All modules
CMVP Validated Module · FIPS 140-3 Security Policy

RIGFORT Pro Blockchain HSM

Certificate#4853StandardFIPS 140-3Level3TypeHardwareEmbodimentMulti-Chip Stand AloneStatusActiveVendorRigSec Technology Limited
Medium review priority  ·  exposes boot-chain verification, debug/recovery interface, HSM/SE firmware trust anchor  ·  last validated 6 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level3
Module typeHardware
EmbodimentMulti-Chip Stand Alone
StatusActive
Sunset date10/27/2026
CaveatInterim Validation. When installed, initialized and configured as specified in Section 11.1 of the Security Policy
VendorRigSec Technology Limited
Hardware versions3.4.0

Approved Algorithms (14)

AlgorithmACVP Cert
AES-CBCA2750
AES-ECBA2750
ECDSA KeyGen (FIPS186-4)A2750
ECDSA SigGen (FIPS186-4)A2750
ECDSA SigVer (FIPS186-4)A2750
Hash DRBGA2750
HMAC-SHA2-256A2750
KDF SP800-108A2750
KTS-IFCA2750
RSA KeyGen (FIPS186-4)A2750
RSA SigGen (FIPS186-4)A2750
RSA SigVer (FIPS186-4)A2750
SHA2-256A2749
SHA2-256A2750

Security Levels (Table 1)

Requirement areaLevel
Cryptographic Module Specification3
Cryptographic Module Interfaces3
Software/Firmware Security3
Operational EnvironmentN/A
Physical Security3
Non-Invasive SecurityN/A
Sensitive Security Parameter Management3
Self-Tests3
Life-Cycle Assurance3
Mitigation of Other AttacksN/A

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for RIGFORT Pro Blockchain HSM
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C1["[high] Firmware / bootloader<br/>versions disclosed<br/>(identity, not provenance)<br/><i>1.4.0</i>"]
    C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>firmware load<br/>recovery</i>"]
    C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Self-Test</i>"]
    C4["[high] Physical/logical<br/>interfaces (some 'blocked<br/>in firmware')<br/><i>Serial Port (RS-232)</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>kernel<br/>bootloader<br/>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I1["Component identity is<br/>disclosed, but provenance<br/>and patch lineage are not."]
    I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
    I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
    I4["Interface reachability may<br/>vary by boot stage and<br/>lifecycle state."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R1["Do the vendor version<br/>strings obscure the<br/>upstream baseline, fork<br/>lineage, or known-CVE<br/>exposure?"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R4["Are interfaces blocked<br/>before the bootloader<br/>runs, or only after<br/>approved mode starts?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E1["SBOM / component baselines<br/>· patch and backport<br/>manifest · CVE disposition"]
    E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E4["lifecycle reachability<br/>matrix · boot-stage<br/>interface timing ·<br/>factory/recovery/error-state<br/>access controls"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C1 --> I1 --> R1 --> E1
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C4 --> I4 --> R4 --> E4
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C1,C2,C3,C4,C6 clue;
  class I1,I2,I3,I4,I6 infer;
  class R1,R2,R3,R4,R6 risk;
  class E1,E2,E3,E4,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for RIGFORT Pro Blockchain HSM
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C1["[high] Firmware / bootloader versions disclosed (identity, not provenance)<br/><i>1.4.0</i><br/>src: certificate.firmwareVersions"]
    C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>firmware load<br/>recovery</i><br/>src: text:keyword"]
    C3["[low] Self-test / status surface (referenced in text)<br/><i>Self-Test</i><br/>src: text:keyword"]
    C4["[high] Physical/logical interfaces (some 'blocked in firmware')<br/><i>Serial Port (RS-232)</i><br/>src: securityPolicy.portsAndInterfaces"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>kernel<br/>bootloader<br/>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C1,C4 clueHigh;
  class C2,C3,C6 clueLow;

Security Policy, page by page

Page 1

RIGFORT Pro Blockchain HSM FIPS 140-3 Security Policy RigSec Technology Limited RIGFORT Pro Blockchain HSM Non-Proprietary FIPS 140-3 Security Policy Version: 1.7 Date: January 14, 2026 Version 1.7 Amber Group Public Material

Page 2

RIGFORT Pro Blockchain HSM FIPS 140-3 Security Policy Table of Contents Version 1.7 Amber Group Public Material

Page 3

RIGFORT Pro Blockchain HSM FIPS 140-3 Security Policy List of Tables List of Figures Version 1.7 Amber Group Public Material

Page 4

RIGFORT Pro Blockchain HSM FIPS 140-3 Security Policy Version 1.7 Amber Group Public Material

Page 5
Security level
NameISO SectionRequirementLevel
11General3
22Cryptographic Module Specification3
33Cryptographic Module Interfaces3
44Roles, Services and, Authentication3
55Software/Firmware Security3
66Operational EnvironmentN/A
77Physical Security3
88Non-Invasive SecurityN/A
99Sensitive Security Parameter Management3
1010Self-Tests3
1111Life-Cycle Assurance3
1212Mitigation of Other AttacksN/A
OverallOverall3

RIGFORT Pro Blockchain HSM FIPS 140-3 Security Policy This document defines the Security Policy for the RIGFORT Pro Blockchain HSM, hereafter denoted the Module. The Module is a multiple-chip standalone cryptographic module. It is a security module that supports the encryption algorithm approved by FIPS 140-3 and with physical security protection measures, key management mechanisms, and security features to provide secured and applicable cryptographic services for customer systems. Specifically, the security features include key wrapping, message authentication code (MAC), message digest, data encryption and decryption, digital signature generation and verification, etc. The FIPS 140-3 security levels for the Module are as follows: N/A N/A N/A Version 1.7 Amber Group Public Material

Page 6
Module configuration
NameModelHardware VersionFirmware VersionFeatures#
1RIGFORT Pro Blockchain HSM3.4.01.4.0hard metal 1U chassis1

Security Policy Cryptographic Module Specification The Module is a hardware cryptographic module. The Module is intended for use by US Federal agencies or other markets that require FIPS 140-3 validated Data Encryption Cryptographic implementation. The Module is intended to be used in customer systems requiring security features include key wrapping, message authentication code (MAC), message digest, data encryption and decryption, digital signature generation and verification, etc. 2.1 Operational Environment RigSec Data Encryption cryptographic module is tested on the following operational environment. Table 2

Page 7

RIGFORT Pro Blockchain HSM FIPS 140-3 Security Policy Figure 3

Page 8

RIGFORT Pro Blockchain HSM FIPS 140-3 Security Policy Figure 6

Page 9
Service
NameDescriptionIndicatorFIPS
Non-Approved ModeNon-approved security functions are availableSee HSM mode in Figure 9Non-FIPS

RIGFORT Pro Blockchain HSM FIPS 140-3 Security Policy 2.3 Modes of Operation The Module supports both an Approved and non-Approved mode of operation. To verify that the Module is in the Approved mode of operation, the operation mode indicator can be seen on the left side of the management software or check the operation mode status via the menu: Tools → Display Module Status. Table 3

2.3.1 Configuration of the Approved Mode of Operation

The Approved mode of operation is configured at reception of the Module by the CO role who implements the instructions in Section 11.2 Cryptographic Officer Guidance. The operation mode can be selected at initialization through the management software and cannot be changed once selected unless restored to factory settings.

