All modules
CMVP Validated Module · FIPS 140-3 Security Policy

Quadient Postal Security Device

Certificate#4909StandardFIPS 140-3Level3TypeHardwareEmbodimentMulti-Chip EmbeddedStatusActiveVendorQuadient Technologies
Medium review priority  ·  no TCB surface named  ·  last validated 19 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level3
Module typeHardware
EmbodimentMulti-Chip Embedded
StatusActive
Sunset date12/2/2026
CaveatInterim Validation
VendorQuadient Technologies

Approved Algorithms (17)

AlgorithmACVP Cert
AES-CBCA728
AES-CBCA728
AES-CMACA760
Conditioning Component Block Cipher Derivation Function SP800-90BA3803
Counter DRBGA2930
DSA KeyGen (FIPS186-4)A767
ECDSA KeyGen (FIPS186-4)A2931
ECDSA SigGen (FIPS186-4)A2931
ECDSA SigVer (FIPS186-4)A2931
HMAC-SHA-1A729
HMAC-SHA2-256A729
HMAC-SHA2-256A729
KAS-FFC-SSC Sp800-56Ar3A2929
KDF TLSA761
RSA KeyGen (FIPS186-4)A765
SHA-1A730
SHA2-256A730

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for Quadient Postal Security Device
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>update<br/>Firmware load</i>"]
    C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>status output<br/>Unauthenticated<br/>Self-test</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>no library/version identified</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
    I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C2,C3,C5,C6 clue;
  class I2,I3,I5,I6 infer;
  class R2,R3,R5,R6 risk;
  class E2,E3,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for Quadient Postal Security Device
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>update<br/>Firmware load</i><br/>src: text:keyword"]
    C3["[low] Self-test / status surface (referenced in text)<br/><i>status output<br/>Unauthenticated<br/>Self-test</i><br/>src: text:keyword"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>no library/version identified</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C2,C3,C5,C6 clueLow;

Security Policy, page by page

Page 1

Classification: External Quadient Postal Security Device Security Policy Valid from: 27/11/2024 Version No.: V 1.2 This document is non-proprietary. It may be reproduced or transmitted only in its entirety without revision. © Quadient

Page 2

Classification: External Document Name: Security Policy Content Page 2/28

Page 3

Classification: External Document Name: Security Policy Page 3/28

Page 4

Classification: External Document Name: Security Policy Figure list Table list Page 4/28

Page 5

Classification: External Document Name: Security Policy

  1. General This document describes the security policy of the Quadient Technologies France (Quadient) Postal Security Device under the terms of FIPS 140-3 validation. This document contains a statement of the security rules under which the Quadient Postal Security Device operates. The Quadient Postal Security Device is designed to meet the overall requirements applicable for FIPS 140-3 Security Level
  2. ISO/IEC 24759 Section 6 FIPS 140-3 Section Title Security Level
1 General 3
2 Cryptographic module specification 3
3 Cryptographic module interfaces 3
4 Roles, services, and authentication 3
5 Software/Firmware security 3
6 Operational environment N/A
7 Physical security 3
8 Non-invasive security N/A
9 Sensitive security parameter management 3
10 Self-tests 3
11 Life-cycle assurance 3
12 Mitigation of other attacks 3

Overall Level 3 Table 1: Security Levels Page 5/28

Page 6

Classification: External Document Name: Security Policy 2. Cryptographic module specification 2.1. Overview The Quadient Postal Security Device is a hardware cryptographic module embedded within Quadient postal franking machines. The Quadient Postal Security Device performs all franking machine’s cryptographic and postal security functions and protects the Critical Security Parameters (CSPs) and Postal Relevant Data from unauthorized access. Model Hardware Part Number Firmware Part Number Firmware Version Quadient Postal A0014227-B and A0014227-C A0156569A a31.05 Security Device Table 2: Cryptographic Module Tested Configuration The Quadient Postal Security Device (Figure 1) is a multi-chip standalone cryptographic module enclosed within a hard, opaque, plastic enclosure encapsulating the epoxy potted module which is wrapped in a tamper detection envelope with a tamper response mechanism. This enclosure constitutes the cryptographic module’s physical boundary. Figure 1

