All modules
CMVP Validated Module · FIPS 140-3 Security Policy

IDCore 3230 / 230 Platform

Certificate#4772StandardFIPS 140-3Level3TypeHardwareEmbodimentSingle ChipStatusActiveVendorThales
High review priority  ·  exposes HSM/SE firmware trust anchor  ·  last validated 23 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level3
Module typeHardware
EmbodimentSingle Chip
StatusActive
Sunset date8/20/2026
EntropyENT (P)
CaveatInterim validation
VendorThales
Hardware versionsSLC37GDA512 (A2848377)[1], SLC37GDA512 (A2848344)[2] and SLC37GDA512 (A3138921)[1]

Approved Algorithms (27)

AlgorithmACVP Cert
AES-CBCA2877
AES-CMACA2877
AES-ECBA2877
Counter DRBGA2877
ECDSA KeyGen (FIPS186-5)A2877
ECDSA SigGen (FIPS186-5)A2877
ECDSA SigVer (FIPS186-5)A2877
HMAC-SHA2-256A2877
KAS-ECC Sp800-56Ar3A2877
KAS-ECC-SSC Sp800-56Ar3A2877
KDA HKDF SP800-56Cr2A2877
KDA OneStep SP800-56Cr2A2877
KDF SP800-108A2877
RSA KeyGen (FIPS186-5)A2877
RSA KeyGen (FIPS186-5)A2877
RSA SigGen (FIPS186-5)A2877
RSA SigVer (FIPS186-5)A2877
SHA2-224A2877
SHA2-256A2877
SHA2-384A2877
SHA2-512A2877
SHA3-224A2877
SHA3-256A2877
SHA3-384A2877
SHA3-512A2877
TDES-CBCA2877
TDES-ECBA2877

Security Levels (Table 1)

Requirement areaLevel
Cryptographic Module Specification3
Cryptographic Module Interfaces3
Roles, Services, and Authentication3
Software/Firmware Security3
Operational EnvironmentN/A
Physical Security3
Non-Invasive SecurityN/A
Sensitive Security Parameter Management3
Self-Tests3
Life-Cycle Assurance3
Mitigation of Other AttacksN/A

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for IDCore 3230 / 230 Platform
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C1["[high] Firmware / bootloader<br/>versions disclosed<br/>(identity, not provenance)<br/><i>[IDCore 230-BUILD6.11, Demonstration Applet…</i>"]
    C2["[high] Firmware update / recovery<br/>/ rollback services<br/><i>Lifecycle: Modify the card or applet life cycle…<br/>Manage Content: -Load, install, and delete…<br/>Manage Content3</i>"]
    C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Module Reset - Power cycle or reset the Module.…<br/>Module Info (Unauth)<br/>Module Reset</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I1["Component identity is<br/>disclosed, but provenance<br/>and patch lineage are not."]
    I2["Trusted code is reachable<br/>through update and<br/>recovery paths."]
    I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R1["Do the vendor version<br/>strings obscure the<br/>upstream baseline, fork<br/>lineage, or known-CVE<br/>exposure?"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E1["SBOM / component baselines<br/>· patch and backport<br/>manifest · CVE disposition"]
    E2["update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C1 --> I1 --> R1 --> E1
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C1,C2,C3,C6 clue;
  class I1,I2,I3,I6 infer;
  class R1,R2,R3,R6 risk;
  class E1,E2,E3,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for IDCore 3230 / 230 Platform
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C1["[high] Firmware / bootloader versions disclosed (identity, not provenance)<br/><i>[IDCore 230-BUILD6.11, Demonstration Applet…</i><br/>src: certificate.firmwareVersions"]
    C2["[high] Firmware update / recovery / rollback services<br/><i>Lifecycle: Modify the card or applet life cycle…<br/>Manage Content: -Load, install, and delete…<br/>Manage Content3</i><br/>src: securityPolicy.services"]
    C3["[high] Unauthenticated / self-test / status service surface<br/><i>Module Reset - Power cycle or reset the Module.…<br/>Module Info (Unauth)<br/>Module Reset</i><br/>src: securityPolicy.services"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C1,C2,C3 clueHigh;
  class C6 clueLow;

Security Policy, page by page

Page 1

IDCore 3230 / 230 Platform FIPS 140-3 Cryptographic Module

Page 2
Ref: R1R29781_IDC3230_SPRev: GPage 2/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

IDCore 3230 / 230 Platform Document Information Release Date July 24, 2024 Thales and/or its subsidiaries and are registered in certain countries. All other trademarks and service marks, whether registered or not in specific countries, are the property of their respective owners. Disclaimer All information herein is either public information or is the property of and owned solely by Thales and/or its subsidiaries who shall have and keep the sole right to file patent applications or any other kind of intellectual property protection in connection with such information. Nothing herein shall be construed as implying or granting to you any rights, by license, grant or otherwise, under any intellectual and/or industrial property rights of or concerning any of Thales’s information. This document can be copied or distributed for informational, non-commercial, internal and personal use only provided that:  appear in all copies.  This document shall not be posted on any network computer or broadcast in any media other than on the NIST CMVP validation list and no modification of any part of this document shall be made. Use for any other purpose is expressly prohibited and may result in severe civil and criminal liabilities. The information contained in this document is provided “AS IS” without any warranty of any kind. Unless otherwise expressly agreed in writing, Thales makes no warranty as to the value or accuracy of information contained herein. Thales hereby disclaims all warranties and conditions with regard to the information contained herein, including all implied warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Thales be liable, whether in contract, tort or otherwise, for any indirect, special or consequential damages or any damages whatsoever including but not limited to damages resulting from loss of use, data, profits, revenues, or customers, arising out of or in connection with the use or performance of information contained in this document. Thales does not and shall not warrant that this product will be resistant to all possible attacks and shall not incur, and disclaims, any liability in this respect. Even if each product is compliant with

Page 3
Ref: R1R29781_IDC3230_SPRev: GPage 3/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

IDCore 3230 / 230 Platform current security standards in force on the date of their design, security mechanisms' resistance necessarily evolves according to the state of the art in security and notably under the emergence of new attacks. Under no circumstances, shall Thales be held liable for any third party actions and in particular in case of any successful attack against systems or equipment incorporating Thales products. Thales disclaims any liability with respect to security for direct, indirect, incidental or consequential damages that result from any use of its products. It is further stressed that independent testing and verification by the person using the product is particularly encouraged, especially in any application in which defective, incorrect or insecure functioning could result in damage to persons or property, denial of service or loss of privacy.

Page 4
Acronyms
NameTermDefinitionFull Specification Name
[GlobalPlatform][GlobalPlatform]GlobalPlatform Consortium: GlobalPlatform Card Specification 2.2.1, January 2011, http://www.globalplatform.org
[ISO 7816][ISO 7816]ISO/IEC 7816-1:1998 Identification cards -- Integrated circuit(s) cards with contacts -- Part 1: Physical characteristics ISO/IEC 7816-2:2007 Identification cards -- Integrated circuit cards -- Part 2: Cards with contacts -- Dimensions and location of the contacts ISO/IEC 7816-3:2006 Identification cards -- Integrated circuit cards -- Part 3: Cards with contacts -- Electrical interface and transmission protocols ISO/IEC 7816-4:2005 Identification cards -- Integrated circuit cards -- Part 4: Organization, security and commands for interchange
[ISO 14443][ISO 14443]Identification cards – Contactless integrated circuit cards – Proximity cards ISO/IEC 14443-1:2008 Part 1: Physical characteristics ISO/IEC 14443-2:2010 Part 2: Radio frequency power and signal interface ISO/IEC 14443-3:2011 Part 3: Initialization and anticollision ISO/IEC 14443-4:2008 Part 4: Transmission protocol
[JavaCard][JavaCard]Java Card 3.1.0 Runtime Environment (JCRE) Specification Java Card 3.1.0 Virtual Machine (JCVM) Specification Java Card 3.1.0 Application Programming Interface Published by Sun Microsystems, February 2021.
[FIPS 140-3][FIPS 140-3]Federal Information Processing Standards Publication 140-3, Security Requirements for Cryptographic Modules, March 2019
[IG][IG]NIST, Implementation Guidance for FIPS 140-3 and the Cryptographic Module Validation Program, January 2024.
[FIPS 180-4][FIPS 180-4]NIST, Secure Hash Standard, FIPS Publication 180-4, August 2015
[FIPS 186-4][FIPS 186-4]NIST, Digital Signature Standard (DSS), FIPS Publication 186-4, July 2013.
[FIPS 186-5][FIPS 186-5]NIST, Digital Signature Standard (DSS), FIPS Publication 186-5, February 2023.
[FIPS 197][FIPS 197]NIST, Advanced Encryption Standard (AES), FIPS Publication 197, November 26, 2001.
[FIPS 198-1][FIPS 198-1]Federal Information Processing Standards Publication 198-1, The Keyed-Hash Message Authentication Code (HMAC), July 2008.
[FIPS 202][FIPS 202]Federal Information Processing Standards Publication 202, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions, August 2015.
[FIPS 113][FIPS 113]NIST, Computer Data Authentication, FIPS Publication 113, 30 May 1985.
[ISO 19790:2012][ISO 19790:2012]ISO/IEC 19790:2012 (Corrected 2015-12-15, IDT) Information technology – Security techniques – Security requirements for cryptographic modules, 2015- 12-15.
Ref: R1R29781_IDC3230_SPRef: R1R29781_IDC3230_SPRev: GPage 4/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].© Copyright Thales 2024. May be reproduced only in its entirety [without revision].
Page 5
Approved algorithm
NameKey Size
[PKCS#1]PKCS #1 v2.1: RSA Cryptography Standard, RSA Laboratories, June 14, 2002
[SP 800-108r1]NIST Special Publication 800-108 Revision 1, Recommendation for Key Derivation Using Pseudorandom Functions, August 2022.
[SP 800-131Ar2]NIST Special Publication 800-131A Revision 2, Transitioning the Use of Cryptographic Algorithms and Key Lengths, March 2019.
[SP 800-132]NIST Special Publication 800-132, Recommendation for Password-Based Key Derivation: Part 1: Storage Applications, December 2010.
[SP 800-133r2]NIST Special Publication 800-133 Revision 2, Recommendation for Cryptographic Key Generation, June 2020.
[SP 800-140Cr2]NIST Special Publication 800-140C Revision 2, CMVP Approved Security Functions: CMVP Validation Authority Updates to ISO/IEC 24759, July 2023.
[SP 800-140Dr2]NIST Special Publication 800-140D Revision 2, CMVP Approved Sensitive Security Parameter Generation and Establishment Methods: CMVP Validation Authority Updates to ISO/IEC 24759, July 2023.
[SP 800-140E]NIST Special Publication 800-140E, CMVP Approved Authentication Mechanisms: CMVP Validation Authority Requirements for ISO/IEC 19790:2012 Annex E and ISO/IEC 24759 Section 6.17, March 2020.
[SP 800-140F]NIST Special Publication 800-140F, CMVP Approved Non-Invasive Attack Mitigation Test Metrics: CMVP Validation Authority Updates to ISO/IEC 24759, March 2020.
[SP 800-38A]NIST Special Publication 800-38A, Recommendation for Block Cipher Modes of Operation – Methods and Techniques, December 2001.
[SP 800-38B]NIST Special Publication 800-38B, Recommendation for Block Cipher Modes of Operation: the CMAC Mode for Authentication, May 2005 (with October 2016 updates).
[SP 800-38D]NIST Special Publication 800-38D, Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC, November 2007.
[SP 800-38E]NIST Special Publication 800-38E, Recommendation for Block Cipher Modes of Operation: the XTS-AES Mode for Confidentiality on Storage Devices, January 2010.
[SP 800-38F]NIST Special Publication 800-38F, Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping, December 2012.
[SP 800-56Ar3]NIST Special Publication 800-56A, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography, Revision 3, April 2018.
[SP 800-56Br2]NIST Special Publication 800-56B, Recommendation for Pair-Wise Key- Establishment Schemes Using Integer Factorization Cryptography, Revision 2, March 2019.
[SP 800-56Cr2]NIST Special Publication 800-56C, Recommendation for Key-Derivation Methods in Key-Establishment Schemes, Revision 2, August 2020.
[SP 800-67r2]NIST Special Publication 800-67, Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher, Revision 2, November 2017.
[SP 800-90Ar1]NIST Special Publication SP 800-90A, Recommendation for Random Number Generation Using Deterministic Bit Generators, Revision 1, June 2015.
Ref: R1R29781_IDC3230_SPRev: GPage 5/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