2.3.2 Configuration of the Non-Approved Modes of Operation

The non-Approved mode of operation is configured at reception of the Module by the CO role who implements the instructions in Section 11.2 Cryptographic Officer Guidance. The operation mode can be selected at initialization through the management software and cannot be changed once selected unless restored to factory settings. In order to switch modes, the CO must perform a reset of the module by selecting from Management Console menu: Tools → Reset HSM, which zeroizes all the SSPs. Version 1.7 Amber Group Public Material

Page 10

RIGFORT Pro Blockchain HSM FIPS 140-3 Security Policy Figure 7

Page 11
Approved algorithm
NameCAVP CertMode MethodKey SizeUse Function
AES [197]A2750ECB [38A]Key Sizes: 256Encrypt, Decrypt
CBC [38A]CBC [38A]Key Sizes: 256Encrypt, Decrypt
DRBG [90A]A2750HashSHA-256Deterministic Random Bit Generation Security Strength = 256 bits
ECDSA [186]A2750Mode: SHA-256 Curves: P-256Keys Length: 128KeyGen
HMAC [198]A2750SHA-256Key Length: 256Key Derivation for the Session and Session HMAC Keys
KBKDF [108]A2750CounterHMAC-SHA2-256Key Derivation
KTS-IFC [56Br2]A2750Method: KTS-OAEP- Basic; OAEP-Party_V- confirmation Modulus Length: 2048 Hash: SHA2-256Keys Length: 112Key Transport: encapsulation and un-encapsulation
RSA [186]A2750n = 2048 SHA-256KeyGen

RIGFORT Pro Blockchain HSM FIPS 140-3 Security Policy Figure 9

Page 12
Approved algorithm
NameCAVP CertMode MethodPropertiesUse FunctionReference
SHS [180]A2750SHA2-256ECDSA, HMAC, RSA, Message Digest ECDSA, RSA Key Generation
SHS [180]A2749SHA2-256Integrity check, Message Digest
VA[133] Sections 4 and 5.1 Asymmetric signature key generation using unmodified DRBG outputKey GenerationCKG [IG D.H]
Approved algorithm
NameCAVP CertMode MethodPropertiesUse FunctionReference
SHS [180]A2750SHA2-256ECDSA, HMAC, RSA, Message Digest ECDSA, RSA Key Generation
SHS [180]A2749SHA2-256Integrity check, Message Digest
VA[133] Sections 4 and 5.1 Asymmetric signature key generation using unmodified DRBG outputKey GenerationCKG [IG D.H]
AlgorithmDescription
ECDSA_secp256k1Signature Algorithms of Blockchain
ed25519Signature Algorithms of Blockchain
ripmd160Message Digest algorithm of Blockchain
sha3-256 (FIPS 202)Message Digest algorithm of Blockchain
SM2Chinese Elliptic Curve Digital Signature Algorithm (asymmetric encryption/decryption, key agreement, signature generation/verification)
SM3Chinese Message Digest Algorithm (message digest)
SM4Chinese Block Cipher Symmetric Algorithm (symmetric encryption/decryption)
sr25519Signature Algorithms of Blockchain

RIGFORT Pro Blockchain HSM FIPS 140-3 Security Policy Table 5

Page 13
Service
NameDescriptionApproved FunctionsTypeProperties
KTS1SP 800-56Brev2. KTS-IFC [56Br2] (Key encapsulation and un- encapsulation) per IG D.GKTS-IFC (Cert. #A2750) Hash: SHA2-256KTS2048-bit modulus providing 112 bits of encryption strengthModulus Length: 2048 Keys Length: 112
KTS2SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G.AES-256 (CBC) and HMAC-SHA-256 (Cert. #2750)KTS256- bit keys providing 256 bits of encryption strengthKeys Length: 256
Approved algorithm
NameUse FunctionDescription
Shamir Secrets ShareSplit Knowledge Procedures: Polynomial method used only for secret-sharing. Note: As per NISTIR 8214, Section 6.2, implementation of Shamir Secret Sharing is used to satisfy section 7.9.5 of the FIPS 140-3 standard which defines security requirements for split-knowledge procedures.The secret sharing algorithm divides the secret and shares the secret among n participants more than specific t participants can calculate or recover the secret, and less than t participants cannot get it.
Sensitive security parameter
NameTypeStrengthOperating EnvironmentEntropy per SampleConditioning Components
AS578 Entropy SourcePhysical1 bitARM Cortex-M.83 bitsSHA2-256 (Cert. #A2750)
Vendor NameCert. Number
RigSec Technology LimitedESV Cert. #E17

RIGFORT Pro Blockchain HSM FIPS 140-3 Security Policy Table 7

Page 14

RIGFORT Pro Blockchain HSM FIPS 140-3 Security Policy 2.6 Overall Security Design

  1. The Module provides two distinct operator roles: User (User Application external entity) and Cryptographic Officer (Manager).
  2. The Module provides identity-based authentication.
  3. The Module clears previous authentications on power cycle.
  4. An operator does not have access to any cryptographic services prior to assuming an authorized role.
  5. The Module allows the operator to initiate power-up self-tests by power cycling power or resetting the Module.
  6. Pre-Operational self-tests do not require any operator action.
  7. Data output are inhibited during key generation, self-tests, zeroization, and error states.
  8. Status information does not contain CSPs or sensitive data that if misused could lead to a compromise of the Module.
  9. There are restrictions on which SSPs are zeroized by the zeroization service. Factory reset will zeroize all SSPs of the module, tamper detection or EFP failure will zeroize all unprotected SSPs of the module.
  10. The Module does not support concurrent operators.
  11. The Module does not support a maintenance interface or role.
  12. The Module does not support manual SSP establishment method.
  13. The Module does not have any proprietary external input/output devices used for entry/output of data.
  14. The Module enters or outputs plaintext CSPs using trusted channel and split knowledge.
  15. The Module does not store any plaintext CSPs.
  16. The Module does not output intermediate key values.
  17. The Module does not provide bypass services or ports/interfaces. 2.7 Rules of Operation The Module shall be installed as described in Section 11 secure installation, initialization, startup and operation of the Module, and Section 7 Physical Security. The Module shall be operated such that only the approved mode is enabled. Version 1.7 Amber Group Public Material – May be reproduced only in its original entirety (without revision).
Page 15
Ports and interfaces
NamePhysical PortLogical InterfaceData That Passes
Power Ports (2)Power Ports (2)PowerConnect the module to the power outlet via the redundant power supply
Power buttonPower buttonControl InElectrical signal passes through
LEDsLEDsStatus outDisplay the working status of the module through different combinations
Serial Port (RS-232)Serial Port (RS-232)Control in | Data in | Data out | Status outConnected to the management computer to provide management services
Type-c PortType-c PortControl in | Data in | Data out | Status outConnected to the communication computer to provide cryptographic services for user applications
Trusted ChannelDescription
Directly connected cable through a Serial Port (RS-232) from the Management Console to the moduleThe Trusted Channel must be setup per section 11.1 Secure Installation, Initialization, Startup and Operation of the Module. The Management Console connects directly to module via a serial port (RS-232). To protect the plaintext CSPs, the physical ports used for the trusted channel are physically separated from all other ports and will be under the direct supervision of the CO. A status indicator through the management console is provided when the trusted channel is in use or not. See the Channel section of Figure 8

