All modules
CMVP Validated Module · FIPS 140-3 Security Policy

DIGIPASS FX Crypto Module

Certificate#5048StandardFIPS 140-3Level3TypeHardwareEmbodimentSingle ChipStatusActiveVendorOneSpan NV
Medium review priority  ·  exposes debug/recovery interface, HSM/SE firmware trust anchor  ·  last validated 12 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level3
Module typeHardware
EmbodimentSingle Chip
StatusActive
Sunset date3/10/2029
CaveatWhen installed, initialized and configured as specified in Section 11 of the Security Policy.
VendorOneSpan NV
Hardware versionsN7122 A1

Approved Algorithms (34)

AlgorithmACVP Cert
AES-CBCA2713
AES-CCMA2713
AES-CMACA2713
AES-CTRA2713
AES-ECBA2713
AES-GCMA2714
AES-GMACA2714
AES-KWA2714
Counter DRBGA2713
ECDSA KeyGen (FIPS186-4)A2713
ECDSA SigGen (FIPS186-4)A2713
ECDSA SigVer (FIPS186-4)A2713
HMAC-SHA-1A2713
HMAC-SHA2-256A2713
HMAC-SHA2-384A2713
HMAC-SHA2-512A2713
KAS-ECC-SSC Sp800-56Ar3A2713
KDA HKDF Sp800-56Cr1A2713
KDA OneStep Sp800-56Cr1A2714
KDA OneStep Sp800-56Cr1A2715
KDF SP800-108A2713
KDF SP800-108A2713
KDF TLSA2714
PBKDFA2714
RSA Decryption PrimitiveA2713
RSA KeyGen (FIPS186-4)A2713
RSA SigGen (FIPS186-4)A2713
RSA Signature PrimitiveA2713
RSA SigVer (FIPS186-4)A2713
SHA-1A2713
SHA2-224A2713
SHA2-256A2713
SHA2-384A2713
SHA2-512A2713

Security Levels (Table 1)

Requirement areaLevel
Cryptographic Module Specification3
Cryptographic Module Interfaces3
Roles, Services, and Authentication3
Software/Firmware Security3
Operational EnvironmentN/A
Physical Security4
Non-Invasive Security3
Sensitive Security Parameter Management3
Self-Tests3
Life-Cycle Assurance3
Mitigation of Other Attacks3

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for DIGIPASS FX Crypto Module
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C1["[high] Firmware / bootloader<br/>versions disclosed<br/>(identity, not provenance)<br/><i>[Platform ID J3R6000373181200 and ROMID…</i>"]
    C2["[high] Firmware update / recovery<br/>/ rollback services<br/><i>Secure Channel<br/>SEMS Lite Authentication<br/>SEMS Lite Root Key Update</i>"]
    C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Lifecycle (Show status and Perform zeroisation)<br/>Info (Show status and Perform self- tests)<br/>Card Reset</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>HTTPS<br/>no library/version identified</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I1["Component identity is<br/>disclosed, but provenance<br/>and patch lineage are not."]
    I2["Trusted code is reachable<br/>through update and<br/>recovery paths."]
    I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R1["Do the vendor version<br/>strings obscure the<br/>upstream baseline, fork<br/>lineage, or known-CVE<br/>exposure?"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E1["SBOM / component baselines<br/>· patch and backport<br/>manifest · CVE disposition"]
    E2["update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C1 --> I1 --> R1 --> E1
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C1,C2,C3,C5,C6 clue;
  class I1,I2,I3,I5,I6 infer;
  class R1,R2,R3,R5,R6 risk;
  class E1,E2,E3,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for DIGIPASS FX Crypto Module
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C1["[high] Firmware / bootloader versions disclosed (identity, not provenance)<br/><i>[Platform ID J3R6000373181200 and ROMID…</i><br/>src: certificate.firmwareVersions"]
    C2["[high] Firmware update / recovery / rollback services<br/><i>Secure Channel<br/>SEMS Lite Authentication<br/>SEMS Lite Root Key Update</i><br/>src: securityPolicy.services"]
    C3["[high] Unauthenticated / self-test / status service surface<br/><i>Lifecycle (Show status and Perform zeroisation)<br/>Info (Show status and Perform self- tests)<br/>Card Reset</i><br/>src: securityPolicy.services"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>HTTPS<br/>no library/version identified</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C1,C2,C3 clueHigh;
  class C5,C6 clueLow;

Security Policy, page by page

Page 1

DIGIPASS FX Crypto Module Document Version: 1.0 Date: 24 April 2025 OneSpan NV 2025 Version 1.0 Public Material

Page 2

Contents List of Figures List of Tables OneSpan NV 2025 Version 1.0 Public Material

Page 3

General Introduction Federal Information Processing Standards Publication 140-3

Page 4
Security level
NameISO SectionRequirementLevel
11General3
22Cryptographic Module Specification3
33Cryptographic Module Interfaces3
44Roles, Services, and Authentication3
55Software/Firmware Security3
66Operational EnvironmentN/A
77Physical Security4
88Non-Invasive Security3
99Sensitive Security Parameter Management3
1010Self-Tests3
1111Life-Cycle Assurance3
1212Mitigation of Other Attacks3

The following table lists the level of validation for each area in FIPS 140-3: [Number Below] N/A Table 1

Page 5
Module configuration
NameHardware PlatformHardware VersionFeaturesROM IDPatch IDApplets
DIGIPASS FX Crypto ModuleJ3R6000373181200N7122 A1The GlobalPlatform operational environment is identified with the Platform ID, the ROM ID, the Patch ID, and other information, describing the content in ROM, NVM and loaded patches; The Platform ID is a data string that allows the identification of the P71D600 CardDIGIPASS FX Crypto ModuleB3375FE9B5508BC400000000 00000000NXP IoT applet v7.2.22 and NXP SEMS Lite applet v2.0.2.11

Cryptographic Module Specification The Digipass FX Crypto module validated to FIPS 140-3 overall Level 3, is a single chip module implementing the GlobalPlatform operational environment (Card Manager (ISD/SSD)) and the following applications to perform cryptographic calculations: The module is designed for use in smart cards, IoT and automotive applications. Table 2

Page 6

The module is validated at an Overall Security Level 3 with Physical Security at Level 4 and all other areas at Level 3. The Operational Environment requirements do not apply to the module given that it meets Physical Security Level 4 requirements. Cryptographic Boundary The module is designed to be used as a part of a larger system. It works as an auxiliary security device attached to a host controller. The physical form of the module is depicted in Figures 1 and 2 (to scale); the outline depicts the cryptographic boundary, representing the surface of the chip and the bond pads. The red outline in Figure 3 also depicts the cryptographic boundary. In production use, the module is delivered to either vendors or end user customers either on film frame carrier (FFC) or various packages such as PDM1.1, NXD6.2, MOB6/10 or HVQFN20 package. The package is outside the cryptographic boundary and thus excluded from the FIPS 140-3/ISO/IEC 19790 security testing. The contactless ports of the module require connection to an antenna. The module relies on [ISO 7816] and [ISO 14443] card readers as input/output devices, or a [NXP I2C] connection to a host controller. No components have been excluded from within the cryptographic boundary. Approved Mode of Operation The module only supports an Approved mode of operation. The NXP SEMS Lite applet can support the NIST P256 curve or the vendor Approved and NIST allowed Brainpool256r1 elliptic curve to perform the ECDSA or KASECC operations. In the Approved mode of operation, the NXP SEMS Lite applet supports the Brainpool256r1 elliptic curve by default. The CO role may use SEMS Lite Module Management service to load NIST P-256 curve parameters. The P71D600 GlobalPlatform operational environment component can be identified by using the IDENTIFY APDU command (Info service). This command returns the card identification data, which includes a Platform ID, a Patch ID and other information that allows the identification of the content in ROM, NVM and loaded patches. The Platform ID is a data string that allows the identification of the P71D600 Card Manager component. The IDENTIFY APDU command is formatted as follows: CLA INS P1 P2 Lc Data Le Code ‘80’ ‘CA’ ‘00’ ‘FE’ ‘02’ ‘DF28’ ‘00’ Value Parameter settings GlobalPlatform GET DATA (IDENTIFY) - ISD High order tag value Low order tag value - proprietary data Length of data field Module identification data Length of response data OneSpan NV 2025 Version 1.0 Public Material

Page 7

The command answers the content of the DF28 file: • • • Tag 02 identifies the Patch ID (see Table

