All modules
CMVP Validated Module · FIPS 140-3 Security Policy

Safeword3300 Platinum V2F

Certificate#4852StandardFIPS 140-3Level1TypeHardwareEmbodimentMulti-Chip Stand AloneStatusActiveVendorTHALES
Medium review priority  ·  no TCB surface named  ·  last validated 21 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level1
Module typeHardware
EmbodimentMulti-Chip Stand Alone
StatusActive
Sunset date10/23/2029
CaveatNone
VendorTHALES

Approved Algorithms (2)

AlgorithmACVP Cert
HMAC-SHA2-256A2871
SHA2-256A2871

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for Safeword3300 Platinum V2F
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>load firmware</i>"]
    C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Status Output<br/>self-test</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>HTTPS<br/>no library/version identified</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
    I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C2,C3,C5,C6 clue;
  class I2,I3,I5,I6 infer;
  class R2,R3,R5,R6 risk;
  class E2,E3,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for Safeword3300 Platinum V2F
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>load firmware</i><br/>src: text:keyword"]
    C3["[low] Self-test / status surface (referenced in text)<br/><i>Status Output<br/>self-test</i><br/>src: text:keyword"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>HTTPS<br/>no library/version identified</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C2,C3,C5,C6 clueLow;

Security Policy, page by page

Page 1

Safeword3300 Platinum V2F Cryptographic Module FIPS 140-3 Level 1 Non-Proprietary Security Policy THALES GROUP LIMITED DISTRIBUTION - SCOPE

Page 2

Document Information Document Part Number 002-000459-001 Release Date October 21, 2024 Thales and/or its subsidiaries and are registered in certain countries. All other trademarks and service marks, whether registered or not in specific countries, are the property of their respective owners. Disclaimer All information herein is either public information or is the property of and owned solely by Thales and/or its subsidiaries who shall have and keep the sole right to file patent applications or any other kind of intellectual property protection in connection with such information. Nothing herein shall be construed as implying or granting to you any rights, by license, grant or otherwise, under any intellectual and/or industrial property rights of or concerning any of Thales’s information. This document can be copied or distributed for informational, non-commercial, internal and personal use only provided that: appear in all copies.  This document shall not be posted on any network computer or broadcast in any media other than on the NIST CMVP validation list and no modification of any part of this document shall be made. Use for any other purpose is expressly prohibited and may result in severe civil and criminal liabilities. The information contained in this document is provided “AS IS” without any warranty of any kind. Unless otherwise expressly agreed in writing, Thales makes no warranty as to the value or accuracy of information contained herein. Thales hereby disclaims all warranties and conditions with regard to the information contained herein, including all implied warranties of merchantability, fitness for a particular purpose, title and noninfringement. In no event shall Thales be liable, whether in contract, tort or otherwise, for any indirect, special or consequential damages or any damages whatsoever including but not limited to damages resulting from loss of use, data, profits, revenues, or customers, arising out of or in connection with the use or performance of information contained in this document. Thales does not and shall not warrant that this product will be resistant to all possible attacks and shall not incur, and disclaims, any liability in this respect. Even if each product is compliant with current security standards in force on the date of their design, security mechanisms' resistance necessarily evolves according to the state of the art in security and notably under the emergence of new attacks. Under no circumstances, shall Thales be held liable for any third party actions and in particular in case of any successful attack against systems or equipment incorporating Thales products. Thales disclaims any liability with respect to security for direct, indirect, incidental or consequential damages that result from any use of its products. It is further stressed that independent testing and verification by the person using the product is particularly encouraged, especially in any application in which defective, incorrect or insecure functioning could result in damage to persons or property, denial of service or loss of privacy.

