All modules
CMVP Validated Module · FIPS 140-3 Security Policy

X5 Postal Security Device (PSD)

Certificate#4933StandardFIPS 140-3Level3TypeHardwareEmbodimentSingle ChipStatusActiveVendorPitney Bowes, Inc.
High review priority  ·  no TCB surface named  ·  last validated 19 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level3
Module typeHardware
EmbodimentSingle Chip
StatusActive
Sunset date12/23/2029
CaveatInterim Validation; When operated in approved mode; No assurance of the minimum strength of generated SSPs (e.g., keys).
VendorPitney Bowes, Inc.

Approved Algorithms (13)

AlgorithmACVP Cert
AES-CBCA2435
AES-ECBA2435
AES-KWA2435
ECDSA KeyGen (FIPS186-4)A2437
ECDSA SigGen (FIPS186-4)A2437
ECDSA SigVer (FIPS186-4)A2437
Hash DRBGA2436
HMAC-SHA2-256A2438
KAS-ECC-SSC Sp800-56Ar3A2439
KDA OneStep Sp800-56Cr1A2439
RSA SigVer (FIPS186-4)A2440
SHA2-224A2441
SHA2-256A2441

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for X5 Postal Security Device (PSD)
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Update<br/>Rollback<br/>recovery</i>"]
    C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Self-Test<br/>UnAuth<br/>status output</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>bootloader<br/>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
    I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C2,C3,C6 clue;
  class I2,I3,I6 infer;
  class R2,R3,R6 risk;
  class E2,E3,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for X5 Postal Security Device (PSD)
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Update<br/>Rollback<br/>recovery</i><br/>src: text:keyword"]
    C3["[low] Self-test / status surface (referenced in text)<br/><i>Self-Test<br/>UnAuth<br/>status output</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>bootloader<br/>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C2,C3,C6 clueLow;

Security Policy, page by page

Page 1

Pitney Bowes, Inc. X5 Postal Security Device (PSD) Version 1.0 This document may be freely reproduced and distributed, but only in its entirety and without modification.

Page 2
Table of Contents
#SectionPage
Page 3

This document may be freely reproduced and distributed, but only in its entirety and without modification.

Page 4
List of Tables
ItemPage
Table 1: Security Levels6
Table 2: Tested Module Identification – Hardware8
Table 3: Modes List and Description9
Table 4: Approved Algorithms9
Table 5: Vendor-Affirmed Algorithms11
Table 6 – FIPS Non-Approved, Not Allowed Algorithms11
Table 7: Security Function Implementations12
Table 8: Ports and Interfaces14
Table 9: Authentication Methods15
Table 10: Roles15
Table 11: Approved Services16
Table 12 - Non-Approved Services23
Table 13: Mechanisms and Actions Required25
Table 14: EFP/EFT Information25
Table 15: Hardness Testing Temperatures25
Table 16: Storage Areas26
Table 17: SSP Input-Output Methods26
Table 18: SSP Zeroization Methods27
Table 19: SSP Table 128
Table 20: SSP Table 229
Table 21: Pre-Operational Self-Tests32
Table 22: Conditional Self-Tests32
Table 23: Pre-Operational Periodic Information34
Table 24: Conditional Periodic Information34
Table 25: Error States35
Page 5
List of Figures
ItemPage
Figure 1 – X5 Postal Security Device (PSD)7
Figure 2: Block Diagram8
Page 6
1 GENERAL
1.1 OVERVIEW

This document defines the Security Policy for the Pitney Bowes, Inc. (PB) X5 Postal Security Device (PSD) cryptographic module, hereafter “the module”. The physical form of the module is depicted in Figure 1. The module is a single-chip embodiment as defined by FIPS 140-3 and conforms to Security Level 3.

1.2 SECURITY LEVELS

The module meets the overall requirements of FIPS 140-3 Security Level 3. Table 1: Security Levels Section Title Security Level

1 General 3
2 Cryptographic Module Specification 3
3 Cryptographic Module Interfaces 3
4 Roles, Services, and Authentication 3
5 Software/Firmware Security 3
6 Operational Environment N/A
7 Physical Security 3
8 Non-Invasive Security N/A
9 Sensitive Security Parameter Management 3
10 Self-Tests 3
11 Life-Cycle Assurance 3
12 Mitigation of Other Attacks N/A
2 CRYPTOGRAPHIC MODULE SPECIFICATION
2.1 DESCRIPTION

The X5 Postal Security Device (PSD) is a single-chip (hardware) cryptographic module designed by PB to conform with FIPS 140-3 Security Level 3 requirements. The module provides cryptographic services to a host device (i.e., Digital Postage Meter), to support postage evidence in the form of an indicium. A PSD provides protection that includes ensuring the secrecy of critical security parameters (CSPs) such as cryptographic keys and providing data This document may be freely reproduced and distributed, but only in its entirety and without modification.

Page 7

integrity protection for funds relevant data items (FRDIs 1) such as accounting data. CSPs and FRDIs reside inside the strong physical protection of the PSD. Figure 1

1 FRDIs are not applicable to FIPS 140-3 and are not CSPs. The FRDIs’ authenticity and integrity are critical for

postal functionality, and they should never be zeroized. This document may be freely reproduced and distributed, but only in its entirety and without modification.

Page 8
2.2 TESTED AND VENDOR AFFIRMED MODULE VERSION AND IDENTIFICATION

The module is designed to meet the requirements of FIPS 140-3 Security Level 3 (refer to Table 1). The module is available in the following configuration (refer to Table 2): Tested Module Identification

Page 9

N/A for this module. Vendor-Affirmed Operational Environments - Software, Firmware, Hybrid: N/A for this module.

2.3 EXCLUDED COMPONENTS
2.4 MODES OF OPERATION

Modes List and Description: The module only supports an Approved and non-Approved mode of operation. The module provides an explicit mode of operation indicator: the ‘Approved mode status flag’ is returned in every response from the module. The Approved Mode Status Flag is set to zero when a service utilizes an approved cryptographic algorithm, security function or process in an approved manner or to one for non-Approved cryptographic algorithms, security functions or process in a non-approved manner. The module’s mode of operation can only be configured within manufacturing. Once configured, the module does not have the ability to change modes. Table 3: Modes List and Description Mode Name Description Type Status Indicator Approved Mode Only Approved services are Approved Approved Mode Status Flag supported returns ‘0’. Non-Approved Non-Approved Configuration Non-Approved Approved Mode Status Flag Mode returns ‘1’.

2.5 ALGORITHMS

The module supports the approved cryptographic algorithms shown in Table 4. Approved Algorithms: The module supports the following approved cryptographic algorithms. Table 4: Approved Algorithms Algorithm CAVP Cert Properties Reference AES-CBC Cert. #A2435 Direction: Encrypt, Decrypt FIPS 197, NIST SP 800Key Length: 2562 38A

2 Key sizes 128 and 192 are included in the algorithm certificate, but are not used in Approved mode.

This document may be freely reproduced and distributed, but only in its entirety and without modification.