RIGFORT Pro Blockchain HSM FIPS 140-3 Security Policy Table 10

Page 16
Service
NameRolesInputOutput
Create DMKCommand InGenerated DMK.
Restore DMKCommand InDMK restored.
Add MNGCommand InThe MNG account is created. Success/failure status.
MNG LoginPasswordLogin CO role.
MNG LogoutCommand InLogout CO role.
Add User ApplicationCommand InThe User Application user account is created. Success/failure status.
Delete User ApplicationCommand InThe User Application user account is deleted. Success/failure status.
Reset User Application passwordCommand InThe User Application default password. Success/failure status.
List User ApplicationCommand InUser list
Create User KeyCommand InCreates AES/HMAC/HASH/RSA2048/ECDSA-P256 keys for the user
Remove User KeyCommand InDeletes User Keys
List User KeyCommand InUser key list
Key Derivation FunctionDMKPK
View LogCommand InLog

RIGFORT Pro Blockchain HSM FIPS 140-3 Security Policy Roles, Services and Authentication 4.1 Assumption of Roles and Related Services The Module supports two distinct operator roles, User (User Application external entity) and Cryptographic Officer (CO) (Manager). The cryptographic module enforces the separation of roles using identity-based authentication. Re-authentication is enforced when changing roles. If the CO logs in while the user is logged in, the user will be automatically logged out. Table 12 lists all operator roles supported by the Module and their related services. In addition, the Module supports services which does not require to be authenticated, listed UA in Table 12. The Module does not support a maintenance role and bypass capability. The Module does not support concurrent operators. Previous authentications will be cleared on power cycle. The physical security mechanisms employed by the module protect the SSPs from unauthorized disclosure, modification, and substitution via physical intrusions. Table 12

Page 17
Service
NameRolesInputOutputRole
COCOUserUA
User Application LoginCommand InLogin User role
User Application LogoutCommand InLogout User role
Modify User Application passwordUser Application passwordUpdated the User Application password. Success/failure status.
AES CBC EncryptionPlaintextCiphertext. Success/failure status
AES CBC DecryptionCyphertextPlaintext. Success/failure status
AES ECB EncryptionPlaintextCiphertext. Success/failure status
AES ECB DecryptionCyphertextPlaintext. Success/failure status
RSA2048 Signature generationCommand InGenerated signature. Success/failure status
RSA2048 Signature verificationSignature dataSuccess/failure status
Random Bit GenerationEntropy data, DRBG state valuesDRBG Seed
ECDSA Signature generationCommand InGenerated signature. Success/failure status
ECDSA Signature verificationSignature dataSuccess/failure status
Display Module VersionCommand InModule HW version, FW version information
Display Module StatusCommand InFIPS status.
ZeroizeFactory reset Command InAll keys zeroized
Tamper switch triggered, EFP failedTamper switch triggered, EFP failedAll unprotected SSPs zeroized
Self-TestsCommand In (Reset, automatic periodic self- tests)Success/Reset.
Set Mode of operationCommand InSuccess/failure status

RIGFORT Pro Blockchain HSM FIPS 140-3 Security Policy ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ periodic selftests) ✓ ✓ ✓ ✓ ✓ Amber Group Public Material

Page 18
Approved algorithm
NameKey Size
Identity-based - The CO is authenticated by UKEY_ID and verified using challenge- response mechanism based on a 2048-bit RSA key pair. The public key is stored in the module in plaintext, and the private key is stored in the user’s USB token.112 bits strength of the authentication method, the probability of a successful random attempt is 1 in 2112 Each RSA Signature Verification authentication attempt takes at least 60ms. So, the number of attempts for one minute cannot exceed 1000. The USB token corresponding to CO allows six (6) consecutive failed attempts before locking. After a successful attempt, the number of failures will be reset to zero. After six (6) consecutive failed attempts, the USB token cannot be used.CO
Identity-based – The User role sends assigned username to HSM, and HSM utilizes a challenge-response mechanism for user role authentication. The user's password is protected with a cryptographic hash (SHA- 256 message digest).Since the password length is eight (8) ASCII printable characters and there are 95 ASCII printable characters, the probability of a successful random attempt is 1 in {(10)*(26^2)*(95^5)} (at least one number, one uppercase, one lowercase). 1. HSM waits for the user to log in. 2. When the user enters the wrong PIN code for the first time, HSM sets the number of consecutive PIN code errors to 1 and starts the consecutive PIN code error cycle timing. 3. Within the consecutive PIN code error cycle (24 hours), if the user enters the wrong PIN code 6 times, the HSM will be locked for 60 minutes. 4. After 60 minutes, HSM will clear the number of consecutive PIN code errors, and the consecutive PIN code error cycle will end and be cleared. 5. Loop back to step 1 and provide login service to the user again.User

RIGFORT Pro Blockchain HSM FIPS 140-3 Security Policy 4.2 Authentication Methods The module ensures that there is no visible display of the authentication data. Table 13