Page 5

Acronyms and Abbreviations ACRONYMS AND ABBREVIATIONS Term Definition CAVP Cryptographic Algorithm Validation Program CMVP Cryptographic Module Validation Program EDC Error Detection Code FIPS Federal Information Processing Standard HMAC Keyed-Hash Message Authentication Code HOTP HMAC-based One-Time Password IG Implementation Guidance ISO/IEC International Organization for Standardization / International Electrotechnical Commission KAT Known Answer Test LCD Liquid Crystal Display NIST National Institute of Science and Technology N/A Not Applicable OATH Open Authentication OCRA Open Authentication Challenge-Response Algorithm OTP One-Time Password RAM Random Access Memory RFC Request for Comments SHA Secure Hash Algorithm SHS Secure Hash Standard SSP Sensitive Security Parameter TOTP Time-Based One-Time Password

Page 6

General REFERENCES [FIPS 140-3] Federal Information Processing Standards Publication (Supersedes FIPS PUB 140-2), Security Requirements for Cryptographic Modules, March 22, 2019. [FIPS 800-140C] National Institute of Science and Technology (NIST), CMVP Approved Security Functions: CMVP Validation Authority Updates to ISO/IEC 24759, March 2020. [FIPS 800-140F] NIST, CMVP Approved Non-Invasive Attack Mitigation Test Metrics: CMVP Validation Authority Updates to ISO/IEC 24759, March 2020. [FIPS 140-3 IG] NIST, Implementation Guidance for FIPS 140-3 and the Cryptographic Module Validation Program, October 7, 2022. [FIPS 180-4] Federal Information Processing Standards Publication 180-4, Secure Hash Standard (SHS), NIST, August 2015. [FIPS 198-1] Federal Information Processing Standards Publication 198-1, The Keyed-Hash Message Authentication Code (HMAC), July 2008. [ISO/IEC 19790:2012] ISO/IEC 19790:2012 (Corrected 2015-12-15, IDT) Information technology

Page 7

General PREFACE This document deals only with operations and capabilities of the Safeword3300 Platinum V2F Cryptographic Module in the technical terms of [FIPS 140-3]. General information on Thales products is available from the following sources:  the Thales internet site contains information on the full line of available products at https://cpl.thalesgroup.com  technical or sales representatives of Thales can be contacted through one of the channels listed on https://cpl.thalesgroup.com/contact-us

Page 8
1 General
1.1 Security Level

The Safeword3300 Platinum V2F Cryptographic Module meets Level 1 security requirements for [FIPS 1403] as summarized in the table below: Table 1-1: Security Levels [ISO/IEC 24759:2017] FIPS 140-3 Section Title Security Level Section 6 [Number Below]

1 General 1

2 Cryptographic Module Specification 1

3 Cryptographic Module Interfaces 1

4 Roles, Services, and Authentication 1

5 Software/Firmware Security 1

6 Operational Environment 1

7 Physical Security 1

8 Non-Invasive Security N/A

9 Sensitive Security Parameter Management 1

10 Self-Tests 1

11 Life-Cycle Assurance 1

12 Mitigation of Other Attacks N/A

Page 9
2 Cryptographic Module Specification
2.1 Module Overview

The Safeword3300 Platinum V2F Cryptographic Module is a multi-chip standalone hardware security module in the form of a token. The cryptographic module is contained in its own secure enclosure, which provides physical resistance to tampering. The physical resistance to tampering was not assessed during the evaluation due to the targeted security level. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the token. The module is explicitly configured to operate in an [FIPS 140-3] approved mode of operation during personalization performed at the factory. No additional configuration is required to be performed by the end user. All cryptographic operations make use of approved cryptographic functions used in an approved manner. No non-approved cryptographic algorithms, security functions or processes are available from the module. When the user selects the ‘ON’ button, and the LCD screen is active, only FIPS-approved cryptographic functions are available. Indication of approved status is therefore implicit for all cryptographic services. The module only supports a single approved mode of operation. NOTE The Safeword3300 Platinum V2F Cryptographic Module does not support degraded operation as defined in [ISO/IEC 19790:2012]. The module provides a one-time password (OTP). This password is derived using the Time-Based OneTime Password (TOTP) protocol [RFC 6238] or a challenge-response based on the HMAC-based One-Time Password (HOTP) [RFC 4226] protocol.