Page 10

Algorithm CAVP Cert Properties Reference AES-ECB Cert. #A2435 Direction: Encrypt, Decrypt FIPS 197, NIST SP 800Key Length: 2563 38A AES KW Cert. #A2435 Direction: Wrap, Unwrap NIST SP 800-38F Key Length: 2564 ECDSA Key Cert. #A2437 Curves: P-224, P-256 FIPS 186-4 Generation SHA Size: 224, 256 ECDSA Signature Cert. #A2437 Curves: P-224, P-256 FIPS 186-4 Generation SHA Size: 224, 256 ECDSA Signature Cert. #A2437 Curves: P-224, P-256 FIPS 186-4 Verification SHA Size: 224, 256 Hash DRBG Cert. #A2436 Function: Hash_DRBG NIST SP 800-90A Rev. 1 HMAC-SHA2-256 Cert. #A2438 Function: Generate Message FIPS 198-1 Authentication Codes SHA Size: 256 KAS-ECC-SSC Cert. #A2439 Scheme: Ephemeral Unified Model NIST SP 800-56A Rev. 3 NIST SP 800-56Ar3 C (2e, 0s, ECC CDH) Curve: P-256 KDA OneStep Cert. #A2439 Function: One-Step KDF (Session NIST SP 800-56C Rev. 2 NIST SP 800-56Cr1 Key) SHA Size: 256 Cert. #A2435 Function: Wrap, Unwrap NIST SP 800-38F KTS Key Length: 256 Cert. #A2435 AES Function: Encrypt, Decrypt NIST SP 800-38F; FIPS Cert. #A2438 197; FIPS 198-1 HMAC Function: Generate HMAC KTS Key Length: 256 SHA Size: 256 RSA Signature Cert. #A2440 Function: Signature Verification FIPS 186-4 Verification (PKCS PSS) Key Length: 2048 SHA Size: 256 SHA2-224 Cert. #A2441 SHA Size: 224 FIPS 180-4

3 Key sizes 128 and 192 are included in the algorithm certificate, but are not used in Approved mode.

4 Key sizes 128 and 192 are included in the algorithm certificate, but are not used in Approved mode.

5 RSA PKCS1 v1.5 and ANSI X9.31 are not used by the module in Approved mode. Only the modulus size of

2048 is supported by the module in Approved mode.

This document may be freely reproduced and distributed, but only in its entirety and without modification.

Page 11

Algorithm CAVP Cert Properties Reference SHA2-256 Cert. #A2441 SHA Size: 256 FIPS 180-4 Vendor-Affirmed Algorithms: The module supports the following vendor affirmed algorithms in accordance with IG D.H (refer to Table 5). Table 5: Vendor-Affirmed Algorithms Name Properties Implementation Reference CKG - Asymmetric Key Type: N/A NIST SP 800-133r2 Section 4 and Section 5.1 Asymmetric The unmodified output of the DRBG is used for generation of asymmetric keys. CKG - Symmetric Key Type: Symmetric N/A NIST SP 800-133r2 Section 4 and Section 6.1 The unmodified output of the DRBG is used for generation of symmetric keys. CKG - Key Type: N/A NIST SP 800-133r2 Section 4 and Section 5.2 Establishment Asymmetric The unmodified output of the DRBG is used for key pair generation for key establishment. Non-Approved, Allowed Algorithms: N/A for this module. Non-Approved, Allowed Algorithms with No Security Claimed: N/A for this module. Non-Approved, Not Allowed Algorithms: The following cryptographic algorithms are used solely in a non-Approved mode of operation (this includes specified CAVP-validated algorithms). There exists no mechanism to allow the use of these algorithms in an Approved mode of operation. Table 6

Page 12
2.6 SECURITY FUNCTION IMPLEMENTATIONS

Table 7: Security Function Implementations Name Type Description Properties Algorithms DRBG Generate DRBG NIST SP 800-90A Returned Hash DRBG/A2436 Function CTR_DRBG Bits:1024 generate function for delivering random bits on demand ECDSA Key AsymKeyPair- FIPS 186-4 ECDSA P- Curve:P-224 ECDSA KeyGen (FIPS186-4) Generation KeyGen 224/P-256 Key Curve:P-256 Curves: P-224, P256 CKG Generation Secret Generation Mode: Testing Candidates CKG - Asymmetric Key Type: Asymmetric ECDSA Signature DigSig-SigGen FIPS 186-4 ECDSA P- Curve:P-224 ECDSA SigGen (FIPS186-4) Generation 224/P-256 digital Curve:P-256 Curves: P-224, P-256 signature SHA2-224, SHA2-256 generation of postal relevant data ECDSA Signature DigSig-SigVer FIPS 186-4 ECDSA P- Curve:P-224 ECDSA SigVer (FIPS186-4) Verification 224/P-256 digital Curve:P-256 Curves: P-224, P256 signature SHA2-224, SHA2-256 verification Hash Function SHA SHA2-224 and SHA2-224, SHA2- SHA2-224 and SHA2-256 SHA2-256 data 256 Message Length Min: 8 bits integrity for ECDSA Message Length Max: 51200 bits digital signatures KAS KAS NIST SP 800-56Ar3 ECC P-256 KAS-ECC-SSC SP800-56Ar3/A2439 KAS-SSC Per IG D.F providing KDA OneStep SP800-56Cr1/A2439 Scenario 2 path (2) strength of 128 bits KTS_1 KTS NIST SP 800-38F 256-bit key AES-KW/A2435 key wrapping and providing unwrapping per IG strength of 256 D.G bits KTS_2 KTS NIST SP 800-38F 256-bit key AES-CBC/A2435 key wrapping and providing HMAC-SHA2-256/A2438 unwrapping per IG strength of 256 D.G bits Message MAC HMAC-SHA-256 Key: 256-bit HMAC-SHA2-256 Authentication used for Key Length Min: 128-bit authentication for Key Length Max: 512-bit secure sessions RSA Signature DigSig-SigVer FIPS 186-4 RSA Key:2048-bit RSA SigVer (FIPS186-4) Verification (Auth) 2048 digital Signature Type: PKCS PSS signature Modulo: 2048 verification SHA2-256 This document may be freely reproduced and distributed, but only in its entirety and without modification.

Page 13

Seed DRBG DRBG Instantiate the Length: 1024 bits Hash DRBG/A2436 DRBG SSP Authentication MAC Message Key: 256-bit HMAC-SHA2-256 authentication code Key Length: 128-bit applied to stored SSPs SSP Decryption BC-UnAuth SSP Decryption in Key:256-bit AES-CBC NVRAM Key Size: 128-bit SSP Encryption BC-UnAuth SSP encryption in Key:256-bit AES-CBC NVRAM Key Size: 128-bit Symmetric Key CKG Symmetric Key Key: 256-bit CKG Generation Generation Key Type: Symmetric The module utilizes only approved algorithms that are tested and validated under the Cryptographic Algorithm Validation Program (CAVP).

