| Standard | FIPS 140-3 |
|---|---|
| Overall level | 2 |
| Module type | Hardware |
| Embodiment | Single Chip |
| Status | Active |
| Sunset date | 6/17/2030 |
| Caveat | None |
| Vendor | HID Global |
flowchart LR
%% Deterministic review-risk graph for HID Global ActivID Applet 2.7.7 & 2.7.8 on Thales IDCore 3230 Platform
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>firmware load<br/>UPDATE</i>"]
C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Self-Test<br/>UnAuth<br/>unauthenticated</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>HTTPS<br/>no library/version identified</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>application</i>"]
end
subgraph Inference["Derived inference"]
I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C5,C6 clue;
class I2,I3,I5,I6 infer;
class R2,R3,R5,R6 risk;
class E2,E3,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for HID Global ActivID Applet 2.7.7 & 2.7.8 on Thales IDCore 3230 Platform
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>firmware load<br/>UPDATE</i><br/>src: text:keyword"]
C3["[low] Self-test / status surface (referenced in text)<br/><i>Self-Test<br/>UnAuth<br/>unauthenticated</i><br/>src: text:keyword"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>HTTPS<br/>no library/version identified</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>application</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C3,C5,C6 clueLow;HID Global HID Global ActivID Applet 2.7.7 & 2.7.8 on Thales IDCore 3230 Platform HID Global ActivID Applet Suite 2.7.7 & 2.7.8 on the Thales IDCore 3230 Platform Cryptographic Module Non-Proprietary Security Policy 002-000482-001, Rev F, Sep 27, 2024
| # | Section | Page |
|---|
HID Global ActivID Applet Suite 2.7.7 & 2.7.8 on the Thales IDCore 3230 Platform Cryptographic Module Non-Proprietary Security Policy 002-000482-001, Rev F, Sep 27, 2024
| Item | Page |
|---|---|
| Table 1: Security Levels | 5 |
| Table 2: Tested Module Identification – Hardware | 8 |
| Table 3: Modes List and Description | 9 |
| Table 4: Approved Algorithms | 11 |
| Table 5: Vendor-Affirmed Algorithms | 11 |
| Table 6: Security Function Implementations | 13 |
| Table 7: Entropy Certificates | 13 |
| Table 8: Entropy Sources | 13 |
| Table 9: Ports and Interfaces | 15 |
| Table 10: Authentication Methods | 16 |
| Table 11: Roles | 16 |
| Table 12: Approved Services | 21 |
| Table 13: Mechanisms and Actions Required | 22 |
| Table 14: EFP/EFT Information | 23 |
| Table 15: Hardness Testing Temperatures | 23 |
| Table 16: Storage Areas | 24 |
| Table 17: SSP Input-Output Methods | 24 |
| Table 18: SSP Zeroization Methods | 24 |
| Table 19: SSP Table 1 | 28 |
| Table 20: SSP Table 2 | 32 |
| Table 21: Pre-Operational Self-Tests | 32 |
| Table 22: Conditional Self-Tests | 33 |
| Table 23: Pre-Operational Periodic Information | 34 |
| Table 24: Conditional Periodic Information | 34 |
| Table 25: Error States | 35 |
| Figure 1: Block Diagram | 6 |
| Figure 2 : Tags for Tracking Data (Approved Mode) | 9 |
| Figure 3 : Card Production Life Cycle Data | 9 |
| Figure 4 : Versions and Operations Indicators | 10 |
This document is the non-proprietary FIPS 140-3 Security Policy for the HID Global ActivID Applet 2.7.7 &
2.7.8 on the Thales IDCore 3230 Platform Cryptographic Module. This document may freely be reproduced
and distributed in its entirety. This Security Policy describes the security services provided by the module and describes how the module meets the requirements of FIPS 140-3 (Federal Information Processing Standards 140-3) for an overall Security Level 2 implementation.
Section Title Security Level
Overall Level 2 Table 1: Security Levels
Purpose and Use: The Module is designed to be embedded into a plastic card body, USB key, secure element etc., with a contact plate connection and/or RF antenna. The physical form of the Module is depicted in following pictures (to scale). The cryptographic boundary is defined as the surfaces and edges of the packages. The Module relies on [ISO 7816] and/or [ISO 14443] card readers as input/output devices. WORLD Combi RLT module (SLC37GDA512) for 3230 Oblong punching Top View
This document defines the Security Policy for the HID Global ActivID Applet 2.7.7 & 2.7.8 on the Thales IDCore
3230 Platform cryptographic module, herein denoted the Module. The Module, validated to FIPS 140-3 overall
Level 2, is a single-chip “contact and contactless” module implementing the Global Platform operational environment, with Card Manager and the HID Global ActivID Applet. The term platform herein is used to describe the chip and operational environment, not inclusive of the ActivID Applet. The Module has a limited operational environment. The Module includes a firmware load function to support necessary updates. New firmware versions within the scope of this Security Policy and certificate must be validated through the FIPS 140-3 CMVP. Any other firmware loaded onto this module is out of the scope of this validation and requires a separate FIPS 140-3 validation. The Module is designed to be embedded into a plastic card body, passport, USB key, secure element etc., with a contact plate connection and/or RF antenna. Module Type: Hardware Module Embodiment: SingleChip Module Characteristics: Cryptographic Boundary: Figure 1 below depicts the Module’s block diagram, with a red outline highlighting the cryptographic boundary. The cryptographic boundary encompasses all the components. included on the single chip. Figure 1: Block Diagram The Cryptographic Module (CM) is fully compliant with two major cards industry standards: Oracle Java Card
HID Global ActivID Applet Suite 2.7.7 & 2.7.8 on the Thales IDCore 3230 Platform Cryptographic Module Non-Proprietary Security Policy 002-000482-001, Rev F, Sep 27, 2024
The CM supports [ISO7816] T=0, T=1 and T=CL communication protocols. The CM provides an execution sandbox for Applets, performing the requested services as described in this security policy. Applets access module functionality via internal API entry points that are not exposed to external entities. External devices have access to CM services by sending APDU commands. The CM inhibits all data output via the data output interface while the module is in error state and during selftests. The JavaCard API (JCAPI) is an internal interface, available to applets. Only applet services are available at the card edge (the interfaces that cross the cryptographic boundary). The Javacard Runtime Environment (JCRE) implements the dispatcher, registry, loader, and logical channel functionalities. The Virtual Machine (VM) implements the byte code interpreter, firewall, exception management and byte code optimizer functionalities. The Card Manager is the card administration entity, allowing authorized users to manage the card content, keys, and life cycle states. The Card Manager behaves similarly to an applet, but is properly represented as a constituent of the platform. In case of delegated management (DM), the Supplementary Security Domain (SSD) behaves similarly to the Card Manager in term of card content, keys and life cycle states. The Memory Manager implements functions such as memory access, allocation, deletion and garbage collection. The Communication handler implements the ISO 7816 and ISO 14443 communications protocols in contactless mode and dual mode. The Cryptography Libraries implement the Approved services listed in Section 2.5. The HID Global ActivID Applet 2.7.7 & 2.7.8 comprises:
Tested Module Identification
Application Firmware: HID Global ActivID Applet 2.7.7 is comprised of
HID Global ActivID Applet Suite 2.7.7 & 2.7.8 on the Thales IDCore 3230 Platform Cryptographic Module Non-Proprietary Security Policy 002-000482-001, Rev F, Sep 27, 2024