2.2 Module Description

The cryptographic module as defined in [ISO/IEC 19790:2012] is a hardware module of type multi-chip standalone. The cryptographic boundary of the module is shown in Figure 2-1. The cryptographic boundary is defined as the entire token. Figure 2-1: Safeword3300 Platinum V2F Cryptographic Module cryptographic boundary

Page 10

Cryptographic Module Specification The following figure highlights the cryptographic boundary of the module covered by this certification: Real Time Clock LCD RAM Main CPU Memory Keypad FLASH Memory (Program) BATTERY Figure 2-2

Page 11
2.3 Test Configuration

The following tested configuration is covered in this security policy: Table 2-1: Cryptographic module tested configuration. Model Hardware Firmware Version Distinguishing Features [Part Number and Version] Safeword3300 Safeword3300 Version CB 20005 Standalone token with internal Platinum V2F Platinum V2F HW 1.0 battery, 2 line LCD and 15-button keypad. Figure 2-3 shows the front and back of the Safeword3300 Platinum V2F HW 1.0 with standard markings and Figure 2-4 shows the Safeword3300 Platinum V2F HW 1.0 with Citibank markings. Figure 2-3: Safeword3300 Platinum V2F HW 1.0 with standard markings Figure 2-4: Safeword3300 Platinum V2F HW 1.0 with Citibank customization

Page 12
2.4 Approved Algorithms

The following cryptographic library and associated Cryptographic Algorithm Validation Program (CAVP) certificate is used by the cryptographic module:  Safeword3300 Platinum Cryptographic Library (Cert A2871). The approved algorithms implemented by the module along with accompanying details are listed in the Table 2-2 below. Table 2-2: Approved Algorithms CAVP Algorithm and Description / Key Size(s) / Key Cert Standard Mode / Method Strength(s) Use / Function Hashing A2871 Algorithm: SHA. Methods: SHA2-256. N/A. Only used in conjunction with HMAC-SHA2-256 to: Standards: [FIPS Request an OTP 180-4] Perform OTP Challenge-Response Message Authentication Code A2871 Algorithm: HMAC. Methods: HMAC-SHA2-256. Mac size: 32 bytes (256 bits). Request an OTP Key size: 32 bytes (256 bits). Perform OTP Challenge-Response Standard: [FIPS 198-1]

Page 13
2.5 Non-Approved Algorithms

Non-Approved Algorithms are not available in the Safeword3300 Platinum V2F Cryptographic Module.

Page 14
3 Cryptographic Module Interfaces
3.1 Interface Overview

The following figure identifies the physical interfaces to the cryptographic module: Figure 3-1: Safeword3300 Platinum V2F Cryptographic Module physical interfaces The following table describes the physical interfaces and supported data: Table 3-1: Ports and Interfaces Physical Port Logical Interface Data that passes over the port/interface Keypad Control Input The keypad supports user interaction with the module. Data Input On button: The device will enter sleep mode after a few seconds of inactivity in order to save power. Pressing the ‘ON’ button when the device is in sleep mode will put the device in active mode. Pressing the ‘ON’ button when the device is in active mode will cause it to enter sleep mode. The device is always on and there is no means to turn it off. Digits (0-9): The digit buttons are used to access control features to request display of the hardware and firmware version. For data input, the input characters include digits (0-9). These are entered to request a One-Time Password or initiate a challenge-response. LCD Data Output For data output, the display shows up to 8 characters on a Control Output single line. The displayed characters include digits (0-9) and letters (A-Z). Status Output The interface displays the One-Time Password or challenge-response (data output) as well as hardware and firmware version information (control output). Only approved cryptographic functions are permitted. Therefore, the display implicitly indicates the approved function status. For Control and Status Output, the display shows two lines, with the data type displayed on the first line and the data on the second line. The displayed characters include digits (09) and letters (A-Z).

Page 15

Cryptographic Module Interfaces Physical Port Logical Interface Data that passes over the port/interface Personalization Pins (back N/A These are only used during manufacture and are disabled of the token) before delivery to the client. The pins neither provide nor accept data. Power N/A Power is provided by an internal battery. The battery is not user replaceable. No interface is available.