Page 19
Service
NameDescriptionRolesCsps AccessedApproved FunctionsAccessIndicator
Create DMKCreate a DMK, use the Shamir Secrets Share algorithm to divide the DMK into 3 component keys, and back up these three keys to three external USB tokens respectively. Then derive PK through DMKCODevice Master Key (DMK), Protection Key (PK)HASH_DRBG, KBKDF [108] (Cert. #A2750)G, R, EApproved mode; ERROR_OK; ERROR_HSM _STATE;
Restore DMKImport 2 component keys stored in the USB token into the cryptographic module, synthesize the DMK through the Shamir Secrets Share algorithm, and then derive the PK through the DMK.CODevice Master Key (DMK), Protection Key (PK)KBKDF (Cert. #A2750)W, EApproved mode; ERROR_OK; ERROR_HSM _STATE;
Add MNGWrite ID and RSA public key from management console to the module.COCO RSA-pub KeyAES-256, SHA2-256, RSA-2048 SigVer. (Cert. #A2750)GApproved mode; ERROR_OK; ERROR_HSM _STATE;
MNG LoginThe cryptographic module authenticates the manager's identityCOCO RSA-pub KeyRSA-2048 SigVer, HASH_DRBG (Cert. #A2750)RApproved mode; ERROR_OK; ERROR_HSM _STATE;
MNG LogoutManager logoutCON/ARSA-2048 SigVer. (Cert. #A2750)N/AApproved mode; ERROR_OK; ERROR_HSM _STATE;
Add User ApplicationCreate a user, write the user name and default password to module, and store it with PK protection.COUser Password, Protection Key (PK)AES-256, SHA2-256, RSA-2048 SigVer. (Cert. #A2750)GApproved mode; ERROR_OK; ERROR_HSM _STATE;
Delete User ApplicationDelete user’s informationCOUser password, Protection Key (PK)AES-256, SHA2-256, RSA-2048 SigVer. (Cert. #A2750)ZApproved mode; ERROR_OK; ERROR_HSM _STATE;
Reset User Application passwordmodify user password, write the new default password to the module, and store it with PK protection.COProtection Key (PK)AES-256, SHA2-256, RSA-2048 SigVer. (Cert. #A2750)WApproved mode; ERROR_OK; ERROR_HSM _STATE;
List User ApplicationList all currently existing User Application usersCON/AN/ARApproved mode; ERROR_OK; ERROR_HSM _STATE;
Create User KeyCreate user key, and store it with PK protection.COUser AES key, User ECDSA- pub Key, User ECDSA- priv Key, User RSA-pub Key, User RSA-priv Key, Protection Key (PK)AES-256, SHA2-256, RSA-2048, ECDSA-P256 (Cert. #2750)GApproved mode; ERROR_OK; ERROR_HSM _STATE;
Remove User KeyRemove user keyCOUser AES key, User ECDSA- pub Key, User ECDSA- priv Key, User RSA-pub Key, User RSA-priv Key, Protection Key (PK)AES-256, SHA2-256, RSA-2048, ECDSA-P256 (Cert. #2750)ZApproved mode; ERROR_OK; ERROR_HSM _STATE;
List User KeyList user key typesCON/AAES-256, SHA2-256, RSA-2048, ECDSA-P256 (Cert. #2750)RApproved mode; ERROR_HSM _STATE; ERROR_OK;
Key Derivation FunctionPerform Key Derivation using NIST SP800-108 KDF in CTR modeCODevice Master KEY (DMK), Protection Key (PK)KBKDF with HMAC- SHA-256 (Cert. #2750)R, W, EApproved mode; ERROR_HSM _STATE; ERROR_OK;
View LogView HSM logCON/AN/ARApproved mode; ERROR_HSM _STATE; ERROR_OK;
User Application LoginVerify Username and PASSWORDUserUser Password, RSA Key Decryption Key (KDK), RSA Key Encryption Key (KEK), Session AES Key, Session HMAC Key, Protection Key (PK)AES-256, HMAC- SHA-256, HASH_DRBG, SHA2- 256, KTS-RSA-2048 (Cert. #A2750)RApproved mode; ERROR_OK; ERROR_HSM _STATE;
User Application LogoutUser Application LogoutUserSession AES Key, Session HMAC KeyN/ARApproved mode; ERROR_OK; ERROR_HSM _STATE;
Modify User Application passwordmodify user password, write the new password to module, and store it with PK protection.UserUser password, Session AES Key, Session HMAC Key, Protection Key (PK)AES-256, HMAC- SHA-256, KTS-RSA- 2048 (Cert. #A2750)WApproved mode; ERROR_OK; ERROR_HSM _STATE;
AES CBC EncryptionUser uses AES CBC encryption serviceUserUser AES Key, Session AES Key, Session HMAC Key, Protection Key (PK)AES-256 CBC (Cert. #A2750)EApproved mode; ERROR_OK; ERROR_HSM _STATE;
AES CBC DecryptionUser uses AES CBC decryption serviceUserUser AES Key, Session AES Key, Session HMAC Key, Protection Key (PK)AES-256 CBC (Cert. #A2750)EApproved mode; ERROR_OK; ERROR_HSM _STATE;
AES ECB EncryptionUser uses AES ECB encryption serviceUserUser AES Key, Session AES Key, Session HMAC Key, Protection Key (PK)AES-256 ECB (Cert. #A2750)EApproved mode; ERROR_OK; ERROR_HSM _STATE;
AES ECB DecryptionUser uses AES ECB decryption serviceUserUser AES Key, Session AES Key, Session HMAC Key, Protection Key (PK)AES-256 ECB (Cert. #A2750)EApproved mode; ERROR_OK; ERROR_HSM _STATE;
RSA2048 Signature generationUser uses RSA 2048 signature generation serviceUserUser RSA-priv Key, Session AES Key, Session HMAC Key, Protection Key (PK)RSA-2048 SigGen (Cert. #A2750)EApproved mode; ERROR_OK; ERROR_HSM _STATE;
RSA2048 Signature verificationUser uses RSA 2048 Signature verification serviceUserUser RSA-pub Key, Session AES Key, Session HMAC Key, Protection Key (PK)RSA-2048 SigVer (Cert. #A2750)EApproved mode; ERROR_OK; ERROR_HSM _STATE;
ECDSA Signature generationUser uses ECDSA signature generation serviceUserUser ECDSA- priv Key, Session AES Key, Session HMAC Key, Protection Key (PK)ECDSA SigGen (Cert. #A2750)EApproved mode; ERROR_OK; ERROR_HSM _STATE;
ECDSA Signature verificationUser uses ECDSA Signature verification serviceUserUser ECDSA- pub Key, Session AES Key, Session HMAC Key, Protection Key (PK)ECDSA SigVer (Cert. #A2750)EApproved mode; ERROR_OK; ERROR_HSM _STATE;
Random Bit GenerationProvide random bits from the DRBGCO, UserDRBG-EI, DRBG-State, DRBG SeedDRBG [90A] (CERT. #A2750)R, W, EApproved mode; ERROR_OK; ERROR_HSM _STATE;
Display Module VersionDisplay version number of modules in HSM/hardware/ firmwareCO, UAN/AN/AR, EApproved mode; ERROR_OK; ERROR_HSM _STATE;
Display Module StatusView Module statusCO, UAN/AN/AR, EApproved mode; ERROR_OK; ERROR_HSM _STATE;
ZeroizeZeroization through Factory reset of the module, tamper switch or EFP failure.CO, UADevice Master Key (DMK), Protection Key (PK), User AES Key, User ECDSA- priv Key, User ECDSA- pub Key, User RSA-priv key, User RSA-pub keys, User Password, CO RSA-pub KeyN/AZApproved mode; ERROR_OK;
Self-TestsPerform the self-tests automatically when the module is powered on or restartedCO, UAN/AAES-256, HASH_DRBG [90A], ESV [90B] HMAC-SHA-256 KBKDF [108] KTS-RSA-2048 SHA2-256, RSA-2048, ECDSA-P256 (Cert. #2750)R, EApproved mode; ERROR_OK;
Set Mode of operationSet the mode of operationCOCO RSA-pub KeyRSA-2048 SigVer HASH_DRBG (Cert. #A2750)W, EApproved mode; ERROR_OK; ERROR_HSM _STATE;