  1. Tag 03 identifies the Platform Build ID which is made up of the Platform ID (16 Bytes, see Table 2) and the platform build fingerprint (8 Bytes) Tag 08 identified the ROM ID (see Table
  2. To verify that the GlobalPlatform operational environment runs in the Approved mode of operation, use the IDENTIFY APDU (as described above). The DF28 file tag ‘05’ contains the status of the Approved mode compliancy, where ‘00’ identifies Approved mode not active and ‘01’ - Approved mode active. Both NXP IoT applet and NXP SEMS Lite applet of the module are configured to always run in an Approved mode of operation. The personalized product shall have: • NXP IoT applet v7.2.22 identification: o Package ID: A00000039654530000000103000200H o Applet ID: A0000003965453000000010300000000H o Instance ID: A0000003965453000000010300000000H • NXP SEMS Lite applet v2.0.2.11 identification: o Package ID: A00000039654530000000103300000H o Applet ID: A0000003965453000000010330000000H o Instance ID: A0000003965453000000010330000000H The operator can verify that NXP IoT applet v7.2.22 is in an Approved mode of operation by sending the two (2) following commands to the module:
  3. The SELECT APDU command (Context service) will be called with the following parameters: CLA = 00, INS = A4, P1 = 04, P2 = 00, Lc = 10, Incoming Data = A0000003965453000000010300000000, and Le =
  4. The module shall answer 07021626F2FFFF followed by status code 9000. The response includes the BCD encoded applet version (070216) and the supported applet feature bitmap (26F2). This encoded applet version (070216) corresponds to the decimal version v7.2.22 of the IoT Applet as specified in Table 2 in this document and the module certificate. It is not possible in any way to modify the applet version or the supported features bitmap after the device leaves the factory.
  5. The GetVersion APDU command (IoT Applet Management service) shall be called to get the extended feature bitmap. This command is 80040021 and shall return 26F20000011D81C1E101000E0000000F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F to be in Approved mode of operation. OneSpan NV 2025 Version 1.0 Public Material – May be reproduced only in its original entirety (without revision).
Page 8
Approved algorithm
NameCAVP CertMode MethodKey SizeUse FunctionUse/Function
AES-CBCA2713AES-CBCAES-128, AES-192, AES-256 with 128, 192, 256- bit key strengthData Encryption/ Decryption
AES-CCMA2713AES-CCMAES-128, AES-192, AES-256 with 128, 192, 256-bit key strengthAuthentication Encryption with AES CTR mode and CBC-MAC
AES-CMACA2713AES-CMACAES-128, AES-192, AES-256 with 128, 192, 256-bit key StrengthMessage Authentication; generation and verification SP800-108 KDF
AES-CTRA2713AES-CTRAES-128, AES-192, AES-256 with 128, 192, 256-bit key StrengthData Encryption/ Decryption
AES-ECBA2713AES-ECBAES-128, AES-192, AES-256 with 128, 192, 256-bit key strengthData Encryption/ Decryption
Counter DRBGA2713Counter DRBGAES-256 with 256-bit security strengthDeterministic Random Bit Generation AES-256: RSA and ECDSA key generation
ECDSA KeyGen (FIPS186-4)A2713ECDSA KeyGen (FIPS186-4)P-224, P-256, P-384, P-521 with 112, 128, 192 and 256-bit key strengthECC Key Generation
ECDSA SigGen (FIPS186-4)A2713ECDSA SigGen (FIPS186-4)P-224: (SHA2-224, SHA2-256, SHA2-384, SHA2-512), P-256: (SHA2-256, SHA2- 384, SHA2-512), P- 384: (SHA2-384, SHA2-512), P-521: (SHA2-512) with 112, 128, 192 and 256-bit key strengthDigital Signature Generation
ECDSA SigVer (FIPS186-4)A2713ECDSA SigVer (FIPS186-4)P-224: (SHA2-224, SHA2-256, SHA2-384, SHA2-512), P-256: (SHA2-256, SHA2- 384, SHA2-512), P- 384: (SHA2-384, SHA2-512), P-521: (SHA2-512) with 112, 128, 192 and 256-bit key strengthDigital Signature Verification
HMAC-SHA-1A2713HMAC-SHA-1HMAC-SHA-1 with 128-bit key strengthMessage Authentication
HMAC-SHA2-256A2713HMAC-SHA2- 256HMAC-SHA-256 with 256-bit key strengthMessage Authentication
HMAC-SHA2-384A2713HMAC-SHA2- 384HMAC-SHA-384 with 256-bit key strengthMessage Authentication
HMAC-SHA2-512A2713HMAC-SHA2- 512HMAC-SHA-512 with 256-bit key strengthMessage Authentication
KAS-ECC-SSC Sp800-56Ar3A2713OnePass EC Diffie-Hellman FIPS 140-3 IG D.F Scenario 2 Path 2P-256 with 128-bit key strengthECKey session shared secret computation; SEMS Lite shared secret computation (with Brainpool256r1 curves); The module obtains assurances per Section 5.6.2 in NIST SP800-56Ar3 self-tests
KDA HKDF Sp800-56Cr1A2713Two-step key derivation functionHMAC-SHA1, HMAC- SHA2-256, HMAC- SHA2-384, HMAC- SHA2-512 with 128 and 256-bit key strengthHKDF Operations – extract-then-expand
KDF SP800-108A2713CounterAES-128, AES-192, AES-256 with 128, 192 and 256-bit key strengthDeriving keys from existing keys
KDF SP800-108A2713FeedbackHMAC-SHA1, HMAC- SHA2-256, HMAC- SHA2-384, HMAC- SHA2-512 with 128 and 256-bit key strengthHKDF Operations - expand only
RSA Decryption PrimitiveA2713RSA Decryption Primitiven=2048 with 112-bit decryption strengthDecryption Primitive (standard and CRT)
RSA KeyGen (FIPS186-4)A2713RSA KeyGen (FIPS186-4)n=2048, 3072, 4096 with 112 and 128-bit key strengthKey Generation (standard and CRT)
RSA SigGen (FIPS186-4)A2713RSA SigGen (FIPS186-4)n=2048, 3072, 4096 with PKCS v1.5 and PKCSPSS and SHA2- (224, 256, 384, 512) with 112, 128 and 152 bit key strengthSignature Generation
RSA SigVer (FIPS186-4)A2713RSA SigVer (FIPS186-4)n=2048, 3072, 4096 with PKCS v1.5 and PKCSPSS and SHA-1 , SHA2-(224, 256, 384, 512) with 112, 128 and 152 bit key strengthSignature Verification
RSA Signature PrimitiveA2713RSA Signature Primitiven=2048 with 112-bit security strengthSignature Primitive (standard and CRT)
SHA-1A2713SHA-1SHA-1 with 128-bit security strengthMessage Digest Generation, SEMS Lite command integrity
SHA2-224A2713SHA2-224SHA2-224 with 112- bit or 192-bit security strengthMessage Digest Generation, SEMS Lite command integrity
SHA2-256A2713SHA2-256SHA2-256 with 128 or 256-bit security strengthMessage Digest Generation, SEMS Lite command integrity
SHA2-384A2713SHA2-384SHA2-384 with 192 or 256-bit security strengthMessage Digest Generation, SEMS Lite command integrity
SHA2-512A2713SHA2-512SHA2-512 with 256- bit security strengthMessage Digest Generation, SEMS Lite command integrity
AES-GCMA2714AES-GCMAES-128, AES-192, AES-256 with 128, 192, 256-bit key strengthAuthentication Encryption with Associated Data MAC calculation, MAC verification
AES-GMACA2714AES-GMACAES-128, AES-192, AES-256 with 128, 192, 256-bit key strengthAuthentication Encryption with Associated Data MAC calculation, MAC verification
AES-KWA2714AES-KWAES-128, AES-192, AES-256 with 128, 192, 256-bit key strengthKey Wrapping (Decryption)
KDA OneStep Sp800-56Cr1A2714KDA OneStep Sp800-56Cr1 option 1SHA-256 with 256-bit key strengthEcKey Session Key Derivation
KDF TLSA2714TLS version 1.2 Key Derivation SP800-135r1HMAC-SHA2-256, HMAC-SHA2-384, HMAC-SHA2-512 with 256-bit key strengthKey Derivation Function used in TLS 1.2
PBKDFA2714PBKDF2 Option 1a acc. [SP800- 132r2]HMAC-SHA-1 with 128-bit key strengthPassword-based Key Derivation; This algorithm is provided as a service for module hosting the Module
KDA OneStep Sp800-56Cr1A2715KDA OneStep Sp800-56Cr1 option 1SHA-256 with 256-bit key strengthSEMS Lite shared master key derivation
CKG SP800-133r2Vendor AffirmedSection 4: Symmetric keys and seeds used for generating the asymmetric keys are generated using methods described in Section 4 of SP800- 133r2 Section 5.1: Key Pairs for Digital Signature Schemes Section 6.2.1: Symmetric Keys Generated Using Key-Agreement Schemes Section 6.2.2: Symmetric Keys Derived from a Pre-existing Key Section 6.4: Distributing the Generated Symmetric KeyKey Generation is based on unmodified output of the DRBG cert. #A2713
KAS-1KAS-ECC-SSC Sp800- 56Ar3/A2713 KDA HKDF Sp800- 56Cr1/A2713SP 800-56Arev3 KAS-ECC per IG D.F Scenario 2 path (2)P-256 curve providing 128 bits of encryption strengthKAS (KAS-ECC-SSC Sp 800-56Ar3 with KDA (HKDF))
KAS-2KAS-ECC-SSC Sp800- 56Ar3/A2713 KDA OneStep Sp800- 56Cr1/A2714SP 800-56Arev3 KAS-ECC per IG D.F Scenario 2 path (2)P-256 curve providing 128 bits of encryption strengthKAS (KAS-ECC-SSC Sp 800-56Ar3 with KDA (OneStep KDF))
KAS-3KAS-ECC-SSC Sp800- 56Ar3/A2713 KDA OneStep Sp800- 56Cr1/A2715SP 800- 56Arev3. KAS- ECC per IG D.F Scenario 2 path (2)P-256 curve providing 128 bits of encryption strengthKAS (KAS-ECC-SSC Sp 800-56Ar3 with KDA (OneStep KDF))
KTS-1AES- CBC/A2713 AES- CMAC/A2713AES CBC / AES CMACAES-128, AES-192, AES-256 with 128, 192, 256-bit key strengthSP 800-38D and SP 800-38F KTS (key wrapping) per IG D.G
KTS-2AES- KW/#A2714KWAES-128, AES-192, AES-256 with 128, 192, 256-bit key strengthSP 800-38F KTS (key wrapping) per IG D.G
AESCert. #A2713, key unwrapping; key establishment methodology provides between 128 and 256 bits of encryption strength Per IG D.GSymmetric key unwrapping (according to RFC3394)
AESCert. #A2713, key unwrapping; key establishment methodology provides 128 bits of encryption strength Per IG D.GSymmetric key unwrapping (according to GlobalPlatform Amendment-I)
ECDSA with non- NIST recommended curvesProvides between 112 and 256 bits of encryption strength Per IG C.ASignature Generation/Verification using non-NIST curves [Brainpool224r1, Brainpool256r1, Brainpool320r, Brainpool384r1, Brainpool512r1, Secp224k1, Secp256k1 with strengths ]112, 128, 192 and 256 bits]
EC Diffie-Hellman with non-NIST recommended curvesProvides between 112 and 256 bits of encryption strength Per IGs D.F and C.AShared secret computation using non-NIST curves [Brainpool224r1, Brainpool256r1, Brainpool320r, Brainpool384r1, Brainpool512r1, Secp224k1, Secp256k1 with strengths ]112, 128, 192 and 256 bits]