Page 16

Roles, Services, and Authentication

4 Roles, Services, and Authentication
4.1 Roles

The Safeword3300 Platinum V2F Cryptographic Module supports the following role: Table 4-1: Safeword3300 Platinum V2F Cryptographic Module Roles Role Principal Duties Crypto Officer A single role is provided as the operator of the device. The Crypto Officer can request an OTP, change the owner approval code and view version information. The mapping of the cryptographic module’s roles to services can be found in the table below: Table 4-2: Roles, Services, Input and Output Role Service Service Input Service Output Management Crypto Officer Change owner approval Old code, new code The code is changed code Crypto Officer Show module firmware Long press on ‘0’ key, Firmware version version short press on ‘1’, ‘4’, ‘5’, ‘8’, and ‘1’. Crypto Officer Show module hardware Long press on ‘0’ key Hardware version of version the printed circuit board Crypto Officer Perform HMAC-SHA2-256 Long press on ’0’ key, Success or Error KAT short press on ‘1’, ‘4’, ‘5’, ‘8’, and ‘7’. Crypto Officer Perform firmware Long press on ’0’ key, Success or Error integrity check short press on ‘1’, ‘4’, ‘5’, ‘8’, and ‘6’. Crypto Officer Display Time Long press on ‘0’ key, Displays universal time short press on ‘1’, ‘4’, in seconds (first line) ‘5’, ‘8’, and ‘2’. and the user friendly date/time (second line). Crypto Officer Display Counter Long press on ’0’ key, Counter value short press on ‘Entr’ to toggle to counter. Crypto Officer Remove battery Remove battery Zeroization of the SSP

Page 17

Roles, Services, and Authentication Role Service Service Input Service Output OTP Crypto Officer Request an OTP Enter owner approval OTP code, select function 1Crypto Officer Perform OTP Challenge- Enter owner approval Response Response code, select function 9 NOTE Only approved cryptographic functions are supported by the Safeword3300 Platinum V2F Cryptographic Module. The approved security service indicator is implicitly provided by the successful completion of a security service listed in Table 4-3. NOTE Procedural methods are used to perform zeroization on the Safeword3300 Platinum V2F Cryptographic Module. Zeroization is performed by breaking open the device and removing the battery. Depletion of the battery will also cause the SSPs to be zeroized.

4.2 Authentication

[ISO/IEC 24759:2017] Section 6.4.4, Authentication is not claimed for this device. The operator implicitly assumes the role of Crypto Officer by virtue of physical possession of the device.

4.3 Services

All services listed in the table below can be accessed in approved mode and when in this mode exclusively use the security functions listed in Table 2-2. As notes on the content of Table 4-3:  In the “Approved Security Functions” column:

Page 18

Roles, Services, and Authentication Table 4-3: Approved Services Approved Security Key and/or Access Rights to Keys Service Description Roles Functions SSPs and/or SSPs Show module This service is used to Algorithms: N/A None Crypto Officer None firmware version retrieve the firmware version of the module. Show module This service is used to Algorithms: N/A None Crypto Officer None hardware version retrieve the hardware version of the printed circuit board. Request a OTP Note 1 This service is used to Algorithms: HMAC (Cert HMAC key Crypto Officer E: HMAC Key, Time request an OTP. A2871)

Page 19

Roles, Services, and Authentication Approved Security Key and/or Access Rights to Keys Service Description Roles Functions SSPs and/or SSPs Display Time This service allows the Algorithms: N/A Time Crypto Officer R: Time operator to display the device time. Display Counter This service allows the Algorithms: N/A Counter Crypto Officer R: Counter operator to display the device’s counter. Note 1: In the case where an operator enters an incorrect owner approval code, the device will use the key and random data to create a fake OTP or Challenge-Response. After the third incorrect owner approval code, the device will display the words ‘BAD PIN’. This is displayed for n minutes, where n = (number of incorrect codes -2), and the maximum value of n = 255. It should be noted that this action is not compliant with the protocols in the RFCs referenced in Table 9-1. Note 2 No security claims are made for authentication using the owner approval code; therefore, no SSPs are mapped to this service.

Page 20
5 Software/Firmware Security
5.1 Firmware Integrity

The Safeword3300 Platinum V2F Cryptographic Module’s firmware integrity is verified using an Error Detection Code (EDC). This check is performed on all firmware components within the device.

