All modules
CMVP Validated Module · FIPS 140-3 Security Policy

MFP Cryptographic Module (B)

Certificate#5009StandardFIPS 140-3Level2TypeHardwareEmbodimentSingle ChipStatusActiveVendorKYOCERA Document Solutions Inc.
Medium review priority  ·  exposes HSM/SE firmware trust anchor  ·  last validated 15 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level2
Module typeHardware
EmbodimentSingle Chip
StatusActive
Sunset date4/26/2030
EntropyENT (P)
CaveatThe module generates SSPs whose strengths are modified by available entropy.
VendorKYOCERA Document Solutions Inc.
Hardware versions0x00000002

Approved Algorithms (31)

AlgorithmACVP Cert
AES-CBCA2716
AES-CCMA2716
AES-CMACA2716
AES-CTRA2716
AES-ECBA2716
AES-GCMA2716
AES-GCMA2716
AES-XTS Testing Revision 2.0A2716
ECDSA KeyGen (FIPS186-4)A2716
ECDSA KeyVer (FIPS186-4)A2716
ECDSA SigGen (FIPS186-4)A2716
ECDSA SigVer (FIPS186-4)A2716
Hash DRBGA2716
HMAC-SHA-1A2716
HMAC-SHA2-224A2716
HMAC-SHA2-256A2716
HMAC-SHA2-384A2716
HMAC-SHA2-512A2716
HMAC-SHA2-512/224A2716
HMAC-SHA2-512/256A2716
KAS-ECC-SSC Sp800-56Ar3A2716
KDF SP800-108A2716
RSA SigGen (FIPS186-4)A2716
RSA SigVer (FIPS186-4)A2716
SHA-1A2716
SHA2-224A2716
SHA2-256A2716
SHA2-384A2716
SHA2-512A2716
SHA2-512/224A2716
SHA2-512/256A2716

Security Levels (Table 1)

Requirement areaLevel
Cryptographic Module Specification2
Cryptographic Module Interfaces2
Roles, Services, and Authentication4
Software/Firmware Security5
Operational EnvironmentN/A
Physical Security2
Sensitive Security Parameter Management9
Self-Tests2
Mitigation of Other AttacksN/A

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for MFP Cryptographic Module (B)
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C1["[high] Firmware / bootloader<br/>versions disclosed<br/>(identity, not provenance)<br/><i>Boot Firmware Version: 0x00010000, Main Firmware…</i>"]
    C2["[high] Firmware update / recovery<br/>/ rollback services<br/><i>Monotonic Counter Increment</i>"]
    C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Self-Test<br/>XTS-shell Enable<br/>Status Check</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>IPSEC</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I1["Component identity is<br/>disclosed, but provenance<br/>and patch lineage are not."]
    I2["Trusted code is reachable<br/>through update and<br/>recovery paths."]
    I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R1["Do the vendor version<br/>strings obscure the<br/>upstream baseline, fork<br/>lineage, or known-CVE<br/>exposure?"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E1["SBOM / component baselines<br/>· patch and backport<br/>manifest · CVE disposition"]
    E2["update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C1 --> I1 --> R1 --> E1
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C1,C2,C3,C5,C6 clue;
  class I1,I2,I3,I5,I6 infer;
  class R1,R2,R3,R5,R6 risk;
  class E1,E2,E3,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for MFP Cryptographic Module (B)
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C1["[high] Firmware / bootloader versions disclosed (identity, not provenance)<br/><i>Boot Firmware Version: 0x00010000, Main Firmware…</i><br/>src: certificate.firmwareVersions"]
    C2["[high] Firmware update / recovery / rollback services<br/><i>Monotonic Counter Increment</i><br/>src: securityPolicy.services"]
    C3["[high] Unauthenticated / self-test / status service surface<br/><i>Self-Test<br/>XTS-shell Enable<br/>Status Check</i><br/>src: securityPolicy.services"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>IPSEC</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C1,C2,C3 clueHigh;
  class C5,C6 clueLow;

Security Policy, page by page

Page 1

MFP Cryptographic Module(B) KYOCERA Document Solutions Inc. MFP Cryptographic Module (B) Version: 1.1 Prepared by: KYOCERA Document Solutions Inc. 1-2-28 Tamatsukuri Chuo-ku Osaka, Osaka 540-8585 Japan +81-6-6764-3355 https://www.kyoceradocumentsolutions.com/

2025 KYOCERA Document Solutions Inc.
Page 2

MFP Cryptographic Module(B) Table of Contents 1. 1.1. 1.2. 1.3. 1.2. 1.5. 2. 2.1. 2.2. 2.3. 2.4. 2.5. 3. 4. 4.1. 4.2. 5. 6. 7. 8. 9. 9.1. 9.2. 10. 10.1. 10.1.1. 10.2. 10.2.1. 10.2.2. 11. 11.1. 11.2. 12.

2025 KYOCERA Document Solutions Inc.
Page 3
Security level
NameISO SectionRequirementLevel
11General2
22Cryptographic Module Specification2
33Cryptographic Module Interfaces2
44Roles, Services and Authentication3
55Software / Firmware Security2
66Operational EnvironmentN/A
77Physical Security2
88Non-invasive SecurityN/A
99Sensitive Security Parameter Management2
1010Self-Tests2
1111Life-cycle Assurance2
1212Mitigation of Other AttacksN/A

1.1. Introduction This is a non-proprietary Cryptographic Module Security Policy for the MFP Cryptographic Module (B). Notice. This Security Policy describes how the module meets the security requirements of Federal Information Processing Standards (FIPS) Publication 140-3, which details the U.S. and Canadian government requirements for cryptographic modules. More information about the FIPS 140-3 standard and validation program is available on the National Institute of Standards and Technology (NIST) and the Communications Security Establishment (CSE) Cryptographic Module Validation Program (CMVP) website at https://csrc.nist.gov/Projects/Cryptographic-Module-Validation-Program. This policy was prepared as part of the Level 2 FIPS 140-3 validation of the module. The MFP Cryptographic Module (B) is referred to as the module in this document. The individual clause levels and overall level are listed in the table below. Table 1-1 Security Levels N/A N/A 1.2. N/A The module is intended to meet requirements of FIPS 140-3 at an overall Security Level 2. Table 1-1 shows the security level claimed for each of the twelve sections that comprise the validation. “Operational 1.3. Purpose There are three major reasons that a security policy is required

2025 KYOCERA Document Solutions Inc.
Page 4

MFP Cryptographic Module(B)

2025 KYOCERA Document Solutions Inc.
Page 5

MFP Cryptographic Module(B) [SP 800-56A Rev. 3] Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography, https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar3.pdf, 2018 [SP 800-56C Rev. 1] Recommendation for Key-Derivation Methods in Key-Establishment Schemes, https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Cr1.pdf, 2018 [SP 800-108] Recommendation for Key Derivation Using Pseudorandom Functions (Revised), https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-108.pdf, 2009 [FIPS 198-1] The Keyed-Hash Message Authentication Code (HMAC), https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.198-1.pdf, 2008 [FIPS 197] Advanced Encryption Standard (AES), https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197.pdf, 2001 [FIPS 180-4] Secure Hash Standard (SHS), https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf, 2015