IDCore 3230 / 230 Platform ISO/IEC 24759:2017 (Corrected 2017-03, IDT) Information technology –

Page 6
Acronyms
NameTermDefinition
AESAESAdvanced Encryption Standard
APIAPIApplication Programming Interface
CBCCBCCipher Block Chaining
CKGCKGCryptographic Key Generation
CLKCLKCLocK
CMCMCryptographic Module
CMACCMACCipher-based Message Authentication Code
CMVPCMVPCryptographic Module Validation Program
COCOCrypto Officer
CRCCRCCyclic Redundancy Check
CSCSCipher Suite
DAPDAPData Authentication Pattern
DESDESData Encryption Standard
DRBGDRBGDeterministic Random Bit Generator
DMDMDelegated Management
ECBECBElectronic Code Book
ECCECCElliptic Curve Cryptography
ECDSAECDSAElliptic Curve Digital Signature Algorithm
EDCEDCError Detection Code
EFPEFPEnvironmental Failure Protection
ESVESVEntropy Source Validation
FIPSFIPSFederal Information Processing Standards
GNDGNDGround (electrical connection)
GPGPGlobal Platform
HKDFHKDFHMAC Key Derivation Function
Ref: R1R29781_IDC3230_SPRev: GPage 6/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

IDCore 3230 / 230 Platform [SP 800-90B] NIST, SP 800-90B, “Recommendation for the Entropy Sources Used for Table 1

Page 7
HMACHash-based keyed Message Authentication Code
HWHardware
I/OInput Output
ISOInternational Standards Organisation
JCAPIJavaCard API
JCREJavaCard Runtime Environment
KASKey Agreement Scheme
KATKnown Answer Test
KBKDFKey Based Key Derivation Function
KCKey Confirmation
KDFKey Derivation Function
MACMessage Authentication Code
MMUMemory Management Unit
OPACITYOpen Protocol for Access Control, Identity, Ticketing with privacY
PINPersonal Identification Number
PIVPersonal Identity Verification
PKCSPublic Key Cryptographic Standards
PRIPRIvate (key)
PSSProbabilistic Signature Scheme
PSTPeriodic Self Test
PUBPUblic (key)
RAMRandom Access Memory
SCPSecure Channel Protocol
SDSecurity Domain
SHASecure Hash Algorithm
SSDSupplementary Security Domain
SSPSensitive Security Parameter
SYMSYMmetric (key)
RFRadio Frequency
RLCReinforced Low Cost
RLTRLC Thin
Ref: R1R29781_IDC3230_SPRev: GPage 7/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].
Page 8
RSARivest Shamir Adleman
SCPSecure Channel Protocol
TRNGTrue Random Number Generator
UAUnauthenticated User
UARTUniversal Asynchronous Receiver Transceiver
USBUniversal Serial Bus
USRUSeR
VCCVoltage Common Collector
VMVirtual Machine
Ref: R1R29781_IDC3230_SPRev: GPage 8/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

IDCore 3230 / 230 Platform Table 2

Page 9
Ref: R1R29781_IDC3230_SPRev: GPage 9/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

IDCore 3230 / 230 Platform Table of Contents 2.1 2.1 2.2 2.3 2.4 3.1 4.1 4.2 4.3 4.3.1 4.3.2 9.1 9.2 10.1

Page 10
Ref: R1R29781_IDC3230_SPRev: GPage 10/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].
Page 11
Ref: R1R29781_IDC3230_SPRev: GPage 11/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

IDCore 3230 / 230 Platform Table of Tables

Page 12
Ref: R1R29781_IDC3230_SPRev: GPage 12/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

IDCore 3230 / 230 Platform Table of Figures

Page 13
Security level
NameISO SectionRequirementLevel
11General3
22Cryptographic Module Specification3
33Cryptographic Module Interfaces3
44Roles, Services, and Authentication3
55Software/Firmware Security3
66Operational EnvironmentN/A
77Physical Security3
88Non-Invasive SecurityN/A
99Sensitive Security Parameter Management3
1010Self-Tests3
1111Life-Cycle Assurance3
1212Mitigation of Other AttacksN/A
Ref: R1R29781_IDC3230_SPRev: GPage 13/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

IDCore 3230 / 230 Platform This document defines the Security Policy for the Thales IDCore 3230 / 230 Platform cryptographic module, herein denoted the Module. The Module, validated to FIPS 140-3 overall Level 3, is a single-chip “contact” or “contact and contactless” module implementing the Global Platform operational environment, with Card Manager and Demonstration Applet. The Demonstration Applet is available only to demonstrate the complete cryptographic capabilities of the Module for FIPS 140-3 validation and is not intended for general use. The term platform herein is used to describe the chip and operational environment, not inclusive of the Demonstration Applet. The Module has a limited operational environment. The Module includes a firmware load function to support necessary updates. New firmware versions within the scope of this Security Policy and certificate must be validated through the FIPS 140-3 CMVP. Any other firmware loaded onto this module is out of the scope of this validation and requires a separate FIPS 140-3 validation. The FIPS 140-3 security levels for the Module are as follows: [Number Below] N/A N/A N/A Table 3

Page 14
Ref: R1R29781_IDC3230_SPRev: GPage 14/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

IDCore 3230 / 230 Platform Cryptographic Module Specification The IDCore 3230/230 platform cryptographic module is a single chip hardware module. The platform is available in both 'contact' or 'contact and contactless' variants implementing the Global Platform operational environment, with Card Manager and a Demonstration Applet. Figure 1 below depicts the Module’s block diagram, with a red outline highlighting the cryptographic boundary. The cryptographic boundary encompasses all the components included on the single chip. IDCore 3230 IDCore30 platform Javacard Layer layer Platform Javacard Applet Layer Demonstration Applet API JavaCard2.2.2 3.1.0/ JavaCard &Gemalto Thales Proprietary Proprietary Card Manager GP API 2.2.1 2.1.1 IDPrimeMD Applet Runtime Environment JC 3.1.0 2.2.2 Virtual Machine JC 3.1.0 2.2.2 Native / Hardware Abstraction layer Memory Manager Communication (I/O) Crypto Libraries Hardware RAM CLK Clock Clock Mngt Mgmt MMU Sensors Reset Mngt Reset Mgmt IC Layer VCC GND VCC, , GND Power Power Mngt Mgmt RST DES Engine CRC AES Engine Timers EEPROM RSA / ECC Engine ISO 7816 (UART) FLASH ROM HW RNG ISO 14443 (RF) CPU CPU (SLC37) LA, LB (RF) Figure 1

Page 15
Ref: R1R29781_IDC3230_SPRev: GPage 15/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

IDCore 3230 / 230 Platform The CM is fully compliant with two major cards industry standards: Oracle Java Card 3.1.0 Classic Edition and GlobalPlatform (GP) Card Specification version 2.2.1. The CM supports [ISO7816] T=0, T=1 and T=CL communication protocols. The CM provides an execution sandbox for Applets, performing the requested services as described in this security policy. Applets access module functionality via internal API entry points that are not exposed to external entities. External devices have access to CM services by sending APDU commands. The CM inhibits all data output via the data output interface while the module is in error state and during self-tests. The JavaCard API (JCAPI) is an internal interface, available to applets. Only applet services are available at the card edge (the interfaces that cross the cryptographic boundary). The Javacard Runtime Environment (JCRE) implements the dispatcher, registry, loader, and logical channel functionalities. The Virtual Machine (VM) implements the byte code interpreter, firewall, exception management and byte code optimizer functionalities. The Card Manager is the card administration entity, allowing authorized users to manage the card content, keys, and life cycle states. The Card Manager behaves similarly to an applet but is properly represented as a constituent of the platform. In case of delegated management (DM), the Supplementary Security Domain (SSD) behaves similarly to the Card Manager in term of card content, keys and life cycle states. The Memory Manager implements functions such as memory access, allocation, deletion and garbage collection. The Communication handler implements the ISO 7816 and ISO 14443 communications protocols in contactless mode and dual mode. The Cryptography Libraries implement the Approved services listed in Section 2.2. The Module is designed to be embedded into a plastic card body, passport, USB key, secure element etc., with a contact plate connection and/or RF antenna. The Module’s single chip is the SLC37GDA512. It can be presented in three different form factors: WORLD RLT module (contact) WORLD Combi RLT module (contact and contactless) PICO RLV module (contact)

Page 16
Module configuration
NameModelHardware VersionFirmware VersionFeatures
World RLT moduleWorld RLT moduleHardware: SLC37GDA512 Mask number: G322 Part Number: A2848377Firmware: IDCore 230-BUILD6.11 Demonstration Applet version V1.DJava Card 3.1.0 GlobalPlatform (GP) 2.2.1 Interface: contact with protocol communication T=0 and T=1
World Combi RLT moduleWorld Combi RLT moduleHardware: SLC37GDA512 Mask number: G322 Part Number: A2848344Firmware: IDCore 3230-BUILD6.11 Demonstration Applet version V1.DJava Card 3.1.0 GlobalPlatform (GP) 2.2.1 Interface: contact with protocol communication T=0 and T=1 Contactless with protocol communication T=CL
PICO RLV ModulePICO RLV ModuleHardware: SLC37GDA512 Mask number: G322 Part Number: A3138921Firmware: IDCore 230-BUILD6.11 Demonstration Applet version V1.DJava Card 3.1.0 GlobalPlatform (GP) 2.2.1 Interface: contact with protocol communication T=0 and T=1
Ref: R1R29781_IDC3230_SPRev: GPage 16/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

2.1 Test Configuration The following tested configurations are covered in this security policy: Table 4

Page 17
WORLD RLT module (SLC37GDA512)
Oblong punching
Top View – Contact PlateBottom View – Black Epoxy with RLT technology
WORLD Combi RLT module (SLC37GDA512)
Bottom View – Black Epoxy with RLT technology
Oblong punching
Top View – Combi PlateBottom View – Black Epoxy with RLT technology
PICO RLV module (SLC37GDA512)
Top View – Contact Plate
Top View – Contact Plate
Bottom View – Black Epoxy with RLV technology
Ref: R1R29781_IDC3230_SPRev: GPage 17/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