RIGFORT Pro Blockchain HSM FIPS 140-3 Security Policy 4.3 Services All services implemented by the Module are listed in Table 14 and Table 15 below. The SSPs modes of access shown in Table 14 are defined as:

Page 20

RIGFORT Pro Blockchain HSM FIPS 140-3 Security Policy G N/A Z W N/A R Version 1.7 Amber Group Public Material

Page 21

RIGFORT Pro Blockchain HSM FIPS 140-3 Security Policy N/A R R, W, E N/A N/A R R N/A Version 1.7 Amber Group Public Material

Page 22

RIGFORT Pro Blockchain HSM FIPS 140-3 Security Policy W E E E Version 1.7 Amber Group Public Material

Page 23

RIGFORT Pro Blockchain HSM FIPS 140-3 Security Policy E E E N/A N/A E Amber Group Public Material

Page 24

RIGFORT Pro Blockchain HSM FIPS 140-3 Security Policy N/A N/A N/A N/A R, E Z R, E Version 1.7 Amber Group Public Material

Page 25
Service
NameDescriptionRolesApproved FunctionsIndicator
Create User KeyCreate user keyCOECDSA_secp256k1, ed25519, SM2, SM4, SR25519Non-Approved Mode; ERROR_OK; ERROR_HSM_S TATE; ERROR_HSM_ MODE;
Remove User KeyRemove user keyCOECDSA_secp256k1, ed25519, SM2, SM4, SR25519Non-Approved Mode; ERROR_OK; ERROR_HSM_S TATE; ERROR_HSM_ MODE;
List User KeyList user key typesCOECDSA_secp256k1, ed25519, SM2, SM4, SR25519Non-Approved Mode; ERROR_OK; ERROR_HSM_S TATE; ERROR_HSM_ MODE;
SM4 DecryptionUser uses sm4 decryption serviceUserSM4Non-Approved Mode; ERROR_OK; ERROR_HSM_S TATE; ERROR_HSM_ MODE;
SM4 EncryptionUser uses sm4 encryption serviceUserSM4Non-Approved Mode; ERROR_OK; ERROR_HSM_S TATE; ERROR_HSM_ MODE;
SM2 Signature generationUser uses sm2 signature generation serviceUserSM2Non-Approved Mode; ERROR_OK; ERROR_HSM_S TATE; ERROR_HSM_ MODE;
SM2 Signature verificationUser uses sm2 Signature verification serviceUserSM2Non-Approved Mode; ERROR_OK; ERROR_HSM_S TATE; ERROR_HSM_ MODE;
ECDSA_secp256k 1 Signature generationUser uses ECDSA_secp256k1 signature generation serviceUserECDSA_secp256k1Non-Approved Mode; ERROR_OK; ERROR_HSM_S TATE; ERROR_HSM_ MODE;
ECDSA_secp256k 1 Signature verificationUser uses ECDSA_secp256k1 Signature verification serviceUserECDSA_secp256k1Non-Approved Mode; ERROR_OK; ERROR_HSM_S TATE; ERROR_HSM_ MODE;
sr25519 Signature generationUser uses sr25519 signature generation serviceUsersr25519Non-Approved Mode; ERROR_OK; ERROR_HSM_S TATE; ERROR_HSM_ MODE;
sr25519 Signature verificationUser uses sr25519 Signature verification serviceUsersr25519Non-Approved Mode; ERROR_OK; ERROR_HSM_S TATE; ERROR_HSM_ MODE;
ed25519 Signature generationUser uses ed25519 signature generation serviceUsered25519Non-Approved Mode; ERROR_OK; ERROR_HSM_S TATE; ERROR_HSM_ MODE;
ed25519 Signature verificationUser uses ed25519 Signature verification serviceUsered25519Non-Approved Mode; ERROR_OK; ERROR_HSM_S TATE; ERROR_HSM_ MODE;
ripmd160 digestUser uses ripmd160 message digest serviceUserripmd160Non-Approved Mode; ERROR_OK; ERROR_HSM_S TATE; ERROR_HSM_ MODE;
SHA3-256 digestUser uses sha3-256 message digest serviceUserSHA3-256Non-Approved Mode; ERROR_OK; ERROR_HSM_S TATE; ERROR_HSM_ MODE;
SM3 digestUser uses SM3 message digest serviceUserSM3Non-Approved Mode; ERROR_OK; ERROR_HSM_S TATE; ERROR_HSM_ MODE;
ZeroizeZeroization through Factory reset of the module, tamper switch or EFP failure.COECDSA_secp256k1, ed25519, SM2, ripmd160, SHA3-256, SM3, SM4, SR25519Non-Approved Mode; ERROR_OK;

RIGFORT Pro Blockchain HSM FIPS 140-3 Security Policy Table 15

Page 26

RIGFORT Pro Blockchain HSM FIPS 140-3 Security Policy Version 1.7 Amber Group Public Material

Page 27

RIGFORT Pro Blockchain HSM FIPS 140-3 Security Policy Version 1.7 Amber Group Public Material

Page 28

RIGFORT Pro Blockchain HSM FIPS 140-3 Security Policy NOTE: All non-approved services are only available in Non-Approved mode. If invoke any non-approved service in approved mode, the module will return error code ERROR_HSM_MODE. NOTE: All services in Table 14 and Approved SSPs in Table 20 and Table 21 are available in Non-Approved mode. These services are considered non-approved services. Version 1.7 Amber Group Public Material