The operator can verify that NXP SEMS Lite applet v2.0.2.11 is an Approved mode of operation by sending the three (3) following commands to the module:

  1. The SELECT APDU command (SEMS Lite General service) shall be called with the following parameters: CLA = 00, INS = A4, P1 = 04, P2 = 00, Lc = 10, Incoming Data = A0000003965453000000010330000000, and Le =
  2. Return code shall be 90 00 (OK)
  3. The GET DATA APDU command (SEMS Lite General service) shall be called with the following parameters: CLA = 80, INS = CA, P1 = 00, P2 = DE, and Le =
  4. The command shall return DE04020002119000 with 02000211 indicating the NXP SEMS Lite applet version. This encoded applet version (02000211) corresponds to the decimal version v2.0.2.11 of the IoT Applet as specified in Table
2 in this document and the module certificate.
  1. The GET DATA APDU command (SEMS Lite General service) shall be called with the following parameters: CLA = 80, INS = CA, P1 = 00, P2 = C6, and Le =
  2. The command shall return C601019000 with C60101 indicating the NXP SEMS Lite applet is configured in Approved mode of operation. The module does not support a degraded operation. In addition to the configurations tested by the laboratory, vendor-affirmed testing was performed on the following platforms: • • SE052 NCJ37 Note: The CMVP makes no statement as to the correct operation of the module or the security strengths of the generated keys if the specific operational environment is not listed on the validation certificate. Cryptographic Algorithms The module implements the following Approved cryptographic algorithms. OneSpan NV 2025 Version 1.0 Public Material – May be reproduced only in its original entirety (without revision).
Page 9

OneSpan NV 2025 Version 1.0 Public Material

Page 10

HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2512 OneSpan NV 2025 Version 1.0 Public Material

Page 11

OneSpan NV 2025 Version 1.0 Public Material

Page 12

Sp80056Ar3/A2713 Sp80056Cr1/A2714 Sp80056Ar3/A2713 Sp80056Cr1/A2715 (2) Sp80056Ar3/A2713 Sp80056Cr1/A2713 OneSpan NV 2025 Public Material

Page 13
Approved algorithm
NameCAVP CertMode MethodKey SizeUse FunctionUse/Function
KTS-1AES- CBC/A2713 AES- CMAC/A2713AES CBC / AES CMACAES-128, AES-192, AES-256 with 128, 192, 256-bit key strengthSP 800-38D and SP 800-38F KTS (key wrapping) per IG D.G
KTS-2AES- KW/#A2714KWAES-128, AES-192, AES-256 with 128, 192, 256-bit key strengthSP 800-38F KTS (key wrapping) per IG D.G
AESCert. #A2713, key unwrapping; key establishment methodology provides between 128 and 256 bits of encryption strength Per IG D.GSymmetric key unwrapping (according to RFC3394)
AESCert. #A2713, key unwrapping; key establishment methodology provides 128 bits of encryption strength Per IG D.GSymmetric key unwrapping (according to GlobalPlatform Amendment-I)
ECDSA with non- NIST recommended curvesProvides between 112 and 256 bits of encryption strength Per IG C.ASignature Generation/Verification using non-NIST curves [Brainpool224r1, Brainpool256r1, Brainpool320r, Brainpool384r1, Brainpool512r1, Secp224k1, Secp256k1 with strengths ]112, 128, 192 and 256 bits]
EC Diffie-Hellman with non-NIST recommended curvesProvides between 112 and 256 bits of encryption strength Per IGs D.F and C.AShared secret computation using non-NIST curves [Brainpool224r1, Brainpool256r1, Brainpool320r, Brainpool384r1, Brainpool512r1, Secp224k1, Secp256k1 with strengths ]112, 128, 192 and 256 bits]

AESCBC/A2713 AESCMAC/A2713 AESKW/#A2714 Table 3

Page 14

Brainpool384r1 [RFC5639] No IFp Brainpool512r1 [RFC5639] No IFp Secp224k1 [SEC2] No IFp Secp256k1 [SEC2] No IFp The module does not support Non-Approved Algorithms Allowed in the Approved Mode of Operation with No Security Claimed and Non-Approved Algorithms Not Allowed in the Approved Mode of Operation. Figure 1

Page 15

Figure 2

Page 16

Card Manager (ISD/SSD) NXP SEMS Lite Applet NXP IoT Applet Firmware Platform Global Platform API JavaCard API JCOP OS Hardware Power Mgmt VDD, VSS GND Timers EEPROM Flash Reset Mgmt AES Engine NXP T1I2C (I2C) SDA/SCL (I2C) RSA/ECC Engine ISO 7816 (UART) I/O (Contact) HW RNG ISO 14443 (RF) LA/LB (RF) CPU Sensors RST CRC DES Engine MMU Clock Mgmt CLK RAM ROM Figure 3

Page 17

Overall Security Design and Rules of Operation PBKDF Operation details

112 bits. The probability that a random attempt will end up with the same output is:

Page 18
Ports and interfaces
NamePhysical PortLogical InterfaceData That Passes
VSS, VDDVSS, VDDPower interfaceThese interfaces are used to supply power to the module in contact mode; The module starts when interface is powered
VIN, VOUTVIN, VOUTPower interfaceThese interfaces are used to supply power to the module in contact, contactless and I2C mode in case deep power-down mode is used
RST_NRST_NControl input interfaceIf a signal is sent on this interface on contact mode, the module will reboot (active low)
CLKCLKControl input interfaceThe interface is used by an external device (ex: smartcard reader) to provide a clock signal to the IC in contact mode; The IC will derive its own clock from this signal
IO1IO1Control input interface, Data input interface, Data output interface, Status output interfaceThe interface is used to communicate with an external entity (ex: SmartCard reader) in contact mode; It also functions as I2C master SDA in I2C mode
IO2IO2Control input interface, Data input interface, Data output interface, Status output interfaceThe interface is used to communicate with an external entity (ex: SmartCard reader) in contact mode; It also functions as I2C master SCL in I2C mode or as SPI interface
LA, LBLA, LBPower interface, Control input interface, Data input interface, Data output interface, Status output interfaceThe interface is used to communicate with an external entity (ex: smartcard reader) in contactless mode; This interface is also used to set the internal clock and to supply power to the module
SDASDAControl input interface, Data input interface, Data output interface, Status output interfaceThe interface is used to communicate with an external entity such as a host controller
SCLSCLControl input interfaceThe interface is used by an external device (ex: host controller) to provide a clock signal to the I2C HW

