All modules
CMVP Validated Module · FIPS 140-3 Security Policy

ID-One PIV 243 in NPIVP & CIV Configurations

Certificate#5024StandardFIPS 140-3Level2TypeHardwareEmbodimentSingle ChipStatusActiveVendorIDEMIA
Medium review priority  ·  exposes HSM/SE firmware trust anchor  ·  last validated 13 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level2
Module typeHardware
EmbodimentSingle Chip
StatusActive
Sunset date6/8/2030
CaveatNone
VendorIDEMIA

Approved Algorithms (24)

AlgorithmACVP Cert
AES-CBCA4945
AES-CMACA4945
AES-ECBA4945
Counter DRBGA4945
ECDSA KeyGen (FIPS186-4)A4945
ECDSA KeyVer (FIPS186-4)A4945
ECDSA SigGen (FIPS186-4)A4945
ECDSA SigVer (FIPS186-4)A4945
HMAC-SHA-1A4945
HMAC-SHA2-256A4945
HMAC-SHA2-512A4945
KAS-ECC CDH-Component (CVL)A4945
KAS-ECC Sp800-56Ar3A4945
KDF SP800-108A4945
RSA Decryption Primitive Sp800-56Br2 (CVL)A4945
RSA KeyGen (FIPS186-4)A4945
RSA SigGen (FIPS186-4)A4945
RSA Signature Primitive (CVL)A4945
RSA SigVer (FIPS186-4)A4945
SHA-1A4945
SHA2-224A4945
SHA2-256A4945
SHA2-384A4945
SHA2-512A4945

Security Levels (Table 1)

Requirement areaLevel
Cryptographic Module Specification2
Cryptographic Module Interfaces3
Roles, Services, and Authentication4
Software/Firmware Security5
Operational Environment6
Physical Security7
Self-Tests1
Life-Cycle Assurance1
Mitigation of Other Attacks1

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for ID-One PIV 243 in NPIVP & CIV Configurations
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C2["[high] Firmware update / recovery<br/>/ rollback services<br/><i>Manage SD Keys and PIV Global Reference Data<br/>Manage SD Data<br/>Personaliz e PIV Data (Cleartext )</i>"]
    C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>NPIVP (612431XX00)<br/>CIV+ FIPS (612432XX10)<br/>AES-ECB</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>HTTPS<br/>no library/version identified</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I2["Trusted code is reachable<br/>through update and<br/>recovery paths."]
    I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E2["update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C2,C3,C5,C6 clue;
  class I2,I3,I5,I6 infer;
  class R2,R3,R5,R6 risk;
  class E2,E3,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for ID-One PIV 243 in NPIVP & CIV Configurations
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C2["[high] Firmware update / recovery / rollback services<br/><i>Manage SD Keys and PIV Global Reference Data<br/>Manage SD Data<br/>Personaliz e PIV Data (Cleartext )</i><br/>src: securityPolicy.services"]
    C3["[high] Unauthenticated / self-test / status service surface<br/><i>NPIVP (612431XX00)<br/>CIV+ FIPS (612432XX10)<br/>AES-ECB</i><br/>src: securityPolicy.services"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>HTTPS<br/>no library/version identified</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C2,C3 clueHigh;
  class C5,C6 clueLow;

Security Policy, page by page

Page 1

IDEMIA ID-One PIV 243 in NPIVP & CIV Configurations Document Version 1.3 Last update: 2025-05-14 Prepared by: atsec information security corporation

4516 Seton Center Parkway, Suite 250

Austin, TX 78759 www.atsec.com © 2025 IDEMIA / atsec information security.

Page 2

ID-One PIV 243 Table of Contents © 2025 IDEMIA / atsec information security.

Page 3

ID-One PIV 243 © 2025 IDEMIA / atsec information security.

Page 4

ID-One PIV 243 List of Tables List of Figures © 2025 IDEMIA / atsec information security.

Page 5
Security level
NameISO SectionRequirementLevel
11General2
22Cryptographic module specification2
33Cryptographic module interfaces2
44Roles, services, and authentication3
55Software/Firmware security2
66Operational environmentN/A
77Physical security3
88Non-invasive securityN/A
99Sensitive security parameter management2
1010Self-tests3
1111Life-cycle assurance3
1212Mitigation of other attacks3
Overall LevelOverall Level2
1.1 Overview

This document defines the Security Policy for the ID-One PIV 243 cryptographic module from IDEMIA when configured by IDEMIA in FIPS 140-3 Level 2 mode of operation, and hereafter denoted the module. The module, validated to FIPS 140-3 overall Security Level 2, is a single chip module implementing the Global Platform operational environment, with Card Manager and ID-One PIV 243 Applet.

1.2 Security Levels

The FIPS 140-3 security levels for the module are as follows: N/A N/A Table 1: Security Levels © 2025 IDEMIA / atsec information security.

Page 6
2 Cryptographic Module Specification
2.1 Description

Purpose and Use: The ID-One PIV 243 in NPIVP & CIV Configurations module implements cryptographic services for the Global Platform operational environment, with Card Manager and ID-One PIV Applet. Module Type: Hardware Module Embodiment: SingleChip Cryptographic Boundary: The module is designed to be embedded into a plastic card body, with a contact plate and/or contactless antenna connections, or in a USB token or other standard IC packaging, such as SOIC, QFN or MicroSD. The physical form of the module is depicted in Figure 1 below. The cryptographic boundary of the module is the surface and edges of the die and associated bond pads for the module's interfaces, shown as circles in the figure. See Table 12: Ports and Interfaces for the function of each interface. Figure 1: Depiction of Physical Form © 2025 IDEMIA / atsec information security.

Page 7

ID-One PIV 243 Figure 2: Block Diagram Section 4 describes applet functionality in greater detail. The JavaCard and Global Platform APIs are internal interfaces available only to applets. Only applet services are available at the card edge (the interfaces that cross the cryptographic boundary). In the figure above, the Security Domain Verifier prevents loading an unauthorized (unsigned) code package into the module and does not provide separate services. The POST application provides on-demand execution of the conditional Cryptographic Algorithms Self-Test (CAST) and the MSFT PNP application provides identification of the associated minidriver when the module is used within a Microsoft Windows Environment. All code is executed from ROM and NVM. The chip family provides accelerators for AES, RSA, ECC, CRC and an SP800-90B ESV. The communications options for contact and contactless configurations are present in the physical circuitry of all members of the processor family but are selectively enabled during module manufacturing. © 2025 IDEMIA / atsec information security.

Page 8
Module configuration
NameModelHardware VersionFirmware VersionProcessorFeatures
Cosmo X FIPSCosmo X FIPS09A4D1418424 (612431XX00, 612432XX00, 612432XX10)32-bit Arm®Contact-Only, Contactless-Only or Dual Interface
Service
NameDescriptionIndicatorType
NPIVP (612431XX00)The NPIVP (NIST Personal Identity Verification Program) configuration is FIPS 201-3 compliant and designed to be used by US Federal Agencies for PIV and PIV-I Cards.The indicator of mode of operations of a given ID-One PIV instance can be retrieved at any time using the READ BINARY command (PIV Info Unauthenticated service) on its Elementary file (EF) with SFI=01. The module will return "Running in FIPS140-3 Level 2 Mode of Operations" in ASCIIApproved
CIV FIPS (612432XX00)The CIV FIPS is the configuration for CommercialThe indicator of mode of operations of a given ID-One PIVApproved
2.2 Tested and Vendor Affirmed Module Version and Identification

Tested Module Identification

2.3 Excluded Components

There are no components within the cryptographic boundary excluded from the FIPS 140-3 requirements.

2.4 Modes of Operation

Modes List and Description: © 2025 IDEMIA / atsec information security.

Page 9
Service
NameDescriptionRole AccessInput
CIV+ FIPS (612432XX10)ApprovedThe CIV+ configuration is the CIV configuration with an additional instance of the ID- One PIV® applet, called "eStickers", for additional data and keys outside of HSPD#12 interoperability requirements specified by FIPS 201.The indicator of mode of operations of a given ID-One PIV instance can be retrieved at any time using the READ BINARY command (PIV Info Unauthenticated service) on its Elementary file (EF) with SFI=01. The module will return "Running in FIPS140-3 Level 2 Mode of Operations" in ASCII
Approved algorithm
NameCAVP CertPropertiesReference
AES-CBCA4945Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CMACA4945Direction - Generation Key Length - 192, 256SP 800-38B
AES-ECBA4945Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
Counter DRBGA4945Prediction Resistance - No Mode - AES-256 Derivation Function Enabled - YesSP 800-90A Rev. 1
ECDSA KeyGen (FIPS186-4)A4945Curve - P-224, P-256, P-384, P-521 Secret Generation Mode - Testing CandidatesFIPS 186-4
ECDSA KeyVer (FIPS186-4)A4945Curve - P-224, P-256, P-384, P-521FIPS 186-4
ECDSA SigGen (FIPS186-4)A4945Component - No, Yes Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2- 256, SHA2-384, SHA2-512FIPS 186-4
ECDSA SigVer (FIPS186-4)A4945Component - No, Yes Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2- 256, SHA2-384, SHA2-512FIPS 186-4
HMAC-SHA-1A4945Key Length - Key Length: 8-1016 Increment 8FIPS 198-1
HMAC-SHA2-256A4945Key Length - Key Length: 8-1016 Increment 8FIPS 198-1
HMAC-SHA2-512A4945Key Length - Key Length: 8-1016 Increment 8FIPS 198-1
KAS-ECC CDH-Component (CVL)A4945Function - Key Pair Generation Curve - P-256, P-384, P-521SP 800-56A Rev. 3
KAS-ECC Sp800-56Ar3A4945Domain Parameter Generation Methods - P-256, P-384, P-521 Function - Key Pair Generation Scheme - onePassDh - KAS Role - Responder KDF Methods - oneStepKdf - Key Length - 1024SP 800-56A Rev. 3
KDF SP800-108A4945KDF Mode - Counter Supported Lengths - Supported Lengths: 64, 256SP 800-108 Rev. 1
RSA Decryption Primitive Sp800-56Br2 (CVL)A4945SP 800-56B Rev. 2
RSA KeyGen (FIPS186-4)A4945Key Generation Mode - B.3.6 Modulo - 2048, 3072, 4096FIPS 186-4
RSA SigGen (FIPS186-4)A4945Signature Type - PKCSPSS Modulo - 2048, 3072, 4096FIPS 186-4
RSA Signature Primitive (CVL)A4945Private Key Format - crtFIPS 186-4
RSA SigVer (FIPS186-4)A4945Signature Type - PKCSPSS Modulo - 1024, 2048, 3072, 4096FIPS 186-4
SHA-1A4945Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1FIPS 180-4
SHA2-224A4945Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1FIPS 180-4
SHA2-256A4945Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1FIPS 180-4
SHA2-384A4945Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1FIPS 180-4
SHA2-512A4945Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1FIPS 180-4

Table 3: Modes List and Description The mode of operation is defined by IDEMIA during manufacturing and cannot be changed. The module does not allow the changing of modes after manufacturing.

2.5 Algorithms

Approved Algorithms: The module only implements approved algorithms and does not implement any non-approved algorithms. Therefore, the module only has approved mode of operation. © 2025 IDEMIA / atsec information security.

Page 10

ID-One PIV 243 © 2025 IDEMIA / atsec information security.

Page 11
Service
NameProperties
CKGHMAC:112 to 1016 bits AES keys:128, 192, 256 bit keys Generated by:CTR DRBGID-One Cosmo X FIPSSP800-133r2

ID-One PIV 243 Table 4: Approved Algorithms Vendor-Affirmed Algorithms: Table 5: Vendor-Affirmed Algorithms Non-Approved, Allowed Algorithms: N/A for this module. © 2025 IDEMIA / atsec information security.

Page 12
Service
NameDescriptionApproved FunctionsTypeProperties
RSADPRSA decryption primitiveRSA decryption primitive with 1024-bit modulus allowed per iG 2.4.A
AES-ECBSymmetric encryption and DecryptionAES-ECB: (A4945)BC-UnAuthKey Size:128, 192, 256 bits Key Strength:128, 192, 256 bits
AES-CBCSymmetric encryption and DecryptionAES-CBC: (A4945)BC-UnAuthKey Size:128, 192, 256 bits Key Strength:128, 192, 256 bits
AES-CMACMessage Authentication CodeAES-CMAC: (A4945)MACKey Size:128, 192, 256 bits Key Strength:128, 192, 256 bits
CTR DRBGCTR_DRBG using AES-256Counter DRBG: (A4945)DRBGDerivation Function:Enabled Prediction Resistance:No Key Size:256 bits Key Strength:256 bits
ECDSA keyGenECDSA key generation using Testing CandidatesECDSA KeyGen (FIPS186- 4): (A4945)AsymKeyPair -KeyGen CKGCurves:P-224, P- 256, P-384, P-521 Strength:112, 128, 192, 256 bits
ECDSA keyVerECDSA key verificationECDSA KeyVer (FIPS186- 4): (A4945)AsymKeyPair -KeyVerCurves:P-224, P- 256, P-384, P-521 Strength:112, 128, 192, 256 bits
Service
NameDescriptionApproved FunctionsTypeProperties
RSADPRSA decryption primitiveRSA decryption primitive with 1024-bit modulus allowed per iG 2.4.A
AES-ECBSymmetric encryption and DecryptionAES-ECB: (A4945)BC-UnAuthKey Size:128, 192, 256 bits Key Strength:128, 192, 256 bits
AES-CBCSymmetric encryption and DecryptionAES-CBC: (A4945)BC-UnAuthKey Size:128, 192, 256 bits Key Strength:128, 192, 256 bits
AES-CMACMessage Authentication CodeAES-CMAC: (A4945)MACKey Size:128, 192, 256 bits Key Strength:128, 192, 256 bits
CTR DRBGCTR_DRBG using AES-256Counter DRBG: (A4945)DRBGDerivation Function:Enabled Prediction Resistance:No Key Size:256 bits Key Strength:256 bits
ECDSA keyGenECDSA key generation using Testing CandidatesECDSA KeyGen (FIPS186- 4): (A4945)AsymKeyPair -KeyGen CKGCurves:P-224, P- 256, P-384, P-521 Strength:112, 128, 192, 256 bits
ECDSA keyVerECDSA key verificationECDSA KeyVer (FIPS186- 4): (A4945)AsymKeyPair -KeyVerCurves:P-224, P- 256, P-384, P-521 Strength:112, 128, 192, 256 bits
ECDSA sigGenECDSA Digital Signature GenerationECDSA SigGen (FIPS186- 4): (A4945)DigSig- SigGenMessage Digest:SHA2-224, SHA2-256, SHA2- 384, SHA2-512 Curves:P-224, P- 256, P-384, P-521 Strength:112, 128, 192, 256 bits
ECDSA sigGen componentECDSA Digital Signature Generation ComponentECDSA SigGen (FIPS186- 4): (A4945)DigSig- SigGenCurves:P-224, P- 256, P-384, P-521 Strength:112, 128, 192, 256 bits
ECDSA sigVerECDSA Digital Signature VerificationECDSA SigVer (FIPS186- 4): (A4945)DigSig- SigVerMessage Digest:SHA2-224 Curves:P-224, P- 256, P-384, P-521 Strength:112, 128, 192, 256 bits
KAS-ECCECDH Key Agreement SchemeKAS-ECC Sp800- 56Ar3: (A4945)KAS-FullScheme:onePassD h KDF Method:oneStepKd f Curves:P-256, P- 384, P-521 Strength:128, 192, 256 bits
KAS-ECC CDH ComponentECDH ComponentKAS-ECC CDH- Component : (A4945)KAS-SSCCurves:P-224, P- 256, P-384, P-521 Strength:112, 128, 192, 256 bits
RSA keyGenRSA Key GenerationRSA KeyGen (FIPS186- 4): (A4945)AsymKeyPair -KeyGen CKGGeneration Method:A.1.6 Probable Primes with conditions based on Auxiliary Probable Primes Key Size:2048, 3072, 4096 bits Key Strength:112, 128, 150 bits
RSA sigGenRSA Digital Signature GenerationRSA SigGen (FIPS186- 4): (A4945)DigSig- SigGenScheme:PSS Key Size:2048, 3072, 4096 bits Key Strength:Strength: 112, 128, 150 bits
RSA sigPrimRSA Digital Signature Generation primitiveRSA Signature Primitive: (A4945)DigSig- SigGenKey Size:2048, 3072, 4096 bits Key Strength:112, 128, 150 bits
RSA sigVerRSA Digital Signature VerificationRSA SigVer (FIPS186- 4): (A4945)DigSig- SigVerScheme:PSS using SHA2-256 Key Size:2048 bits Key Strength:112 bits
RSA Decryption PrimitiveRSA decryption primitiveRSA Decryption Primitive Sp800- 56Br2: (A4945) RSADP: ()KTS-WrapKey Size:2048, 3072, 4096 bits Key Strength:112, 128, 150 bits Key Size (RSADP):1024 bits with no security claim
HMACMessage Authentication Code using HMAC with SHAHMAC-SHA- 1: (A4945) HMAC- SHA2-256: (A4945) HMAC- SHA2-512: (A4945)MACKey Size:112 to 1016 bits Key Strength:112 to 1016 bits
KBKDF SP 800-108Key Based Key Derivation with CounterKDF SP800- 108: (A4945)KBKDFFixed Data Order:Middle Fixed Data Key Size:128, 192, 256 bits Key Strength:128, 192, 256 bits
SHAMessage Digest Generation using SHA-1, SHA2-224,SHA-1: (A4945) SHA2-224:SHA
SHA2-256, SHA2- 384, SHA2-512SHA2-256, SHA2- 384, SHA2-512(A4945) SHA2-256: (A4945) SHA2-384: (A4945) SHA2-512: (A4945)
KTS (AES + HMAC) key wrapping/unwrappin gSymmetric key wrapping/unwrappin gAES-CBC: (A4945) AES-CMAC: (A4945) AES-ECB: (A4945)KTS-WrapKey Size:128, 192, 256 bits Key Strength:128, 192, 256 bits