2.7 RBG AND ENTROPY

The module incorporates a NIST SP 800-90A Hash-DRBG (Cert. #A2436) that is seeded with 512 bits of entropy and a 512-bit nonce from an external source during manufacturing of the module. The unmodified output of the DRBG is used for generating cryptographic key material or random nonces. Given that the entropy is imported from outside the device, there is no assurance of the minimum strength of generated SSPs.

2.8 KEY GENERATION

The module generates symmetric cryptographic keys in conformance with NIST SP 800-133r2 using a NIST SP 80090A conforming DRBG (Cert. #A5176) for the encryption and protection of data and cryptographic keys. The module generates asymmetric cryptographic key pairs in conformance with FIPS 186-5 for the verification of digital signatures, or for the facilitation of key agreement in conformance with NIST SP 800-56ar3.

2.9 KEY ESTABLISHMENT

The module supports the establishment of cryptographic keys using elliptic curve cryptography (ECC) in conformance with NIST SP 800-56ar3 and IG D.F

2.10 INDUSTRY PROTOCOLS

The module relies upon the standard USB and other serial protocols for communication with general purpose computer (GPC) systems. This document may be freely reproduced and distributed, but only in its entirety and without modification.

Page 14
3 CRYPTOGRAPHIC MODULE INTERFACES
3.1 PORTS AND INTERFACES

The module incorporates physical ports and logical interfaces. The MAX32590 is supplied in a 324-pin Ball Grid Array (BGA) package where all power input, data input, data output, control input, and status output interfaces are supported. The module does not support a control output interface. The physical ports are defined within Table 8 below: Table 8: Ports and Interfaces Physical Port Logical Data That Passes Interface(s) G13, J5, J13, K5, K13 Control Input Reset Input, RTC, Commands. B7, F13, F14, R10, R11, R12, R13, Control Input Serial UART and USB interfaces for inputting postal T10, T11, T12, T13, U10, U11, Data Input relevant data items, configuration or sensitive security U12, U13, V10, V11, V12, V13 parameters (SSPs). A7, F13, F14, P4, P6, P7, P8, P9, Data Output, Serial UART and USB interfaces for outputting postal P10, P11, P13, P14, P15, P16, Status Output relevant data items, sensitive security parameters (SSPs), P17, P18, R10, R11, R12, R13, error codes and module status. R14, R15, R16, R17, R18, T10, T11, T12, T13, T15, T16, T17, T18, U10, U11, U12, U13, U16, U17, U18, V10, V11, V12, V13, V16, V17, V18 G5, H13, M4, N14, N17, N18 Status Output USB Detect, Reset Output, module status. C3, D3, F6, F7, F8, F9, F10, F11, Power Power input. F12, G6, G12, H5, H6, H12, J6, J12, K6, K12, L6, L12, M6, M12, N6, N7, N8, N9, N10, N11, N12 This document may be freely reproduced and distributed, but only in its entirety and without modification.

Page 15
4 ROLES, SERVICES, AND AUTHENTICATION
4.1 AUTHENTICATION METHODS

The module supports authentication methods for the Cryptographic Officer (CO) or User roles. These roles have separate authentication methods as indicated in Table 9. Table 9: Authentication Methods Method Name Description Security Strength Strength per Minute Mechanism Each Attempt Cryptographic Identity-based. Allows ECDSA P-256 128 bits The module can execute at most 17.85 Officer (CO) the Cryptographic Officer SigVer (FIPS ECDSA verifications per second. to authenticate 186-4) (A2437) Therefore, the probability of a successful random attempt in a onethemselves. Sets up a minute period is 1 in 3.2 x 10^35 for remote session with CO. ECDSA, which is far less than 1 in 100,000. User Identity-based. Allows Challenge 128 bits The module can execute at most 40 the User to authenticate response password authentication attempts per to the module. mechanism. minute. Therefore, the probability of a successful random attempt in a oneminute period is 1 in 8.5 x 10^36, which is far less than 1 in 100,000.

4.2 ROLES

Table 10: Roles Name Type Operator Type Authentication Methods Cryptographic Officer (CO) Identity Cryptographic Digital Signature (ECDSA P-256, Officer authenticated with Vendor, Download or Certificate Keys) User Identity User Uniquely Assigned ID in conjunction with 128-bit password Unauthenticated N/A Unauthenticated None The module does not support concurrent operators. Only one operator is allowed to access the device at any time. Operator authentication does not persist beyond power-cycling the module. The selection of roles is implicit. This document may be freely reproduced and distributed, but only in its entirety and without modification.

Page 16
4.3 APPROVED SERVICES

Table 11: Approved Services Name Description Indicator Inputs Outputs Security SSP Access Functions Generate PSD Key Instructs the PSD to Approved Command PSD Certificate ECDSA P-256/P- Cryptographic Officer generate its Unique Service ID, Block:0x203F00BD + Request block after 224 KeyGen, - Operation Private/Public Keys: G ECDSA P-256 Operation Success or Signed Key Record the key has been Hash-DRBG, AES - Or Debit Private/Public Keys: G Key pair or the Unique Error ID with the parameters generated or an 256, HMAC-SHA- - DRBG Working State: E, G ECDSA P-256 Debit Key for use in the error condition has 256, CKG - Vendor Key: E pair. generation of the been detected - KEK: E private and public - KAK: E key values. Generate Session Instructs the PSD to Approved Command Status bits, Session Hash-DRBG, NIST Cryptographic Officer Key generate an AES 256-bit Service ID, Block:0x203F00C3 + Key SP 800-56A KAS- - DRBG Working State: E, G and a HMAC 256-bit Success or Signed Key Block SSC, NIST SP 800- - Shared Secret: G, E session key via NIST SP Error ID with an ECDH key 56C KDA, ECDSA - ECC-CDH PSD KAS Private Key: G, E 800-56A and NIST SP for generating the P-256 SigVer, AES - Operation Private Key: E, Session 800-56C. shared secret key. KW 256, HMAC- - Authentication Key: G, E SHA-256 Or AES - Or Session Privacy Key: G, E 256, CKG - KEK: E, KAK: E - Certificate Key: E, ECC-CDH - Infrastructure KAS Public Key: E - ECC-CDH PSD KAS Public Key: G, E, R Load Certificate Key Instructs the PSD to Approved Command Block: Status bits (Success HMAC-SHA-256, Cryptographic Officer load the (ECDSA P-256) Service ID, 0x203F00BA + or Error ID) ECDSA P-256 - KAK: E, Vendor Key: E Certificate Key. Success or Certificate Key SigVer - Certificate Key: W Error ID Load CRL Loads the Certificate Approved Command Block: Status bits (Success ECDSA P-256 Cryptographic Officer Revocation List and the Service ID, 0x203F00B8 + CRL or Error ID) SigVer - Download Key: E CRL version. Success or Error ID Load Download Key Instructs the PSD to Approved Command Status bits (Success HMAC-SHA-256 Cryptographic Officer load the (ECDSA P-256) Service ID, Block:0x203F00BB + or Error ID) ECDSA P-256 - KAK: E Download Key Success or Download Key SigVer - Certificate Key: E Certificate. Error ID - Download Key: W

