| Standard | FIPS 140-3 |
|---|---|
| Overall level | 3 |
| Module type | Hardware |
| Embodiment | Single Chip |
| Status | Active |
| Sunset date | 3/10/2029 |
| Caveat | When installed, initialized and configured as specified in Section 11 of the Security Policy. |
| Vendor | OneSpan NV |
| Hardware versions | N7122 A1 |
| Algorithm | ACVP Cert |
|---|---|
| AES-CBC | A2713 |
| AES-CCM | A2713 |
| AES-CMAC | A2713 |
| AES-CTR | A2713 |
| AES-ECB | A2713 |
| AES-GCM | A2714 |
| AES-GMAC | A2714 |
| AES-KW | A2714 |
| Counter DRBG | A2713 |
| ECDSA KeyGen (FIPS186-4) | A2713 |
| ECDSA SigGen (FIPS186-4) | A2713 |
| ECDSA SigVer (FIPS186-4) | A2713 |
| HMAC-SHA-1 | A2713 |
| HMAC-SHA2-256 | A2713 |
| HMAC-SHA2-384 | A2713 |
| HMAC-SHA2-512 | A2713 |
| KAS-ECC-SSC Sp800-56Ar3 | A2713 |
| KDA HKDF Sp800-56Cr1 | A2713 |
| KDA OneStep Sp800-56Cr1 | A2714 |
| KDA OneStep Sp800-56Cr1 | A2715 |
| KDF SP800-108 | A2713 |
| KDF SP800-108 | A2713 |
| KDF TLS | A2714 |
| PBKDF | A2714 |
| RSA Decryption Primitive | A2713 |
| RSA KeyGen (FIPS186-4) | A2713 |
| RSA SigGen (FIPS186-4) | A2713 |
| RSA Signature Primitive | A2713 |
| RSA SigVer (FIPS186-4) | A2713 |
| SHA-1 | A2713 |
| SHA2-224 | A2713 |
| SHA2-256 | A2713 |
| SHA2-384 | A2713 |
| SHA2-512 | A2713 |
| Requirement area | Level |
|---|---|
| Cryptographic Module Specification | 3 |
| Cryptographic Module Interfaces | 3 |
| Roles, Services, and Authentication | 3 |
| Software/Firmware Security | 3 |
| Operational Environment | N/A |
| Physical Security | 4 |
| Non-Invasive Security | 3 |
| Sensitive Security Parameter Management | 3 |
| Self-Tests | 3 |
| Life-Cycle Assurance | 3 |
| Mitigation of Other Attacks | 3 |
flowchart LR
%% Deterministic review-risk graph for DIGIPASS FX Crypto Module
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C1["[high] Firmware / bootloader<br/>versions disclosed<br/>(identity, not provenance)<br/><i>[Platform ID J3R6000373181200 and ROMID…</i>"]
C2["[high] Firmware update / recovery<br/>/ rollback services<br/><i>Secure Channel<br/>SEMS Lite Authentication<br/>SEMS Lite Root Key Update</i>"]
C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Lifecycle (Show status and Perform zeroisation)<br/>Info (Show status and Perform self- tests)<br/>Card Reset</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>HTTPS<br/>no library/version identified</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>application</i>"]
end
subgraph Inference["Derived inference"]
I1["Component identity is<br/>disclosed, but provenance<br/>and patch lineage are not."]
I2["Trusted code is reachable<br/>through update and<br/>recovery paths."]
I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R1["Do the vendor version<br/>strings obscure the<br/>upstream baseline, fork<br/>lineage, or known-CVE<br/>exposure?"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E1["SBOM / component baselines<br/>· patch and backport<br/>manifest · CVE disposition"]
E2["update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C1 --> I1 --> R1 --> E1
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C1,C2,C3,C5,C6 clue;
class I1,I2,I3,I5,I6 infer;
class R1,R2,R3,R5,R6 risk;
class E1,E2,E3,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for DIGIPASS FX Crypto Module
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C1["[high] Firmware / bootloader versions disclosed (identity, not provenance)<br/><i>[Platform ID J3R6000373181200 and ROMID…</i><br/>src: certificate.firmwareVersions"]
C2["[high] Firmware update / recovery / rollback services<br/><i>Secure Channel<br/>SEMS Lite Authentication<br/>SEMS Lite Root Key Update</i><br/>src: securityPolicy.services"]
C3["[high] Unauthenticated / self-test / status service surface<br/><i>Lifecycle (Show status and Perform zeroisation)<br/>Info (Show status and Perform self- tests)<br/>Card Reset</i><br/>src: securityPolicy.services"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>HTTPS<br/>no library/version identified</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>application</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C1,C2,C3 clueHigh;
class C5,C6 clueLow;DIGIPASS FX Crypto Module Document Version: 1.0 Date: 24 April 2025 OneSpan NV 2025 Version 1.0 Public Material
Contents List of Figures List of Tables OneSpan NV 2025 Version 1.0 Public Material
General Introduction Federal Information Processing Standards Publication 140-3
| Name | ISO Section | Requirement | Level |
|---|---|---|---|
| 1 | 1 | General | 3 |
| 2 | 2 | Cryptographic Module Specification | 3 |
| 3 | 3 | Cryptographic Module Interfaces | 3 |
| 4 | 4 | Roles, Services, and Authentication | 3 |
| 5 | 5 | Software/Firmware Security | 3 |
| 6 | 6 | Operational Environment | N/A |
| 7 | 7 | Physical Security | 4 |
| 8 | 8 | Non-Invasive Security | 3 |
| 9 | 9 | Sensitive Security Parameter Management | 3 |
| 10 | 10 | Self-Tests | 3 |
| 11 | 11 | Life-Cycle Assurance | 3 |
| 12 | 12 | Mitigation of Other Attacks | 3 |
The following table lists the level of validation for each area in FIPS 140-3: [Number Below] N/A Table 1
| Name | Hardware Platform | Hardware Version | Features | ROM ID | Patch ID | Applets | |
|---|---|---|---|---|---|---|---|
| DIGIPASS FX Crypto Module | J3R6000373181200 | N7122 A1 | The GlobalPlatform operational environment is identified with the Platform ID, the ROM ID, the Patch ID, and other information, describing the content in ROM, NVM and loaded patches; The Platform ID is a data string that allows the identification of the P71D600 Card | DIGIPASS FX Crypto Module | B3375FE9B5508BC4 | 00000000 00000000 | NXP IoT applet v7.2.22 and NXP SEMS Lite applet v2.0.2.11 |
Cryptographic Module Specification The Digipass FX Crypto module validated to FIPS 140-3 overall Level 3, is a single chip module implementing the GlobalPlatform operational environment (Card Manager (ISD/SSD)) and the following applications to perform cryptographic calculations: The module is designed for use in smart cards, IoT and automotive applications. Table 2
The module is validated at an Overall Security Level 3 with Physical Security at Level 4 and all other areas at Level 3. The Operational Environment requirements do not apply to the module given that it meets Physical Security Level 4 requirements. Cryptographic Boundary The module is designed to be used as a part of a larger system. It works as an auxiliary security device attached to a host controller. The physical form of the module is depicted in Figures 1 and 2 (to scale); the outline depicts the cryptographic boundary, representing the surface of the chip and the bond pads. The red outline in Figure 3 also depicts the cryptographic boundary. In production use, the module is delivered to either vendors or end user customers either on film frame carrier (FFC) or various packages such as PDM1.1, NXD6.2, MOB6/10 or HVQFN20 package. The package is outside the cryptographic boundary and thus excluded from the FIPS 140-3/ISO/IEC 19790 security testing. The contactless ports of the module require connection to an antenna. The module relies on [ISO 7816] and [ISO 14443] card readers as input/output devices, or a [NXP I2C] connection to a host controller. No components have been excluded from within the cryptographic boundary. Approved Mode of Operation The module only supports an Approved mode of operation. The NXP SEMS Lite applet can support the NIST P256 curve or the vendor Approved and NIST allowed Brainpool256r1 elliptic curve to perform the ECDSA or KASECC operations. In the Approved mode of operation, the NXP SEMS Lite applet supports the Brainpool256r1 elliptic curve by default. The CO role may use SEMS Lite Module Management service to load NIST P-256 curve parameters. The P71D600 GlobalPlatform operational environment component can be identified by using the IDENTIFY APDU command (Info service). This command returns the card identification data, which includes a Platform ID, a Patch ID and other information that allows the identification of the content in ROM, NVM and loaded patches. The Platform ID is a data string that allows the identification of the P71D600 Card Manager component. The IDENTIFY APDU command is formatted as follows: CLA INS P1 P2 Lc Data Le Code ‘80’ ‘CA’ ‘00’ ‘FE’ ‘02’ ‘DF28’ ‘00’ Value Parameter settings GlobalPlatform GET DATA (IDENTIFY) - ISD High order tag value Low order tag value - proprietary data Length of data field Module identification data Length of response data OneSpan NV 2025 Version 1.0 Public Material
The command answers the content of the DF28 file: • • • Tag 02 identifies the Patch ID (see Table