ID-One PIV 243 Non-Approved, Allowed Algorithms with No Security Claimed: Table 6: Non-Approved, Allowed Algorithms with No Security Claimed Non-Approved, Not Allowed Algorithms: N/A for this module.

2.6 Security Function Implementations

s (FIPS1864): (A4945) (FIPS1864): (A4945) © 2025 IDEMIA / atsec information security.

Page 13

ID-One PIV 243 s DigSigSigGen (FIPS1864): (A4945) DigSigSigGen (FIPS1864): (A4945) DigSigSigVer (FIPS1864): (A4945) h f Sp80056Ar3: CDHComponent (FIPS1864): (A4945) © 2025 IDEMIA / atsec information security.

Page 14

ID-One PIV 243 s DigSigSigGen (FIPS1864): (A4945) DigSigSigGen DigSigSigVer (FIPS1864): (A4945) Sp80056Br2: HMACSHA2-256: HMACSHA2-512: KDF SP800108: © 2025 IDEMIA / atsec information security.

Page 15

ID-One PIV 243 g g s Table 7: Security Function Implementations

2.7 Algorithm Specific Information

Compliance to SP 800-56ARev3 assurances For KAS-ECC, the module satisfies IG D.F Scenario 2 path (2) (i.e., tested compliance with One Pass DH key agreement schemes followed by the derivation of the key as shown in Section 5.8 of SP 800-56Arev3). The key derivation function complies to SP 800-56C rev2 (i.e., One-Step KDF). Furthermore, the module obtained the appropriate assurances, as required in Sections 5.6.2 of SP 800-56A rev3.

5.6.2.1 Assurances Required by a Key Pair Owner:

5.6.2.1.1 Owner Assurance of Correct Generation: The module performs key generation for

ephemeral keys. Using the key generation algorithm validated by the CAVP (ECDSA KeyGen Cert. #A4945). For static keys, a trusted third party (TTP) generates the key pair and securely enters the module using SP800-38F key wrapping (AES + CMAC). The module will perform a pairwise consistency check upon generating ECDH keys.

5.6.2.1.2 Owner Assurance of Private-Key Validity: For ephemeral key pair, the module provides

the assurance since the module generates it. For static key pairs, after receiving the key pair, the module performs a separate check to determine that the private key is in the correct interval.

5.6.2.1.3 Owner Assurance of Public-Key Validity: For both static and ephemeral key pairs, the

module performs a full public-key validation as a separate process from the key-pair generation process.

5.6.2.1.4 Owner Assurance of Pair-wise Consistency: The module performs a pair-wise

consistency test when the module generates ephemeral key pairs and when static key-pairs are entered into the module.

5.6.2.1.5 Owner Assurance of Possession of the Private Key: For ephemeral key pairs, The owner

generates the key pair as specified in Section 5.6.1 and for ephemeral key pairs, the module performs a pair-wise consistency test when the key pairs are entered. © 2025 IDEMIA / atsec information security.

Page 16
5.6.2.2 Assurances Required by a Public Key Recipient

5.6.2.2.1 Recipient’s assurance Static Public-Key Validity: The module makes used of approved

EC curves listed in SP800-140D and performs a successful full public-key validation of the received public key i.e., ECC Full Public-Key Validation Routine specified in SP800-56A rev3 section 5.6.2.3.3.

5.6.2.2.2 Recipient Assurance of Ephemeral Public-Key Validity: Not applicable. The module

generates ephemeral keys and does not ever receive them.

5.6.2.2.3 Recipient’s assurance of owner’s possession of private key can be met via the use of a

Trusted Third party that requires the key confirmation procedure. Both of which are handled by the entity outside of the module that requested the ECDH Key Agreement service from the module. That is, such checks are out of the module's scope.

5.6.2.2.4 Recipient Assurance of the Owner’s Possession of an Ephemeral Private Key: Not

applicable. The module generates ephemeral keys and does not ever receive them.

5.6.2.3 Public Key Validation Routines

The module performs the required public key validation before initiating the handshake following

5.6.2.3.3 ECC Full Public-Key Validation Routine.

Compliance to SP 800-56BRev3 assurances For KTS RSA, the tester verified the implementation satisfies IG D.G by employing an approved RSA-based key transport scheme as specified in SP 800-56Brev2. The following summary of assurances, as defined in Sections 5 and 6 of SP 800-56Brev2: Section 5.1 – The module uses an approved hash function (SHS, Cert. #A4945) for mask generation during RSA-OEAP encryption. Section 5.2 and Section 5.6 – N/A, The module does not implement key confirmation. Section 5.3 - The module uses an approved random bit generator (CTR_DRBG, Cert. #A4945) when generating random values. Section 5.4 and Section 5.5 – N/A, The module does not implement a key agreement scheme (i.e., KAS1). For addition assurances found in its Section 6 (specifically SP800-56Brev2 Section 6.4 Required Assurances):

  1. The entity requesting the RSA key unwrapping (decapsulation) service from the module, shall only use an RSA private key that was generated by an active FIPS validated module that implements FIPS 186-4 compliant RSA key generation service and performs the key pair validity and the pairwise consistency as stated in section 6.4.1.1 of the SP 800-56Brev2. Additionally, the entity shall renew these assurances over time by using any method described in section 6.4.1.5 of the SP 800-56Brev2.
  2. For use of an RSA key wrapping (encapsulation) service in the context of key transport per IG D.G, a) the entity using the module, shall verify the validity of the peer's public key using the public key validation service of the module. b) the entity using the module, shall confirm the peer's possession of private key by using any method specified in section 6.4.2.3 of the SP 800-56Brev2. © 2025 IDEMIA / atsec information security.
Page 17
Sensitive security parameter
NameTypeStrengthOperational EnvironmentConditioning Component
Infineon SLC37 32-bit Security Controller V11 Entropy SourcePhysical32-bit blocks which can be concatenatedSLC37 32-bit Security Controller V1113.376- bits per 32-bit blocknon-vetted conditioning function
CertVendor Name
Number
E107Infineon Technologies AG

ID-One PIV 243 Only after the above assurances are successfully met, shall the entity use the peer's public key to perform the RSA key wrapping (encapsulation) service of the module."

2.8 RBG and Entropy

Table 8: Entropy Certificates Table 9: Entropy Sources RNG Information: The module implements an approved SP 800-90Ar1 Deterministic Random Bit Generator in the form of CTR_DRBG. The DRBG seed is generated from the SP 800-90B

2.9 Key Generation

The module implements key generation services for RSA, ECDSA, EC Diffie-Hellman, and AES keys in compliance to SP800-133rev2 Cryptographic Key Generation (CKG, vendor affirmed).

2.10 Key Establishment

The module provides an approved SP800-56Arev3 EC Diffie-Hellman Key Agreement Scheme that is fully compliant with IG D.F scenario 2 path (2). The module provides an approved SP800-38F Key Transport that is fully compliant to IG D.G i.e., employing an approved key-wrapping technique using a “combination” method: AES-CBC together with an approved authentication method AES-CMAC.

2.11 Industry Protocols

The GP Secure Channel Protocol '03' establishment provides mutual authentication service as well as establishment of a secure channel to protect confidentiality and integrity of the transmitted data. The PIV Secure Messaging protocol defined in SP800-73-4 and ANSI 504-1 establishes a secure channel to protect confidentiality and integrity of transmitted information and allows the off-card entity initiating the PIV Secure Messaging to authenticate the module. Unlike GP Secure Channel, the PIV Secure Messaging does not allow the module to authenticate the off-card entity. © 2025 IDEMIA / atsec information security.

Page 18

ID-One PIV 243 The PIV Secure Messaging protocol conforms to SP800-56A for the establishment of a shared secret and key derivation for session keys. © 2025 IDEMIA / atsec information security.

Page 19
Ports and interfaces
NamePhysical PortLogical InterfaceData That Passes
RST [ISO 7816: Reset] Not available in contactless-only configurationsRST [ISO 7816: Reset] Not available in contactless-only configurationsControl InputNone
CLK [ISO 7816: Clock] Not available in contactless-only configurationsCLK [ISO 7816: Clock] Not available in contactless-only configurationsControl InputNone
I/O [ISO 7816: Input/Output] Not available in contactless-only configurationsI/O [ISO 7816: Input/Output] Not available in contactless-only configurationsData Input Data Output Control Input Status OutputAPDU Command data field; ATR and APDU Response data field; APDU Header (CLA INS P1-P2); Status Word SW1-SW2
LA, LB [ISO 1443: Antenna] (Not available in contact-only configurations)LA, LB [ISO 1443: Antenna] (Not available in contact-only configurations)Data Input Data Output Control Input Status OutputAPDU Command data field; ATR and APDU Response data field; APDU Header (CLA INS P1-P2); Status Word SW1-SW2
Vcc, GND [ISO 7816: Supply voltage] (Not available in contactless-only configurations)Vcc, GND [ISO 7816: Supply voltage] (Not available in contactless-only configurations)PowerNone
3 Cryptographic Module Interfaces
3.1 Ports and Interfaces

Table 10: Ports and Interfaces The module does not implement any control output interface.

3.2 Trusted Channel Specification

The module does not implement a trusted channel. The control interface is inhibited while in the error state without any exceptions. © 2025 IDEMIA / atsec information security.

Page 20
Sensitive security parameter
NameDescriptionStrength
GP Secure Channel Protocol AuthenticationProvides authentication for the CO role1/(2^128)AES-CMAC (A4945)9/(2^128)
PIV Symmetric Key AuthenticationProvides authentication for the PIV Application Administrator1/(2^128)AES-ECB (A4945)9/(2^128)
PIV Secret Value AuthenticationProvides authentication for the user1/((10^6)(11^2)) or 1/((94^6)(95^6))PIN Input15/((10^6)(11^2)) or 15/((94^6)(95^6))
BIO AuthenticationBiometric person authentication On-Card- Comparison (OCC)See section 4.1Biometric authentication using facial, fingerprint, or iris.See section 4.1
4 Roles, Services, and Authentication
4.1 Authentication Methods

On-CardComparison Table 11: Authentication Methods The SD-DAK and SD-DMK keys are used to derive the SC-ENC and SC-C-MAC keys, respectively. The off-card entity participating in the mutual authentication sent a 64-bit challenge to the Smart Card together with the key set version to use. The Smart Card together with the key set version to use. generates its own challenge and computes a 64-bit cryptogram with SC-C-MAC key and both challenges. The Smart Card cryptogram and challenge are sent to the off-card entity which checks the Smart Card cryptogram and creates its own 64-bit cryptogram with both challenges. A 64-bit message authentication code (MAC) is also computed on the command containing the off-card entity cryptogram with AES-CMAC and SC-C-MAC key, the MAC is concatenated to the command, and the command is sent to the Smart Card. The Smart Card checks the message authentication code and compares the received cryptogram to the calculated cryptogram. If all of this succeeds, the two participants are mutually authenticated (the external entity is authenticated to the Module in the CO role). The probability that a random attempt will succeed using this authentication method is:

Page 21

ID-One PIV 243 The module enforces a “slowdown mechanism” that increases the response time between two authentications attempts following a failed authentication, such that no more than nine (9) attempts are possible in a one-minute period. The probability that a random attempt will succeed over a one-minute interval is:

Page 22
Service
NameDescriptionRole AccessCsps AccessedApproved FunctionsIndicatorTypeInputOutput
Crypto OfficerCOIdentityGP Secure Channel Protocol Authentication
PIV Application AdministratorAdministratorIdentityPIV Symmetric Key Authentication PIV Secret Value Authentication
UserUserIdentityPIV Symmetric Key Authentication PIV Secret Value Authentication BIO Authentication
Reset (Show Version)Power cycle or reset the module. Module version information returned in the card Answer to reset (ATR)Unauthenti catedNoneN/AN/AModule ATR (Contact) or ATS (Contactless) that contains configuration information
SelectSelect an application instance.Unauthenti catedNoneN/AAID of Applicatio n to Select.Successful execution status
Run Self- TestsRun all pre- operational andUnauthenti catedAES-ECB CTR DRBG ECDSA sigGenN/A'FFFFFFFFF F' ApplicatioSuccessful execution status

ID-One PIV 243 determined by the user (or six (6) to sixteen (16) if the module was configured during production to support 16-byte PINs). The minimum length of the PIN is 6 bytes and the maximum 8 or 16 bytes depending on configuration. The worst-case scenario permitted by the module is a minimum length of six (6) characters with the Numeric in ASCII character set and a maximum length of eight (8) characters. The character space for the first six (6) bytes in this scenario is 10 (the values ‘30’ through ‘39’ are permitted) and in the last two (2) characters is 11 (the values ‘30’ through ‘39’ and ‘FF’ are permitted). The probability that a random attempt will succeed using this authentication method is:

15 per modality (Fingerprints, Iris, Facial) so the probability that a random attempt will succeed

over a one-minute interval is:

4.2 Roles

© 2025 IDEMIA / atsec information security.

