementsforFIPS140-2.
ThesubsectionsbelowdescribehowtoplaceandkeepthemoduleintheApprovedmodeofoperation.
4.
1OperatingSystemConfigurationTheuserofthemoduleisasoftwareapplication.
FIPS140-2mandatesthatacryptographicmodulebelimitedtoasingleuseratatime.
AsingleinstantiationoftheAuthernativeCryptographicModuleshallonlybeaccessedbyoneclientapplication,whichistheUserofthisinstantiationoftheAuthernativeCryptographicModule.
Forenhancedsecurity,itisrecommendedthattheCryptoOfficerconfiguretheOStodisallowremotelogin.
ToconfigureWindowsXPtodisallowremotelogin,theCryptoOfficershouldensurethatallremoteguestaccountsaredisabledinordertoensurethatonlyonehumanoperatorcanlogintoWindowsXPatatime.
TheservicesthatneedtobeturnedoffforWindowsXPareFast-userswitching(irrelevantifserverisadomainmember)TerminalservicesRemoteregistryserviceSecondarylogonserviceTelnetserviceRemotedesktopandremoteassistanceserviceOnceWindowsXPhasbeenconfiguredtodisableremotelogin,theCryptoOfficercanusethesystem"Administrator"accounttoinstallsoftware,uninstallsoftware,andadministerthemodule.
ACMVPpublicdocument,FrequentlyAskedQuestionsfortheCryptographicModuleValidationProgram1,givesinstructionsinSection5.
3forconfiguringvariousUnix-basedoperatingsystemsforsingleusermode.
4.
2ApprovedModeConfigurationTheAuthernativeCryptographicModuleitselfisnotanend-userproduct.
Itisprovidedtotheend-usersaspartoftheapplication(e.
g.
,AuthGuard).
Themoduleisinstalledduringinstallationoftheapplication.
Theinstallationprocedureisdescribedintheinstallationmanualfortheapplication.
Inordertoaccessfunctionsofthemodule,theapplicationhastoexecutetheconstructorofclassAuthCryptoApibyinstantiatinganobjectofclassAuthCryptoApi.
TheconstructorofclassAuthCryptoApiis:publicAuthSecurityApi(intcrpytoType,inthashType,intcodeBook,intkeySize,intpadding)IfthevaluepassedintotheargumentinthashTypeisSHA(integervalue1,2,3,or4),thenthemoduleisoperatingintheApprovedmodeofoperation.
IfthevaluepassedintotheargumentinthashTypeisMD5(integervalue0),thenthemoduleisoperatinginthenon-Approvedmodeofoperation.
TheconstructorofclassAuthCryptoApiperformsallrequiredpower-upself-tests.
Ifallpower-upself-testsarepassed,thenaninternalflagwillbesettotrue.
Allotherpublicmethodsofthemodulecheckthisinternalflagandensureitistruebeforeperforminganyotherfunctions.
1Availableathttp://csrc.
nist.
gov/groups/STM/cmvp/documents/CMVPFAQ.
pdf.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage23of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
NoticethattheApprovedmodeconfigurationdescribedaboveistransparenttoanoperator.
Theconfigurationisperformedbytheclientapplication.
4.
3CSPZeroizationTheCryptoOfficershouldzeroizeCSPswhentheyarenolongerneeded.
SeeSection3.
6.
4ofthisdocumentfordetailsonCSPzeroization.
4.
4StatusMonitoringThemodule'scryptographicfunctionalityandsecurityservicesareprovidedviatheapplication.
Themoduleisnotmeanttobeusedwithoutanassociatedapplication.
End-userinstructionsandguidanceareprovidedintheusermanualandtechnicalsupportdocumentsoftheapplicationsoftware.
Althoughend-usersdonothaveprivilegestomodifyconfigurationsofthemodule,theyshouldmakesurethattheApprovedmodeofoperationisenforcedintheapplication,therebyensuringthatthepropercryptographicprotectionisprovided.
SecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage24of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
5AcronymsTable8–AcronymsAcronymDefinitionAESAdvancedEncryptionStandardANSIAmericanNationalStandardsInstituteAPIApplicationProgrammingInterfaceBBVUByte-Bit-Veil-UnveilBIOSBasicInput/OutputSystemBitVUBit-Veil-UnveilByteVUByte-Veil-UnveilCBCCipherBlockChainingCD-ROMCompactDiscRead-OnlyMemoryCMVPCryptographicModuleValidationProgramCPUCentralProcessingUnitCSPCriticalSecurityParameterDESDataEncryptionStandardDRKDataRandomKeyDTDate/TimeECBElectronicCodebookEMCElectromagneticCompatibilityEMIElectromagneticInterferenceFCCFederalCommunicationsCommissionFIPSFederalInformationProcessingStandardGPCGeneral-PurposeComputerGUIGraphicalUserInterfaceHDDHardDriveHMACKeyed-HashMessageAuthenticationCodeIDEIntegratedDriveElectronicsIEEEInstituteofElectricalandElectronicsEngineersI/OInput/OutputIRInfraredISAInstructionSetArchitectureJARJavaARchivalJREJavaRuntimeEnvironmentJVMJavaVirtualMachineKATKnownAnswerTestSecurityPolicy,version1.
1May9,2008AuthernativeCryptographicModulePage25of252008Authernative,Inc.
Thisdocumentmaybefreelyreproducedanddistributedwholeandintactincludingthiscopyrightnotice.
AcronymDefinitionMACMessageAuthenticationCodeN/ANotApplicableOSOperatingSystemPCIPeripheralComponentInterconnectRAMRandomAccessMemoryRNGRandomNumberGeneratorROMReadOnlyMemorySHASecureHashAlgorithmSRKSessionRandomKeyUARTUniversalAsynchronousReceiver/TransmitterUSBUniversalSerialBus
- settingsecondarylogon相关文档
- additionalsecondarylogon
- Logoffstatusmessagessecondarylogon
- POSIXsecondarylogon
- Levelsecondarylogon
- secondarylogon魔兽世界下载器不动Secondary Logon 在哪?
- secondarylogonSecondary Logon 等等是什么意思?
npidc:9元/月,cn2线路(不限流量)云服务器,金盾+天机+傲盾防御CC攻击,美国/香港/韩国
npidc全称No Problem Network Co.,Limited(冇問題(香港)科技有限公司,今年4月注册的)正在搞云服务器和独立服务器促销,数据中心有香港、美国、韩国,走CN2+BGP线路无视高峰堵塞,而且不限制流量,支持自定义内存、CPU、硬盘、带宽等,采用金盾+天机+傲盾防御系统拦截CC攻击,非常适合建站等用途。活动链接:https://www.npidc.com/act.html...
atcloud:480G超高防御VPS低至$4/月,美国/新加坡等6机房,512m内存/1核/500g硬盘/不限流量
atcloud主要提供常规cloud(VPS)和storage(大硬盘存储)系列VPS,其数据中心分布在美国(俄勒冈、弗吉尼亚)、加拿大、英国、法国、德国、新加坡,所有VPS默认提供480Gbps的超高DDoS防御+不限流量,杜绝DDoS攻击骚扰,比较适合海外建站等相关业务。ATCLOUD.NET是一家成立于2020年的海外主机商,主要提供KVM架构的VPS产品、LXC容器化产品、权威DNS智能解...
[黑五]ProfitServer新加坡/德国/荷兰/西班牙VPS五折,不限流量KVM月付2.88美元起
ProfitServer已开启了黑色星期五的促销活动,一直到本月底,商家新加坡、荷兰、德国和西班牙机房VPS直接5折,无码直购最低每月2.88美元起,不限制流量,提供IPv4+IPv6。这是一家始于2003年的俄罗斯主机商,提供虚拟主机、VPS、独立服务器、SSL证书、域名等产品,可选数据中心包括俄罗斯、法国、荷兰、美国、新加坡、拉脱维亚、捷克、保加利亚等多个国家和地区。我们随便以一个数据中心为例...
secondarylogon为你推荐
-
popmundofuck是什么意思google地球打不开谷歌地球现在为什么打不开了网络明星网络明星是怎样成名的呢?如何又是网络明星呢?!!bbsxp怎么用 CUTEFTP上传BBSXP到FTP服务器博客外链请问怎么利用博客做外链呢简体翻译成繁体帮忙把繁体翻译成简体ps抠图技巧ps中怎么抠图?唱吧电脑版官方下载电脑怎么安装唱吧,要能用的,请教教程,谢谢怎么点亮qq空间图标QQ空间图标怎么点亮?mate8价格现在买华为mate8高配划算吗