Modes List and Description: Mode Name Description Type Status Indicator Approved mode This is the module's only mode of operation Approved "8900" in byte 11-12 of tag 0103 Table 3: Modes List and Description The module is acting in an approved mode of operation when the module provides the services described in the Approved Services table. These services use the security functions listed in the Approved Algorithm table in an approved manner. The security service indicator provides confirmation that an approved service has been provided. Once the module has been delivered outside of the factory, the CM is always in Approved mode. The configuration cannot be changed outside the factory. The CM does not support a non-approved mode of operation. To identify the CM, verify that a CM is in the approved mode of operation, select the Card Manager and send the GET DATA commands shown below: Field CLA INS P1-P2 (Tag) Le (Expected response length) Purpose 9F-7F 2Dh Get CPLC data (tag 9F 7F) Get Identification data (tag 01 Value 00 CA 01-03 1Dh 03) Get Approved mode 01-2F 10h parameters (tag 01 2F): Figure 2 : Tags for Tracking Data (Approved Mode) The CM production life cycle data can be checked using GET DATA command with tag ‘9F7F’. The Module responds with 42 bytes composed of: IDCore 3230
The CM identification data can be checked using GET DATA command with tag ‘0103’. The Module responds with 29 bytes composed of: IDCORE 3230
7-8 Chip Manufacturer 4090 Infineon 9-10 Chip Version 7305 SLC37GDA512 11-12 Operational Mode 8900 Approved mode
14-15 Specific chip ID 32 30 32 30 = Contact and Contactless
16-17 HID Piv applet version 02 77
18-29 RFU xx..xxh RFU Figure 4 : Versions and Operations Indicators The status of the Approved mode of operation can be checked using GET DATA command with tag ‘012F’. The Module responds with 16 bytes composed of:
Approved Algorithms: Algorithm CAVP Cert Properties Reference AES-CBC A2877 Direction - Decrypt, Encrypt SP 800-38A Key Length - 128, 192, 256 AES-CMAC A2877 Direction - Generation, Verification SP 800-38B Key Length - 128, 192, 256 AES-ECB A2877 Direction - Decrypt, Encrypt SP 800-38A Key Length - 128, 192, 256 Counter DRBG A2877 Prediction Resistance - No SP 800-90A Rev. Mode - AES-256 1 Derivation Function Enabled - Yes ECDSA KeyGen A2877 Curve - P-224, P-256, P-384, P-521 FIPS 186-5 (FIPS186-5) Secret Generation Mode - extra bits HID Global ActivID Applet Suite 2.7.7 & 2.7.8 on the Thales IDCore 3230 Platform Cryptographic Module Non-Proprietary Security Policy 002-000482-001, Rev F, Sep 27, 2024
Algorithm CAVP Cert Properties Reference KAS-ECC Sp800-56Ar3 A2877 Domain Parameter Generation Methods - P-256 SP 800-56A Rev. Function - Partial Validation 3 Scheme onePassDh KAS Role - Responder KDF Methods oneStepKdf Key Length - 512 KDF SP800-108 A2877 KDF Mode - Counter SP 800-108 Rev. Supported Lengths - Supported Lengths: 128-256 1 Increment 64 KTS-IFC A2877 Modulo - 2048, 3072, 4096 SP 800-56B Rev. Key Generation Methods - rsakpg1-basic, rsakpg1-crt 2 Scheme KTS-OAEP-basic KAS Role - responder Key Transport Method Key Length - 512 RSA KeyGen (FIPS186-5) A2877 Key Generation Mode - probable FIPS 186-5 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512 Primality Tests - 2pow100 Modulo - 2048, 3072 Private Key Format - standard RSA SigGen (FIPS186-5) A2877 Modulo - 2048, 3072 FIPS 186-5 Signature Type - pkcs1v1.5, pss RSA SigVer (FIPS186-5) A2877 Modulo - 2048, 3072, 4096 FIPS 186-5 Signature Type - pkcs1v1.5, pss SHA2-224 A2877 Message Length - Message Length: 8-65536 Increment 8 FIPS 180-4 SHA2-256 A2877 Message Length - Message Length: 8-65536 Increment 8 FIPS 180-4 SHA2-384 A2877 Message Length - Message Length: 8-65536 Increment 8 FIPS 180-4 SHA2-512 A2877 Message Length - Message Length: 8-65536 Increment 8 FIPS 180-4 Table 4: Approved Algorithms NOTE: Only the algorithms specified in the table above are supported by the module in approved mode of operation. Vendor-Affirmed Algorithms: Name Properties Implementation Reference CKG Key Type:Asymmetric N/A SP800-133r2 Section 4, Example 1 Table 5: Vendor-Affirmed Algorithms Non-Approved, Allowed Algorithms: N/A for this module. Non-Approved, Allowed Algorithms with No Security Claimed: N/A for this module. HID Global ActivID Applet Suite 2.7.7 & 2.7.8 on the Thales IDCore 3230 Platform Cryptographic Module Non-Proprietary Security Policy 002-000482-001, Rev F, Sep 27, 2024
Non-Approved, Not Allowed Algorithms: N/A for this module.
Name Type Description Properties Algorithms Digital Signature DigSig-SigGen Signature Generation RSA SigGen Generation RSA (FIPS186-5): (A2877) Digital Signature DigSig-SigVer Signature Verification RSA SigVer (FIPS186Verification RSA 5): (A2877) Encryption - BC-UnAuth Block cipher Strength:128, 192, 256 AES-CBC: (A2877) Decryption unauthenticated bits Sizes: 128, 192, 256 bits AES-ECB: (A2877) Sizes: 128, 192, 256 bits Generate Key Pair EC AsymKeyPair-KeyGen Demonstrate ECC key ECDSA KeyGen (CKG) generation (FIPS186-5): (A2877) Counter DRBG: (A2877) CKG: () Key Type: Asymmetric Generate Key Pair AsymKeyPair-KeyGen Demonstrate RSA key RSA KeyGen RSA (CKG) generation (FIPS186-5): (A2877) Counter DRBG: (A2877) CKG: () Key Type: Asymmetric KDF KBKDF Key-Based Key AES-CMAC: (A2877) Derivation Sizes: 128,192, 256 KDF SP800-108: (A2877) KTS KTS-Wrap Key Transport using Strength:Key transport AES-CBC: (A2877) AES ECB or CBC for methodology providing Sizes: 128,192, 256 encryption and AES- between 128 and 256 AES-CMAC: (A2877) CMAC for bits of security Sizes: 128,192, 256 authentication strength AES-ECB: (A2877) Standard:SP 800-38F IG D.G:Approved method #2 KTS-IFC KTS-Encap Key Transport Strength:Key KTS-IFC: (A2877) Encapsulation establishment Modulus: 2048, 3072 methodology providing between 112 and 128 bits of security strength Standard:SP 80056Br2 IG D.G:Approved method #1 Message MAC Message AES-CMAC: (A2877) Authentication Authentication Sizes: 128,192, 256 Opacity Secure KAS-Full Key Agreement IG:IG D.F Scenario 2, KAS-ECC Sp800Channel (KAS) Scheme, SP800- path 2 56Ar3: (A2877) 56Cr2 Key Derivation, Key Derivation:SP AES-CMAC: (A2877) Message 800-56Cr2 KDA Sizes: 128 Authentication for key (Tested as part of KAS Counter DRBG: confirmation (A2877) HID Global ActivID Applet Suite 2.7.7 & 2.7.8 on the Thales IDCore 3230 Platform Cryptographic Module Non-Proprietary Security Policy 002-000482-001, Rev F, Sep 27, 2024
Name Type Description Properties Algorithms certificate) Key Confirmation:Yes Secure Hash SHA Compute the hash SHA2-224: (A2877) value SHA2-256: (A2877) SHA2-384: (A2877) SHA2-512: (A2877) Table 6: Security Function Implementations The table lists the security functions provided by the HID Global ActivID Applet 2.7.7 & 2.7.8 on the Thales IDCore 3230 Platform Cryptographic Module.
SP 800-56Ar3 Assurances: The module is systematically checking the key in mode FULL VALIDATION at EC public key generation and key agreement, it implements assurances for SP800-56Ar3 section 5.6.2.3.3 for ECC full public key validation.
Cert Vendor Number Name E107 Infineon Table 7: Entropy Certificates Name Type Operational Sample Entropy per Sample Conditioning Environment Size Component SLC37 32-bit Security Physical N/A 32 bits Min-entropy claimed: 13.376 bits per 32- N/A Controller bit blocks. Table 8: Entropy Sources ESV certificate (#E107) has been procured for this entropy source. The output of the entropy source is used to directly feed the DRBG. The DRBG uses CTR_DRBG from [SP800-90Ar1] with Derivation Function (DF) enabled. 1024-bits of entropy at 13.376 bits per 32-bits minentropy are fed to the DF which accounts for 428.032 -bits of entropy which exceed the 256-bits required by CTR_DRBG to claim full entropy output of the DRBG. A separate nonce is created for the DRBG based on output from entropy source.