Page 23
Service
NameDescriptionRole AccessCsps AccessedApproved FunctionsIndicatorTypeInputOutput
PIV Application AdministratorAdministratorIdentityPIV Symmetric Key Authentication PIV Secret Value Authentication
UserUserIdentityPIV Symmetric Key Authentication PIV Secret Value Authentication BIO Authentication
Reset (Show Version)Power cycle or reset the module. Module version information returned in the card Answer to reset (ATR)Unauthenti catedNoneN/AN/AModule ATR (Contact) or ATS (Contactless) that contains configuration information
SelectSelect an application instance.Unauthenti catedNoneN/AAID of Applicatio n to Select.Successful execution status
Run Self- TestsRun all pre- operational andUnauthenti catedAES-ECB CTR DRBG ECDSA sigGenN/A'FFFFFFFFF F' ApplicatioSuccessful execution status

ID-One PIV 243 Table 12: Roles The module does not include a maintenance role. The module clears previous authentications on power cycle.

4.3 Approved Services

The following convention is used to specify access rights to SSPs:

Page 24
Service
NameDescriptionRole AccessCsps AccessedApproved FunctionsInputOutput
Get DRBGN/ARetrieve random numbers.Unauthenti cated - OS-DRBG- SEED: G,E - OS-DRBG- STATE: G,ECTR DRBGNumber of bytes or DRBG to retrieve. Up to 252 bytes (2040 bits) of DRBG per commandRequested number of bytes from the DRBG generator
Open PIV Secure Messagin gN/AEstablish a PIV Secure Messaging (SM) communica tions channel.Unauthenti cated - OS-DRBG- SEED: G,E - OS-DRBG- STATE: G,E - SM-C- MAC: G,E - SM-R- MAC: G,E - SM-CFRM: G,E - PIV-SM- PUB: R - PIV-SM: E - SM-ENC: EAES-CBC AES-CMAC KAS-ECCECC keysSecure messaging communicatio n channel established
Open Global Platform Secure ChannelN/AEstablish a Global Platform Secure Communica tions Channel (SC) with MutualCrypto Officer - OS-DRBG- SEED: G,E - OS-DRBG- STATE: G,E - SC-ENC: G,E - SC-C-MAC: G,E - SC-R-MAC:AES-ECB AES-CMAC KBKDF SP 800- 108AES KeysGP Secure Channel established
Authenticat ion.Authenticat ion.G,E - SD-DAK: E - SD-DMK: E - SD-DEK: E
Get Data (Cleartext )N/ARetrieve from the Module data objects transmitted over a plaintext channel.Unauthenti catedNoneTag of the Data Object to Retrieve.Data Object Retrieved and Successful execution status
Get Data (SM)N/ARetrieve from the Module data objects transmitted with PIV Secure Messaging.Unauthenti catedNoneTag of the Data Object to Retrieve for which the AC are satisfiedData Object Retrieved and Successful execution status
Get Data (SC)N/ARetrieve from the Module data objects transmitted through a Global Platform Secure Channel.Unauthenti catedNoneTag of the Data Object to Retrieve for which the AC are satisfiedData Object Retrieved and Successful execution status
Get Data with Attestatio n using RSA (Cleartext )N/ARetrieve from the Module data objects together with its attestation value. TransmitteUnauthenti catedNoneTag of the Data Object to retrieve for which the AC are satisfiedData Object retrieved followed by its attestation and Successful execution status.
Get Data with Attestatio n using RSA (SM)N/ARetrieve from the Module data objects together with its attestation value. Transmitte d with PIV Secure Messaging. Compliant with IG 4.1.A.Unauthenti catedNoneTag of the Data Object to retrieve for which the AC are satisfiedData Object retrieved followed by its attestation and Successful execution status.
Get Data with Attestatio n with RSA (SC)N/ARetrieve from the Module data objects together with its attestation value. Transmitte d through a Global Platform Secure Channel. Compliant with IG 4.1.A.Unauthenti catedNoneTag of the Data Object to retrieve for which the AC are satisfiedData Object retrieved followed by its attestation and Successful execution status.
Get Data with Attestatio n UsingN/ARetrieve from the Module data,Unauthenti catedNoneTag of the Data Object to retrieveData Object retrieved followed by its attestation and
ECDSA (Cleartext )together with its attestation value. Transmitte d over a plaintext channel. Compliant with IG 4.1.A.for which the AC are satisfiedSuccessful execution status.
Get Data with Attestatio n using ECDSA signature (SM)N/ARetrieve from the Module data objects together with its attestation value. Transmitte d with PIV Secure Messaging. Compliant with IG 4.1.A.Unauthenti catedNoneTag of the Data Object to retrieve for which the AC are satisfiedData Object retrieved followed by its attestation and Successful execution status.
Get Data with Attestatio n using ECDSA (SC)N/ARetrieve from the Module data objects together with its attestation value. Transmitte d through a Global Platform Secure Channel. CompliantUnauthenti catedNoneTag of the Data Object to retrieve for which the AC are satisfiedData Object retrieved followed by its attestation and Successful execution status.
Card Validation using RSA Card Authentic ation Key (CAK) 9E (Cleartext )N/AValidate the card with its asymmetric Card Authenticat ion Key 9E, in accordance with SP800- 73-4. Transmitte d over a plaintext channel. Compliant with IG 4.1A.Unauthenti catedNonechallenge data, algorithm, Key)Authentication cryptogram computed by the module and Successful execution status
Card Validation using RSA Card Authentic ation Key (CAK) 9E (SM)N/AValidate the card with its asymmetric Card Authenticat ion Key 9E, in accordance with SP800- 73-4. Transmitte d with PIV Secure Messaging. Compliant with IG 4.1A.Unauthenti catedNoneAuthentica tion material (Authentic ation challenge, algorithm, Key)Authentication cryptogram computed by the module and Successful execution status
Card Validation using RSA Card Authentic ation KeyN/AValidate the card with its asymmetric Card AuthenticatUnauthenti catedNoneAuthentica tion material (Authentic ation challenge,Authentication cryptogram computed by the module and Successful
(CAK) 9E (SC)ion Key 9E, in accordance with SP800- 73-4. Transmitte d through a Global Platform Secure Channel. Compliant with IG 4.1A.algorithm, Key)execution status
Card Validation using ECC Card Authentic ation Key (CAK) 9E (Cleartext )N/AValidate the card with its asymmetric Card Authenticat ion Key 9E, in accordance with SP800- 73-4. Transmitte d over a plaintext channel. Compliant with IG 4.1A.Unauthenti catedNonechallenge data, algorithmAuthentication cryptogram computed by the module and Successful execution status
Card Validation using ECC Card Authentic ation Key (CAK) 9E (SM)N/AValidate the card with its asymmetric Card Authenticat ion Key 9E, in accordance with SP800- 73-4. Transmitte d with PIVUnauthenti catedNoneAuthentica tion material (Authentic ation challenge, algorithm, Key)Authentication cryptogram computed by the module and Successful execution status
Card Validation using ECC Card Authentic ation Key (CAK) 9E (SC)N/AValidate the card with its asymmetric Card Authenticat ion Key 9E, in accordance with SP800- 73-4. Transmitte d through a Global Platform Secure Channel. Compliant with IG 4.1A.Unauthenti catedNoneAuthentica tion material (Authentic ation challenge, algorithm, Key)Authentication cryptogram computed by the module and Successful execution status
Authentic ation with RSA PIV Authentic ation Key 9A (Cleartext )N/AValidate the card module with its PIV Authenticat ion Key 9A, in accordance with SP800- 73-4. Transmitte d over a plaintext channel.User - PIV-AUTH (including intermediat e values): ERSA sigPrimAuthentica tion material (Authentic ation challenge, algorithm, Key)Authentication cryptogram computed by the module and Successful execution status
Authentic ation with RSA PIV AuthenticN/AValidate the card module with its PIV AuthenticatUser - PIV-AUTH (includingRSA sigPrimAuthentica tion material (Authentic ationAuthentication cryptogram computed by the module and Successful
ation Key 9A (SM)ion Key 9A, in accordance with SP800- 73-4. Transmitte d with PIV Secure Messaging.intermediat e values): Echallenge, algorithm, Key)execution status
Authentic ation with RSA PIV Authentic ation Key 9A (SC)N/AAuthenticat e with PIV Authenticat ion Key 9A, in accordance with SP800- 73-4. Transmitte d through a Global Platform Secure Channel.User - PIV-AUTH (including intermediat e values): ERSA sigPrimAuthentica tion material (Authentic ation challenge, algorithm, Key)Authentication cryptogram computed by the module and Successful execution status
Authentic ation with ECC PIV Authentic ation Key 9A (Cleartext )N/AAuthenticat e with PIV Authenticat ion Key 9A, in accordance with SP800- 73-4. Transmitte d over a plaintext channel.User - PIV-AUTH (including intermediat e values): EECDSA sigGen componentAuthentica tion material (Authentic ation challenge, algorithm, Key)Authentication cryptogram computed by the module and Successful execution status
Authentic ation with ECC PIV Authentic ation Key 9A (SM)N/AAuthenticat e with PIV Authenticat ion Key 9A, in accordance with SP800- 73-4. TransmitteUser - PIV-AUTH (including intermediat e values): EECDSA sigGen componentAuthentica tion material (Authentic ation challenge, algorithm, Key)Authentication cryptogram computed by the module and Successful execution status
Authentic ation with ECC PIV Authentic ation Key 9A (SC)N/AAuthenticat e with PIV Authenticat ion Key 9A, in accordance with SP800- 73-4. Transmitte d through a Global Platform Secure Channel.User - PIV-AUTH (including intermediat e values): EECDSA sigGen componentAuthentica tion material (Authentic ation challenge, algorithm, Key)Authentication cryptogram computed by the module and Successful execution status
Digital Signature with RSA PIV Digital Signature Key 9C (Cleartext )N/ASign an externally generated hash with PIV Digital Signature 9C in accordance with SP800- 73-4. Transmitte d over a plaintext channel.User - PIV-DS (including intermediat e values): ERSA sigPrimAlgorithm, Hash Value, KeyDigital Signature
Digital Signature with RSA PIV Digital Signature Key 9C (SM)N/ASign an externally generated hash with PIV Digital Signature 9C in accordance with SP800- 73-4. Transmitte d with PIVUser - PIV-DS (including intermediat e values): ERSA sigPrimAlgorithm, Hash Value, KeyDigital Signature
Digital Signature with RSA PIV Digital Signature Key 9C (SC)N/ASign an externally generated hash with PIV Digital Signature 9C in accordance with SP800- 73-4. Transmitte d through a Global Platform Secure Channel.User - PIV-DS (including intermediat e values): ERSA sigPrimAlgorithm, Hash Value, KeyDigital Signature
Digital Signature with ECC PIV Digital Signature Key 9C (Cleartext )N/ASign an externally generated hash with PIV Digital Signature 9C in accordance with SP800- 73-4. Transmitte d over a plaintext channel.User - PIV-DS (including intermediat e values): EECDSA sigGen componentAlgorithm, Hash Value, KeyDigital Signature
Digital Signature with ECC PIV Digital Signature Key 9C (SM)N/ASign an externally generated hash with PIV Digital Signature 9C in accordance with SP800- 73-4. Transmitte d with PIVUser - PIV-DS (including intermediat e values): EECDSA sigGen componentAlgorithm, Hash Value, KeyDigital Signature
Digital Signature with ECC PIV Digital Signature Key 9C (SC)N/ASign an externally generated hash with PIV Digital Signature 9C in accordance with SP800- 73-4. Transmitte d through a Global Platform Secure Channel.User - PIV-DS (including intermediat e values): EECDSA sigGen componentAlgorithm, Hash Value, KeyDigital Signature
Full Digital Signature (RSA PSS) (Cleartext )N/ARSA PSS Signature with full message hashing performed within the module. Transmitte d over a plaintext channel.User - DS-HASH (including intermediat e values): ERSA sigGen SHAAlgorithm, Message, KeysDigital Signature
Full Digital Signature (RSA PSS) (SM)N/ARSA PSS Signature with full message hashing performed within the module. Transmitte d with PIV Secure Messaging.User - DS-HASH (including intermediat e values): ERSA sigGen SHAAlgorithm, Message, KeysDigital Signature
Full Digital Signature (RSA PSS) (SC)N/ARSA PSS Signature with full message hashing performed within the module. Transmitte d through a Global Platform Secure Channel.User - DS-HASH (including intermediat e values): ERSA sigGen SHAAlgorithm, Message, KeysDigital Signature
Full Digital Signature (ECDSA) (Cleartext )N/AECDSA Signature with full message hashing performed within the module. Transmitte d over a plaintext channel.User - DS-HASH (including intermediat e values): EECDSA sigGen SHAAlgorithm, Message, KeysDigital Signature
Full Digital Signature (ECDSA) (SM)N/AECDSA Signature with full message hashing performed within the module. Transmitte d with PIV Secure Messaging.User - DS-HASH (including intermediat e values): EECDSA sigGen SHAAlgorithm, Message, KeysDigital Signature
Full Digital Signature (ECDSA) (SC)N/AECDSA Signature with full message hashingUser - DS-HASH (including intermediat e values): EECDSA sigGen SHAAlgorithm, Message, KeysDigital Signature
System Key Services with PIV Key Managem ent Keys (RSA) (Cleartext )N/ADecrypt a key or generate a shared secret using the module Key Manageme nt Keys, in accordance with SP800- 73-4. Transmitte d over a plaintext channel. Key decryption is the use of SP800- 56B Section 7.1.2 RSADP key decryption primitive.User - PIV-KMK (including intermediat e values): ERSA Decryption PrimitiveAlgorithm, RSA Wrapped System KeyUnwrapped key. The unwrapped key is for the outside system and is not used by the module.
System Key Services with PIV Key Managem ent Keys (RSA) (SM)N/ADecrypt a key or generate a shared secret using the module Key Manageme nt Keys, in accordance with SP800-User - PIV-KMK (including intermediat e values): ERSA Decryption PrimitiveAlgorithm, RSA Wrapped System KeyUnwrapped key. The unwrapped key is for the outside system and is not used by the module.

ID-One PIV 243 n N/A - OS-DRBGSEED: G,E - OS-DRBGSTATE: G,E g N/A - OS-DRBGSEED: G,E - OS-DRBGSTATE: G,E - SM-RMAC: G,E G,E - PIV-SMPUB: R N/A - OS-DRBGSEED: G,E - OS-DRBGSTATE: G,E G,E G,E © 2025 IDEMIA / atsec information security.

Page 25

ID-One PIV 243 n G,E ) N/A N/A N/A ) N/A © 2025 IDEMIA / atsec information security.

Page 26

ID-One PIV 243 n 4.1.A. 4.1.A. N/A 4.1.A. N/A N/A © 2025 IDEMIA / atsec information security.

Page 27

ID-One PIV 243 n ) 4.1.A. 4.1.A. N/A N/A © 2025 IDEMIA / atsec information security.

Page 28

ID-One PIV 243 n 4.1.A. ) with SP80073-4. N/A with SP80073-4. N/A N/A © 2025 IDEMIA / atsec information security.

Page 29

ID-One PIV 243 n with SP80073-4. ) with SP80073-4. with SP80073-4. N/A N/A © 2025 IDEMIA / atsec information security.

