All modules
CMVP Validated Module · FIPS 140-3 Security Policy

JCOP 4.5 on P71D600

Certificate#4679StandardFIPS 140-3Level3TypeHardwareEmbodimentSingle ChipStatusActiveVendorNXP Semiconductors, Inc.
High review priority  ·  no TCB surface named  ·  last validated 28 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level3
Module typeHardware
EmbodimentSingle Chip
StatusActive
Sunset date3/10/2029
CaveatWhen installed, initialized and configured as specified in Section 11 of the Security Policy.
VendorNXP Semiconductors, Inc.

Approved Algorithms (34)

AlgorithmACVP Cert
AES-CBCA2713
AES-CCMA2713
AES-CMACA2713
AES-CTRA2713
AES-ECBA2713
AES-GCMA2714
AES-GMACA2714
AES-KWA2714
Counter DRBGA2713
ECDSA KeyGen (FIPS186-4)A2713
ECDSA SigGen (FIPS186-4)A2713
ECDSA SigVer (FIPS186-4)A2713
HMAC-SHA-1A2713
HMAC-SHA2-256A2713
HMAC-SHA2-384A2713
HMAC-SHA2-512A2713
KAS-ECC-SSC Sp800-56Ar3A2713
KDA HKDF Sp800-56Cr1A2713
KDA OneStep Sp800-56Cr1A2714
KDA OneStep Sp800-56Cr1A2715
KDF SP800-108A2713
KDF SP800-108A2713
KDF TLSA2714
PBKDFA2714
RSA Decryption PrimitiveA2713
RSA KeyGen (FIPS186-4)A2713
RSA SigGen (FIPS186-4)A2713
RSA Signature PrimitiveA2713
RSA SigVer (FIPS186-4)A2713
SHA-1A2713
SHA2-224A2713
SHA2-256A2713
SHA2-384A2713
SHA2-512A2713

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for JCOP 4.5 on P71D600
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Update</i>"]
    C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Status output<br/>Show status</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>HTTPS<br/>no library/version identified</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
    I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C2,C3,C5,C6 clue;
  class I2,I3,I5,I6 infer;
  class R2,R3,R5,R6 risk;
  class E2,E3,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for JCOP 4.5 on P71D600
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Update</i><br/>src: text:keyword"]
    C3["[low] Self-test / status surface (referenced in text)<br/><i>Status output<br/>Show status</i><br/>src: text:keyword"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>HTTPS<br/>no library/version identified</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C2,C3,C5,C6 clueLow;

Security Policy, page by page

Page 1

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 JCOP 4.5 on P71D600 Document Version: 1.6 Date: 20 March 2025 Public Material

Page 2

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 Revision History: Version Date Changes

1.0 July 18, 2022 Full Release, added CAVP Cert. # to Table 3

1.1 June 14, 2023 Update after first round NIST comments
1.2 June 23, 2023 Update chapter 10
1.3 August 17, 2023 Update after CMVP comments
1.4 November 24, 2023 Update after CMVP comments
1.5 December 24, 2023 Update after CMVP comments

1.6 March 20, 2025 Minor updates to Section 2 to remove vendor affirmation claims based

on CMVP comments Public Material

Page 3

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 Contents List of Figures List of Table Public Material

Page 4

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 Public Material

Page 5

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600

1 General

Introduction Federal Information Processing Standards Publication 140-3

Page 6

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 The following table lists the level of validation for each area in FIPS 140-3: ISO/IEC 24759 Section 6 FIPS 140-3 Section Title Security Level [Number Below]

1 General 3

2 Cryptographic Module Specification 3

3 Cryptographic Module Interfaces 3

4 Roles, Services, and Authentication 3

5 Software/Firmware Security 3

6 Operational Environment N/A

7 Physical Security 4

8 Non-Invasive Security 3

9 Sensitive Security Parameter Management 3

10 Self-Tests 3

11 Life-Cycle Assurance 3

12 Mitigation of Other Attacks 3

Table 1

Page 7

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600

2 Cryptographic Module Specification

The module, validated to FIPS 140-3 overall Level 3, is a hardware module with single chip embodiment named JCOP 4.5 on P71D600 implementing the GlobalPlatform operational environment (Card Manager (ISD/SSD)) and the applications:

Page 8

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 The module is validated at an Overall Security Level 3 with Physical Security at Level 4 and all other areas at Level 3. The Operational Environment requirements do not apply to the module given that it meets Physical Security Level 4 requirements. Cryptographic Boundary The module is designed to be used as a part of a larger system. It works as an auxiliary security device attached to a host controller. The physical form of the module is depicted in Figures 1 and 2 (to scale); the outline depicts the cryptographic boundary, representing the surface of the chip and the bond pads. The red outline in Figure 3 also depicts the cryptographic boundary. In production use, the module is delivered to either vendors or end user customers either on film frame carrier (FFC) or various packages such as PDM1.1, NXD6.2, MOB6/10 or HVQFN20 package. The package is outside the cryptographic boundary and thus excluded from the FIPS 140-3/ISO/IEC 19790 security testing. The contactless ports of the module require connection to an antenna. The module relies on [ISO 7816] and [ISO 14443] card readers as input/output devices, or a [NXP I2C] connection to a host controller. No components have been excluded from within the cryptographic boundary. Approved Mode of Operation The module only supports an Approved mode of operation. The NXP SEMS Lite applet can support the NIST P-

256 curve or the vendor Approved and NIST allowed Brainpool256r1 elliptic curve to perform the ECDSA or

KASECC operations. In the Approved mode of operation, the NXP SEMS Lite applet supports the Brainpool256r1 elliptic curve by default. The CO role may use SEMS Lite Module Management service to load NIST P-256 curve parameters. The P71D600 GlobalPlatform operational environment component can be identified by using the IDENTIFY APDU command (Info service). This command returns the card identification data, which includes a Platform ID, a Patch ID and other information that allows the identification of the content in ROM, NVM and loaded patches. The Platform ID is a data string that allows the identification of the P71D600 Card Manager component. The IDENTIFY APDU command is formatted as follows: Code Value Parameter settings CLA ‘80’ GlobalPlatform INS ‘CA’ GET DATA (IDENTIFY) - ISD P1 ‘00’ High order tag value P2 ‘FE’ Low order tag value - proprietary data Lc ‘02’ Length of data field Data ‘DF28’ Module identification data Public Material

Page 9

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 Le ‘00’ Length of response data The command answers the content of the DF28 file: • Tag 02 identifies the Patch ID (see Table 2) • Tag 03 identifies the Platform Build ID which is made up of the Platform ID (16 Bytes, see Table 2) and the platform build fingerprint (8 Bytes) • Tag 08 identified the ROM ID (see Table

  1. To verify that the GlobalPlatform operational environment runs in the Approved mode of operation, use the IDENTIFY APDU (as described above). The DF28 file tag ‘05’ contains the status of the Approved mode compliancy, where ‘00’ identifies Approved mode not active and ‘01’ - Approved mode active. Both NXP IoT applet and NXP SEMS Lite applet of the module are configured to always run in an Approved mode of operation. The personalized product shall have: • NXP IoT applet v7.2.22 identification: o Package ID: A00000039654530000000103000200H o Applet ID: A0000003965453000000010300000000H o Instance ID: A0000003965453000000010300000000H • NXP SEMS Lite applet v2.0.2.11 identification: o Package ID: A00000039654530000000103300000H o Applet ID: A0000003965453000000010330000000H o Instance ID: A0000003965453000000010330000000H The operator can verify that NXP IoT applet v7.2.22 is in an Approved mode of operation by sending the two (2) following commands to the module:
  2. The SELECT APDU command (Context service) will be called with the following parameters: CLA = 00, INS = A4, P1 = 04, P2 = 00, Lc = 10, Incoming Data = A0000003965453000000010300000000, and Le =
  3. The module shall answer 07021626F2FFFF followed by status code 9000. The response includes the BCD encoded applet version (070216) and the supported applet feature bitmap (26F2). This encoded applet version (070216) corresponds to the decimal version v7.2.22 of the IoT Applet as specified in Table 2 in this document and the module certificate. It is not possible in any way to modify the applet version or the supported features bitmap after the device leaves the factory.
  4. The GetVersion APDU command (IoT Applet Management service) shall be called to get the extended feature bitmap. This command is 80040021 and shall return 26F20000011D81C1E101000E0000000F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F to be in Approved mode of operation. Public Material – May be reproduced only in its original entirety (without revision).
Page 10

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 The operator can verify that NXP SEMS Lite applet v2.0.2.11 is an Approved mode of operation by sending the three (3) following commands to the module:

  1. The SELECT APDU command (SEMS Lite General service) shall be called with the following parameters: CLA = 00, INS = A4, P1 = 04, P2 = 00, Lc = 10, Incoming Data = A0000003965453000000010330000000, and Le =
  2. Return code shall be 90 00 (OK)
  3. The GET DATA APDU command (SEMS Lite General service) shall be called with the following parameters: CLA = 80, INS = CA, P1 = 00, P2 = DE, and Le = 00.The command shall return DE04020002119000 with 02000211 indicating the NXP SEMS Lite applet version. This encoded applet version (02000211) corresponds to the decimal version v2.0.2.11 of the IoT Applet as specified in Table
2 in this document and the module certificate.
  1. The GET DATA APDU command (SEMS Lite General service) shall be called with the following parameters: CLA = 80, INS = CA, P1 = 00, P2 = C6, and Le =
  2. The command shall return C601019000 with C60101 indicating the NXP SEMS Lite applet is configured in Approved mode of operation. The module does not support a degraded operation. Public Material – May be reproduced only in its original entirety (without revision).
Page 11

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 Cryptographic Algorithms The module implements the following Approved cryptographic algorithms. CAVP Cert Algorithm and Mode/ Method Description/ Use/Function Standard Key Size(s)/ Key Strength(s) AES-128, AES192, AES-256 with A2713 AES-CBC AES-CBC 128, 192, 256-bit Data Encryption/ Decryption key strength AES-128, AES192, AES-256 with Authentication Encryption with A2713 AES-CCM AES-CCM 128, 192, 256-bit AES CTR mode and CBC-MAC key strength AES-128, AES-192, Message Authentication; AES-256 with 128, A2713 AES-CMAC AES-CMAC generation and verification 192, 256-bit key SP800-108 KDF Strength AES-128, AES-192, AES-256 with 128, A2713 AES-CTR AES-CTR Data Encryption/ Decryption 192, 256-bit key Strength AES-128, AES-192, AES-256 with 128, A2713 AES-ECB AES-ECB Data Encryption/ Decryption 192, 256-bit key strength AES-256 with 256- Deterministic Random Bit A2713 Counter DRBG Counter DRBG bit security Generation AES-256: RSA and strength ECDSA key generation P-224, P-256, P-384, ECDSA KeyGen ECDSA KeyGen P-521 with 112, 128, A2713 ECC Key Generation (FIPS186-4) (FIPS186-4) 192 and 256-bit key strength Public Material

Page 12

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 CAVP Cert Algorithm and Mode/ Method Description/ Use/Function Standard Key Size(s)/ Key Strength(s) P-224: (SHA2-224, SHA2-256, SHA2384, SHA2-512), P256: (SHA2-256, SHA2384, SHA2ECDSA SigGen (FIPS186- ECDSA SigGen Digital Signature A2713 512), P4) (FIPS186-4) 384: (SHA2-384, Generation SHA2-512), P-521: (SHA2-512) with 112, 128, 192 and 256bit key strength P-224: (SHA2-224, SHA2-256, SHA2384, SHA2-512), P256: (SHA2-256, SHA2384, SHA2ECDSA SigVer (FIPS186- ECDSA SigVer Digital Signature A2713 512), P4) (FIPS186-4) 384: (SHA2-384, Verification SHA2-512), P-521: (SHA2-512) with 112, 128, 192 and 256bit key strength HMAC-SHA-1 with Message A2713 HMAC-SHA-1 HMAC-SHA-1 128-bit key strength Authentication HMAC-SHA2- HMAC-SHA-256 Message A2713 HMAC-SHA2-256 256 with 256-bit key Authentication strength HMAC-SHA2- HMAC-SHA-384 Message A2713 HMAC-SHA2-384 384 with 256-bit key Authentication strength HMAC-SHA2- HMAC-SHA-512 Message A2713 HMAC-SHA2-512 512 with 256-bit key Authentication strength Public Material

Page 13

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 CAVP Cert Algorithm and Mode/ Method Description/ Use/Function Standard Key Size(s)/ Key Strength(s) ECKey session shared secret OnePass EC computation; SEMS Lite shared Diffie-Hellman secret computation (with KAS-ECC-SSC Sp800- P-256 with 128-bit A2713 FIPS 140-3 IG Brainpool256r1 curves); The 56Ar3 key strength D.F Scenario 2 module obtains assurances per Path 2 Section 5.6.2 in NIST SP80056Ar3 self-tests HMAC-SHA1, HMAC-SHA2-256, Two-step key HMACHKDF Operations

192 and 256-bit key existing keys

strength HMAC-SHA1, HMAC-SHA2-256, HMACHKDF Operations A2713 KDF SP800-108 Feedback SHA2-384, HMACexpand only SHA2-512 with 128 and 256-bit key strength RSA Decryption RSA Decryption n=2048 with 112-bit Decryption Primitive (standard A2713 Primitive Primitive decryption strength and CRT) n=2048, 3072, 4096 RSA KeyGen Key Generation (standard and A2713 RSA KeyGen (FIPS186-4) with 112 and 128-bit (FIPS186-4) CRT) key strength n=2048, 3072, 4096 with PKCS v1.5 and RSA SigGen PKCSPSS and SHA2A2713 RSA SigGen (FIPS186-4) Signature Generation (FIPS186-4) (224, 256, 384, 512) with 112, 128 and

152 bit key strength

Public Material

Page 14

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 CAVP Cert Algorithm and Mode/ Method Description/ Use/Function Standard Key Size(s)/ Key Strength(s) n=2048, 3072, 4096 with PKCS v1.5 and PKCSPSS and SHA-1 , RSA SigVer A2713 RSA SigVer (FIPS186-4) SHA2-(224, 256, Signature Verification (FIPS186-4) 384, 512) with 112,

128 and 152 bit key

strength RSA Signature n=2048 with 112-bit Signature Primitive (standard A2713 RSA Signature Primitive Primitive security strength andCRT) Message Digest SHA-1 with 128-bit Generation, SEMS A2713 SHA-1 SHA-1 security strength Lite command integrity Message Digest SHA2-224 with Generation, SEMS A2713 SHA2-224 SHA2-224 112bit or 192-bit Lite command security strength integrity Message Digest SHA2-256 with 128 Generation, SEMS A2713 SHA2-256 SHA2-256 or 256-bit security Lite command strength integrity Message Digest SHA2-384 with 192 Generation, SEMS A2713 SHA2-384 SHA2-384 or 256-bit security Lite command strength integrity Message Digest SHA2-512 with 256Generation, SEMS A2713 SHA2-512 SHA2-512 bit security Lite command strength integrity AES-128, AES-192, Authentication Encryption with AES-256 with 128, Associated Data MAC A2714 AES-GCM AES-GCM 192, 256-bit key calculation, MAC strength verification AES-128, AES-192, Authentication Encryption with AES-256 with 128, Associated Data MAC A2714 AES-GMAC AES-GMAC 192, 256-bit key calculation, MAC strength verification Public Material

Page 15

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 CAVP Cert Algorithm and Mode/ Method Description/ Use/Function Standard Key Size(s)/ Key Strength(s) AES-128, AES-192, AES-256 with 128, A2714 AES-KW AES-KW Key Wrapping (Decryption) 192, 256-bit key strength KDA OneStep KDA OneStep Sp800- SHA-256 with 256- EcKey Session Key A2714 Sp800-56Cr1 56Cr1 bit key strength Derivation option 1 HMAC-SHA2-256, TLS version 1.2 HMAC-SHA2-384, Key Derivation Function used in A2714 KDF TLS Key Derivation HMAC-SHA2-512 with TLS 1.2 SP800-135r1 256-bit key strength Password-based Key Derivation; PBKDF2 Option HMAC-SHA-1 with This algorithm is provided as a A2714 PBKDF 1a acc. [SP800128-bit key strength service for module hosting the 132r2] Module KDA OneStep KDA OneStep Sp800- SHA-256 with 256-bit SEMS Lite shared A2715 Sp800-56Cr1 56Cr1 key strength master key derivation option 1 Section 4: Symmetric keys and seeds used for generating the asymmetric keys are generated using methods described in Section 4 of SP800- 133r2 Section 5.1: Key Pairs for Digital Signature Schemes Key Generation is based on Vendor Affirmed CKG SP800-133r2 Section 6.2.1: Symmetric Keys unmodified output of the DRBG Generated Using Key-Agreement cert. #A2713 Schemes Section 6.2.2: Symmetric Keys Derived from a Pre-existing Key Section 6.4: Distributing the Generated Symmetric Key KAS-ECC-SSC Sp80056Ar3/A2713 SP 800-56Arev3 KDA HKDF KAS-ECC per P-256 curve providing KAS (KAS-ECC-SSC Sp 800-56Ar3 Sp800- KAS-1 IG D.F 128 bits of encryption with KDA (HKDF)) 56Cr1/A2713 Scenario 2 path strength (2) Public Material