Page 7

Classification: External Document Name: Security Policy 2.4. Security industry protocols The cryptographic module implements the TLS v1.2 protocol and uses only one cipher suite (TLS-DHE-RSAWITH-AES-128-CBC-SHA256). The TLS protocol is composed of TLS Handshake protocol (used for mutual authentication and TLS pre-master secret establishment) and TLS Record protocol (used for application data confidentiality and integrity). 2.5. Security functions 2.5.1. Approved Algorithms The Quadient Postal Security Device supports the following approved security functions: CAVP Algorithm and Modes/ Description/ Key Use/Function Cert. Standard Methods Size(s)/ Key Strength(s) Cert. #A728 AES CBC CBC 128 Encryption/Decryption of: FIPS 197

1 ECDSA P-244 Signature Verification is included on the algorithm certificate but not used by the module.

Page 8

Classification: External Document Name: Security Policy CAVP Algorithm and Modes/ Description/ Key Use/Function Cert. Standard Methods Size(s)/ Key Strength(s) Cert. #A2929 KAS-SSC FFC DH 112 Key agreement used to establish TLS SP 800-56A r3 session keys C(2e, 0s, FFC DH), with DSA KeyGen (Cert. #A767) as a prerequisite, using loaded ffdhe2048 safe prime domain parameters. Provides 112 bits of encryption strength. AES (Cert. KTS AES CBC 128 bits TLS key transport scheme, using #A728) SP 800-38F HMAC-SHA-256 256 bits keys established with KAS-SSC and HMAC (Cert. TLS KDF. Provides 112 bits of #A729) encryption strength. Cert. #A765 RSA SHA-256 2048 Key Generation FIPS 186-4 PKCS1 v1.5 Signature generation/Signature verification of X509 certificates used by TLS Handshake protocol, Signature verification of signed files imported into the module2 Cert. #A730 SHS SHA-1, SHA-256 N/A Hashing algorithm used for: FIPS 180-4

2 RSA Signature Verification to FIPS 186-2 with modulo 1536 is listed on the algorithm certificate but not utilized by the module.

Page 9

Classification: External Document Name: Security Policy 2.5.4. Non-Approved Algorithms The module supports only approved algorithms. Algorithm and Modes/ Description/ Key Size(s)/ Use/Function Standard Methods Key Strength(s) N/A N/A N/A N/A Table 6: Non-Approved Algorithms 2.5.5. Security Function Implementations (SFI) Name Type Description SF Properties Algorithms / CAVP Cert. KAS KAS NIST SP 800- FFC (2048, 224) KAS-SSC (Cert. #A2929) 56Arev3 KAS-SSC Providing 112 bits of CVL (Cert. #A761) Per IG D.F encryption strength Scenario 2 path (2). KTS KTS NIST SP 800-38F. 128-bit key providing 128 AES-CBC (Cert. #A728) KTS (key wrapping bits of encryption HMAC-SHA-256 (Cert. and unwrapping) strength #A729) per IG D.G. Table 7: Security Function Implementations 2.5.6. Entropy Sources The module includes an internal entropy source for the generation of the DRBG seed. Please refer to the entropy source validation (ESV) certificate E58. Vendor Name Certificate Number Quadient Technologies France E58 Table 8: Entropy Source Implementations The entropy source generates 384 bits of entropy input which is combined with a 64-bit nonce, 64-bit personalization string, and 128 bits of additional input. This input is used to instantiate (or reseed) the CTRDRBG. The entropy source has a rate of 88% and therefore provides the DRBG with a full 128-bit security strength. 2.5.7. Key Establishment The module supports the establishment of cryptographic keys using finite field cryptography (FFC) in conformance with NIST SP 800-56A Rev3. The module implements KAS-FFC-SSC per NIST SP 800-56A Rev3 (Cert. #A2929), used in conjunction with TLS KDF per NIST SP 800-135 (Cert. #A761). Key establishment methodology provides at least 112 bits of encryption strength. This is used to establish TLS v1.2 Page 9/28

Page 10

Classification: External Document Name: Security Policy communication sessions in conformance with NIST SP 800-38F using AES (Cert. #A728) and HMAC (Cert. #A729). 2.6. Security Rules This section documents the security rules applied by the cryptographic module to implement the security requirements of a FIPS 140-3 level 3 module:

