FIPS 140-2 Non–Proprietary Security Policy
HiPKI SafGuard 1000 HSM
Hardware version HSM-HW-10 Firmware version HSM-SW-T8051.10
FIPS 140-2 Non?Proprietary Security Policy
Level 3 Validation
Version 1.3
October 8th, 2008
? Copyright 2008 Chunghwa Telecom Co., Ltd. Telecommunication Laboratories This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Version Control Table
Version 1.0 1.1 1.2 1.3
Date May 1, 2008 June 27, 2008 Sept 29, 2008 Oct. 8, 2008
Reason for Change Draft Submission to Lab Edits from Lab Comments Edits from Lab Comments
Name Change
Author Chunghwa Telecom Chunghwa Telecom Chunghwa Telecom Chunghwa Telecom
Chunghwa Telecom Co., Ltd. Telecommunication Laboratories
HiPKI SafGuard 1000 HSM
Non-Proprietary
i
Table of Contents
Version Control Table............................................................................................................ i Table of Contents ................................................................................................................. ii Introduction.................................................................................................................................... 1 Purpose...................................................................................................................................... 1 References ................................................................................................................................ 1 2.0 HiPKI SafGuard 1000 HSM ................................................................................................. 1 Algorithm.................................................................................................................................... 2 Modes Used .............................................................................................................................. 2 2.1 Module Ports and Interfaces............................................................................................ 4 Physical Interface ................................................................................................................. 5 2.2 Roles and Services ........................................................................................................... 5 2.3 Finite State Model.............................................................................................................. 7 2.4 Physical Security ............................................................................................................... 8 2.5 Cryptographic Key Management .................................................................................... 8 Master Key ............................................................................................................................ 8 Session Key .......................................................................................................................... 9 Manufacturing Key ............................................................................................................... 9 Module Key ........................................................................................................................... 9 Security Officer's Public Key .............................................................................................. 9 2.6 EMI/EMC............................................................................................................................. 9 2.7 Self-Tests ............................................................................................................................ 9 2.8 Design Assurance ........................................................................................................... 10 2.9 Approved Mode of Operation ........................................................................................ 11
Chunghwa Telecom Co., Ltd. Telecommunication Laboratories
HiPKI SafGuard 1000 HSM
Non-Proprietary
ii
1. Introduction
Purpose
This is a non-proprietary security policy for the Chunghwa Telecom Co., Ltd. Telecommunication Laboratories HiPKI SafGuard 1000 HSM (hardware version HSM-HW-10 and firmware version HSM-SW-T8051.10). Chunghwa Telecom Co., Ltd Telecommunication Laboratories is a Division of Chunghwa Telecom Co., Ltd. It describes how the HiPKI SafGuard 1000 meets the requirements for a FIPS 140-2 level 3 revalidation as specified in the FIPS 140-2 standard. This Security Policy is part of the evidence documentation package to be submitted to the validation lab.
FIPS 140-2 (Federal Information Processing Standards Publication 140-2) specifies the security requirements for a cryptographic module protecting sensitive information. Based on four security levels for cryptographic modules this standard identifies requirements in eleven sections. For more information about the standard visit
References
This Security Policy describes how this module complies with the eleven sections of the standard. For more information on the FIPS 140-2 standard and validation program please refer to the NIST website at
For more information about Chunghwa Telecom Co., Ltd. Telecommunication Laboratories please visit
2. HiPKI SafGuard 1000 HSM
The Chunghwa Telecom Co., Ltd. Telecommunication Laboratories HiPKI SafGuard 1000 HSM is a hardware security module used in a PKI system. The hardware security module (HSM) provides rapid cryptographic functionality to the operators of the system. Crypto Officers1 (COs) and Users are authenticated using a smart card and password. The smart card reader is located within the boundary of the module. The boundary of the HiPKI SafGuard 1000 HSM is the physical hardware box itself. All cryptographic module components are included inside this boundary.
1 The documentation uses Security Officer and Crypto Officer interchangeably to discuss the Crypto Officer role.
Chunghwa Telecom Co., Ltd. Telecommunication Laboratories
HiPKI SafGuard 1000 HSM
Non-Proprietary
1
The Approved cryptographic functions supported are as follows:
Algorithm RSA
SHA-1,SHA-224,SHA256,SHA-384,SHA512 Triple DES, 3-key
Modes Used ALG[ANSIX9.31]; Key(gen)(MOD: 1024 , 2048 , PubKey Values: 3 , 17 ,
65537 ) ALG[RSASSAPKCS1_V1_5];
SIG(gen); SIG(ver); 1024 , 2048 , SHS: SHA-1 , SHA224 , SHA-256 , SHA-384 ,
SHA-512 Byte - Oriented
ECB and CBC
Certificate Number #362
#770 #668
Triple DES MAC AES
128-bit,192-bit and 256-bit RNG
ECB and CBC
ANSI X9.31 Appendix A.2.4 Using the AES Algorithms
#668 vendor affirmed #763
#439
Chunghwa Telecom Co., Ltd. Telecommunication Laboratories
HiPKI SafGuard 1000 HSM
Non-Proprietary
2
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- mac address filtering setup
- positive psychology and the humanistic tradition
- fips 140 2 non proprietary security policy
- i 765 application for employment authorization uscis
- thermo scientific ramsey micro tech 9101
- programming linux to qspi emmc on the smart vision avnet
- monitoring ethernet traffic with tolomatic acs managed
- powerflex 753 and powerflex 755 pre rockwell automation
- lab 1 familiarity with virtualbox and pcap tools
- 4ge 2pots wifi epon onu user manual tp link
Related searches
- sample policy and procedure manual non profit
- proprietary and budgetary accounts
- fips 199 800 60
- fips 199
- application security policy examples
- free non profit policy templates
- proprietary vs budgetary accounting
- fips 199 sp 800 60
- fips 199 security categorization worksheet
- non profit investment policy template
- website security policy examples
- grievance policy for non profit