| Name | CAVP Cert | Mode Method | Key Size | Use Function | Use/Function |
|---|---|---|---|---|---|
| AES-CBC | A2713 | AES-CBC | AES-128, AES-192, AES-256 with 128, 192, 256- bit key strength | Data Encryption/ Decryption | |
| AES-CCM | A2713 | AES-CCM | AES-128, AES-192, AES-256 with 128, 192, 256-bit key strength | Authentication Encryption with AES CTR mode and CBC-MAC | |
| AES-CMAC | A2713 | AES-CMAC | AES-128, AES-192, AES-256 with 128, 192, 256-bit key Strength | Message Authentication; generation and verification SP800-108 KDF | |
| AES-CTR | A2713 | AES-CTR | AES-128, AES-192, AES-256 with 128, 192, 256-bit key Strength | Data Encryption/ Decryption | |
| AES-ECB | A2713 | AES-ECB | AES-128, AES-192, AES-256 with 128, 192, 256-bit key strength | Data Encryption/ Decryption | |
| Counter DRBG | A2713 | Counter DRBG | AES-256 with 256-bit security strength | Deterministic Random Bit Generation AES-256: RSA and ECDSA key generation | |
| ECDSA KeyGen (FIPS186-4) | A2713 | ECDSA KeyGen (FIPS186-4) | P-224, P-256, P-384, P-521 with 112, 128, 192 and 256-bit key strength | ECC Key Generation | |
| ECDSA SigGen (FIPS186-4) | A2713 | ECDSA SigGen (FIPS186-4) | P-224: (SHA2-224, SHA2-256, SHA2-384, SHA2-512), P-256: (SHA2-256, SHA2- 384, SHA2-512), P- 384: (SHA2-384, SHA2-512), P-521: (SHA2-512) with 112, 128, 192 and 256-bit key strength | Digital Signature Generation | |
| ECDSA SigVer (FIPS186-4) | A2713 | ECDSA SigVer (FIPS186-4) | P-224: (SHA2-224, SHA2-256, SHA2-384, SHA2-512), P-256: (SHA2-256, SHA2- 384, SHA2-512), P- 384: (SHA2-384, SHA2-512), P-521: (SHA2-512) with 112, 128, 192 and 256-bit key strength | Digital Signature Verification | |
| HMAC-SHA-1 | A2713 | HMAC-SHA-1 | HMAC-SHA-1 with 128-bit key strength | Message Authentication | |
| HMAC-SHA2-256 | A2713 | HMAC-SHA2- 256 | HMAC-SHA-256 with 256-bit key strength | Message Authentication | |
| HMAC-SHA2-384 | A2713 | HMAC-SHA2- 384 | HMAC-SHA-384 with 256-bit key strength | Message Authentication | |
| HMAC-SHA2-512 | A2713 | HMAC-SHA2- 512 | HMAC-SHA-512 with 256-bit key strength | Message Authentication | |
| KAS-ECC-SSC Sp800-56Ar3 | A2713 | OnePass EC Diffie-Hellman FIPS 140-3 IG D.F Scenario 2 Path 2 | P-256 with 128-bit key strength | ECKey session shared secret computation; SEMS Lite shared secret computation (with Brainpool256r1 curves); The module obtains assurances per Section 5.6.2 in NIST SP800-56Ar3 self-tests | |
| KDA HKDF Sp800-56Cr1 | A2713 | Two-step key derivation function | HMAC-SHA1, HMAC- SHA2-256, HMAC- SHA2-384, HMAC- SHA2-512 with 128 and 256-bit key strength | HKDF Operations – extract-then-expand | |
| KDF SP800-108 | A2713 | Counter | AES-128, AES-192, AES-256 with 128, 192 and 256-bit key strength | Deriving keys from existing keys | |
| KDF SP800-108 | A2713 | Feedback | HMAC-SHA1, HMAC- SHA2-256, HMAC- SHA2-384, HMAC- SHA2-512 with 128 and 256-bit key strength | HKDF Operations - expand only | |
| RSA Decryption Primitive | A2713 | RSA Decryption Primitive | n=2048 with 112-bit decryption strength | Decryption Primitive (standard and CRT) | |
| RSA KeyGen (FIPS186-4) | A2713 | RSA KeyGen (FIPS186-4) | n=2048, 3072, 4096 with 112 and 128-bit key strength | Key Generation (standard and CRT) | |
| RSA SigGen (FIPS186-4) | A2713 | RSA SigGen (FIPS186-4) | n=2048, 3072, 4096 with PKCS v1.5 and PKCSPSS and SHA2- (224, 256, 384, 512) with 112, 128 and 152 bit key strength | Signature Generation | |
| RSA SigVer (FIPS186-4) | A2713 | RSA SigVer (FIPS186-4) | n=2048, 3072, 4096 with PKCS v1.5 and PKCSPSS and SHA-1 , SHA2-(224, 256, 384, 512) with 112, 128 and 152 bit key strength | Signature Verification | |
| RSA Signature Primitive | A2713 | RSA Signature Primitive | n=2048 with 112-bit security strength | Signature Primitive (standard and CRT) | |
| SHA-1 | A2713 | SHA-1 | SHA-1 with 128-bit security strength | Message Digest Generation, SEMS Lite command integrity | |
| SHA2-224 | A2713 | SHA2-224 | SHA2-224 with 112- bit or 192-bit security strength | Message Digest Generation, SEMS Lite command integrity | |
| SHA2-256 | A2713 | SHA2-256 | SHA2-256 with 128 or 256-bit security strength | Message Digest Generation, SEMS Lite command integrity | |
| SHA2-384 | A2713 | SHA2-384 | SHA2-384 with 192 or 256-bit security strength | Message Digest Generation, SEMS Lite command integrity | |
| SHA2-512 | A2713 | SHA2-512 | SHA2-512 with 256- bit security strength | Message Digest Generation, SEMS Lite command integrity | |
| AES-GCM | A2714 | AES-GCM | AES-128, AES-192, AES-256 with 128, 192, 256-bit key strength | Authentication Encryption with Associated Data MAC calculation, MAC verification | |
| AES-GMAC | A2714 | AES-GMAC | AES-128, AES-192, AES-256 with 128, 192, 256-bit key strength | Authentication Encryption with Associated Data MAC calculation, MAC verification | |
| AES-KW | A2714 | AES-KW | AES-128, AES-192, AES-256 with 128, 192, 256-bit key strength | Key Wrapping (Decryption) | |
| KDA OneStep Sp800-56Cr1 | A2714 | KDA OneStep Sp800-56Cr1 option 1 | SHA-256 with 256-bit key strength | EcKey Session Key Derivation | |
| KDF TLS | A2714 | TLS version 1.2 Key Derivation SP800-135r1 | HMAC-SHA2-256, HMAC-SHA2-384, HMAC-SHA2-512 with 256-bit key strength | Key Derivation Function used in TLS 1.2 | |
| PBKDF | A2714 | PBKDF2 Option 1a acc. [SP800- 132r2] | HMAC-SHA-1 with 128-bit key strength | Password-based Key Derivation; This algorithm is provided as a service for module hosting the Module | |
| KDA OneStep Sp800-56Cr1 | A2715 | KDA OneStep Sp800-56Cr1 option 1 | SHA-256 with 256-bit key strength | SEMS Lite shared master key derivation | |
| CKG SP800-133r2 | Vendor Affirmed | Section 4: Symmetric keys and seeds used for generating the asymmetric keys are generated using methods described in Section 4 of SP800- 133r2 Section 5.1: Key Pairs for Digital Signature Schemes Section 6.2.1: Symmetric Keys Generated Using Key-Agreement Schemes Section 6.2.2: Symmetric Keys Derived from a Pre-existing Key Section 6.4: Distributing the Generated Symmetric Key | Key Generation is based on unmodified output of the DRBG cert. #A2713 | ||
| KAS-1 | KAS-ECC-SSC Sp800- 56Ar3/A2713 KDA HKDF Sp800- 56Cr1/A2713 | SP 800-56Arev3 KAS-ECC per IG D.F Scenario 2 path (2) | P-256 curve providing 128 bits of encryption strength | KAS (KAS-ECC-SSC Sp 800-56Ar3 with KDA (HKDF)) | |
| KAS-2 | KAS-ECC-SSC Sp800- 56Ar3/A2713 KDA OneStep Sp800- 56Cr1/A2714 | SP 800-56Arev3 KAS-ECC per IG D.F Scenario 2 path (2) | P-256 curve providing 128 bits of encryption strength | KAS (KAS-ECC-SSC Sp 800-56Ar3 with KDA (OneStep KDF)) | |
| KAS-3 | KAS-ECC-SSC Sp800- 56Ar3/A2713 KDA OneStep Sp800- 56Cr1/A2715 | SP 800- 56Arev3. KAS- ECC per IG D.F Scenario 2 path (2) | P-256 curve providing 128 bits of encryption strength | KAS (KAS-ECC-SSC Sp 800-56Ar3 with KDA (OneStep KDF)) | |
| KTS-1 | AES- CBC/A2713 AES- CMAC/A2713 | AES CBC / AES CMAC | AES-128, AES-192, AES-256 with 128, 192, 256-bit key strength | SP 800-38D and SP 800-38F KTS (key wrapping) per IG D.G | |
| KTS-2 | AES- KW/#A2714 | KW | AES-128, AES-192, AES-256 with 128, 192, 256-bit key strength | SP 800-38F KTS (key wrapping) per IG D.G | |
| AES | Cert. #A2713, key unwrapping; key establishment methodology provides between 128 and 256 bits of encryption strength Per IG D.G | Symmetric key unwrapping (according to RFC3394) | |||
| AES | Cert. #A2713, key unwrapping; key establishment methodology provides 128 bits of encryption strength Per IG D.G | Symmetric key unwrapping (according to GlobalPlatform Amendment-I) | |||
| ECDSA with non- NIST recommended curves | Provides between 112 and 256 bits of encryption strength Per IG C.A | Signature Generation/Verification using non-NIST curves [Brainpool224r1, Brainpool256r1, Brainpool320r, Brainpool384r1, Brainpool512r1, Secp224k1, Secp256k1 with strengths ]112, 128, 192 and 256 bits] | |||
| EC Diffie-Hellman with non-NIST recommended curves | Provides between 112 and 256 bits of encryption strength Per IGs D.F and C.A | Shared secret computation using non-NIST curves [Brainpool224r1, Brainpool256r1, Brainpool320r, Brainpool384r1, Brainpool512r1, Secp224k1, Secp256k1 with strengths ]112, 128, 192 and 256 bits] |
The operator can verify that NXP SEMS Lite applet v2.0.2.11 is an Approved mode of operation by sending the three (3) following commands to the module:
OneSpan NV 2025 Version 1.0 Public Material
HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2512 OneSpan NV 2025 Version 1.0 Public Material
OneSpan NV 2025 Version 1.0 Public Material
Sp80056Ar3/A2713 Sp80056Cr1/A2714 Sp80056Ar3/A2713 Sp80056Cr1/A2715 (2) Sp80056Ar3/A2713 Sp80056Cr1/A2713 OneSpan NV 2025 Public Material