Page 17

Name Description Indicator Inputs Outputs Security SSP Access Functions Load Encrypted Key The Crypto Officer Approved Command Status bits (Success HMAC-SHA-256 Cryptographic Officer instructs the PSD to Service ID, Block:0x203F00AD + or Error ID) AES KW 256 AES - Debit Secret Key: W load a signed key Success or Encrypted Secret 256 ECDSA P-256 - Session Privacy Key: E record containing an Error ID Key SigVer - KEK: E encrypted symmetric or - KAK: E private key. - Certificate Key: E Load Key Acknowledge that the Approved Command Block: N/A ECDSA P-256 Cryptographic Officer Acknowledgement generated PSD Key has Service ID, 0x203F00AE + SigVer - Certificate Key: E been successfully Success or Affirmation from registered and that the Error ID server with Key PSD can activate that Acknowledgement key. Load Parameters: Causes the PSD to Approved Command Status bits (Success ECDSA P-256 Sig Cryptographic Officer Transition to transition to the PSD Service ID, Block:0x203F00B5 + or Error ID) Ver - Certificate Key: E Operational State Operational lifecycle Success or parameter value state. Error ID Load Parameters: Transitions the PSD Approved Command Status bits (Success ECDSA P-256 Sig Cryptographic Officer Transition to Base from its Manufacturing Service ID, Block:0x203F00B5 + or Error ID) Ver - Certificate Key: E State lifecycle state to Base Success or parameter value lifecycle state. Error ID Load Parameters: Places the PSD in the Approved Command Status bits (Success ECDSA P-256 Sig Cryptographic Officer Disable PSD Disabled lifecycle state. Service ID, Block:0x203F00B5 + or Error ID) Ver - Certificate Key: E In the Disabled lifecycle Success or parameter value state, further financial Error ID functions are prohibited. Load Parameters: Transition the PSD from Approved Command Status bits (Success ECDSA P-256 Sig Cryptographic Officer Enable PSD Disabled lifecycle state Service ID, Block:0x203F00B5 + or Error ID) Ver - Certificate Key: E to Operational lifecycle Success or parameter value state. Error ID Load Parameters: Causes PSD to zeroize Approved Command Status bits (Success ECDSA P-256 Sig Cryptographic Officer Reinitialize PSD all plaintext Service ID, Block:0x203F00B5 + or Error ID) Ver - Certificate Key: E cryptographic keys and Success or parameter value CSPs, and then Error ID invalidates the PSD Application. This document may be freely reproduced and distributed, but only in its entirety and without modification.

Page 18

Name Description Indicator Inputs Outputs Security SSP Access Functions Load Parameters: Update utility that Approved Command Status bits (Success ECDSA P-256 Sig Cryptographic Officer Software Update allows start of firmware Service ID, Block:0x203F00B5 + or Error ID) Ver - SWAK: E download. Success or parameter value - Certificate Key: E Error ID Load Parameters: Triggers event to have Approved Command Status bits (Success ECDSA P-256 Sig Cryptographic Officer Transaction Start the PSD prepare for a Service ID, Block:0x203F00B5 + or Error ID) Ver - Certificate Key: E (Commit, Rollback) multi-message Success or parameter value transaction that must Error ID be completed successfully as a unit (atomic transaction). Wipe PSD Causes PSD to zeroize Approved None Status bits (Success ECDSA P-256 Sig Cryptographic Officer all plaintext Service ID, or Error ID) Ver - KEK: Z cryptographic keys and Success or - Certificate Key: E CSPs. Error ID Load Vendor Key Instructs the PSD to Approved Command Status bits (Success HMAC-SHA-256, Cryptographic Officer load the (ECDSA-P256) Service ID, Block:0x203F00BC + or Error ID) ECDSA P-256 - KAK: E Vendor Key Certificate. Success or Vendor Key SigVer - Manufacturing Key: E Error ID - Vendor Key: W Process Audit Instructs the PSD to Approved Command Status Bits ECDSA P-256 Sig Cryptographic Officer Response process the Horizon Service ID, Block:0x203F00B2 + Ver - Certificate Key: E Audit Response Block Success or Audit Response returned from the Error ID Block Pitney Bowes infrastructure. Process Postage Instructs the PSD to Approved Command Status bits (Success ECDSA P-256 Sig Cryptographic Officer Value Download perform a postage Service ID, Block:0x203F00B9 or Error ID) Ver - Certificate Key: E value download Success or operation. Error ID Process Withdraw Instructs the PSD to Approved Command Status Bits ECDSA P-256/P- Cryptographic Officer Response complete the withdraw Service ID, Block:0x203F00B0 224 Sig Ver - Debit Private Key: E process. Success or - Certificate Key: E Error ID Audit Request Instructs the PSD to Approved Command Audit block Hash-DRBG, AES- User prepare a signed Audit Service ID, Block:0x204E0007 - 256, ECDSA P-256 - DRBG Working State: E, G Request Block. Success or initiates an Audit SigGen - KEK:E Error ID Request - Operation Key: E This document may be freely reproduced and distributed, but only in its entirety and without modification.

Page 19

Name Description Indicator Inputs Outputs Security SSP Access Functions Clear Upload Interval Instructs the PSD to Approved Command Block: Status bits (Success None User clear the Upload Service ID, 0x204E0032 - clears or Error ID) - None Interval Timer. Success or the upload interval Error ID Create Debit Instructs the PSD to Approved Command Status bits, Signed DRBG, AES 256, User Certificate create a debit Service ID, Block:0x204E0029 + data block ECDSA P-256/P- - DRBG Working State: E, G certificate in the format Success or Postal data for 224 SigGen or - KEK: E defined by the Flex Error ID signing HMAC-SHA-256 - Debit Secret Key: E, or Debit Private Debit Certificate Key: E or Mail Piece Key: E Template. Create PVD Request Instructs the PSD to Approved Command Status bits (Success Hash-DRBG, AES User create a Postage Value Service ID, Block:0x204E0033 - or Error ID) 256, ECDSA P-256 - DRBG Working State: E, G Download Request Success or initiates an PVD SigGen - KEK: E Block. Error ID Request - Operation Key: E Finalize Debit Performs post-debit Approved Command Status Bits None User housekeeping and Service ID, Block:0x204E0008 + - None prepare for the next Success or data to perform a Debit operation by Error ID debit transaction precomputing the ‘r’ signature parameter if necessary Log Permit Logs the permit and the Approved Command Status Bits and None User data capture recovery Service ID, Block:0x204E002B Register Values - None information. Success or Error ID Authenticates the User Approved Command Status Bits with AES 256 User Login Request with the PSD. If the Service ID, Block:0x204E002F + login success or - KEK: E authentication is Success or Login data failure - Password: E successful, the PSD Error ID allows debit operations. This document may be freely reproduced and distributed, but only in its entirety and without modification.