2025 KYOCERA Document Solutions Inc.
Page 6
Module configuration
NameModelHardware VersionFirmware VersionFeatures
MFP Cryptographic Module (B) as a sub-chip cryptographic subsystemMFP Cryptographic Module (B) as a sub-chip cryptographic subsystem0x00000002boot firmware : 0x00010000 main firmware : 0x80010006N/A

2.1. Module Description MFP Cryptographic Module(B) is a cryptographic security chip for encrypting data written to a storage device and other security functions of Kyocera multifunction printer. The module is a hardware cryptographic module implemented as a sub-chip system running on a singlechip standalone processor and is classified as a sub-chip cryptographic subsystem contained within a single chip embodiment for the purpose of FIPS 140-3 validation. The module is identified by three points: that it is implemented in the Kyocera SCH134 SoC (System-On-Chip), Hardware Version and Firmware Table 2-1 Cryptographic Module Tested Configuration N/A There are four kinds of packages of the chip (the Kyocera SCH134). Four kinds of opaque packages of the chip are shown in the figures below.

2025 KYOCERA Document Solutions Inc.
Page 7

MFP Cryptographic Module(B) Figure 2-1 Module Seal Application Locations

2025 KYOCERA Document Solutions Inc.
Page 8

MFP Cryptographic Module(B) Figure 2-4 Module Seal Application Locations

2025 KYOCERA Document Solutions Inc.
Page 9

MFP Cryptographic Module(B) 2.2. Cryptographic Module Boundary The module was tested as a sub-chip cryptographic subsystem implemented in the Kyocera SCH134 SoC. The following figure shows the block diagram of SCH134 and the module. Power In Data In Res Req AXI4 Crypto Engine Data Out NDRNG Status Out SRAM ROM Interrupt Signal Registers/Interrupts Processing System Req Data/Control In Res APB4 Microcontroller Mailbox Data/Status Out MFP Cryptographic Module (B) Data Out NVM IF Data In Logical Boundary Req Res OTP Data In Req XTS-shell IF Data Out Res XTS-shell : Requester Port Res : Responder Port Req Physical Boundary Figure 2-5 MFP Cryptography Module (B) Block Diagram The physical boundary of the module is the physical boundary of SCH134. Consequently, the embodiment of the module is a single-chip cryptographic module. The cryptographic boundary of the module is the MFP Cryptographic Module (B). The module is classified as a single-chip hardware module for the purpose of FIPS 140-3 validation. SRAM in the Figure 2-1 is referred to as “the SRAM” and OTP in the Figure 2-1 is

2025 KYOCERA Document Solutions Inc.
Page 10
Approved algorithm
NameCAVP CertMode MethodKey SizeUse Function
AES FIPS 197 SP 800-38AA2716ECB, CBC, CTRKey Size 128, 192, 256 bitsData Encryption/ Decryption
AES FIPS 197A2716XTS*1Key Size 256 bitsData Encryption/ Decryption
AES SP 800-38C SP 800-38D FIPS 140-3 IG C.HA2716GCM*2 CCMKey Size 128, 192, 256 bitsData Encryption/ Decryption with Authentication
SHS FIPS 180-4A2716SHA-1, SHA-224, SHA- 256, SHA-384, SHA- 512, SHA-512/224, SHA-512/256Message Digest
HMAC FIPS 198-1A2716HMAC-SHA-1, HMAC- SHA-224, HMAC-SHA- 256, HMAC-SHA-384, HMAC-SHA-512, HMAC-SHA-512/224, HMAC-SHA-512/256Key Size HMAC-SHA-1 : 160bits HMAC-SHA-224 : 224 bits HMAC-SHA-256 : 256 bits HMAC-SHA-384 : 384 bits HMAC-SHA-512, HMAC-SHA- 512/224, HMAC-SHA-512/256 : 512 bitsMessage Authentication Code Generation
AES FIPS-197 SP 800-38DA2716CMACKey Size 128, 192, 256 bitsMessage Authentication Code Generation
RSA FIPS 186-4A2716PKCS#1 v1.5 PSSKey Size 2048, 3072Digital Signature Generation and Verification
ECDSA FIPS 186-4A2716Key Size 256, 384 bitsDigital Signature Generation and Verification
KBKDF SP800-108A2716Counter Mode using HMAC-SHA-256Key Size 256 bitsKey Derivation
KAS-ECC-SSC SP800-56A rev.3A2716IG D.F Scenario 2(1)Key Size 256, 384 bits (P-256, P-384)Key Agreement Scheme Shared Secret Computation
ECDSA FIPS 186-4A2716Key Size 256, 384 bitsElliptic Curve Cryptography Key Pair Generation
ECDSA FIPS 186-4A2716Key Size 256, 384 bitsValidation of an elliptic curve public key.
KTS (AES Key Wrapping with AES- GCM) FIP 197 SP800-38D FIPS 140-3 IG C.H FIPS 140-3 IG D.GA2716GCMKey Size 256 bitsKey Wrapping by using AES-GCM
DRBG SP800-90AA2716SHA-256Export Key service RSA-PSS Sign service ECDSA Sign service Random Number Generation service Key Derivation service
CKG SP800- 133 rev.2Vendor affirmedSP 800-133 rev.2 Section 4(example 1) *3Cryptographic Key Generation
ENT (P) S800-90BRandom Number Generator Configuration service
If Key Transport function is used, the module generates 96-bits AES-GCM Encryption IV which is random bits generated by the approved HASH_DRBG. The random number from ENT which the module holds is used as the entropy input of HASH_DRBG.RBG-based Construction
If Symmetric Encryption and Decryption with Authentication function is used, AES-GCM Encryption IV is generated and provided from inside of the single chip but outside of the module. The IV length is 96-bits. This IV must be generated by the GCM IV generation method in accordance with FIPS 140-3 IG C.H.Deterministic Construction

MFP Cryptographic Module(B) referred to as “the OTP” in the rest of this document. Boot firmware which is for initialization and loading main firmware is located in ROM. Boot firmware and main firmware are referred to as “ROM Firmware” and “RAM Firmware” respectively in the rest of this document. 2.3. Approved, Allowed or Vendor Affirmed Security Functions The following table shows the approved or allowed security functions used in the module. No nonapproved security functions or vendor affirmed security functions are performed in the module. Table 2-2 Approved Algorithms C.H