| Name | CAVP Cert | Mode Method | Key Size | Use Function | Use/Function |
|---|---|---|---|---|---|
| KTS-1 | AES- CBC/A2713 AES- CMAC/A2713 | AES CBC / AES CMAC | AES-128, AES-192, AES-256 with 128, 192, 256-bit key strength | SP 800-38D and SP 800-38F KTS (key wrapping) per IG D.G | |
| KTS-2 | AES- KW/#A2714 | KW | AES-128, AES-192, AES-256 with 128, 192, 256-bit key strength | SP 800-38F KTS (key wrapping) per IG D.G | |
| AES | Cert. #A2713, key unwrapping; key establishment methodology provides between 128 and 256 bits of encryption strength Per IG D.G | Symmetric key unwrapping (according to RFC3394) | |||
| AES | Cert. #A2713, key unwrapping; key establishment methodology provides 128 bits of encryption strength Per IG D.G | Symmetric key unwrapping (according to GlobalPlatform Amendment-I) | |||
| ECDSA with non- NIST recommended curves | Provides between 112 and 256 bits of encryption strength Per IG C.A | Signature Generation/Verification using non-NIST curves [Brainpool224r1, Brainpool256r1, Brainpool320r, Brainpool384r1, Brainpool512r1, Secp224k1, Secp256k1 with strengths ]112, 128, 192 and 256 bits] | |||
| EC Diffie-Hellman with non-NIST recommended curves | Provides between 112 and 256 bits of encryption strength Per IGs D.F and C.A | Shared secret computation using non-NIST curves [Brainpool224r1, Brainpool256r1, Brainpool320r, Brainpool384r1, Brainpool512r1, Secp224k1, Secp256k1 with strengths ]112, 128, 192 and 256 bits] |
AESCBC/A2713 AESCMAC/A2713 AESKW/#A2714 Table 3
Brainpool384r1 [RFC5639] No IFp Brainpool512r1 [RFC5639] No IFp Secp224k1 [SEC2] No IFp Secp256k1 [SEC2] No IFp The module does not support Non-Approved Algorithms Allowed in the Approved Mode of Operation with No Security Claimed and Non-Approved Algorithms Not Allowed in the Approved Mode of Operation. Figure 1
Figure 2
Card Manager (ISD/SSD) NXP SEMS Lite Applet NXP IoT Applet Firmware Platform Global Platform API JavaCard API JCOP OS Hardware Power Mgmt VDD, VSS GND Timers EEPROM Flash Reset Mgmt AES Engine NXP T1I2C (I2C) SDA/SCL (I2C) RSA/ECC Engine ISO 7816 (UART) I/O (Contact) HW RNG ISO 14443 (RF) LA/LB (RF) CPU Sensors RST CRC DES Engine MMU Clock Mgmt CLK RAM ROM Figure 3
Overall Security Design and Rules of Operation PBKDF Operation details
112 bits. The probability that a random attempt will end up with the same output is:
| Name | Physical Port | Logical Interface | Data That Passes |
|---|---|---|---|
| VSS, VDD | VSS, VDD | Power interface | These interfaces are used to supply power to the module in contact mode; The module starts when interface is powered |
| VIN, VOUT | VIN, VOUT | Power interface | These interfaces are used to supply power to the module in contact, contactless and I2C mode in case deep power-down mode is used |
| RST_N | RST_N | Control input interface | If a signal is sent on this interface on contact mode, the module will reboot (active low) |
| CLK | CLK | Control input interface | The interface is used by an external device (ex: smartcard reader) to provide a clock signal to the IC in contact mode; The IC will derive its own clock from this signal |
| IO1 | IO1 | Control input interface, Data input interface, Data output interface, Status output interface | The interface is used to communicate with an external entity (ex: SmartCard reader) in contact mode; It also functions as I2C master SDA in I2C mode |
| IO2 | IO2 | Control input interface, Data input interface, Data output interface, Status output interface | The interface is used to communicate with an external entity (ex: SmartCard reader) in contact mode; It also functions as I2C master SCL in I2C mode or as SPI interface |
| LA, LB | LA, LB | Power interface, Control input interface, Data input interface, Data output interface, Status output interface | The interface is used to communicate with an external entity (ex: smartcard reader) in contactless mode; This interface is also used to set the internal clock and to supply power to the module |
| SDA | SDA | Control input interface, Data input interface, Data output interface, Status output interface | The interface is used to communicate with an external entity such as a host controller |
| SCL | SCL | Control input interface | The interface is used by an external device (ex: host controller) to provide a clock signal to the I2C HW |
Table 5
| Name | Roles | Input | Output | |
|---|---|---|---|---|
| Manage Content | CO | Command parameters (data objects, SSPs) | Status Word (Response APDU 9000) | APDU(s) used: DELETE LOAD INSTALL MANAGE CHANNEL |
| Lifecycle (Show status and Perform zeroisation) | CO | Target status | Status Word (Response APDU 9000) | APDU(s) used: SET STATUS GET STATUS |
| Manage Content | CO | Command parameters (data objects, SSPs) | Status Word (Response APDU 9000) | APDU(s) used: PUT KEY STORE DATA |
| Privileged Info (Show module’s versioning information) | CO | Command parameters (privileged data objects, but no SSPs) | Requested information; Status Word (Response APDU 9000) | APDU(s) used: GET DATA |
| Secure Channel | CO | Command parameters (data objects, SSPs) | Status Word (Response APDU 9000) | APDU(s) used: INITIALIZE UPDATE EXTERNAL AUTHENTICATE |
| IoT Applet Management | CO | Authentication data to open an applet session | Status Word (Response APDU 9000) | APDU(s) used: SetLockState, SetPlatformSCPRequest, DeleteAll, SetAppletFeatures, ImportExternalObject |
| Module Usage (Perform Self- Tests and Show module’s versioning information) | User, CO | Command parameters (e.g. required length for GetRandom, memory type for GetFreeMemory, etc.) | Requested information; Status Word (Response APDU 9000) | APDU(s) used: DisableSecureObjectCreation, SendCardManagerCommand, TriggerSelfTest, I2CM_ExecuteCommandSet, GetVersion, GetTimestamp, GetFreeMemory, GetRandom, ReadState |
| Session Management | User, CO | Session creation C-APDU; authentication data to open the applet session | Status Word (Response APDU 9000) | APDU(s) used: CreateSession, VerifySessionUserID, SCPInitializeUpdate, SCPExternalAuthenticate, ECKeySessionInternalAuthenticate, ECKeySessionGetECKAPublicKey, ExchangeSessionData, ProcessSessionCmd, RefreshSession, CloseSession |
| Secure Object Write Functionality | User, CO | Object identifier; Secure Object characteristics (transient/persistent; Authentication rights or not; etc.); (optionally) Secure Object value; (optionally) Secure Object non-default policy (optionally) Secure Object version | Status Word (Response APDU 9000) | APDU(s) used: WriteECKey/WriteRSAKey, WriteSymmKey, WriteBinary, WriteUserID, WriteCounter, WritePCR, ImportObject |
| Secure Object Read Functionality | User, CO | Object identifier | Secure Object value (if non-secret) (optionally) Secure Object attributes Status Word (Response APDU 9000) | APDU(s) used: ReadObject, ReadAttributes, ExportObject |
| Secure Object Management | User, CO | Object identifier | Secure Object characteristics (type, size, exists, etc.) or listing of Secure Objects Status Word (Response APDU 9000) | APDU(s) used: ReadType, ReadSize, ReadIDList, CheckObjectExists, DeleteSecureObject |
| EC Curve Management (Perform approved security functions) | User, CO | Curve Identifier; (optionally) curve parameters Secure Object identifier (for GetECCurveID) | Status Word (Response APDU 9000) Curve set indicators (for ReadECCurveList) Curve identifier (for GetECCurveID) | APDU(s) used: CreateECCurve, SetECCurveParam, GetECCurveID, ReadECCurveList, DeleteECCurve |
| Crypto Object Management | User, CO | Crypto object identifier; (optionally) Crypto Object characteristics | Status Word (Response APDU 9000) List of Crypto Object identifiers (for ReadCyptoObjectList) | APDU(s) used: CreateCryptoObject, ReadCryptoObjectList, DeleteCryptoObject |
| EC Crypto Operations (Perform approved security functions) | User, CO | Secure Object identifier; Input data (message/signature/exte rnal public key) | Output data (signature, result of verification, shared secret) Status Word (Response APDU 9000) | APDU(s) used: ECDSASign, ECDSAVerify |
| RSA Crypto Operations (Perform approved security functions) | User, CO | Secure Object identifier; Input data (message/signature) | Output data (signature, result of verification, encrypted or decrypted data) Status Word (Response APDU 9000) | APDU(s) used: RSASign, RSAVerify, RSAEncrypt, RSADecrypt |
| Symmetric Cipher Crypto Operations (Perform approved security functions) | User, CO | Secure Object identifier or Crypto Object identifier Input data (message) | Output data (encrypted or decrypted message) Status Word (Response APDU 9000) | APDU(s) used: CipherInit, CipherUpdate, CipherFinal, CipherOneShot |