Page 16

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 CAVP Cert Algorithm and Mode/ Method Description/ Use/Function Standard Key Size(s)/ Key Strength(s) KAS-ECC-SSC Sp80056Ar3/A2713 SP 800-56Arev3 P-256 curve providing KDA OneStep KAS-ECC per IG KAS (KAS-ECC-SSC Sp 800-56Ar3 KAS-2 128 bits of encryption Sp80056Cr1/A2714 D.F Scenario 2 with KDA (OneStep KDF)) strength path (2) KAS-ECC-SSC Sp80056Ar3/A2713 SP 80056Arev3. P-256 curve providing KDA OneStep KASECC per IG KAS (KAS-ECC-SSC Sp 800-56Ar3 KAS-3 128 bits of encryption Sp80056Cr1/A2715 D.F Scenario 2 with KDA (OneStep KDF)) strength path (2) AES-128, AES-192, SP 800-38D and SP AES-256 with 128, 800-38F KTS (key AES-CBC/A2713 AES CBC / AES KTS-1 192, 256-bit key wrapping) per IG D.G AES-CMAC/A2713 CMAC strength AES-128, AES-192, AES-256 with 128, AES-KW/#A2714 KTS-2 KW SP 800-38F KTS (key 192, 256-bit key wrapping) per IG D.G strength Table 3

192 and 256 bits]

Public Material

Page 17

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 EC Diffie-Hellman Provides between 112 and 256 bits of encryption Shared secret computation using non-NIST curves with non-NIST strength [Brainpool224r1, Brainpool256r1, Brainpool320r, recommended Per IGs D.F and C.A Brainpool384r1, Brainpool512r1, Secp224k1, curves Secp256k1 with strengths ]112, 128, 192 and 256 bits] Table 4

Page 18

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 Figure 1

Page 19

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 Figure 3

Page 20

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 Overall Security Design and Rules of Operation PBKDF Operation details

112 bits. The probability that a random attempt will end up with the same output is:

Page 21

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600

3 Cryptographic Module Interfaces

Physical Port Logical Interface Data that Passes over Port/Interface VSS, VDD Power interface These interfaces are used to supply power to the module in contact mode; The module starts when interface is powered VIN, VOUT Power interface These interfaces are used to supply power to the module in contact, contactless and I2C mode in case deep power-down mode is used RST_N Control input interface If a signal is sent on this interface on contact mode, the module will reboot (active low) CLK Control input interface The interface is used by an external device (ex: smartcard reader) to provide a clock signal to the IC in contact mode; The IC will derive its own clock from this signal IO1 Control input interface, Data The interface is used to communicate with an external entity (ex: input interface, Data output SmartCard reader) in contact mode; It also functions as I2C master interface, Status output interface SDA in I2C mode IO2 Control input interface, Data The interface is used to communicate with an external entity (ex: input interface, Data output SmartCard reader) in contact mode; It also functions as I2C master interface, Status output interface SCL in I2C mode or as SPI interface LA, LB Power interface, Control input The interface is used to communicate with an external entity (ex: interface, Data input interface, smartcard reader) in contactless mode; This interface is also used to Data output interface, Status set the internal clock and to supply power to the module output interface SDA Control input interface, Data The interface is used to communicate with an external entity such as input interface, Data output a host controller interface, Status output interface SCL Control input interface The interface is used by an external device (ex: host controller) to provide a clock signal to the I2C HW Table 5

Page 22

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600

4 Roles, Services and Authentication

The module supports the following roles:

Page 23

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 CO IoT Applet APDU(s) used: Authentication data to Status Word Management SetLockState, open an applet session (Response APDU SetPlatformSCPRequest, 9000) DeleteAll, SetAppletFeatures, ImportExternalObject Role Service Input Output User, CO Module Usage APDU(s) used: Command parameters Requested (Perform Self- DisableSecureObjectCreation, (e.g. required length for information; Tests and Show SendCardManagerCommand, GetRandom, memory Status Word module’s TriggerSelfTest, type for (Response APDU versioning I2CM_ExecuteCommandSet, GetFreeMemory, etc.) 9000) information) GetVersion, GetTimestamp, GetFreeMemory, GetRandom, ReadState User, CO Session APDU(s) used: Session creation C-APDU; Status Word Management CreateSession, authentication data to (Response APDU VerifySessionUserID, open the applet session 9000) SCPInitializeUpdate, SCPExternalAuthenticate, ECKeySessionInternalAuthenticate, ECKeySessionGetECKAPublicKey, ExchangeSessionData, ProcessSessionCmd, RefreshSession, CloseSession User, CO Secure Object APDU(s) used: Object identifier; Secure Status Word Write WriteECKey/WriteRSAKey, Object characteristics (Response APDU Functionality WriteSymmKey, (transient/persistent; 9000) WriteBinary, Authentication rights or WriteUserID, not; etc.); (optionally) WriteCounter, WritePCR, Secure Object value; ImportObject (optionally) Secure Object non-default policy (optionally) Secure Object version Public Material

Page 24

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 User, CO Secure Object APDU(s) used: ReadObject, Object identifier Secure Object value (if Read ReadAttributes, non-secret) Functionality ExportObject (optionally) Secure Object attributes Status Word (Response APDU 9000) User, CO Secure Object APDU(s) used: Object identifier Secure Object Management ReadType, ReadSize, characteristics (type, ReadIDList, size, exists, etc.) or CheckObjectExists, listing of Secure DeleteSecureObject Objects Status Word (Response APDU 9000) User, CO EC Curve APDU(s) used: Curve Identifier; Status Word Management CreateECCurve, (optionally) curve (Response APDU (Perform SetECCurveParam, parameters 9000) approved GetECCurveID, Secure Object identifier Curve set indicators security ReadECCurveList, (for GetECCurveID) (for ReadECCurveList) functions) DeleteECCurve Curve identifier (for GetECCurveID) User, CO Crypto Object APDU(s) used: Crypto object identifier; Status Word Management CreateCryptoObject, (optionally) Crypto (Response APDU ReadCryptoObjectList, Object characteristics 9000) DeleteCryptoObject List of Crypto Object identifiers (for ReadCyptoObjectList) User, CO EC Crypto APDU(s) used: Secure Object identifier; Output data Operations ECDSASign, Input data (signature, result of (Perform ECDSAVerify (message/signature/exte verification, shared approved rnal public key) secret) security Status Word functions) (Response APDU 9000) User, CO RSA Crypto APDU(s) used: Secure Object identifier; Output data Operations RSASign, Input data (signature, result of (Perform RSAVerify, (message/signature) verification, encrypted approved RSAEncrypt, or decrypted data) security RSADecrypt Status Word functions) (Response APDU 9000) Public Material

Page 25

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 User, CO Symmetric APDU(s) used: Secure Object identifier Output data Cipher Crypto CipherInit, or Crypto Object (encrypted or Operations CipherUpdate, identifier decrypted message) (Perform CipherFinal, Input data (message) Status Word approved CipherOneShot (Response APDU security 9000) functions) User, CO Authenticated APDU(s) used: Secure Object identifier Output data Encryption AEADInit, or Crypto Object (encrypted or Crypto AEADUpdate, identifier decrypted message, Operations AEADFinal, Input data (message, tag or result of tag (Perform AEADOneShot AAD, tag, etc.) verification) approved Status Word security (Response APDU functions) 9000) User, CO MAC Calculation APDU(s) used: Secure Object identifier Output data (MAC or Crypto MACInit, or Crypto Object result of MAC Operations MACUpdate, identifier verification) (Perform MACFinal, Input data (message, Status Word approved MACOneShot MAC (for verification)) (Response APDU security 9000) functions) User, CO HKDF operations APDU(s) used: Secure Object identifier Output data (derived (Perform HKDFExtractAndExpand, HKDF input parameters data) if not stored approved HKDFExpandOnly (digest type, message, onchip security requested length, salt, Status Word functions) output object, etc.) (Response APDU 9000) User, CO PBKDF Operation APDU(s) used: Secure Object identifier Output data (derived (Perform PBKDF2DeriveKey PBKDF2 input data (salt, data) approved iteration count, Status Word security requested length) (Response APDU functions) 9000) User, CO TLS KDF APDU(s) used: Secure Object Output data Functions TLSGenerateRandom, identifier(s) Status Word (Perform TLSCalculatePremasterSecret, TLS KDF input data (Response APDU approved TLSPerformPRF (digest type, label, 9000) security random, requested functions) length) Public Material

