All modules
CMVP Validated Module · FIPS 140-3 Security Policy

FEITIAN ePass Token Cryptographic Module

Certificate#5151StandardFIPS 140-3Level3TypeHardwareEmbodimentMulti-Chip EmbeddedStatusActiveVendorFEITIAN Technologies Co., Ltd.
Low review priority  ·  no TCB surface named  ·  last validated 6 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level3
Module typeHardware
EmbodimentMulti-Chip Embedded
StatusActive
Sunset date1/27/2031
CaveatThe module generates SSPs (e.g., keys) whose strengths are modified by available entropy, No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs
VendorFEITIAN Technologies Co., Ltd.

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for FEITIAN ePass Token Cryptographic Module
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Update<br/>Recovery</i>"]
    C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Self-Test<br/>Status Output<br/>Unauth</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
    I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C2,C3,C6 clue;
  class I2,I3,I6 infer;
  class R2,R3,R6 risk;
  class E2,E3,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for FEITIAN ePass Token Cryptographic Module
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Update<br/>Recovery</i><br/>src: text:keyword"]
    C3["[low] Self-test / status surface (referenced in text)<br/><i>Self-Test<br/>Status Output<br/>Unauth</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C2,C3,C6 clueLow;

Security Policy, page by page

Page 1

FEITIAN Technologies Co., Ltd. FEITIAN ePass Token Cryptographic Module Document Version: 1.1.0 Date: January 16, 2026

Page 2
Table of Contents
#SectionPage
Page 3

FEITIAN Technologies Public Material

Page 4
List of Tables
ItemPage
Table 1: Security Levels5
Table 2: Tested Module Identification – Hardware9
Table 3: Modes List and Description9
Table 4: Approved Algorithms11
Table 5: Vendor-Affirmed Algorithms11
Table 6: Security Function Implementations16
Table 7: Entropy Certificates17
Table 8: Entropy Sources17
Table 9: Ports and Interfaces18
Table 10: Authentication Methods20
Table 11: Roles21
Table 12: Approved Services45
Table 13: Mechanisms and Actions Required48
Table 14: EFP/EFT Information48
Table 15: Hardness Testing Temperatures49
Table 16: Storage Areas51
Table 17: SSP Input-Output Methods52
Table 18: SSP Zeroization Methods52
Table 19: SSP Table 165
Table 20: SSP Table 271
Table 21: Pre-Operational Self-Tests73
Table 22: Conditional Self-Tests76
Table 23: Pre-Operational Periodic Information76
Table 24: Conditional Periodic Information78
Table 25: Error States79
Table 26 References83
Table 27 Acronyms and Definitions84
Figure 1 – Module Boundary6
Figure 2 – Block diagram7
Figure 3 – Module Appearance8
Page 5
1 – General
1.1 Overview

This document is the non-proprietary FIPS 140-3 Security Policy for the ePass token. It contains the security rules under which the module must operate and describes how this module meets the requirements as specified in FIPS PUB 140-3 (Federal Information Processing Standards Publication 140-

3 for an overall Security Level 3 module.
1.2 Security Levels

The FIPS 140-3 security levels for the Module are as follows: Section Title Security Level

1 General 3
2 Cryptographic module specification 3
3 Cryptographic module interfaces 3
4 Roles, services, and authentication 3
5 Software/Firmware security 3
6 Operational environment N/A
7 Physical security 3
8 Non-invasive security N/A
9 Sensitive security parameter management 3
10 Self-tests 3
11 Life-cycle assurance 3
12 Mitigation of other attacks N/A

Overall Level 3 Table 1: Security Levels FEITIAN Technologies Public Material

Page 6
2 – Cryptographic Module Specification

This FEITIAN ePass token module, hereafter denoted as the Module. The Module supports multiple identity authentication system frameworks such as PKI/OTP/FIDO, among which PKI includes three applications: ePass2003/ePassPIV/ePassOpenPGP. The OTP functional unit complies with OATH standards. The PIV functional unit meets the specifications NIST.SP.800-73-4. The OpenPGP functional unit is an ISO Smart Card Operating Systems.

2.1 Description

Purpose and Use: The Module is intended for use by US Federal agencies or other markets that require FIPS 140-3 validated identity authentication product, the Module is intended to be used in E-mail encryption, system login, transaction protection, etc. Module Type: Hardware Module Embodiment: MultiChipEmbed Cryptographic Boundary: The physical form of the Module is depicted in Figure 1. The Module is a multi-chip embedded embodiment. The Module is a USB token containing FEITIAN owned FTCOS, which is embedded in a HSC32K2 with PAA Integrated Circuit (IC) chip and has been developed to support FEITIAN USB token. The Module is designed to provide strong authentication and identification and to support network login, secure online transactions, digital signatures, and sensitive data protection. Figure 1

Page 7

Figure 2

Page 8

Figure 3

2.2 Tested and Vendor Affirmed Module Version and Identification

The operator can correlate the module’s name and versioning information with the CMVP validation record by following the instructions in the FEITIAN ePass Token Cryptographic Module Administrator Guidance, page 31, Section 5.8 Get Device Info, #7 get version info. Tested Module Identification

Page 9

Model and/or Hardware Firmware Processors Features Part Version Version Number A2 V1.2 V1.3.02 HSC32K2 with PAA K9 V1.0 V1.3.02 HSC32K2 with PAA K40 V1.0 V1.3.02 HSC32K2 with PAA A4B V1.0 V1.3.02 HSC32K2 with PAA K49 V1.0 V1.3.02 HSC32K2 with PAA K50 V1.0 V1.3.02 HSC32K2 with PAA K28 V1.0 V1.3.02 HSC32K2 with PAA Table 2: Tested Module Identification

2.3 Excluded Components

The module does not exclude any components.