2025 KYOCERA Document Solutions Inc.
Page 11
2025 KYOCERA Document Solutions Inc.
Page 12
Approved algorithm
NameCAVP CertMode MethodUse Function
CKG SP800- 133 rev.2Vendor affirmedSP 800-133 rev.2 Section 4(example 1) *3Cryptographic Key Generation
ENT (P) S800-90BRandom Number Generator Configuration service
If Key Transport function is used, the module generates 96-bits AES-GCM Encryption IV which is random bits generated by the approved HASH_DRBG. The random number from ENT which the module holds is used as the entropy input of HASH_DRBG.RBG-based Construction
If Symmetric Encryption and Decryption with Authentication function is used, AES-GCM Encryption IV is generated and provided from inside of the single chip but outside of the module. The IV length is 96-bits. This IV must be generated by the GCM IV generation method in accordance with FIPS 140-3 IG C.H.Deterministic Construction

*1: AES-XTS key is parsed as the concatenation of two AES key, denoted by Key_1 and Key_2, that are 256 bits long. The module checks whether Key_1 ≠ Key_2. If there is no difference between Key_1 and Key_2, the module returns an error code. *2: The module supports 2 modes for AES-GCM Encryption IV listed in the table below. Here, AES-GCM *3: V is a string binary zeros, then B = U (i.e., the output of an approved RBG). 2.4. Modes of Operation The module only supports approved mode of operation and only supports approved and allowed security functions. No other modes of operation and security functions are implemented by the module. Therefore, when the module is powered up and successfully completes pre-operational self-test and cryptographic algorithm tests, the module enters the approved mode of operation. When the approved mode, the configuration ID indicates 0x2. The configuration ID is specified by the initialization procedure. Details of the initialization procedure are described in chapter 11.

2025 KYOCERA Document Solutions Inc.
Page 13

MFP Cryptographic Module(B) 2.5. Rules of Module operation The module is an embedded security subsystem within the Kyocera SCH134 SoC. No user installation or maintenance is required. This section describes operations based on security rules.

  1. This module executes the self-tests by turning on the power supply or releasing the reset.
  2. If the self-test is successful, the authentication process will be executed upon command input from the Crypto Officer.
  3. After the authentication process is completed successfully, the firmware will be loaded from external memory, transitioning to a state where general commands (such as encryption commands and authentication commands) can be executed.
  4. If an error occurs in any state, the module will transition to the Error state. In the Error state, no commands will be accepted. To exit this state, it is needed to perform a power cycle or apply a reset.5. AES-XTS can only be used for storage. The other sections of this document provide additional details on the design of the module and rules for its operation.
2025 KYOCERA Document Solutions Inc.
Page 14
Ports and interfaces
NamePhysical PortLogical InterfaceData That Passes
DMA IF over AXIDMA IF over AXIData InputAES-Key, HMAC-Key, RSA-Private-Key, ECC-Private-Key, Key-Wrap-Key, Key- Derive-Key (Keys are both Plain Text and Cipher Text.) RSA-Public-Key, ECC-Public-Key Plain Text Message, Cipher Text Message, Digital Signature, IV, Authentication Tag,
Data OutputData OutputAES-Key, HMAC-Key, RSA-Private-Key, ECC-Private-Key, Key-Wrap-Key, Key- Derive-Key (Keys are Cipher Text.) ECC-Public-Key Plain Text Message, Cipher Text Message, Message Digest, MAC, Digital Signature, Authentication Tag
Mailbox over APBMailbox over APBControl InputCommand Type Data Size Data Address
Status OutputStatus OutputCommand Result Error Code
Data InputData InputCrypto Officer ID / Password User ID / Password User Defined Data Message Digest
Data OutputData OutputCrypto Officer ID / Password User ID, Data Size, User Defined Data Next IV, Monotonic Counter Value
NVM IFNVM IFData Input, OutputCrypto Officer ID / Password User Defined Data AES-Key, HAMC-Key, Key-Wrap-Key, Key- Derive-Key Key attribute information Monotonic Counter Value
XTS-shell IFXTS-shell IFData Input, OutputPlain Text Data, Cipher Text Data
Registers over APBRegisters over APBControl Input, Status OutputStatus, Hardware Version, Firmware Version, Configuration ID
InterruptInterruptStatus OutputInterrupt

MFP Cryptographic Module(B) 3. Cryptographic Module Interfaces The module supports interfaces listed in the table below. Table 3-1 Interfaces

2025 KYOCERA Document Solutions Inc.
Page 15

MFP Cryptographic Module(B) The “Mailbox over APB” means access to the Mailbox via APB4 shown in Figure 2-1. The mailbox consists of the SRAM and is used for command/data input and data output. The “DMA IF over AXI” means access from the Crypto Engine via AXI4 in Figure 2-1. Basically, the module is controlled by command input via the mailbox but interrupt related control is done by registers. The module does not implement a control output interface.

2025 KYOCERA Document Solutions Inc.
Page 16
Service
NameRolesInputOutput
Symmetric EncryptionCrypto Officer (CO)Plain Text IVCommand Result Cipher Text Next IV
Symmetric Encryption with AuthenticationPlain Text AAD IVCommand Result Cipher Text Authentication Tag
Symmetric DecryptionCipher Text IVCommand Result Plain Text
Symmetric Decryption with AuthenticationCipher Text AAD IV Authentication TagCommand Result Plain Text
HashMessageCommand Result Message Digest
MACMessageCommand Result MAC
RSA-PKCS #1 v1.5 Sign RSA-PSS SignMessage Public KeyCommand Result Signature
ECDSA SignMessageCommand Result Signature
RSA-PKCS #1 v1.5 verify RSA-PSS Verify ECDSA VerifyMessage Public Key SignatureCommand Result
ECC CDH Key AgreementECC Public KeyCommand Result Shared Secret
ECC MultiplicationNoneCommand Result Public Key
ECC Public-Key VerifyECC Public KeyCommand Result
Key DerivationFixed InputCommand Result AES Key HMAC Key
XTS-Key DerivationFixed InputCommand Result AES-XTS Key
Authentication COEncrypted Firmware AES Key ECDSA Public Key ECDSA SignatureCommand Result Crypto Officer Password
Random Number GenerationNoneCommand Result DRBG Output
Random Number Generator ConfigurationSample Count Value, Cut Off ValuesCommand Result
Monotonic Counter IncrementNoneCommand Result
Monotonic Counter ReadNoneCommand Result Monotonic Counter Value
Write OTPUser Defined DataCommand Result
Read OTPNoneCommand Result User Defined Data
Delete Key Delete All Keys Clear OTPNoneCommand Result
Register UserUser ID / PasswordCommand Result
XTS-shell Enable XTS-shell DisableNoneCommand Result
SleepNoneCommand Result
Symmetric EncryptionUserPlain Text IVCommand Result Cipher Text Next IV (AES-CBC, AES-CTR)
Symmetric Encryption with AuthenticationPlain Text AAD IVCommand Result Cipher Text Authentication Tag
Symmetric DecryptionCipher Text IVCommand Result Plain Text
Symmetric Decryption with AuthenticationCipher Text AAD IV Authentication TagCommand Result Plain Text
HashMessageCommand Result Message Digest
MACMessageCommand Result MAC
RSA-PKCS #1 v1.5 Sign RSA-PSS SignMessage Public KeyCommand Result Signature
ECDSA SignMessageCommand Result Signature
RSA-PKCS #1 v1.5 verify RSA-PSS Verify ECDSA VerifyMessage Public Key SignatureCommand Result
ECC CDH Key AgreementECC Public KeyCommand Result Shared Secret
ECC MultiplicationNoneCommand Result Public Key
ECC Public-Key VerifyECC Public KeyCommand Result
Key DerivationFixed InputCommand Result AES Key, HMAC Key, ECC Private Key, ECC Public Key
XTS-Key DerivationFixed InputCommand Result AES-XTS Key