  1. The PSD shall process only one request at a time (single thread). The PSD will ignore all other inputs to the module while processing the request. The only output performed by the PSD is the response to the request.
  2. Quadient Postal Security Device shall employ identity-based authentication mechanism.
  3. All authenticated sessions shall end when the module is power cycled.
  4. All keys generated in the module shall have at least 112 bits of cryptographic security strength for an Approved mode of operation.
  5. The module shall not provide any bypass capability.
  6. The PSD shall not support a maintenance role.
  7. The PSD shall not support manual input or output of CSPs.
  8. The PSD shall perform pre-operational and conditional self-tests without external control or operator intervention either in approved or non-approved mode. The PSD shall pass into the error state if the test fails.
  9. The PSD shall automatically perform periodic self-tests without external input or control. The PSD shall enter the error state if the test fails.
  10. The PSD shall inhibit all data output interfaces when performing self-tests, firmware loading, zeroization or while in the error state.
  11. The module shall not output any CSP in plaintext form.
  12. The module shall not accept any CSP in plaintext form.
  13. The PSD shall test the accessibility and validity of all CSP values in nonvolatile memories at power up. If any are not accessible (i.e., device failure) or contain erroneous data (16-bit EDC fails) then the PSD shall enter in error state.
  14. The PSD shall enter in the Faulted state and zeroize all SSPs if physical cryptographic boundary is breached or if the temperature inside the module exceeds 84°C.
  15. Once the PSD has been zeroized, it must be returned to the factory for destruction.
  16. Cryptographic module interfaces To communicate with the franking machine’s base the cryptographic module provides a physical 10-pin serial connector with five logical interfaces: Physical Port Logical Interface Data that passes over port/interface PIN 1: Ground N/A N/A PIN 2: Ground N/A N/A PIN 3: RX data input/control input PSD TLS Communication Certificate chain Indicia Authentication Secret Key PIN 4: RX data input/control input PSD TLS Communication Certificate chain Page 10/28
Page 11

Classification: External Document Name: Security Policy Indicia Authentication Secret Key PIN 5: TX data output/status output PSD TLS Communication Certificate chain PSD DH Public Key Indicia Authentication Public Keys PIN 6: TX data output/status output PSD TLS Communication Certificate chain PSD DH Public Key Indicia Authentication Public Keys PIN 7: Power power N/A PIN 8: Power power N/A PIN 9: Ground N/A N/A PIN 10: Ground N/A N/A Table 9: Ports and Interfaces The data output interface and cryptographic operations are inhibited during zeroization, key generation, self-tests, and error states. No plaintext CSPs are input or output from the module through this serial interface. 4. Roles, services, and authentication 4.1. Roles The Quadient Postal Security Device supports authorized roles for operators and corresponding services within each role. The Quadient Postal Security Device supports the following Crypto-Officer roles: Field Crypto-Officer and Postal Crypto-Officer. The Quadient Postal Security Device supports the following User roles: Base User, R&D Signer and Unauthenticated User. For each role, the Quadient Postal Security Device provides the following services and the corresponding input and outputs: Page 11/28

Page 12

Classification: External Document Name: Security Policy Role Service Input Output Field Crypto-Officer TLS Handshake Field Server TLS Communication Certificate chain, PSD TLS Communication Certificate chain, Field Server DH Public parameters (p, g, Y) TLS DH Public Key (Y) Generate PKI Key N/A PSD TLS Communication Certificate (self-signed) Get PKI Certificate N/A PSD TLS Communication Certificate chain Set PKI Certificate PSD TLS Communication Certificate chain N/A Postal Crypto-Officer TLS Handshake Postal Server TLS Communication Certificate PSD TLS Communication Certificate chain, chain, TLS DH Public Key (Y) Postal Server DH Public parameters (p, g, Y) Generate Stamp Key Expiry date Indicia Authentication Secret or Private and Public Keys Set Stamp Key Indicia Authentication Key (encrypted), expiry N/A date Software download Utility certificate, Root Certificate Ok or error code Postal services (set resetting value, get Postal data Postal data, status statistic) Read Status (Get Device Info service) N/A PSD State Read Part Number (Get Device Info N/A PART_NUMBER (package/firmware) service) Base User TLS Handshake Base TLS Communication Certificate chain, PSD TLS Communication Certificate chain, Base DH Public Key (Y) TLS DH Public parameters (p, g, Y) Postal Indicia Indicia input data Indicia digital signature or MAC Read Status (Status request) N/A PSD State Read Part Number (Get Device Info N/A PART_NUMBER (package/firmware) service) Self-test N/A Ok or error message Get Error Log N/A Error log information, includes most recent error codes, date & time stamps Page 12/28