Page 26

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 User, CO Secure Hash APDU(s) used: Digest mode or Crypto Output data (hashed Crypto DigestInit, Object identifier message) Operations DigestUpdate, Input data (message) Status Word (Perform DigestFinal, (Response APDU approved DigestOneShot 9000) security functions) SEMS Lite Applet Services Role Service Input Output User, SEMS Lite APDU(s) used: Authentication Allow or reject SEMS CO Authentication PROCESS, information or Lite Manage Content SCRIPT, SEMS Secure channel service or COMMAND SEMS Lite Root Key Update or Error code User, SEMS Lite APDU(s) used: Content management Implicit indication via CO Manage Content SEMS_SELECT, commands wrapped in the successful SEMS_APDU, SEMS Secure channel completion of service SEMS_BEGIN_PERSO, SEMS_END_PERSO, SEMS_INSTALL_FOR_LOAD, SEMS_LOAD, SEMS_INSTALL_FOR_INSTALL, SEMS_DELETE, SEMS_BINDING_SE, BEGIN_MANAGE_ELF_UPGRADE, END_MANAGE_ELF_UPGRADE CO SEMS Lite Root APDU(s) used: Key update commands Implicit indication via Key Update SEMS_KEY_ROTATION wrapped in SEMS Secure the successful channel completion of service CO, User, Card Reset APDU(s) used: N/A Power cycle or reset the Status Word Unauthor module (Response APDU ised 9000) CO, User, Context APDU(s) used: Command parameters Status Word Unauthor SELECT. (data objects, SSPs) (Response APDU ised MANAGE CHANNEL 9000) Public Material

Page 27

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 CO, User, Info APDU(s) used: Command parameters Status Word Unauthor (Show status and GET DATA (data objects, SSPs) (Response APDU ised Perform 9000) selftests) CO, User, SEMS Lite APDU(s) used: Command parameters Status Word Unauthor General SEMS_SELECT, GET (data objects, SSPs) (Response APDU ised (Show module’s DATA 9000) versioning information) Table 6

Page 28

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 The external entity participating in the mutual authentication sends a 64-bit challenge to the Secure Element. The Secure Element generates its own challenge and computes a 64-bit cryptogram with SD-SMAC key and both challenges. The Secure Element cryptogram and challenge are sent to the external entity which checks the Secure Element cryptogram and creates its own 64-bit cryptogram with both challenges. A 64-bit message authentication code (MAC) is also computed on the command containing the external entity cryptogram with AES-CMAC and SDSMAC key. The MAC is concatenated to the command, and the command is sent to the Secure Element. The Secure Element checks the message authentication code and compares the received cryptogram to the calculated cryptogram. If all of this succeeds, the two participants are mutually authenticated (the external entity is authenticated to the module). The probability that a random attempt will succeed using this authentication method is:

Page 29

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 The number of authentication attempts is configurable. It can be an infinite attempt number, or it can be limited by a counter comprised between 1 and 255 attempts. A maximum of 4700 authentications can be performed in one minute. In the worst-case scenario, the probability that a random attempt will succeed over a one-minute period is:

Page 30

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 APP-KAS-IOT-SS/APP-KAS-SEMS-SS with the Approved KAS algorithm. The shared secret is used to derive the AES-128 APP-AES-KEY-AUTH which is itself used to derive the APP-SENC, APP-SMAC and APP-RMAC session keys. These sessions keys are used with AES-CBC and AES-CMAC to provide an end-to-end confidential and authenticated protected channel (Approved KTS) between the external entity (User) and the module. First, the user requests the module public key, APP-KAS-SSC-EC-PUB-KEY; this key is signed with the private key APPKAS-SSC-EC-PRIV-KEY by the module. Then, the User sends the ephemeral KAS public key signed with User’s ECDSA private key. Finally, the module verifies the ECDSA signature of the ephemeral key with either APP-EC-PUBLICKEYUSER or APP-EC-PUBLIC-KEY-CO before initiating the KAS shared secret computation. The probability that a random attempt will succeed using this authentication method is:

Page 31

Service Description Approved Keys and/or SSPs Roles Access Indicator Security rights Functions to Keys and/ or SSPs ISD Services Manage Load keys and data N/A OS-SKEK CO E, W, Z Status Content SD-KENC Word SD-KMAC (Response SD-KDEK APDU DAP-DAPK 9000) SSD Services Lifecycle Get or modify the card N/A All CO E, Z Status (Show status or applet life cycle Word and Perform status (Response zeroisation) APDU 9000) Manage Load keys and data N/A OS-SKEK CO E, W, Z Status Content SD-KENC Word SD-KMAC SD- (Response KDEK APDU DAP-DAPK 9000) Privileged Read Module data N/A OS-MKEK CO E Status Info (privileged data objects, SD-KENC Word (Show but no CSPs) SD-KMAC (Response module’s SD-SENC APDU versioning SD-SMAC 9000) information) SD-RMAC Secure Establish and use a CTR_DRBG OS-DRBG-EI CO E, G, Z Status Channel secure communication (Cert. OS-DRBG-SEED Word channel A2713) OS-DRBG-STATE (Response CKG OS-DRBG-KEY APDU (Vendor OS-DRBG-V 9000) Affirmed) OS-DRBG-OUTPUT OS-MKEK SD-KENC SD-KMAC SD-SENC SD-SMAC SD-RMAC IoT Applet Services Public Material

Page 32

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 Service Description Approved Keys and/or SSPs Roles Access Indicator Security rights Functions to Keys and/ or SSPs IoT Applet This service manages AES SD-SENC CO E, G, Status Management the P71D600 applet CBC, ECB, SD-SMAC W Word CTR, SD-RMAC (Response CCM, CMAC APP-ECC-RT-PRIV-KA APDU (Cert. APP-AES-RAM-K0-KEY 9000) A2713) APP-AES-RAM-Kn-KEY GCM/GMAC APP-EC-PUB-KEY-CO (Cert. APP-EC-PUB-KEY-USER A2714) APP-ECC-RT-PUB-AUT KDF SP800- APP-ECC-PUB-eKA

108 (Cert. APP-ECC-PUB-AUT

A2713) APP-KAS-IOT-SS ECDSA (Cert. A2713) P-256 SHS (Cert. A2713) KASECC (Cert. A2713) P-256 SHS (Cert. A2713) CKG (Vendor Affirmed) Module Perform Self-Tests and All All CO, E Status Usage Show module’s User Word (Perform versioning information (Response Self-Tests APDU and Show 9000) module’s versioning information) Public Material

Page 33

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 Service Description Approved Keys and/or SSPs Roles Access Indicator Security rights Functions to Keys and/ or SSPs Session This service manages AES OS-DRBG-EI CO, E, G, Z Status Management the applet sessions; CBC, ECB, OS-DRBG-STATE User Word Users can decide to CTR, OS-DRBG-KEY (Response open a session or not; CCM, CMAC OS-DRBG-V APDU Opening a session (Cert. OS-DRBG-OUTPUT 9000) requires to authenticate A2713) OS-MKEK to the applet using GCM/GMAC SD-KENC either an UserID, an (Cert. SD-KMAC AES128 key or an EC key A2714) SD-SENC depending on the KDF SP800- SD-SMAC session type 108 (Cert. SD-RMAC A2713) APP-KAS-SSC-EC-PRIVECDSA (Cert. KEY A2713) APP-KAS-IOT-SS P-256 SHS APP-AES-KEY-AUTH (Cert. APP-SENC A2713) KASAPP-SMAC ECC APP-RMAC (Cert. APP-USERID-FILE A2713) APP-EC-PRIV-KEY P-256 SHS (Cert. APP-AES-KEY A2713) CKG APP-KAS-SSC-EC-PUB(Vendor KEY Affirmed) APP-EC-PUB-KEY-CO APP-EC-PUB-KEY-USER Public Material

Page 34

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 Service Description Approved Keys and/or SSPs Roles Access Indicator Security rights Functions to Keys and/ or SSPs Secure This service manages CTR_DRBG OS-DRBG-EI CO, E, G, Status Object Write the generation (either (A2713) AES OS-DRBG-STATE User R, W, Z Word Functionality an RSA or EC key pair) or CBC, ECB, OS-DRBG-KEY (Response transport (EC keys, CTR, OS-DRBG-V APDU RSA keys, symmetric CCM, CMAC OS-DRBG-OUTPUT 9000) keys, binary files, (Cert. OS-MKEK UserIDs, monotonic A2713) SD-SENC counters, PCRs) of GCM/GMAC SD-SMAC Secure Objects. (Cert. SD-RMAC A2714) APP-TRANSPORTKDF SP800- CIPHER