IDCore 3230 / 230 Platform 2.1 Tested Operational Environment Physical Perimeter The physical form of the Module is depicted in Figure . The Tested Operational Environment’s Physical Perimeter (TOEPP) is defined as the surfaces and edges of the packages. The Module relies on [ISO 7816] and/or [ISO 14443] card readers as input/output devices. Figure 2 - Models 2.2 CM Identification The CM is always in the approved mode of operation, it does not support a non-approved mode of operation To verify that a CM is in the approved mode of operation, select the Card Manager and send the GET DATA commands shown below:

Page 18
FieldCLAINSP1-P2Le (ExpectedPurpose
(Tag)response length)
Value00CA9F-7F2DhGet CPLC data (tag 9F 7F)
01-031DhGet Identification data (tag 01 03)
01-2F10hGet Approved mode parameters (tag 01 2F):
IDCore 3230/230 - CPLC data (tag 9F7F)
ByteDescriptionValueValue meaning
1-2IC fabricator4090hInfineon
3-4IC type0039hSLC37GDA512
5-6Operating system identifier1291hThales
7-8Operating system release date (YDDD) – Y=Year, DDD=Day in the yearYDDDhOperating System release Date
9-10Operating system release level0100hV1.0
11-12IC fabrication datexxxxhFilled in during IC manufacturing
13-16IC serial numberxxxxxxxxhFilled in during IC manufacturing
17-18IC batch identifierxxxxhFilled in during IC manufacturing
19-20IC module fabricatorxxxxhFilled in during module manufacturing
21-22IC module packaging datexxxxhFilled in during module manufacturing
23-24ICC manufacturerxxxxhFilled in during module embedding
25-26IC embedding datexxxxhFilled in during module embedding
27-28IC pre-personalizerxxxxhFilled in during smartcard preperso
29-30IC pre-personalization datexxxxhFilled in during smartcard preperso
31-34IC pre-personalization equipment identifierxxxxxxxxhFilled in during smartcard preperso
Ref: R1R29781_IDC3230_SPRev: GPage 18/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

Table 5

Page 19
35-36IC personalizerxxxxhFilled in during smartcard personalization
37-38IC personalization datexxxxhFilled in during smartcard personalization
39-42IC personalization equipment identifierxxxxxxxxhFilled in during smartcard personalization
IDCORE 3230/230 - Identification data (tag 0103)
ByteDescriptionValueValue meaning
1Thales Family NameB0Javacard
2Thales OS Name84IDCore family
3Thales Mask Number66G322
4Thales Product Name6BIDCore3230 / 230
5Thales Version06Major Version
6Thales Version (Minor)11Minor Version1
7-8Chip Manufacturer4090Infineon
9-10Chip Version7305SLC37GDA512
11-12Operational Mode8900Approved mode
13FIPS Level for product0303 = FIPS Level 3
14-15Specific chip ID32 3032 30 = Contact and Contactless 2 30 = Contact
16-29RFUxx..xxhRFU
Ref: R1R29781_IDC3230_SPRev: GPage 19/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

Table 6

4 bytes for CAST status

1 Bytes 5 and 6, as indicated in Table 7 above collective indicate the validated Firmware version number, “IDCore 3230-BUILD6.11”.

Page 20
FieldCLAINSP1-P2Le (ExpectedPurpose
(Tag)response length)
Value00AA00 00011Dh (version)
Ref: R1R29781_IDC3230_SPRev: GPage 20/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].
2 bytes for Error log
4 bytes for Periodic Self-Test counter
4 bytes for Periodic Self-Test maximum counter value
1 byte for Operational Mode
1 byte for Flag

The Demonstration Applet version can be checked using GET VERSION command, after having selected the applet: Table 8

Page 21
Approved algorithm
NameCAVP CertMode MethodKey SizeUse Function
Algorithm: AES-CBC Standard: [SP 800- 38A]Cert. #A2877Mode: CBC Method: encryption and decryptionKey size: 128, 192 and 256-bitsManage Content Module Info (Auth) Secure Channel Symmetric Cipher Opacity Secure Channel
Algorithm: AES-CMAC Standard: [SP 800- 38B]Cert. #A2877Method: generation and verificationKey size: 128, 192 and 256-bits MAC Length: 128 Message Length: 128-256 Increment 8Life cycle Manage Content Module Info (Auth) Secure channel Symmetric Cipher Message Authentication Opacity Secure Channel
Algorithm: AES-ECB Standard: [SP 800- 38A]Cert. #A2877Mode: ECB Method: encryption and decryptionKey size: 128, 192 and 256-bitsManage Content Symmetric Cipher Verify OS-GLOBALPIN
Ref: R1R29781_IDC3230_SPRev: GPage 21/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

IDCore 3230 / 230 Platform 2.3 Approved Algorithms The CM implements the following approved services: [SP 80038A] [SP 80038B] [SP 80038A]

Page 22
Approved algorithm
NameCAVP CertMode MethodKey SizeUse Function
Algorithm: Counter DRBG Standard: [SP 800- 90Ar1]Cert. #A2877Mode: Counter mode based on AES-256.Security strength: 256-bits Derivation Function Enabled: Yes Additional Input: 0 Entropy Input: 1024 Nonce: 384 Personalization String Length: 0 Returned Bits: 128.Secure Channel Digital Signature Generate Key Pair Opacity Secure Channel
Algorithm: ESV Standard: [SP 800- 90B]Cert #E107Method: Hardware TRNG includes conditioning (based on compression) and SP 800-90B required health tests.Security strength: min-entropy is 13.376 per 32-bit blocksEntropy source for DRBG [SP 800- 90Ar1]
Algorithm: ECDSA KeyGen Standard: [FIPS 186-5]Cert. #A2877Method: Key Generation Secret Generation Mode: Extra BitsKey pair generation using P-224, P- 256, P-384, P-521 curves. Security Strength: between 112 bits (P- 224) and 256 bits (P-521)Generate Key Pair
Algorithm: ECDSA SigGen Standard: [FIPS 186-5]Cert. #A2877Method: Signature Generation Hash options: SHA2-224, SHA2-256, SHA2-384, SHA2- 512Capabilities: Curve: P-224, P-256, P-384, P-521 Hash Algorithm: SHA2-224, SHA2- 256, SHA2-384, SHA2-512Digital Signature
Algorithm: ECDSA SigVer. Standard: [FIPS 186-5]Cert. #A2877Method: Signature Verification. Hash options: SHA2-224, SHA2-256, SHA2-384, SHA2- 512Capabilities: Curve: P-224, P-256, P-384, P-521 Hash Algorithm: SHA2-224, SHA2- 256, SHA2-384, SHA2-512 Security Strength: between 112 bits (P- 224) and 256 bits (P-521)Digital Signature
Ref: R1R29781_IDC3230_SPRev: GPage 22/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

IDCore 3230 / 230 Platform [SP 80090Ar1] [SP 80090B]

Page 23
Approved algorithm
NameCAVP CertMode MethodKey SizeUse Function
Algorithm: HMAC- SHA2-256 Standard: [FIPS 198-1]Cert. #A2877Method: HMAC-SHA2-256Key size: 16 bytes MAC: 256 Key Length: 128, 256Compute HashMac
Algorithm: KAS-ECC Standard: [SP 800- 56Ar3]Cert. #A2877Method: OnePassDH is a One Step KDF with partial key validation and Unilateral key confirmation (KC) using CMAC-AESCurves: P-256 using SHA-256 with KC CMAC-AES128 bits Key length: 512 bits Curves: P-384, using SHA-384, with KC CMAC-AES 256 bits Key length: 1024 bitsOpacity Secure Channel
Algorithm: KAS-ECC- SSC Standard: [SP 800- 56Ar3]Cert. #A2877Method: ephemeralUnified KAS Role: initiator, responderCurves: P-224, P-256, P-384, P-521.ECC CDH Primitive
Algorithm: KDA OneStep Standard: [SP800- 56Cr2]Cert. #A2877Method: One Step Key derivation using approved hash (SHA2-256)Fixed Info Pattern: uPartyInfo||vPartyInfo Fixed Info Encoding: concatenation Derived Key Length: 256 Shared Secret Length: 256Key-Derivation Functions (KDF) Opacity Secure Channel
Algorithm: KDA HKDF Standard: [SP800- 56Cr2]Cert. #A2877Method: HMAC -based KDF (RFC5869)Fixed Info Pattern: uPartyInfo||vPartyInfo Fixed Info Encoding: concatenation Derived Key Length: 512 Shared Secret Length: 256 HMAC Algorithm: SHA2-256Key-Derivation Functions (KDF)
Ref: R1R29781_IDC3230_SPRev: GPage 23/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

IDCore 3230 / 230 Platform HMACSHA2-256 [SP 80056Ar3] KAS-ECCSSC [SP 80056Ar3] [SP80056Cr2] [SP80056Cr2]

Page 24
Approved algorithm
NameCAVP CertMode MethodKey SizeUse Function
Algorithm: KBKDF Standard: [SP 800- 108r1]Cert. #A2877Mode: Counter KDF MAC Mode: CMAC-AES128, CMAC- AES192, CMAC-AES256Description: Derive session key from existing static secret key for SCP03 establishment Key size: 128, 192 and 256-bits Supported Lengths: 128-256 Increment 64 Fixed Data Order: In the Middle of Fixed Data Counter Length: 8 Custom Key In Length: 0Secure Channel
Algorithm: KTS Standards: [SP 800-38F] AES ENC + AES CMACCert. #A2877Mode: AES (CBC or ECB) encryption with AES CMAC authentication Method: Key Transport Scheme/Key Wrapping AESDescription: Use of approved AES encryption method (SP 800-38A) with the combination of approved Authentication method AES CMAC [SP 800-38B] Key size: 128, 192 and 256-bits.Secure Channel
Algorithm: RSA KeyGen (CRT) Standard: [FIPS 186-5]Cert. #A2877Method: Key Generation Mode probable Hash options: SHA2-224, SHA2-256, SHA2-384, SHA2- 512Key sizes: 2048, 3072, 4096 bit keys Private Key Format: crtGenerate Key Pair
Algorithm: RSA KeyGen Standard: [FIPS 186-5]Cert. #A2877Method: Key Generation Mode probable Hash options: SHA2-224, SHA2-256, SHA2-384, SHA2- 512Key sizes: 2048 bit keys Private Key Format: stdGenerate Key Pair
Ref: R1R29781_IDC3230_SPRev: GPage 24/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].
Page 25
Approved algorithm
NameCAVP CertMode MethodKey SizeUse Function
Algorithm: RSA SigGen Standard: [FIPS 186-5]Cert. #A2877Method: Signature Generation Signature Type: PKCS #1-v1.5, PKCS- PSS. Hash options: (PKCS #1-v1.5 and PKCS-PSS): SHA2- 224, SHA2-256, SHA2-384, SHA2-512Key sizes: 2048, 3072, 4096 bit keys Private Key Format: crt and stdDigital Signature
Algorithm: RSA SigVer Standard: [FIPS 186-5]Cert. #A2877Method: Signature Verification Signature Type: PKCS #1-v1.5 1.5, PKCS-PSS. Hash options: (PKCS #1-v1.5 and PKCS-PSS): SHA2- 224, SHA2-256, SHA2-384, SHA2-512Key sizes: 2048, 3072, 4096 bit keysDigital Signature Manage Content
Algorithm: SHA2 Standard: [FIPS 180-4]Cert. #A2877Method: SHA2-224, SHA2-256, SHA2- 384, SHA2-512 Message Length: 8-65536 Increment 8N/A.Digital Signature Compute Hash Key Derivation Functions Manage Content
Algorithm: SHA3 Standard: [FIPS 202]Cert. #A2877Methods: SHA3-224, SHA3-256, SHA3- 384, SHA3-512. Message Length: 0-65536 Increment 8N/A.Compute Hash
Algorithm: TDES-CBC Standard: [SP 800- 67r2]Cert. #A2877Mode: CBC Method: Decrypt (legacy use)Description: The Module supports the 3-Key, with CBC decrypt mode for legacy use only. Key size: 168-bits (3-key).Symmetric Cipher (decrypt only)
Ref: R1R29781_IDC3230_SPRev: GPage 25/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].
Page 26
Approved algorithm
NameCAVP CertMode MethodKey SizeUse Function
Algorithm: TDES-ECB Standard: [SP 800- 67r2]Cert. #A2877Mode: ECB Method: Decrypt (legacy use)Description: The Module supports the 3-Key, with ECB decrypt mode for legacy use only. Key size: 168-bits (3-key).Symmetric Cipher (decrypt only)
Algorithm: CKG Standard: [SP 800- 133r2]Vendor AffirmedMethod: Sections 4, 5.1 and 5.2Description: The seeds used for asymmetric key pair generation are produced using the unmodified/direct output of the DRBG. Security Strength: 256-bitsGenerate Key Pair
Ref: R1R29781_IDC3230_SPRev: GPage 26/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