Page 13

Classification: External Document Name: Security Policy Role Service Input Output R&D Signer User Verify Files (Check File) Utility Certificate, Root Certificate, file’s signature Ok or error code & hash TLS Handshake R&D Signer Communication Certificate chain PSD TLS Communication Certificate chain, R&D Signer User DH Public Key (Y) TLS DH Public parameters (p, g, Y) Unauthenticated Read Status (Status request) N/A PSD State User Read Part Number (Get Device Info N/A PART_NUMBER (package/firmware) service) Zeroize SSP N/A Ok or error code Table 10: Roles, Service Commands, Input and Output Page 13/28

Page 14

Classification: External Document Name: Security Policy 4.2. Authentication To control access to the module the Quadient Postal Security Device employs identity-based authentication mechanism. For each role, the Quadient Postal Security Device provides the following authentication method: Role Authentication Method Authentication Strength (bits) Field Crypto-Officer TLS 1.2 handshake, X509 certificates 112 Postal Crypto-Officer TLS 1.2 handshake, X509 certificates 112 Base User TLS 1.2 handshake, X509 certificates 112 R&D Signer User TLS 1.2 handshake, X509 certificates 112 Unauthenticated User N/A N/A Table 11: Roles and Authentication Mutual authentication is based on the TLS v1.2 Handshake Protocol using the "TLS-DHE-RSA" cryptographic suite, with 2048 RSA key length for authentication.

Page 15

Classification: External Document Name: Security Policy 4.3. Services 4.3.1. Approved services Service Description Approved Security Keys and/or SSPs Roles Access rights to keys Indicator Functions and/or SSPs Generate PKI Key Ask the module to RSA 2048, PSD TLS Field Crypto-Officer (G) PSD TLS APPR_MODE generate its TLS DRBG, Communication Communication communication key AES 128 Private and Public Private Key, pair Keys, (G) PSD TLS DRBG entropy input Communication (if needed), Public Key (X509 DRBG parameters

Page 16

Classification: External Document Name: Security Policy Service Description Approved Security Keys and/or SSPs Roles Access rights to keys Indicator Functions and/or SSPs Generate Stamp Key Ask the module to HMAC-SHA-1 or Indicia Authentication Postal Crypto-Officer (G) Indicia APPR_MODE generate Indicia HMAC-SHA-256 or Secret or Authentication Secret Authentication Key(s) CMAC AES 128 or Private & Public Key, Key or (Secret or ECDSA P-224 or DRBG entropy input (G) Indicia Private/Public, ECDSA P-256, (if needed), Authentication depending on country SHA-256, DRBG parameters

Page 17

Classification: External Document Name: Security Policy Service Description Approved Security Keys and/or SSPs Roles Access rights to keys Indicator Functions and/or SSPs TLS Handshake TLS handshake RSA 2048, SHA-256, PSD TLS Field Crypto-Officer, (E) PSD TLS APPR_MODE protocol KAS-SSC (DH), Communication Postal Crypto-Officer, Communication Status_REQ before KDF (CVL) Public Key, TLS DH Base User, Public Key (TLS and after TLS Private Key (x), TLS R&D Signer User Communication Handshake DH Public parameters Certificate chain), (p, g Y) or TLS DH (G) TLS DH Private Key Public Key (Y), (x), TLS Communication (G) TLS DH Public Key Secret Keysets, TLS (Y) or pre-master key, TLS (G) TLS DH Public master key, Field parameters (p, g, Y), Server or Postal (G) TLS pre-master Server or Base or R&D key, Signer User Public (G) TLS master key, Key, (G) TLS DRBG entropy input communication secret (if needed), keyset, DRBG parameters

15 15 Zeroization indicator

Page 18

Classification: External Document Name: Security Policy Service Description Approved Security Keys and/or SSPs Roles Access rights to keys Indicator Functions and/or SSPs Self-test AES (CBC 128), N/A Base User N/A APPR_MODE AES (CMAC 128), DRBG, ECDSA (P-224), ECDSA (P-256), HMAC (SHA-1), HMAC (SHA-256), KAS-SSC, TLS-KDF, RSA, SHA-1, SHA-256 Postal Services Set resetting value N/A N/A Postal Crypto-Officer N/A N/A Audit Get Error Log Get the module’s N/A N/A Base User N/A APPR_MODE most recent error code Software Download Firmware update RSA 2048, SHA-256 Utility Public Key Postal Crypto-Officer (E/W) Utility Public APPR_MODE (Utility Certificate), Key (Utility Root Public Key (Root Certificate), Certificate) (E) Root Public Key (Root Certificate) Table 12: Approved Services G = Generate: The module generates or derives the SSP. R = Read: The SSP is read from the module (e.g., the SSP is output). W = Write: The SSP is updated, imported, or written to the module. E = Execute: The module uses the SSP in performing a cryptographic operation. Z = Zeroise: The module zeroises the SSP. Page 18/28

Page 19

Classification: External Document Name: Security Policy 4.3.2. Non-approved services The module does not support any non-approved services.