108 (Cert. APP-TRANSPORT-MAC

A2713) APP-AES-KEY-AUTH ECDSA (Cert. APP-USERID-FILE A2713) APP-EC-PRIV-KEY P-256 SHS APP-RSA-PRIV-KEY (Cert. APP-AES-KEY A2713) KASAPP-HMAC-KEY ECC (Cert. APP-EC-PUB-KEY-CO A2713) APP-EC-PUB-KEY-USER P-256 RSA APP-EC-PUB-KEY (Cert. APP-RSA-PUB-KEY A2713)2048, 3072,

4096 bits

SHS (Cert. A2713) CKG (Vendor Affirmed) Public Material

Page 35

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 Service Description Approved Keys and/or SSPs Roles Access Indicator Security rights Functions to Keys and/ or SSPs Secure This service manages N/A OS-MKEK CO, E, R Status Object Read the reading of Secure SD-SENC User Word Functionality Objects or its attributes; SD-SMAC (Response Asymmetric private SD-RMAC APDU keys or symmetric keys APP-TRANSPORT- 9000) can never be read in CIPHER plaintext APP-TRANSPORT-MAC APP-EC-PRIV-KEY APP-RSA-PRIV-KEY APP-AES-KEY APP-HMAC-KEY APP-KAS-SSC-EC-PUBKEY APP-EC-PUB-KEY-CO APP-EC-PUB-KEY-USER APP-EC-PUB-KEY APP-RSA-PUB-KEY Secure This service manages AES OS-MKEK CO, E, Z Status Object the reading of Secure CBC, ECB, SD-SENC User Word Management Object attributes CTR, SD-SMAC (Response CCM, CMAC SD-RMAC APDU (Cert. APP-AES-KEY-AUTH 9000) A2713) APP-USER-ID-FILE GCM/GMAC APP-RSA-PRIV-KEY (Cert. APP-AES-KEY A2714) APP-HMAC-KEY HMAC (Cert. APP-EC-PUB-KEY-USER A2713) APP-EC-PUB-KEY ECDSA (Cert. APP-RSA-PUB-KEY A2713) P-256 SHS (Cert. A2713) RSA (Cert. A2713)2048, 3072,

4096 bits

SHS (Cert. A2713) CKG (Vendor Affirmed) Public Material

Page 36

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 Service Description Approved Keys and/or SSPs Roles Access Indicator Security rights Functions to Keys and/ or SSPs EC Curve This service manages ECDSA (Cert. SD-SENC CO, E Status Management the EC curves that can A2713) SD-SMAC User Word (Perform be used during EC P-256 SHS SD-RMAC (Response approved cryptographic (Cert. APDU security operations A2713) 9000) functions) Crypto This service manages SHS (Cert. SD-SENC CO, E Status Object the Crypto Objects that A2713) SD-SMAC User Word Management can be used. Crypto AES SD-RMAC (Response Objects allow to do CBC, ECB, APP-AES-KEY APDU operations in multiple CTR, APP-HMAC-KEY 9000) steps (init/update/final) CCM, CMAC Supported Crypto (Cert. Objects allow to use a A2713) digest, cipher or MAC GCM/GMAC algorithm to be used (Cert. A2714) HMAC (Cert. A2713) EC Crypto This service triggers OS ECDSA OS-DRBG-EI CO, E, G, Z Status Operations API for ECDSA signature (Cert. OS-DRBG-STATE User Word (Perform generation and A2713) OS-DRBG-KEY (Response approved verification, and for EC P-256 KAS- OS-DRBG-V APDU security DH shared secret SSC OS-DRBG-OUTPUT 9000) functions) calculation according to (Cert. OS-MKEK [56Ar3] Section 5.7.1.2 A2713) SD-SENC P-256 SHS SD-SMAC (Cert. SD-RMAC A2713) CKG APP-EC-PRIV-KEY (Vendor APP-EC-PUB-KEY Affirmed) RSA Crypto This service triggers OS RSA (Cert. OS-DRBG-EI CO, E, G, Z Status Operations API for RSA signature A2713)2048, OS-DRBG-STATE User Word (Perform generation and 3072, OS-DRBG-KEY (Response approved verification, and for RSA 4096 bits OS-DRBG-V APDU security encryption and SHS (Cert. OS-DRBG-OUTPUT 9000) functions) decryption (components A2713) CKG OS-MKEK only) (Vendor SD-SENC Affirmed) SD-SMAC SD-RMAC APP-RSA-PRIV-KEY APP-RSA-PUB-KEY Public Material

Page 37

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 Service Description Approved Keys and/or SSPs Roles Access Indicator Security rights Functions to Keys and/ or SSPs Symmetric This service triggers OS AES OS-MKEK CO, E Status Cipher Crypto API for AES encryption CBC, ECB, SD-SENC User Word Operations and decryption CTR, SD-SMAC (Response (Perform CCM, CMAC SD-RMAC APDU approved (Cert. APP-AES-KEY 9000) security A2713) functions) GCM/GMAC (Cert. A2714) Authenticate AES SD-SENC CO, E Status d Encryption CBC, ECB, SD-SMAC User Word Crypto This service provides CTR, SD-RMAC (Response Operations execution of the AEAD CCM, CMAC APDU (Perform function using OS API (Cert. 9000) approved primitives for AES GCM A2713) security encryption and GCM/GMAC functions) decryption, and DRBG (Cert. for internal IV A2714) generation CTR_DRBG (A2713) MAC This service triggers OS CMAC OS-MKEK CO, E Status Calculation API for MAC Calculation (Cert. SD-SENC User Word Crypto A2713) SD-SMAC (Response Operations HMAC SD-RMAC APDU (Perform (Cert. APP-HMAC-KEY 9000) approved A2713) security functions) Public Material

Page 38

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 Service Description Approved Keys and/or SSPs Roles Access Indicator Security rights Functions to Keys and/ or SSPs HKDF This service triggers OS HKDF OS-MKEK CO, E Status operations API for HKDF operations (Certs. SD-SENC User Word (Perform (either Two Step Key A2713 and SD-SMAC (Response approved Derivation using HMAC A2714) SD-RMAC APDU security or the Key Derivation APP-HMAC-KEY 9000) functions) Function using Pseudorandom functions) PBKDF This service provides PBKDF2 OS-MKEK CO, E Status Operation execution of the (Cert. SD-SENC User Word (Perform Password-Based Key A2714) SD-SMAC (Response approved Derivation Function. SD-RMAC APDU security The derived key is 9000) functions) returned to the operator and not used by the module TLS KDF This service provides KDF OS-MKEK CO, E Status Functions support for TLS v1.2 (Cert. SD-SENC User Word (Perform calculations. It does not A2713) SD-SMAC (Response approved implement the TLS v1.2 SD-RMAC APDU security protocol 9000) functions) Secure Hash This service triggers OS SHA OS-MKEK CO, E Status Crypto API for [FIPS 180-4] (Cert. SD-SENC User Word Operations compliant hash A2713) SD-SMAC (Response (Perform algorithms SD-RMAC APDU approved 9000) security functions) SEMS Lite Applet Services Public Material

Page 39

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 Service Description Approved Keys and/or SSPs Roles Access Indicator Security rights Functions to Keys and/ or SSPs SEMS Lite The service provides the AES OS-MKEK CO, E, G, Status Authenticatio authenticated secure CBC, ECB, APP-ECC-RT-PRIV-KA User W, Z Word n messaging CTR, APP-AES-RAM-K0-KEY (Response CCM, CMAC APP-AES-RAM-Kn-KEY APDU (Cert. APP-ECC-RT-PUB-AUT 9000) A2713) APP-ECC-PUB-eKA GCM/GMAC APP-ECC-PUB-AUT (Cert. APP-CERT-KR-AUT A2714) APP-CERT-AUT DAPECDSA (Cert. DAPK A2713) P-256 SHS (Cert. A2713) KASECC (Cert. A2713) P-256 CKG (Vendor Affirmed) SEMS Lite The service is used to AES OS-MKEK CO, E, G, Status Manage load data. The data is CBC, ECB, APP-ECC-RT-PRIV-KA User W, Z Word Content wrapped in SEMS Lite CTR, APP-AES-RAM-K0-KEY (Response Authentication CCM, CMAC APP-AES-RAM-Kn-KEY APDU (Cert. APP-ECC-RT-PUB-AUT 9000) A2713) APP-ECC-PUB-eKA GCM/GMAC APP-ECC-PUB-AUT (Cert. APP-CERT-KR-AUT A2714) APP-CERT-AUT ECDSA (Cert. DAP-DAPK A2713) P-256 SHS (Cert. A2713) KASECC (Cert. A2713) P-256 CKG (Vendor Affirmed) Public Material