Table 5

Page 19
Service
NameRolesInputOutput
Manage ContentCOCommand parameters (data objects, SSPs)Status Word (Response APDU 9000)APDU(s) used: DELETE LOAD INSTALL MANAGE CHANNEL
Lifecycle (Show status and Perform zeroisation)COTarget statusStatus Word (Response APDU 9000)APDU(s) used: SET STATUS GET STATUS
Manage ContentCOCommand parameters (data objects, SSPs)Status Word (Response APDU 9000)APDU(s) used: PUT KEY STORE DATA
Privileged Info (Show module’s versioning information)COCommand parameters (privileged data objects, but no SSPs)Requested information; Status Word (Response APDU 9000)APDU(s) used: GET DATA
Secure ChannelCOCommand parameters (data objects, SSPs)Status Word (Response APDU 9000)APDU(s) used: INITIALIZE UPDATE EXTERNAL AUTHENTICATE
IoT Applet ManagementCOAuthentication data to open an applet sessionStatus Word (Response APDU 9000)APDU(s) used: SetLockState, SetPlatformSCPRequest, DeleteAll, SetAppletFeatures, ImportExternalObject
Module Usage (Perform Self- Tests and Show module’s versioning information)User, COCommand parameters (e.g. required length for GetRandom, memory type for GetFreeMemory, etc.)Requested information; Status Word (Response APDU 9000)APDU(s) used: DisableSecureObjectCreation, SendCardManagerCommand, TriggerSelfTest, I2CM_ExecuteCommandSet, GetVersion, GetTimestamp, GetFreeMemory, GetRandom, ReadState
Session ManagementUser, COSession creation C-APDU; authentication data to open the applet sessionStatus Word (Response APDU 9000)APDU(s) used: CreateSession, VerifySessionUserID, SCPInitializeUpdate, SCPExternalAuthenticate, ECKeySessionInternalAuthenticate, ECKeySessionGetECKAPublicKey, ExchangeSessionData, ProcessSessionCmd, RefreshSession, CloseSession
Secure Object Write FunctionalityUser, COObject identifier; Secure Object characteristics (transient/persistent; Authentication rights or not; etc.); (optionally) Secure Object value; (optionally) Secure Object non-default policy (optionally) Secure Object versionStatus Word (Response APDU 9000)APDU(s) used: WriteECKey/WriteRSAKey, WriteSymmKey, WriteBinary, WriteUserID, WriteCounter, WritePCR, ImportObject
Secure Object Read FunctionalityUser, COObject identifierSecure Object value (if non-secret) (optionally) Secure Object attributes Status Word (Response APDU 9000)APDU(s) used: ReadObject, ReadAttributes, ExportObject
Secure Object ManagementUser, COObject identifierSecure Object characteristics (type, size, exists, etc.) or listing of Secure Objects Status Word (Response APDU 9000)APDU(s) used: ReadType, ReadSize, ReadIDList, CheckObjectExists, DeleteSecureObject
EC Curve Management (Perform approved security functions)User, COCurve Identifier; (optionally) curve parameters Secure Object identifier (for GetECCurveID)Status Word (Response APDU 9000) Curve set indicators (for ReadECCurveList) Curve identifier (for GetECCurveID)APDU(s) used: CreateECCurve, SetECCurveParam, GetECCurveID, ReadECCurveList, DeleteECCurve
Crypto Object ManagementUser, COCrypto object identifier; (optionally) Crypto Object characteristicsStatus Word (Response APDU 9000) List of Crypto Object identifiers (for ReadCyptoObjectList)APDU(s) used: CreateCryptoObject, ReadCryptoObjectList, DeleteCryptoObject
EC Crypto Operations (Perform approved security functions)User, COSecure Object identifier; Input data (message/signature/exte rnal public key)Output data (signature, result of verification, shared secret) Status Word (Response APDU 9000)APDU(s) used: ECDSASign, ECDSAVerify
RSA Crypto Operations (Perform approved security functions)User, COSecure Object identifier; Input data (message/signature)Output data (signature, result of verification, encrypted or decrypted data) Status Word (Response APDU 9000)APDU(s) used: RSASign, RSAVerify, RSAEncrypt, RSADecrypt
Symmetric Cipher Crypto Operations (Perform approved security functions)User, COSecure Object identifier or Crypto Object identifier Input data (message)Output data (encrypted or decrypted message) Status Word (Response APDU 9000)APDU(s) used: CipherInit, CipherUpdate, CipherFinal, CipherOneShot
Authenticated Encryption Crypto Operations (Perform approved security functions)User, COSecure Object identifier or Crypto Object identifier Input data (message, AAD, tag, etc.)Output data (encrypted or decrypted message, tag or result of tag verification) Status Word (Response APDU 9000)APDU(s) used: AEADInit, AEADUpdate, AEADFinal, AEADOneShot
MAC Calculation Crypto Operations (Perform approved security functions)User, COSecure Object identifier or Crypto Object identifier Input data (message, MAC (for verification))Output data (MAC or result of MAC verification) Status Word (Response APDU 9000)APDU(s) used: MACInit, MACUpdate, MACFinal, MACOneShot
HKDF operations (Perform approved security functions)User, COSecure Object identifier HKDF input parameters (digest type, message, requested length, salt, output object, etc.)Output data (derived data) if not stored on- chip Status Word (Response APDU 9000)APDU(s) used: HKDFExtractAndExpand, HKDFExpandOnly
PBKDF Operation (Perform approved security functions)User, COSecure Object identifier PBKDF2 input data (salt, iteration count, requested length)Output data (derived data) Status Word (Response APDU 9000)APDU(s) used: PBKDF2DeriveKey
TLS KDF Functions (Perform approved security functions)User, COSecure Object identifier(s) TLS KDF input data (digest type, label, random, requested length)Output data Status Word (Response APDU 9000)APDU(s) used: TLSGenerateRandom, TLSCalculatePremasterSecret, TLSPerformPRF
Secure Hash Crypto Operations (Perform approved security functions)User, CODigest mode or Crypto Object identifier Input data (message)Output data (hashed message) Status Word (Response APDU 9000)APDU(s) used: DigestInit, DigestUpdate, DigestFinal, DigestOneShot
SEMS Lite AuthenticationUser, COAuthentication information or SEMS Secure channelAllow or reject SEMS Lite Manage Content service or SEMS Lite Root Key Update or Error codeAPDU(s) used: PROCESS, SCRIPT, COMMAND
SEMS Lite Manage ContentUser, COContent management commands wrapped in SEMS Secure channelImplicit indication via the successful completion of serviceAPDU(s) used: SEMS_SELECT, SEMS_APDU, SEMS_BEGIN_PERSO, SEMS_END_PERSO, SEMS_INSTALL_FOR_LOAD, SEMS_LOAD, SEMS_INSTALL_FOR_INSTALL, SEMS_DELETE, SEMS_BINDING_SE, BEGIN_MANAGE_ELF_UPGRADE, END_MANAGE_ELF_UPGRADE
SEMS Lite Root Key UpdateCOKey update commands wrapped in SEMS Secure channelImplicit indication via the successful completion of serviceAPDU(s) used: SEMS_KEY_ROTATION
Card ResetCO, User, Unauthor isedPower cycle or reset the moduleStatus Word (Response APDU 9000)APDU(s) used: N/A
ContextCO, User, Unauthor isedCommand parameters (data objects, SSPs)Status Word (Response APDU 9000)APDU(s) used: SELECT. MANAGE CHANNEL
Info (Show status and Perform self- tests)CO, User, Unauthor isedCommand parameters (data objects, SSPs)Status Word (Response APDU 9000)APDU(s) used: GET DATA
SEMS Lite General (Show module’s versioning information)CO, User, Unauthor isedCommand parameters (data objects, SSPs)Status Word (Response APDU 9000)APDU(s) used: SEMS_SELECT, GET DATA

The module supports the following roles:

Page 20

OneSpan NV 2025 Public Material

Page 21

OneSpan NV 2025 Version 1.0 Public Material

Page 22

OneSpan NV 2025 Version 1.0 Public Material

Page 23

N/A Perform selftests) OneSpan NV 2025 Version 1.0 Public Material

Page 24
RoleAuthentication MethodAuthentication Strength
CO UserSCP03128 bits
UserID Session32 bits (minimum)
AESKey Session128 bits
ECKey Session128 bits
SEMS Lite Applet128 bits

Authentication of each operator and their access to roles and services is as described below, independent of logical channel usage (identity-based authentication methods implemented).

Page 25

The module enforces a maximum of 60 failed Global Platform SCP03 authentication attempts before permanently blocking the card. The probability that a random attempt will succeed over a one-minute interval is (with the assumption here that one attempt is possible per second):

Page 26

challenges. The Secure Element cryptogram and challenge are sent to the external entity which checks the Secure Element cryptogram and creates its own 64-bit cryptogram with both challenges. A 64-bit message authentication code (MAC) is also computed on the command containing the external entity cryptogram with AES-CMAC and APPSMAC key. The MAC is concatenated to the command, and the command is sent to the Secure Element. The Secure Element checks the message authentication code and compares the received cryptogram to the calculated cryptogram. If all of this succeeds, the two participants are mutually authenticated (the external entity is authenticated to the module in the CO/User role). The probability that a random attempt will succeed using this authentication method is:

Page 27

SEMS Lite Applet Authentication The SEMS Lite applet is provided by the SEMS Lite Authentication service. The service provides authentication, confidentiality, and integrity of each authenticated service. The SEMS Lite Applet authentication consists of verifying a Brainpool256r1 ECDSA signature computed on a 113-byte data generated off the module and the CO public key APP-ECC-RT-PUB-AUT, see section 5.1.4 of [GP] Amendment-I. The probability that a random attempt will succeed using this authentication method is:

Page 28
Service
NameDescriptionRolesCsps AccessedApproved FunctionsAccessIndicator
Manage ContentLoad keys and dataCOOS-SKEK SD-KENC SD-KMAC SD-KDEK DAP-DAPKN/AE, W, ZStatus Word (Response APDU 9000)
Lifecycle (Show status and Perform zeroisation)Get or modify the card or applet life cycle statusCOAllN/AE, ZStatus Word (Response APDU 9000)
Manage ContentLoad keys and dataCOOS-SKEK SD-KENC SD-KMAC SD-KDEK DAP-DAPKN/AE, W, ZStatus Word (Response APDU 9000)
Privileged Info (Show module’s versioning information)Read Module data (privileged data objects, but no CSPs)COOS-MKEK SD-KENC SD-KMAC SD-SENC SD-SMAC SD-RMACN/AEStatus Word (Response APDU 9000)
Secure ChannelEstablish and use a secure communication channelCOOS-DRBG-EI OS-DRBG-SEED OS-DRBG-STATE OS-DRBG-KEY OS-DRBG-V OS-DRBG-OUTPUT OS-MKEK SD-KENC SD-KMAC SD-SENC SD-SMAC SD-RMACCTR_DRBG (Cert. A2713) CKG (Vendor Affirmed)E, G, ZStatus Word (Response APDU 9000)
IoT Applet ManagementThis service manages the P71D600 appletCOSD-SENC SD-SMAC SD-RMAC APP-ECC-RT-PRIV-KA APP-AES-RAM-K0-KEY APP-AES-RAM-Kn-KEY APP-EC-PUB-KEY-CO APP-EC-PUB-KEY-USER APP-ECC-RT-PUB-AUT APP-ECC-PUB-eKA APP-ECC-PUB-AUT APP-KAS-IOT-SSAES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714) KDF SP800- 108 (Cert. A2713) ECDSA (Cert. A2713) P-256 SHS (Cert. A2713) KAS-ECC (Cert. A2713) P-256 SHS (Cert. A2713) CKG (Vendor Affirmed)E, G, WStatus Word (Response APDU 9000)
Module Usage (Perform Self-Tests and Show module’s versioning information)Perform Self-Tests and Show module’s versioning informationCO, UserAllAllEStatus Word (Response APDU 9000)
Session ManagementThis service manages the applet sessions; Users can decide to open a session or not; Opening a session requires to authenticate to the applet using either an UserID, an AES128 key or an EC key depending on the session typeCO, UserOS-DRBG-EI OS-DRBG-STATE OS-DRBG-KEY OS-DRBG-V OS-DRBG-OUTPUT OS-MKEK SD-KENC SD-KMAC SD-SENC SD-SMAC SD-RMAC APP-KAS-SSC-EC-PRIV- KEY APP-KAS-IOT-SS APP-AES-KEY-AUTH APP-SENC APP-SMAC APP-RMAC APP-USERID-FILE APP-EC-PRIV-KEY APP-AES-KEY APP-KAS-SSC-EC-PUB- KEY APP-EC-PUB-KEY-CO APP-EC-PUB-KEY-USERAES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714) KDF SP800- 108 (Cert. A2713) ECDSA (Cert. A2713) P-256 SHS (Cert. A2713) KAS-ECC (Cert. A2713) P-256 SHS (Cert. A2713) CKG (Vendor Affirmed)E, G, ZStatus Word (Response APDU 9000)
Secure Object Write FunctionalityThis service manages the generation (either an RSA or EC key pair) or transport (EC keys, RSA keys, symmetric keys, binary files, UserIDs, monotonic counters, PCRs) of Secure Objects.CO, UserOS-DRBG-EI OS-DRBG-STATE OS-DRBG-KEY OS-DRBG-V OS-DRBG-OUTPUT OS-MKEK SD-SENC SD-SMAC SD-RMAC APP-TRANSPORT- CIPHER APP-TRANSPORT-MAC APP-AES-KEY-AUTH APP-USERID-FILE APP-EC-PRIV-KEY APP-RSA-PRIV-KEY APP-AES-KEY APP-HMAC-KEY APP-EC-PUB-KEY-CO APP-EC-PUB-KEY-USER APP-EC-PUB-KEY APP-RSA-PUB-KEYCTR_DRBG (A2713) AES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714) KDF SP800- 108 (Cert. A2713) ECDSA (Cert. A2713) P-256 SHS (Cert. A2713) KAS-ECC (Cert. A2713) P-256 RSA (Cert. A2713)2048, 3072, 4096 bits SHS (Cert. A2713) CKG (Vendor Affirmed)E, G, R, W, ZStatus Word (Response APDU 9000)
Secure Object Read FunctionalityThis service manages the reading of Secure Objects or its attributes; Asymmetric private keys or symmetric keys can never be read in plaintextCO, UserOS-MKEK SD-SENC SD-SMAC SD-RMAC APP-TRANSPORT- CIPHER APP-TRANSPORT-MAC APP-EC-PRIV-KEY APP-RSA-PRIV-KEY APP-AES-KEY APP-HMAC-KEY APP-KAS-SSC-EC-PUB- KEY APP-EC-PUB-KEY-CO APP-EC-PUB-KEY-USER APP-EC-PUB-KEY APP-RSA-PUB-KEYN/AE, RStatus Word (Response APDU 9000)
Secure Object ManagementThis service manages the reading of Secure Object attributesCO, UserOS-MKEK SD-SENC SD-SMAC SD-RMAC APP-AES-KEY-AUTH APP-USER-ID-FILE APP-RSA-PRIV-KEY APP-AES-KEY APP-HMAC-KEY APP-EC-PUB-KEY-USER APP-EC-PUB-KEY APP-RSA-PUB-KEYAES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714) HMAC (Cert. A2713) ECDSA (Cert. A2713) P-256 SHS (Cert. A2713) RSA (Cert. A2713)2048, 3072, 4096 bits SHS (Cert. A2713) CKG (Vendor Affirmed)E, ZStatus Word (Response APDU 9000)
EC Curve Management (Perform approved security functions)This service manages the EC curves that can be used during EC cryptographic operationsCO, UserSD-SENC SD-SMAC SD-RMACECDSA (Cert. A2713) P-256 SHS (Cert. A2713)EStatus Word (Response APDU 9000)
Crypto Object ManagementThis service manages the Crypto Objects that can be used. Crypto Objects allow to do operations in multiple steps (init/update/final) Supported Crypto Objects allow to use a digest, cipher or MAC algorithm to be usedCO, UserSD-SENC SD-SMAC SD-RMAC APP-AES-KEY APP-HMAC-KEYSHS (Cert. A2713) AES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714) HMAC (Cert. A2713)EStatus Word (Response APDU 9000)
EC Crypto Operations (Perform approved security functions)This service triggers OS API for ECDSA signature generation and verification, and for EC DH shared secret calculation according to [56Ar3] Section 5.7.1.2CO, UserOS-DRBG-EI OS-DRBG-STATE OS-DRBG-KEY OS-DRBG-V OS-DRBG-OUTPUT OS-MKEK SD-SENC SD-SMAC SD-RMAC APP-EC-PRIV-KEY APP-EC-PUB-KEYECDSA (Cert. A2713) P-256 KAS-SSC (Cert. A2713) P-256 SHS (Cert. A2713) CKG (Vendor Affirmed)E, G, ZStatus Word (Response APDU 9000)
RSA Crypto Operations (Perform approved security functions)This service triggers OS API for RSA signature generation and verification, and for RSA encryption and decryption (components only)CO, UserOS-DRBG-EI OS-DRBG-STATE OS-DRBG-KEY OS-DRBG-V OS-DRBG-OUTPUT OS-MKEK SD-SENC SD-SMAC SD-RMAC APP-RSA-PRIV-KEY APP-RSA-PUB-KEYRSA (Cert. A2713)2048, 3072, 4096 bits SHS (Cert. A2713) CKG (Vendor Affirmed)E, G, ZStatus Word (Response APDU 9000)
Symmetric Cipher Crypto Operations (Perform approved security functions)This service triggers OS API for AES encryption and decryptionCO, UserOS-MKEK SD-SENC SD-SMAC SD-RMAC APP-AES-KEYAES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714)EStatus Word (Response APDU 9000)
Authenticate d Encryption Crypto Operations (Perform approved security functions)This service provides execution of the AEAD function using OS API primitives for AES GCM encryption and decryption, and DRBG for internal IV generationCO, UserSD-SENC SD-SMAC SD-RMACAES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714) CTR_DRBG (A2713)EStatus Word (Response APDU 9000)
MAC Calculation Crypto Operations (Perform approved security functions)This service triggers OS API for MAC CalculationCO, UserOS-MKEK SD-SENC SD-SMAC SD-RMAC APP-HMAC-KEYCMAC (Cert. A2713) HMAC (Cert. A2713)EStatus Word (Response APDU 9000)
HKDF operations (Perform approved security functions)This service triggers OS API for HKDF operations (either Two Step Key Derivation using HMAC or the Key Derivation Function using Pseudorandom functions)CO, UserOS-MKEK SD-SENC SD-SMAC SD-RMAC APP-HMAC-KEYHKDF (Certs. A2713 and A2714)EStatus Word (Response APDU 9000)
PBKDF Operation (Perform approved security functions)This service provides execution of the Password-Based Key Derivation Function. The derived key is returned to the operator and not used by the moduleCO, UserOS-MKEK SD-SENC SD-SMAC SD-RMACPBKDF2 (Cert. A2714)EStatus Word (Response APDU 9000)
TLS KDF Functions (Perform approved security functions)This service provides support for TLS v1.2 calculations. It does not implement the TLS v1.2 protocolCO, UserOS-MKEK SD-SENC SD-SMAC SD-RMACKDF (Cert. A2713)EStatus Word (Response APDU 9000)
Secure Hash Crypto Operations (Perform approved security functions)This service triggers OS API for [FIPS 180-4] compliant hash algorithmsCO, UserOS-MKEK SD-SENC SD-SMAC SD-RMACSHA (Cert. A2713)EStatus Word (Response APDU 9000)
SEMS Lite Authenticatio nThe service provides the authenticated secure messagingCO, UserOS-MKEK APP-ECC-RT-PRIV-KA APP-AES-RAM-K0-KEY APP-AES-RAM-Kn-KEY APP-ECC-RT-PUB-AUT APP-ECC-PUB-eKA APP-ECC-PUB-AUT APP-CERT-KR-AUT APP-CERT-AUT DAP-DAPKAES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714) ECDSA (Cert. A2713) P-256 SHS (Cert. A2713) KAS-ECC (Cert. A2713) P-256 CKG (Vendor Affirmed)E, G, W, ZStatus Word (Response APDU 9000)
SEMS Lite Manage ContentThe service is used to load data. The data is wrapped in SEMS Lite AuthenticationCO, UserOS-MKEK APP-ECC-RT-PRIV-KA APP-AES-RAM-K0-KEY APP-AES-RAM-Kn-KEY APP-ECC-RT-PUB-AUT APP-ECC-PUB-eKA APP-ECC-PUB-AUT APP-CERT-KR-AUT APP-CERT-AUT DAP-DAPKAES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714) ECDSA (Cert. A2713) P-256 SHS (Cert. A2713) KAS-ECC (Cert. A2713) P-256 CKG (Vendor Affirmed)E, G, W, ZStatus Word (Response APDU 9000)
SEMS Lite Root Key UpdateThis service updates APP-ECC-RT-PRIV-KA and APP-ECC-RT-PUB- AUT keys wrapped in SEMS Lite AuthenticationCOOS-MKEK APP-ECC-RT-PRIV-KA APP-AES-RAM-K0-KEY APP-AES-RAM-Kn-KEY APP-ECC-RT-PUB-AUT APP-ECC-PUB-eKA APP-ECC-PUB-AUT APP-CERT-KR-AUT APP-CERT-AUTAES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714) ECDSA (Cert. A2713) P-256 SHS (Cert. A2713) KAS-ECC (Cert. A2713) P-256 CKG (Vendor Affirmed)E, G, W, ZStatus Word (Response APDU 9000)
Card ResetPower cycle or reset the moduleCO, User, Unauth- orisedN/AN/AN/AStatus Word (Response APDU 9000)
ContextSelect an applet or manage logical channelsCO, User, Unauth- orisedN/AN/AN/AStatus Word (Response APDU 9000)
InfoRead unprivileged data objects, e.g., module configuration or status information (Show Status). This service includes the Pre- operational Self-Test on-demandCO, User, Unauth- orisedN/AN/AN/AStatus Word (Response APDU 9000)
SEMS Lite GeneralThis service provides generic operations which are not required to be protected by applying security. It includes selecting the SEMS Lite applet, reading version of the SEMS Lite applet or APP-ECC-RT-PUB-AUT public key of SEMS Lite AppletCO, User, Unauth- orisedN/AN/AN/AStatus Word (Response APDU 9000)
Page 29