IDCore 3230 / 230 Platform [SP 80067r2] [SP 800133r2] Table 9: Approved Algorithms NOTE The following algorithms are present in the module and have completed CAVP testing (under CAVP #A2877) but this code is not executed

Page 27
Ports and interfaces
NamePhysical PortLogical InterfaceData That Passes
VCCVCCSupply voltagePower
RSTRSTReset signalControl in
CLKCLKClock signalControl in
GNDGNDGroundPower
I/OI/OInput/outputData in, data out, control in, status out
LALAAntenna coil connectionPower, Data in, Data out, Control in, Status out
LBLBAntenna coil connectionPower, Data in, Data out, Control in, Status out
Ref: R1R29781_IDC3230_SPRev: GPage 27/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

IDCore 3230 / 230 Platform 2.4 Non-Approved Algorithms The module only implements approved services/algorithms and does not support any nonapproved algorithms. Cryptographic Module Interfaces The Module is designed to be embedded into a plastic card body, passport, USB key, secure element etc., with a contact plate connection and/or RF antenna. 3.1 PIN Assignments and Contact Dimensions The WORLD Combi RLT module has access to contact and contactless interfaces. The WORLD RLT module and the PICO RLV module have only access to a contact interface. The contact interface is the same for all the module variants. Figure 3 - Contact and Contactless Interfaces The Module does not support a Control Output interface. I/O Table 10

Page 28
ConditionsRange
Voltage1.8V, 3 V and 5.5 V DC
Frequency21MHz to 10MHz
ConditionsRange
Supported bit rate106 Kbits/s, 212 Kbits/s, 424 Kbits/s, 848 Kbits/s
Operating fieldBetween 1.5 A/m and 7.5 A/m rms
Frequency13.56 MHz +- 7kHz
Ref: R1R29781_IDC3230_SPRev: GPage 28/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

IDCore 3230 / 230 Platform For contact interface operation, the Module conforms to [ISO 7816] part 1 and part

  1. The electrical signals and transmission protocols follow the [ISO 7816] part
  2. The operating conditions for the contact interfaces of this module are: Table 11 - Voltage and Frequency Ranges For contactless interface operation, the Module conforms to [ISO 14443] part 1 for physical connections, and to [ISO 14443] parts 2, 3 and 4 for radio frequencies and transmission protocols. The operating conditions for the contactless interfaces of this module are: Table 12 – Contactless voltage and Frequency Ranges Frequency of the internal clock as supplied by the CLK physical interface.
Page 29
Service
NameRolesInputOutput
Lifecycle: Modify the card or applet life cycle statusCOSet / Get Status: life cycle state to update/ emptyreturn Status Word / life cycle state and package list
Manage Content: -Load, install, and delete application packages and associated keys and data -Manage keys: SD-KENC, SD-KDEK,SD- KMAC, DAP-SYM, DAP-ASYM, DM-TOKEN- SYM, DM-TOKEN-ASYM, DM-RECEIPT- SYM (Put key) -Update Pin to change the OS-GLOBALPINCO- applications and associated data - keys - OS-GLOBALPINreturn Status Word
Module Info (Auth): Read module configuration or status information (privileged data objects).COTags and module informationmodule configuration status information return Status Word
Ref: R1R29781_IDC3230_SPRev: GPage 29/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

IDCore 3230 / 230 Platform Roles, Services, and Authentication 4.1 Roles The module supports two authenticated roles, the Cryptographic Officer (CO) and the User (USR). The CO is responsible for card issuance and management of card data via the Card Manager Authenticated using the SCP authentication method with SD-SENC. The USR is for FIPS 140-3 validation purposes, authenticated as described in Demonstration Applet Authentication below. The module also supports unauthenticated services, which are implicitly invoked by the Unauthenticated Role (UA). Authentication of each operator and their access to roles and services is as described below, independent of logical channel usage. Only one operator at a time is permitted on a channel. Applet deselection (including Card Manager), card reset, or power down terminates the current authentication; re-authentication is required after any of these events for access to authenticated services. Applet reselection (except Card Manager that close systematically the GlobalPlatform secure channel) is leaving the secure channel unchanged and it is up to the applet policy to close it or not. The module clears previous authentications on each power cycle. It also supports Global Platform SCP logical channels, allowing concurrent operators in a limited fashion. 4.2 Approved Services All approved services implemented by the Module are listed in the tables below. The module does not support any non-approved services.

Page 30
Service
NameRolesInputOutput
Secure Channel: Establish and use a secure communications channel (AES CMAC with KBKDF)COrandom, diversification dataauthentication data, return Status Word
Digital Signature: Demonstrate RSA and ECDSA digital signature generation and verificationUSRsession, algorithm, algorithm parameters, data to sign.signature, return Status Word
Generate Key Pair: Demonstrate RSA and ECC key generationUSRNonepublic and private key generated return Status Word
ECC CDH Primitive: Demonstrate ECC Diffie-Hellman primitive Generate a shared secret from ECC-CDH schemeUSRalgorithm, algorithm parameters, Ecc public keyshared secret, return Status Word
Symmetric Cipher: Demonstrate use of AES for encryption and decryption.. Demonstrate use of Triple-DES for decryption only.USRsession, algorithm, algorithm parameters, data to encrypt/decryptencrypted / decrypted data, return Status Word.
Message Authentication: Demonstrate AES CMACUSRDataCMAC return Status Word
Key-Derivation Functions (KDF): Demonstrate use of Keys diversification service • KDA HKDF • KDA OneStepUSRikm (“input key material”) salt, fixed info counter, shared secret and Other infookm: Output keys material return Status Word
Compute Hash: compute the hash valueUSRmessageHash return Status Word
Compute HashMac: compute the hashmac valueUSRMessage KeyHashMac return Status Word
Context – Select an applet or manage logical channels.UAdatareturn Status Word
Module Info - Read unprivileged data objects, e.g., module configuration or status information.UADatareturn Status Word
Ref: R1R29781_IDC3230_SPRev: GPage 30/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].
Page 31
Service
NameRolesInputOutput
Module Reset - Power cycle or reset the Module. Includes Integrity Self-Test, periodic self-test counter set up and self-test flag is resetUAN/AATR (Answer To Reset)
Run Cryptographic KAT - Sets a flag to that a specific cryptographic KATs has been performed on demand via Module Reset.UADatareturn Status Word
Get Approved mode parameters - Get information of the approved mode of operationUAN/Adata return Status Word
Verify the OS-GLOBALPINUAOS-GLOBALPINreturn Status Word
OPACITY Secure Channel - Establishes a secure channel based on opacity to protect confidentiality and integrity of transmitted information and allows the off-card entity initiating the Opacity Secure Messaging to authenticate the moduleUADatacontrol byte + nonce + cryptogram + cert return Status Word
Ref: R1R29781_IDC3230_SPRev: GPage 31/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

IDCore 3230 / 230 Platform N/A N/A Table 13 - Roles, Service Commands, Input and Output OPACITY (Open Protocol for Access Control Identification and Ticketing with privacY) is a compact flexible secure and fast authentication protocol with secure messaging capability. This secure messaging is based on symmetric session keys derived using the key establishment protocol. The key establishment protocol authenticates the card application to the client application and establishes two parties. Once session keys are established and the card is authenticated, subsequent communication This is a one way authentication protocol. The reader is not authenticated by the card. This secure channel is based on the card key: DEM-OPACITY-PRI and an ephemeral key generated by the host. The section 4.1 of SP 800-73-4 specification describes the key establishment protocol used to support The strength depends on cipher suite CS2 and CS7:

128 bits of channel strength.
192 bits of channel strength.

All usage of SSPs by the services implemented by the Module are listed in the table below:

Page 32
Ref: R1R29781_IDC3230_SPRev: GPage 32/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

IDCore 3230 / 230 Platform All of the above commands use the SD-SENC and SD-SMAC keys for secure channel communications, and SD-SMAC for firmware load integrity. The card life cycle state determines which modes are available for the secure channel. In the SECURED card life cycle state, all command data must be secured by at least a MAC. As specified in the GP specification, there exist earlier states (before card issuance) in which a MAC might not be necessary to send Issuer Security Domain commands. Note that the LOAD service enforces MAC usage. The provided demonstration applet enforces the restrictions of algorithms, modes, and key sizes per NIST SP 800-131A Revision 1.