Page 20

Name Description Indicator Inputs Outputs Security SSP Access Functions Precompute r for Pre-computes the ‘r’ Approved Command Status bits (Success Hash-DRBG, AES- User Debit signature component Service ID, Block:0x204E0009 or Error ID) 256 - DRBG Working State: E, G for the PSD Key Success or - KEK: E signature (ECDSA). This Error ID message is used for countries whose debit certificate is signed by an ECDSA key. Process Flex Debit Loads a flex debit Approved Command Status bits (Success ECDSA P-256 User Block template into the PSD. Service ID, Block:0x203F00B4 + or Error ID) SigVer - Download Key: E The flex debit template Success or debit template data defines the indicia Error ID content for debit operations. Sign Transaction Generates a signature Approved Command Digital Signature Hash-DRBG, AES User Data on the included hash. Service ID, Block:0x204E0030 + 256, ECDSA P-256 - DRBG Working State: E, G Success or Data to be hashed SigGen - KEK: E Error ID - Operation Key: E Verify Hash Block Validates the included Approved Command Status bits (Success ECDSA P-256 User hash. Service ID, Block:0x203F00B3 + or Error ID) SigVer - Download Key: E Success or data and hash to be Error ID verified Verify Mail Piece Verifies the hash of the Approved Command Status bits (Success HMAC-SHA-256 User Data transaction data for a Service ID, Block:0x204E0031 + or Error ID) - MailPiece Key: E mail piece. Success or Data to be verified Error ID Withdraw Request Instructs the PSD to Approved Command Status bits (Success ECDSA P-256 User initiate a Withdrawal Service ID, Block:0x204E000A or Error ID) SigGen - Operation Key: E operation. Success or Error ID Get Challenge Returns an 8-byte Approved Command Nonce (8 bytes from Hash-DRBG, AES- Unauthenticated nonce (random Service ID, Block:0x204E0003 DRBG) 256 - DRBG Working State: E, G number) from the Success or - KEK: E DRBG. Error ID This document may be freely reproduced and distributed, but only in its entirety and without modification.

Page 21

Name Description Indicator Inputs Outputs Security SSP Access Functions Get Clock Offsets Returns the drift and Approved Command Status bits, + value None Unauthenticated GMT offset values. Service ID, Block:0x204E0020 of offsets - None Success or Error ID Get Flex Debit Returns the loaded flex Approved Command Status bits + Debit None Unauthenticated Template debit template. Service ID, Block:0x204E002E Template - None Success or Error ID Get GMT Time Returns the real time Approved Command Time None Unauthenticated clock value with only Service ID, Block:0x204E001C YYYYMMDDhhmmss - None the drift correction Success or applied. Error ID Get Key List Returns a list of all Approved Command Key List None Unauthenticated active keys stored in Service ID, Block:0x204E0004 - None the PSD. Success or Error ID Get Local Time Returns the real time Approved Command Time None Unauthenticated clock with drift and Service ID, Block:0x204E001E YYYYMMDDhhmmss - None GMT offsets applied. Success or Error ID Get ML Attributes Returns device versions Approved Command DAL Layer versions None Unauthenticated and unique device Service ID, Block:0x204E002D - None serial number. Success or Error ID Get Parameters Returns parameter Approved Command Status bits + None Unauthenticated values stored in the Service ID, Block:0x204E0005 parameter - None PSD. The Host can Success or information request individual Error ID parameter IDs or all the Parameters in the PSD. Get PSD Attributes Returns PSD attribute Approved Command PSD versioning None Unauthenticated data, including Service ID, Block:0x204E0021 information - None firmware and hardware Success or versions. Error ID This document may be freely reproduced and distributed, but only in its entirety and without modification.

Page 22

Name Description Indicator Inputs Outputs Security SSP Access Functions Get PSD Status Returns PSD status Approved Command Status of the PSD None Unauthenticated information that Service ID, Block:0x204E0022 - None includes the module’s Success or mode of operation Error ID indicator. Get PSD Versions Retrieves the versions Approved Command PSD Versioning None Unauthenticated of the hardware, Service ID, Block:0x204E0037 information - None software and Success or (includes HW ID and cryptographic libraries. Error ID FW versions) Get Withdraw Retrieves the Withdraw Approved Command Signed withdrawal None Unauthenticated Certificate Certificate created at Service ID, Block:0x204E0034 certificate - None the successful Success or completion of the Error ID Withdraw process. Perform Diagnostic The User sends this Approved Command Status bits (Success None Unauthenticated Test message to request Service ID, Block:0x204E0026 or Error ID - None that the PSD perform a Success or diagnostic test. Error ID Perform Full The User sends this Approved Command Status bits (Success None Unauthenticated Diagnostics command to request Service ID, Block:0x204E0024 or Error ID - None the PSD perform its Success or diagnostic processing. Error ID Read Log File Returns Log Data stored Approved Command Log data None Unauthenticated in the PSD. Service ID, Block:0x204E0028 - None Success or Error ID Reboot PSD Restarts the PSD Approved Command N/A None Unauthenticated application. The PSD Service ID, Block:0x204E0006 - None will run its power up Success or tests. Error ID Set Clock Sets the real time clock Approved Command Status bits (Success None Unauthenticated in the PSD. The real Service ID, Block:0x204E0002 + or Error ID - None time clock can only be Success or clock data set when the PSD is in Error ID YYYYMMDDhhmmss manufacturing state. This document may be freely reproduced and distributed, but only in its entirety and without modification.

Page 23

Name Description Indicator Inputs Outputs Security SSP Access Functions Set GMT Offset Sets the GMT offset in Approved Command Time with offset None Unauthenticated the PSD. The GMT Service ID, Block:0x204E001D + - None offset is a combination Success or 4-byte offset of time zone offset and Error ID daylight savings time offset (if applicable).

4.4 NON-APPROVED SERVICES

The non-Approved Mode of the module implements the same roles and services as the Approved Mode of operations, but this mode also allows the use of the algorithms specified in Section 2.10. Table 12 - Non-Approved Services Name Description Algorithms Accessed Role General Postal Services Postal services for countries that utilize non-approved algorithms (e.g. France, DSA, ECDSA, HMAC, CO/User Germany, etc.) KAS, RSA, SHS, TripleDES This document may be freely reproduced and distributed, but only in its entirety and without modification.

Page 24
4.5 EXTERNAL SOFTWARE/FIRMWARE LOADED

There is no complete image replacement process. New firmware may be downloaded by the module for the country-specific postal application. The postal application firmware is signed by PB, with an ECDSA P-256 digital signature. On downloading, the device verifies the firmware digital signature.

5 SOFTWARE/FIRMWARE SECURITY
5.1 INTEGRITY TECHNIQUES

The module includes the following firmware components that include separate firmware integrity tests: − Bootloader: RSA 2048 Digital Signature Verification (RSA, Cert. #A2440) − Postal Application Firmware: ECDSA P-256 Digital Signature Verification (ECDSA, Cert. #A2437) The module will transition to its error state upon the failure of either firmware integrity test.