FIPS 140-3 Security Policy - DIGIPASS FX Crypto KDF SP800108 OneSpan NV 2025 Version 1.0 Public Material

Page 30

FIPS 140-3 Security Policy - DIGIPASS FX Crypto KDF SP800108 OneSpan NV 2025 Version 1.0 Public Material

Page 31

FIPS 140-3 Security Policy - DIGIPASS FX Crypto KDF SP800108 APP-TRANSPORTCIPHER OneSpan NV 2025 Version 1.0 Public Material

Page 32

FIPS 140-3 Security Policy - DIGIPASS FX Crypto N/A APP-TRANSPORTCIPHER OneSpan NV 2025 Version 1.0 Public Material

Page 33

FIPS 140-3 Security Policy - DIGIPASS FX Crypto E E, G, Z E, G, Z OneSpan NV 2025 Version 1.0 Public Material

Page 34

FIPS 140-3 Security Policy - DIGIPASS FX Crypto E E E OneSpan NV 2025 Version 1.0 Public Material

Page 35

FIPS 140-3 Security Policy - DIGIPASS FX Crypto E E E, G, W, Z n OneSpan NV 2025 Version 1.0 Public Material

Page 36

FIPS 140-3 Security Policy - DIGIPASS FX Crypto OneSpan NV 2025 Version 1.0 Public Material

Page 37

FIPS 140-3 Security Policy - DIGIPASS FX Crypto N/A N/A Unauthorised N/A N/A Unauthorised N/A N/A N/A Unauthorised N/A N/A N/A Unauthorised N/A N/A Table 8

Page 38

FIPS 140-3 Security Policy - DIGIPASS FX Crypto Software/Firmware Security The cryptographic module is considered a hardware module with firmware components. An error detection code (32-bit CRC performed over all code located in Flash) is applied to all firmware components within the module. If the integrity test fails, the module enters the hard error (MUTE) state. An operator of the module can perform the integrity test on demand with the GET DATA APDU command. As a single-chip hardware module, the executable form of the code, i.e., firmware is binary format. The module does not support loading of firmware from an external source. ROM endurance has been proven to be more than 10 years after manufactured date. Therefore, per FIPS 140-3 IG 5.A, no pre-operational ROM integrity self-test has been implemented. The module’s endof-life procedures must be applied prior to the degradation of the ROM by setting the module to the TERMINATE state. All data and control inputs, and data and status outputs of the cryptographic module and services are directed through the module’s defined interfaces. OneSpan NV 2025 Version 1.0 Public Material

Page 39

FIPS 140-3 Security Policy - DIGIPASS FX Crypto Operational Environment The module claims to meet Physical Security Level 4 and thus the requirements per this section do not apply. OneSpan NV 2025 Version 1.0 Public Material

Page 40
Recommended Frequency of
Physical Security MechanismInspection/Test Guidance Details
Inspection/Test
N/AN/AN/A
Temperature or voltageResult
EFP or EFT
Measurement(Shutdown/Zeroisation)
Low Temperature-40°CEFPShutdown
High Temperature+105°CEFPShutdown
Low Voltage1.62VEFPShutdown
High Voltage6.0VEFPShutdown
Hardness tested temperature measurement
Low Temperature-45°C
High Temperature+125°C

FIPS 140-3 Security Policy - DIGIPASS FX Crypto The module is a single-chip implementation that meets commercial-grade specifications for power, temperature, reliability, and shock/vibrations. The module uses standard passivation techniques. The module includes Environmental Failure Protection features such as temperature and voltage sensors. Fault Induction mitigation techniques are light sensors and spike sensors on the supply voltage lines. Identification of internal features such as sensitive components or interconnections is impeded by a fine mesh of metal shield lines that resides at the outermost layers of the chip. Delivery forms of the module are QFN package, contactless chip card module, or sawn wafer. Therefore, the module does not rely on any physical security based on a package. N/A Table 10

Page 41

FIPS 140-3 Security Policy - DIGIPASS FX Crypto Non-Invasive Security Please see Section 12 below for information regarding non-invasive security countermeasures. OneSpan NV 2025 Version 1.0 Public Material