Page 33
Service
NameDescriptionRolesCsps AccessedApproved FunctionsAccessIndicator
LifecycleModify the card or applet life cycle statusCOOS-DRBG-EI OS-DRBG-S OS-DRBG-V OS-DRBG-KEY OS-GLOBALPIN OS-MKDK SD-KENC SD-KMAC SD-KDEK SD-SENC SD-SMAC DAP-SYMAES-CMACZ : for all SSPs When setting the card state to terminatedIND_1
Ref: R1R29781_IDC3230_SPRev: GPage 33/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

IDCore 3230 / 230 Platform G = Generate: The module generates or derives the SSP. R = Read: The SSP is read from the module (e.g. the SSP is output). W = Write: The SSP is updated, imported, or written to the module. E = Execute: The module uses the SSP in performing a cryptographic operation. Z = Zeroize: The module zeroizes the SSP. IND_1: The status conditions for successfully completed execution is 90 00 Z:

Page 34
Service
NameDescriptionRolesRole AccessCsps AccessedIndicator
Manage Content1Load, install, and delete application packages and associated keys and dataCOSD-KENC SD-KMAC OS-MKDK SD-KDEK SD-SENC SD-SMAC DAP-SYM DM-TOKEN-SYMW : SD-KENC, SD- KMAC, SD-KDEK, DAP-SYM, DM- TOKEN-SYM, DM- RECEIPT-SYM, DAP-ASYM, DM- TOKEN-ASYM, DEM-COM-EDK, DEM-COM-MAC E :IND_1AES-CBC AES-CMAC AES-ECB RSA SigVer SHA2
Ref: R1R29781_IDC3230_SPRef: R1R29781_IDC3230_SPRev: GPage 34/70
DM-RECEIPT-SYM DAP-ASYM DM-TOKEN-ASYM DEM-COM-EDK DEM-COM-MACDM-RECEIPT-SYM DAP-ASYM DM-TOKEN-ASYM DEM-COM-EDK DEM-COM-MACOS-MKDK, SD- KMAC, SD-KDEK, SD-SENC, SD- SMAC, DAP-SYM, DM-TOKEN-SYM, DM-RECEIPT-SYM, DAP-ASYM, DM- TOKEN-ASYM Z: DEM-COM-EDK, DEM-COM-MAC
Manage Content2Manage keys: SD-KENC, SD-KDEK, SD-KMAC, DAP-SYM, DAP-ASYM, DM-TOKEN-SYM, DM- TOKEN-ASYM, DM- RECEIPT-SYM (Put key)COSD-KENC SD-KDEK SD-KMAC DAP-SYM DAP-ASYM DM-TOKEN-SYM DM-TOKEN-ASYM DM-RECEIPT-SYM OS-MKDKW : SD-KENC, SD- KMAC, SD-KDEK, DAP-SYM, DAP- ASYM; DM-TOKEN- SYM, DM-TOKEN- ASYM, DM- RECEIPT-SYM E : OS-MKDK, SD- KMAC, SD-KDEK, SD-SENC, SD- SMACIND_1AES-CBC AES-CMAC AES-ECB
Manage Content3Update Pin to change the OS-GLOBALPINCOOS-GLOBALPIN OS-MKDKW : OS-GLOBALPIN E :IND_1AES-CBC AES-CMAC
Ref: R1R29781_IDC3230_SPRef: R1R29781_IDC3230_SPRev: GPage 35/70

IDCore 3230 / 230 Platform DAP-SYM, DMTOKEN-SYM, DMRECEIPT-SYM, E:

Page 35

IDCore 3230 / 230 Platform Z: W: DAP-SYM, DAPASYM; DM-TOKENSYM, DM-TOKENASYM, DMRECEIPT-SYM E: W: E:

Page 36
Service
NameDescriptionRolesRole AccessCsps AccessedApproved FunctionsIndicator
Module Info (Auth)Read module configuration or status information (privileged data objects).COSD-SENC SD-SMACE : SD-SENC, SD- SMACAES-CBC AES-CMACIND_1
Secure ChannelEstablish and use a secure communications channel (AES CMAC with KBKDF)COOS-DRBG-EI OS-DRBG-S OS-DRBG-V OS-DRBG-KEY SD-KENC SD-KMAC SD-SENC SD-SMACE : OS-DRBG-EI, OS- DRBG-S, OS-DRBG- V, OS-DRBG-KEY, SD-KENC, SD- KMAC, , SD-SENC, SD-SMAC G: SD-SENC, SD- SMAC W: OS-DRBG-V, OS- DRBG-KEYAES-CBC AES-CMAC KTS Counter DRBG ESV KBKDFIND_1
Digital SignatureDemonstrate RSA and ECDSA digital signature generation and verificationUSROS-GLOBALPIN OS-DRBG-EI OS-DRBG-S OS-DRBG-V OS-DRBG-KEY OS-MKDKE : OS-DRBG-EI, OS- DRBG-S, OS-DRBG- V, OS-DRBG-KEY, OS-GLOBALPIN OS-MKDK DEM-SGV-PRI DEM-SGV-PUBSHA2 RSA SigGen RSA SigVer ECDSA SigGen ECDSA SigVer Counter DRBGIND_1
Ref: R1R29781_IDC3230_SPRev: GPage 36/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].
Page 37
Service
NameDescriptionRolesCsps AccessedAccessIndicatorESV
Generate Key PairDemonstrate RSA and ECC key generationUSROS-GLOBALPIN DEM-KGS-PUB DEM-KGS-PRI OS-DRBG-EI OS-DRBG-S OS-DRBG-V OS-DRBG-KEY OS-MKDKE : OS-GLOBALPIN DEM-KGS-PUB DEM-KGS-PRI OS-DRBG-KEY OS-MKDK OS-DRBG-EI, OS- DRBG-S, OS-DRBG- V, OS-DRBG-KEY G : DEM-KGS-PUB DEM-KGS-PRI R : DEM-KGS-PUB DEM-KGS-PRI W: DEM-KGS-PUB DEM-KGS-PRI OS-DRBG-S, OS- DRBG-VIND_1RSA KeyGen RSA KeyGen (CRT) ECDSA KeyGen Counter DRBG ESV CKG
Ref: R1R29781_IDC3230_SPRef: R1R29781_IDC3230_SPRev: GPage 37/70
ECC CDH PrimitiveDemonstrate ECC Diffie- Hellman primitiveUSROS-GLOBALPIN DEM-KAP-PUB DEM-KAP-PRI OS-MKDKE : OS-GLOBALPIN DEM-KAP-PUB DEM-KAP-PRI OS-MKDK OS-DRBG-KEY R : DEM-KAP-PUB DEM-KAP-PRI :IND_1KAS-ECC-SSC
Symmetric CipherDemonstrate use of AES for encryption and decryption Demonstrate use of Triple- DES 3k for decryption for legacyUSROS-GLOBALPIN OS-MKDK DEM-EDKE : OS-GLOBALPIN DEM-EDK OS-MKDK R : DEM-EDK Z : DEM-EDKIND_1AES-CBC AES-ECB AES-CMAC TDES-CBC TDES-ECB
Message AuthenticationDemonstrate AES CMACUSROS-GLOBALPIN OS-MKDK DEM-MACE : OS-GLOBALPIN OS-MKDK DEM-MACIND_1AES CMAC
Key-Derivation Functions (KDF)Demonstrate use of Keys diversification serviceUSROS-GLOBALPINE : OS-GLOBALPININD_1KDA HKDF SHA2
Ref: R1R29781_IDC3230_SPRef: R1R29781_IDC3230_SPRev: GPage 38/70
Page 39
Service
NameDescriptionRolesCsps AccessedApproved FunctionsAccessIndicator
Compute HASHCompute the hash valueUSROS-GLOBALPIN OS-MKDKSHA2 SHA3E : OS-GLOBALPIN OS-MKDKIND_1
Compute HashMacCompute the hash mac valueUSROS-GLOBALPIN OS-MKDKHMAC-SHA2- 256E : OS-GLOBALPIN OS-MKDKIND_1
ContextSelect an applet or manage logical channels.UAN/AN/AN/AIND_1
Module Info (Unauth)Read unprivileged data objects, e.g., module configuration or status information.UAN/AN/AN/AIND_1
Module ResetPower cycle or reset the Module. Includes Integrity Self-Test, periodic self-test counter set up and self-test flag is resetUASD-SENC SD-SMACN/AZ : SD-SENC, SD- SMACIND_1
Run Cryptographic KATSets a flag to that a specific cryptographic KATs has been performed on demand via Module Reset.UAN/AN/AN/AIND_1
Ref: R1R29781_IDC3230_SPRev: GPage 39/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

IDCore 3230 / 230 Platform HMAC-SHA2256 N/A E: E: N/A N/A N/A N/A N/A N/A Z: N/A N/A N/A

Page 40
Service
NameDescriptionRolesCsps AccessedApproved FunctionsAccessIndicator
Get Approved mode parametersGet information on the approved mode of operationUAN/AN/AN/AIND_1
Verify OS- GLOBALPINVerify the OS-GLOBALPINUAOS-GLOBALPIN OS-MKDKAES-ECBE : OS-GLOBALPIN OS-MKDKIND_1
Opacity Secure ChannelEstablish a secure communications channel based on opacityUAOS-DRBG-EI OS-DRBG-S OS-DRBG-V OS-DRBG-KEY OPACITY-SENC OPACITY-SMAC OPACITY-SRMAC OPACITY- SCONFIRMATIONAES-CBC AES-CMAC SHA2 KDA OneStep KAS-ECC Counter DRBGE : OS-DRBG-EI, OS- DRBG-S, OS-DRBG- V, OS-DRBG-KEY, OPACITY-SENC OPACITY-SMAC OPACITY-SRMAC OPACITY- SCONFIRMATION G: OPACITY-SENC OPACITY-SMAC OPACITY-SRMAC OPACITY- SCONFIRMATION W: OS-DRBG-S, OS- DRBG-V Z :IND_1
Ref: R1R29781_IDC3230_SPRev: GPage 40/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

IDCore 3230 / 230 Platform N/A Verify OSGLOBALPIN N/A N/A E: E: OPACITYSCONFIRMATION G: OPACITYSCONFIRMATION OPACITYSCONFIRMATION W: Z:

Page 41
Ref: R1R29781_IDC3230_SPRev: GPage 41/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

IDCore 3230 / 230 Platform OPACITYSCONFIRMATION Table 14 –Approved Services

Page 42
Role IDAuthentication MethodAuthentication Strength
COSecure Channel Protocol authentication method (Identity-based)See below
USRDemonstration applet Authentication Method (Identity-based)See below
UAN/AN/A
Ref: R1R29781_IDC3230_SPRev: GPage 42/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

IDCore 3230 / 230 Platform 4.3 Authentication Methods The module provides Identity-based authentication using either the Security Channel Protocol The following table lists the roles supported by the cryptographic module as well as how they are authenticated: N/A N/A Table 15

Page 43
Ref: R1R29781_IDC3230_SPRev: GPage 43/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

IDCore 3230 / 230 Platform The probability that a single random attempt will succeed with the smallest (16-byte long key) is 1/(2128). Additionally, the module also enforces a maximum count of 15 consecutive failed authentication attempts. After 15 consecutive unsuccessful attempts, the secure channel authentication is permanently blocked. All services that require the secure channel authentication return the status word: SW_SECURITY_STATUS_NOT_SATISFIED. 4.3.2 Demonstration Applet Authentication Method (USR) The USR role is authenticate to the module by verifying a PIN value. This authentication method compares a PIN value sent to the Module over an encrypted channel to the stored OS-GLOBALPIN value; if the two values are equal, the operator is authenticated. In accordance to SP 800-63B, this Authenticator type is best described as Memorized Secrets (Section 5.1.1). The module enforces OS-GLOBALPIN string length of 8 bytes minimum (16 bytes maximum), allowing all characters, so the strength of this authentication method is as follows:

Page 44
Ref: R1R29781_IDC3230_SPRev: GPage 44/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

IDCore 3230 / 230 Platform Software/Firmware Security The CM’s firmware integrity is checked on startup and when periodic self-test period is over. Periodic Self-Tests (PST) are performed and run the firmware integrity tests. The integrity technique is based on EDC (CRC-16), which is approved for a hardware module. The firmware image size covered by the integrity technique is roughly 200 KB. The integrity test can be triggered on demand by setting the specific flag with the proprietary command “autotest management”. Failure of firmware integrity self-tests during Periodic Self-Tests (PST) will trigger a module halt. Recovery from this state will require the module to be restarted and for the detected fault to have cleared. Otherwise, the module will re-halt during POST following restart. The module’s FIPS error log is updated regarding the encountered issue and the card goes into an error state.