The module uses unmodified output from its Counter DRBG to generate seeds used for asymmetric key generation. The module supports the following CKG methodologies: - FIPS 186-5 RSA Key generation per SP 800-133r2, sections 4 and 5.1 - FIPS 186-5 and SP 800-56Ar3 ECC Key generation per SP 800-133r2, sections 4, 5.1 and 5.2 HID Global ActivID Applet Suite 2.7.7 & 2.7.8 on the Thales IDCore 3230 Platform Cryptographic Module Non-Proprietary Security Policy 002-000482-001, Rev F, Sep 27, 2024
The module implements the following approved key agreement scheme as specified in FIPS 140-3 IG D.F, Scenario 2, path 2 which has been CAVP tested and validated: - SP 800-56Ar3 KAS-ECC with SP 800-56Cr2 OneStep KDA.
The module implements the following approved key transport methods as specified in FIPS 140-3 IG D.G, the underlying algorithms of which have been CAVP tested and validated: - SP 800-56Br2 KTS-IFC (Approved method #1 from IG D.G) - SP 800-38F Key Transport using AES ECB/CBC for encryption and AES-CMAC for authentication. (Approved method #2 from IG D.G)
The WORLD Combi RLT module has access to contact and contactless interfaces. VCC, RST, CLK, GND and IO are for contact interface. as specified into ISO7816 standard. When the contactless smart card is within the reader's electromagnetic field, the antenna receives the RF energy, which powers the IC chip via the LA and LB connections, enabling the chip to communicate with the reader in contactless. As specified into ISO14443 standard. Physical Logical Data That Passes Port Interface(s) VCC Power Supply Voltage RST Control Input Reset Signal CLK Control Input Clock Signal GND Power Ground I/O Data Input Commands and responses, protocol and control data Data Output Control Input Status Output HID Global ActivID Applet Suite 2.7.7 & 2.7.8 on the Thales IDCore 3230 Platform Cryptographic Module Non-Proprietary Security Policy 002-000482-001, Rev F, Sep 27, 2024
Physical Logical Data That Passes Port Interface(s) LA Data Input Supply ,clock signal, commands and responses, protocol and control data Data Output Control Input Status Output Power LB Data Input Supply ,clock signal, commands and responses, protocol and control data Data Output Control Input Status Output Power Table 9: Ports and Interfaces For contact interface operation, the Module conforms to [ISO 7816] part 1 and part
Method Name Description Security Strength Each Attempt Strength per Minute Mechanism Secure In accordance to SP 800-63B, this KTS The strength of Global The module enforces a Channel Authenticator type is best Platform mutual maximum count of 15 Protocol described as Single-Factor authentication relies on consecutive failed authentication Cryptographic Software (Section AES key length, and the authentication attempts. method 5.1.6). This authentication method probability that a random After 15 consecutive employs AES CMAC used along attempt at authentication unsuccessful attempts, with AES ECB/CBC as part of a will succeed is: (1/2^128) the secure channel challenge-response mechanism. for AES 16-byte-long authentication is This method is performed when keys; (1/2^192) for AES permanently blocked the EXTERNAL AUTHENTICATE 24-byte-long keys; Frequency of the internal clock as supplied by the CLK physical interface. HID Global ActivID Applet Suite 2.7.7 & 2.7.8 on the Thales IDCore 3230 Platform Cryptographic Module Non-Proprietary Security Policy 002-000482-001, Rev F, Sep 27, 2024
Method Name Description Security Strength Each Attempt Strength per Minute Mechanism command is invoked after (1/2^256) for AES 32successful execution of the byte-long keys INITIALIZE UPDATE command. Symmetric In accordance to SP 800-63B, this Encryption - The strength of The execution of this Cryptographic Authenticator type is best Decryption Symmetric Cryptographic authentication Authentication described as Single-Factor Authentication method mechanism is rate limited method Cryptographic Software (Section relies on AES-CBC key - the module can perform 5.1.6). This authentication method length (128 bits), and the no more than 2^16 decrypts (using ACA-SPAK) an probability that a random attempts per minute. encrypted challenge (128-bits) attempt at authentication Therefore, the probability sent to the module by an external will succeed is: 1/(2^128) that a random attempt entity and compares the challenge will succeed over a one to the expected value. This minute period is method is used to authenticate to (2^16)/(2^128) = 1.93E the AA role. 34 Secret Value In accordance to SP 800-63B, this Encryption - The probability of false Based on the [SP800-73authentication Authenticator type is best Decryption authentication of this 4] defined maximum method described as Memorized Secrets authentication method is count of 15 for failed (Section 5.1.1). This as follows: 1/(256^8) = authentication attempts, authentication method compares 5.4E20 the probability that a a value sent to the Module to the random attempt will stored ACA-PIN value; if the two succeed over a one values are equal, the operator is minute period is: authenticated. 15/(256^8) = 8.1E-19 Table 10: Authentication Methods Authentication of each operator and their access to roles and services is as described below, independent of logical channel usage. Only one operator at a time is permitted on a channel. Applet deselection (including Card Manager), card reset or power down terminates the current authentication; re-authentication is required after any of these events for access to authenticated services. Applet reselection (except Card Manager that close systematically the GlobalPlatform secure channel) is leaving the secure channel unchanged and it is up to the applet policy to close it or not. The module clears previous authentications on each power cycle. It also supports Global Platform SCP logical channels, allowing concurrent operators in a limited fashion.
Name Type Operator Type Authentication Methods CO Identity Crypto Officer. Secure Channel Protocol authentication method AA Identity Application Symmetric Cryptographic Administrator Authentication method USR Identity User Secret Value authentication method Table 11: Roles The module provides Identity-based authentication using either the Security Channel Protocol Authentication or the Secret Value Authentication Method above. The Module does not support a maintenance role.
HID Global ActivID Applet Suite 2.7.7 & 2.7.8 on the Thales IDCore 3230 Platform Cryptographic Module Non-Proprietary Security Policy 002-000482-001, Rev F, Sep 27, 2024
Name Description Indicator Inputs Outputs Security SSP Access Functions Lifecycle Modify the card or IND_1 Set / Get Return Status None CO applet life cycle Status : life Word / life - OS-DRBG-EI : Z status. Performs cycle state to cycle state and - OS-DRBG-S : Z zeroization. update/ empty package list - OS-DRBG-V : Z - OS-DRBG-KEY : Z - OS-MKDK : Z - SD-KENC: Z - SD-KMAC: Z - SD-KDEK: Z - SD-SENC: Z - SD-SMAC: Z - DAP-SYM: Z - OPACITY-SENC : Z - OPACITY-SMAC: Z - OPACITYSRMAC : Z - OPACITYSCONFIRMATION: Z - ACA-PIN: Z - ACA-PUK: Z - ACA-PC: Z - SMA-OPRI: Z - PIV-RPAK: Z - PIV-RDSK: Z - PIV-RCAK: Z - PIV-RKDK: Z - PIV-RPAK-PUB: Z - PIV-RKDK-PUB: Z - SMA-OPRI-PUB: Z - ACA-SPAK: Z Manage Load, install, and IND_1 Applications Return Status Message CO Content delete application and Word Authentication - SD-SMAC: E packages and associated - DAP-SYM: E associated keys and data - ACA-PIN: Z data - ACA-PUK: Z - ACA-PC: Z - ACA-SPAK: Z - PIV-RPAK: Z - PIV-RDSK: Z - PIV-RCAK: Z - PIV-RKDK: Z - SMA-OPRI: Z - PIV-RPAK-PUB: Z - PIV-RDSK-PUB: Z - PIV-RCAK-PUB: Z - SMA-OPRI-PUB: Z HID Global ActivID Applet Suite 2.7.7 & 2.7.8 on the Thales IDCore 3230 Platform Cryptographic Module Non-Proprietary Security Policy 002-000482-001, Rev F, Sep 27, 2024