MFP Cryptographic Module(B) 4. Roles, Services, and Authentication 4.1. Roles and Authentication The module supports two roles: a Crypto Officer and a User. The Crypto Officer is basically for module setup and initialization. The User is for general cryptographic services. Table 4-1 lists all operator roles supported by the module and their related services. Table 4-1 Roles, Service Commands, Input and Output

2025 KYOCERA Document Solutions Inc.
Page 17
2025 KYOCERA Document Solutions Inc.
Page 18
2025 KYOCERA Document Solutions Inc.
Page 19
Sensitive security parameter
NameUseInput
Version CheckHardware Version Firmware VersionNone
CFG-ID CheckConfiguration IDNone
AES-XTS EncryptionCipher TextPlain Text
AES-XTS DecryptionPlain TextCipher Text

MFP Cryptographic Module(B) *Key Wrap Key is AES-GCM Key which is 256-bits. All roles authenticate to the module using identity-based authentication. The Crypto Officer and the User are authenticated using the ID and password (a 32-bit password). In addition, a 256-bit ECDSA signature and ID is used to authenticate the Crypto Officer role by the Authentication CO service. Table 4-1 lists the roles supported by the module, the authentication methods, and the strengths of the authentication mechanism.

2025 KYOCERA Document Solutions Inc.
Page 20
RoleAuthentication MethodAuthentication Strength
Crypto Officer (CO)256-bit ECDSA signature verification (only for Authentication CO service)A 256-bit ECDSA signature has 128 bits of security. The probability of signature that a single random authentication attempt will succeed, or a false acceptance will occur is 1/2128 which is less than 1/1,000,000. When the attempt fails, the module waits at least one second, during which any attempt is ignored. Thus, the maximum authentication rate is 60 per minute and the probability that random authentication attempts will succeed within a one-minute interval is 60/2128 which is less than 1/100,000.
32-bits Password comparisonThe probability of password that a single random authentication attempt (by guessing the password value) will succeed, or a false acceptance will occur is 1/232 which is less than 1/1,000,000. When the attempt fails, the module waits at least one second, during which any attempt is ignored. Thus, the maximum authentication rate is 60 per minute and the probability that random authentication attempts will succeed within a one-minute interval is 60/232 which is less than 1/100,000.
User32-bits Password comparisonSame as above.