5.2 INITIATE ON DEMAND

Self-tests may be initiated on demand by power cycling the module (‘Reboot PSD’) or invoking the ‘Perform Diagnostic Test’ or ‘Perform Full Diagnostics’ services.

6 OPERATIONAL ENVIRONMENT
6.1 OPERATIONAL ENVIRONMENT TYPE AND REQUIREMENTS

Type of Operational Environment: Limited How Requirements are Satisfied: The module does not contain a modifiable operational environment. The module’s operational environment is limited. The module includes a firmware load service to support necessary updates. Firmware versions validated through the FIPS 140-3 CMVP will be explicitly identified on a validation certificate. Any firmware not identified in this Security Policy does not constitute the module defined by this Security Policy or covered by this validation. This document may be freely reproduced and distributed, but only in its entirety and without modification.

Page 25
7 PHYSICAL SECURITY
7.1 MECHANISMS AND ACTIONS REQUIRED

The device includes automatic tamper detection and response. CSPs are zeroized automatically and immediately upon a tamper event being detected. On detection of a tamper event, the device is to be returned to PB. Table 13: Mechanisms and Actions Required Mechanism Inspection Frequency Inspection Guidance Tamper Evidence During installation, re-installation, Inspect device for obvious damage or other decommissioning, and servicing. evidence of tamper. Tamper Detection Every 30 days The module HW status flag is submitted every 30 days to the PB servers to check for tamper.

7.2 EFP/EFT INFORMATION

The module supports environmental failure protection (EFP) mechanisms for high/low voltage and temperature extremes (refer to Table 14). Table 14: EFP/EFT Information Temp/Voltage Type Temperature or EFP or Result Voltage EFT Low Temperature -65°C EFP Zeroization High Temperature 117°C EFP Zeroization Low Voltage 2.9V EFP Zeroization High Voltage 3.6V EFP Zeroization

7.3 HARDNESS TESTING TEMPERATURE RANGES

The module has been tested at the operational, storage and distribution temperatures listed in Table 15. The module’s epoxy hardness is assured within these ranges. Table 15: Hardness Testing Temperatures Temperature Type Temperature Low Temperature -65°C High Temperature 150°C This document may be freely reproduced and distributed, but only in its entirety and without modification.

Page 26
8 NON-INVASIVE SECURITY
8.1 MITIGATION TECHNIQUES

The module does not provide protections against non-invasive security methods.

9 SENSITIVE SECURITY PARAMETERS MANAGEMENT
9.1 STORAGE AREAS

The module supports both volatile and persistent storage of SSPs. Table 16: Storage Areas Storage Area Name Description Persistence Type Battery Backed RAM Register (BBREG) On-chip memory that is zeroized on tamper detection. Static NVRAM On-chip memory that is zeroized on tamper detection. Static SRAM Volatile memory Dynamic FLASH Persistent long-term storage Static

9.2 SSP INPUT-OUTPUT METHODS

Table 17: SSP Input-Output Methods Name From To Format Distribution Entry SFI or Algorithm Type Type Type Input Outside the NVRAM Encrypted Automated Electronic Key Transport (Encrypted) Module Output NVRAM Outside the Encrypted Automated Electronic Key Transport (Encrypted) Module Input Outside the SRAM Plaintext Automated Electronic KAS (dhEphem C(2e, (Plaintext) Module 0s, FFC DH)) Output SRAM Outside the Plaintext Automated Electronic KAS (dhEphem C(2e, (Plaintext) Module 0s, FFC DH))

9.3 SSP ZEROIZATION METHODS

The zeroization methods described within Table 18 are supported by the module. Zeroization services explicitly overwrite SSPs with zero values. This document may be freely reproduced and distributed, but only in its entirety and without modification.

Page 27

Table 18: SSP Zeroization Methods Zeroization Description Rationale Operator Initiation Method Reinitialize PSD Service Forces a zeroization of the KEK (Key Encryption Host device calls the Key) and NVRAM memory components. N.B. This service process is irreversible. Wipe PSD Service Forces a zeroization of the KEK (Key Encryption Host device calls the Key) and NVRAM memory components. N.B. This service process is irreversible. End of session Automatic Firmware programmed zeroization of ephemeral N/A SSPs used in secure session Removal of Physical Forces a zeroization of the KEK (Key Encryption Removal of battery Battery/Tamper Key) and removal of power from battery-backed power or a tamper memory. event Automatically Automatic Immediately after use. N/A This document may be freely reproduced and distributed, but only in its entirety and without modification.

Page 28
9.4 SSPS

Table 19: SSP Table 1 Name Description Size - Type - Category Generated By Established By Used By Strength KEK (Key Encryption Protect all keys stored 256-bit Symmetric Key - CSP Generated Internally by N/A SSP Encryption Key) internally or in NVM DRBG (during SSP Decryption manufacturing) KEK’ (Backup Key Backup KEK 256-bit Symmetric Key - CSP Generated Internally by N/A SSP Encryption Encryption Key) DRBG (during SSP Decryption manufacturing) KAK (Key Authenticate keys 256-bit Symmetric Key - CSP Generated Internally by N/A SSP Authentication Authentication Key) externally stored in NVM DRBG (during manufacturing) Debit Private Key Digitally sign debit 112-bit or Asymmetric Private Generated Internally by N/A ECDSA Signature records (indicia data) 128-bit Key - CSP DRBG Generation Debit Secret Key Digitally authenticate 256-bit Symmetric Key - CSP Externally N/A Message Authentication debit records (indicia data) Operation Private Key Authenticate to the 128-bit Asymmetric Private Generated Internally by N/A ECDSA Signature communicating Key - CSP DRBG Generation infrastructure Session Authentication Used to authenticate 256-bit Symmetric Key - CSP N/A KAS (dhEphem Message Authentication Key messages sent between C(2e, 0s, FFC DH)) the Host and the PSD Session Privacy Key Encrypt data or wrap 256-bit Symmetric Key - CSP N/A KAS (dhEphem KTS_1 keys transported to C(2e, 0s, FFC DH)) KTS_2 infrastructure ECC-CDH PSD KAS Key Ephemeral ECC-CDH 256-bit Asymmetric Private Generated Internally by N/A KAS private key used in KAS Key - CSP DRBG Shared Secret Used to derive session 256 bits Shared Secret - CSP N/A KAS (dhEphem KAS keys C(2e, 0s, FFC DH)) Entropy Input Instantiate the DRBG 512 bits Entropy - CSP Externally N/A DRBG Generate DRBG Seed Seeding the DRBG 1024 bits Entropy - CSP Generated Internally by N/A DRBG Generate DRBG (during manufacturing) This document may be freely reproduced and distributed, but only in its entirety and without modification.