Page 45
Ref: R1R29781_IDC3230_SPRev: GPage 45/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

IDCore 3230 / 230 Platform Operational Environment The module includes a limited Operating Environment. Only authorized applets can be loaded at post-issuance under control of the Cryptographic Officer. Their execution is controlled by the CM operating system following its security policy rules.

Page 46
Physical SecurityRecommended Frequency of Inspection/TestInspection/Test Guidance Details
Mechanism
Physical inspection of module surfaces for signs of tamper.On receipt of module following transport. Before each module useIn the event of any observed damage, photograph the card and contact Thales to confirm whether observed anomalies are to be expected or are confirmed signs of potential tampering
ConditionsRange
Voltage1.8V-5V
Temperature-25°C/+85°C
Ref: R1R29781_IDC3230_SPRev: GPage 46/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

IDCore 3230 / 230 Platform The module is a hardware module claiming level 3 physical security and of embodiment single-chip. The CM meets commercial-grade specifications for power, temperature, reliability, and shock/vibrations. The CM uses standard passivation techniques and is protected by passive shielding (metal layer coverings opaque to the circuitry below) and active shielding (a grid of top metal layer wires with tamper response). A tamper event detected by the active shield places the Module permanently into the Card Is Killed error state. The Module is designed to be mounted in a plastic smartcard or similar package; physical inspection of the epoxy side of the Module is not practical after mounting. Table 16 - Physical Security Inspection Guidelines Table 17 - Voltage and Temperature Ranges The module’s hardware is designed to sense and respond to out-of-range temperature conditions as well powered-on state. The module supports an EFP mechanism that will trigger module shutdown if low or high temperature extremes and out-of-range voltage conditions are detected whilst the module is active. In the event that the module senses an out-of-range temperature or over voltage the module will reset itself, clearing all working memory.

Page 47
Temperature or voltage measurementSpecify EFP or EFTSpecify if this condition
results in a shutdown or
zeroisation
Low Temperature-45°CEFPShutdown
High Temperature+130°CEFPShutdown
Low Voltage1.6 VEFPShutdown
High Voltage5.5 VEFPShutdown
Hardness tested temperature measurement
Low Temperature-45°C, -25°C
High Temperature+85ºC, +130°C
Ref: R1R29781_IDC3230_SPRev: GPage 47/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

IDCore 3230 / 230 Platform The module can be reset and placed back into operation when in-bound operating conditions have been restored . The following table covers the limits enforced by the module:

1.6 V
5.5 V

Table 18 - EFP/EFT The following table lists the temperature tested during the assessment of the module: Table 19 - Hardness testing temperature ranges

Page 48
Ref: R1R29781_IDC3230_SPRev: GPage 48/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

IDCore 3230 / 230 Platform Non-invasive security No assured mitigations to ‘other attacks’ are covered in this security policy.

Page 49
Ref: R1R29781_IDC3230_SPRev: GPage 49/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

IDCore 3230 / 230 Platform Sensitive security parameter management All SSPs used by the CM are described in this section. All usages of these SSPs by the CM are described in the services. In addition, all keys stored in RAM are zeroized upon power-cycle of the CM. The following table lists Sensitive Security Parameters (SSP) used to perform approved security function supported by the cryptographic module. The following notes should be observed when reading the table:

Page 50
Approved algorithm
NameKey Size
/ e m a N P S S / y e K/ e m a N P S S / y e Ke p y Th t g n e r t Sn o it c n u F y t ir u c e Sr e b m u N t r e C d n an o it a r e n e Gt r o p x E /t r o p m It n e m h s ilb a t s Ee g a r o t Sn o it a s io r e Zd e t a le R d n a e s Us y e K
1024-bit random drawn by the approved entropy source described in section 9.2 of the SP and used as entropy input for the [SP 800-90A] DRBG implementation Used by the SCP authentication256 bitsOS-DRBG-EI / Entropy Input / CSPESV Cert. #E107Generated on module using ESVN/AN/Aplaintext in RAMModule entering TERMINATED state
48 byte seed output from AES_DF used for instantiation of the [SP800- 90A] DRBG implementation Used by the SCP authentication256 bitsOS-DRBG-S / Seed / CSPDRBG Cert. #A2877Constructed as per SP 800-90AN/AN/Aplaintext in RAMPower-cycling the module Module entering TERMINATED state
Ref: R1R29781_IDC3230_SPRev: GPage 50/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

IDCore 3230 / 230 Platform N/A N/A Use and Related Keys Zeroisation Storage Establishment Import/ Export Generation Security Function Sensitive Security Parameters Summary Strength Key / SSP Name / Type 9.1 N/A N/A

Page 51
Approved algorithm
NameKey Size
/ e m a N P S S / y e K/ e m a N P S S / y e Ke p y Th t g n e r t Sn o it c n u F y t ir u c e Sr e b m u N t r e C d n an o it a r e n e Gt r o p x E /t r o p m It n e m h s ilb a t s Ee g a r o t Sn o it a s io r e Zd e t a le R d n a e s Us y e K
16-byte AES state V used in the [SP 800-90A] CTR DRBG implementation Used by the SCP authentication128 bitsOS-DRBG-V / DRBG “V” value / CSPDRBG Cert. #A2877Constructed as per SP 800-90AN/AN/Aplaintext in RAMPower-cycling the module Module entering TERMINATED state
32-byte AES key used in the [SP 800-90A] CTR DRBG implementation Used by the SCP authentication256 bitsOS-DRBG- KEY / DRBG “Key” value / CSPDRBG Cert. #A2877Constructed as per SP 800-90AN/AN/Aplaintext in RAMPower-cycling the module Module entering TERMINATED state
Ref: R1R29781_IDC3230_SPRev: GPage 51/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

N/A N/A N/A N/A Use and Related Keys Zeroisation Storage Establishment Import/ Export Generation Security Function and Cert Number Strength Key / SSP Name / Type IDCore 3230 / 230 Platform

Page 52
Approved algorithm
NameMode MethodKey SizeUse Function
/ e m a N P S S / y e K/ e m a N P S S / y e Ke p y Th t g n e r t Sn o it c n u F y t ir u c e Sr e b m u N t r e C d n an o it a r e n e Gt r o p x E /t r o p m It n e m h s ilb a t s Ee g a r o t Sn o it a s io r e Zd e t a le R d n a e s Us y e K
Stored encrypted (AES-ECB) by OS-MKDK in FLASHN/AN/AOS- GLOBALPIN / global PIN / CSPPre-loaded during manufacturin gInput using Manage Content service, encrypted by SD- KDEKN/AModule entering TERMINATED state by OS-MKDK zeroisation8 to 16 byte Global PIN value managed by the CO. Character space is not restricted by the module. The PIN Policy is managed by the applet. Used by the Demonstration Applet Authentication Method (USR role)
Stored in plaintext in FLASHAES- ECB Cert. #A2877128 bitsOS-MKDK / Encryption key / CSPPre-loaded during manufacturin g using chip- internal dataN/AN/AModule entering TERMINATED stateEncrypts OS-GLOBALPIN Used by the Demonstration Applet Authentication Method (USR role)
Ref: R1R29781_IDC3230_SPRev: GPage 52/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

OSGLOBALPIN N/A N/A AESECB g N/A N/A N/A Use and Related Keys Storage Establishment Import/ Export Generation Security Function and Cert Number Strength Key / SSP Name / Type IDCore 3230 / 230 Platform

Page 53
Approved algorithm
NameMode MethodKey SizeUse Function
/ e m a N P S S / y e K/ e m a N P S S / y e Ke p y Th t g n e r t Sn o it c n u F y t ir u c e Sr e b m u N t r e C d n an o it a r e n e Gt r o p x E /t r o p m It n e m h s ilb a t s Ee g a r o t Sn o it a s io r e Zd e t a le R d n a e s Us y e K
AES-128/192/256 master key used by the CO role to derive SD-SENC Used by the SCP authenticationAES- CBC Cert. #A2877128, 192, 256 bitsSD-KENC / Decryption Key / CSPN/AEntered using PUT KEY, encrypted by SD-KDEK; key identifier entity association. An initial value is loaded during manufacturingN/AStored in plaintext in FLASHModule entering TERMINATED state
AES-128/192/256 master key used by the CO role to derive SD-SMAC Used by the SCP authenticationAES- CMAC Cert. #A2877128, 192, 256 bitsSD-KMAC / Signature verification Key / CSPN/AEntered using PUT KEY, encrypted by SD-KDEK; key identifier entity association. An initial value is loaded during manufacturingN/AStored in plaintext in FLASHModule entering TERMINATED state
Ref: R1R29781_IDC3230_SPRev: GPage 53/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

AESCBC AESCMAC N/A N/A N/A N/A Use and Related Keys Zeroisation Storage Establishment Import/ Export Generation Security Function and Cert Number Strength Key / SSP Name / Type IDCore 3230 / 230 Platform

Page 54
Approved algorithm
NameMode MethodKey SizeUse Function
/ e m a N P S S / y e K/ e m a N P S S / y e Ke p y Th t g n e r t Sn o it c n u F y t ir u c e Sr e b m u N t r e C d n an o it a r e n e Gt r o p x E /t r o p m It n e m h s ilb a t s Ee g a r o t Sn o it a s io r e Zd e t a le R d n a e s Us y e K
AES-128/192/256 decryption encryption key used by the CO role to decrypt/encrypt sensitive data Can be used to wrap SD- KENC, SD-KDEK, SD- KMAC, DAP-SYM, DM- TOKEN-SYM, DM- RECEIPT-SYM, DAP- ASYM and DM-TOKEN- ASYM SSPsAES- CBC Cert. #A2877128, 192, 256 bitsSD-KDEK / Encryption Decryption Key / CSPN/AEntered using PUT KEY, encrypted by SD-KDEK; key identifier entity association. An initial value is loaded during manufacturingN/AStored in plaintext in FLASHModule entering TERMINATED state
AES-128/192/256 (SCP03) Session encryption key used by the CO role to encrypt / decrypt secure channel data Used by the SCP authenticationAES- CBC Cert. #A2877128, 192, 256 bitsSD-SENC / Session Decryption Key / CSPDerived on module using KBKDF, in accordance with SCP03 specificationN/AN/Aplaintext in RAMPower-cycling the module Closing SCP secure channel
Ref: R1R29781_IDC3230_SPRev: GPage 54/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

AESCBC AESCBC N/A N/A Use and Related Keys Zeroisation Storage Establishment Import/ Export Generation Security Function Strength Key / SSP Name / Type IDCore 3230 / 230 Platform N/A N/A

Page 55
Approved algorithm
NameKey SizeUse Function
/ e m a N P S S / y e K/ e m a N P S S / y e Ke p y Th t g n e r t Sn o it c n u F y t ir u c e Sr e b m u N t r e C d n an o it a r e n e Gt r o p x E /t r o p m It n e m h s ilb a t s Ee g a r o t Sn o it a s io r e Zd e t a le R d n a e s Us y e K
AES-128/192/256 (SCP03) Session MAC key used by the CO role to verify secure channel data integrity Used by the SCP authentication128, 192, 256 bitsSD-SMAC / Session Signature verification Key / CSPAES- CMAC Cert. #A2877Derived on module using KBKDF, in accordance with SCP03 specificationN/AN/Aplaintext in RAMPower-cycling the module Closing SCP secure channel
AES-128/192/256 DAP key optionally loaded in the field and used to verify the CMAC signature of packages loaded into the Module128, 192, 256 bitsDAP-SYM / Signature verification key / CSPAES- CMAC Cert. #A2877N/AEntered using PUT KEY, encrypted by SD-KDEK; key identifier entity association. An initial value is loaded during manufacturingN/AStored in plaintext in FLASHModule entering TERMINATED state
AES-128/192/256 Delegate Management Token symmetric key128, 192, 256 bitsDM-TOKEN- SYM / Delegate Management Signature verification key / CSPAES- CMAC Cert. #A2877N/AEntered using PUT KEY, encrypted by SD-KDEK; key identifier entity association. An initial value is loaded during manufacturingN/AStored in plaintext in FLASHModule entering TERMINATED state
Ref: R1R29781_IDC3230_SPRev: GPage 55/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