Name Description Indicator Inputs Outputs Security SSP Access Functions Module Info Read module IND_1 Tags and Module Message CO (Auth) configuration or module configuration Authentication - SD-SMAC: E status information information status (privileged data information objects). Shows return Status module versioning Word and status information. Secure Establish and use a IND_1 Random, Authentication Encryption - CO Channel secure diversification data, return Decryption - OS-DRBG-EI : communications data Status Word KDF G,E channel KTS - OS-DRBG-S : Message G,E Authentication - OS-DRBG-V : G,E - OS-DRBG-KEY : G,E - SD-KENC: E - SD-KMAC: E - SD-KDEK: E - SD-SMAC: G,E - SD-SENC: G,E - SD-MDAP-KDEK: E - SD- MDAP KENC: E - SD- MDAP KMAC: E Request for Performs self-tests. IND_1 CAST bit field return Status None Unauthenticated autotest Sets a flag to see that Word a specific cryptographic KAT has been performed on demand via Module Reset. Generate HID Generate HID Applet IND_1 HID applet The response Generate Key CO Applet RSA RSA 2048/3072 Key application message Pair RSA - PIV-RPAK: G,Z 2048/3072 pair using the secure parameters contains the (CKG) - PIV-RDSK: G,Z Key pair using channel. PIV for generating modulus Message - PIV-RCAK: G,Z the secure Authentication RSA RSA key pair corresponding Authentication - PIV-RPAK-PUB: channel. Key Pair Generation to the private G PIV Signature RSA key generated - PIV-RDSK-PUB: Key Pair Generation in the card, G PIV Card and return - PIV-RCAK-PUB: Authentication RSA Status Word G Key Pair Generation - SD-SMAC: E HID Applet 2.7.7 supports 2048 RSA keypair generation. HID Applet 2.7.8 supports both 2048 and 3072 RSA Keypair generation. PUT Key Put HID Applet RSA IND_1 HID applet Return Status KTS CO (RSA) 2048/3072 Encryption application Word - PIV-RKDK: W,Z Private Key using the parameters - SD-KDEK: E secure channel Inject for injecting - SD-SENC: E PIV Encryption RSA RSA Private - SD-SMAC: E Private Key (put key) HID Global ActivID Applet Suite 2.7.7 & 2.7.8 on the Thales IDCore 3230 Platform Cryptographic Module Non-Proprietary Security Policy 002-000482-001, Rev F, Sep 27, 2024
Name Description Indicator Inputs Outputs Security SSP Access Functions Inject Retired Key Encryption Private component Key 1-5 (Put key) Private Key components wrapped with SD-KDEK HID Applet 2.7.7 supports
Key Put Key. HID Applet 2.7.8 support both 2048 and 3072 RSA Private Key Put Key PUT Put HID Applet RSA IND_1 HID applet Return Status Message CO Certificate 2048/3072 Certificate application Word Authentication - SD-SMAC: E using the secure parameters - PIV-RPAK-PUB: channel Put PIV for putting W Authentication certificate T/V - PIV-RDSK-PUB: Certificate Put PIV data W Signature Certificate - PIV-RCAK-PUB: Put PIV Card W Authentication - PIV-RKDK-PUB: Certificate Put PIV W Encryption Certificate Put PIV Retired 1-5 Key Certificate HID Applet 2.7.7 supports Put RSA 2048 certificate service only. HID Applet 2.7.8 supports Put RSA
certificate service PUT AES 128 Manage AES 128 IND_1 HID Applet Return Status KTS CO using using Symmetric application Word - ACA-SPAK: W,Z Symmetric Cryptographic parameters - SD-KDEK: E Cryptographic Authentication Put - SD-SMAC: E Authentication AES 128 key used by ACA applet to authenticate the AA role (0-8 keys) Legacy use Key wrapped by SDKDEK Manage Manage Security IND_1 HID Applet Return Status KTS CO Security value value using the application Word - ACA-PIN: W secure channel PIN, parameters - ACA-PUK: W PUK, Pairing Code - ACA-PC: W - SD-SENC: E - SD-SMAC: E OPACITY OPACITY ECC Key IND_1 HID Applet Return Status Generate Key CO ECC Key Pair Pair generation Application Word Pair EC - SMA-OPRI: G generation parameters (CKG) - SD-SMAC: E Message - SMA-OPRI-PUB: Authentication G Manage HID Register/Unregister IND_1 HID Applet HID Applet KDF CO Applet applet instance, set Application application Message - SD-SMAC: E Configuration its associated Parameters response and Authentication identifier, and related status word HID Global ActivID Applet Suite 2.7.7 & 2.7.8 on the Thales IDCore 3230 Platform Cryptographic Module Non-Proprietary Security Policy 002-000482-001, Rev F, Sep 27, 2024
Name Description Indicator Inputs Outputs Security SSP Access Functions ACR configuration in ACA, and Instance properties Read HID Retrieve applet IND_1 HID Applet HID Applet None AA Applet info instance properties, Application application USR public ACR and Parameters response and Unauthenticated associated properties, status word secure messaging certificate (CVC). ACR configuration defined which role is allowed to perform the service. PIV Authentication of the IND_1 Data to sign. Signature, Digital USR Authentication PIV application by an return Status Signature - PIV-RPAK: E external system, Word Verification Required PIN RSA verification PIV Card Authentication by an IND_1 Data to sign Signature, Digital Unauthenticated Authentication external system return Status Signature - PIV-RCAK: E Word Verification RSA PIV Digital Sign an externally IND_1 Data to sign Signature, Digital USR Signature generated Hash, return status Signature - PIV-RDSK: E Required PIN Generation verification RSA PIV System Unwrap a key IND_1 Wrapped data Unwrapped KTS-IFC USR Key service provided by the host. to unwrap data, return - PIV-RKDK: E The key is not status established into or used by the module, Required PIN verification PIV Read Read PIV Data IND_1 Specified in PIV Data. None USR Data objects NIST.SP.800- Specified in 73-4 NIST.SP.80073-4 Verify Verify the PIN, IND_1 PIN, Pairing Return Status Encryption - Unauthenticated Pairing Code, and Code or PUK Word Decryption - OS-MKDK : E PUK - ACA-PIN: E - ACA-PUK: E - ACA-PC: E OPACITY Establish OPACITY- IND_1 Data Control byte + Opacity Unauthenticated Secure ZKM secure nonce + Secure - OS-DRBG-EI : Message messaging cryptogram + Channel G,E cert return (KAS) - OS-DRBG-S : Status Word Secure Hash G,E - OS-DRBG-V : G,E - OS-DRBG-KEY : G,E - OPACITY-SENC : G,E - OPACITY-SMAC: G,E - OPACITYSRMAC : G,E - OPACITYSCONFIRMATION: HID Global ActivID Applet Suite 2.7.7 & 2.7.8 on the Thales IDCore 3230 Platform Cryptographic Module Non-Proprietary Security Policy 002-000482-001, Rev F, Sep 27, 2024
Name Description Indicator Inputs Outputs Security SSP Access Functions G,E,Z - SMA-OPRI: E - SMA-OPRI-PUB: R - OPACITY-Z: G,E,Z - ROE-PUB: E Read Read Certificate from IND_1 Input Data Certificate, None Unauthenticated Certificates a user card, that is defined in SP- data format - PIV-RPAK-PUB: configured as read 800-73-4 defined in SP- R always in ACA ACR 800-73-4 - PIV-RDSK-PUB: configuration as SP- R 800-73-4 - PIV-RCAK-PUB: R - PIV-RKDK-PUB: R Symmetric Use of AES for IND_1 HID Encrypted Encryption - AA Cryptographic encryption Application Data + Status Decryption - ACA-SPAK: E Authentication Parameter Word Table 12: Approved Services In the ‘Roles SSP Access’ column: G = Generate: The module generates or derives the SSP. R = Read: The SSP is read from the module (e.g. the SSP is output). W = Write: The SSP is updated, imported, or written to the module. E = Execute: The module uses the SSP in performing a cryptographic operation. Z = Zeroize: The module zeroizes the SSP In the ‘Indicator Column’: IND_1: The status conditions for successfully completed execution is 90 00
The module has a limited operational environment. In the Approved mode of operation, the Cryptographic Officer (Crypto Officer) has access to the firmware load service. Only applets that are validated under FIPS 140-3 shall be loaded and installed. The firmware loading service relies on the DAP Verification specified in Global Platform Specification v2.3, whereby the DAP Verification (DAP-SYM) key uses AES-CMAC (Cert. #A2877) as the approved data authentication technique. The firmware load test verifies the validity of the firmware package to be loaded. HID Global ActivID Applet Suite 2.7.7 & 2.7.8 on the Thales IDCore 3230 Platform Cryptographic Module Non-Proprietary Security Policy 002-000482-001, Rev F, Sep 27, 2024
The CM’s firmware integrity is checked on startup and when periodic self-test period is over. Periodic Self-Tests (PST) are performed and run the firmware integrity tests. The integrity technique is based on EDC (CRC-16), which is approved for a hardware module. The firmware image size covered by the integrity technique is roughly 200 KB. Failure of firmware integrity self-tests during Periodic Self-Tests (PST) will trigger a module halt. Recovery from this state will require the module to be restarted and for the detected fault to have cleared. Otherwise the module will re-halt during POST following restart. The module’s FIPS error log is updated regarding the encountered issue and the card goes into an error state.