Page 29

DRBG Working State Internal working state of N/A N/A - CSP Generated Internally by N/A DRBG Generate the DRBG DRBG Mail Piece Key Authenticate stored mail 256-bit Symmetric Key - CSP Generated Internally by N/A Message Authentication piece data DRBG Password Authenticate User Role 128-bit N/A - CSP Externally N/A SWAK Used to verify loaded 128-bit Asymmetric Public Key Externally N/A ECDSA Signature (Software application code - PSP Verification Authentication Key) Manufacturing Key Validates Vendor 128-bit Asymmetric Public Key Externally N/A ECDSA Signature Certificate - PSP Verification Vendor Key Authenticates CO role 128-bit Asymmetric Public Key Externally N/A ECDSA Signature - PSP Verification Certificate Key Authenticates CO role. 128-bit Asymmetric Public Key Externally N/A ECDSA Signature Validates Authority Data, - PSP Verification including other public keys Download Key Authenticates CO role 128-bit Asymmetric Public Key Externally N/A ECDSA Signature - PSP Verification ECC-CDH Infrastructure ECDH public counterpart 128-bit Asymmetric Public Key Externally N/A KAS KAS Public Key received as part of tKAS - PSP ECC-CDH PSD KAS ECDH public key 128-bit Asymmetric Public Key Generated Internally by N/A KAS Public Key transmitted as part of - PSP DRBG KAS Debit Public Key Output to the CO. Used 112-bit or N/A - PSP Generated Internally by N/A KTS_1, KTS_2 to allow the CO to 128-bit DRBG authenticate the debit records Operation Public Key Output to the CO. Used 128-bit Asymmetric Public Key Generated Internally by N/A KTS_1, KTS_2 to allow the CO to - PSP DRBG authenticate the PSD Table 20: SSP Table 2 Name Input - Storage Storage Duration Zeroization Related SSPs Output KEK (Key Encryption Key) N/A NVRAM: Plaintext N/A Zeroization, Tamper or DRBG Working State: Generated from removal of all power This document may be freely reproduced and distributed, but only in its entirety and without modification.

Page 30

KEK’ (Backup Key N/A NVRAM: Encrypted N/A Zeroization, Tamper or DRBG Working State: Generated from Encryption Key) removal of all power KEK (Key Encryption Key): Encrypted by KAK (Key Authentication N/A NVRAM: Encrypted N/A Zeroization, Tamper or DRBG Working State: Generated from Key) removal of all power KEK (Key Encryption Key): Encrypted by Debit Private Key N/A NVRAM: Encrypted N/A Zeroization, Tamper or DRBG Working State: Generated from removal of all power Debit Public Key: Paired with KEK (Key Encryption Key): Encrypted by Debit Secret Key Input NVRAM: Encrypted N/A Zeroization, Tamper or KEK (Key Encryption Key): Encrypted by (Encrypted) removal of all power Operation Private Key N/A NVRAM: Encrypted N/A Zeroization, Tamper or DRBG Working State: Generated from removal of all power Operation Public Key: Paired with KEK (Key Encryption Key): Encrypted by Session Authentication Key N/A SRAM: Plaintext For the life of the Zeroization, Tamper or Shared Secret (Z): Derived from Secure Session removal of all power Session Privacy Key N/A SRAM: Plaintext For the life of the Zeroization, Tamper or Shared Secret (Z): Derived from Secure Session removal of all power ECC-CDH PSD KAS Key N/A SRAM: Plaintext Until Use Immediately after use ECC-CDH PSD KAS Public Key: Paired with DRBG Working State: Generated from Shared Secret (Z): Derives Shared Secret (Z) N/A SRAM: Plaintext Until Use Immediately after use Session Authentication Key: Derives Session Privacy Key: Derives ECC-CDH Infrastructure KAS Public Key: Derived From ECC-CDH PSD KAS Key: Derived From Entropy Input N/A SRAM: Plaintext Until Use Immediately after use DRBG Working State: Derives DRBG Seed N/A SRAM: Plaintext Until Use Immediately after use DRBG Working State: Derives DRBG Working State N/A NVRAM: Encrypted N/A Zeroization, Tamper or Entropy Input: Derived from removal of all power KEK (Key Encryption Key): Encrypted by Mail Piece Key N/A NVRAM: Encrypted N/A Zeroization, Tamper or KEK (Key Encryption Key): Encrypted by removal of all power Password N/A NVRAM: Encrypted N/A Zeroization, Tamper or KEK (Key Encryption Key): Encrypted by removal of all power SWAK (Software N/A Plaintext N/A N/A N/A Authentication Key) Manufacturing Key N/A NVRAM: Encrypted N/A Zeroization, Tamper or KEK (Key Encryption Key): Encrypted by removal of all power Vendor Key Input NVRAM: Encrypted N/A Zeroization, Tamper or KEK (Key Encryption Key): Encrypted by (Encrypted) removal of all power This document may be freely reproduced and distributed, but only in its entirety and without modification.

Page 31

Certificate Key Input NVRAM: Encrypted N/A Zeroization, Tamper or KEK (Key Encryption Key): Encrypted by (Encrypted) removal of all power Download Key Input NVRAM: Encrypted N/A Zeroization, Tamper or KEK (Key Encryption Key): Encrypted by (Encrypted) removal of all power ECC-CDH Infrastructure Input SRAM: Plaintext Until Use Zeroization, Tamper or Shared Secret (Z): Derives KAS Public Key (Plaintext) removal of all power ECC-CDH PSD KAS Public Output SRAM: Plaintext Until Use Zeroization, Tamper or ECC-CDH PSD KAS Key: Paired with Key (Plaintext) removal of all power DRBG Working State: Generated from Debit Public Key Output NVRAM: Encrypted N/A Zeroization, Tamper or DRBG Working State: Generated from (Encrypted) removal of all power Debit Private Key: Paired With KEK (Key Encryption Key): Encrypted by Operation Public Key Output NVRAM: Encrypted N/A Zeroization, Tamper or DRBG Working State: Generated from (Encrypted) removal of all power Operation Private Key: Paired with KEK (Key Encryption Key): Encrypted by This document may be freely reproduced and distributed, but only in its entirety and without modification.

Page 32
10 SELF-TESTS
10.1 PRE-OPERATIONAL SELF -TESTS

The following pre-operational tests are performed upon power-up, on-demand and periodically. Prior to the PreOperational firmware integrity self-tests being performed, the module performs the required known answer test (KAT) on the implementation. Table 21: Pre-Operational Self-Tests Algorithm or Test Properties Test Method Test Type Indicator Details Test Firmware RSA 2048 RSA Signature SW/FW Success: No Error RSA 2048 Digital Integrity of (Cert. #A2440) Verification Integrity Code; Failure: Signature Bootloader Error Code Verification Firmware ECDSA P-256 ECDSA SW/FW Success: No Error ECDSA P-256 Digital Integrity of (Cert. #A2437) Signature Integrity Code; Failure: Signature Firmware Verification Error Code Verification The module also includes critical function tests that test the real time clock (RTC) and BRAM.