Page 29

RIGFORT Pro Blockchain HSM FIPS 140-3 Security Policy Software/Firmware Security The Module is a Level 3 multi-chip standalone hardware module. Firmware integrity verification uses an approved digital signature cryptographic mechanism, if the calculated result is not successfully verified, the test fails, and the module enters the error state. In the production process, the public key of the firmware integrity key pair is written into the flash of the AS578 in plaintext. Use the sha256 algorithm to calculate the message digest of the bootloader, kernel, and application of the IMX6 and the message digest of the executable code of the AS578, sign these message digests with the private key of the firmware integrity key pair, and write these signatures into the flash of the AS578. The firmware integrity check of IMX6 and AS578 is performed as follows: AS578:

Page 30

RIGFORT Pro Blockchain HSM FIPS 140-3 Security Policy Operational Environment The Module has a non-modifiable operational environment under the FIPS 140-3 definitions. The tested operational environment is listed in Table 2. The Module does not include a firmware load service to support necessary updates. Any firmware not identified in this Security Policy does not constitute the Module defined by this Security Policy or covered by this validation. Version 1.7 Amber Group Public Material

Page 31
Physical SecurityRecommended Frequency ofInspection/Test Guidance Details
MechanismInspection/Test
Tamper-Evident SealsInspect tamper-evident seals monthly.Look for signs of tampering. If tampering is suspected, then the module must be removed from service.

RIGFORT Pro Blockchain HSM FIPS 140-3 Security Policy The module is a multiple-chip standalone cryptographic module. Physical security is designed according to Level 3 standards. 7.1 The cryptographic module is contained within a strong enclosure with four (4) tamper-evident seals on the top, left side and bottom and right side and bottom as described in Table

  1. Each tamper evident seal is individually identifiable. The cryptographic module will perform EFP. If the voltage falls outside the normal operating range of the module, the module will shut down immediately. The Voltage range is 68V280V. If the temperature falls outside the normal operating range of the module, the module will immediately zeroizes all unprotected SSPS. The temperature range is -2℃---46℃. Table 16 – Physical Security Inspection Guidelines The Module will be shipped from the manufacturer with tamper-evident seals pre-installed. To operate the Module in an Approved mode of operation, the CO role shall inspect the tamper-evident seals IB6127370XXX as shown in Figure 10 to Figure 13 on the reception of the Module. Detailed information is provided in Table
  2. If the CO determines that the seals were tampered with, the module is to be removed from service and no longer allowed to be used and is not to be returned to the vendor. The CO will perform the factory reset to zeroize all SSPs. Version 1.7 Amber Group Public Material – May be reproduced only in its original entirety (without revision).
Page 32

RIGFORT Pro Blockchain HSM FIPS 140-3 Security Policy Seal ID 1 and 2 Figure 10

Page 33
Seal IDPlacement
1Top side
2Top side
3Left side and bottom
4Right side and bottom

RIGFORT Pro Blockchain HSM FIPS 140-3 Security Policy Figure 12

Page 34
Temperature or voltageEFPResults
measurementdescription
Low Temperature-2.6℃A tamper flag is raised, zeroization will proceed.Zeroization
High Temperature46℃A tamper flag is raised, zeroization will proceed.Zeroization
Low Voltage68VA tamper flag is raised, triggering the product to shut down immediatelyShut down
High Voltage280VA tamper flag is raised, triggering the product to shut down immediatelyShut down

RIGFORT Pro Blockchain HSM FIPS 140-3 Security Policy 7.2 Tamper Detection The cryptographic module includes a tamper detection feature that will immediately zeroize all SSPs when the module's cover is removed. This forces a factory reset and will put the module into the Invasive Error State. This will also close all external interfaces and stop providing all services. The tamper detection remains active at all times including when the module is powered off, which at that point, will operate with an internal battery. As the tamper-evident seals will need to be broken to remove the cover, there is no recovery from the error state as the module will no longer be in service. 7.3 Environmental Failure Protection (EFP) The cryptographic module includes Environmental Failure Protection (EFP). If the voltage falls outside the normal operating range of the module, the module will shut down immediately. If the temperature falls outside the normal operating range of the module, the module will immediately zeroizes all unprotected SSPS. See Table 18 for the temperature and voltage measurements Table 18

Page 35

RIGFORT Pro Blockchain HSM FIPS 140-3 Security Policy Non-Invasive Security The Module does not implement any mitigation method against non-invasive attack. Version 1.7 Amber Group Public Material

Page 36
MethodDescription
G1G1Generated internally by using the internal CAVP validated DRBG during module
initialization
G2Derived by DMK using SP800-108 CTR KDF (HMAC-SHA256 PRF)
G3FIPS 186-4 compliant RSA key generation, using the internal CAVP validated DRBG
G4Symmetric key generated by internal CAVP validated DRBG
G5FPS 186-4 compliant ECDSA key generation, using the internal CAVP validated DRBG.
G7Generated external to the Module and installed during manufacturing
G8Generated internally by using the internal entropy source
E1E1Input in plaintext from 2 of the 3 components stored in the token during module
initialization using trusted channel and split knowledge
E2Split into 3 components and Output to 3 tokens in plaintext using trusted channel and
split knowledge.
E3Public key output in plaintext
E4E4Generated by SDK using AES algorithm and transmitted into the module through KTS-
RSA
E5Encrypted by session key and Input by User application
E6Generate by USB_TOKEN and imported as identify Key
E7Input at manufacturer
E8E8Generated by SDK using HMAC-SHA256 algorithm and transmitted into the module
through KTS-RSA
S1Only stored in volatile memory (RAM).
S2Stored in flash encapsulated by PK
S3Stored in flash in plaintext
Z1Zeroized by Module power cycle
Z2Zeroized by the “zeroize” service by overwriting with a fixed pattern of 0s.
Z3Dereferenced by session termination and zeroized by OS memory cleanup.
Z4Zeroized when the tamper switch is triggered or EFP failed.
Z5Zeroized by Factory reset

RIGFORT Pro Blockchain HSM FIPS 140-3 Security Policy Sensitive Security Parameter (SSP) Management The SSPs access methods are described in Table 19 below: Table 19

Page 37
Sensitive security parameter
NameStrengthSecurity FunctionGenerationEstablishmentStorageZeroizationUseImport ExportDevice Master Key (DMK)
Key (PK)SP800-108AES algorithm andKey (PK)
CTR (Cert.CTR (Cert.store (S2) in flash
#A2750)#A2750)inside the module.
2048 (Cert.2048 (Cert.transport key used to
#A2750)#A2750)decrypt the RSA Key
SHA256SHA256and verification with
#E17#E17inputs 512 bits of
(V and Cinformation and(V and C
value (Per IGtemporary variablesvalue (Per IG
D.L entropyfor approved DRBGD.L entropy
meets thefunction.meets the
User AES Key128/192/ 256G4N/AS2Z2, Z5User encryption andN/AUser AES KeyAES CBC, ECB (Cert. #A2750)
User ECDSA- priv Key128G5N/AS2Z2, Z5User SignatureN/AECDSA P- 256 (Cert. #A2750)
User RSA- priv Key112G3N/AS2Z2, Z5User SignatureN/ARSA 2048 (Cert. #A2750)
User Password8 charac- tersN/AE5S2Z2, Z5User identityIN/A