Page 30

ID-One PIV 243 n with SP80073-4. N/A ) with SP80073-4. N/A N/A © 2025 IDEMIA / atsec information security.

Page 31

ID-One PIV 243 n with SP80073-4. with SP80073-4. ) N/A with SP80073-4. N/A with SP80073-4. N/A © 2025 IDEMIA / atsec information security.

Page 32

ID-One PIV 243 n with SP80073-4. N/A ) with SP80073-4. N/A with SP80073-4. N/A © 2025 IDEMIA / atsec information security.

Page 33

ID-One PIV 243 n with SP80073-4. N/A ) with SP80073-4. N/A with SP80073-4. N/A © 2025 IDEMIA / atsec information security.

Page 34

ID-One PIV 243 n with SP80073-4. N/A ) N/A N/A © 2025 IDEMIA / atsec information security.

Page 35

ID-One PIV 243 n N/A ) N/A N/A N/A © 2025 IDEMIA / atsec information security.

Page 36

ID-One PIV 243 n ) with SP80073-4. 7.1.2 N/A N/A © 2025 IDEMIA / atsec information security.

Page 37
Sensitive security parameter
NameDescriptionSecurity FunctionUseInputOutputAccess
System Key Services with PIV Key Managem ent Keys (RSA) (SC)N/ARSA Decryption PrimitiveDecrypt a key or generate a shared secret using the module Key Manageme nt Keys, in accordance with SP800- 73-4. Transmitte d through a Global Platform Secure Channel. Key decryption is the use of SP800- 56B Section 7.1.2 RSADP key decryption primitive.Algorithm, RSA Wrapped System KeyUnwrapped key. The unwrapped key is for the outside system and is not used by the module.User - PIV-KMK (including intermediat e values): E
System Key Services with PIVN/AKAS-ECC CDH ComponentDecrypt a key or generate a sharedAlgorithm, ECC Public keyUnwrapped Shared Secret. The unwrappedUser - PIV-KMK (including

ID-One PIV 243 n 7.1.2 with SP80073-4. 7.1.2 N/A N/A © 2025 IDEMIA / atsec information security.

Page 38
Service
NameDescriptionCsps AccessedInputOutput
Key Managem ent Keys (ECDH) (Cleartext )secret using the module Key Manageme nt Keys, in accordance with SP800- 73-4. Transmitte d over a plaintext channel. Shared secret generation is the use of SP800- 56A Section 5.7.1.2.intermediat e values): Eshared secret is for the outside system and is not used by the module.
System Key Services with PIV Key Managem ent Keys (ECDH) (SM)Decrypt a key or generate a shared secret using the module Key Manageme nt Keys, in accordance with SP800- 73-4. Transmitte d with PIV Secure Messaging. Shared secret generation is the use of SP800- 56A Section 5.7.1.2.User - PIV-KMK (including intermediat e values): EAlgorithm, ECC Public keyUnwrapped Shared Secret. The unwrapped shared secret is for the outside system and is not used by the module.N/AKAS-ECC CDH Component
System Key Services with PIV Key Managem ent Keys (ECDH) (SC)Decrypt a key or generate a shared secret using the module Key Manageme nt Keys, in accordance with SP800- 73-4. Transmitte d through a Global Platform Secure Channel. Shared secret generation is the use of SP800- 56A Section 5.7.1.2.User - PIV-KMK (including intermediat e values): EAlgorithm, ECC Public keyUnwrapped Shared Secret. The unwrapped shared secret is for the outside system and is not used by the module.N/AKAS-ECC CDH Component
Card Validation using Symmetri c Card Authentic ation Key (Cleartext )Authenticat e the module with its Symmetric Card Authenticat ion Key, in accordance with SP800- 73-4. Transmitte d over a plaintext channel. Compliant with IG 4.1A.Unauthenti catedAuthentica tion material (Authentic ation challenge, algorithm, Key)Authentication cryptogram computed by the module and Successful execution statusN/ANone
Card Validation using Symmetri c Card Authentic ation Key (SM)Authenticat e the module with its Symmetric Card Authenticat ion Key, in accordance with SP800- 73-4. Transmitte d with PIV Secure Messaging. Compliant with IG 4.1A.Unauthenti catedAuthentica tion material (Authentic ation challenge, algorithm, Key)Authentication cryptogram computed by the module and Successful execution statusN/ANone
Card Validation using Symmetri c Card Authentic ation Key (SC)Authenticat e the module with its Symmetric Card Authenticat ion Key, in accordance with SP800- 73-4. Transmitte d through a Global Platform Secure Channel. Compliant with IG 4.1A.Unauthenti catedAuthentica tion material (Authentic ation challenge, algorithm, Key)Authentication cryptogram computed by the module and Successful execution statusN/ANone
External Authentic ation with PIV Admin KeyExternal Authenticat ion of AA role to the module using PIVPIV Application Administrat or -Authentica tion material (Authentic ation CryptograAuthentication Challenge,Suc cessful execution statusN/AAES-ECB
(Cleartext )Admin Key in accordance with SP800- 73-4. Transmitte d over a plaintext channel.ADMIN_KEY : Em, algorithm, Key)
External Authentic ation with PIV Admin Key (SM)External Authenticat ion of AA role to the module using PIV Admin Key in accordance with SP800- 73-4. Transmitte d with PIV Secure Messaging.PIV Application Administrat or - ADMIN_KEY : EAuthentica tion material (Authentic ation Cryptogra m, algorithm, Key)Authentication Challenge,Suc cessful execution statusN/AAES-ECB
External Authentic ation with PIV Admin Key (SC)External Authenticat ion of AA role to the module using PIV Admin Key in accordance with SP800- 73-4. Transmitte d through a Global Platform Secure Channel.PIV Application Administrat or - ADMIN_KEY : EAuthentica tion material (Authentic ation Cryptogra m, algorithm, Key)Authentication Challenge,Suc cessful execution statusN/AAES-ECB
Mutual Authentic ation withMutual Authenticat ion of AAPIV Application AdministratAuthentica tion materialAuthentication cryptogram computed byN/AAES-ECB
PIV Admin Key (Cleartext )role to the module using PIV Admin Key in accordance with SP800- 73-4. Transmitte d over a plaintext channel.or - ADMIN_KEY : E(Authentic ation Cryptogra m, algorithm, Key, Authentica tion challenge)the module, Authentication Challenge,Suc cessful execution status
Mutual Authentic ation with PIV Admin Key (SM)Mutual Authenticat ion of AA role to the module using PIV Admin Key in accordance with SP800- 73-4. Transmitte d with PIV Secure Messaging.PIV Application Administrat or - ADMIN_KEY : EAuthentica tion material (Authentic ation Cryptogra m, algorithm, Key, Authentica tion challenge)Authentication cryptogram computed by the module, Authentication Challenge,Suc cessful execution statusN/AAES-ECB
Mutual Authentic ation with PIV Admin Key (SC)Mutual Authenticat ion of AA role to the module using PIV Admin Key in accordance with SP800- 73-4. Transmitte d through a Global Platform Secure Channel.PIV Application Administrat or - ADMIN_KEY : EAuthentica tion material (Authentic ation Cryptogra m, algorithm, Key, Authentica tion challenge)Authentication cryptogram computed by the module, Authentication Challenge,Suc cessful execution statusN/AAES-ECB
Mutual Authentic ation with Mutual Authentic ation Key (Cleartext )Mutual authenticati on between the module and an Administrat or Key. Transmitte d over a plaintext channel.PIV Application Administrat or - MUTUAL- AUTH: EAuthentica tion Cryptogra m, algorithm, Admin Key)Authentication cryptogram computed by the module, Authentication Challenge,Suc cessful execution statusN/AAES-ECB
Mutual Authentic ation with Mutual Authentic ation Key (SM)Mutual authenticati on between the module and an Administrat or Key. Transmitte d with PIV Secure Messaging.PIV Application Administrat or - MUTUAL- AUTH: EAuthentica tion Cryptogra m, algorithm, Admin Key)Authentication cryptogram computed by the module, Authentication Challenge,Suc cessful execution statusN/AAES-ECB
Mutual Authentic ation with Mutual Authentic ation Key (SC)Mutual authenticati on between the module and an Administrat or Key. Transmitte d through a Global Platform Secure Channel.PIV Application Administrat or - MUTUAL- AUTH: EAuthentica tion Cryptogra m, algorithm, Admin Key)Authentication cryptogram computed by the module, Authentication Challenge,Suc cessful execution statusN/AAES-ECB
Global Platform Lock / UnlockTemporarily lock & unlock the full module or one of its applications using GlobalCrypto Officer - SC-ENC: E - SC-C-MAC: E - SC-R-MAC: EGlobal Platform card life cycle status to set, and AID of the applicationSuccessful execution statusN/AAES-CBC AES-CMAC
Module Terminati onSet the card life cycle status to TERMINATE D. All the CSPs are zeroized when the life cycle status is set to TERMINATE DCrypto Officer - SC-ENC: E,Z - SC-C-MAC: E,Z - SC-R-MAC: E,Z - OS-DRBG- SEED: Z - OS-DRBG- STATE: Z - SD-DAK: Z - SD-DMK: Z - SD-DEK: Z - DAP-AES: Z - PIV-SM: Z - SM-ENC: Z - SM-C- MAC: Z - SM-R- MAC: Z - SM-CFRM: Z - PIN: Z - OCC- Fingerprints : Z - OCC- Facial: Z - OCC-Iris: Z - PUK: Z - ADMIN_PIN: Z - ADMIN_KEY : Z - PIV-AUTHN/ASuccessful execution statusN/AAES-CBC AES-CMAC

ID-One PIV 243 n ) with SP80073-4. 5.7.1.2. with SP80073-4. 5.7.1.2. N/A © 2025 IDEMIA / atsec information security.

Page 39

ID-One PIV 243 n with SP80073-4. 5.7.1.2. N/A ) with SP80073-4. N/A © 2025 IDEMIA / atsec information security.

Page 40

ID-One PIV 243 n with SP80073-4. N/A with SP80073-4. N/A N/A © 2025 IDEMIA / atsec information security.

Page 41

ID-One PIV 243 n ) with SP80073-4. with SP80073-4. N/A m, :E with SP80073-4. N/A m, :E N/A m, :E © 2025 IDEMIA / atsec information security.

Page 42

ID-One PIV 243 n ) with SP80073-4. with SP80073-4. with SP80073-4. m, N/A m, :E N/A m, :E :E © 2025 IDEMIA / atsec information security.

Page 43

ID-One PIV 243 n ) N/A m, - MUTUALAUTH: E N/A m, - MUTUALAUTH: E N/A m, - MUTUALAUTH: E N/A E E © 2025 IDEMIA / atsec information security.

Page 44

ID-One PIV 243 n N/A N/A E,Z E,Z E,Z - OS-DRBGSEED: Z - OS-DRBGSTATE: Z Z Z - SM-RMAC: Z Z - OCCFingerprints :Z - OCCFacial: Z Z Z :Z D © 2025 IDEMIA / atsec information security.

Page 45
Service
NameCsps AccessedDescriptioIndicaSecurity
nAccessntorFunctions

ID-One PIV 243 n - MUTUALAUTH: Z - SAMCMAC: Z Z - SAM-KDFENC: Z - TOTPSHA1: Z - TOTPSHA256: Z - TOTPSHA512: Z - PIV-SMPUB: Z - PIV-AUTHPUB - PIV-DSPUB © 2025 IDEMIA / atsec information security.

Page 46
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutput
Load FW with RSA DAPLoad and install application packages (FW).Crypto Officer - DAP-PUB (including intermediat e values): EAES-CBC AES-CMAC RSA sigVerN/ASigned Packages (FW)Successful execution status
Load FW with AES DAPLoad and install application packages (FW).Crypto Officer - DAP-AES: EAES-CBC AES-CMACN/ASigned Packages (FW)Successful execution status
Manage SD Keys and PIV Global Reference DataUpdate SD keys and reset PIV Global Reference Data (PINs & BIO with an ID in the Global ID Range).Crypto Officer - DAP-PUB (including intermediat e values): W,E - SC-ENC: E - SC-C-MAC: E - SC-R-MAC: E - SD-DAK: W - SD-DMK: W - SD-DEK: W - DAP-AES: W - PIN: W - PUK: W - ADMIN_PIN:AES-CBC AES-CMACN/ASD keys or PIV Global Reference DataSuccessful execution status
Manage SD DataCreate or update Security Domain (SD) data.Crypto Officer - SD-DEK: E - SC-ENC: E - SC-C-MAC: E - SC-R-MAC: EAES-CBC AES-CMACN/ASD DataSuccessful execution status
Show StatusRetrieve the identificatio n and status of all applications present in the moduleCrypto Officer - SC-ENC: E - SC-C-MAC: E - SC-R-MAC: EAES-CBC AES-CMACN/ALevel of details to retrieveRequested application status and Successful execution status
Global Platform DELETE APPLICATI ONRemove an application and all its data and keys from the module.Crypto Officer - PIN: Z - OCC- Fingerprints : Z - OCC- Facial: Z - OCC-Iris: Z - PUK: Z - ADMIN_PIN: Z - ADMIN_KEY : Z - PIV-AUTH (including intermediatAES-CBC AES-CMACN/AAID of the application to removeSuccessful execution status

ID-One PIV 243 n - DS-HASHPUB N/A N/A E N/A W,E E E W W W W © 2025 IDEMIA / atsec information security.

Page 47

ID-One PIV 243 n W - OCCFingerprints :W - OCCFacial: W W N/A E E N/A E E N/A - OCCFingerprints :Z - OCCFacial: Z Z Z :Z © 2025 IDEMIA / atsec information security.

Page 48
Service
NameCsps AccessedDescriptioIndicaSecurity
nAccessntorFunctions

ID-One PIV 243 n - MUTUALAUTH: Z - SAMCMAC: Z - SM-RMAC: Z Z - TOTPSHA1: Z - TOTPSHA256: Z - TOTPSHA512: Z - PIV-SMPUB: Z - PIV-AUTHPUB - PIV-DSPUB - PIV-KMKPUB © 2025 IDEMIA / atsec information security.