| Authenticated Encryption Crypto Operations (Perform approved security functions) | User, CO | Secure Object identifier or Crypto Object identifier Input data (message, AAD, tag, etc.) | Output data (encrypted or decrypted message, tag or result of tag verification) Status Word (Response APDU 9000) | APDU(s) used: AEADInit, AEADUpdate, AEADFinal, AEADOneShot |
| MAC Calculation Crypto Operations (Perform approved security functions) | User, CO | Secure Object identifier or Crypto Object identifier Input data (message, MAC (for verification)) | Output data (MAC or result of MAC verification) Status Word (Response APDU 9000) | APDU(s) used: MACInit, MACUpdate, MACFinal, MACOneShot |
| HKDF operations (Perform approved security functions) | User, CO | Secure Object identifier HKDF input parameters (digest type, message, requested length, salt, output object, etc.) | Output data (derived data) if not stored on- chip Status Word (Response APDU 9000) | APDU(s) used: HKDFExtractAndExpand, HKDFExpandOnly |
| PBKDF Operation (Perform approved security functions) | User, CO | Secure Object identifier PBKDF2 input data (salt, iteration count, requested length) | Output data (derived data) Status Word (Response APDU 9000) | APDU(s) used: PBKDF2DeriveKey |
| TLS KDF Functions (Perform approved security functions) | User, CO | Secure Object identifier(s) TLS KDF input data (digest type, label, random, requested length) | Output data Status Word (Response APDU 9000) | APDU(s) used: TLSGenerateRandom, TLSCalculatePremasterSecret, TLSPerformPRF |
| Secure Hash Crypto Operations (Perform approved security functions) | User, CO | Digest mode or Crypto Object identifier Input data (message) | Output data (hashed message) Status Word (Response APDU 9000) | APDU(s) used: DigestInit, DigestUpdate, DigestFinal, DigestOneShot |
| SEMS Lite Authentication | User, CO | Authentication information or SEMS Secure channel | Allow or reject SEMS Lite Manage Content service or SEMS Lite Root Key Update or Error code | APDU(s) used: PROCESS, SCRIPT, COMMAND |
| SEMS Lite Manage Content | User, CO | Content management commands wrapped in SEMS Secure channel | Implicit indication via the successful completion of service | APDU(s) used: SEMS_SELECT, SEMS_APDU, SEMS_BEGIN_PERSO, SEMS_END_PERSO, SEMS_INSTALL_FOR_LOAD, SEMS_LOAD, SEMS_INSTALL_FOR_INSTALL, SEMS_DELETE, SEMS_BINDING_SE, BEGIN_MANAGE_ELF_UPGRADE, END_MANAGE_ELF_UPGRADE |
| SEMS Lite Root Key Update | CO | Key update commands wrapped in SEMS Secure channel | Implicit indication via the successful completion of service | APDU(s) used: SEMS_KEY_ROTATION |
| Card Reset | CO, User, Unauthor ised | Power cycle or reset the module | Status Word (Response APDU 9000) | APDU(s) used: N/A |
| Context | CO, User, Unauthor ised | Command parameters (data objects, SSPs) | Status Word (Response APDU 9000) | APDU(s) used: SELECT. MANAGE CHANNEL |
| Info (Show status and Perform self- tests) | CO, User, Unauthor ised | Command parameters (data objects, SSPs) | Status Word (Response APDU 9000) | APDU(s) used: GET DATA |
| SEMS Lite General (Show module’s versioning information) | CO, User, Unauthor ised | Command parameters (data objects, SSPs) | Status Word (Response APDU 9000) | APDU(s) used: SEMS_SELECT, GET DATA |
The module supports the following roles:
OneSpan NV 2025 Public Material
OneSpan NV 2025 Version 1.0 Public Material
OneSpan NV 2025 Version 1.0 Public Material
N/A Perform selftests) OneSpan NV 2025 Version 1.0 Public Material
| Role | Authentication Method | Authentication Strength |
|---|---|---|
| CO User | SCP03 | 128 bits |
| UserID Session | 32 bits (minimum) | |
| AESKey Session | 128 bits | |
| ECKey Session | 128 bits | |
| SEMS Lite Applet | 128 bits |
Authentication of each operator and their access to roles and services is as described below, independent of logical channel usage (identity-based authentication methods implemented).
The module enforces a maximum of 60 failed Global Platform SCP03 authentication attempts before permanently blocking the card. The probability that a random attempt will succeed over a one-minute interval is (with the assumption here that one attempt is possible per second):
challenges. The Secure Element cryptogram and challenge are sent to the external entity which checks the Secure Element cryptogram and creates its own 64-bit cryptogram with both challenges. A 64-bit message authentication code (MAC) is also computed on the command containing the external entity cryptogram with AES-CMAC and APPSMAC key. The MAC is concatenated to the command, and the command is sent to the Secure Element. The Secure Element checks the message authentication code and compares the received cryptogram to the calculated cryptogram. If all of this succeeds, the two participants are mutually authenticated (the external entity is authenticated to the module in the CO/User role). The probability that a random attempt will succeed using this authentication method is:
SEMS Lite Applet Authentication The SEMS Lite applet is provided by the SEMS Lite Authentication service. The service provides authentication, confidentiality, and integrity of each authenticated service. The SEMS Lite Applet authentication consists of verifying a Brainpool256r1 ECDSA signature computed on a 113-byte data generated off the module and the CO public key APP-ECC-RT-PUB-AUT, see section 5.1.4 of [GP] Amendment-I. The probability that a random attempt will succeed using this authentication method is:
| Name | Description | Roles | Csps Accessed | Approved Functions | Access | Indicator |
|---|---|---|---|---|---|---|
| Manage Content | Load keys and data | CO | OS-SKEK SD-KENC SD-KMAC SD-KDEK DAP-DAPK | N/A | E, W, Z | Status Word (Response APDU 9000) |
| Lifecycle (Show status and Perform zeroisation) | Get or modify the card or applet life cycle status | CO | All | N/A | E, Z | Status Word (Response APDU 9000) |
| Manage Content | Load keys and data | CO | OS-SKEK SD-KENC SD-KMAC SD-KDEK DAP-DAPK | N/A | E, W, Z | Status Word (Response APDU 9000) |
| Privileged Info (Show module’s versioning information) | Read Module data (privileged data objects, but no CSPs) | CO | OS-MKEK SD-KENC SD-KMAC SD-SENC SD-SMAC SD-RMAC | N/A | E | Status Word (Response APDU 9000) |
| Secure Channel | Establish and use a secure communication channel | CO | OS-DRBG-EI OS-DRBG-SEED OS-DRBG-STATE OS-DRBG-KEY OS-DRBG-V OS-DRBG-OUTPUT OS-MKEK SD-KENC SD-KMAC SD-SENC SD-SMAC SD-RMAC | CTR_DRBG (Cert. A2713) CKG (Vendor Affirmed) | E, G, Z | Status Word (Response APDU 9000) |
| IoT Applet Management | This service manages the P71D600 applet | CO | SD-SENC SD-SMAC SD-RMAC APP-ECC-RT-PRIV-KA APP-AES-RAM-K0-KEY APP-AES-RAM-Kn-KEY APP-EC-PUB-KEY-CO APP-EC-PUB-KEY-USER APP-ECC-RT-PUB-AUT APP-ECC-PUB-eKA APP-ECC-PUB-AUT APP-KAS-IOT-SS | AES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714) KDF SP800- 108 (Cert. A2713) ECDSA (Cert. A2713) P-256 SHS (Cert. A2713) KAS-ECC (Cert. A2713) P-256 SHS (Cert. A2713) CKG (Vendor Affirmed) | E, G, W | Status Word (Response APDU 9000) |
| Module Usage (Perform Self-Tests and Show module’s versioning information) | Perform Self-Tests and Show module’s versioning information | CO, User | All | All | E | Status Word (Response APDU 9000) |
| Session Management | This service manages the applet sessions; Users can decide to open a session or not; Opening a session requires to authenticate to the applet using either an UserID, an AES128 key or an EC key depending on the session type | CO, User | OS-DRBG-EI OS-DRBG-STATE OS-DRBG-KEY OS-DRBG-V OS-DRBG-OUTPUT OS-MKEK SD-KENC SD-KMAC SD-SENC SD-SMAC SD-RMAC APP-KAS-SSC-EC-PRIV- KEY APP-KAS-IOT-SS APP-AES-KEY-AUTH APP-SENC APP-SMAC APP-RMAC APP-USERID-FILE APP-EC-PRIV-KEY APP-AES-KEY APP-KAS-SSC-EC-PUB- KEY APP-EC-PUB-KEY-CO APP-EC-PUB-KEY-USER | AES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714) KDF SP800- 108 (Cert. A2713) ECDSA (Cert. A2713) P-256 SHS (Cert. A2713) KAS-ECC (Cert. A2713) P-256 SHS (Cert. A2713) CKG (Vendor Affirmed) | E, G, Z | Status Word (Response APDU 9000) |