Page 40

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 Service Description Approved Keys and/or SSPs Roles Access Indicator Security rights Functions to Keys and/ or SSPs SEMS Lite This service updates AES OS-MKEK CO E, G, Status Root Key APP-ECC-RT-PRIV-KA CBC, ECB, APP-ECC-RT-PRIV-KA W, Z Word Update and APP-ECC-RT-PUB- CTR, APP-AES-RAM-K0-KEY (Response AUT keys wrapped in CCM, CMAC APP-AES-RAM-Kn-KEY APDU SEMS Lite (Cert. APP-ECC-RT-PUB-AUT 9000) Authentication A2713) APP-ECC-PUB-eKA GCM/GMAC APP-ECC-PUB-AUT (Cert. APP-CERT-KR-AUT A2714) APP-CERT-AUT ECDSA (Cert. A2713) P-256 SHS (Cert. A2713) KASECC (Cert. A2713) P-256 CKG (Vendor Affirmed) N/A N/A CO, N/A Status User, Word Power cycle or reset the Card Reset Unauthor (Response module ised APDU 9000) N/A N/A CO, N/A Status User, Word Select an applet or Context Unauthor (Response manage logical channels ised APDU 9000) Info Read unprivileged data N/A N/A CO, N/A Status objects, e.g., module User, Word configuration or status Unauthor (Response information (Show ised APDU Status). This service 9000) includes the Preoperational Self-Test on-demand Public Material

Page 41

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 Service Description Approved Keys and/or SSPs Roles Access Indicator Security rights Functions to Keys and/ or SSPs SEMS Lite This service provides N/A N/A CO, N/A Status General generic operations User, Word which are not required Unauthor (Response to be protected by ised APDU applying security. It 9000) includes selecting the SEMS Lite applet, reading version of the SEMS Lite applet or APP-ECC-RT-PUB-AUT public key of SEMS Lite Applet Table 8

Page 42

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600

5 Software/Firmware Security

The cryptographic module is considered a hardware module with firmware components. An error detection code (32-bit CRC performed over all code located in Flash) is applied to all firmware components within the module. If the integrity test fails, the module enters the hard error (MUTE) state. An operator of the module can perform the integrity test on demand with the GET DATA APDU command. As a single-chip hardware module, the executable form of the code, i.e., firmware is binary format. The module does not support loading of firmware from an external source. ROM endurance has been proven to be more than 10 years after manufactured date. Therefore, per FIPS 140-3 IG 5.A, no pre-operational ROM integrity self-test has been implemented. The module’s endof-life procedures must be applied prior to the degradation of the ROM by setting the module to the TERMINATE state. All data and control inputs, and data and status outputs of the cryptographic module and services are directed through the module’s defined interfaces. Public Material

Page 43

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600

6 Operational Environment

The module claims to meet Physical Security Level 4 and thus the requirements per this section do not apply. Public Material

Page 44

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600

7 Physical Security

The module is a single-chip implementation that meets commercial-grade specifications for power, temperature, reliability, and shock/vibrations. The module uses standard passivation techniques. The module includes Environmental Failure Protection features such as temperature and voltage sensors. Fault Induction mitigation techniques are light sensors and spike sensors on the supply voltage lines. Identification of internal features such as sensitive components or interconnections is impeded by a fine mesh of metal shield lines that resides at the outermost layers of the chip. Delivery forms of the module are QFN package, contactless chip card module, or sawn wafer. Therefore, the module does not rely on any physical security based on a package. Physical Security Mechanism Recommended Frequency of Inspection/Test Guidance Details Inspection/Test N/A N/A N/A Table 9

Page 45

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600

8 Non-Invasive Security

Please see Section 12 below for information regarding non-invasive security countermeasures. Public Material

Page 46

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600

9 Sensitive Security Parameter Management

Security Key Use & Function and Gener- Import /SSP Name Strength Establishment Storage Zero- isation Related Cert. ation /Export /Type Keys Number

384 bits CTR_DRBG Internally N/A N/A Temporarily Power-off Random

(Cert. via ENT stored in (temporarily value from A2713) (P) RAM in stored in ENT (P) used plaintext RAM) to seed (does not reciprocally persist and AES-256 OS-DRBG-EI beyond a DRBG CSP power cycle); object identifier to entity association

880 bits CTR_DRBG Internally N/A N/A Stored in Destroyed by Current

(Cert. via SP800- NVM in termination DRBG state A2713) 90Ar1 plaintext; of the value DRBG object module OS-DRBG- process identifier to (LifeCycle/ STATE CSP entity Perform association Zeroisation service); overwritten with zeroes

256 bits CTR_DRBG Internally N/A N/A Stored in Destroyed by Current

(Cert. via SP800- NVM in terminate- DRBG state OS- DRBG- A2713) 90Ar1 plaintext; on of the value DRBG object Module KEY process identifier to (LifeCycle/ CSP entity Perform association Zeroisation service); overwritt en with zeroes Public Material

Page 47

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 Security Key Use & Function and Gener- Import /SSP Name Strength Establishment Storage Zero- isation Related Cert. ation /Export /Type Keys Number

256 bits CTR_DRBG Internally N/A N/A Stored in Destroyed Current

(Cert. via NVM in by DRBG state OS-DRBG- V A2713) SP800- plaintext; terminate- value 90Ar1 object on of the CSP DRBG identifier to Module process entity (LifeCycle/ association Perform Zeroisation service); overwritt en with zeroes

256 bits CTR_DRBG Internally N/A N/A Stored in Destroyed Unmodified

(Cert. via NVM in by output from A2713) SP800- plaintext; termination the DRBG 90Ar1 object of the used for SSP OS-DRBG- DRBG identifier to module generation OUTPUT process entity (LifeCycle/ CSP association Perform Zeroisation service); overwritten with zeroes

128 bits AES N/A Entered N/A Stored in Destroyed Used to build

CBC, ECB, during NVM in by OS-MKEK CTR, manufactu plaintext; termination CCM, CMAC ring/ object of the (Cert. personaliza identifier to module A2713) tion entity (LifeCycle/ GCM/GMAC association Perform (Cert. Zeroisation A2714) service); overwritten OS-SKEK with zeroes CSP Public Material

Page 48

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 Security Key Use & Function and Gener- Import /SSP Name Strength Establishment Storage Zero- isation Related Cert. ation /Export /Type Keys Number

128 bits AES OS-SKEK N/A N/A Stored in Destroyed Used to

CBC, ECB, permutat NVM in by encrypt all CTR, i on (xor plaintext; termination secret and CCM, CMAC between object of the private key (Cert. OS-SKEK identifier to module data stored OS-MKEK A2713) and a entity (LifeCycle/Pe in CSP GCM/GMAC constant association rform NVM (Cert. value) Zeroisation A2714) service); overwritten with zeroes

128 bits AES N/A Entered N/A Stored in Destroyed Used to

CBC, ECB, during NVM because of derive SDCTR, manufactu encrypted with OS-MKEK SENC CCM, CMAC ring/ Approved AES zeroisation (Cert. personalizat CBC with OSA2713) ion MKEK; key GCM/GMAC Or version to (Cert. AES-CBC entity A2714) (using SD- association KDEK) encrypted SD-KENC (RFC 3394 CSP method) and transporte d using platform SCP03 Exported using Approved KTS Public Material

Page 49

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 Security Key Use & Function and Gener- Import /SSP Name Strength Establishment Storage Zero- isation Related Cert. ation /Export /Type Keys Number

128 bits AES N/A Entered N/A Stored in Destroyed Used to

CBC, ECB, during NVM because of derive SDCTR, manufactu encrypted with OS-MKEK SMAC CCM, CMAC ring/pers- Approved AES zeroisation (Cert. onalization CBC with OSA2713) Or MKEK; key GCM/GMAC AES-CBC version to (Cert. (using SD- entity A2714) KDEK) association SD-KMAC encrypted (RFC 3394 CSP method) and transporte d using platform SCP03 Exported using Approved KTS

128 bits AES N/A Entered N/A Stored in Destroyed Sensitive

CBC, ECB, during NVM because of data CTR, manufactu encrypted with OS-MKEK decryption CCM, CMAC ring/perso Approved AES zeroisation key used to (Cert. nalization CBC with OS- decrypt CSPs A2713) Or MKEK; key GCM/GMAC Entered version to SD-KDEK (Cert. encrypted entity CSP with the association A2714) previous SD-KDEK Exported using Approved KTS Public Material

Page 50

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 Security Key Use & Function and Gener- Import /SSP Name Strength Establishment Storage Zero- isation Related Cert. ation /Export /Type Keys Number