Page 21
6 Operational Environment

The module supports a non-modifiable operating environment as defined in [ISO/IEC 19790:2012]. The device provides no means to load firmware or reconfiguration the device following the completion of the manufacturing process.

Page 22
7 Physical Security
7.1 Mechanism Summary

Module Construction The token includes a production grade molded plastic enclosure with no removable parts. A label on the back of the device hides four pins. These pins are used during production and are disabled following personalization.

7.2 Module Inspection

The following routine inspections are recommended. Table 7-1: Physical Security Inspection Guidelines Physical Security Recommended Frequency of Inspection/Test Guidance Mechanism Inspection/Test Details Physical inspection of On receipt of the token; Verify that the external cover is the device. intact; and At any point following any un-authorized access to the token; and All seams, the key pad and the LCD screen are well aligned Following any extended periods of within the device. unattended storage.

Page 23
8 Non-invasive security

N/A: Section 6.8, Non-invasive security is Non Applicable as there are currently no requirement in FIPS 800140F.

Page 24
9 SSP Management
9.1 Sensitive Security Parameter

The following table lists Sensitive Security Parameters (SSP) used to perform approved security function supported by the cryptographic module.

Page 25

SSP Management Table 9-1: SSPs Security Function Key / SSP Name / Type Strength Import/ Export Storage Zeroization Usage and Cert Number CSPs A 256-bit key used to create an HMAC, which 256-bit HMAC key HMAC (Cert Installed during Working RAM Zeroized when battery 256-bits is then used to create an OTP in accordance Function 1 A2871). personalization in plaintext is depleted or removed. with [RFC 6238]. A 256-bit key used to create an HMAC, which 256-bit HMAC key HMAC (Cert Installed during Working RAM Zeroized when battery 256-bits is then used to create an OTP in accordance Function 2 A2871). personalization in plaintext is depleted or removed. with [RFC 6238]. A 256-bit key used to create an HMAC, which 256-bit HMAC key HMAC (Cert Installed during Working RAM Zeroized when battery 256-bits is then used to create an OTP in accordance Function 3 A2871). personalization in plaintext is depleted or removed. with [RFC 6238]. A 256-bit key used to create an HMAC, which 256-bit HMAC key HMAC (Cert Installed during Working RAM Zeroized when battery 256-bits is then used to create an OTP in accordance Function 4 A2871). personalization in plaintext is depleted or removed. with [RFC 6238]. A 256-bit key used to create an HMAC, which 256-bit HMAC key HMAC (Cert Installed during Working RAM Zeroized when battery 256-bits is then used to create an OTP in accordance Function 5 A2871). personalization in plaintext is depleted or removed. with [RFC 6238]. A 256-bit key used to create an HMAC, which 256-bit HMAC key HMAC (Cert Installed during Working RAM Zeroized when battery 256-bits is then used to create an OTP in accordance Function 6 A2871). personalization in plaintext is depleted or removed. with [RFC 6238]. A 256-bit key used to create an HMAC, which 256-bit HMAC key HMAC (Cert Installed during Working RAM Zeroized when battery 256-bits is then used to create an OTP in accordance Function 7 A2871). personalization in plaintext is depleted or removed. with [RFC 6238]. A 256-bit key used to create an HMAC, which 256-bit HMAC key HMAC (Cert Installed during Working RAM Zeroized when battery 256-bits is then used to create an OTP in accordance Function 8 A2871). personalization in plaintext is depleted or removed. with [RFC 6238]. A 256-bit key used to create an HMAC, which 256-bit HMAC key HMAC (Cert Installed during Working RAM Zeroized when battery is then used to perform a challenge-response 256-bits Function 9 A2871). personalization in plaintext is depleted or removed. in accordance with [RFC 6287] and [RFC 4226].