DM-TOKENSYM / AESCMAC AESCMAC AESCMAC Use and Related Keys Zeroisation Storage Establishment Import/ Export Generation Security Function Strength Key / SSP Name / Type IDCore 3230 / 230 Platform N/A N/A N/A N/A N/A N/A

Page 56
Approved algorithm
NameKey SizeUse Function
/ e m a N P S S / y e K/ e m a N P S S / y e Ke p y Th t g n e r t Sn o it c n u F y t ir u c e Sr e b m u N t r e C d n an o it a r e n e Gt r o p x E /t r o p m It n e m h s ilb a t s Ee g a r o t Sn o it a s io r e Zd e t a le R d n a e s Us y e K
AES-128/192/256 Delegate Management symmetric key to compute receipt128, 192, 256 bitsDM- RECEIPT- SYM / Delegate Management Signature generation Key / CSPAES- CMAC Cert. #A2877N/AEntered using PUT KEY, encrypted by SD-KDEK; key identifier entity association. An initial value is loaded during manufacturingN/AStored in plaintext in FLASHModule entering TERMINATED state
2048-bit public part of RSA key pair used for Asymmetric Signature verification used to verify the signature of packages loaded into the Module112 bits (2048 bits length)DAP-ASYM / Signature verification Key / PSPRSA SigVer Cert. #A2877N/AEntered using PUT KEY, encrypted by SD-KDEK; key identifier entity association. An initial value (if necessary) is loaded during manufacturingN/AStored in plaintext in FLASHModule entering TERMINATED state
Ref: R1R29781_IDC3230_SPRev: GPage 56/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

DMRECEIPTSYM / AESCMAC N/A N/A N/A N/A Use and Related Keys Zeroisation Storage Establishment Import/ Export Security Function and Cert Number Strength Key / SSP Name / Type IDCore 3230 / 230 Platform

Page 57
Approved algorithm
NameMode MethodKey SizeUse Function
/ e m a N P S S / y e K/ e m a N P S S / y e Ke p y Th t g n e r t Sn o it c n u F y t ir u c e Sr e b m u N t r e C d n an o it a r e n e Gt r o p x E /t r o p m It n e m h s ilb a t s Ee g a r o t Sn o it a s io r e Zd e t a le R d n a e s Us y e K
Card OPACITY Secure Messaging Session Encryption Key: Symmetric AES-128/256 used during Secure Messaging session for data encryptionAES- CBC Cert. # A2877128 bitsOPACITY- SENC / OPACITY session Encryption Decryption Key / CSPDerived using KDA OneStepN/AN/AStored in plaintext in RAMPower-cycling the module Closing SCP secure channel
Card OPACITY Secure Messaging Session MAC Key: Symmetric AES-128/256 used during Secure Messaging session for input MAC verificationAES CMAC Cert. # A2877128 bits 256 bitsOPACITY- SMAC / OPACITY session Signature verification key/ CSPDerived using KDA OneStepN/AN/AStored in plaintext in RAMPower-cycling the module Closing SCP secure channel
Ref: R1R29781_IDC3230_SPRev: GPage 57/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

OPACITYSENC / OPACITYSMAC / AESCBC N/A N/A N/A N/A Use and Related Keys Zeroisation Storage Establishment Import/ Export Generation Security Function and Cert Number Strength Key / SSP Name / Type IDCore 3230 / 230 Platform

Page 58
Approved algorithm
NameKey SizeUse Function
/ e m a N P S S / y e K/ e m a N P S S / y e Ke p y Th t g n e r t Sn o it c n u F y t ir u c e Sr e b m u N t r e C d n an o it a r e n e Gt r o p x E /t r o p m It n e m h s ilb a t s Ee g a r o t Sn o it a s io r e Zd e t a le R d n a e s Us y e K
Card OPACITY Secure Messaging Session Response MAC Key: Symmetric AES-128/256 used during Secure Messaging session for response MAC computation128 bits 256 bitsOPACITY- SRMAC / OPACITY session Signature generation key / CSPAES- CMAC Cert. # A2877Derived using KDA OneStepN/AN/AStored in plaintext in RAMPower-cycling the module Closing SCP secure channel
Card OPACITY Secure Messaging Session Confirmation Key: Symmetric AES-128/256 used during Secure Messaging session establishment.128 bits 256 bitsOPACITY- SCONFIRM ATION / OPACITY session Signature generation confirmation key / CSPAES- CMAC Cert. # A2877Derived using KDA OneStepN/AN/AStored in plaintext in RAMPower-cycling the module Automatically zeroised after cryptogram computation occurring during secure channel establishment
Ref: R1R29781_IDC3230_SPRev: GPage 58/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

OPACITYSRMAC / OPACITYSCONFIRM AESCMAC N/A N/A Use and Related Keys Zeroisation Storage Import/ Export Security Function and Cert Number Strength Key / SSP Name / Type IDCore 3230 / 230 Platform AESCMAC N/A N/A

Page 59
Approved algorithm
NameKey SizeUse Function
/ e m a N P S S / y e K/ e m a N P S S / y e Ke p y Th t g n e r t Sn o it c n u F y t ir u c e Sr e b m u N t r e C d n an o it a r e n e Gt r o p x E /t r o p m It n e m h s ilb a t s Ee g a r o t Sn o it a s io r e Zd e t a le R d n a e s Us y e K
RSA 2048-bit Asymmetric key for Delegate Management for token verification112 bits (2048 bits length)DM-TOKEN- ASYM / Delegate Management Signature verification Key / CSPRSA SigVer Cert. #A2877N/AEntered using PUT KEY, encrypted by SD-KDEK; key identifier entity association. An initial value (if necessary) is loaded during manufacturingN/AStored in plaintext in FLASHModule entering TERMINATED state
Ref: R1R29781_IDC3230_SPRev: GPage 59/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

DM-TOKENASYM / N/A N/A Use and Related Keys Zeroisation Storage Establishment Import/ Export Generation Security Function and Cert Number Strength Key / SSP Name / Type IDCore 3230 / 230 Platform

Page 60
Approved algorithm
NameKey SizeUse Function
/ e m a N P S S / y e K/ e m a N P S S / y e Ke p y Th t g n e r t Sn o it c n u F y t ir u c e Sr e b m u N t r e C d n an o it a r e n e Gt r o p x E /t r o p m It n e m h s ilb a t s Ee g a r o t Sn o it a s io r e Zd e t a le R d n a e s Us y e K
Demonstration Applet: AES-128 encryption / decryption key, or Triple- DES decryption key used by the Demonstration Applet for Symmetric Cipher service used to encrypt/decrypt DEM-EDK, DEM-MAC, DEM-SGV-PRI, DEM-KAP- PRI, DEM-KGS-PRI, DEM- KAP-PUB, DEB-KGS-PUB and DEM-SGV-PUB128, 192, and 256 bits 168-bits for TDES (decrypt only)DEM-EDK / Demonstratio n Applet Encryption Decryption Key / CSPAES- ECB AES- CBC TDES- ECB (decrypt only) TDES- CBC (decrypt only) Cert. #A2877N/ASP 800-38F KTS. Entered or exported encrypted by DEM- EDK and authenticated with DEM-MACN/AStored in plaintext in FLASHUninstallation of demonstration applet
Ref: R1R29781_IDC3230_SPRev: GPage 60/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

Use and Related Keys Zeroisation Storage Establishment Import/ Export Generation Security Function Strength Key / SSP Name / Type IDCore 3230 / 230 Platform AESECB AESCBC TDESECB TDESCBC N/A N/A

Page 61
Approved algorithm
NameMode MethodKey SizeUse Function
/ e m a N P S S / y e K/ e m a N P S S / y e Ke p y Th t g n e r t Sn o it c n u F y t ir u c e Sr e b m u N t r e C d n an o it a r e n e Gt r o p x E /t r o p m It n e m h s ilb a t s Ee g a r o t Sn o it a s io r e Zd e t a le R d n a e s Us y e K
Demonstration Applet: AES-128 key used by Demonstration Applet for Message Authentication service. used to authenticate SSPs encrypted using DEM- EDK, like DEM-EDK, DEM- MAC, DEM-SGV-PRI, DEM-KAP-PRI, DEM-KGS- PRI, DEM-KAP-PUB, DEB- KGS-PUB and DEM-SGV- PUBAES- CMAC Cert. #A2877128, 192, and 256 bitsDEM-MAC / Demonstratio n Applet Signature & Verification key / CSPN/ASP 800-38F KTS. Entered or exported encrypted by DEM- EDK and authenticated with DEM-MACN/AStored in plaintext in FLASHUninstallation of demonstration applet
Demonstration Applet: AES-128 encryption / decryption key used by the Demonstration Applet for secure communicationAES- ECB AES- CBC Cert. #A2877128, 192, and 256 bitsDEM-COM- EDK / Demonstratio n Applet Secure Channel Encryption & Decryption Key / CSPN/ASP 800-38F KTS. Entered during manufacturing (initial value), using Manage Content service. Not exportedN/AStored in plaintext in FLASHUninstallation of demonstration applet
Ref: R1R29781_IDC3230_SPRev: GPage 61/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

Use and Related Keys Zeroisation Storage Establishment Import/ Export Generation Security Function Strength Key / SSP Name / Type IDCore 3230 / 230 Platform DEM-COMEDK / AESCMAC N/A AESECB AESCBC N/A N/A N/A

Page 62
Approved algorithm
NameKey SizeUse Function
/ e m a N P S S / y e K/ e m a N P S S / y e Ke p y Th t g n e r t Sn o it c n u F y t ir u c e Sr e b m u N t r e C d n an o it a r e n e Gt r o p x E /t r o p m It n e m h s ilb a t s Ee g a r o t Sn o it a s io r e Zd e t a le R d n a e s Us y e K
Demonstration applet: AES-128 key used by Demonstration Applet to compute signature for secure communication128, 192, and 256 bitsDEM-COM- MAC / Demonstratio n Applet Secure Channel Signature & Verification key / CSPAES- CMAC Cert. #A2877N/ASP 800-38F KTS. Entered during manufacturing (initial value), using Manage Content service. Not exportedN/AStored in plaintext in FLASHUninstallation of demonstration applet
Demonstration applet: 2048-, 3072-, 4096-bit RSA or P-224, P-256, P- 384, P-521 ECDSA private key used by Demonstration Applet for Digital Signature serviceRSA: 112, 128, 150 bits (2048-, 3072- , 4096-bit length) ECDSA: 112, 128, 192, 256 bits (P- 224, P-256, P-384, P- 521)DEM-SGV- PRI / Demonstratio n Applet Signature generation – Private key/ CSPRSA SigGen, ECDSA SigGen Cert. #A2877Generated on module using approved Key GenerationSP 800-38F KTS. Entered or exported encrypted by DEM- EDK and authenticated with DEM-MACN/AStored in plaintext in FLASHUninstallation of demonstration applet
Ref: R1R29781_IDC3230_SPRev: GPage 62/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