Page 49
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutput
Personaliz e PIV Data (Cleartext )Write data into the PIV application. Transmitte d over a plaintext channel.PIV Application Administrat or - SC-ENC: Z - SC-C-MAC: Z - SC-R-MAC: ZNoneN/AData Object or Elementar y file to update.Successful execution status
Personaliz e PIV Data (SM)Write data into the PIV application. Transmitte d with PIV Secure Messaging.PIV Application Administrat or - SM-ENC: E,Z - SM-C- MAC: E,Z - SM-R- MAC: E,ZNoneN/AData Object or Elementar y file to update.Successful execution status
Personaliz e PIV Data (SC)Write data into the PIV application. Transmitte d through a Global Platform Secure Channel.PIV Application Administrat or - SD-DEK: E - SC-ENC: E - SC-C-MAC: E - SC-R-MAC: ENoneN/AData Object or Elementar y file to update.Successful execution status
Manage PIV Local Reference Data (Cleartext )Personalize authenticati on datum or local biometric data for OCC (i.e.Crypto Officer - SC-ENC: Z - SC-C-MAC: Z - SC-R-MAC: ZAES-CBC AES-CMACN/ALocal authentica tion datum or biometricSuccessful execution status
with an ID in the local ID range). Transmitte d over a plaintext channel.with an ID in the local ID range). Transmitte d over a plaintext channel.- PIN: W - PUK: W - ADMIN_PIN: W - OCC- Fingerprints : W,Zdata for OCC
Manage PIV Local Reference Data (SM)Personalize authenticati on datum or local biometric data for OCC (i.e. with an ID in the local ID range). Transmitte d with PIV Secure Messaging.Crypto Officer - SM-ENC: E,Z - SM-C- MAC: E,Z - SM-R- MAC: E,Z - PIN: W - PUK: W - ADMIN_PIN: W - OCC- Fingerprints : W,ZAES-CBC AES-CMACN/ALocal authentica tion datum or biometric data for OCCSuccessful execution status
Manage PIV Local Reference Data (SC)Personalize authenticati on datum or local biometric data for OCC (i.e. with an ID in the local ID range). Transmitte d through a Global Platform Secure Channel.Crypto Officer - SD-DEK: E - SC-ENC: E - SC-C-MAC: E - SC-R-MAC: E - PIN: W - PUK: W - ADMIN_PIN: W - OCC- Fingerprints : W,ZAES-CBC AES-CMACN/ALocal authentica tion datum or biometric data for OCCSuccessful execution status
On-Board- Key- Generatio n (CKG) -Generate Asymmetric Key pair (RSA)PIV Application Administrat orRSA keyGen RSA sigPrim RSA sigVerN/ACKG parameter s (algorithm,Public Key generated, Successful
RSA (Cleartext )inside the module, and export the public key value. Not supported for PIV Key Manageme nt Keys. Transmitte d over a plaintext channel.- SC-ENC: Z - SC-C-MAC: Z - SC-R-MAC: Z - PIV-AUTH (including intermediat e values): G - PIV-AUTH- PUB (including intermediat e values): G - PIV-DS (including intermediat e values): G - PIV-DS- PUB (including intermediat e values): G - PIV-SM: G - PIV-SM- PUB: G - DS-HASH (including intermediat e values): G - DS-HASH- PUB (including intermediat e values): Gkey size, Key ID)execution status
On-Board- Key- Generatio n (CKG) - RSA (SM)Generate Asymmetric Key pair (RSA) inside the module, and export the public key value. Not supportedPIV Application Administrat or - SM-ENC: E,Z - SM-C- MAC: E,Z - SM-R- MAC: E,Z - PIV-AUTHRSA keyGen RSA sigPrim RSA sigVerN/ACKG parameter s (algorithm, key size, Key ID)Public Key generated, Successful execution status

ID-One PIV 243 n - DS-HASHPUB ) N/A Z Z N/A E,Z - SM-RMAC: E,Z N/A E E ) N/A Z Z © 2025 IDEMIA / atsec information security.

Page 50

ID-One PIV 243 n W - OCCFingerprints : W,Z N/A E,Z - SM-RMAC: E,Z W - OCCFingerprints : W,Z N/A E E W - OCCFingerprints : W,Z On-BoardKeyGeneratio N/A s © 2025 IDEMIA / atsec information security.

Page 51

ID-One PIV 243 n ) On-BoardKeyGeneratio N/A s Z Z - PIV-AUTHPUB - PIV-DSPUB - PIV-SMPUB: G - DS-HASHPUB E,Z - SM-CMAC: E,Z - SM-RMAC: E,Z © 2025 IDEMIA / atsec information security.

Page 52
Service
NameDescriptionCsps AccessedApproved FunctionsAccessInputOutput
On-Board- Key- Generatio n (CKG) - RSA (SC)N/AGenerate Asymmetric Key pair (RSA) inside the module, and export the public key value. Not supported for PIV Key Manageme nt Keys. Transmitte d through a GlobalRSA keyGen RSA sigPrim RSA sigVerPIV Application Administrat or - SD-DEK: E - SC-ENC: E - SC-C-MAC: E - SC-R-MAC: E - PIV-AUTH (including intermediat e values): G - PIV-AUTH- PUB (includingCKG parameter s (algorithm, key size, Key ID)Public Key generated, Successful execution status
Platform Secure Channel.Platform Secure Channel.intermediat e values): G - PIV-DS (including intermediat e values): G - PIV-DS- PUB (including intermediat e values): G - PIV-SM: G - PIV-SM- PUB: G - DS-HASH (including intermediat e values): G - DS-HASH- PUB (including intermediat e values): G
On-Board- Key- Generatio n (CKG) - ECC (Cleartext )N/AGenerate Asymmetric Key pair (ECC) inside the module, and export the public key value. Not supported for PIV Key Manageme nt Keys. Transmitte d over a plaintext channel.ECDSA keyGen ECDSA sigGen component ECDSA sigVer ECDSA keyVerPIV Application Administrat or - SC-ENC: Z - SC-C-MAC: Z - SC-R-MAC: Z - PIV-AUTH (including intermediat e values): G - PIV-AUTH- PUB (including intermediat e values): G - PIV-DS (including intermediat e values): G - PIV-DS-CKG parameter s (algorithm, key size, Key ID)Public Key generated, Successful execution status
On-Board- Key- Generatio n (CKG) - ECC (SM)N/AGenerate Asymmetric Key pair (ECC) inside the module, and export the public key value. Not supported for PIV Key Manageme nt Keys. Transmitte d with PIV Secure Messaging.ECDSA keyGen ECDSA sigGen component ECDSA sigVer ECDSA keyVerPIV Application Administrat or - SM-ENC: E,Z - SM-C- MAC: E,Z - SM-R- MAC: E,Z - PIV-AUTH (including intermediat e values): G - PIV-AUTH- PUB (including intermediat e values): G - PIV-DS (including intermediat e values): G - PIV-DS- PUB (including intermediat e values): G - PIV-SM: G - PIV-SM-CKG parameter s (algorithm, key size, Key ID)Public Key generated, Successful execution status
On-Board- Key- Generatio n (CKG) - ECC (SC)N/AGenerate Asymmetric Key pair (ECC) inside the module, and export the public key value. Not supported for PIV Key Manageme nt Keys. Transmitte d through a Global Platform Secure Channel.ECDSA keyGen ECDSA sigGen component ECDSA sigVer ECDSA keyVerPIV Application Administrat or - SD-DEK: E - SC-ENC: E - SC-C-MAC: E - SC-R-MAC: E - PIV-AUTH (including intermediat e values): G - PIV-AUTH- PUB (including intermediat e values): G - PIV-DS (including intermediat e values): G - PIV-DS- PUB (including intermediat e values): G - PIV-SM: G - PIV-SM- PUB: G - DS-HASH (including intermediat e values): G - DS-HASH-CKG parameter s (algorithm, key size, Key ID)Public Key generated, Successful execution status
PIV Put Key (SM)N/ASecure inject PIV Application keys. Transmitte d with PIV Secure Messaging.AES-CBC AES-CMAC KTS (AES + HMAC) key wrapping/unwr appingCrypto Officer - SM-ENC: E,Z - SM-C- MAC: E,Z - SM-R- MAC: E,Z - ADMIN_KEY : W,Z - PIV-AUTH (including intermediat e values): W,Z - PIV-AUTH- PUB (including intermediat e values): W,Z - PIV-DS (including intermediat e values): W,Z - PIV-DS- PUB (including intermediat e values): W,Z - PIV-KMK (including intermediat e values): W,Z - PIV-KMK- PUB (including intermediatAlgorithm & Encrypted Key valueSuccessful execution status

ID-One PIV 243 n On-BoardKeyGeneratio - PIV-AUTHPUB - PIV-DSPUB - PIV-SMPUB: G - DS-HASHPUB N/A s E E - PIV-AUTHPUB © 2025 IDEMIA / atsec information security.

Page 53

ID-One PIV 243 n On-BoardKeyGeneratio ) - PIV-DSPUB - PIV-SMPUB: G - DS-HASHPUB N/A s Z Z - PIV-AUTHPUB © 2025 IDEMIA / atsec information security.

Page 54

ID-One PIV 243 n - PIV-SMPUB: G - DS-HASHPUB On-BoardKeyGeneratio N/A s E,Z - SM-CMAC: E,Z - SM-RMAC: E,Z - PIV-AUTHPUB - PIV-DSPUB © 2025 IDEMIA / atsec information security.

Page 55

ID-One PIV 243 n - DS-HASHPUB On-BoardKeyGeneratio N/A s E E - PIV-AUTHPUB - PIV-DSPUB - PIV-SMPUB: G © 2025 IDEMIA / atsec information security.

Page 56

ID-One PIV 243 n N/A & E,Z - SM-RMAC: E,Z : W,Z W,Z - PIV-AUTHPUB W,Z W,Z - PIV-DSPUB W,Z W,Z - PIV-KMKPUB © 2025 IDEMIA / atsec information security.

Page 57
Service
NameCsps AccessedDescriptioIndicaSecurity
nAccessntorFunctions
nAccessntorFunctions

ID-One PIV 243 n W,Z W,Z - PIV-SMPUB: W,Z - MUTUALAUTH: W,Z W,Z - DS-HASHPUB W,Z - SAMCMAC: W,Z W,Z - SAM-KDFENC: W,Z W,Z - TOTPSHA1: W,Z - TOTPSHA256: W,Z - TOTPSHA512: W,Z E,Z - SM-RMAC: E,Z © 2025 IDEMIA / atsec information security.

Page 58

ID-One PIV 243 n : W,Z W,Z - PIV-AUTHPUB W,Z W,Z - PIV-DSPUB W,Z W,Z - PIV-KMKPUB W,Z W,Z - PIV-SMPUB: W,Z - MUTUALAUTH: W,Z W,Z - DS-HASHPUB © 2025 IDEMIA / atsec information security.

Page 59
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutput
PIV Put Key (SC)Secure inject PIV Application keys. Transmitte d through a Global Platform Secure Channel.Crypto Officer - SD-DEK: E - SC-ENC: E - SC-C-MAC: E - SC-R-MAC: E - ADMIN_KEY : W,Z - PIV-AUTH (including intermediat e values): W,Z - PIV-AUTH- PUB (including intermediat e values): W,Z - PIV-DS (including intermediat e values):AES-ECB AES-CMAC KTS (AES + HMAC) key wrapping/unwr appingN/AAlgorithm & Encrypted Key valueSuccessful execution status

ID-One PIV 243 n W,Z - SAMCMAC: W,Z W,Z - SAM-KDFENC: W,Z W,Z - TOTPSHA1: W,Z - TOTPSHA256: W,Z - TOTPSHA512: W,Z N/A & E E : W,Z W,Z - PIV-AUTHPUB W,Z © 2025 IDEMIA / atsec information security.

Page 60
Service
NameCsps AccessedDescriptioIndicaSecurity
nAccessntorFunctions
nAccessntorFunctions

ID-One PIV 243 n W,Z - PIV-DSPUB W,Z W,Z - PIV-KMKPUB W,Z W,Z - PIV-SMPUB: W,Z - MUTUALAUTH: W,Z W,Z - DS-HASHPUB W,Z - SAMCMAC: W,Z W,Z - SAM-KDFENC: W,Z W,Z - TOTPSHA1: W,Z - TOTPSHA256: © 2025 IDEMIA / atsec information security.

Page 61

ID-One PIV 243 n W,Z - TOTPSHA512: W,Z E E : W,Z W,Z - PIV-AUTHPUB W,Z W,Z - PIV-DSPUB W,Z W,Z - PIV-KMKPUB © 2025 IDEMIA / atsec information security.

Page 62
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutput
Verify Reference Data (Cleartext )Send authenticati on datum (PINs or BIO) for verification. Transmitte d over anPIV Application Administrat or - PUK: E - ADMIN_PIN: E User - PIN: ENoneN/AAuthentica tion DataSuccessful execution status
unprotecte d channel.unprotecte d channel.- OCC- Fingerprints : E - OCC- Facial: E - OCC-Iris: E
Verify Reference Data (SM)Send authenticati on datum (PINs or BIO) for verification. Transmitte d with a PIV Secure Messaging.PIV Application Administrat or - PUK: E - ADMIN_PIN: E User - PIN: E - OCC- Fingerprints : E - OCC- Facial: E - OCC-Iris: ENoneN/AAuthentica tion DataSuccessful execution status
Verify Reference Data (SC)Send authenticati on datum (PINs or BIO) for verification. Transmitte d through a Global Platform Secure Channel.PIV Application Administrat or - PUK: E - ADMIN_PIN: E User - PIN: E - OCC- Fingerprints : E - OCC- Facial: E - OCC-Iris: ENoneN/AAuthentica tion DataSuccessful execution status
Un-verify Reference Data (Cleartext )Clear the verification status of previously verified referencePIV Application Administrat or - PUK: E -NoneN/AAuthentica tion DataSuccessful execution status

ID-One PIV 243 n W,Z W,Z - PIV-SMPUB: W,Z - MUTUALAUTH: W,Z W,Z - DS-HASHPUB W,Z - SAMCMAC: W,Z W,Z - SAM-KDFENC: W,Z W,Z - TOTPSHA1: W,Z - TOTPSHA256: W,Z - TOTPSHA512: W,Z ) N/A E © 2025 IDEMIA / atsec information security.

Page 63

ID-One PIV 243 n - OCCFingerprints :E - OCCFacial: E N/A E - OCCFingerprints :E - OCCFacial: E N/A E - OCCFingerprints :E - OCCFacial: E ) N/A © 2025 IDEMIA / atsec information security.

Page 64
Service
NameDescriptionRole AccessApproved FunctionsAccessInputOutput
Un-verify Reference Data (SM)N/APIV Application Administrat or - PUK: E - ADMIN_PIN: E User - PIN: E - OCC- Fingerprints : E - OCC- Facial: E - OCC-Iris: ENoneClear the verification status of previously verified reference data (PINs or BIO). Following execution of this service, a new Verify Reference Data shall be called to set its status to "verified" and unlock the associated AccessAuthentica tion DataSuccessful execution status
Un-verify Reference Data (SC)N/APIV Application Administrat or - PUK: E - ADMIN_PIN: E User - PIN: E - OCC- Fingerprints : E - OCC- Facial: E - OCC-Iris: ENoneClear the verification status of previously verified reference data (PINs or BIO). Following execution of this service, a new Verify Reference Data shall be called to set its status to "verified" and unlock the associated Access Condition (AC). Transmitte d through a Global Platform Secure Channel.Authentica tion DataSuccessful execution status
SAM computati on (SM)N/AUser - SAM- CMAC: E - SAM-KDF: E - SAM-KDF- ENC: EAES-CBC AES-CMACUse the PIV card as a SAM to compute CMAC, KDF or authenticati onDiversifica tion dataAES-CMAC value, or KDF or Authentication Cryptogram depending on the SAM Key being used
cryptogram to unlock a target card. Transmitte d with PIV Secure Messaging.cryptogram to unlock a target card. Transmitte d with PIV Secure Messaging.(SAM-CMAC, SAM-KDF, SAM-KDF-ENC)
SAM computati on (SC)N/AUser - SAM- CMAC: E - SAM-KDF: E - SAM-KDF- ENC: EAES-CBC AES-CMACUse the PIV card as a SAM to compute CMAC, KDF or authenticati on cryptogram to unlock a target card. Transmitte d through a Global Platform Secure Channel.Diversifica tion dataAES-CMAC value, or KDF or Authentication Cryptogram depending on the SAM Key being used (SAM-CMAC, SAM-KDF, SAM-KDF-ENC)
One-Time- Password Generatio n (HOTP)N/AUser - HOTP: EHMACCompute an HMAC- Based One Time Password (HOTP)N/A for HOTP (the counter is managed by the module)HMAC-Based One-time Password (HOTP) value computed as per RFC 4226
One-Time- Password Generatio n (TOTP)N/AUser - TOTP- SHA1: E - TOTP- SHA256: E - TOTP- SHA512: ESHACompute a One Time Password (TOTP)time stampTime-based One-time Password (TOTP) algorithm specified in RFC 6238

ID-One PIV 243 n E - OCCFingerprints :E - OCCFacial: E N/A E - OCCFingerprints :E - OCCFacial: E © 2025 IDEMIA / atsec information security.