The integrity test can be triggered on demand by setting the specific flag with the proprietary command “Request for autotest”. Restarting the module will cause the integrity check to be rerun.
Type of Operational Environment: Limited How Requirements are Satisfied: The module includes a limited Operating Environment. Only authorized applets can be loaded at post-issuance under control of the Cryptographic Officer. Their execution is controlled by the CM operating system following its security policy rules.
Mechanism Inspection Frequency Inspection Guidance Single-Chip On receipt of module following In the event of any observed damage, photograph the card and contact Packaging transport. Before each module Thales to confirm whether observed anomalies are to be expected or are use. confirmed signs of potential tampering Table 13: Mechanisms and Actions Required The module is a hardware module claiming level 3 physical security and of embodiment single-chip. The module meets commercial-grade specifications for power, temperature, reliability, and shock/vibrations. The CM uses standard passivation techniques and is protected by passive shielding (metal layer coverings opaque HID Global ActivID Applet Suite 2.7.7 & 2.7.8 on the Thales IDCore 3230 Platform Cryptographic Module Non-Proprietary Security Policy 002-000482-001, Rev F, Sep 27, 2024
to the circuitry below) and active shielding (a grid of top metal layer wires with tamper response). A tamper event detected by the active shield places the Module permanently into the Card Is Killed error state. The Module is designed to be mounted in a plastic smartcard or similar package; physical inspection of the epoxy side of the Module is not practical after mounting.
Temp/Voltage Temperature EFP Result Type or Voltage or EFT LowTemperature -45°C EFP shutdown HighTemperature +130°C EFP shutdown LowVoltage 1.6 V EFP shutdown HighVoltage 5.5 V EFP shutdown Table 14: EFP/EFT Information The module’s hardware is designed to sense and respond to out-of-range temperature conditions as well as outof-range voltage conditions. The temperature and voltage conditions are only monitored in the powered-on state. The module supports an EFP mechanism that will trigger module shutdown if low or high temperature extremes and out-of-range voltage conditions are detected whilst the module is active. In the event that the module senses an out-of-range temperature or over voltage the module will reset itself, clearing all working memory. The module can be reset and placed back into operation when in-bound operating conditions have been restored.
Temperature Temperature Type LowTemperature -25°C HighTemperature 85°C Table 15: Hardness Testing Temperatures
Storage Description Persistence Area Type Name RAM Random Access Memory Dynamic FLASH Electronic non-volatile memory storage Static HID Global ActivID Applet Suite 2.7.7 & 2.7.8 on the Thales IDCore 3230 Platform Cryptographic Module Non-Proprietary Security Policy 002-000482-001, Rev F, Sep 27, 2024
Table 16: Storage Areas All SSPs used by the CM are described in this section. All usages of these SSPs by the CM are described in the services. In addition, all keys stored in RAM are zeroized upon power-cycle of the CM.
Name From To Format Distribution Entry SFI or Algorithm Type Type Type PutKey or Writing with Secure Entered FLASH Encrypted Manual Electronic KTS Channel (contact) PutKey or Writing with Secure Entered FLASH Encrypted Wireless Electronic KTS Channel ( contactless) PUT Key (RSA) (contact) Entered FLASH Encrypted Manual Electronic KTS PUT Key (RSA) (contactless) Entered FLASH Encrypted Wireless Electronic KTS PUT Certificate (contact) Entered FLASH Encrypted Manual Electronic Message Authentication PUT Certificate (contactless) Entered FLASH Encrypted Wireless Electronic Message Authentication PUT AES 128 (contact) Entered FLASH Encrypted Manual Electronic KTS PUT AES 128 (contactless) Entered FLASH Encrypted Wireless Electronic KTS Manage Security value (contact) Entered FLASH Encrypted Manual Electronic KTS Manage Security value(contactless) Entered FLASH Encrypted Wireless Electronic KTS OPACITY Secure Message input Entered RAM Plaintext Manual Electronic Opacity Secure (contact) Channel (KAS) OPACITY Secure Message input Entered RAM Plaintext Wireless Electronic Opacity Secure (contactless) Channel (KAS) OPACITY Secure Message output FLASH Output Plaintext Manual Electronic Opacity Secure (contact) Channel (KAS) OPACITY Secure Message output FLASH Output Plaintext Wireless Electronic Opacity Secure (contactless) Channel (KAS) Read Certificates (contact) FLASH Output Plaintext Manual Electronic Read Certificates (contactless) FLASH Output Plaintext Wireless Electronic Table 17: SSP Input-Output Methods ‘PutKey or Writing with Secure channel’ keys are encrypted by SD-KDEK; key identifier entity association during manufacturing. This command is only used only during manufacturing.
Zeroization Method Description Rationale Operator Initiation Module entering Using the Manage Content / Lifecycle service of the CO, the CM is Overwrite with yes TERMINATED state able to enter the TERMINATED state, through the Set Status zero values command, destroying the SSPs by overwriting with zero values. Power-cycling the Using the Module Reset service, the CM is able to destroy the SSPs by Overwrite with Yes module overwriting with zero values (in RAM memory). zero values Closing SCP secure Using the Secure Channel service of the CO, the CM is able to destroy Overwrite with Yes channel the SSPs of this service, at the closing of SCP secure channel by zero values overwriting with zero values Uninstallation of Using the Manage Content / Delete service of the CO, the CM is able Overwrite with Yes applet to destroy the SSPs of applet, through the Delete command (uninstall zero values method). Zeroize after use Zeroize immediately after use Overwrite with No zero values Table 18: SSP Zeroization Methods HID Global ActivID Applet Suite 2.7.7 & 2.7.8 on the Thales IDCore 3230 Platform Cryptographic Module Non-Proprietary Security Policy 002-000482-001, Rev F, Sep 27, 2024
All SSPs stored in RAM are zeroized upon power-cycle of the CM.