128 bits AES N/A N/A Derived with Temporarily Power-off Session

CBC, ECB, Approved stored in (temporarily encryption CTR, KDF RAM in stored in key used to CCM, CMAC SP800108 plaintext RAM) secure (Cert. (does not channel data A2713) persist GCM/GMAC beyond a SD-SENC (Cert. power cycle); object CSP A2714) identifier to KDF SP800entity association (Cert. A2713) CKG (Vendor Affirmed)

128 bits AES N/A N/A Derived with Temporarily Power-off Session MAC

CBC, ECB, Approved stored in (temporarily key used to CTR, KDF SP800- RAM in stored in verify CCM, CMAC 108 plaintext RAM) inbound (Cert. (does not secure A2713) persist channel data GCM/GMAC beyond a integrity SD-SMAC (Cert. power cycle); object CSP A2714) identifier to KDF SP800entity association (Cert. A2713) CKG (Vendor Affirmed) Public Material

Page 51

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 Security Key Use & Function and Gener- Import /SSP Name Strength Establishment Storage Zero- isation Related Cert. ation /Export /Type Keys Number

128 bits AES N/A N/A Derived with Temporarily Power-off Session MAC

CBC, ECB, Approved stored in (temporarily key used to CTR, KDF SP800- RAM in stored in verify CCM, CMAC 108 plaintext RAM) outbound (Cert. (does not secure A2713) persist channel data GCM/GMAC beyond a integrity SD-RMAC (Cert. power cycle); object CSP A2714) identifier to KDF SP800entity association (Cert. A2713) CKG (Vendor Affirmed) APP- 256 bits AES N/A Entered N/A Stored in Destroyed Used to TRANSPORT- CBC, ECB, during NVM because of encrypt CIPHER CTR, manufactu encrypted OS-MKEK either CSP CCM, CMAC ring/perso with zeroisation exported or (Cert. nalization Approved AES imported A2713) CBC with OS- Secure GCM/GMAC Output: MKEK; key Objects or (Cert. N/A version to data A2714) entity association APP- 128 bits AES N/A Entered N/A Stored in Destroyed Used to TRANSPORT- CMAC (Cert. during NVM because of authenticate MAC A2713) manufactu encrypted with OS-MKEK either CSP ring/perso Approved AES zeroisation exported or nalization CBC with OS- imported MKEK; key Secure Output: version to Objects N/A entity association Public Material

Page 52

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 Security Key Use & Function and Gener- Import /SSP Name Strength Establishment Storage Zero- isation Related Cert. ation /Export /Type Keys Number APP-KAS- 128 bits KAS-ECC-SSC N/A Entered N/A Stored in Destroyed KAS Shared SSC-EC-PRIV- P-256 (Cert. during NVM because of Secret KEY A2713) manufactu encrypted with OS-MKEK computation CSP KDA ring/perso Approved AES zeroisation private key (Cert. nalization CBC with OSA2713) MKEK; key Output: version to N/A entity association APP-KAS- 128 bits KAS-ECC-SSC N/A N/A Established Temporarily Power-off KAS-ECC IOT-SS CSP P-256 (Cert. with the stored in (temporarily Shared A2713) SP80056Arev3 RAM in stored in Secret KDA KAS-ECC plaintext RAM) (Cert. (does not A2714) persist beyond a power cycle); object identifier to entity association APP-AES- 128 bits AES N/A Entered Approved KTS Stored in Destroyed Used in KEY-AUTH CBC, ECB, during NVM because of AESKey session CSP CTR, manufactu encrypted with OS-MKEK or CCM, CMAC ring/perso Approved AES zeroisatio ECKey session (Cert. nalization CBC with OS- n authentication A2713) MKEK; key methods GCM/GMAC Output: via version to (Cert. Approved entity A2714) or KTS association ECDSA (Cert. A2713) Public Material

Page 53

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 Security Key Use & Function and Gener- Import /SSP Name Strength Establishment Storage Zero- isation Related Cert. ation /Export /Type Keys Number

128 bits AES N/A N/A Derived with Temporarily Power-off AES Key or EC

CBC, ECB, Approved stored in (temporaril Key session CTR, KDF SP800- RAM in y stored in encryption CCM, CMAC 108 plaintext RAM) key used to (Cert. (does not encrypt / A2713) persist decrypt GCM/GMAC beyond a secure channel (Cert. power cycle); data object A2714) or APP-SENC identifier to ECDSA (Cert. CSP entity A2713) KDF SP800- association (Cert. A2713) CKG (Vendor Affirmed)

128 bits AES N/A N/A Derived with Temporarily Power-off AES Key or

CBC, ECB, Approved stored in (temporarily EC Key CTR, KDF SP800- RAM in stored in session CCM, CMAC 108 plaintext RAM) MAC key (Cert. (does not used to A2713) persist verify GCM/GMAC beyond a inbound (Cert. power cycle); secure APP-SMAC object channel data A2714) or identifier to integrity CSP ECDSA (Cert. A2713) entity KDF SP800- association (Cert. A2713) CKG (Vendor Affirmed) Public Material

Page 54

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 Security Key Use & Function and Gener- Import /SSP Name Strength Establishment Storage Zero- isation Related Cert. ation /Export /Type Keys Number

128 bits AES N/A N/A Derived with Temporarily Power-off AES Key or

CBC, ECB, Approved stored in (temporarily EC Key CTR, KDF SP800- RAM in stored in session CCM, CMAC 108 plaintext RAM) MAC key (Cert. (does not used to A2713) persist generate GCM/GMAC beyond a response (Cert. power cycle); secure APP-RMAC object channel data A2714) or identifier to MAC CSP ECDSA (Cert. A2713) entity KDF SP800- association (Cert. A2713) CKG (Vendor Affirmed) APP-USERID- N/A N/A N/A Entered Approved KTS Stored in Destroyed 4-byte up to FILE during NVM because of 16-byte CSP manufactu encrypted with OS-MKEK UserID ring/perso Approved AES zeroisation authenticatio nalization CBC with OS- n data MKEK; key Output: via version to Approved entity KTS association Public Material

Page 55

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 Security Key Use & Function and Gener- Import /SSP Name Strength Establishment Storage Zero- isation Related Cert. ation /Export /Type Keys Number APP-EC- 112, 128, ECDSA The Entered: N/A Stored in Destroyed Elliptic curve PRIV-KEY 192, 256 Key Approved N/A NVM because of key that CSP bits Generation key pair encrypted with OS-MKEK allows to P-224, P- generatio Output: via Approved AES zeroisation perform EC 256, n method Approved CBC with OS- cryptographi P-384, P- is MKEK; key c operations KTS

521 (Cert. compliant version to

A2713) with entity CKG FIPS association (Vendor 186-4, Affirmed) Sections B.43.23 (RSA) or B.4.2 (ECDSA), Key Pair Generati o n by Testing Candidat es ; Generate d on the module using Approve d DRBG, AES-256 CTR_DRB G Public Material

Page 56

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 Security Key Use & Function and Gener- Import /SSP Name Strength Establishment Storage Zero- isation Related Cert. ation /Export /Type Keys Number APP-RSA- 112, RSA The Entered: N/A Stored in Destroyed RSA key that PRIV-KEY 128, 152 Key Approved N/A NVM because of allows to CSP bits Generation key pair encrypted with OS-MKEK perform RSA 2048, 3072, generatio Output: via Approved AES zeroisation cryptographi

4096 bits n method Approved CBC with OS- c operations

(Cert. is KTS MKEK; key A2713) compliant version to CKG with entity (Vendor FIPS association Affirmed) 186-4, Sections B.43.23 (RSA) or B.4.2 (ECDSA), Key Pair Generati o n by Testing Candidat es ; Generate d on the module using Approve d DRBG, AES-256 CTR_DRB G APP-AES-KEY 128, AES N/A Entered Approved KTS Stored in Destroyed Used to CSP 192, CBC, ECB, during NVM because of perform AES

256 bits CTR, manufactu encrypted with OS-MKEK cipher mode

CCM, CMAC ring/perso Approved AES zeroisation. operations (Cert. nalization CBC with OSA2713) MKEK; key GCM/GMAC Output: via version to (Cert. Approved entity A2714) KTS association Public Material