10.2 CONDITIONAL SELF-TESTS

The following conditional tests are performed upon power-up, on-demand and periodically. Table 22: Conditional Self-Tests Algorithm or Test Test Method Test Type Indicator Details Conditions Test Properties AES-ECB 256-bit KAT CAST Success: No Encrypt and Decrypt Power-up, (Cert. #A2435) Error Code; KATs Periodically & Failure: on-demand Error Code AES-KW 256-bit KAT CAST Success: No Encrypt and Decrypt Power-up, (Cert. #A2435) Error Code; KATs Periodically & Failure: on-demand Error Code ECDSA P-256 KAT CAST Success: No Signature Power-up, (Cert. #A2437) Error Code; Generation and Periodically & Failure: Verification KATs on-demand Error Code Hash DRBG N/A KAT CAST Success: No Instantiate and Power-up, (Cert. #A2436) Error Code; Generate KAT Periodically & Failure: on-demand Error Code This document may be freely reproduced and distributed, but only in its entirety and without modification.

Page 33

Algorithm or Test Test Method Test Type Indicator Details Conditions Test Properties HMAC 256-bit KAT CAST Success: No HMAC-SHA-256 KAT Power-up, (Cert. #A2438) Error Code; Periodically & Failure: on-demand Error Code KAS-ECC-SSC P-256 KAT CAST Success: No KAS-ECC Shared Power-up, SP800-56Ar3 Error Code; Secret Computation Periodically & (Cert. #A2439) Failure: KAT per IG D. F on-demand Error Code KDA OneStep 256-bit KAT CAST Success: No KDA KAT Power-up, SP800-56Cr1 Error Code; Periodically & (Cert. #A2439) Failure: on-demand Error Code RSA 2048-bit KAT CAST Success: No Signature Power-up, (Cert. #A2440) Error Code; Verification KAT Periodically & Failure: on-demand Error Code Firmware Load ECDSA P- Digital SW/FW Success: No Firmware load test During Test 256 Signature Load Error Code; occurs during 'Load Firmware Verification Failure: Parameters Updates Error Code Software Update' service Public Key P-256 N/A Critical Success: No Occurs during KAS During key Validation Function Error Code; upon receipt of the agreement Failure: connected host Error Code application public key ECC Pairwise P-256 PCT PCT Success: No Pairwise consistency During key Consistency Error Code; test agreement Test Failure: Error Code ECDSA Key P-256 PCT PCT Success: No Pairwise consistency After key pair Generation Error Code; test generation Failure: Error Code This document may be freely reproduced and distributed, but only in its entirety and without modification.

Page 34
10.3 PERIODIC SELF -TEST INFORMATION

The pre-operational and conditional algorithm self-tests are also automatically run on a periodic basis every 24 hrs. Table 23: Pre-Operational Periodic Information Algorithm or Test Test Method Test Type Period Periodic Method Firmware Integrity of RSA Signature SW/FW Integrity Every Power- Automatic Bootloader Verification On invocation of selftest service Firmware Integrity of Firmware ECDSA SW/FW Integrity Every Power- Automatic Signature On invocation of selfVerification test service Table 24: Conditional Periodic Information Algorithm or Test Test Method Test Type Period Periodic Method AES-ECB KAT CAST 24 hours Automatic invocation of self(Cert. #A2435) test service AES-KW KAT CAST 24 hours Automatic invocation of self(Cert. #A2435) test service ECDSA KAT CAST 24 hours Automatic invocation of self(Cert. #A2437) test service Hash DRBG KAT CAST 24 hours Automatic invocation of self(Cert. #A2436) test service HMAC KAT CAST 24 hours Automatic invocation of self(Cert. #A2438) test service KAS-ECC-SSC KAT CAST 24 hours Automatic invocation of selfNIST SP 800-56Ar3 test service (Cert. #A2439) KDA OneStep KAT CAST 24 hours Automatic invocation of selfNIST SP 800-56Cr1 test service (Cert. #A2439) RSA KAT CAST 24 hours Automatic invocation of self(Cert. #A2440) test service This document may be freely reproduced and distributed, but only in its entirety and without modification.

Page 35

ERROR STATES The module incorporates a single error state (refer to Table 25). Table 25: Error States Name Description Conditions Recovery Indicator Method Tampered Occurs in the event of a physical tamper event Tamper Event None Error Code e.g. removal of battery power, physical breach. Hard Error An error condition that is not recoverable. Self-Test Failure None Error Code Soft Error Non-critical, recoverable errors that allow the Non-Critical Automated or Error Code module to transition back to operation. Error Power-Cycle Occurrences

10.4 OPERATOR INITIATION OF SELF-TESTS

Self-tests may be triggered by the user on demand by power cycling the module (‘Reboot PSD’) or invoking the ‘Perform Diagnostic Test’ or ‘Perform Full Diagnostics’ services, which allows either individual or all tests to be run.

11 LIFE-CYCLE ASSURANCE

There are no specific maintenance requirements.

11.1 INSTALLATION, INITIALIZATION, AND STARTUP PROCEDURES

The module is initialized within PB manufacturing and installed into a PB manufactured PES. The PES is authorized and shipped to an end customer.

11.2 ADMINISTRATOR GUIDANCE

The device will only be provided to or retrieved from PB customers as part of a postage evidencing system. Administration guidance, in the form of API definitions, exists for PB engineers involved in the development of PES equipment.

11.3 NON-ADMINISTRATOR GUIDANCE

The device will only be provided to customers as part of a postage meter. Any user guidance will be provided as part of that equipment.

11.4 DESIGN AND RULES

The following security rules are enforced by the cryptographic module to ensure the FIPS 140-3 security requirements are met. This document may be freely reproduced and distributed, but only in its entirety and without modification.

Page 36
  1. The module must support an Approved and non-Approved mode of operation. The Approved mode indicator must be returned to the end user.
  2. The module must not allow unauthenticated operators to have any access to the module’s cryptographic services.
  3. The module must inhibit data output during self-tests, firmware load, zeroization and error states.
  4. The module must logically disconnect data output from the processes performing zeroization and key generation.
  5. The module must enforce identity-based authentication.
  6. The module must not retain the authentication of an operator following power-off or reboot.
  7. The module must support the following roles: Cryptographic Officer and User.
  8. The module must not permit the input or output of plaintext cryptographic keys or other CSPs.
  9. The module must not support a bypass mode or maintenance mode.
  10. The module must not support the following logically distinct interfaces: − Data input interface − Data output interface − Control input interface − Status output interface − Power interface.
  11. The module must protect critical security parameters from unauthorized disclosure, modification and substitution.
  12. The module must perform power-on, on-demand and periodic self-testing.
  13. The module must log errors whenever an error state is entered.
  14. The module must not perform any cryptographic functions while in an error state.
  15. The module must not support multiple concurrent operators.
11.5 END OF LIFE

Once a module is no longer needed by a customer, they will walk through a process called withdrawal and return the PSD to PB where an operator will perform the “re-initialize” operation, zeroizing the KEK. Once a module has been zeroized, it must be returned to the factory for software loading and parameterizing prior to being usable by a customer.

12 MITIGATION OF OTHER ATTACKS

The module is not purposefully designed to mitigate any attacks beyond the scope of FIPS 140-3 requirements. This document may be freely reproduced and distributed, but only in its entirety and without modification.