Page 65

ID-One PIV 243 n N/A E - OCCFingerprints :E - OCCFacial: E N/A - SAMCMAC: E E - SAM-KDFENC: E © 2025 IDEMIA / atsec information security.

Page 66

ID-One PIV 243 n N/A - SAMCMAC: E E - SAM-KDFENC: E One-TimePassword N/A One-TimePassword N/A - TOTPSHA1: E - TOTPSHA256: E - TOTPSHA512: E Table 13: Approved Services The module supports unauthenticated services which perform cryptographic operations yet do not claim any security provided by the module but instead serve to identify the module to an external entity for attestation services. Item '1b' in IG 4.1.A "Additional Comments" section provides a list of rationales for which exemption can be claimed. These are: © 2025 IDEMIA / atsec information security.

Page 67

ID-One PIV 243 a) the referenced algorithms and services do not create, disclose, modify, substitute, access, or make use of the module’s CSPs, and PSPs are not modified or substituted; or b) that the referenced algorithms and services do not affect the security of the module, or the security of the information being protected by the module. The module implements PIV card validation and attestation services that use symmetric keys and asymmetric private keys purely to provide the module's cryptographic identity to an external entity. The use of cryptographic challenge-response schemes with symmetric keys use of asymmetric signature verification schemes to validate private keys embedded within the module are not claimed to provide protection of data but rather only serve to confirm the module's identity to an external entity. For this, the module provides a signed message using its device specific private key contained within. In addition, - The message being signed is predefined i.e., not a user defined message that can be offered as service to the caller. - This attestation specific key cannot be reused for any other purpose. - The signature generation operation is performed during boot time before any User has a chance to interact with the module. So, the service is not handling or protecting any user data. Based on above facts it is clear that the referenced algorithms (SHA, AES-ECB, ECDSA and RSA) and services (signature generation, message digest) do not affect the security of the module, or the security of the information being protected by the module. Therefore, the module complies to exception '1b' in additional comment of IG 4.1.A.

4.4 Non-Approved Services
4.5 External Software/Firmware Loaded

The module includes a firmware load process (Manage Content service) to support necessary updates. New firmware versions within the scope of this validation must be validated through the FIPS 140-3 CMVP. Any other firmware loaded into this module is out of the scope of this validation and requires a separate FIPS 140-3 validation. When new firmware is loaded into the module using the "Load FW with RSA DAP" and "Load FW with AES DAP" services, the Module verifies the SHA-256 digest computed over the all firmware, and the AES-CMAC authentication code computed with SD-SMAC on each block of the firmware and the SHA-256 digest. In addition to the previous method, the firmware load process verifies an RSA PSS signature computed with DAP-PUB or an AES-CMAC authentication code computed with DAP-AES key on the firmware SHA-256 digest. © 2025 IDEMIA / atsec information security.

Page 68
5 Software/Firmware Security
5.1 Integrity Techniques

The module performs an integrity test over the executable firmware loaded in non-volatile memory (NVM) (i.e. Javacard Packages) and over the ROM Code (i.e. Operating System). The integrity test uses a 16-bit CRC. The module does not provide any services via the HMI, SFMI, HFMI, or HSMI interface that allow the operator to examine the executable code.

5.2 Initiate on Demand

The pre-operational integrity test can be performed on demand by power cycling or resetting the module. The module may perform conditional cryptographic algorithm self-tests on demand through the "Context" service. © 2025 IDEMIA / atsec information security.

Page 69
6 Operational Environment
6.1 Operational Environment Type and Requirements

Type of Operational Environment: Limited The module is classified as a single chip hardware module running on limited modifiable firmware, the requirements of this section are not applicable. © 2025 IDEMIA / atsec information security.

Page 70
MechanismInspectionInspection Guidance
Frequency
Hard tamper-evident coatingDetermined by the operatorObserve the coating surroundings of the chip for any signs of damage
Temp/Voltage TypeTemperature or VoltageEFPResult
or
EFT
LowTemperature-25CEFPModule stops all operations and shuts down
HighTemperature112CEFPModule stops all operations and shuts down
LowVoltage1.5VEFPModule stops all operations and shuts down
HighVoltage6.6VEFPModule stops all operations and shuts down
TemperatureTemperature
Type
LowTemperature-25°C
HighTemperature115°C
7 Physical Security
7.1 Mechanisms and Actions Required

Table 14: Mechanisms and Actions Required Table 15: EFP/EFT Information

7.3 Hardness Testing Temperature Ranges

Table 16: Hardness Testing Temperatures © 2025 IDEMIA / atsec information security.

Page 71
8 Non-Invasive Security

This module implements non-invasive security techniques that are not listed in SP800-140F. These techniques are mentioned in Section 12. © 2025 IDEMIA / atsec information security.

Page 72
Sensitive security parameter
NameTypeDescription
RAMDynamicVolatile Memory
NVMStaticNon-volatile Memory (FLASH)
Service
NameApproved FunctionsTypeFromTo
PIV Secure Messaging (SM) [Import]AES-CBCEncryptedOutside entityNVMManualElectronic
PIV Secure Messaging (SM) [Export]AES-CBCEncryptedNVMOutside entityManualElectronic
Global Platform Secure Channel (SC) [Import]AES-CBCEncryptedOutside entityNVMManualElectronic
Global Platform Secure Channel (SC) [Export]AES-CBCEncryptedNVMOutside entityManualElectronic
Plaintext [Import]PlaintextOutside EnttityRAMManualElectronic
Plaintext [Export] (PSPs Only)PlaintextRAMOutside entityManualElectronic
9 Sensitive Security Parameters Management
9.1 Storage Areas
9.2 SSP Input-Output Methods

Table 18: SSP Input-Output Methods © 2025 IDEMIA / atsec information security.

Page 73
ZeroizationDescriptionRationaleOperator Initiation
Method
Global Platform TERMINATED STATESecurely zeroizes all stored SSPs within the module. Zeroisation operation takes less than 1 second to erase all plaintext SSPsAll stored keys zeroizedBy setting the module in the GLOBAL PLATFORM TERMINATED STATE
Global Platform DELETE KEYSecurely zeroizes global platform keysKey values are zeroized, this is also followed by garbage collection to clear any values in memoryGlobal Platform DELETE KEY Command.
Global Platform DELETE APPLICATIONRemove an application and all its data and keys from the moduleKey values are zeroized, this is also followed by garbage collection to clear any values in memoryGlobal Platform DELETE APPLICATION Command.
PIV PUT KEYZeroizes all buffers held by the key objectValues in memory clearedPIV PUT KEY Command.
M_CLEAR_APDUZeroizes the APDU buffer memory which is used as temporary memory bufferValues in memory clearedAutomatically upon completing the processing of a service
SELECT ContextClears global platform session keys from memoryValues in memory clearedSELECT Context Command.
New key generationOverwrites the previous key with a newly generated value.Previous key overwrittenAutomatically upon generation of a new key
Error handlingSecure messaging keys are zeroized once an error occursValues in memory clearedAutomatically upon error detection
Module ResetPower cycles the moduleThe module resets clearing the contents of SSPs stored in RAM memoryBy invoking Module Reset service, or by removing power from the module
9.3 SSP Zeroization Methods

Table 19: SSP Zeroization Methods © 2025 IDEMIA / atsec information security.

Page 74
Sensitive security parameter
NameTypeDescriptionStrengthGenerationEstablishmentStorageZeroizationUseRelated SSPs
OS-DRBG- SEEDCSP - CSPEntropy input and nonce provided by the NDRNG, used to seed the Approved DRBG256 - 256CTR DRBG
OS-DRBG- STATECSP - CSPThe current AES-128 CTR_DRBG Internal State (V, Key)128 - 128CTR DRBGCTR DRBG
SD-DAKCSP - CSPSecurity Domain Data Authentication Key (DAK) used to generate SC- ENC256 - 256AES-CMAC KBKDF SP 800-108
SD-DMKCSP - CSPSecurity Domain Data MAC Key (DMK) used to generate SC-C- MAC/SC-R-MAC256 - 256AES-CMAC KBKDF SP 800-108
SD-DEKCSP - CSPSecurity Domain Data Encryption Key (DEK) used to decrypt CSPs256 - 256AES-CBC
SC-ENCCSP - CSPSession key used to encrypt / decrypt Secure Channel (SC) data once Mutual Authentication is successful256 - 256KBKDF SP 800-108AES-CBC
SC-C-MACCSP - CSPSession key used to verify inbound (Command) Secure Channel (SC) data integrity256 - 256KBKDF SP 800-108AES-CMAC
SC-R-MACCSP - CSPSession key used to verify outbound (Response) Secure Channel (SC) data integrity256 - 256KBKDF SP 800-108AES-CMAC
DAP-AESCSP - CSPData Authentication Pattern AES Key. New firmware signature verification key256 - 256AES-CMAC
PIV-SMCSP - CSPPIV Secure Messaging Key Establishment Key as described in SP800-73-4 and ANSI 504-1P-256, P- 384, P- 521 - 128, 192, 256ECDSA keyGenKAS-ECC
SM-ENCCSP - CSPPIV Secure Messaging Key Establishment Key as described in SP800-73-4 and ANSI 504-1128, 256 - 128, 256KAS-ECCAES-CBC
SM-C-MACCSP - CSPSession key used to encrypt / decrypt Secure Messaging (SM) Data128, 256 - 128, 256KAS-ECCAES-CMAC
SM-R-MACCSP - CSPSession key used to verify data integrity of inbound (Command) Secure Messaging (SM)128, 256 - 128, 256KAS-ECCAES-CMAC
SM-CFRMCSP - CSPSecure Messaging (SM) session key confirmation key128, 256 - 128, 256KAS-ECCAES-CMAC
PINCSP - CSPCard Holder Verification datum: Authentication datum (PIN or Password) used to verify the Card Holder (User)Variable length up to 8 or 16 bytes - Variable length up to 8 or 16 bytes
OCC- FingerprintsCSP - CSPFingerprints Biometric Data extracted from the user to verify its identityN/A - N/A
OCC-FacialCSP - CSPFacial Image Biometric Data extracted from the user to verify its identityN/A - N/A
OCC-IrisCSP - CSPFacial Image Biometric Data extracted from the user to verify its identityN/A - N/A
PUKCSP - CSPPIN Unblocking Code used by the PIV Application Administrator to reset the PIN64 bits or 128 bits - 64 bits or 128 bits
ADMIN_PINCSP - CSPAuthentication datum (PIN or Password) used to verify the PIV Application Administrator64 bits or 128 bits - 64 bits or 128 bits
ADMIN_KEYCSP - CSPPIV Application Administrative Key used to authenticate the PIV Application Administrator128, 192, 256 - 128, 192, 256AES-ECB
PIV-AUTH (including intermediat e values)CSP - CSPPIV Authentication Key (9A) used to Authenticate the PIV application in the module.Intende d to be used with either RSASP1 or ECDSA primitiveRSA: 2048, 3072, 4096; ECDSA P- 224, P- 256, P- 384, P- 521 - RSA: 112, 128, 150; ECDSA: 112, 128, 192, 256ECDSA keyGen RSA keyGenECDSA sigGen componen t RSA sigPrim
PIV-DS (including intermediat e values)CSP - CSPPIV Digital Signature Key (9C).as described in SP800-78-4. Intended to be used with eitherRSA: 2048, 3072, 4096; ECDSA P- 224, P- 256, P-ECDSA keyGen RSA keyGenECDSA sigGen componen t RSA sigPrim
RSASP1or ECC DSA PrimitiveRSASP1or ECC DSA Primitive384, P- 521 - RSA: 112, 128, 150; ECDSA: 112, 128, 192, 256
PIV-KMK (including intermediat e values)CSP - CSPPIV Key Management Keys (9D) and Retired Key Management Keys ('82'to '95').as described in SP800-78-4. Intended to be used with either RSADP or ECC DHRSA: 1024, 2048, 3072, 4096; ECDSA P- 224, P- 256, P- 384, P- 521 - RSA: 80, 112, 128, 150; ECDSA: 112, 128, 192, 256KAS-ECC CDH Componen t RSA Decryption Primitive
MUTUAL- AUTHCSP - CSPMutual Authentication Key. Key type is identical to SP800-78-4 Symmetric Card Authentication Key (9E), except that the key is used to enforce mutual authentication access control rules128, 192, 256 - 128, 192, 256AES-ECB
DS-HASH (including intermediat e values)CSP - CSPDigital Signature key with built-in Hash (SHA2- 224, SHA2-256,RSA: 2048, 3072, 4096; ECDSA P-ECDSA keyGen RSA keyGenECDSA sigVer RSA sigVer
SHA2-384 & SHA2-512), and RSA PSS or ECDSASHA2-384 & SHA2-512), and RSA PSS or ECDSA224, P- 256, P- 384, P- 521 - RSA: 112, 128, 150; ECDSA: 112, 128, 192, 256
SAM-CMACCSP - CSPSymmetric key for generic CMAC computation128, 192, 256 - 128, 192, 256AES-CMAC
SAM-KDFCSP - CSPSymmetric Master Key used to execute the AES CMAC KDF Counter Mode derivation algorithm (as per NIST SP800- 108) and retrieve the diversified key value of a target card (SAM functionality)128, 192, 256 - 128, 192, 256KBKDF SP 800-108
SAM-KDF- ENCCSP - CSPSymmetric Master Key used for Administrator to unlock a child PIV card128, 192, 256 - 128, 192, 256AES-CMAC
HOTPCSP - CSPHMAC-Based One-time Password (HOTP) algorithm160 - 160HMAC
TOTP-SHA1CSP - CSPTime-based One-time Password (TOTP) algorithm specified in RFC 6238160 - 160SHA
TOTP- SHA256CSP - CSPTime-based One-time Password (TOTP) algorithm specified in RFC 6238256 - 256SHA
TOTP- SHA512CSP - CSPTime-based One-time Password (TOTP) algorithm specified in RFC 6238512 - 512SHA
DAP-PUB (including intermediat e values)PSP - PSPRSA 2048 new firmware signature verification key.2048 - 112RSA sigVer
PIV-SM-PUBPSP - PSPThe public key component used by the PIV Secure Message protocol. A superset of key types specified by SP800-78-4 is supported: P- 256, P-384 and P-521 curves.P-256, P- 384, P- 521 - 128, 192, 256KAS-ECC
PIV-AUTH- PUB (including intermediat e values)PSP - PSPPublic Component of PIV Authentication KeyRSA: 2048, 3072, 4096; ECDSA P- 224, P- 256, P- 384, P- 521 - RSA: 112, 128, 150; ECDSA: 112, 128, 192, 256ECDSA keyGen RSA keyGenECDSA sigVer RSA sigVer
PIV-DS-PUB (including intermediat e values)PSP - PSPPublic Component of PIV Digital Signature KeyRSA: 2048, 3072, 4096; ECDSA P- 224, P- 256, P- 384, P- 521 - RSA: 112, 128, 150; ECDSA: 112, 128, 192, 256ECDSA keyGen RSA keyGenECDSA sigVer RSA sigVer
PIV-KMK- PUB (including intermediat e values)PSP - PSPPublic Component of PIV Key Management KeysRSA: 2048, 3072, 4096; ECDSA P- 224, P- 256, P- 384, P- 521 - RSA: 112, 128, 150; ECDSA:KAS-ECC CDH Componen t RSA Decryption Primitive
DS-HASH- PUB (including intermediat e values)PSP - PSPPublic Component of Digital Signature key with built-in HashPublic Component of Digital Signature key with built-in HashRSA: 2048, 3072, 4096; ECDSA P- 224, P- 256, P- 384, P- 521 - RSA: 112, 128, 150; ECDSA: 112, 128, 192, 256ECDSA keyGen RSA keyGenECDSA sigVer RSA sigVer
OS-DRBG- SEEDRAM:PlaintextModule ResetUntil zeroizedOS-DRBG- STATE:Derives
OS-DRBG- STATERAM:PlaintextModule ResetUntil zeroizedOS-DRBG- SEED:Derived From
SD-DAKNVM:ObfuscatedGlobal Platform TERMINATED STATEUntil zeroizedSC- ENC:DerivesPIV Secure Messaging (SM) [Import] Global Platform Secure Channel (SC) [Import]
9.4 SSPs

The table below summarizes the Sensitive Security Parameters (SSPs) that are used by the cryptographic services implemented in the module. h y OS-DRBGSEED OS-DRBGSTATE © 2025 IDEMIA / atsec information security.