  1. Software/Firmware security At power-up, the Quadient Postal Security Device tests the integrity of its firmware (binary file) by verifying the RSA 2048 PKCS1 v1.5 signature with SHA-256 hash function. If the signature verification fails, the PSD enters an error state. At any time, the operator can initiate the firmware integrity test on demand by either power-cycling the module or calling the ‘Self-Test’ service.
  2. Operational environment The cryptographic module’s operational environment is limited.
  3. Physical security The Quadient Postal Security Device is designed to meet FIPS 140-3 Level 3 Physical Security requirements. The Quadient Postal Security Device includes a non-removable enclosure that comprises a hard epoxy resin with an outer plastic casing. The outer plastic casing is defined as the cryptographic boundary of the cryptographic module. The Quadient Postal Security Device employs a tamper detection envelope designed to detect penetration attempts and a response mechanism that will zeroize all plaintext Sensitive Security Parameters. Recommended Frequency of Physical Security Mechanism Inspection/Test Guidance Details Inspection/Test Non-removable enclosure Inspected for tampering each time the Visual inspection module is returned to Quadient manufacturing or for servicing. Tamper detection and response Inspected for tampering each time the Verify log files module is returned to Quadient manufacturing or for servicing. Table 13: Physical Security Inspection Guidelines Quadient Postal Security Device was designed to securely operate when voltage supplied to the module is between 9.6V and 15.6V and the environmental temperature is between -30°C and 84°C. The module mitigates environmental attacks by using a high temperature fuse so that when the temperature of the module exceeds 84°C the module zeroizes all plaintext SSPs. Page 19/28
Page 20

Classification: External Document Name: Security Policy Specify if this condition Temperature or voltage EFP / EFT results in a shutdown or measurement zeroisation Low temperature -30°C EFT The PSD ceases operation High temperature +84°C EFP Zeroization Low voltage 9.6V EFT Undervoltage protection (infinite while loop) High voltage 15.6V EFT Overvoltage protection Table 14: EFP/EFT The non-removable enclosure and epoxy resin maintain strength and hardness characteristics over the operating, storage and distribution temperature range of the PSD, i.e. -30°C and 84°C. 8. Non-invasive security The module does not provide protections against non-invasive security methods. Page 20/28

Page 21

Classification: External Document Name: Security Policy 9. Sensitive security parameters management Key/SSP Name/Type Strength Security Function Generation Import/ Establishment Storage Zeroisation Use & related keys and Cert. Number Export Master Secret Key 128 AES CBC 128 bits Internally: N/A N/A Plaintext in - Invocation of “Zeroize Internally encrypt & decrypt (Cert. #A728) DRBG volatile SSPs” service; PSDs critical security memory - Breach of flex circuit parameters. protected by triggers “Zeroize SSPs” tamper service; response - PSD temperature mechanism over 84C triggers “Zeroize SSPs” service (EFP measure); DRBG entropy input 128 ESV (Cert. #E58) Internally: N/A N/A Plaintext in Invocation of “Zeroize Input to DRBG. Entropy volatile SSPs” service; Source memory - Breach of flex circuit protected by triggers “Zeroize SSPs” tamper service; response - PSD temperature mechanism over 84C triggers “Zeroize SSPs” service (EFP measure); DRBG parameters

Page 22

Classification: External Document Name: Security Policy Key/SSP Name/Type Strength Security Function Generation Import/ Establishment Storage Zeroisation Use & related keys and Cert. Number Export PSD TLS 112 RSA PKCS #1 v1.5 Internally: Export N/A Plaintext Invocation of “Zeroize The key resides in a signed X509 Communication 2048 bits FIPS186-4 SSPs” service; certificate used for Public Key (Cert. #A765) KEYGEN authentication by the cryptographic module to the Base/Field server/Postal Server. TLS DH Private Key 112 Diffie-Hellman Internally: N/A N/A N/A Immediately after use (i.e., Diffie-Hellman private key used DRBG TLS-pre-master key to agree TLS pre-master.