DEM-COMMAC / DEM-SGVPRI / AESCMAC N/A Use and Related Keys Zeroisation Storage Establishment Import/ Export Security Function Strength Key / SSP Name / Type IDCore 3230 / 230 Platform N/A P-384, P521) N/A

Page 63
Approved algorithm
NameKey SizeUse Function
/ e m a N P S S / y e K/ e m a N P S S / y e Ke p y Th t g n e r t Sn o it c n u F y t ir u c e Sr e b m u N t r e C d n an o it a r e n e Gt r o p x E /t r o p m It n e m h s ilb a t s Ee g a r o t Sn o it a s io r e Zd e t a le R d n a e s Us y e K
SP 800-38F KTS. Entered or exported encrypted by DEM- EDK and authenticated with DEM-MAC112, 128, 192, 256 bits (P-224, P- 256, P-384, P-521)DEM-KAP- PRI / Demonstratio n Applet – Key generation – Private key / CSPKAS- ECC Cert. #A2877Generated on module using approved Key GenerationN/AStored in plaintext in FLASHUninstallation of demonstration appletDemonstration applet: P-224, P-256, P-384, P- 521 ECC private key used by the Demonstration Applet Generate Key Pair and Key Agreement Primitive Services
SP 800-38F KTS. Entered or exported encrypted by DEM- EDK and authenticated with DEM-MAC112 bits (2048-bit length)DEM-KGS- PRI / Demonstratio n Applet Key generation – Private key / CSPRSA SigGen Cert. #A2877Generated on module using approved Key GenerationN/AStored in plaintext in FLASHUninstallation of demonstration appletDemonstration applet: 2048-bit RSA used by Demonstration Applet Generate Key Pair
SP 800-38F KTS. Entered or exported encrypted by DEM- EDK and authenticated with DEM-MAC112, 128, 150 bits (P- 224, P-256, P-384, P- 521)DEM-KAP- PUB / Demonstratio n Applet Key generation – Public key / PSPKAS- ECC Cert. #A2877Generated on module using approved Key GenerationN/AStored in plaintext in FLASHUninstallation of demonstration appletDemonstration applet : P-224, P-256, P-384, P- 521 ECC public key used by the Demonstration Applet Key Agreement Service
Ref: R1R29781_IDC3230_SPRev: GPage 63/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

DEM-KGSPRI / DEM-KAPPUB / P-384, P521) KASECC KASECC Use and Related Keys Zeroisation Storage Establishment Import/ Export DEM-KAPPRI / Security Function Strength Key / SSP Name / Type IDCore 3230 / 230 Platform N/A N/A N/A

Page 64
Approved algorithm
NameKey SizeUse Function
/ e m a N P S S / y e K/ e m a N P S S / y e Ke p y Th t g n e r t Sn o it c n u F y t ir u c e Sr e b m u N t r e C d n an o it a r e n e Gt r o p x E /t r o p m It n e m h s ilb a t s Ee g a r o t Sn o it a s io r e Zd e t a le R d n a e s Us y e K
Demonstration applet : 2048-bit RSA public key used by Demonstration Applet Generate Asymmetric Key Pair112 bits (2048-bit length)DEM-KGS- PUB / Demonstratio n Applet Key generation – Public key / PSPRSA SigVer Cert. #A2877Generated on module using approved Key GenerationSP 800-38F KTS. Exported from the module encrypted by DEM-EDK and authenticated with DEM-MACN/AStored in plaintext in FLASHUninstallation of demonstration applet
Demonstration applet: 2048-, 3072-, 4096-bit RSA or P-224, P-256, P- 384, P-521 ECDSA public key used by Demonstration Applet Asymmetric Signature serviceRSA: 112, 128, 150 bits (2048-, 3072- , 4096-bit length); ECDSA: 112, 128, 192, 256 bits (P- 224, P-256, P-384, P- 521)DEM-SGV- PUB / Demonstratio n Applet Signature generation – Public key / PSPRSA SigVer, ECDSA SigVer Cert. #A2877Generated on module using approved Key GenerationSP 800-38F KTS. Exported from the module encrypted by DEM-EDK and authenticated with DEM-MACN/AStored in plaintext in FLASHUninstallation of demonstration applet
Ref: R1R29781_IDC3230_SPRev: GPage 64/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

DEM-SGVPUB / P-384, P521) Use and Related Keys Zeroisation Storage Establishment Import/ Export DEM-KGSPUB / Security Function Strength Key / SSP Name / Type IDCore 3230 / 230 Platform N/A N/A Table 20

Page 65
Entropy sourcesMinimum number of bits of entropyDetails
SLC37 32-bit Security ControllerProvided by the hardware TRNG of the SLC37 chip from Infineon.
Min-entropy
claimed: 13.376 bits
per 32-bit blocks.
Ref: R1R29781_IDC3230_SPRev: GPage 65/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

IDCore 3230 / 230 Platform 9.2 The module includes a non-deterministic Random Number Generator within the cryptographic boundary. This non-deterministic RNG (also called TRNG) is used exclusively to feed the approved DRBG with Table 21

Page 66
Approved algorithm
NameKey Size
Test TargetTest TargetDescription
AESECB decrypt KAT with 128-bit key. Encrypt is self-tested as a part of KBKDF KAT.
DRBGCounter DRBG KAT as per SP 800-90A section 11.3 with nonce (48 bytes) and entropy (128 bytes).
ECDSA Signature GenerationSignature generation KAT using an ECC P-224 key.
ECDSA Signature VerificationSignature verification KAT using an ECC P-224 key.
ESVSP 800-90B Repetition Count Test and Adaptive Proportion Test
HMAC-SHA2-256HMAC-SHA2-256 KAT.
KAS-ECCOnePassDH CS2 shared secret computation KAT using an ECC P-256 key with SHA2- 256.
Ref: R1R29781_IDC3230_SPRev: GPage 66/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].
10 Self-tests
10.1 Pre-Operational Self-Tests

On power-on or reset, the Module performs integrity testing using an EDC (16-bit CRC) performed over all code located in FLASH and EEPROM memory (for OS and Applets). All flags for cryptographic algorithm self-tests are cleared.

10.2 Conditional Self-Tests
10.2.1 Conditional Cryptographic Algorithm Tests

The module maintains a flag in RAM memory that stores the state (self-test passed or not) for each Cryptographic algorithm that is approved. This flag indicates if an algorithm has been already self-tested. The Module performs self-test of an algorithm prior the first operational use (corresponding flag is not set) and if the self-test succeeds, the corresponding flag is set otherwise the card logs the self-test error and entered into a Card Is Mute error state or Card is Killed error state, depending on number of failures. On each reset of the CM, it performs only “Firmware Integrity test”. The cryptographic KATs are executed automatically, in a mode named “on demand”, when a cryptographic service is requested. Self-tests can be also played by any operator using the “autotests management” APDU command, corresponding to the “Run Cryptographic KAT” service. The operator can choose the list of self-test execution giving in data of the APDU the self-test flag. Self-Tests are based on known answer tests (KATs):

Page 67
Approved algorithm
NameKey Size
Test TargetTest TargetDescription
KAS-ECCOnePassDH CS7 shared secret computation KAT using an ECC P-384 key with SHA2- 384.
KAS-ECC-SSCPrimitive ‘Z’ Computation KAT using an ECC P-224 key.
KBKDFKBKDF KAT using AES-CMAC 128-bit key and 32-byte derivation data.
KDA OneStepSP 800-56Cr2 One Step KDF KAT.
KDA HKDFSP 800-56Cr2/RFC5869 HKDF KAT.
RSA Signature GenerationRSA PKCS#1 v1.5 signature generation KAT using an RSA 2048-bit key RSA PKCS#1 v1.5 signature generation KAT using the RSA CRT implementation with a 2048-bit key.
RSA Signature VerificationRSA PKCS#1 v1.5 signature verification KAT using an RSA 2048-bit key RSA PKCS#1 v1.5 signature verification KAT using the RSA CRT implementation with a 2048-bit key. RSA PKCS#1 v1.5 decryption KAT with a 2048-bit key is also performed
SHA2-256SHA2-256 KAT.
SHA2-512SHA2-512 KAT.
SHA3-224SHA3-224 KAT.
Triple-DESECB decrypt KAT.
Ref: R1R29781_IDC3230_SPRev: GPage 67/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].

IDCore 3230 / 230 Platform Table 22 –Conditional Algorithm Self-Tests

10.2.2 Conditional Pair-wise Consistency Tests

When any asymmetric key pair is generated, the CM performs a pairwise consistency test. For RSA keys, the pairwise consistency test is based on keys encryption / decryption. For ECC keys, the pairwise consistency test is based on signature / verify.

10.2.3 Conditional Firmware Load Tests

When new firmware (applet) is loaded into the CM (or into a SSD having the Delegated Management privilege) using the Manage content service, the CM (or the SSD) verifies the authenticity (MAC or signature) of the new firmware (applet) using respectively the DAP-SYM key or DAP-ASYM key. The signature or MAC in this scenario is generated by an external entity using the key corresponding to the asymmetric key DAP-ASYM or the secret key DAP-SYM.

10.2.4 Conditional Critical Functions Tests

The module performs a validity check of the public static key and the ephemeral keys according to the SP 800-56Ar3 specification.

Page 68
Ref: R1R29781_IDC3230_SPRev: GPage 68/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].
10.3 Periodic Self-tests

The Module supports an internal counter and an associated maximum value. The counter is set to its maximum value on power on and it is decremented when receiving an APDU. When the counter reaches its zero, the integrity test is executed (see 10.1), the counter is reset to its maximum value again and the flag for on-demand tests is also reset so that at next cryptographic algorithm usage, the self-tests are executed again (see 10.2.1). No interruption to the module’s operation is expected while the self-tests are executed.

Page 69
Ref: R1R29781_IDC3230_SPRev: GPage 69/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].
11 Life-cycle assurance

The CM meets the Level 3 Design Assurance section requirements.

11.1 Delivery and Operation

Some additional documents (‘Delivery and Operation’, ‘Reference Manual’, ‘Card Initialization Specification’ documents) define and describe the steps necessary to deliver and operate the CM securely. Once the module has been delivered outside of the factory, the CM is always in the Compliant state. Once the module has been powered on, it always functions in the approved mode of operation. There are no additional steps for installation, initialization, and configuration required for the CM after delivery. The configuration cannot be changed outside the factory.

11.2 Guidance Documents

The Guidance document provided with CM is intended to be the ‘Reference Manual’. This document includes guidance for secure operation of the CM by its users as defined in the Roles, Services, and Authentication chapter.

11.3 Guidance

The Module implementation also enforces the following security rules:

Page 70
Ref: R1R29781_IDC3230_SPRev: GPage 70/70
© Copyright Thales 2024. May be reproduced only in its entirety [without revision].
12 Mitigation of Other Attacks

No assured mitigations to ‘other attacks’ are covered in this security policy. END OF DOCUMENT

Referenced URLs