Page 42
Sensitive security parameter
NameStrengthSecurity FunctionGenerationEstablishmentStorageUseImport ExportZero- isation
OS-DRBG-EI CSP384 bitsCTR_DRBG (Cert. A2713)Internally via ENT (P)N/ATemporarily stored in RAM in plaintext (does not persist beyond a power cycle); object identifier to entity associationRandom value from ENT (P) used to seed reciprocally and AES-256 DRBGN/APower-off (temporarily stored in RAM)
OS-DRBG- STATE CSP880 bitsCTR_DRBG (Cert. A2713)Internally via SP800- 90Ar1 DRBG processN/AStored in NVM in plaintext; object identifier to entity associationCurrent DRBG state valueN/ADestroyed by termination of the module (LifeCycle/ Perform Zeroisation service); overwritten with zeroes
OS- DRBG- KEY CSP256 bitsCTR_DRBG (Cert. A2713)Internally via SP800- 90Ar1 DRBG processN/AStored in NVM in plaintext; object identifier to entity associationCurrent DRBG state valueN/ADestroyed by terminate- on of the Module (LifeCycle/ Perform Zeroisation service); overwritt en with zeroes
OS-DRBG-V CSP256 bitsCTR_DRBG (Cert. A2713)Internally via SP800- 90Ar1 DRBG processN/AStored in NVM in plaintext; object identifier to entity associationCurrent DRBG state valueN/ADestroyed by terminate- on of the Module (LifeCycle/ Perform Zeroisation service); overwritt en with zeroes
OS-DRBG- OUTPUT CSP256 bitsCTR_DRBG (Cert. A2713)Internally via SP800- 90Ar1 DRBG processN/AStored in NVM in plaintext; object identifier to entity associationUnmodified output from the DRBG used for SSP generationN/ADestroyed by termination of the module (LifeCycle/ Perform Zeroisation service); overwritten with zeroes
OS-SKEK CSP128 bitsAES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714)N/AN/AStored in NVM in plaintext; object identifier to entity associationUsed to build OS-MKEKEntered during manufact- uring/ personali- zationDestroyed by termination of the module (LifeCycle/ Perform Zeroisation service); overwritten with zeroes
OS-MKEK CSP128 bitsAES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714)OS-SKEK permutati on (xor between OS-SKEK and a constant value)N/AStored in NVM in plaintext; object identifier to entity associationUsed to encrypt all secret and private key data stored in NVMN/ADestroyed by termination of the module (LifeCycle/Pe rform Zeroisation service); overwritten with zeroes
SD-KENC CSP128 bitsAES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714)N/AN/AStored in NVM encrypted with Approved AES CBC with OS- MKEK; key version to entity associationUsed to derive SD-SENCEntered during manufactu ring/ personali- zation Or AES-CBC (using SD- KDEK) encrypted (RFC 3394 method) and transporte d using platform SCP03 Exported using Approved KTSDestroyed because of OS-MKEK zeroisation
SD-KMAC CSP128 bitsAES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714)N/AN/AStored in NVM encrypted with Approved AES CBC with OS- MKEK; key version to entity associationUsed to derive SD-SMACEntered during manufactu ring/pers- onalization Or AES-CBC (using SD- KDEK) encrypted (RFC 3394 method) and transporte d using platform SCP03 Exported using Approved KTSDestroyed because of OS-MKEK zeroisation
SD-KDEK CSP128 bitsAES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714)N/AN/AStored in NVM encrypted with Approved AES CBC with OS- MKEK; key version to entity associationSensitive data decryption key used to decrypt CSPsEntered during manufactu ring/perso nalization Or Entered encrypted with the previous SD-KDEK Exported using Approved KTSDestroyed because of OS-MKEK zeroisation
SD-SENC CSP128 bitsAES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714) KDF SP800- 108 (Cert. A2713) CKG (Vendor Affirmed)N/ADerived with Approved KDF SP800- 108Temporarily stored in RAM in plaintext (does not persist beyond a power cycle); object identifier to entity associationSession encryption key used to secure channel dataN/APower-off (temporarily stored in RAM)
SD-SMAC CSP128 bitsAES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714) KDF SP800- 108 (Cert. A2713) CKG (Vendor Affirmed)N/ADerived with Approved KDF SP800- 108Temporarily stored in RAM in plaintext (does not persist beyond a power cycle); object identifier to entity associationSession MAC key used to verify inbound secure channel data integrityN/APower-off (temporarily stored in RAM)
SD-RMAC CSP128 bitsAES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714) KDF SP800- 108 (Cert. A2713) CKG (Vendor Affirmed)N/ADerived with Approved KDF SP800- 108Temporarily stored in RAM in plaintext (does not persist beyond a power cycle); object identifier to entity associationSession MAC key used to verify outbound secure channel data integrityN/APower-off (temporarily stored in RAM)
APP- TRANSPORT- CIPHER CSP256 bitsAES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714)N/AN/AStored in NVM encrypted with Approved AES CBC with OS- MKEK; key version to entity associationUsed to encrypt either exported or imported Secure Objects or dataEntered during manufactu ring/perso nalization Output: N/ADestroyed because of OS-MKEK zeroisation
APP- TRANSPORT- MAC CSP128 bitsAES CMAC (Cert. A2713)N/AN/AStored in NVM encrypted with Approved AES CBC with OS- MKEK; key version to entity associationUsed to authenticate either exported or imported Secure ObjectsEntered during manufactu ring/perso nalization Output: N/ADestroyed because of OS-MKEK zeroisation
APP-KAS- SSC-EC-PRIV- KEY CSP128 bitsKAS-ECC-SSC P-256 (Cert. A2713) KDA (Cert. A2713)N/AN/AStored in NVM encrypted with Approved AES CBC with OS- MKEK; key version to entity associationKAS Shared Secret computation private keyEntered during manufactu ring/perso nalization Output: N/ADestroyed because of OS-MKEK zeroisation
APP-KAS- IOT-SS CSP128 bitsKAS-ECC-SSC P-256 (Cert. A2713) KDA (Cert. A2714)N/AEstablished with the SP800- 56Arev3 KAS-ECCTemporarily stored in RAM in plaintext (does not persist beyond a power cycle); object identifier to entity associationKAS-ECC Shared SecretN/APower-off (temporarily stored in RAM)
APP-AES- KEY-AUTH CSP128 bitsAES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714) or ECDSA (Cert. A2713)N/AApproved KTSStored in NVM encrypted with Approved AES CBC with OS- MKEK; key version to entity associationUsed in AESKey session or ECKey session authentication methodsEntered during manufactu ring/perso nalization Output: via Approved KTSDestroyed because of OS-MKEK zeroisation
APP-SENC CSP128 bitsAES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714) or ECDSA (Cert. A2713) KDF SP800- 108 (Cert. A2713) CKG (Vendor Affirmed)N/ADerived with Approved KDF SP800- 108Temporarily stored in RAM in plaintext (does not persist beyond a power cycle); object identifier to entity associationAES Key or EC Key session encryption key used to encrypt / decrypt secure channel dataN/APower-off (temporarily stored in RAM)
APP-SMAC CSP128 bitsAES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714) or ECDSA (Cert. A2713) KDF SP800- 108 (Cert. A2713) CKG (Vendor Affirmed)N/ADerived with Approved KDF SP800- 108Temporarily stored in RAM in plaintext (does not persist beyond a power cycle); object identifier to entity associationAES Key or EC Key session MAC key used to verify inbound secure channel data integrityN/APower-off (temporarily stored in RAM)
APP-RMAC CSP128 bitsAES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714) or ECDSA (Cert. A2713) KDF SP800- 108 (Cert. A2713) CKG (Vendor Affirmed)N/ADerived with Approved KDF SP800- 108Temporarily stored in RAM in plaintext (does not persist beyond a power cycle); object identifier to entity associationAES Key or EC Key session MAC key used to generate response secure channel data MACN/APower-off (temporarily stored in RAM)
APP-USERID- FILE CSPN/AN/AN/AApproved KTSStored in NVM encrypted with Approved AES CBC with OS- MKEK; key version to entity association4-byte up to 16-byte UserID authentication dataEntered during manufactu ring/perso nalization Output: via Approved KTSDestroyed because of OS-MKEK zeroisation
APP-EC- PRIV-KEY CSP112, 128, 192, 256 bitsECDSA Key Generation P-224, P- 256, P-384, P-521 (Cert. A2713) CKG (Vendor Affirmed)The Approved key pair generation method is compliant with FIPS 186-4, Sections B.43.23 (RSA) or B.4.2 (ECDSA), Key Pair Generatio n by Testing Candidates ; Generated on the module using Approved DRBG, AES-256 CTR_DRBGN/AStored in NVM encrypted with Approved AES CBC with OS- MKEK; key version to entity associationElliptic curve key that allows to perform EC cryptographic operationsEntered: N/A Output: via Approved KTSDestroyed because of OS-MKEK zeroisation
APP-RSA- PRIV-KEY CSP112, 128, 152 bitsRSA Key Generation 2048, 3072, 4096 bits (Cert. A2713) CKG (Vendor Affirmed)The Approved key pair generation method is compliant with FIPS 186-4, Sections B.43.23 (RSA) or B.4.2 (ECDSA), Key Pair Generatio n by Testing Candidates ; Generated on the module using Approved DRBG, AES-256 CTR_DRBGN/AStored in NVM encrypted with Approved AES CBC with OS- MKEK; key version to entity associationRSA key that allows to perform RSA cryptographic operationsEntered: N/A Output: via Approved KTSDestroyed because of OS-MKEK zeroisation
APP-AES-KEY CSP128, 192, 256 bitsAES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714)N/AApproved KTSStored in NVM encrypted with Approved AES CBC with OS- MKEK; key version to entity associationUsed to perform AES cipher mode operationsEntered during manufactu ring/perso nalization Output: via Approved KTSDestroyed because of OS-MKEK zeroisation.
APP-HMAC- KEY CSP128 and 256 bitsHMAC SHA-1, SHA2-256, 384, 512 (Cert. A2713)N/AApproved KTSStored in NVM encrypted with Approved AES CBC with OS- MKEK; key version to entity associationUsed to perform KDF or HMAC operationsEntered during manufactu ring/perso nalization Output: via Approved KTSDestroyed because of OS-MKEK zeroisation
APP-ECC-RT- PRIV-KA CSP256 bitsECDSA (Cert. A2713) P-521 SHS (Cert. A2713)N/AN/AStored in NVM encrypted with Approved AES CBC with OS- MKEK; key version to entity associationPrivate static key used in key establishment (KAS-SSC) operationsEntered during manufactu ring/ personaliz ation or Imported in secure channel specified by GP- Amd-I Output: N/ADestroyed because of OS-MKEK zeroisation
APP-KAS- SEMS-SS CSP128 bitsKAS-ECC- SSCP-256 (Cert. #A2713) KDA (Cert. A2715)N/AEstablished with the SP800- 56Arev3 KASTemporarily stored in RAM in plaintext (does not persist beyond a power cycle); object identifier to entity associationKAS Shared Secret CSPN/APower-off (temporarily stored in RAM)
APP-AES- RAM-K0-Key CSP128 bitsAES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714) CKG (Vendor Affirmed)N/AEstablished with the SP- 800-56A Rev3 KAS- SCC followed by SHA256 as One Pass KDFTemporarily stored in RAM (does not persist beyond a power cycle)Used as secret key material in the very first decryption operations as part of Authenticatio n and Secure Messaging service of SEMS Lite appletN/APower-off (temporarily stored in RAM)
APP-AES- RAM-Kn-Key CSP128 bitsAES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714)N/AN/ATemporarily stored in RAM (does not persist beyond a power cycle)Used as secret key material in the subsequent n decryption operations as part of SEMS Lite Authenticatio n and Secure Messaging serviceImported in secure channel specified by GP- Amd-I Output: N/APower-off (temporarily stored in RAM)
DAP-DAPK PSP256 bitsECDSA P-521 (Cert. A2713)N/AN/AStored in NVM encrypted with Approved AES CBC with OS- MKEK; key version to entity associationECC public key used for Mandated DAPEntered during manufactu ring/ personaliz ationN/A – Considered protected by ISO 19790 definition
APP-KAS- SSC-EC-PUB- KEY PSP128 bitsKAS-ECC-SSC P-256 (Cert. A2713)N/AN/AStored in NVM encrypted with Approved AES CBC with OS- MKEK; key version to entity associationKAS Shared Secret computation public keyEntered during manufactu ring/ personaliz ation Output: Approved KTSN/A – Considered protected by ISO 19790 definition
APP-EC-PUB- KEY-CO PSP128 bitsECDSA (Cert. A2713) P-256 SHS (Cert. A2713)N/AN/AStored in NVM encrypted with Approved AES CBC with OS- MKEK; key version to entity associationECDSA public key used to authenticate the COEntered during manufactu ring/ personaliz ation Output: Approved KTSN/A – Considered protected by ISO 19790 definition
APP-EC-PUB- KEY-USER PSP128 bitsECDSA (Cert. A2713) P-256 SHS (Cert. A2713)N/AN/AStored in NVM encrypted with Approved AES CBC with OS- MKEK; key version to entity associationECDSA public key used to authenticate as userEntered during manufactu ring/ personaliz ation Output: Approved KTSN/A – Considered protected by ISO 19790 definition
APP-EC-PUB- KEY PSP128 bitsECDSA (Cert. A2713) P-256 CKG (Vendor Affirmed)The Approved key pair generation method is compliant with FIPS 186-4, Sections B.43.23 (RSA) or B.4.2 (ECDSA), Key Pair Generatio n by Testing Candidates ; Generated on the module using Approved DRBG, AES-256 CTR_DRBGN/AStored in NVM encrypted with Approved AES CBC with OS- MKEK; key version to entity associationUsed to execute EC cryptographic operationsEntered: N/A Output: Approved KTSN/A – Considered protected by ISO 19790 definition
APP-RSA- PUB-KEY PSP112, 128, 152 bitsRSA (Cert. A2713)2048, 3072, 4096 bits CKG (Vendor Affirmed)The Approved key pair generation method is compliant with FIPS 186-4, Sections B.43.23 (RSA) or B.4.2 (ECDSA), Key Pair Generatio n by Testing Candidates ; Generated on the module using Approved DRBG, AES-256 CTR_DRBGN/AStored in NVM encrypted with Approved AES CBC with OS- MKEK; key version to entity associationUsed to execute RSA cryptographic operationsEntered: N/A Output: Approved KTSN/A – Considered protected by ISO 19790 definition
APP-ECC- PUB-eKA PSP128 bitsKAS-ECC-SSC P-256 (Cert. A2713)N/AN/AStored in NVM encrypted with Approved AES CBC with OS- MKEK; key version to entity associationEphemeral EC public key used in key establishment (KAS) operationEntered: Certificate is entered in plain text Output: N/AN/A – Considered protected by ISO 19790 definition
APP-ECC-RT- PUB-AUT PSP256 bitsECDSA (Cert. A2713) P-521 SHS (Cert. A2713)N/AN/AStored in NVM encrypted with Approved AES CBC with OS- MKEK; key version to entity associationEC public key used in ECDSA verification operationsEntered: Certificate is entered in plain text Output: In plaintextN/A – Considered protected by ISO 19790 definition
APP-ECC- PUB-AUT PSP256 bitsECDSA (Cert. A2713) P-521 SHS (Cert. A2713)N/AN/AStored in NVM encrypted with Approved AES CBC with OS- MKEK; key version to entity associationStatic EC public key used in ECDSA verification operationsEntered: Certificate is entered in plain text Output: N/AN/A – Considered protected by ISO 19790 definition
APP-CERT- AUT PSP256 bitsECDSA (Cert. A2713) P-521 SHS (Cert. A2713)N/AN/AStored in NVM in plaintext; object identifier to entity associationCertificate with EC public key providing authorization and authenticity to SEMS Lite appletEntered: Certificate is entered in plain text Output: N/AN/A – Considered protected by ISO 19790 definition
APP-CERT- KR-AUT PSP256-bitsECDSA (Cert. A2713) P-521 SHS (Cert. A2713)N/AN/AStored in NVM in plaintext; object identifier to entity associationCertificate with 256-bit EC public key providing authorization and authenticity to SEMS Lite applet for SEMS Lite Root Key Update serviceEntered: Certificate is entered in plain text Output: N/AN/A – Considered ‘protected’ by ISO 19790 definition