Page 26

SSP Management Security Function Key / SSP Name / Type Strength Import/ Export Storage Zeroization Usage and Cert Number PSPs Starts at zero. Incremented in the CPU, Stored in The counter is used in generation of the Zeroized when battery Counter N/A N/A plaintext output plaintext in challenge –response in accordance with RFC is depleted or removed. using service RAM 6287 and RFC 4226. ‘Display Counter’. Set during personalization. Stored in Zeroized when battery Time is used in generation of the OTP in Time N/A N/A Plaintext output plaintext in is depleted or removed. accordance with RFC 6238. using service RAM ‘Display Time’.

Page 27
10 Self-Tests
10.1 Pre-Operational tests

The module performs the pre-operational self-test to confirm the firmware integrity. This test is run at powerup following personalization. While the module is running the self-test, all interfaces are disabled until the test reaches successful completion. If the test fails, the module halts, and data output is inhibited. Table 10-1: Pre-operational self-test Test Operations Performed Indicator Firmware Integrity EDC based on a 16-bit Cyclical Redundancy Check Module halt on failure Test (CRC) calculated on the full code present on the module

10.2 Conditional Self-Tests

The module performs a conditional self-test to confirm the proper operation of the cryptographic functions. While the module is running this self-test, all interfaces are disabled until the test reaches successful completion. If the test fails, the module halts, and data output is inhibited. The KAT is run following the preoperational firmware integrity test. Table 10-2: Conditional self-test Test Operations Performed Indicator HMAC-SHA2-256 KAT MAC Generate Module halt on failure

10.3 Periodic Self-Tests

A user may initiate the self-tests on demand for periodic testing of the module. Using the test mode options, the user may initiate the Firmware Integrity Test or the HMAC-SHA2-256 KAT at any time.

10.4 Self-Tests Failure

If a pre-operational or periodic self-test fails, the module will display “BLOCKED” on the screen for a few seconds and then enter sleep mode. The operator may then awaken the device; however, it will display “BLOCKED” on the screen for a few seconds and return to sleep mode.

Page 28
11 Life-cycle Assurance
11.1 Protecting the Safeword3300 Platinum V2F

In order to maintain security throughout the life of the token, end users MUST: ˃ securely store the token at all times; and ˃ always inspect the token prior to use to check for any signs of possible tamper. Failure of the end user to comply with these requirements could lead to subsequent compromise or malicious misuse of the token.

11.2 Zeroization

Zeroization of the SSPs is performed by breaking open the token and removing the battery. SSPs are exclusively stored in volatile RAM. Removing the battery results in irrecoverable loss of all SSPs. The operator can verify that the procedure is successful by reattaching the battery and attempting to access the SSPs. It is most likely that the token is beyond repair after battery removal and only a blank screen will appear. In the unlikely event that the battery is reattached successfully and the device powers up, the screen will display ‘NO STATE’ indicating that there are no SSPs present, and the zeroization has been successful.

Page 29

Mitigation of Other Attacks

12 Mitigation of Other Attacks

No assured mitigations to ‘other attacks’ are covered in this security policy.

Page 30
13 Guidance

The device is always on, but enters a low power consumption mode when not in use. The user must press the ‘ON’ button to exit this mode to make use of any service.

13.1 Identifying the Module Firmware and Hardware Version

Operators are required to verify the module firmware and hardware version prior to first use to ensure that a FIPS-validated cryptographic module is being used in the token. A long press on the ‘0’ key will display the hardware version. The operator must then put the device into Test Mode by pressing the ‘1’, ‘4’, ‘5’ and ‘8’ buttons in sequence, and then ‘1’ to display the firmware version.

13.2 Approved Mode of Operation

The Safeword3300 Platinum V2F Cryptographic Module has a single mode of operation. This is the approved mode of operation.

13.3 Device Usage

The process to generate an OTP with the Platinum V2 token is as follows:

13.4 Status Mode

When in Status Mode, the device shows module information such as the module name. The operator requests Status Mode through a long press on the ‘0’ key.

13.5 Test Mode

From Status Mode, the operator must press the ‘1’, ‘4’, ‘5’ and ‘8’ buttons in sequence to enter Test Mode. The operator can then press ‘1’ to display the module firmware version.

Page 31
13.6 End of Life

When the device has reached the end of its life, the operator returns the device to the provider for secure destruction. The provider securely destroys the device by breaking open the outer case and removing the battery.