224 bits

establishment) TLS DH Public Key and 112 Diffie-Hellman Internally: SP Export SP 800-56Ar3 N/A Immediately after use (i.e., Diffie-Hellman Public Key (Y) Public parameters 2048 bits 800-56Ar3 TLS-pre-master key and Public parameters (p, g, Y) establishment) used during TLS handshake to agree upon a TLS pre-master secret. DH Public Key is relevant when the module acts as an initiator whereas DH Public parameters are relevant when the module acts as a responder. TLS pre-master key 256 KAS-SSC (Cert. Internally N/A KAS-SSC N/A Immediately after use TLS Private and Public Keys bytes #A2929) TLS master key 48 bytes TLS KDF (Cert. Internally N/A TLS KDF N/A TLS session closure Used to derive the keys used by #A761) TLS Record Protocol (TLS Communication Secret Keyset). TLS Communication 128 AES CBC: Internally N/A TLS KDF N/A TLS session closure Encrypt & Decrypt & Integrity Secret Keyset 2 x 128 bits TLS Communication. (Cert. #A728); HMAC-SHA-256:

2 x 256 bits

(Cert. #A730). Indicia Authentication 160 or HMAC-SHA-1 (160 Internally Export KTS and Encrypted Rendered unusable by Indicia authentication Secret Key 256 or bits key)3 (w/Master zeroization of “Master (dependent on country

128 (Cert. #A729) Secret) Secret” configuration).

3 Netherlands
Page 23

Classification: External Document Name: Security Policy Key/SSP Name/Type Strength Security Function Generation Import/ Establishment Storage Zeroisation Use & related keys and Cert. Number Export or TLS HMAC-SHA-256 Communication (256 bits key4) Secret Keyset (Cert. #A729) or CMAC AES 1285 (Cert. #A760) Indicia Authentication 112 ECDSA P2246 or Internally: N/A Encrypted Rendered unusable by Indicia authentication Private Key ECDSA P2567 DRBG (w/Master zeroization of “Master (dependent on country (Cert. #A2931) Secret) Secret” configuration). Indicia Authentication 112 ECDSA P224 or FIPS 186-4 Export Plaintext Invocation of “Zeroize Indicia authentication Public Key ECDSA P256 ECDSA SSPs” service; (dependent on country (Cert. #A2931) KEYGEN configuration). Root Public Key 112 RSA PKCS #1 v1.5 Externally Import N/A Plaintext Invocation of “Zeroize Signed X509 Certificate of the (Root Certificate) 2048 bits SSPs” service; Current Root Public key used for (Cert. #A765) the verification of authenticated messages input from the Field server/Postal server/Base. Previous Root Public 112 RSA PKCS #1 v1.5 Externally Import N/A Plaintext Invocation of “Zeroize Signed X509 Certificate of the Key (Previous Root 2048 bits SSPs” service; Previous Root Public key used Certificate) (Cert. #A765) for the verification of authenticated messages input from the Field server/Postal server/Base. Region Public Key 112 RSA PKCS #1 v1.5 Externally Import N/A Plaintext Invocation of “Zeroize Signed X509 Certificate of the (Region Certificate) 2048 bits SSPs” service; current Region Public key used (Cert. #A765) for the verification of authenticated messages input UK Belgium

6 USPS
7 Canada
Page 24

Classification: External Document Name: Security Policy Key/SSP Name/Type Strength Security Function Generation Import/ Establishment Storage Zeroisation Use & related keys and Cert. Number Export from the Field server/Postal server/Base. Utility Public Key 112 RSA PKCS #1 v1.5 Externally Import N/A Plaintext Invocation of “Zeroize Signed X509 Certificate of the (Utility certificate) 2048 bits SSPs” service; R&D Signer User for (Cert. #A765) authentication of files loaded into module. Field Server Public Key 112 RSA PKCS #1 v1.5 Externally Import N/A Plaintext Invocation of “Zeroize Signed X509 Certificate of the (Field Server 2048 bits SSPs” service; Field Server used to Certificate) (Cert. #A765) authenticate the Field CO. Postal Server Public 112 RSA PKCS #1 v1.5 Externally Import N/A Plaintext Invocation of “Zeroize Signed X509 Certificate of the Key (Postal Server 2048 bits SSPs” service; Postal Server used to Certificate) (Cert. #A765) authenticate the Postal CO Base Public Key (Base 112 RSA PKCS #1 v1.5 Externally Import N/A Plaintext Invocation of “Zeroize Signed X509 Certificate of the Certificate) 2048 bits SSPs” service; Base used to authenticate the (Cert. #A765) Base User. R&D Signer User 112 RSA PKCS #1 v1.5 Externally Import N/A Plaintext Invocation of “Zeroize Signed X509 Certificate of the Public Key (R&D 2048 bits SSPs” service; R&D Signer used to Signer Certificate) (Cert. #A765) authenticate the R&D Signer User. Table 15: SSPs Page 24/28