| Secure Object Write Functionality | This service manages the generation (either an RSA or EC key pair) or transport (EC keys, RSA keys, symmetric keys, binary files, UserIDs, monotonic counters, PCRs) of Secure Objects. | CO, User | OS-DRBG-EI OS-DRBG-STATE OS-DRBG-KEY OS-DRBG-V OS-DRBG-OUTPUT OS-MKEK SD-SENC SD-SMAC SD-RMAC APP-TRANSPORT- CIPHER APP-TRANSPORT-MAC APP-AES-KEY-AUTH APP-USERID-FILE APP-EC-PRIV-KEY APP-RSA-PRIV-KEY APP-AES-KEY APP-HMAC-KEY APP-EC-PUB-KEY-CO APP-EC-PUB-KEY-USER APP-EC-PUB-KEY APP-RSA-PUB-KEY | CTR_DRBG (A2713) AES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714) KDF SP800- 108 (Cert. A2713) ECDSA (Cert. A2713) P-256 SHS (Cert. A2713) KAS-ECC (Cert. A2713) P-256 RSA (Cert. A2713)2048, 3072, 4096 bits SHS (Cert. A2713) CKG (Vendor Affirmed) | E, G, R, W, Z | Status Word (Response APDU 9000) |
| Secure Object Read Functionality | This service manages the reading of Secure Objects or its attributes; Asymmetric private keys or symmetric keys can never be read in plaintext | CO, User | OS-MKEK SD-SENC SD-SMAC SD-RMAC APP-TRANSPORT- CIPHER APP-TRANSPORT-MAC APP-EC-PRIV-KEY APP-RSA-PRIV-KEY APP-AES-KEY APP-HMAC-KEY APP-KAS-SSC-EC-PUB- KEY APP-EC-PUB-KEY-CO APP-EC-PUB-KEY-USER APP-EC-PUB-KEY APP-RSA-PUB-KEY | N/A | E, R | Status Word (Response APDU 9000) |
| Secure Object Management | This service manages the reading of Secure Object attributes | CO, User | OS-MKEK SD-SENC SD-SMAC SD-RMAC APP-AES-KEY-AUTH APP-USER-ID-FILE APP-RSA-PRIV-KEY APP-AES-KEY APP-HMAC-KEY APP-EC-PUB-KEY-USER APP-EC-PUB-KEY APP-RSA-PUB-KEY | AES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714) HMAC (Cert. A2713) ECDSA (Cert. A2713) P-256 SHS (Cert. A2713) RSA (Cert. A2713)2048, 3072, 4096 bits SHS (Cert. A2713) CKG (Vendor Affirmed) | E, Z | Status Word (Response APDU 9000) |
| EC Curve Management (Perform approved security functions) | This service manages the EC curves that can be used during EC cryptographic operations | CO, User | SD-SENC SD-SMAC SD-RMAC | ECDSA (Cert. A2713) P-256 SHS (Cert. A2713) | E | Status Word (Response APDU 9000) |
| Crypto Object Management | This service manages the Crypto Objects that can be used. Crypto Objects allow to do operations in multiple steps (init/update/final) Supported Crypto Objects allow to use a digest, cipher or MAC algorithm to be used | CO, User | SD-SENC SD-SMAC SD-RMAC APP-AES-KEY APP-HMAC-KEY | SHS (Cert. A2713) AES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714) HMAC (Cert. A2713) | E | Status Word (Response APDU 9000) |
| EC Crypto Operations (Perform approved security functions) | This service triggers OS API for ECDSA signature generation and verification, and for EC DH shared secret calculation according to [56Ar3] Section 5.7.1.2 | CO, User | OS-DRBG-EI OS-DRBG-STATE OS-DRBG-KEY OS-DRBG-V OS-DRBG-OUTPUT OS-MKEK SD-SENC SD-SMAC SD-RMAC APP-EC-PRIV-KEY APP-EC-PUB-KEY | ECDSA (Cert. A2713) P-256 KAS-SSC (Cert. A2713) P-256 SHS (Cert. A2713) CKG (Vendor Affirmed) | E, G, Z | Status Word (Response APDU 9000) |
| RSA Crypto Operations (Perform approved security functions) | This service triggers OS API for RSA signature generation and verification, and for RSA encryption and decryption (components only) | CO, User | OS-DRBG-EI OS-DRBG-STATE OS-DRBG-KEY OS-DRBG-V OS-DRBG-OUTPUT OS-MKEK SD-SENC SD-SMAC SD-RMAC APP-RSA-PRIV-KEY APP-RSA-PUB-KEY | RSA (Cert. A2713)2048, 3072, 4096 bits SHS (Cert. A2713) CKG (Vendor Affirmed) | E, G, Z | Status Word (Response APDU 9000) |
| Symmetric Cipher Crypto Operations (Perform approved security functions) | This service triggers OS API for AES encryption and decryption | CO, User | OS-MKEK SD-SENC SD-SMAC SD-RMAC APP-AES-KEY | AES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714) | E | Status Word (Response APDU 9000) |
| Authenticate d Encryption Crypto Operations (Perform approved security functions) | This service provides execution of the AEAD function using OS API primitives for AES GCM encryption and decryption, and DRBG for internal IV generation | CO, User | SD-SENC SD-SMAC SD-RMAC | AES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714) CTR_DRBG (A2713) | E | Status Word (Response APDU 9000) |
| MAC Calculation Crypto Operations (Perform approved security functions) | This service triggers OS API for MAC Calculation | CO, User | OS-MKEK SD-SENC SD-SMAC SD-RMAC APP-HMAC-KEY | CMAC (Cert. A2713) HMAC (Cert. A2713) | E | Status Word (Response APDU 9000) |
| HKDF operations (Perform approved security functions) | This service triggers OS API for HKDF operations (either Two Step Key Derivation using HMAC or the Key Derivation Function using Pseudorandom functions) | CO, User | OS-MKEK SD-SENC SD-SMAC SD-RMAC APP-HMAC-KEY | HKDF (Certs. A2713 and A2714) | E | Status Word (Response APDU 9000) |
| PBKDF Operation (Perform approved security functions) | This service provides execution of the Password-Based Key Derivation Function. The derived key is returned to the operator and not used by the module | CO, User | OS-MKEK SD-SENC SD-SMAC SD-RMAC | PBKDF2 (Cert. A2714) | E | Status Word (Response APDU 9000) |
| TLS KDF Functions (Perform approved security functions) | This service provides support for TLS v1.2 calculations. It does not implement the TLS v1.2 protocol | CO, User | OS-MKEK SD-SENC SD-SMAC SD-RMAC | KDF (Cert. A2713) | E | Status Word (Response APDU 9000) |
| Secure Hash Crypto Operations (Perform approved security functions) | This service triggers OS API for [FIPS 180-4] compliant hash algorithms | CO, User | OS-MKEK SD-SENC SD-SMAC SD-RMAC | SHA (Cert. A2713) | E | Status Word (Response APDU 9000) |
| SEMS Lite Authenticatio n | The service provides the authenticated secure messaging | CO, User | OS-MKEK APP-ECC-RT-PRIV-KA APP-AES-RAM-K0-KEY APP-AES-RAM-Kn-KEY APP-ECC-RT-PUB-AUT APP-ECC-PUB-eKA APP-ECC-PUB-AUT APP-CERT-KR-AUT APP-CERT-AUT DAP-DAPK | AES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714) ECDSA (Cert. A2713) P-256 SHS (Cert. A2713) KAS-ECC (Cert. A2713) P-256 CKG (Vendor Affirmed) | E, G, W, Z | Status Word (Response APDU 9000) |
| SEMS Lite Manage Content | The service is used to load data. The data is wrapped in SEMS Lite Authentication | CO, User | OS-MKEK APP-ECC-RT-PRIV-KA APP-AES-RAM-K0-KEY APP-AES-RAM-Kn-KEY APP-ECC-RT-PUB-AUT APP-ECC-PUB-eKA APP-ECC-PUB-AUT APP-CERT-KR-AUT APP-CERT-AUT DAP-DAPK | AES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714) ECDSA (Cert. A2713) P-256 SHS (Cert. A2713) KAS-ECC (Cert. A2713) P-256 CKG (Vendor Affirmed) | E, G, W, Z | Status Word (Response APDU 9000) |
| SEMS Lite Root Key Update | This service updates APP-ECC-RT-PRIV-KA and APP-ECC-RT-PUB- AUT keys wrapped in SEMS Lite Authentication | CO | OS-MKEK APP-ECC-RT-PRIV-KA APP-AES-RAM-K0-KEY APP-AES-RAM-Kn-KEY APP-ECC-RT-PUB-AUT APP-ECC-PUB-eKA APP-ECC-PUB-AUT APP-CERT-KR-AUT APP-CERT-AUT | AES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714) ECDSA (Cert. A2713) P-256 SHS (Cert. A2713) KAS-ECC (Cert. A2713) P-256 CKG (Vendor Affirmed) | E, G, W, Z | Status Word (Response APDU 9000) |
| Card Reset | Power cycle or reset the module | CO, User, Unauth- orised | N/A | N/A | N/A | Status Word (Response APDU 9000) |
| Context | Select an applet or manage logical channels | CO, User, Unauth- orised | N/A | N/A | N/A | Status Word (Response APDU 9000) |
| Info | Read unprivileged data objects, e.g., module configuration or status information (Show Status). This service includes the Pre- operational Self-Test on-demand | CO, User, Unauth- orised | N/A | N/A | N/A | Status Word (Response APDU 9000) |
| SEMS Lite General | This service provides generic operations which are not required to be protected by applying security. It includes selecting the SEMS Lite applet, reading version of the SEMS Lite applet or APP-ECC-RT-PUB-AUT public key of SEMS Lite Applet | CO, User, Unauth- orised | N/A | N/A | N/A | Status Word (Response APDU 9000) |
FIPS 140-3 Security Policy - DIGIPASS FX Crypto KDF SP800108 OneSpan NV 2025 Version 1.0 Public Material
FIPS 140-3 Security Policy - DIGIPASS FX Crypto KDF SP800108 OneSpan NV 2025 Version 1.0 Public Material
FIPS 140-3 Security Policy - DIGIPASS FX Crypto KDF SP800108 APP-TRANSPORTCIPHER OneSpan NV 2025 Version 1.0 Public Material
FIPS 140-3 Security Policy - DIGIPASS FX Crypto N/A APP-TRANSPORTCIPHER OneSpan NV 2025 Version 1.0 Public Material
FIPS 140-3 Security Policy - DIGIPASS FX Crypto E E, G, Z E, G, Z OneSpan NV 2025 Version 1.0 Public Material
FIPS 140-3 Security Policy - DIGIPASS FX Crypto E E E OneSpan NV 2025 Version 1.0 Public Material
FIPS 140-3 Security Policy - DIGIPASS FX Crypto E E E, G, W, Z n OneSpan NV 2025 Version 1.0 Public Material
FIPS 140-3 Security Policy - DIGIPASS FX Crypto OneSpan NV 2025 Version 1.0 Public Material
FIPS 140-3 Security Policy - DIGIPASS FX Crypto N/A N/A Unauthorised N/A N/A Unauthorised N/A N/A N/A Unauthorised N/A N/A N/A Unauthorised N/A N/A Table 8