MFP Cryptographic Module(B) Table 4-2 Roles and Authentication

2025 KYOCERA Document Solutions Inc.
Page 21
Service
NameDescriptionRolesRole AccessCsps AccessedApproved FunctionsAccessIndicator
Authentication COThis service authorizes CO and loads RAM firmware of the module. ROM Firmware allows this service only, and this service can only run on ROM Firmware. If on RAM Firmware, this service cannot be performed. Integrity of RAM Firmware is verified by using ECDSA verify.XCrypto Officer PasswordSHA-256 ECDSA VerifyE RIndicator can be checked by using both CFG-ID service and command result.
Symmetric Encryption/ DecryptionThis service encrypts or decrypts supplied data using AES-ECB, AES- CBC or AES-CTR.XXAES-ECB Key, AES-CBC Key, AES-CTR Key (128, 192, 256 bits)AES-ECB AES-CBC AES-CTREIndicator can be checked by using both CFG-ID service and command result.
Symmetric Encryption/De cryption with AuthenticationThis service encrypts or decrypts supplied data with authentication using AES-GCM Key.XXAES-GCM Key, AES- CCM Key (128, 192, 256 bits)AES-GCM AES-CCMEIndicator can be checked by using both CFG-ID service and command result.
HashThis service generates a message digest using Message Digest function.XXN/ASHA-1, SHA-224, SHA-256, SHA- 384, SHA-512, SHA-512/224, SHA-512/256Indicator can be checked by using both CFG-ID service and command result.
MACThis service generates Message Authentication Code on a supplied data using Keyed Hash function or AES-CMAC Key.XXHMAC Key (160, 224, 256, 384, 512 bits) AES-CMAC Key (128, 192, 256 bits)HMAC-SHA-1, HMAC-SHA-224, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512, HMAC-SHA- 512/224, HMAC- SHA-512/256 AES-CMACEIndicator can be checked by using both CFG-ID service and command result.
Random Number GenerationThis service generates a random number using the DRBG generate function. A random number, which is unmodified output by this service, can be used as a Key Derive Key.XXDRBG Internal StateDRBGEIndicator can be checked by using both CFG-ID service and command result.
RSA-PKCS #1 v1.5 SignThis service generates an RSA-PKCS#1 v1.5 signature on a supplied data.XXRSA Private KeySHA-224, SHA- 256, SHA-384, SHA-512, SHA- 512/224, SHA- 512/256 RSAW EIndicator can be checked by using both CFG-ID service and command result.
RSA-PKCS #1 v1.5 VerifyThis service verifies an RSA-PKCS#1 v1.5 signature on a supplied data with a supplied RSA Public Key.XXN/ASHA-1, SHA-224, SHA-256, SHA- 384, SHA-512, SHA-512/224, SHA-512/256 RSAIndicator can be checked by using both CFG-ID service and command result.
RSA-PSS SignThis service generates an RSA-PSS signature on a supplied data.XXRSA Private KeySHA-224, SHA- 256, SHA-384, SHA-512, SHA- 512/224, SHA- 512/256 RSAW EIndicator can be checked by using both CFG-ID service and command result.
RSA-PSS VerifyThis service verifies an RSA-PSS signature on a supplied data with a supplied RSA Public Key.XXN/ASHA-1, SHA-224, SHA-256, SHA- 384, SHA-512, SHA-512/224, SHA-512/256 RSAIndicator can be checked by using both CFG-ID service and command result.
ECDSA SignThis service generates an ECDSA signature on a supplied data.XXECDSA Private KeySHA-224, SHA- 256, SHA-384, SHA-512, SHA- 512/224, SHA- 512/256 ECDSAEIndicator can be checked by using both CFG-ID service and command result.
ECDSA VerifyThis service verifies an ECDSA signature on a supplied data with supplied ECDSA Public Keys.XXN/ASHA-1, SHA-224, SHA-256, SHA- 384, SHA-512, SHA-512/224, SHA-512/256 ECDSAIndicator can be checked by using both CFG-ID service and
ECC CDH Key AgreementThis service generates Shared Secret with other party’s ECDH Public Key.XXECDH Private KeyECC CDHE GIndicator can be checked by using both CFG-ID service and command result.
ECC MultiplicationThis service computes ECDSA/ECDH Public Key with ECDSA/ECDH Private Key, which is imported or generated by a corresponding service.XXECDSA Private Key, ECDH Private KeyEIndicator can be checked by using both CFG-ID service and command result.
ECC Public-Key VerifyThis service verifies supplied ECDSA/ECDH Public Key by checking if the following conditions hold. 1. y 2=x 3+ax +b Q Q Q (mod p) 2. nQ=O Here, Q=(x ,y ) is the Q Q ECDSA/ECDH Public Key.XXN/AApproved security functions are not used in this service.
Key DerivationThis Service generates an AES-ECB Key, an AES-CBC Key, an AES- CTR Key, an AES-GCM Key, a HMAC Key, an AES-CMAC Key, a Key Derive Key, a Key WrapXXKey Derive KeyKBKDF DRBGG W EIndicator can be checked by using both CFG-ID service and command result.
XTS Key DerivationThis Service generates an AES-XTS key, which is as concatenation of two AES keys, that are 256 bits long.XXKey Derive KeyHMAC-SHA-256G W EIndicator can be checked by using both CFG-ID service and command result.
If a CSP is Shared Secret generated by ECC CDH Key Agreement service, this service outputs Shared Secret in plaintext by 2-step procedure.If a CSP is Shared Secret generated by ECC CDH Key Agreement service, this service outputs Shared Secret in plaintext by 2-step procedure.command result.
Delete KeyThis service zeroises a CSP in the SRAM.XXAES Key, HMAC Key, RSA Private Key, ECC Private Key, Key Derive Key, Key Wrap KeyZIndicator can be checked by using both CFG-ID service and command result.
Clear OTPThis service zeroises a CSP in the OTP.XAES Key, HMAC Key, ECC Private Key, Key Derive Key, Key Wrap KeyZIndicator can be checked by using both CFG-ID service and command result.
Delete All KeysThis service zeroises All CSPs in the SRAM, the XTS-shell and the OTP.XAES Key, HMAC Key, RSA Private Key, ECC Private Key, Key Derive Key, Key Wrap Key, Crypto Officer Password, User PasswordZIndicator can be checked by using both CFG-ID service and command result.
Random Number Generator ConfigurationThis service gives configuration parameters of ENT and does the DRBG instantiate function.XDRBG Entropy Input, DRBG Nonce Input, DRBG Internal StateDRBGGIndicator can be checked by using both CFG-ID service and command result.
Self-TestThis service performs Self-Tests described in Chapter 9. This service is invoked automatically at power-up of the module. This service is not provided as command via the mailbox. This service does not include AES-XTS self- test, that is performed by invoking XTS-shell Enable service.No Authentication requiredN/AAES-ECB, AES- CBC, ECDSA verify (SHA-256) (The followings only run on RAM Firmware.) AES-CMAC SHA-256 RSA, ECC CDH, ECDSA signIndicator can be checked by using both CFG-ID service and command result.
Monotonic Counter IncrementThis service increments the monotonic counter in the OTP. The monotonic counter is stored in plaintext. The monotonic counter is implemented to support a firmware rollback prevention. The processing system can detect a firmware rollback by making reference to it.XN/A
Monotonic Counter ReadThis service returns the value of the monotonic counter in the OTP in plaintext.XXN/A
Write OTPThis service performs a write operation of a Key, a Hash Digest or User Defined Data into the OTP in plaintext.XAES-Key HMAC-Key ECC-Private Key Key-Derive Key, Key- Wrap KeyWIndicator can be checked by using both CFG-ID service and command result.
Read OTPThis service performs a read operation of the User Defined Data from the OTP in plaintext.XXN/A
Register UserThis service registers a user who is assigned USER role. Both User ID and User Password are set to the SRAM.XUser PasswordW
XTS-shell EnableThis service enables the XTS-shell by releasing the reset, starts AES-XTS self- test. And then self-test completes successfully, AES-XTS keys which are in the SRAM are set into registers of XTS- shell.XAES-XTS KeyWIndicator can be checked by using both CFG-ID service and command result.
XTS-shell DisableThis service deletes AES-XTS keys in the XTS-shell and disablesXAES-XTS KeyZIndicator can be checked by using
the XTS-shell by applying the reset.the XTS-shell by applying the reset.both CFG-ID service and command result.
AES-XTS Encryption/ DecryptionThis service uses AES- XTS to encrypt or decrypt data which is received via XTS-shell IF. It only can run while XTS-shell is enabled.As XTS-shell IF is a responder port, the source which transfers data to XTS-shell can’t be identified. Therefore, this service does not require authentication.AES-XTS KeyAES-XTSEIndicator can be checked by using CFG-ID service.
Status CheckThis service returns the status of the module.No Authentication requiredN/A
Version CheckThis service returns the hardware and the firmware version of the module.No Authentication requiredN/A
CFG-ID CheckThis service returns the value of configuration ID by reading the register. If the return value lower 3 bits of this service is 0x2, it indicates that the module is approved mode.No Authentication requiredN/A
SleepThis service deletes AES-XTS keys in the XTS-shell and disables the XTS-shell by applying the reset, and causes the module to transition the WAIT FOR SLEEP state. The WAIT FOR SLEEP state is the state to wait for applying the sleep reset.XAES-XTS KeyZIndicator can be checked by using both CFG-ID service and command result.