Page 75

ID-One PIV 243 h y © 2025 IDEMIA / atsec information security.

Page 76

ID-One PIV 243 h y OCCFingerprints N/A - N/A N/A - N/A N/A - N/A © 2025 IDEMIA / atsec information security.

Page 77

ID-One PIV 243 h y ECDSA P224, P256, P384, P521 RSA: t ECDSA P224, P256, Pt © 2025 IDEMIA / atsec information security.

Page 78

ID-One PIV 243 h y ECDSA P224, P256, P384, P521 RSA: 80, t MUTUALAUTH © 2025 IDEMIA / atsec information security.

Page 79

ID-One PIV 243 h y 224, P256, P384, P521 RSA: SAM-KDFENC © 2025 IDEMIA / atsec information security.

Page 80

ID-One PIV 243 h y TOTPSHA256 TOTPSHA512 © 2025 IDEMIA / atsec information security.

Page 81

ID-One PIV 243 h y PIV-AUTHPUB ECDSA P224, P256, P384, P521 RSA: ECDSA P224, P256, P384, P521 RSA: PIV-KMKPUB ECDSA P224, P256, P384, P521 RSA: t © 2025 IDEMIA / atsec information security.

Page 82
Sensitive security parameter
NameTypeDescriptionStrengthGenerationStorageZeroizationUseRelated SSPs
DS-HASH- PUB (including intermediat e values)PSP - PSPPublic Component of Digital Signature key with built-in HashPublic Component of Digital Signature key with built-in HashRSA: 2048, 3072, 4096; ECDSA P- 224, P- 256, P- 384, P- 521 - RSA: 112, 128, 150; ECDSA: 112, 128, 192, 256ECDSA keyGen RSA keyGenECDSA sigVer RSA sigVer
OS-DRBG- SEEDRAM:PlaintextModule ResetUntil zeroizedOS-DRBG- STATE:Derives
OS-DRBG- STATERAM:PlaintextModule ResetUntil zeroizedOS-DRBG- SEED:Derived From
SD-DAKNVM:ObfuscatedGlobal Platform TERMINATED STATEUntil zeroizedSC- ENC:DerivesPIV Secure Messaging (SM) [Import] Global Platform Secure Channel (SC) [Import]
SD-DMKNVM:ObfuscatedGlobal Platform TERMINATED STATEUntil zeroizedSC-C- MAC:Derives SC-R- MAC:DerivesPIV Secure Messaging (SM) [Import] Global Platform Secure Channel (SC) [Import]
SD-DEKNVM:ObfuscatedSELECT Context Module ResetUntil zeroizedPIV Secure Messaging (SM) [Import] Global Platform Secure Channel (SC) [Import]
SC-ENCRAM:PlaintextSELECT Context Module ResetUntil Secure Channel closedSD- DAK:Derived From
SC-C-MACRAM:PlaintextSELECT Context Module ResetUntil Secure Channel closedSD- DMK:Derived From
SC-R-MACRAM:PlaintextSELECT Context Module ResetUntil Secure Channel closedSD- DMK:Derived From
DAP-AESNVM:ObfuscatedGlobal Platform TERMINATED STATE Global Platform DELETE KEYUntil zeroizedPIV Secure Messaging (SM) [Import] Global Platform Secure Channel (SC) [Import]
PIV-SMNVM:ObfuscatedGlobal Platform TERMINATEDUntil zeroizedSM- ENC:DerivesPIV Secure Messaging

ID-One PIV 243 h y DS-HASHPUB ECDSA P224, P256, P384, P521 RSA: Table 20: SSP Table 1 The following table continues to summarize the Sensitive Security Parameters (SSPs) that are used by the cryptographic services implemented in the module. OS-DRBGSEED OS-DRBGSTATE SCENC:Derives © 2025 IDEMIA / atsec information security.

Page 83

ID-One PIV 243 SMENC:Derives © 2025 IDEMIA / atsec information security.

Page 84
Sensitive security parameter
NameStorageZeroizationUseImport Export
SM-ENCRAM:PlaintextNew key generation Error handling Module ResetPIV- SM:Derived FromUntil Secure Messaging closed
SM-C-MACRAM:PlaintextNew key generation Error handling Module ResetPIV- SM:Derived FromUntil Secure Messaging closed
SM-R-MACRAM:PlaintextNew key generation Error handling Module ResetPIV- SM:Derived FromUntil Secure Messaging closed
SM-CFRMRAM:PlaintextM_CLEAR_APDU Error handling Module ResetPIV-SM:Used WithAutomatically zeroized by the module once the SM is established.
PINNVM:ObfuscatedGlobal Platform TERMINATED STATE Global Platform DELETE APPLICATIONPIV Secure Messaging (SM) [Import] Global Platform Secure Channel (SC) [Import]Until changed or zeroized
OCC- FingerprintsNVM:ObfuscatedGlobal Platform TERMINATED STATEPIV Secure Messaging (SM)Until changed or zeroized
[Import] Global Platform Secure Channel (SC) [Import] Plaintext [Import]Global Platform DELETE APPLICATION[Import] Global Platform Secure Channel (SC) [Import] Plaintext [Import]
OCC-FacialNVM:ObfuscatedGlobal Platform TERMINATED STATE Global Platform DELETE APPLICATIONPIV Secure Messaging (SM) [Import] Global Platform Secure Channel (SC) [Import] Plaintext [Import]Until changed or zeroized
OCC-IrisNVM:ObfuscatedGlobal Platform TERMINATED STATE Global Platform DELETE APPLICATIONPIV Secure Messaging (SM) [Import] Global Platform Secure Channel (SC) [Import] Plaintext [Import]Until changed or zeroized
PUKNVM:ObfuscatedGlobal Platform TERMINATED STATE Global Platform DELETE APPLICATIONPIV Secure Messaging (SM) [Import] Global Platform Secure Channel (SC) [Import]Until changed or zeroized
ADMIN_PINNVM:ObfuscatedGlobal Platform TERMINATED STATE Global Platform DELETE APPLICATIONPIV Secure Messaging (SM) [Import] Global Platform Secure Channel (SC) [Import] Plaintext [Import]Until changed or zeroized
ADMIN_KEYNVM:ObfuscatedGlobal Platform TERMINATED STATE Global Platform DELETE APPLICATION PIV PUT KEYPIV Secure Messaging (SM) [Import] Global Platform Secure Channel (SC) [Import] Plaintext [Import]Until changed or zeroized
PIV-AUTH (including intermediate values)NVM:ObfuscatedGlobal Platform TERMINATED STATE Global Platform DELETE APPLICATION PIV PUT KEY New key generationPIV-AUTH-PUB (including intermediate values):Paired WithPIV Secure Messaging (SM) [Import] Global Platform Secure Channel (SC) [Import] Plaintext [Import]Until changed or zeroized
PIV-DS (including intermediate values)NVM:ObfuscatedGlobal Platform TERMINATED STATE Global Platform DELETE APPLICATION PIV PUT KEYPIV-DS-PUB (including intermediate values):Paired WithPIV Secure Messaging (SM) [Import] Global Platform SecureUntil changed or zeroized
Channel (SC) [Import] Plaintext [Import]New key generationChannel (SC) [Import] Plaintext [Import]
PIV-KMK (including intermediate values)NVM:ObfuscatedGlobal Platform TERMINATED STATE Global Platform DELETE APPLICATION PIV PUT KEY New key generationPIV-KMK-PUB (including intermediate values):Paired WithPIV Secure Messaging (SM) [Import] Global Platform Secure Channel (SC) [Import] Plaintext [Import]Until changed or zeroized
MUTUAL- AUTHNVM:ObfuscatedGlobal Platform TERMINATED STATE Global Platform DELETE APPLICATION PIV PUT KEYPIV Secure Messaging (SM) [Import] Global Platform Secure Channel (SC) [Import] Plaintext [Import]Until changed or zeroized
DS-HASH (including intermediate values)NVM:ObfuscatedGlobal Platform TERMINATED STATE Global Platform DELETE APPLICATION PIV PUT KEYDS-HASH-PUB (including intermediate values):Paired WithPIV Secure Messaging (SM) [Import] Global Platform Secure Channel (SC) [Import] Plaintext [Import]Until changed or zeroized
SAM-CMACNVM:ObfuscatedGlobal Platform TERMINATED STATE Global Platform DELETE APPLICATION PIV PUT KEYPIV Secure Messaging (SM) [Import] Global Platform Secure Channel (SC) [Import]Until changed or zeroized
SAM-KDFNVM:ObfuscatedGlobal Platform TERMINATED STATE Global Platform DELETE APPLICATION PIV PUT KEYPIV Secure Messaging (SM) [Import] Global Platform Secure Channel (SC) [Import]Until changed or zeroized
SAM-KDF- ENCNVM:ObfuscatedGlobal Platform TERMINATED STATE Global Platform DELETE APPLICATION PIV PUT KEYPIV Secure Messaging (SM) [Import] Global Platform Secure Channel (SC) [Import]Until changed or zeroized
HOTPNVM:ObfuscatedGlobal Platform TERMINATED STATE Global Platform DELETE APPLICATION PIV PUT KEYPIV Secure Messaging (SM) [Import] Global Platform Secure Channel (SC) [Import]Until changed or zeroized
TOTP-SHA1NVM:ObfuscatedGlobal Platform TERMINATEDPIV Secure MessagingUntil changed or zeroized
(SM) [Import] Global Platform Secure Channel (SC) [Import]STATE Global Platform DELETE APPLICATION PIV PUT KEY(SM) [Import] Global Platform Secure Channel (SC) [Import]
TOTP- SHA256NVM:ObfuscatedGlobal Platform TERMINATED STATE Global Platform DELETE APPLICATION PIV PUT KEYPIV Secure Messaging (SM) [Import] Global Platform Secure Channel (SC) [Import]Until changed or zeroized
TOTP- SHA512NVM:ObfuscatedGlobal Platform TERMINATED STATE Global Platform DELETE APPLICATION PIV PUT KEYPIV Secure Messaging (SM) [Import] Global Platform Secure Channel (SC) [Import]Until changed or zeroized
DAP-PUB (including intermediate values)NVM:ObfuscatedGlobal Platform TERMINATED STATE Global Platform DELETE APPLICATION PIV PUT KEYPIV Secure Messaging (SM) [Import] PIV Secure Messaging (SM) [Export] Global Platform Secure Channel (SC) [Import] Global PlatformUntil changed or zeroized
PIV-SM-PUBNVM:ObfuscatedGlobal Platform TERMINATED STATE Global Platform DELETE APPLICATION PIV PUT KEYPIV-SM:Paired WithPIV Secure Messaging (SM) [Import] PIV Secure Messaging (SM) [Export] Global Platform Secure Channel (SC) [Import] Global Platform Secure Channel (SC) [Export] Plaintext [Export] (PSPs Only)Until changed or zeroized
PIV-AUTH- PUB (including intermediate values)NVM:ObfuscatedGlobal Platform TERMINATED STATE Global Platform DELETE APPLICATION PIV PUT KEYPIV-AUTH (including intermediate values):Paired WithPIV Secure Messaging (SM) [Import] PIV Secure Messaging (SM) [Export] Global Platform Secure Channel (SC)Until changed or zeroized
PIV-DS-PUB (including intermediate values)NVM:ObfuscatedGlobal Platform TERMINATED STATE Global Platform DELETE APPLICATION PIV PUT KEYPIV-DS (including intermediate values):Paired WithPIV Secure Messaging (SM) [Import] PIV Secure Messaging (SM) [Export] Global Platform Secure Channel (SC) [Import] Global Platform Secure Channel (SC) [Export] Plaintext [Export] (PSPs Only)Until changed or zeroized
PIV-KMK-PUB (including intermediate values)NVM:ObfuscatedGlobal Platform TERMINATED STATE Global Platform DELETE APPLICATION PIV PUT KEYPIV-KMK (including intermediate values):Paired WithPIV Secure Messaging (SM) [Import] PIV Secure Messaging (SM) [Export] Global PlatformUntil changed or zeroized
DS-HASH- PUB (including intermediate values)NVM:ObfuscatedGlobal Platform TERMINATED STATE Global Platform DELETE APPLICATION PIV PUT KEYDS-HASH (including intermediate values):Paired WithPIV Secure Messaging (SM) [Import] PIV Secure Messaging (SM) [Export] Global Platform Secure Channel (SC) [Import] Global Platform Secure Channel (SC) [Export] Plaintext [Export] (PSPs Only)Until changed or zeroized

ID-One PIV 243 SMCFRM:Used PIVSM:Derived PIVSM:Derived PIVSM:Derived OCCFingerprints © 2025 IDEMIA / atsec information security.

Page 85

ID-One PIV 243 © 2025 IDEMIA / atsec information security.

Page 86

ID-One PIV 243 © 2025 IDEMIA / atsec information security.

Page 87

ID-One PIV 243 MUTUALAUTH © 2025 IDEMIA / atsec information security.

Page 88

ID-One PIV 243 SAM-KDFENC © 2025 IDEMIA / atsec information security.

Page 89

ID-One PIV 243 TOTPSHA256 TOTPSHA512 © 2025 IDEMIA / atsec information security.

Page 90

ID-One PIV 243 PIV-AUTHPUB © 2025 IDEMIA / atsec information security.

Page 91

ID-One PIV 243 © 2025 IDEMIA / atsec information security.

Page 92

ID-One PIV 243 DS-HASHPUB Table 21: SSP Table 2 © 2025 IDEMIA / atsec information security.