FIPS 140-3 Security Policy - DIGIPASS FX Crypto Software/Firmware Security The cryptographic module is considered a hardware module with firmware components. An error detection code (32-bit CRC performed over all code located in Flash) is applied to all firmware components within the module. If the integrity test fails, the module enters the hard error (MUTE) state. An operator of the module can perform the integrity test on demand with the GET DATA APDU command. As a single-chip hardware module, the executable form of the code, i.e., firmware is binary format. The module does not support loading of firmware from an external source. ROM endurance has been proven to be more than 10 years after manufactured date. Therefore, per FIPS 140-3 IG 5.A, no pre-operational ROM integrity self-test has been implemented. The module’s endof-life procedures must be applied prior to the degradation of the ROM by setting the module to the TERMINATE state. All data and control inputs, and data and status outputs of the cryptographic module and services are directed through the module’s defined interfaces. OneSpan NV 2025 Version 1.0 Public Material
FIPS 140-3 Security Policy - DIGIPASS FX Crypto Operational Environment The module claims to meet Physical Security Level 4 and thus the requirements per this section do not apply. OneSpan NV 2025 Version 1.0 Public Material
| Recommended Frequency of | ||
|---|---|---|
| Physical Security Mechanism | Inspection/Test Guidance Details | |
| Inspection/Test | ||
| N/A | N/A | N/A |
| Temperature or voltage | Result | ||
|---|---|---|---|
| EFP or EFT | |||
| Measurement | (Shutdown/Zeroisation) | ||
| Low Temperature | -40°C | EFP | Shutdown |
| High Temperature | +105°C | EFP | Shutdown |
| Low Voltage | 1.62V | EFP | Shutdown |
| High Voltage | 6.0V | EFP | Shutdown |
| Hardness tested temperature measurement | |
|---|---|
| Low Temperature | -45°C |
| High Temperature | +125°C |
FIPS 140-3 Security Policy - DIGIPASS FX Crypto The module is a single-chip implementation that meets commercial-grade specifications for power, temperature, reliability, and shock/vibrations. The module uses standard passivation techniques. The module includes Environmental Failure Protection features such as temperature and voltage sensors. Fault Induction mitigation techniques are light sensors and spike sensors on the supply voltage lines. Identification of internal features such as sensitive components or interconnections is impeded by a fine mesh of metal shield lines that resides at the outermost layers of the chip. Delivery forms of the module are QFN package, contactless chip card module, or sawn wafer. Therefore, the module does not rely on any physical security based on a package. N/A Table 10
FIPS 140-3 Security Policy - DIGIPASS FX Crypto Non-Invasive Security Please see Section 12 below for information regarding non-invasive security countermeasures. OneSpan NV 2025 Version 1.0 Public Material
| Name | Strength | Security Function | Generation | Establishment | Storage | Use | Import Export | Zero- isation |
|---|---|---|---|---|---|---|---|---|
| OS-DRBG-EI CSP | 384 bits | CTR_DRBG (Cert. A2713) | Internally via ENT (P) | N/A | Temporarily stored in RAM in plaintext (does not persist beyond a power cycle); object identifier to entity association | Random value from ENT (P) used to seed reciprocally and AES-256 DRBG | N/A | Power-off (temporarily stored in RAM) |
| OS-DRBG- STATE CSP | 880 bits | CTR_DRBG (Cert. A2713) | Internally via SP800- 90Ar1 DRBG process | N/A | Stored in NVM in plaintext; object identifier to entity association | Current DRBG state value | N/A | Destroyed by termination of the module (LifeCycle/ Perform Zeroisation service); overwritten with zeroes |
| OS- DRBG- KEY CSP | 256 bits | CTR_DRBG (Cert. A2713) | Internally via SP800- 90Ar1 DRBG process | N/A | Stored in NVM in plaintext; object identifier to entity association | Current DRBG state value | N/A | Destroyed by terminate- on of the Module (LifeCycle/ Perform Zeroisation service); overwritt en with zeroes |
| OS-DRBG-V CSP | 256 bits | CTR_DRBG (Cert. A2713) | Internally via SP800- 90Ar1 DRBG process | N/A | Stored in NVM in plaintext; object identifier to entity association | Current DRBG state value | N/A | Destroyed by terminate- on of the Module (LifeCycle/ Perform Zeroisation service); overwritt en with zeroes |
| OS-DRBG- OUTPUT CSP | 256 bits | CTR_DRBG (Cert. A2713) | Internally via SP800- 90Ar1 DRBG process | N/A | Stored in NVM in plaintext; object identifier to entity association | Unmodified output from the DRBG used for SSP generation | N/A | Destroyed by termination of the module (LifeCycle/ Perform Zeroisation service); overwritten with zeroes |
| OS-SKEK CSP | 128 bits | AES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714) | N/A | N/A | Stored in NVM in plaintext; object identifier to entity association | Used to build OS-MKEK | Entered during manufact- uring/ personali- zation | Destroyed by termination of the module (LifeCycle/ Perform Zeroisation service); overwritten with zeroes |
| OS-MKEK CSP | 128 bits | AES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714) | OS-SKEK permutati on (xor between OS-SKEK and a constant value) | N/A | Stored in NVM in plaintext; object identifier to entity association | Used to encrypt all secret and private key data stored in NVM | N/A | Destroyed by termination of the module (LifeCycle/Pe rform Zeroisation service); overwritten with zeroes |
| SD-KENC CSP | 128 bits | AES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714) | N/A | N/A | Stored in NVM encrypted with Approved AES CBC with OS- MKEK; key version to entity association | Used to derive SD-SENC | Entered during manufactu ring/ personali- zation Or AES-CBC (using SD- KDEK) encrypted (RFC 3394 method) and transporte d using platform SCP03 Exported using Approved KTS | Destroyed because of OS-MKEK zeroisation |
| SD-KMAC CSP | 128 bits | AES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714) | N/A | N/A | Stored in NVM encrypted with Approved AES CBC with OS- MKEK; key version to entity association | Used to derive SD-SMAC | Entered during manufactu ring/pers- onalization Or AES-CBC (using SD- KDEK) encrypted (RFC 3394 method) and transporte d using platform SCP03 Exported using Approved KTS | Destroyed because of OS-MKEK zeroisation |
| SD-KDEK CSP | 128 bits | AES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714) | N/A | N/A | Stored in NVM encrypted with Approved AES CBC with OS- MKEK; key version to entity association | Sensitive data decryption key used to decrypt CSPs | Entered during manufactu ring/perso nalization Or Entered encrypted with the previous SD-KDEK Exported using Approved KTS | Destroyed because of OS-MKEK zeroisation |
| SD-SENC CSP | 128 bits | AES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714) KDF SP800- 108 (Cert. A2713) CKG (Vendor Affirmed) | N/A | Derived with Approved KDF SP800- 108 | Temporarily stored in RAM in plaintext (does not persist beyond a power cycle); object identifier to entity association | Session encryption key used to secure channel data | N/A | Power-off (temporarily stored in RAM) |
| SD-SMAC CSP | 128 bits | AES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714) KDF SP800- 108 (Cert. A2713) CKG (Vendor Affirmed) | N/A | Derived with Approved KDF SP800- 108 | Temporarily stored in RAM in plaintext (does not persist beyond a power cycle); object identifier to entity association | Session MAC key used to verify inbound secure channel data integrity | N/A | Power-off (temporarily stored in RAM) |
| SD-RMAC CSP | 128 bits | AES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714) KDF SP800- 108 (Cert. A2713) CKG (Vendor Affirmed) | N/A | Derived with Approved KDF SP800- 108 | Temporarily stored in RAM in plaintext (does not persist beyond a power cycle); object identifier to entity association | Session MAC key used to verify outbound secure channel data integrity | N/A | Power-off (temporarily stored in RAM) |
| APP- TRANSPORT- CIPHER CSP | 256 bits | AES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714) | N/A | N/A | Stored in NVM encrypted with Approved AES CBC with OS- MKEK; key version to entity association | Used to encrypt either exported or imported Secure Objects or data | Entered during manufactu ring/perso nalization Output: N/A | Destroyed because of OS-MKEK zeroisation |
| APP- TRANSPORT- MAC CSP | 128 bits | AES CMAC (Cert. A2713) | N/A | N/A | Stored in NVM encrypted with Approved AES CBC with OS- MKEK; key version to entity association | Used to authenticate either exported or imported Secure Objects | Entered during manufactu ring/perso nalization Output: N/A | Destroyed because of OS-MKEK zeroisation |