MFP Cryptographic Module(B) 4.2. Services The module supports services following table shows. All services require authentication except for SelfTest, Status Check, Version Check and CFG-ID Check. The following table lists services implemented by the module along with their description. Table 4-3 Approved Services X E R X X E X X E

2025 KYOCERA Document Solutions Inc.
Page 22
2025 KYOCERA Document Solutions Inc.
Page 23
2025 KYOCERA Document Solutions Inc.
Page 24

MFP Cryptographic Module(B) X X E G X X E

  1. N/A X X yQ2=xQ3+axQ+b
  2. X X G W E
2025 KYOCERA Document Solutions Inc.
Page 25
2025 KYOCERA Document Solutions Inc.
Page 26
2025 KYOCERA Document Solutions Inc.
Page 27
2025 KYOCERA Document Solutions Inc.
Page 28
2025 KYOCERA Document Solutions Inc.
Page 29
2025 KYOCERA Document Solutions Inc.
Page 30

MFP Cryptographic Module(B) X Z In the following table, lists of type of access to SSPs are shown. The access types to SSPs are denoted as follows:

2025 KYOCERA Document Solutions Inc.
Page 31

MFP Cryptographic Module(B)

  1. Software/Firmware Security 5.1. Integrity Techniques The module verifies the integrity of the ROM Firmware before executes one. 32-bit CRC check is used for the technique of integrity check. Also, the integrity check of RAM Firmware, which is located in the memory outside of the module, is performed by verifying the ECDSA signature. 5.2. On-Demand Integrity Test The ROM Firmware integrity tests can be performed with the reset applied, and RAM Firmware integrity tests can be performed with the Authentication CO service, which is the service that loads the RAM firmware for the module.
  2. Operational Environment The module is a limited operational environment.
2025 KYOCERA Document Solutions Inc.
Page 32
Physical SecurityRecommended Frequency ofInspection/Test Guideline Details
MechanismInspection/Test
Enclosure by an opaque packageEach time a service person performs maintenance or collects the board in the event of some kind of faults occurring on the machine that SCH134 is mounted.Visual confirmation whether a package of SHC134 is disclosed or not.

MFP Cryptographic Module(B) The module is implemented in silicon as part of the Kyocera SCH134 SoC. The chip is enclosed by an opaque package which prevents unauthorized physical access to the chip. There are four kinds of packages of the chip. The module consists of production-grade components that include standard passivation techniques. The following table lists requirement to maintain the physical security. Four kinds of opaque packages of the chip are shown in the figures below. Figure 7-1 Module Seal Application Locations

2025 KYOCERA Document Solutions Inc.
Page 33

MFP Cryptographic Module(B) Figure 7-2 Module Seal Application Locations

2025 KYOCERA Document Solutions Inc.
Page 34
Sensitive security parameter
NameStrengthSecurity FunctionGenerationStorageImport ExportKey/SSP Name/ TypeZeroisation
Key Derivation service256 bitsKDF HMAC- SHA -256Internally generated by using Random Number Generation service or Key Derivation service.Stored in the SRAM/ OTP in plaintext.Entry: N/A (Entered into the module from TOEPP CM hardware via Single-Chip TOEPP Path) Imported by the Import Key service. Export: N/A (Output from the module to TOEPP CM hardware via Single-Chip TOEPP Path) Exported in encrypted format by the Export Key service.Key Derive KeyZeroised by Delete Key service, Clear OTP service or Delete All Keys service.
Import Key service, Export Key service, Authentication CO service256 bitsKTS AES-GCMInternally generated by using Key Derivation service.Stored in the SRAM/ OTP in plaintext.Entry: N/A (Entered into the module from TOEPP CM hardware via Single-Chip TOEPP Path) Imported by the Import Key service. Export: N/A (Output from the module to TOEPP CM hardware via Single-Chip TOEPP Path) Exported in encrypted format by the Export Key service.Key Wrap KeyZeroised by Delete Key service, Clear OTP service or Delete All Keys service.
Random Number Generator Configuration serviceDRBGObtained from ENT by Random Number Generator Configuration service.DRBG Entropy Input
Random Number Generator Configuration serviceDRBGObtained from ENT by Random Number Generator Configuration service.DRBG Nonce Input
Random Number Generator Configuration service Random Number Generation serviceDRBGDerived from entropy string as defined by [SP800-90A].Stored in the SRAM in plaintext.DRBG Internal StateZeroised by Delete All Keys service.
Symmetric Encryption/ Decryption service128 bits 192 bits 256 bitsAES-ECBInternally generated by using Key Derivation service.Stored in the SRAM/ OTP in plaintext.Entry: N/A (Entered into the module from TOEPP CM hardware via Single-Chip TOEPP Path) Imported by the Import Key service. Export: N/A (Output from the module to TOEPP CM hardware via Single-Chip TOEPP Path)AES-ECB KeyZeroised by Delete Key service, Clear OTP service or Delete All Keys service.
Symmetric Encryption/ Decryption service128 bits 192 bits 256 bitsAES-CBCInternally generated by using Key Derivation service.Stored in the SRAM/ OTP in plaintext.Entry: N/A (Entered into the module from TOEPP CM hardware via Single-Chip TOEPP Path) Imported in plaintext or encrypted format by the Import Key service. Export: N/A (Output from the module to TOEPP CM hardware via Single-Chip TOEPP Path) Exported in encrypted format by the Export Key service.AES-CBC KeyZeroised by Delete Key service, Clear OTP service or Delete All Keys service.
Symmetric Encryption/ Decryption service128 bits 192 bits 256 bitsAES-CTRInternally generated by using Key Derivation service.Stored in the SRAM/ OTP in plaintext.Entry: N/A (Entered into the module from TOEPP CM hardware via Single-Chip TOEPP Path) Imported in plaintext or encrypted format by the Import Key service. Export: N/A (Output from the module to TOEPP CM hardware via Single-Chip TOEPP Path) Exported in encryptedAES-CTR KeyZeroised by Delete Key service, Clear OTP service or Delete All Keys service.
Symmetric Encryption/ Decryption with Authentication service128 bits 192 bits 256 bitsAES-GCMInternally generated by using Key Derivation service.Stored in the SRAM/OTP in plaintext.Entry: N/A (Entered into the module from TOEPP CM hardware via Single-Chip TOEPP Path) Imported in plaintext or encrypted format by the Import Key service. Export: N/A (Output from the module to TOEPP CM hardware via Single-Chip TOEPP Path) Exported in encrypted format by the Export Key service.AES-GCM KeyZeroised by Delete Key service, Clear OTP service or Delete All Keys service.
Symmetric Encryption/ Decryption with Authentication service128 bits 192 bits 256 bitsAES-CCMInternally generated by using Key Derivation service.Stored in the SRAM/OTP in plaintext.Entry: N/A (Entered into the module from TOEPP CM hardware via Single-Chip TOEPP Path) Imported in plaintext or encrypted format by the Import Key service. Export: N/A (Output from the module to TOEPP CM hardware via Single-Chip TOEPP Path) Exported in encrypted format by the Export Key service.AES-CCM KeyZeroised by Delete Key service, Clear OTP service or Delete All Keys service.
XTS-shell Enable service AES-XTS Encryption/ Decryption service256 bitsAES-XTSInternally generated by using Key Derivation service.Stored in the SRAM/OTP /XTS-shell in plaintext.Entry: N/A (Entered into the module from TOEPP CM hardware via Single-Chip TOEPP Path) Imported in plaintext or encrypted format by the Import Key service. Export: N/A (Output from the module to TOEPP CM hardware via Single-Chip TOEPP Path) Exported in encrypted format by the Export Key service.AES-XTS KeyZeroised by Delete Key service, Clear OTP service, Delete All Keys service, XTS-shell Disable service and Sleep service.
MAC service128 bits 192 bits 256 bitsHMAC- SHA1 HMAC- SHA- 224 HMAC- SHA- 256 HMAC- SHA- 384 HMAC- SHA- 512 HMAC- SHA- 512/224 HMAC- SHA-Internally generated by using Key Derivation service.Stored in the SRAM/OTP in plaintext.Entry: N/A (Entered into the module from TOEPP CM hardware via Single-Chip TOEPP Path) Imported in plaintext or encrypted format by the Import Key service. Export: N/A (Output from the module to TOEPP CM hardware via Single-Chip TOEPP Path) Exported in encrypted format by the Export Key service.HMAC KeyZeroised by Delete Key service, Clear OTP service or Delete All Keys service.
MAC service128 bits 192 bits 256 bitsAES-CMACInternally generated by using Key Derivation service.Stored in the SRAM/OTP in plaintext.Entry: N/A (Entered into the module from TOEPP CM hardware via Single-Chip TOEPP Path) Imported in plaintext or encrypted by the Import Key service. Export: N/A (Output from the module to TOEPP CM hardware via Single-Chip TOEPP Path) Exported in encrypted format by the Export Key service.AES- CMAC KeyZeroised by Delete Key service, Clear OTP service or Delete All Keys service.
RSA-PKCS #1 v1.5 Sign service, RSA- PSS Sign service112 bits 128 bitsRSAStored in the SRAM in plaintext.Entry: N/A (Entered into the module from TOEPP CM hardware via Single-Chip TOEPP Path) Imported in plaintext or encrypted format by the Import Key service. Export: N/A (Output from the module to TOEPP CM hardware via Single-Chip TOEPP Path) Exported in encrypted format by the Export Key service.RSA Private KeyZeroised by Delete Key service or Delete All Keys service.
RSA-PKCS #1 v1.5 Sign service, RSA- PKCS #1 v1.5 Verify service, RSA-PSS Sign service, RSA- PSS Verify serviceRSAEntry: N/A (Entered into the module from TOEPP CM hardware via Single-Chip TOEPP Path) Imported in plaintext by the RSA-PKCS #1 v1.5 Sign service, RSA- PKCS #1 v1.5 Verify service, RSA-PSS Sign service and RSA-PSS Verify service.RSA Public Key
ECDSA Sign service, ECC multiplication service128 bits 192 bitsECDSAInternally generated by using Key Derivation service.Stored in the SRAM/OTP in plaintext.Entry: N/A (Entered into the module from TOEPP CM hardware via Single-Chip TOEPP Path) Imported in plaintext or encrypted format by the Import Key service. Export: N/A (Output from the module to TOEPP CM hardware via Single-Chip TOEPP Path) Exported in encrypted format by the Export Key service.ECDSA Private KeyZeroised by Delete Key service, Clear OTP service or Delete All Keys service.
Authentication CO service, ECDSA Verify service, ECC multiplication service, ECC Public KeyECDSAInternally generated by using Key Derivation service or ECC multiplicationEntry: N/A (Entered into the module from TOEPP CM hardware via Single-Chip TOEPP Path) Imported in plaintext by the AuthenticationECDSA Public Key
Verification serviceservice.CO service, ECDSA Verify service and ECC Public Key Verify service.
ECC CDH Key Agreement service, ECC multiplication service128 bits 192 bitsECC CDHInternally generated by using Key Derivation service.Stored in the SRAM/OTP in plaintext.Entry: N/A (Entered into the module from TOEPP CM hardware via Single-Chip TOEPP Path) Imported in plaintext or encrypted format by the Import Key service. Export: N/A (Output from the module to TOEPP CM hardware via Single-Chip TOEPP Path) Exported in encrypted format by the Export Key service.ECDH Private KeyZeroised by Delete Key service, Clear OTP service or Delete All Keys service.
ECC CDH Key Agreement service, ECC Public Key Verification serviceECC CDHInternally generated by using Key Derivation service or ECC multiplication service.Entry: N/A (Entered into the module from TOEPP CM hardware via Single-Chip TOEPP Path) Imported in plaintext by the Authentication CO service, ECC CDH Key Agreement service and ECC Public Key Verify service.ECDH Public Key
Export Key service Shared Secret is re- registered as Key Derive Key and then a registration as Shared Secret is cleared by Export Key service.128 bits 192 bitsInternally generated by ECC CDH Key Agreement service.Stored in the SRAM in plaintext.Shared SecretZeroised by Delete Key service, Delete All Keys service or Export Key service.
Crypto Officer authentication32 bitsStored in the OTP in plaintext.Entry: N/A (Entered into the module from TOEPP CM hardware via Single-Chip TOEPP Path) Imported in plaintext by the Provisioning service and Export: N/A (Output from the module to TOEPP CM hardware via Single- Chip TOEPP Path) Exported in plaintext by Authentication CO service.Crypto Officer PasswordZeroised by Delete All Keys service.
User authentication32 bitsStored in the SRAM in plaintext.Entry: N/A (Entered into the module from TOEPP CM hardware via Single-Chip TOEPP Path) Imported in plaintext by the by Register User service.User PasswordZeroised by Delete All Keys service.