Page 57

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 Security Key Use & Function and Gener- Import /SSP Name Strength Establishment Storage Zero- isation Related Cert. ation /Export /Type Keys Number APP-HMAC- 128 and HMAC N/A Entered Approved KTS Stored in Destroyed Used to KEY 256 bits SHA-1, during NVM because of perform KDF CSP SHA2-256, manufactu encrypted with OS-MKEK or HMAC 384, 512 ring/perso Approved AES zeroisation operations (Cert. nalization CBC with OSA2713) MKEK; key Output: via version to Approved entity KTS association APP-ECC-RT- 256 bits ECDSA N/A Entered N/A Stored in Destroyed Private static PRIV-KA (Cert. during NVM because of key used in CSP A2713) manufactu encrypted with OS-MKEK key P-521 SHS ring/ Approved AES zeroisation establishmen (Cert. personaliz CBC with OS- t A2713) ation or MKEK; key (KAS-SSC) Imported version to operations in secure entity channel association specified by GPAmd-I Output: N/A APP-KAS- 128 bits KAS-ECC- N/A N/A Established Temporarily Power-off KAS Shared SEMS-SS SSCP-256 with the stored in (temporarily Secret CSP CSP (Cert. SP80056Arev3 RAM in stored in #A2713) KAS plaintext RAM) KDA (does not (Cert. persist beyond a A2715) power cycle); object identifier to entity association Public Material

Page 58

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 Security Key Use & Function and Gener- Import /SSP Name Strength Establishment Storage Zero- isation Related Cert. ation /Export /Type Keys Number

128 bits AES N/A N/A Established Temporarily Power-off Used as

CBC, ECB, with the SP- stored in (temporarily secret key CTR, 800-56A RAM (does stored in material CCM, CMAC Rev3 KAS- not persist RAM) in the very (Cert. SCC followed beyond a first A2713) by power cycle) decryption APP-AES- GCM/GMAC SHA256 as operations as RAM-K0-Key (Cert. One Pass KDF part of CSP A2714) CKG Authenticati (Vendor o n and Affirmed) Secure Messaging service of SEMS Lite applet

128 bits AES CBC, N/A Imported N/A Temporarily Power-off Used as

ECB, CTR, in secure stored in (temporarily secret key CCM, CMAC channel RAM (does stored in material in (Cert. specified not persist RAM) the A2713) by GP- beyond a subsequent n GCM/GMAC Amd-I power cycle) decryption APP-AES- (Cert. operations RAM-Kn-Key A2714) Output: as CSP N/A part of SEMS Lite Authenticati o n and Secure Messaging service DAP-DAPK 256 bits ECDSA N/A Entered N/A Stored in N/A

Page 59

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 Security Key Use & Function and Gener- Import /SSP Name Strength Establishment Storage Zero- isation Related Cert. ation /Export /Type Keys Number APP-KAS- 128 bits KAS-ECC-SSC N/A Entered N/A Stored in N/A

Page 60

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 Security Key Use & Function and Gener- Import /SSP Name Strength Establishment Storage Zero- isation Related Cert. ation /Export /Type Keys Number

128 bits ECDSA The Entered: N/A Stored in N/A

(Cert. Approved N/A NVM Considered execute EC A2713) key pair encrypted with protected by cryptographic P-256 generatio Output: Approved AES ISO 19790 operations CKG n method Approved CBC with OS- definition (Vendor is KTS MKEK; key Affirmed) compliant version to with FIPS entity 186-4, association Sections B.43.23 (RSA) or B.4.2 (ECDSA), APP-EC- Key Pair PUBKEY Generati PSP o n by Testing Candidate s ; Generate d on the module using Approved DRBG, AES-256 CTR_DRB G Public Material

Page 61

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 Security Key Use & Function and Gener- Import /SSP Name Strength Establishment Storage Zero- isation Related Cert. ation /Export /Type Keys Number 112, RSA (Cert. The Entered: N/A Stored in N/A

152 bits 3072, key pair encrypted with protected by cryptographic

4096 bits generatio Output: Approved AES ISO 19790 operations

CKG n method Approved CBC with OS- definition (Vendor is KTS MKEK; key Affirmed) compliant version to with FIPS entity 186-4, association Sections B.43.23 (RSA) or B.4.2 (ECDSA), APP-RSA- Key Pair PUB-KEY Generati PSP o n by Testing Candidate s ; Generate d on the module using Approved DRBG, AES-256 CTR_DRB G

128 bits KAS-ECC-SSC N/A Entered: N/A Stored in N/A

P-256 (Cert. Certificate NVM Considered public key A2713) is entered encrypted with protected by used in key in plain text Approved AES ISO 19790 establishmen APP-ECC- CBC with OS- t definition PUB-eKA Output: MKEK; key (KAS) PSP N/A version to operation entity association Public Material

Page 62

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 Security Key Use & Function and Gener- Import /SSP Name Strength Establishment Storage Zero- isation Related Cert. ation /Export /Type Keys Number

256 bits ECDSA (Cert. N/A Entered: N/A Stored in N/A

A2713) Certificate NVM Considered used in P-521 SHS is entered encrypted with protected by ECDSA (Cert. in plain text Approved AES ISO 19790 verification APP-ECC-RT- A2713) CBC with OS- definition operations PUB-AUT PSP Output: In MKEK; key plaintext version to entity association

256 bits ECDSA (Cert. N/A Entered: N/A Stored in N/A

A2713) Certificate NVM Considered public key P-521 SHS is entered encrypted with protected by used in (Cert. in plain text Approved AES ISO 19790 ECDSA APP-ECC- A2713) CBC with OS- definition verification PUB-AUT PSP Output: MKEK; key operations N/A version to entity association

256 bits ECDSA (Cert. N/A Entered: N/A Stored in N/A

A2713) Certificate NVM in Considered with EC public P-521 SHS is entered plaintext; protected by key providing APP-CERT- (Cert. in plain text object ISO 19790 authorization AUT A2713) identifier to definition and PSP Output: entity authenticity N/A association to SEMS Lite applet 256-bits ECDSA (Cert. N/A Entered: N/A Stored in N/A

Page 63

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 The module implements a NIST SP800-90Ar1 Approved CTR_DRBG. The unmodified outputs of the DRBG are used for Cryptographic Key Generation (CKG) of Symmetric Keys and seeds for Asymmetric Key Generation as noted in Table 3 in this document per Section 4 in NIST SP800-133r2. Entropy sources Minimum Number of bits of entropy Details NIST SP800-90B ENT (P)

0.912949 per entropy source output

bit Table 13

Page 64

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600

10 Self-Tests

On power-on or on demand, the module performs self-tests described below. The pre-operational self-test must be completed successfully prior to any other use of cryptography by the module. The Cryptographic Algorithm Self-Tests are either performed at boot or prior to first use. The conditional self-tests are performed when the corresponding conditions occur. If one of the self-tests fails, the system is halted and will start again after a reset. ROM endurance has been proven to be more than 10 years after manufactured date. Therefore, no pre-operational ROM integrity self-test has been implemented. The module’s end-of-life procedures must be applied prior to the degradation of the ROM by setting the module to the TERMINATE state, The Flash Firmware Integrity check is performed on every reset or on demand. Pre-operational Self-Tests

Page 65

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600

Page 66

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600

11 Life-Cycle Assurance

All configuration management items are managed using an automated configuration management system. The module is designed to allow the testing of all provided security-related services. All firmware is implemented using a high-level language and is designed in a manner that avoids the use of code, parameters, or symbols not necessary for the module’s functionality and execution. While the module can be delivered with the Approved mode enabled by default, customers also have the option to receive a module which is in the unconfigured state, i.e., non-Approved mode. To comply with and maintain the FIPS 140-3 validation, it would be the CO’s responsibility to enable the Approved mode of operation as follows (this information can also be found in the JCOP 4.5 User guidance and administrator manual document):

  1. Install SEMS Lite applet to run in Approved mode of operation.
  2. Install the IoT applet and configure the applet to run in Approved mode of operation.
  3. Configure the Operation System to run in Approved mode of operation. In each of these steps, it is in the CO’s responsibility to apply proper security conditions and to ensure that once the device is put into Approved mode of operation, it will not be set into non-Approved mode of operation ever again. The operator can verify that the module is operating in the Approved mode by following instructions specified in Section 2 in this document. There are no specific maintenance requirements for this module. Public Material – May be reproduced only in its original entirety (without revision).
Page 67

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600

12 Mitigation of Other Attacks

The module is protected against the following non-invasive attacks: SPA, DPA, Timing Analysis and Fault Induction using a combination of firmware and hardware countermeasures. Protection features include detection of outofrange supply voltages, frequencies or temperatures, fault induction mitigations like light sensors, voltage glitch sensors and an active shield, and detection of illegal address or instruction. All cryptographic computations and sensitive operations such as critical data comparison provided by the module are designed to be resistant to timing and power analysis. Sensitive operations are performed in constant time, regardless of the execution context (parameters, keys, etc.), owing to a combination of hardware and firmware features. In addition to the non-invasive attacks, the module also uses standard passivation techniques and is protected by active shielding (a grid of top metal layer wires with tamper response) which qualifies for classification under mitigation of other attacks. Public Material

Page 68

FIPS 140-3 Security Policy - JCOP 4.5 on P71D600 END OF DOCUMENT