Name Description Size - Type - Generated Established Used By Strength Category By By OS-DRBG-EI Entropy Input 1024- 1024 bit - Entropy Input - Entropy Generate Key bit random drawn by 256 bits CSP Source Pair EC (CKG) an external entropy (E107) Generate Key source populated Pair RSA during CM (CKG) initialization and used as entropy input for the [SP 800-90Ar1] DRBG implementation OS-DRBG-S Seed 48 bytes seed 768 bits - Seed - CSP Entropy Generate Key output from AES_DF 256 bits Source Pair EC (CKG) used for instantiation (E107) Generate Key of the [SP800-90Ar1] Pair RSA DRBG (CKG) implementation OS-DRBG-V DRBG "V" value 16- 128 bits - DRBG "V" Counter Generate Key byte AES state V 128 bits Value - CSP DRBG Pair EC (CKG) used in the [SP 800- (A2877) Generate Key 90Ar1] CTR DRBG Pair RSA implementation (CKG) OS-DRBG-KEY DRBG "Key" value 256 bits - DRBG "Key" Counter Generate Key 32-byte AES key 256 bits value - CSP DRBG Pair EC (CKG) used in the [SP 800- (A2877) Generate Key 90Ar1] CTR DRBG Pair RSA implementation (CKG) OS-MKDK Encryption key 128, 192, Encryption Encryption -
SD-KENC Decryption Key AES- 128, 192, Decryption KDF 128/192/256 master 256 bits - Symmetric Key key 128 bits, CSP
SD-KMAC Signature verification 128, 192, Message KDF Key AES- 256 bits - Authentication; 128/192/256 master 128 bits, Symmetric Key key 192 bits, CSP
SD-KDEK Encryption decryption 128, 192, Encryption / Encryption AES-128/192/256 256 bits - Decryption Decryption key 128 bits, Symmetric Key - KDF
SD-SENC Session decryption 128, 192, Decryption KDF Encryption key 256 bits - Symmetric Key - Decryption
SD-SMAC Session Signature 128, 192, Message KDF Message verification Key 256 bits - Authentication Authentication HID Global ActivID Applet Suite 2.7.7 & 2.7.8 on the Thales IDCore 3230 Platform Cryptographic Module Non-Proprietary Security Policy 002-000482-001, Rev F, Sep 27, 2024
Name Description Size - Type - Generated Established Used By Strength Category By By
SD-MDAP-KDEK Encryption decryption 128, 192, Encryption / Encryption AES-128/192/256 256 bits - Decryption Decryption key for SD with 128 bits, Symmetric Key MDAP 192 bits, CSP
SD- MDAP -KENC Decryption Key AES- 128, 192, Decryption Encryption 128/192/256 key for 256 bits - Symmetric Key - Decryption SD with MDAP 128 bits, CSP
SD- MDAP -KMAC Signature verification 128, 192, Message Message Key AES- 256 bits - Authentication Authentication 128/192/256 key for 128 bits, Symmetric Key SD with MDAP 192 bits, CSP
DAP-SYM DAP verification key 128, 192, Signature Message
OPACITY-SENC Card OPACITY 128, 256 Encryption Opacity Encryption Secure Messaging bits - 128 Symmetric Key - Secure Decryption Session Encryption bits, 256 CSP Channel Key bits (KAS) OPACITY-SMAC Card OPACITY 128, 256 Message Opacity Message Secure Messaging bits - 128 Authentication Secure Authentication Session MAC Key bits, 256 Symmetric Key - Channel bits CSP (KAS) OPACITY-SRMAC Card OPACITY 128, 256 Signature Opacity Message Secure Messaging bits - 128 generation Secure Authentication Session Response bits, 256 Symmetric Key - Channel MAC Key bits CSP (KAS) OPACITY- Card OPACITY 128, 256 Signature Opacity Opacity SCONFIRMATION Secure Messaging bits - 128 generation Secure Secure Session Confirmation bits, 256 confirmation Channel Channel (KAS) Key bits Symmetric Key - (KAS) CSP OPACITY-Z Shared secret 256 bits - Shared secret - Opacity Opacity generated during 256 bits CSP Secure Secure opacity secure Channel Channel (KAS) channel (KAS) establishment ACA-PIN Enter by User. Use 64 bits - 64 Personal for USR Verification bits Identification Number - CSP ACA-PUK Use for USR PIN 64 bits - 64 PIN Unblocking unlock bits Key - CSP ACA-PC PIV VCI Pairing Code 64 bits - 64 Pairing Code Verification PIN bits CSP SMA-OPRI Card OPACITY P-256 - 256 Key Agreement Generate Opacity Secure Channel ECC bits Asymmetric Key Key Pair Secure Keypair - CSP EC (CKG) Channel (KAS) PIV-RPAK PIV-RPAK is Private Applet Signature Generate Digital Key performs Digital 2.7.8: 2048 generation Key Pair Signature Signature PIV-RPAK: bits , 3072 Asymmetric Key RSA (CKG) Verification PIV Authentication bits; Applet - CSP RSA HID Global ActivID Applet Suite 2.7.7 & 2.7.8 on the Thales IDCore 3230 Platform Cryptographic Module Non-Proprietary Security Policy 002-000482-001, Rev F, Sep 27, 2024
Name Description Size - Type - Generated Established Used By Strength Category By By (9A) RSA 2.7.7: 2048 authentication Key bits - 112 bits, 128 bits PIV-RDSK Private Key performs Applet Signature Generate Digital Digital Signature PIV- 2.7.8: 2048 generation Key Pair Signature RDSK: PIV Card bits , 3072 Asymmetric Key RSA (CKG) Generation Authentication (9C) bits; Applet - CSP RSA RSA Authentication 2.7.7: 2048 Key bits - 112 bits, 128 bits PIV-RCAK Private Key performs Applet Signature Generate Digital Digital Signature, 2.7.8: 2048 generation Key Pair Signature PIV-RCAK: PIV Card bits , 3072 Asymmetric Key RSA (CKG) Verification Authentication (9E) bits; Applet - CSP RSA RSA Authentication 2.7.7: 2048 Key bits - 112 bits, 128 bits PIV-RKDK PIV-RKDK: PIV Key Applet Decryption - KTS-IFC Management (9D) 2.7.8: 2048 CSP RSA private bits , 3072 decryption key and bits; Applet up to 5 copies of this 2.7.7: 2048 key may be stored in bits - 112 retired key locations bits, 128 "82" thought "86" bits PIV-RPAK-PUB PIV Digital Applet Public - PSP Generate KTS-IFC Authentication (9A)'s 2.7.8: 2048 Key Pair RSA Public Key with bits , 3072 RSA (CKG) certificate (No Private bits; Applet Key). The module 2.7.7: 2048 stores the certificate, bits - 112 but does not perform bits, 128 Security Function bits with this certificate. PIV-RDSK-PUB PIV Card Signature Applet Public - PSP Generate (9C)'s RSA Public 2.7.8: 2048 Key Pair Key with certificate bits , 3072 RSA (CKG) (No Private Key). The bits; Applet module stores the 2.7.7: 2048 certificate, but does bits - 112 not perform Security bits, 128 Function with this bits certificate. PIV-RCAK-PUB PIV Key Card Applet Public - PSP Generate Authentication (9E)'s 2.7.8: 2048 Key Pair RSA Public Key with bits , 3072 RSA (CKG) certificate. The bits; Applet module stores the 2.7.7: 2048 public certificate. bits - 112 bits, 128 bits PIV-RKDK-PUB PIV Key Applet Public - PSP Generate management (9D)'s 2.7.8: 2048 Key Pair RSA Public Key with bits , 3072 RSA (CKG) certificate. The bits; Applet 2.7.7: 2048 HID Global ActivID Applet Suite 2.7.7 & 2.7.8 on the Thales IDCore 3230 Platform Cryptographic Module Non-Proprietary Security Policy 002-000482-001, Rev F, Sep 27, 2024