MFP Cryptographic Module(B) 9. Sensitive Security Parameter Management 9.1. Sensitive Security Parameters The following table summarizes the strength, generation, import, export, storage, zeroization and uses of Keys and SSPs that are used by the cryptographic services implemented in the module. Table 9-1 SSPs -

2025 KYOCERA Document Solutions Inc.
Page 35
2025 KYOCERA Document Solutions Inc.
Page 36
2025 KYOCERA Document Solutions Inc.
Page 37
2025 KYOCERA Document Solutions Inc.
Page 38

MFP Cryptographic Module(B) HMACSHA2025 KYOCERA Document Solutions Inc. Page 38

Page 39
2025 KYOCERA Document Solutions Inc.
Page 40
2025 KYOCERA Document Solutions Inc.
Page 41
2025 KYOCERA Document Solutions Inc.
Page 42
2025 KYOCERA Document Solutions Inc.
Page 43
Entropy sourcesMinimum number of bitsDetails
of entropy
ENT(P) inside the module0.75ENT(P) is used only as an entropy source.

MFP Cryptographic Module(B) 9.2. Random Number Generation The module uses the HASH_DRBG for following purposes.: Generation a random number which is output by Random Number Generation service, Generation Key Derive key, Generation ECDSA and ECDH Private Key, Generation AES-GCM Encryption IV used as KTS, and Generation a secret random number for use the signature generation process of ECDSA and RSA-PSS. The inputs to the HASH_DRBG, that is the entropy input and the nonce input, are random bits which are collected from the ENT that consists of a series of ring oscillators. The ENT specification is listed in the table below. The minimum size of the entropy input and nonce input is 256 bits and 0 bits respectively. Therefore, in this case, Min-entropy of the seed (the entropy and the nonce) is approximately 183-bits (=

256 * 0.75) at least. The module generates SSPs whose strengths are modified by available entropy.