Page 25

Classification: External Document Name: Security Policy 10. Self-tests The Quadient Postal Security Device performs pre-operational (§10.1) and conditional self-tests (§10.20) without external control or operator intervention. The Quadient Postal Security Device inhibits the data output and control interfaces during self-tests. If a self-test fails, the Quadient Postal Security Device enters in error state and outputs an error indicator (error code). The Quadient Postal Security Device does not perform any cryptographic operations or output control and data via the control and data output interface while in an error state. The PSD must be repowered to exit the error state and if the error persists the module must be returned to Quadient. The Quadient Postal Security Device maintains a self-test error log that is accessible by an authorized operator of the module. 10.1. Pre-operational self-tests The Quadient Postal Security Device performs the following pre-operational self-tests at power-up:

Page 26

Classification: External Document Name: Security Policy 10.2. Conditional self-tests The Quadient Postal Security Device performs the following conditional self-tests:

Page 27

Classification: External Document Name: Security Policy execution date and time is stored in non-volatile memory. The periodic self-test execution failure is recorded in the error log. 11. Life-cycle assurance Quadient Technologies France is using a system configuration management tool (Windchill) to manage products configurations (including the cryptographic module). 11.1. Installation, Initialization, and Startup Procedures The module is initialized and configured for a specific country in manufacturing. The postal meter is then authorized and shipped to the end customer. 11.2. Administrator Guidance The PSD TLS Communication RSA key pair is generated at the customization center during manufacturing. The PSD TLS Communication key pair is generated internally, by the module itself. Once the key pair is available, the public key is immediately output for certification by the Manufacturing CA entity. After the certificate is available and downloaded into the module, all communication between the manufacturing environment and the module are mutually authenticated and encrypted via a TLStunnel. Once installed in the postage meter (at the customer site), the module first connects to the Postal Server via a mutually authenticated TLS session and sends its certificate for certification. A new certificate chain is downloaded into the module to be used for communication with Quadient infrastructure (Postal Server) to access available services, during the operational phase. 11.3. Non-Administrator Guidance The Quadient postage meters include detailed user guidance in its free online manuals: iX Range - KCMS (quadient.com). 11.4. Design and rules The cryptographic module’s firmware has been implemented using a high-level language (C), except for the limited use of assembly language where it was essential for performance. 11.5. End of life Upon end of life, the module is withdrawn from service and returned to manufacturing for decommissioning and scrapping. Page 27/28

Page 28

Classification: External Document Name: Security Policy

  1. Mitigation of other attacks The module employs a tamper detection envelope designed to detect penetration attempts and a response mechanism that immediately zeroizes all plaintext CSPs.
  2. Glossary Abbreviation Description AES Advanced Encryption Standard CMAC Cipher-based Message Authentication Code CSP Critical Security Parameter DH Diffie-Hellman key exchange (DHE Diffie Hellman Ephemeral) DRBG Deterministic Random Bit Generator ECDSA Elliptic Curve Digital Signature Algorithm EDC Error Detection Code EFP/EFT Environmental Failure Protection /Testing ESV Entropy Source Validation FIPS Federal Information Processing Standards HMAC Hashed Message Authentication Code KAS Key Agreement Scheme KAT Known Answer Test KDF Key Derivation Function KTS Key Transport Scheme NIST National Institute of Standards and Technology PSD Postal Security Device PKI Public Key Infrastructure RSA Rivest Shamir Adleman SFI Security Function Implementation SHA Secure Hash Algorithm SHS Secure Hash Standard SP Special Publication SSP Sensitive Security Parameter TLS Transport Layer Security Page 28/28