Name Description Size - Type - Generated Established Used By Strength Category By By module stores public bits - 112 the certificate bits, 128 bits SMA-OPRI-PUB Hash of the 2048 bits - Public - PSP Generate Opacity certificate is one of P-256 Key Pair Secure parameters to EC (CKG) Channel (KAS) generate session keys of OPACITY secure channel. ACA-SPAK AES, Use for AA 128 bits - Encryption Encryption authentication 128 bits Symmetric Key - Decryption CSP ROE-PUB Reader ephemeral P-256 - Public - PSP Opacity public key used for 2048 bits Secure opacity Channel (KAS) Table 19: SSP Table 1 Name Input - Output Storage Storage Zeroization Related SSPs Duration OS-DRBG-EI RAM:Plaintext Duration of the Module OS-DRBG-V :Derives module entering OS-DRBG-KEY :Derives session TERMINATED state OS-DRBG-S RAM:Plaintext Duration of the Module OS-DRBG-V :Derives module entering OS-DRBG-KEY :Derives session TERMINATED state Power-cycling the module OS-DRBG-V RAM:Plaintext Duration of the Module OS-DRBG-EI :Derived module entering From session TERMINATED OS-DRBG-S :Derived state From Power-cycling the module OS-DRBG-KEY RAM:Plaintext Duration of the Module OS-DRBG-EI :Derived module entering From session TERMINATED OS-DRBG-S :Derived state From OS-MKDK PutKey or Writing FLASH:Plaintext Module ACA-PIN:Encrypts with Secure entering Channel (contact) TERMINATED PutKey or Writing state with Secure Channel ( contactless) SD-KENC PutKey or Writing FLASH:Plaintext Module SD-SENC:Derives with Secure entering SD-KDEK:Wrapped by Channel (contact) TERMINATED PutKey or Writing state with Secure Channel ( contactless) SD-KMAC PutKey or Writing FLASH:Plaintext Module SD-KDEK:Wrapped by with Secure entering Channel (contact) TERMINATED PutKey or Writing state with Secure HID Global ActivID Applet Suite 2.7.7 & 2.7.8 on the Thales IDCore 3230 Platform Cryptographic Module Non-Proprietary Security Policy 002-000482-001, Rev F, Sep 27, 2024
Name Input - Output Storage Storage Zeroization Related SSPs Duration Channel ( contactless) SD-KDEK PutKey or Writing FLASH:Plaintext Module SD-KENC:Encrypts with Secure entering SD-KMAC:Encrypts Channel (contact) TERMINATED SD-KDEK:Encrypts PutKey or Writing state ACA-PIN:Encrypts with Secure ACA-PUK:Encrypts Channel ( ACA-PC:Encrypts contactless) SMA-OPRI:Encrypts PIV-RPAK:Encrypts PIV-RDSK:Encrypts PIV-RCAK:Encrypts PIV-RKDK:Encrypts PIV-RPAK-PUB:Encrypts PIV-RDSK-PUB:Encrypts PIV-RCAK-PUB:Encrypts PIV-RKDK-PUB:Encrypts SMA-OPRI-PUB:Encrypts ACA-SPAK:Encrypts SD-SENC RAM:Plaintext Duration of the Power-cycling SD-KENC:Derived From SCP secure the module channel Closing SCP secure channel SD-SMAC RAM:Plaintext Duration of the Power-cycling SD-KMAC:Derived From SCP secure the module channel Closing SCP secure channel SD-MDAP-KDEK PutKey or Writing FLASH:Plaintext Module SD-MDAP-KDEK:Encrypts with Secure entering SD- MDAP Channel (contact) TERMINATED KENC:Encrypts PutKey or Writing state SD- MDAP with Secure KMAC:Encrypts Channel ( DAP-SYM:Encrypts contactless) SD- MDAP -KENC PutKey or Writing FLASH:Plaintext Module SD-MDAP-KDEK:Wrapped with Secure entering by Channel (contact) TERMINATED PutKey or Writing state with Secure Channel ( contactless) SD- MDAP -KMAC PutKey or Writing FLASH:Plaintext Module SD-MDAP-KDEK:Wrapped with Secure entering by Channel (contact) TERMINATED PutKey or Writing state with Secure Channel ( contactless) DAP-SYM PutKey or Writing FLASH:Plaintext Module SD-MDAP-KDEK:Wrapped with Secure entering by Channel (contact) TERMINATED PutKey or Writing state with Secure Channel ( contactless) HID Global ActivID Applet Suite 2.7.7 & 2.7.8 on the Thales IDCore 3230 Platform Cryptographic Module Non-Proprietary Security Policy 002-000482-001, Rev F, Sep 27, 2024
Name Input - Output Storage Storage Zeroization Related SSPs Duration OPACITY-SENC RAM:Plaintext Duration of the Power-cycling OPACITY-Z:Derived From SCP secure the module channel Closing SCP secure channel OPACITY-SMAC RAM:Plaintext Duration of the Power-cycling OPACITY-Z:Derived From SCP secure the module channel Closing SCP secure channel OPACITY-SRMAC RAM:Plaintext Duration of the Power-cycling OPACITY-Z:Derived From SCP secure the module channel Closing SCP secure channel OPACITY- RAM:Plaintext Duration of the Power-cycling OPACITY-Z:Derived From SCONFIRMATION SCP secure the module channel Closing SCP establishment secure channel OPACITY-Z RAM:Plaintext Duration of the Zeroize after SMA-OPRI:Derived From SCP secure use OPACITY-SENC :Derives channel OPACITY-SMAC:Derives establishment OPACITY-SRMAC :Derives OPACITYSCONFIRMATION:Derives ACA-PIN Manage Security FLASH:Plaintext Module OS-MKDK :Wrapped by value (contact) entering Manage Security TERMINATED value(contactless) state Uninstallation of applet ACA-PUK Manage Security FLASH:Plaintext Module value (contact) entering Manage Security TERMINATED value(contactless) state Uninstallation of applet ACA-PC Manage Security FLASH:Plaintext Module value (contact) entering Manage Security TERMINATED value(contactless) state Uninstallation of applet SMA-OPRI PutKey or Writing FLASH:Plaintext Module SMA-OPRI-PUB:Paired with Secure entering With Channel (contact) TERMINATED OPACITY-Z:Derives PutKey or Writing state with Secure Uninstallation Channel ( of applet contactless) PIV-RPAK FLASH:Plaintext Module PIV-RPAK-PUB:Paired entering With TERMINATED state Uninstallation of applet HID Global ActivID Applet Suite 2.7.7 & 2.7.8 on the Thales IDCore 3230 Platform Cryptographic Module Non-Proprietary Security Policy 002-000482-001, Rev F, Sep 27, 2024
Name Input - Output Storage Storage Zeroization Related SSPs Duration PIV-RDSK FLASH:Plaintext Module PIV-RDSK-PUB:Paired entering With TERMINATED state Uninstallation of applet PIV-RCAK FLASH:Plaintext Module PIV-RCAK:Paired With entering TERMINATED state Uninstallation of applet PIV-RKDK PUT Key (RSA) FLASH:Plaintext Module PIV-RKDK-PUB:Paired (contact) entering With PUT Key (RSA) TERMINATED (contactless) state Uninstallation of applet PIV-RPAK-PUB PUT Certificate FLASH:Plaintext Module PIV-RPAK:Paired With (contact) entering PUT Certificate TERMINATED (contactless) state Read Certificates Uninstallation (contact) of applet Read Certificates (contactless) PIV-RDSK-PUB PUT Certificate FLASH:Plaintext Module PIV-RDSK:Paired With (contact) entering PUT Certificate TERMINATED (contactless) state Read Certificates Uninstallation (contact) of applet Read Certificates (contactless) PIV-RCAK-PUB PUT Certificate FLASH:Plaintext Module PIV-RCAK:Paired With (contact) entering PUT Certificate TERMINATED (contactless) state Read Certificates Uninstallation (contact) of applet Read Certificates (contactless) PIV-RKDK-PUB PUT Certificate FLASH:Plaintext Module PIV-RKDK:Paired With (contact) entering PUT Certificate TERMINATED (contactless) state Read Certificates Uninstallation (contact) of applet Read Certificates (contactless) SMA-OPRI-PUB OPACITY Secure FLASH:Plaintext Module SMA-OPRI:Paired With Message output entering (contact) TERMINATED OPACITY Secure state Message output Uninstallation (contactless) of applet ACA-SPAK PUT AES 128 FLASH:Plaintext Module (contact) entering TERMINATED HID Global ActivID Applet Suite 2.7.7 & 2.7.8 on the Thales IDCore 3230 Platform Cryptographic Module Non-Proprietary Security Policy 002-000482-001, Rev F, Sep 27, 2024
Name Input - Output Storage Storage Zeroization Related SSPs Duration PUT AES 128 state (contactless) Uninstallation of applet ROE-PUB OPACITY Secure RAM:Plaintext Duration of the Zeroize after OPACITY-Z:Derives Message input SCP secure use (contact) channel OPACITY Secure establishment Message input (contactless) Table 20: SSP Table 2 The following table lists Sensitive Security Parameters (SSP) used to perform approved security function supported by the cryptographic module. The following notes should be observed when reading the table:
Algorithm Test Properties Test Test Type Indicator Details or Test Method Integrity test EDC (16-bit CRC) KAT SW/FW Integrity Bit32 of flag set to 1 Comparison with known value Table 21: Pre-Operational Self-Tests On power-on or reset, the Module performs integrity testing using an EDC (16-bit CRC) performed over all code located in FLASH and EEPROM memory (for OS and Applets).