| APP-KAS- SSC-EC-PRIV- KEY CSP | 128 bits | KAS-ECC-SSC P-256 (Cert. A2713) KDA (Cert. A2713) | N/A | N/A | Stored in NVM encrypted with Approved AES CBC with OS- MKEK; key version to entity association | KAS Shared Secret computation private key | Entered during manufactu ring/perso nalization Output: N/A | Destroyed because of OS-MKEK zeroisation |
| APP-KAS- IOT-SS CSP | 128 bits | KAS-ECC-SSC P-256 (Cert. A2713) KDA (Cert. A2714) | N/A | Established with the SP800- 56Arev3 KAS-ECC | Temporarily stored in RAM in plaintext (does not persist beyond a power cycle); object identifier to entity association | KAS-ECC Shared Secret | N/A | Power-off (temporarily stored in RAM) |
| APP-AES- KEY-AUTH CSP | 128 bits | AES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714) or ECDSA (Cert. A2713) | N/A | Approved KTS | Stored in NVM encrypted with Approved AES CBC with OS- MKEK; key version to entity association | Used in AESKey session or ECKey session authentication methods | Entered during manufactu ring/perso nalization Output: via Approved KTS | Destroyed because of OS-MKEK zeroisation |
| APP-SENC CSP | 128 bits | AES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714) or ECDSA (Cert. A2713) KDF SP800- 108 (Cert. A2713) CKG (Vendor Affirmed) | N/A | Derived with Approved KDF SP800- 108 | Temporarily stored in RAM in plaintext (does not persist beyond a power cycle); object identifier to entity association | AES Key or EC Key session encryption key used to encrypt / decrypt secure channel data | N/A | Power-off (temporarily stored in RAM) |
| APP-SMAC CSP | 128 bits | AES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714) or ECDSA (Cert. A2713) KDF SP800- 108 (Cert. A2713) CKG (Vendor Affirmed) | N/A | Derived with Approved KDF SP800- 108 | Temporarily stored in RAM in plaintext (does not persist beyond a power cycle); object identifier to entity association | AES Key or EC Key session MAC key used to verify inbound secure channel data integrity | N/A | Power-off (temporarily stored in RAM) |
| APP-RMAC CSP | 128 bits | AES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714) or ECDSA (Cert. A2713) KDF SP800- 108 (Cert. A2713) CKG (Vendor Affirmed) | N/A | Derived with Approved KDF SP800- 108 | Temporarily stored in RAM in plaintext (does not persist beyond a power cycle); object identifier to entity association | AES Key or EC Key session MAC key used to generate response secure channel data MAC | N/A | Power-off (temporarily stored in RAM) |
| APP-USERID- FILE CSP | N/A | N/A | N/A | Approved KTS | Stored in NVM encrypted with Approved AES CBC with OS- MKEK; key version to entity association | 4-byte up to 16-byte UserID authentication data | Entered during manufactu ring/perso nalization Output: via Approved KTS | Destroyed because of OS-MKEK zeroisation |
| APP-EC- PRIV-KEY CSP | 112, 128, 192, 256 bits | ECDSA Key Generation P-224, P- 256, P-384, P-521 (Cert. A2713) CKG (Vendor Affirmed) | The Approved key pair generation method is compliant with FIPS 186-4, Sections B.43.23 (RSA) or B.4.2 (ECDSA), Key Pair Generatio n by Testing Candidates ; Generated on the module using Approved DRBG, AES-256 CTR_DRBG | N/A | Stored in NVM encrypted with Approved AES CBC with OS- MKEK; key version to entity association | Elliptic curve key that allows to perform EC cryptographic operations | Entered: N/A Output: via Approved KTS | Destroyed because of OS-MKEK zeroisation |
| APP-RSA- PRIV-KEY CSP | 112, 128, 152 bits | RSA Key Generation 2048, 3072, 4096 bits (Cert. A2713) CKG (Vendor Affirmed) | The Approved key pair generation method is compliant with FIPS 186-4, Sections B.43.23 (RSA) or B.4.2 (ECDSA), Key Pair Generatio n by Testing Candidates ; Generated on the module using Approved DRBG, AES-256 CTR_DRBG | N/A | Stored in NVM encrypted with Approved AES CBC with OS- MKEK; key version to entity association | RSA key that allows to perform RSA cryptographic operations | Entered: N/A Output: via Approved KTS | Destroyed because of OS-MKEK zeroisation |
| APP-AES-KEY CSP | 128, 192, 256 bits | AES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714) | N/A | Approved KTS | Stored in NVM encrypted with Approved AES CBC with OS- MKEK; key version to entity association | Used to perform AES cipher mode operations | Entered during manufactu ring/perso nalization Output: via Approved KTS | Destroyed because of OS-MKEK zeroisation. |
| APP-HMAC- KEY CSP | 128 and 256 bits | HMAC SHA-1, SHA2-256, 384, 512 (Cert. A2713) | N/A | Approved KTS | Stored in NVM encrypted with Approved AES CBC with OS- MKEK; key version to entity association | Used to perform KDF or HMAC operations | Entered during manufactu ring/perso nalization Output: via Approved KTS | Destroyed because of OS-MKEK zeroisation |
| APP-ECC-RT- PRIV-KA CSP | 256 bits | ECDSA (Cert. A2713) P-521 SHS (Cert. A2713) | N/A | N/A | Stored in NVM encrypted with Approved AES CBC with OS- MKEK; key version to entity association | Private static key used in key establishment (KAS-SSC) operations | Entered during manufactu ring/ personaliz ation or Imported in secure channel specified by GP- Amd-I Output: N/A | Destroyed because of OS-MKEK zeroisation |
| APP-KAS- SEMS-SS CSP | 128 bits | KAS-ECC- SSCP-256 (Cert. #A2713) KDA (Cert. A2715) | N/A | Established with the SP800- 56Arev3 KAS | Temporarily stored in RAM in plaintext (does not persist beyond a power cycle); object identifier to entity association | KAS Shared Secret CSP | N/A | Power-off (temporarily stored in RAM) |
| APP-AES- RAM-K0-Key CSP | 128 bits | AES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714) CKG (Vendor Affirmed) | N/A | Established with the SP- 800-56A Rev3 KAS- SCC followed by SHA256 as One Pass KDF | Temporarily stored in RAM (does not persist beyond a power cycle) | Used as secret key material in the very first decryption operations as part of Authenticatio n and Secure Messaging service of SEMS Lite applet | N/A | Power-off (temporarily stored in RAM) |
| APP-AES- RAM-Kn-Key CSP | 128 bits | AES CBC, ECB, CTR, CCM, CMAC (Cert. A2713) GCM/GMAC (Cert. A2714) | N/A | N/A | Temporarily stored in RAM (does not persist beyond a power cycle) | Used as secret key material in the subsequent n decryption operations as part of SEMS Lite Authenticatio n and Secure Messaging service | Imported in secure channel specified by GP- Amd-I Output: N/A | Power-off (temporarily stored in RAM) |
| DAP-DAPK PSP | 256 bits | ECDSA P-521 (Cert. A2713) | N/A | N/A | Stored in NVM encrypted with Approved AES CBC with OS- MKEK; key version to entity association | ECC public key used for Mandated DAP | Entered during manufactu ring/ personaliz ation | N/A – Considered protected by ISO 19790 definition |
| APP-KAS- SSC-EC-PUB- KEY PSP | 128 bits | KAS-ECC-SSC P-256 (Cert. A2713) | N/A | N/A | Stored in NVM encrypted with Approved AES CBC with OS- MKEK; key version to entity association | KAS Shared Secret computation public key | Entered during manufactu ring/ personaliz ation Output: Approved KTS | N/A – Considered protected by ISO 19790 definition |
| APP-EC-PUB- KEY-CO PSP | 128 bits | ECDSA (Cert. A2713) P-256 SHS (Cert. A2713) | N/A | N/A | Stored in NVM encrypted with Approved AES CBC with OS- MKEK; key version to entity association | ECDSA public key used to authenticate the CO | Entered during manufactu ring/ personaliz ation Output: Approved KTS | N/A – Considered protected by ISO 19790 definition |
| APP-EC-PUB- KEY-USER PSP | 128 bits | ECDSA (Cert. A2713) P-256 SHS (Cert. A2713) | N/A | N/A | Stored in NVM encrypted with Approved AES CBC with OS- MKEK; key version to entity association | ECDSA public key used to authenticate as user | Entered during manufactu ring/ personaliz ation Output: Approved KTS | N/A – Considered protected by ISO 19790 definition |
| APP-EC-PUB- KEY PSP | 128 bits | ECDSA (Cert. A2713) P-256 CKG (Vendor Affirmed) | The Approved key pair generation method is compliant with FIPS 186-4, Sections B.43.23 (RSA) or B.4.2 (ECDSA), Key Pair Generatio n by Testing Candidates ; Generated on the module using Approved DRBG, AES-256 CTR_DRBG | N/A | Stored in NVM encrypted with Approved AES CBC with OS- MKEK; key version to entity association | Used to execute EC cryptographic operations | Entered: N/A Output: Approved KTS | N/A – Considered protected by ISO 19790 definition |