Sensitive Security Parameter Management Generation Establishment N/A N/A via SP80090Ar1 N/A N/A via SP80090Ar1 N/A N/A OS-DRBGSTATE OS- DRBGKEY

Page 43

FIPS 140-3 Security Policy - DIGIPASS FX Crypto Establishment via SP80090Ar1 N/A N/A via SP80090Ar1 N/A N/A N/A manufacturing/ personalization N/A N/A N/A OS-DRBGOUTPUT OneSpan NV 2023 Version 1.0 Public Material

Page 44

FIPS 140-3 Security Policy - DIGIPASS FX Crypto Generation Establishment N/A personalization (using SDKDEK) N/A N/A N/A ring/personalization (using SDKDEK) OneSpan NV 2023 Public Material

Page 45

FIPS 140-3 Security Policy - DIGIPASS FX Crypto KDF SP800108 Generation Establishment N/A N/A KDF SP800108 N/A N/A OneSpan NV 2023 Public Material

Page 46

FIPS 140-3 Security Policy - DIGIPASS FX Crypto APPTRANSPORTCIPHER KDF SP800108 KDF SP800108 Generation Establishment N/A N/A KDF SP800108 N/A N/A KDF SP800108 N/A N/A N/A OneSpan NV 2023 Public Material

Page 47

FIPS 140-3 Security Policy - DIGIPASS FX Crypto APPTRANSPORTMAC Generation Establishment N/A N/A N/A APP-KASSSC-EC-PRIVKEY N/A N/A N/A N/A N/A SP80056Arev3 OneSpan NV 2023 Public Material

Page 48

FIPS 140-3 Security Policy - DIGIPASS FX Crypto KDF SP800108 Generation Establishment N/A N/A N/A KDF SP800108 OneSpan NV 2023 Public Material

Page 49

FIPS 140-3 Security Policy - DIGIPASS FX Crypto KDF SP800108 KDF SP800108 Generation Establishment N/A N/A KDF SP800108 N/A N/A KDF SP800108 OneSpan NV 2023 Version 1.0 Zeroisation Public Material

Page 50

FIPS 140-3 Security Policy - DIGIPASS FX Crypto APP-USERIDFILE Establishment N/A N/A N/A P-224, P256, B.4.2 ; N/A N/A OneSpan NV 2023 Public Material

Page 51

FIPS 140-3 Security Policy - DIGIPASS FX Crypto Establishment B.4.2 ; N/A N/A N/A OneSpan NV 2023 Public Material

Page 52

FIPS 140-3 Security Policy - DIGIPASS FX Crypto APP-HMACKEY Generation N/A N/A by GPAmd-I N/A N/A N/A N/A SP80056Arev3 KAS OneSpan NV 2023 Public Material

Page 53

FIPS 140-3 Security Policy - DIGIPASS FX Crypto Generation Establishment Zeroisation N/A N/A Rev3 KASSCC N/A by GPAmd-I N/A N/A N/A N/A

Page 54

FIPS 140-3 Security Policy - DIGIPASS FX Crypto APP-KASSSC-EC-PUBKEY Generation Establishment N/A N/A N/A N/A N/A N/A OneSpan NV 2023 Zeroisation N/A

Page 55

FIPS 140-3 Security Policy - DIGIPASS FX Crypto Establishment B.4.2 ; N/A N/A OneSpan NV 2023 Zeroisation N/A

Page 56

FIPS 140-3 Security Policy - DIGIPASS FX Crypto B.4.2 ; N/A N/A N/A N/A N/A OneSpan NV 2023 Zeroisation N/A

Page 57

FIPS 140-3 Security Policy - DIGIPASS FX Crypto Generation Establishment N/A N/A N/A N/A N/A APP-CERTAUT N/A N/A N/A N/A N/A N/A Zeroisation N/A

Page 58
Entropy sourcesMinimum Number of bits of entropyDetails
NIST SP800-90B ENT (P) – Used as entropy input to the Approved DRBG256-bits of overall entropy for AES- 256 CTR_DRBG; 0.912949 per entropy source output bitNoise source based on hardware implementing an iterated Bernouli Shift Map

FIPS 140-3 Security Policy - DIGIPASS FX Crypto The module implements a NIST SP800-90Ar1 Approved CTR_DRBG. The unmodified outputs of the DRBG are used for Cryptographic Key Generation (CKG) of Symmetric Keys and seeds for Asymmetric Key Generation as noted in Table 3 in this document per Section 4 in NIST SP800-133r2. Table 13

Page 59

FIPS 140-3 Security Policy - DIGIPASS FX Crypto Self-Tests On power-on or on demand, the module performs self-tests described below. The pre-operational self-test must be completed successfully prior to any other use of cryptography by the module. The Cryptographic Algorithm Self-Tests are either performed at boot or prior to first use. The conditional self-tests are performed when the corresponding conditions occur. If one of the self-tests fails, the system is halted and will start again after a reset. ROM endurance has been proven to be more than 10 years after manufactured date. Therefore, no pre-operational ROM integrity self-test has been implemented. The module’s end-of-life procedures must be applied prior to the degradation of the ROM by setting the module to the TERMINATE state, The Flash Firmware Integrity check is performed on every reset or on demand. Pre-operational Self-Tests

Page 60

FIPS 140-3 Security Policy - DIGIPASS FX Crypto NIST SP800-90B ENT (P) Repetition Count Test (RCT) performed on raw data NIST SP800-90B ENT (P) Developer Defined Heath Test Transition Count Test performed on the raw data

Page 61

FIPS 140-3 Security Policy - DIGIPASS FX Crypto Life-Cycle Assurance All configuration management items are managed using an automated configuration management system. The module is designed to allow the testing of all provided security-related services. All firmware is implemented using a high-level language and is designed in a manner that avoids the use of code, parameters, or symbols not necessary for the module’s functionality and execution. While the module can be delivered with the Approved mode enabled by default, customers also have the option to receive a module which is in the unconfigured state, i.e., non-Approved mode. To comply with and maintain the FIPS 140-3 validation, it would be the CO’s responsibility to enable the Approved mode of operation as follows (this information can also be found in the JCOP 4.5 User guidance and administrator manual document):

  1. Install SEMS Lite applet to run in Approved mode of operation.
  2. Install the IoT applet and configure the applet to run in Approved mode of operation.
  3. Configure the Operation System to run in Approved mode of operation. In each of these steps, it is in the CO’s responsibility to apply proper security conditions and to ensure that once the device is put into Approved mode of operation, it will not be set into non-Approved mode of operation ever again. The operator can verify that the module is operating in the Approved mode by following instructions specified in Section 2 in this document. There are no specific maintenance requirements for this module. OneSpan NV 2025 Version 1.0 Public Material – May be reproduced only in its original entirety (without revision).
Page 62

FIPS 140-3 Security Policy - DIGIPASS FX Crypto Mitigation of Other Attacks The module is protected against the following non-invasive attacks: SPA, DPA, Timing Analysis and Fault Induction using a combination of firmware and hardware countermeasures. Protection features include detection of out-ofrange supply voltages, frequencies or temperatures, fault induction mitigations like light sensors, voltage glitch sensors and an active shield, and detection of illegal address or instruction. All cryptographic computations and sensitive operations such as critical data comparison provided by the module are designed to be resistant to timing and power analysis. Sensitive operations are performed in constant time, regardless of the execution context (parameters, keys, etc.), owing to a combination of hardware and firmware features. In addition to the non-invasive attacks, the module also uses standard passivation techniques and is protected by active shielding (a grid of top metal layer wires with tamper response) which qualifies for classification under mitigation of other attacks. OneSpan NV 2025 Version 1.0 Public Material

Page 63

FIPS 140-3 Security Policy - DIGIPASS FX Crypto END OF DOCUMENT OneSpan NV 2025 Version 1.0 Public Material

Referenced URLs