Algorithm or Test Properties Test Test Indicator Details Conditions Test Method Type AES-ECB decrypt KAT using an AES 128-bit KAT CAST Bit 18 of decrypt COND_1 (A2877) key in ECB mode. flag set to KDF SP800- generates AES-CMAC message KAT CAST Bit 18 of encrypt sign COND_1
108 (A2877) performs a KDF AES-CMAC KAT flag set to
using an AES 128-byte key and 1 32-byte derivation data HID Global ActivID Applet Suite 2.7.7 & 2.7.8 on the Thales IDCore 3230 Platform Cryptographic Module Non-Proprietary Security Policy 002-000482-001, Rev F, Sep 27, 2024
Algorithm or Test Properties Test Test Indicator Details Conditions Test Method Type RSA SigGen Performs an RSA PKCS#1 v1.5 KAT CAST Bit 27 of Sign COND_1 (FIPS186-5) signature generation using an RSA flag set to (A2877) 2048-bit private STD key 1 implementation RSA SigVer Performs an RSA PKCS#1 v1.5 KAT CAST Bit 26 of Verify COND_1 (FIPS186-5) signature verification using an RSA flag set to (A2877) 2048-bit public STD key 1 KAS-ECC Performs a Key Agreement KAT CAST Bit 29 of Key COND_1 Sp800-56Ar3 Scheme Standalone Shared flag set to Agreement (A2877) Secret ECC using an ECC P-224 1 key SHA2-256 SHA2-256: hashes a 24-bytes KAT CAST Bit 21 of Hashing COND_1 (A2877) message flag set to SHA2-512 SHA2-512: hashes a 24-bytes KAT CAST Bit 21 of Hashing COND_1 (A2877) message flag set to Counter DRBG Gets a random value with specific KAT CAST Bit 3 of flag DRBG COND_1 (A2877) nonce (48 bytes) and entropy (128 set to 1 bytes) SP 800-90AR1 Tests 11.3 (11.3.1-11.3.3) ECDSA Sign a fixed pattern and verify with PCT PCT IND 3 Sign, Verify COND_2 KeyGen the public key in order to validate (FIPS186-5) the key pair (A2877) RSA KeyGen Performs signature generation and PCT PCT IND 3 Encrypt , COND_2 (FIPS186-5) verification using the key pair Decrypt (A2877) SP 800-90B Entropy error event Fault- CAST IND 2 TRNG Error COND_1 RCT Detection test SP 800-90B Statistic error event Fault- CAST IND 2 TRNG Error COND_1 APT Detection test Firmware Load MAC verification with AES CMAC Signature SW/FW IND_4 MAC COND_3 (128-256 bit key) Load verification with AES CMAC Table 22: Conditional Self-Tests KDF SP800-108 KAT covers: KDF SP800-108 and AES-CMAC The module maintains a flag in RAM memory that stores the state (self-test passed or not) for each Cryptographic algorithm that is approved. This flag indicates if an algorithm has been already self-tested. The Module performs self-test of an algorithm prior the first operational use (corresponding flag is not set) and if the self-test succeeds, the corresponding flag is set otherwise the card logs the self-test error and entered into a Card Is Mute error state or Card is Killed error state, depending on number of failures. On each reset, all flags for cryptographic algorithm self-tests are cleared. In the ‘Indicator Column’: IND_2: In case of error detection, the module enters into specific error states such as "Card Is Mute" or "Card is Killed." IND_3: If the test fails, the error is logged in error log of “Approved mode parameters” IND_4: An unsuccessful execution returns the status word: Security Conditions not satisfied In the ‘Condition Column’: HID Global ActivID Applet Suite 2.7.7 & 2.7.8 on the Thales IDCore 3230 Platform Cryptographic Module Non-Proprietary Security Policy 002-000482-001, Rev F, Sep 27, 2024
COND_1: The self-test is executed before the first operational use of the algorithm if the indicator is not set COND_2: The test is executed at each Key pair generation requested by the module COND_3: The test is executed on each APDU Command
Algorithm or Test Test Method Test Type Period Periodic Method Integrity test KAT SW/FW Integrity Periodic counter value Count of APDU received by the CM Table 23: Pre-Operational Periodic Information Algorithm or Test Test Method Test Type Period Periodic Method AES-ECB (A2877) KAT CAST Periodic counter value Count of APDU received by the CM KDF SP800-108 KAT CAST Periodic counter value Count of APDU (A2877) received by the CM RSA SigGen KAT CAST Periodic counter value Count of APDU (FIPS186-5) (A2877) received by the CM RSA SigVer (FIPS186- KAT CAST Periodic counter value Count of APDU 5) (A2877) received by the CM KAS-ECC Sp800- KAT CAST Periodic counter value Count of APDU 56Ar3 (A2877) received by the CM SHA2-256 (A2877) KAT CAST Periodic counter value Count of APDU received by the CM SHA2-512 (A2877) KAT CAST Periodic counter value Count of APDU received by the CM Counter DRBG KAT CAST Periodic counter value Count of APDU (A2877) received by the CM ECDSA KeyGen PCT PCT N/A N/A (FIPS186-5) (A2877) RSA KeyGen PCT PCT N/A N/A (FIPS186-5) (A2877) SP 800-90B RCT Fault-Detection test CAST N/A N/A SP 800-90B APT Fault-Detection test CAST N/A N/A Firmware Load Signature SW/FW Load N/A N/A Table 24: Conditional Periodic Information RSA KeyGen , ECDSA KeyGen , SP 800-90B RCT, SP 800-90Ar1 APT, and Firmware Load tests are not strictly periodic but are triggered whenever the module calls on the services they depend on. The Module supports an internal counter and an associated maximum value. The counter is set to its maximum value on power on and it is decremented when receiving an APDU. When the counter reaches zero, the integrity test is executed (see 10.1), the counter is reset to its maximum value, and the flag for on-demand tests is reset so that at the next individual cryptographic algorithm usage, the CAST for that algorithm are executed again (see 10.2.1). No interruption to the module’s operation is expected while the CASTs are executed. The periodic counter is stored in RAM and defined during the init flow.
HID Global ActivID Applet Suite 2.7.7 & 2.7.8 on the Thales IDCore 3230 Platform Cryptographic Module Non-Proprietary Security Policy 002-000482-001, Rev F, Sep 27, 2024
Name Description Conditions Recovery Indicator Method Card is The module Resource Manager has shut down Fault Reset Error log is stored Mute Detected card Card is The module Resource Manager has shut down. It no longer Fault N/A No answer from killed responds to the command, service Detected module Table 25: Error States
The cryptographic KATs are executed automatically, in a mode named “on demand”, when a cryptographic service is requested. Self-tests can be run by any operator using the “autotests management” APDU command, corresponding to the “Request for autotest” service. The operator can choose from the list of self-test executions by providing the appropriate self-test flag.
The module performs continuous health tests of the entropy using the repetition count test and the adaptative Proportion test. The cryptographic module performs a pair-wise consistency test for every generated public and private key pair. If this test fails, the error is logged into the error log. The module performs a validity check of the public static key and the ephemeral keys according to the SP 80056Ar3 specification. If this test fails, the error is logged into the error log. The module performs hardware fault detection tests (APT and RCT tests). If a fault is detected, the module will handle the error by entering entered into a “Card Is Mute” error state or “Card is Killed” error state. In case of failure, the module will handle the error by entering entered into a “Card Is Mute” error state or “Card is Killed” error state, depending on number of failures. If 8 consecutive failures occur, the module irreversibly enters the “Card is Killed” state. In case of “Card Is Mute”, the crypto module provides an error log an error log that is accessible by an authorized operator of the module. Following are the details on specific ADPU return codes returned upon specific self-test failures:
Some additional documents (‘Delivery and Operation’, ‘Reference Manual’, ‘Card Initialization Specification’ documents) define and describe the steps necessary to deliver and operate the CM securely. Once the module has been delivered outside of the factory, the CM is always in Approved mode. The configuration cannot be changed outside the factory. Product documentation, technical notes are available on The Customer Support Portal https://supportportal.thalesgroup.com.
The Guidance document provided with CM is intended to be the ‘Reference Manual’. This document includes guidance for secure operation of the CM by its users as defined in the Roles, Services, and Authentication chapter.
Please refer to section 11.2.
When the module has reached end of life and is no longer deployed or intended for further use, it shall be placed in the TERMINATED state by the Crypto Officer. Following this, the module shall be taken to a suitable electronics recycling facility that assures physical destruction of electronic waste.
The Module implementation also enforces the following security rules:
HID Global ActivID Applet Suite 2.7.7 & 2.7.8 on the Thales IDCore 3230 Platform Cryptographic Module Non-Proprietary Security Policy 002-000482-001, Rev F, Sep 27, 2024