| APP-RSA- PUB-KEY PSP | 112, 128, 152 bits | RSA (Cert. A2713)2048, 3072, 4096 bits CKG (Vendor Affirmed) | The Approved key pair generation method is compliant with FIPS 186-4, Sections B.43.23 (RSA) or B.4.2 (ECDSA), Key Pair Generatio n by Testing Candidates ; Generated on the module using Approved DRBG, AES-256 CTR_DRBG | N/A | Stored in NVM encrypted with Approved AES CBC with OS- MKEK; key version to entity association | Used to execute RSA cryptographic operations | Entered: N/A Output: Approved KTS | N/A – Considered protected by ISO 19790 definition |
| APP-ECC- PUB-eKA PSP | 128 bits | KAS-ECC-SSC P-256 (Cert. A2713) | N/A | N/A | Stored in NVM encrypted with Approved AES CBC with OS- MKEK; key version to entity association | Ephemeral EC public key used in key establishment (KAS) operation | Entered: Certificate is entered in plain text Output: N/A | N/A – Considered protected by ISO 19790 definition |
| APP-ECC-RT- PUB-AUT PSP | 256 bits | ECDSA (Cert. A2713) P-521 SHS (Cert. A2713) | N/A | N/A | Stored in NVM encrypted with Approved AES CBC with OS- MKEK; key version to entity association | EC public key used in ECDSA verification operations | Entered: Certificate is entered in plain text Output: In plaintext | N/A – Considered protected by ISO 19790 definition |
| APP-ECC- PUB-AUT PSP | 256 bits | ECDSA (Cert. A2713) P-521 SHS (Cert. A2713) | N/A | N/A | Stored in NVM encrypted with Approved AES CBC with OS- MKEK; key version to entity association | Static EC public key used in ECDSA verification operations | Entered: Certificate is entered in plain text Output: N/A | N/A – Considered protected by ISO 19790 definition |
| APP-CERT- AUT PSP | 256 bits | ECDSA (Cert. A2713) P-521 SHS (Cert. A2713) | N/A | N/A | Stored in NVM in plaintext; object identifier to entity association | Certificate with EC public key providing authorization and authenticity to SEMS Lite applet | Entered: Certificate is entered in plain text Output: N/A | N/A – Considered protected by ISO 19790 definition |
| APP-CERT- KR-AUT PSP | 256-bits | ECDSA (Cert. A2713) P-521 SHS (Cert. A2713) | N/A | N/A | Stored in NVM in plaintext; object identifier to entity association | Certificate with 256-bit EC public key providing authorization and authenticity to SEMS Lite applet for SEMS Lite Root Key Update service | Entered: Certificate is entered in plain text Output: N/A | N/A – Considered ‘protected’ by ISO 19790 definition |
Sensitive Security Parameter Management Generation Establishment N/A N/A via SP80090Ar1 N/A N/A via SP80090Ar1 N/A N/A OS-DRBGSTATE OS- DRBGKEY
FIPS 140-3 Security Policy - DIGIPASS FX Crypto Establishment via SP80090Ar1 N/A N/A via SP80090Ar1 N/A N/A N/A manufacturing/ personalization N/A N/A N/A OS-DRBGOUTPUT OneSpan NV 2023 Version 1.0 Public Material
FIPS 140-3 Security Policy - DIGIPASS FX Crypto Generation Establishment N/A personalization (using SDKDEK) N/A N/A N/A ring/personalization (using SDKDEK) OneSpan NV 2023 Public Material
FIPS 140-3 Security Policy - DIGIPASS FX Crypto KDF SP800108 Generation Establishment N/A N/A KDF SP800108 N/A N/A OneSpan NV 2023 Public Material
FIPS 140-3 Security Policy - DIGIPASS FX Crypto APPTRANSPORTCIPHER KDF SP800108 KDF SP800108 Generation Establishment N/A N/A KDF SP800108 N/A N/A KDF SP800108 N/A N/A N/A OneSpan NV 2023 Public Material
FIPS 140-3 Security Policy - DIGIPASS FX Crypto APPTRANSPORTMAC Generation Establishment N/A N/A N/A APP-KASSSC-EC-PRIVKEY N/A N/A N/A N/A N/A SP80056Arev3 OneSpan NV 2023 Public Material
FIPS 140-3 Security Policy - DIGIPASS FX Crypto KDF SP800108 Generation Establishment N/A N/A N/A KDF SP800108 OneSpan NV 2023 Public Material
FIPS 140-3 Security Policy - DIGIPASS FX Crypto KDF SP800108 KDF SP800108 Generation Establishment N/A N/A KDF SP800108 N/A N/A KDF SP800108 OneSpan NV 2023 Version 1.0 Zeroisation Public Material
FIPS 140-3 Security Policy - DIGIPASS FX Crypto APP-USERIDFILE Establishment N/A N/A N/A P-224, P256, B.4.2 ; N/A N/A OneSpan NV 2023 Public Material
FIPS 140-3 Security Policy - DIGIPASS FX Crypto Establishment B.4.2 ; N/A N/A N/A OneSpan NV 2023 Public Material
FIPS 140-3 Security Policy - DIGIPASS FX Crypto APP-HMACKEY Generation N/A N/A by GPAmd-I N/A N/A N/A N/A SP80056Arev3 KAS OneSpan NV 2023 Public Material
FIPS 140-3 Security Policy - DIGIPASS FX Crypto Generation Establishment Zeroisation N/A N/A Rev3 KASSCC N/A by GPAmd-I N/A N/A N/A N/A
FIPS 140-3 Security Policy - DIGIPASS FX Crypto APP-KASSSC-EC-PUBKEY Generation Establishment N/A N/A N/A N/A N/A N/A OneSpan NV 2023 Zeroisation N/A
FIPS 140-3 Security Policy - DIGIPASS FX Crypto Establishment B.4.2 ; N/A N/A OneSpan NV 2023 Zeroisation N/A
FIPS 140-3 Security Policy - DIGIPASS FX Crypto B.4.2 ; N/A N/A N/A N/A N/A OneSpan NV 2023 Zeroisation N/A
FIPS 140-3 Security Policy - DIGIPASS FX Crypto Generation Establishment N/A N/A N/A N/A N/A APP-CERTAUT N/A N/A N/A N/A N/A N/A Zeroisation N/A
| Entropy sources | Minimum Number of bits of entropy | Details |
|---|---|---|
| NIST SP800-90B ENT (P) – Used as entropy input to the Approved DRBG | 256-bits of overall entropy for AES- 256 CTR_DRBG; 0.912949 per entropy source output bit | Noise source based on hardware implementing an iterated Bernouli Shift Map |
FIPS 140-3 Security Policy - DIGIPASS FX Crypto The module implements a NIST SP800-90Ar1 Approved CTR_DRBG. The unmodified outputs of the DRBG are used for Cryptographic Key Generation (CKG) of Symmetric Keys and seeds for Asymmetric Key Generation as noted in Table 3 in this document per Section 4 in NIST SP800-133r2. Table 13
FIPS 140-3 Security Policy - DIGIPASS FX Crypto Self-Tests On power-on or on demand, the module performs self-tests described below. The pre-operational self-test must be completed successfully prior to any other use of cryptography by the module. The Cryptographic Algorithm Self-Tests are either performed at boot or prior to first use. The conditional self-tests are performed when the corresponding conditions occur. If one of the self-tests fails, the system is halted and will start again after a reset. ROM endurance has been proven to be more than 10 years after manufactured date. Therefore, no pre-operational ROM integrity self-test has been implemented. The module’s end-of-life procedures must be applied prior to the degradation of the ROM by setting the module to the TERMINATE state, The Flash Firmware Integrity check is performed on every reset or on demand. Pre-operational Self-Tests
FIPS 140-3 Security Policy - DIGIPASS FX Crypto NIST SP800-90B ENT (P) Repetition Count Test (RCT) performed on raw data NIST SP800-90B ENT (P) Developer Defined Heath Test Transition Count Test performed on the raw data
FIPS 140-3 Security Policy - DIGIPASS FX Crypto Life-Cycle Assurance All configuration management items are managed using an automated configuration management system. The module is designed to allow the testing of all provided security-related services. All firmware is implemented using a high-level language and is designed in a manner that avoids the use of code, parameters, or symbols not necessary for the module’s functionality and execution. While the module can be delivered with the Approved mode enabled by default, customers also have the option to receive a module which is in the unconfigured state, i.e., non-Approved mode. To comply with and maintain the FIPS 140-3 validation, it would be the CO’s responsibility to enable the Approved mode of operation as follows (this information can also be found in the JCOP 4.5 User guidance and administrator manual document):
FIPS 140-3 Security Policy - DIGIPASS FX Crypto Mitigation of Other Attacks The module is protected against the following non-invasive attacks: SPA, DPA, Timing Analysis and Fault Induction using a combination of firmware and hardware countermeasures. Protection features include detection of out-ofrange supply voltages, frequencies or temperatures, fault induction mitigations like light sensors, voltage glitch sensors and an active shield, and detection of illegal address or instruction. All cryptographic computations and sensitive operations such as critical data comparison provided by the module are designed to be resistant to timing and power analysis. Sensitive operations are performed in constant time, regardless of the execution context (parameters, keys, etc.), owing to a combination of hardware and firmware features. In addition to the non-invasive attacks, the module also uses standard passivation techniques and is protected by active shielding (a grid of top metal layer wires with tamper response) which qualifies for classification under mitigation of other attacks. OneSpan NV 2025 Version 1.0 Public Material
FIPS 140-3 Security Policy - DIGIPASS FX Crypto END OF DOCUMENT OneSpan NV 2025 Version 1.0 Public Material