RIGFORT Pro Blockchain HSM FIPS 140-3 Security Policy 9.1 Critical Security Parameters (CSP) All CSPs used by the Module are described in this section. All usage of these CSPs by the Module is described in the services detailed in 0. Table 20

Page 38

RIGFORT Pro Blockchain HSM FIPS 140-3 Security Policy Import EstablishZeroizaStorage and SP80090B) N/A N/A and SP80090B) N/A N/A N/A N/A N/A N/A N/A N/A N/A I Version 1.7 Amber Group Public Material

Page 39
Sensitive security parameter
NameStrengthSecurity FunctionGenerationEstablishmentStorageZeroizationImport ExportPSPUse / Related SSPs
[FIPS 186-4]112RSA 2048N/AE6S2Z2, Z4, Z5N/ACO RSA-pub KeyRSA 2048 (Cert. #A2750)
CO Authentication(Cert.
RSA (2048) key112KTS-RSAG3N/AS1Z1, Z3, Z4, Z5E3RSA Key Encryption Key (KEK)RSA (2048) key transport (Encryption) key
transport2048
(Encryption) key(Cert.
[FIPS 186-4]128ECDSAG5N/AS2Z2, Z5N/AUser ECDSA-pubECDSA P256 (Cert. #A2750)
ECDSA signatureP256
verification key and(Cert.
protected by the#A2750)
[FIPS 186-4]112G3N/AS2Z2, Z5N/AUser RSA- pubRSA 2048 (Cert. #A2750)

RIGFORT Pro Blockchain HSM FIPS 140-3 Security Policy 9.2 Public Security Parameters (PSP) All PSPs used by the Module are described in this section. All usage of these PSPs by the Module is described in the services detailed in Table 15. Table 21

Page 40
API call
NameCallDescriptionMethodError State
Firmware integrityFirmwareThe public key of the firmware integrity key pair is writtenFirmware integrityRSA Digital Signature FIPS 186-4RSA DigitalES1ES1
integrityintegrityinto the flash of the AS578 in plaintext. Use the sha256Signature FIPS
186-4algorithm to calculate the message digest of the186-4
Entropy Critical FunctionWhen HSM powers on, SP800-90B health tests areEntropy Critical FunctionAPT and RCTES1
Error StateDescriptionIndicator
ES1ES1The Module fails a KAT, PCT or firmware integrity pre-The Module enters the critical error state and outputs status of the red LED stays on, the blue LED flashes quickly, otherwise it indicates successful completion by Red LED flashes quickly, blue LED flashes normally.The Module enters the critical error
operational self-test.state and outputs status of the red
When HSM enters ES1, the input and output are all closed,LED stays on, the blue LED flashes
and the only operation to recovery from error state is toquickly, otherwise it indicates
switch power button to restart HSM. After restart, thesuccessful completion by Red LED
HSM performs self-test, that will determine which stateflashes quickly, blue LED flashes
HSM will enter. If HSM enters error state again, the COnormally.
must send the HSM to vendor.

RIGFORT Pro Blockchain HSM FIPS 140-3 Security Policy categorized as either pre-operational self-tests or conditional self-tests. the module is powered on, without external input or control. The Module will not accept any commands when a periodic self-test is required; the commands still in the I/O buffer will be processed by The Module and the periodic self-test executed when the I/O buffer is emptied. The Module logs self-test errors in the system log, the CO can consult the error log by View system logs on management software. When HSM powers on, the operator can perform the on-demand self-test through power cycling. Table 22

Page 41

RIGFORT Pro Blockchain HSM FIPS 140-3 Security Policy Version 1.7 Amber Group Public Material

Page 42
API call
NameCallDescriptionMethodError State
AES – ECBAES – ECBAES(ECB) with 256-bit key, encryptionAES – ECBKATKATES1ES1
AES – CBCAES(CBC) with 256-bit key, encryptionAES – CBCKATES1
DRBGDRBGHash_DRBG using SHA-256, with PRKATES1
ECDSAECDSAECDSA with P-256 and SHA-256, signature generationECDSAKATKATES1ES1
ECDSA Key GenerationECDSA Key GenerationECDSA P-256 Key Generation Pairwise Consistency TestPCTES1
ESVESVAn RCT and APT as specified in [90B] section 4.4 areESVSP 800- 90B Health- TestSP 800-ES1ES1
90Bexecuted before generation of the DRBG entropy input.90B
Health-When the entropy source fails health test, the entropyHealth-
Testsource cannot generate enough entropy. At this time, theTest
HMACHMACKATES1HMAC-SHA2-256
KBKDF SP800-108KBKDF SP800-108KATES1HMAC-SHA2-256 in Counter Mode
RSARSARSA PKCS#1v1.5 with 2048-bit key and SHA-256, signatureRSAKATKATES1
RSA Key Generation2048-bit RSA Encryption and Decryption per IG D.G.RSA Key GenerationPCTES1
SHS (Cert. #A2749)SHS (Cert. #A2749)SHA2-256KATES1
SHS (Cert. #A2750)SHS (Cert. #A2750)SHA2-256KATES1

RIGFORT Pro Blockchain HSM FIPS 140-3 Security Policy The Module performs the following conditional self-tests: Table 24

Page 43

RIGFORT Pro Blockchain HSM FIPS 140-3 Security Policy

11 Life-Cycle Assurance
11.1 Secure Installation, Initialization, Startup and Operation of the Module

The module will be securely delivered to the operators via UPS with tracking codes to ensure there is no tampering during delivery. Upon receipt of the module, the CO must check that the module's outer packaging is intact or that the packaging has been opened during transport. Upon delivery, the operator must initialize the module as follows:

  1. The operator must ensure that the initial security configuration of the module is completed in a restricted environment using a direct cabled serial connection from the management console (standalone PC).
  2. From the management program on the console, the operator must select the COM port by selecting “Connect” from the menu bar.
  3. Next, the operator must create the Manager role (CO) by selecting from the Management program menu: Device → Add MNG. The operator then must insert the first of 3 USB tokens. A new PASSWORD (8 characters) will be required and stored on the USB token.
  4. Repeat this process twice more with different USB Tokens. When the three Manager roles have been created, HSM can be initialized.
  5. Next, the operator will create DMK for the HSM, and export DMK components to USB tokens. Select from the Management program menu: Device → Create DMK. With 3 different USB token, CO must sign in the HSM three (3) times, and store DMK component to each USB token. One DMK component, one USB token.
  6. With one of 3 USB tokens, the operator selects from menu, choose: Device → Set Mode of Operation, and choose “FIPS Mode”. Once “OK” is selected, the module will reboot and perform the Pre-Operational and Conditional KAT Self-Tests.
  7. Select from menu Tools → Reset HSM, which zeroizes all the SSPs, will remove the module from the Approved Mode of Operation
11.2 Cryptographic Officer Guidance