Page 93
Self test
NameAlgorithm Or TestTest MethodTest TypeDetailsTest PropertiesIndicatorConditions
CRC (ROM)CRC (ROM)EDCSW/FW IntegrityPerformed over all ROM code16-bit CRC1
CRC (NVM)CRC (NVM)EDCSW/FW IntegrityPerformed over all executable code in NVM16-bit CRC1
CRCCRCKATCASTCAST performed prior to use of algorithm for16-bit CRC1Device power-on or reset
Self test
NameAlgorithm Or TestTest MethodTest TypeDetailsTest PropertiesIndicatorConditions
CRC (ROM)CRC (ROM)EDCSW/FW IntegrityPerformed over all ROM code16-bit CRC1
CRC (NVM)CRC (NVM)EDCSW/FW IntegrityPerformed over all executable code in NVM16-bit CRC1
CRCCRCKATCASTCAST performed prior to use of algorithm for16-bit CRC1Device power-on or reset
AES-ECB (A4945)AES-ECB (A4945)KATCASTDecrypt128-bit key1Boot Up or "Context" service
KDF SP800- 108 (A4945)KDF SP800- 108 (A4945)KATCASTKey DerivationCTR mode KDF using AES-CMAC with 128-bit key1Boot Up or "Context" service
Counter DRBG (A4945)Counter DRBG (A4945)KATCASTInstantiate, Generate, Reseed256-bit key1Boot Up or "Context" service
ECDSA KeyGen (FIPS186-4) (A4945)ECDSA KeyGen (FIPS186-4) (A4945)PCTPCTSign/Verifysignature generation followed by signature verification using curve P-2561On ECDSA Key Generation
ECDSA SigGen (FIPS186-4) (A4945)ECDSA SigGen (FIPS186-4) (A4945)KATCASTSign generation comparisonECDSA Signature Generation using curve P-2561First Use or "Context" service
ECDSA SigVer (FIPS186-4) (A4945)ECDSA SigVer (FIPS186-4) (A4945)KATCASTSign verification comparisonECDSA Signature Generation using curve P-2561First Use or "Context" service
KAS-ECC Sp800- 56Ar3 (A4945)KAS-ECC Sp800- 56Ar3 (A4945)KATCASTKAS comparisonKAS-ECC using curve P-256 followed by One- step KDF1First Use or "Context" service
HMAC- SHA2-256 (A4945)HMAC- SHA2-256 (A4945)KATCASTHMAC128-bit key1Boot Up or "Context" service
SHA2-256 (A4945)SHA2-256 (A4945)KATCASTSHA2N/A1Boot Up or "Context" service
SHA2-512 (A4945)SHA2-512 (A4945)KATCASTSHA2N/A1Boot Up or "Context" service
RSA KeyGen (FIPS186-4) (A4945)RSA KeyGen (FIPS186-4) (A4945)PCTPCTSign/Verifysignature generation followed by signature verification using 2048-bit key1On RSA Key Generation
RSA SigGen (FIPS186-4) (A4945)RSA SigGen (FIPS186-4) (A4945)KATCASTSignSignature Generation using PKCS1-PSS with 2048-bit key1Boot Up or "Context" service
RSA SigVer (FIPS186-4) (A4945)RSA SigVer (FIPS186-4) (A4945)KATCASTVerifySignature Verification using PKCS1-PSS with 2048-bit key1First Use or "Context" service
RSA SigVer (FIPS186-4) SW/FW Load testRSA SigVer (FIPS186-4) SW/FW Load testCASTSW/FW LoadUsing RSA signatureSignature Verification using PKCS1-PSS with 2048-bit key1Firmware integrity test
AES-CMAC (A4945)AES-CMAC (A4945)Integrity TestSW/FW LoadUsing CMACAES-CMAC message authentication code using 128 bit key1Firmware integrity test
SHA2-256 (A4945)SHA2-256 (A4945)Integrity TestSW/FW LoadMessage DigestSHA-256 performed over loaded firmware1Firmware integrity test
10 Self-Tests

The module performs the following self-tests: pre-operational firmware integrity test, conditional cryptographic algorithm test, conditional firmware load test and conditional pair-wise consistency The module does not support any of the following self-tests: Pre-operational Self-tests - preoperational bypass nor pre-operational critical functions test, conditional manual entry test, conditional bypass test, nor conditional critical functions test. Determination of pass or fail of each self-test is made by the module, without external controls, externally provided input test vectors, expected output results, or operator intervention. The module can also perform preoperational self-tests on demand for all pre-operational selftests by power cycling the module or by calling the “Run Self-Tests” service.

10.1 Pre-Operational Self-Tests

The module performs pre-operational firmware integrity test automatically as a first action at power on. The module first performs a CAST on the cryptographic algorithm test used to perform the approved integrity technique. The module will enter the error state if the either the conditional CAST or integrity test fails or proceed to test the conditional CASTs listed in Table 25 if both passes. Table 22: Pre-Operational Self-Tests

10.2 Conditional Self-Tests

The module performs conditional CAST prior to the algorithm’s first use. The module performs Conditional Pair-wise Consistency Tests upon generating RSA, ECDSA or ECDH asymmetric key pairs. The test is implemented by calculating a signature on predetermined data and subsequently performing a verification of the signature. If the signature cannot be verified, the generated key-pair is discarded. The module performs a conditional firmware load test when the module loads new firmware. © 2025 IDEMIA / atsec information security.

Page 94

ID-One PIV 243 Sp80056Ar3 HMACSHA2-256 N/A © 2025 IDEMIA / atsec information security.

Page 95

ID-One PIV 243 N/A Table 23: Conditional Self-Tests

10.3 Periodic Self-Test Information

The module has the capability to perform the pre-operational and conditional self-tests periodically. This may occur after a predefined number of -minutes passes, or, depending on the factory configuration, after invoking a predefined number of commands (APDUs). The default configuration triggers a Periodic Self-Tests every 2 weeks of uninterrupted power. That time can be adjusted by the Application Administrator from 1 to 32767 minutes. © 2025 IDEMIA / atsec information security.

Page 96
Self test
NameAlgorithm Or TestTest MethodTest TypePeriodPeriodic Method
CRC (ROM)CRC (ROM)EDCSW/FW IntegrityEvery 1 to 32767 min / After invoking 1 to 32767 APDUsTime / Counter
CRC (NVM)CRC (NVM)EDCSW/FW IntegrityEvery 1 to 32767 min / After invoking 1 to 32767 APDUsTime / Counter
CRCCRCKATCASTEvery 1 to 32767 min / After invoking 1 to 32767 APDUsTime / Counter
AES-ECB (A4945)AES-ECB (A4945)KATCASTEvery 1 to 32767 min / After invoking 1 to 32767 APDUsTime / Counter
KDF SP800-108 (A4945)KDF SP800-108 (A4945)KATCASTEvery 1 to 32767 min / After invoking 1 to 32767 APDUsTime / Counter
Counter DRBG (A4945)Counter DRBG (A4945)KATCASTEvery 1 to 32767 min / After invoking 1 to 32767 APDUsTime / Counter
ECDSA KeyGen (FIPS186-4) (A4945)ECDSA KeyGen (FIPS186-4) (A4945)PCTPCTEvery 1 to 32767 min / After invoking 1 to 32767 APDUsTime / Counter
ECDSA SigGen (FIPS186-4) (A4945)ECDSA SigGen (FIPS186-4) (A4945)KATCASTEvery 1 to 32767 min / After invoking 1 to 32767 APDUsTime / Counter
ECDSA SigVer (FIPS186-4) (A4945)ECDSA SigVer (FIPS186-4) (A4945)KATCASTEvery 1 to 32767 min / After invoking 1 to 32767 APDUsTime / Counter
KAS-ECC Sp800- 56Ar3 (A4945)KAS-ECC Sp800- 56Ar3 (A4945)KATCASTEvery 1 to 32767 min / After invoking 1 to 32767 APDUsTime / Counter
HMAC-SHA2-256 (A4945)HMAC-SHA2-256 (A4945)KATCASTEvery 1 to 32767 min / After invoking 1 to 32767 APDUsTime / Counter
SHA2-256 (A4945)SHA2-256 (A4945)KATCASTEvery 1 to 32767 min / After invoking 1 to 32767 APDUsTime / Counter
SHA2-512 (A4945)SHA2-512 (A4945)KATCASTEvery 1 to 32767 min / After invoking 1 to 32767 APDUsTime / Counter
RSA KeyGen (FIPS186-4) (A4945)RSA KeyGen (FIPS186-4) (A4945)PCTPCTEvery 1 to 32767 min / After invoking 1 to 32767 APDUsTime / Counter
RSA SigGen (FIPS186-4) (A4945)RSA SigGen (FIPS186-4) (A4945)KATCASTEvery 1 to 32767 min / After invoking 1 to 32767 APDUsTime / Counter
RSA SigVer (FIPS186-4) (A4945)RSA SigVer (FIPS186-4) (A4945)KATCASTEvery 1 to 32767 min / After invoking 1 to 32767 APDUsTime / Counter
RSA SigVer (FIPS186-4) SW/FW Load testRSA SigVer (FIPS186-4) SW/FW Load testCASTSW/FW LoadUpon loading of new firmwareN/A
AES-CMAC (A4945)AES-CMAC (A4945)Integrity TestSW/FW LoadUpon loading of new firmwareN/A
SHA2-256 (A4945)SHA2-256 (A4945)Integrity TestSW/FW LoadUpon loading of new firmwareN/A

ID-One PIV 243 Table 24: Pre-Operational Periodic Information © 2025 IDEMIA / atsec information security.

Page 97

ID-One PIV 243 N/A N/A © 2025 IDEMIA / atsec information security.

Page 98
Service
NameDescriptionRole AccessIndicator
Kill Card StateNo further communication is possible with the module until the module is reset.Pre-operational firmware integrity test fail any conditional self-test failure other than PCTAn error code is provided through the status interfaceResetting the module
BAD APDUEntered when an incorrectly formatted or unknown command is received.The module outputs a status word indicating the error condition and returns to the Idle state, clearing the error. This state includes Manage Content service firmware load attempts that fail the firmware load test; i.e., an attempt to load new firmware that fails the firmware load test will result in rejection of the command, and the new firmware will not be accepted by the module.An error code is provided through the status interfaceRecovers automatically after reporting the error

ID-One PIV 243 N/A Table 25: Conditional Periodic Information

10.4 Error States

zone called the “Kill Card Zone” records the reason for the failure. All cryptographic functions are inhibited while the module is in an error state. The table below describes the error states in detail: Table 26: Error States © 2025 IDEMIA / atsec information security.

Page 99
11 Life-Cycle Assurance
11.1 Installation, Initialization, and Startup Procedures
11.1.1 Initialization

The module must have been initialized, within IDEMIA factory, to run in FIPS 140-3 level 2 mode of operation (e.g., NPIVP, CIV, etc.).

11.1.2 Startup Procedures

After manufacturing, the module is locked by a PIN Activation Code. The PIN Activation Code allows the card holder to set his or her own PIN value upon getting possession of the card. The PIN Activation Code can only be used as an authentication value for the initialization of the PIV PIN. The card holder's PIV PIN is then used for card activation.

11.2 Administrator Guidance

The module does not implement an administrator guidance.

11.3 Non-Administrator Guidance

The module does not implement a non-administrator guidance.

11.4 Design and Rules

The module enforces the following security rules:

  1. The module provides three distinct operator roles: Cryptographic Officer, PIV Application Administrator and User.
  2. The module provides identity-based authentication.
  3. The module clears previous authentications on power cycle.
  4. The module’s firmware is in executable form that does not require further compilation and there is no dynamically modified code.
  5. Pre-operational Integrity self-tests do not require any operator action.
  6. Data outputs are inhibited during key generation, self-tests, zeroization, and error states.
  7. Status information does not contain CSPs or sensitive data that if misused could lead to a compromise of the module.
  8. There are no restrictions on which keys or CSPs are zeroized by the zeroization service.
  9. The module does not support a maintenance interface or role.
  10. The module does not support manual key entry.
  11. The module does not have any proprietary external input/output devices used for entry/output of data.
  12. The module does not output intermediate key values or plaintext CSPs. No additional interface or service is implemented by the module which would provide access to CSPs.
11.6 End of Life

The module lifecycle service can be used to set the module's status to TERMINATED. All SSPs will be zeroized upon module reset. © 2025 IDEMIA / atsec information security.

Page 100
12 Mitigation of Other Attacks
12.1 Attack List

The Module implements defenses against:

12.2 Guidance and Constraints

The Kill Card function logs the detected attack type in a table. The table has a preset limit; when the limit is reached, the module initiates card termination, including overwrite of the CSPs, and the module is no longer operable. © 2025 IDEMIA / atsec information security.

Page 101

ID-One PIV 243 References ANS X9.632001 Public Key Cryptography for the Financial Services Industry, Key Agreement and Key Transport Using Elliptic Curve Cryptography 2001 https://webstore.ansi.org/standards/ascx9/ansix9632001 ANSI X9.62 Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA) September 1999 https://webstore.ansi.org/standards/ascx9/ansix9621998 ANSI 504-1 Information Technology - Generic Identity Command Set - Part 1: Card Application Command Set - Amendment 1 May 2016 https://webstore.ansi.org/standards/incits/incits5042013am12016 FIPS 140-3 FIPS PUB 140-3 - Security Requirements for Cryptographic Modules November 2023 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-3.pdf FIPS 140-3 IG Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program https://csrc.nist.gov/Projects/cryptographic-module-validation-program/fips140-3-ig-announcements FIPS 180-4 Secure Hash Standard (SHS) March 2012 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf FIPS 186-4 Digital Signature Standard (DSS) July 2013 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf FIPS 197 Advanced Encryption Standard November 2001 https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf FIPS 198-1 The Keyed Hash Message Authentication Code (HMAC) July 2008 https://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf © 2025 IDEMIA / atsec information security.

Page 102

ID-One PIV 243 FIPS 201-3 Personal Identity Verification (PIV) of Federal Employees and Contractors January 2022 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.201-3.pdf FIPS 202 SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions August 2015 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf GPC_SPE_014 GlobalPlatform Card Technology Secure Channel Protocol '03' Card Specification v2.2

Page 103

ID-One PIV 243 SP 800-38A Recommendation for Block Cipher Modes of Operation Methods and Techniques December 2001 https://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf SP 800-38B Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication May 2005 https://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf SP 800-38F Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping December 2012 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf SP 800-56Ar3 Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography April 2018 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar3.pdf SP800-56B Rev2 Recommendation for Pair-Wise Key Establishment Using Integer Factorization Cryptography March 2019 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Br2.pdf SP 800-56Cr2 Recommendation for Key-Derivation Methods in Key-Establishment Schemes August 2020 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Cr2.pdf SP 800-73-4 Interfaces for Personal Identity Verification

Page 104

ID-One PIV 243 SP 800-85A-4 PIV Card Application and Middleware Interface Test Guidelines (SP 800-73-4 Compliance) April 2016 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-85A-4.pdf SP 800-90Ar1 Recommendation for Random Number Generation Using Deterministic Random Bit Generators June 2015 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf SP 800-90B Recommendation for the Entropy Sources Used for Random Bit Generation January 2018 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90B.pdf SP 800-108r1 NIST Special Publication 800-108 - Recommendation for Key Derivation Using Pseudorandom Functions August 2022 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf SP 800-131Ar2 Transitioning the Use of Cryptographic Algorithms and Key Lengths March 2019 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf SP 800-133r2 Recommendation for Cryptographic Key Generation June 2020 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-133r2.pdf SP 800-140Br1 CMVP Security Policy Requirements October 2022 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800140Br1.2pd.pdf © 2025 IDEMIA / atsec information security.

Referenced URLs