However, it is recommended that the size of the nonce is more than half of the entropy input (i.e., more than 128-bits) as security cushion. In this case, approximately 288-bits of security strength is provided for the HASH_DRBG at least. Table 9-2 Non-Deterministic Random Number Generator Specification

2025 KYOCERA Document Solutions Inc.
Page 44
TargetTest
ROM Firmware32-bits CRC Check of the boot firmware in ROM
RAM Firmware32-bits CRC Check of the main firmware which is loaded from the memory outside of the module.
FunctionSelf test typeOperatorFailure behavior
AES ECB encryption with 128 bits keyKATThe module enters the Error state.
AES ECB decryption with 128 bits keyKATThe module enters the Error state.
ECDSA Signature Verification (P-256)KATThe module enters the Error state.
FunctionSelf test typeOperatorFailure behavior
AES-ECB encryption with 128 bits keyKATThe module enters the Error state.
AES-ECB decryption with 128 bits keyKATThe module enters the Error state.

MFP Cryptographic Module(B) 10. Self-Tests 10.1. Pre-operational self-tests Pre-operational self-tests consist of integrity tests. Pre-operational self-tests are specified individually for 10.1.1. Integrity Tests The following table shows the list of integrity tests that is part of the pre-operational self-test of the Table 10-1 Integrity Test If the integrity test fails, the module enters the Error state. When command result bit 31 is 1, it indicates an error due to the integrity test failure, and the return value of the Status Check service is 0x00008000 10.2. Conditional Self-Tests The module performs conditional self-tests. Conditional self-tests consist of the cryptographic algorithm tests and the other tests. 10.2.1. Cryptographic Algorithm Tests The cryptographic algorithm tests for ROM Firmware can be performed by applying the reset, and the cryptographic algorithm test for RAM Firmware except for AES-XTS encryption/decryption KAT can be performed by successfully loading the firmware in Authentication CO service. AES-XTS encryption/decryption KAT can be performed by invoking XTS-shell enable service when the XTS-shell is disabled. Table 10-2 Cryptographic Algorithm Test for ROM Firmware Table 10-3 Cryptographic Algorithm Test for RAM Firmware

2025 KYOCERA Document Solutions Inc.
Page 45
AES-CBC encryption with 128 bits keyKATThe module enters the Error state.
AES-CBC decryption with 128 bits keyKATThe module enters the Error state.
HMAC SHA-1KATThe module enters the Error state.
HMAC SHA-256KATThe module enters the Error state.
HMAC SHA-512KATThe module enters the Error state.
AES-CMACKATThe module enters the Error state.
RSA Signature Generation (PKCS#1_v1.5, 2048bits)KATThe module enters the Error state.
RSA Signature Verification (PKCS#1_v1.5, 2048bits)KATThe module enters the Error state.
ECDSA Signature Generation (P-256)KATThe module enters the Error state.
ECDSA Signature Verification (P-256)KATThe module enters the Error state.
ECC Cofactor Diffie-Hellman Primitive “Z” Computation (P-256)KATThe module enters the Error state.
DRBGKATThe module enters the Error state.
KDF in Counter Mode using HMAC-SHA-256KATThe module enters the Error state.
FunctionSelf test typeOperatorFailure behavior
AES-XTS encryption with 256 bits keyKATThe module enters the Error state.
AES-XTS decryption with 256 bits keyKATThe module enters the Error state.

MFP Cryptographic Module(B) Table 10-4 AES-XTS Cryptographic Algorithm Test for RAM Firmware If KAT fails, the module enters the Error state. When command result bit 31 is 1, it indicates an error due to KAT failure, and the return value of Status Check service is 0x00008000 indicating the Error state. 10.2.2. Other Conditional Self-Tests The conditional self-tests are performed in the following cases. (1) When firmware load service is executed ECDSA Signature Verification with ECDSA P-256 as Firmware load test for the loaded firmware image is performed. If the Firmware load test fails, the module enters the Error state. The error code of 0x80000020 or 0x80000022 indicates an error due to a public key hash digest mismatch or a signature verification failure, respectively. (2) When Random Number Generator Configuration service is executed A Repetition Count Test (RCT) and an Adaptive Proportion Test (APT) are performed as a startup health-test, whenever the DRBG is seeded. If RCT or APT fails, the module enters the Error state. The error code being 0x8000002c indicates an error due to startup health-test failure.

2025 KYOCERA Document Solutions Inc.
Page 46

MFP Cryptographic Module(B) (3) When key derivation service is executed for ECDSA and ECDH A pair-wise consistency test on asymmetric keys generated for either ECDSA or ECDH is performed. If the conditional self-test fails, the module enters the pairwise consistency test error state. Error code being 0x80000026 indicates an error due to the pairwise consistency test failure.

2025 KYOCERA Document Solutions Inc.
Page 47

MFP Cryptographic Module(B) 11. Life-cycle Assurance 11.1. Crypto Officer Guidance The following descriptions are the services for startup the module, which are invoked by Crypto Officer. Assumptions regarding user behavior that is relevant to the secure operation of the module are described in Section 11.2. Delivery and Installation The module in the silicon chip manufactured by the vendor is delivered thorough a trusted delivery courier. When the administrator receives the chip, they shall check whether the package is disclosed or not before installation. Initialization Procedure The initialization procedure is referred to as Provisioning. If Provisioning has not been invoked yet, the administrator shall initialize the module. Initialization service is invoked only one time. In Provisioning, the module authenticates the administrator with default Crypto Officer ID and Password, and administrator shall update Crypto Officer ID and Password and enter followings.

2025 KYOCERA Document Solutions Inc.
Page 48

MFP Cryptographic Module(B) 11.2. User Guidance ● The Shared Secret which is output of Export Key service shall be managed properly by a user. ● In order to meet the FIPS 140-3 IG 2.3.B requirement, a user shall not input any keys in plaintext, if those are input directly from outside of the cryptographic physical boundary. ● If AES-GCM IVs are deterministically generated by the module using the protocol such as TLS, IPsec and MACsec, a user shall generate the IV to meet the requirement per the FIPS140-3 IG C.H. Case

  1. In this case, the IVs shall be constructed in compliance with the provisions of a peerto-peer industry standard protocol. And if the IVs are generated regardless of the protocols, the IVs shall be generated as required per IG C.H. Case
  2. In this case, the 96 bits IV provided from inside of the Kyocera SCH134 SoC but the outside of the module shall include an encoding of the module name. The name field shall allow for at least 232 different names. ● The size of the nonce that is input to the HASH_DRBG should be more than half of the size of the entropy input.
  3. Mitigation of Other Attacks The module has not been designed to mitigate any specific attacks outside the scope of FIPS 140-3 requirements.
2025 KYOCERA Document Solutions Inc.

Referenced URLs