The serial port is used to connect the cryptographic module and the management computer. The CO implements management functions such as Add MNG, Restore DMK, user application management, and key management through the management computer. The following is the specific function description. Connect HSM Before use HSM, you have to connect to it first. Choose “Connect” from menu, then the dialog below will appear: Version 1.7 Amber Group Public Material

Page 44

RIGFORT Pro Blockchain HSM FIPS 140-3 Security Policy Figure 14

Page 45

RIGFORT Pro Blockchain HSM FIPS 140-3 Security Policy Figure 16

Page 46

RIGFORT Pro Blockchain HSM FIPS 140-3 Security Policy Figure 18

11.3 User Guidance

The Type-C Port is used to connect the cryptographic module and the communication computer. The communication computer is connected to the application server via Ethernet. When CO creates a user account, a default password is generated. The default password is emailed to the appropriate user. The user must change the password when logging in for the first time. Users can access the services of the cryptographic module only after their identity authentication is passed. The cryptographic module provides user applications with services such as user login/logout, data encryption and decryption, data signature and verification. Users are responsible for protecting their passwords from theft.

12 Mitigation of Other Attacks

The Module does not implement any mitigation method against other attacks. Version 1.7 Amber Group Public Material

Page 47
Acronyms
NameTermDefinitionAbbreviationFull Specification Name
[FIPS140-3][FIPS140-3]Security Requirements for Cryptographic Modules, March 22, 2019
[ISO19790][ISO19790]International Standard, ISO/IEC 19790, Information technology — Security techniques — Test requirements for cryptographic modules, Third edition, March 2017
[ISO24759][ISO24759]International Standard, ISO/IEC 24759, Information technology — Security techniques — Test requirements for cryptographic modules, Second and Corrected version, 15 December 2015
[IG][IG]Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program, October 7, 2022
[108][108]NIST Special Publication 800-108 rev1, Recommendation for Key Derivation Using Pseudorandom Functions (Revised), August 17, 2022
[131A][131A]Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths, Revision 2, March 2019
[132][132]NIST Special Publication 800-132, Recommendation for Password-Based Key Derivation, Part 1: Storage Applications, December 2010
[133][133]NIST Special Publication 800-133, Recommendation for Cryptographic Key Generation, Revision 2, June 2020
[135][135]National Institute of Standards and Technology, Recommendation for Existing Application- Specific Key Derivation Functions, Special Publication 800-135rev1, December 2011.
[186][186]National Institute of Standards and Technology, Digital Signature Standard (DSS), Federal Information Processing Standards Publication 186-4, July 2013.
[197][197]National Institute of Standards and Technology, Advanced Encryption Standard (AES), Federal Information Processing Standards Publication 197, November 26, 2001
[198][198]National Institute of Standards and Technology, The Keyed-Hash Message Authentication Code (HMAC), Federal Information Processing Standards Publication 198-1, July, 2008
[180][180]National Institute of Standards and Technology, Secure Hash Standard, Federal Information Processing Standards Publication 180-4, August, 2015
[202][202]FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions, FIPS PUB 202, August 2015
[38A][38A]National Institute of Standards and Technology, Recommendation for Block Cipher Modes of Operation, Methods and Techniques, Special Publication 800-38A, December 2001
[38B][38B]National Institute of Standards and Technology, Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication, Special Publication 800-38B, May 2005
[38C][38C]National Institute of Standards and Technology, Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality, Special Publication 800-38C, May 2004
[38D][38D]National Institute of Standards and Technology, Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC, Special Publication 800-38D, November 2007
[38E][38E]National Institute of Standards and Technology, Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devices, Special Publication 800-38E, January 2010
[38F][38F]National Institute of Standards and Technology, Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping, Special Publication 800-38F, December 2012
[56Ar3][56Ar3]NIST Special Publication 800-56A Revision 3, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography, April 2018
[56Br2][56Br2]NIST Special Publication 800-56B Revision 2, Recommendation for Pair-Wise Key Establishment Schemes Using Finite Field Cryptography, March 2019
[56Cr2][56Cr2]NIST Special Publication 800-56C Revision 2, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography, August 2020
[67][67]National Institute of Standards and Technology, Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher, Special Publication 800-67rev2, November 17 2017
[90A][90A]National Institute of Standards and Technology, Recommendation for Random Number Generation Using Deterministic Random Bit Generators, Special Publication 800-90A, Revision 1, June 2015.
[90B][90B]National Institute of Standards and Technology, Recommendation for the Entropy Sources Used for Random Bit Generation, Special Publication 800-90B, January 2018.
AcronymAcronymDefinition
AESAESAdvanced Encryption Standard
APTAPTAdaptative Proportion Test
CBCCBCCipher Block Chaining
COCOCryptographic Officer
CTRCTRCounter
AcronymAcronymDefinition
DMKDMKDevice Master Key
DRBGDRBGDeterministic Random Bit Generator
ECBECBElectronic Codebook
ECDSAECDSAElliptic Curve Digital Signature Algorithm
EFPEFPEnvironmental Failure Protection
ENTENTApproved SP800-90B Entropy Source
ESVESVEntropy Source Validation
FIPSFIPSFederal Information Processing Standard
HMACHMACHash Message Authentication Code
HSMHSMHardware Security Module
KATKATKnow Answer Test
KBKDFKBKDFKey-Based Key Derivation Functions
KDFKDFKey Derivation Function
KTSKTSKey Transport Methods
NISTNISTNational Institute of Standards and Technology
OAEPOAEPOptimal Asymmetric Encryption Padding
PCTPCTPairwise Consistency Test
PKPKProtection Key
PKCSPKCSPublic-Key Cryptography Standards
PRPRPrediction Resistance
RAMRAMRandom Access Memory
RCTRCTRepetition Count Test
RSARSARivest-Shamir-Adleman
PUBPUBPublication
SDKSDKSoftware Develop Kit
SHASHASecure Hash Algorithm
SHSSHSSecure Hash Standard

RIGFORT Pro Blockchain HSM FIPS 140-3 Security Policy

13 References and Definitions

The following standards are referred to in this Security Policy. Table 25

Page 48

RIGFORT Pro Blockchain HSM FIPS 140-3 Security Policy Table 26

Page 49

RIGFORT Pro Blockchain HSM FIPS 140-3 Security Policy Version 1.7 Amber Group Public Material