2.4 Modes of Operation

Modes List and Description: Mode Status Description Type Name Indicator Approved The module has only one mode of operation - the LED on and Approved Mode Approved mode, which is entered after power up. blink Table 3: Modes List and Description The module only supports Approved mode. IG 2.4.C scenario 2) is applied to the module, i.e. A static code(9000 or 00) indicating the completion of service. The successful completion of a service is an implicit indicator for the use of an approved service.

2.5 Algorithms

Approved Algorithms: The Module implements the Approved cryptographic algorithms listed the table below. CAVP Algorithm Properties Reference Cert Direction - Decrypt, Encrypt AES-CBC A4980 SP 800-38A Key Length - 128, 192, 256 Direction - Generation, Verification AES-CMAC A4980 SP 800-38B Key Length - 128, 192, 256 FEITIAN Technologies Public Material

Page 10

CAVP Algorithm Properties Reference Cert Direction - Decrypt, Encrypt AES-ECB A4980 SP 800-38A Key Length - 128, 192, 256 Direction - Decrypt, Encrypt AES-GCM A4980 IV Generation Mode - 8.2.2 SP 800-38D Key Length - 128, 192, 256 Prediction Resistance - Yes SP 800-90A Counter DRBG A4980 Mode - AES-128 Rev. 1 Derivation Function Enabled - Yes Curve - P-256, P-384, P-521 ECDSA KeyGen A4980 Secret Generation Mode - testing FIPS 186-5 (FIPS186-5) candidates ECDSA KeyVer A4980 Curve - P-256, P-384, P-521 FIPS 186-5 (FIPS186-5) Curve - P-256, P-384, P-521 ECDSA SigGen Hash Algorithm - SHA2-256, SHA2-384, A4980 FIPS 186-5 (FIPS186-5) SHA2-512 Component - Yes Curve - P-256, P-384, P-521 ECDSA SigVer A4980 Hash Algorithm - SHA2-256, SHA2-384, FIPS 186-5 (FIPS186-5) SHA2-512 Key Length - Key Length: 8-2048 HMAC-SHA-1 A4980 FIPS 198-1 Increment 8 Key Length - Key Length: 8-2048 HMAC-SHA2-256 A4980 FIPS 198-1 Increment 8 Domain Parameter Generation Methods - P-256 Function - Key Pair Generation Scheme KAS-ECC Sp800- SP 800-56A A4980 ephemeralUnified 56Ar3 Rev. 3 KAS Role - Responder KDF Methods twoStepKdf Key Length - 256 KDF Mode - Counter SP 800-108 KDF SP800-108 A4980 Supported Lengths - Supported Lengths: Rev. 1 8-256 Increment 8 Key Generation Mode - probable RSA KeyGen Modulo - 2048, 3072, 4096 A4980 FIPS 186-5 (FIPS186-5) Primality Tests - 2powSecStr Private Key Format - crt RSA SigGen Modulo - 2048, 3072, 4096 A4980 FIPS 186-5 (FIPS186-5) Signature Type - pkcs1v1.5 RSA SigVer Modulo - 2048, 3072, 4096 A4980 FIPS 186-5 (FIPS186-5) Signature Type - pkcs1v1.5 Message Length - Message Length: 160, SHA-1 A4980 FIPS 180-4 0-65536 Increment 8 FEITIAN Technologies Public Material

Page 11

CAVP Algorithm Properties Reference Cert Message Length - Message Length: 256, SHA2-256 A4980 FIPS 180-4 0-65536 Increment 8 Message Length - Message Length: 384, SHA2-384 A4980 FIPS 180-4 0-65536 Increment 8 Message Length - Message Length: 512, SHA2-512 A4980 FIPS 180-4 0-65536 Increment 8 Table 4: Approved Algorithms Vendor-Affirmed Algorithms: The Module implements the FIPS Vendor Affirmed cryptographic algorithms listed below. Name Properties Implementation Reference Key Type::Asymmetric and [133r2] section 4, example 1 CKG1 N/A Symmetric and IG D.H Table 5: Vendor-Affirmed Algorithms Non-Approved, Allowed Algorithms: N/A for this module. Non-Approved, Allowed Algorithms with No Security Claimed: N/A for this module. Non-Approved, Not Allowed Algorithms: N/A for this module. FEITIAN Technologies Public Material

Page 12
2.6 Security Function Implementations

The SFI table shows the Security Function Implementations that the module implements: Descriptio Algorith Name Type Properties n ms RSA KeyGen (FIPS186 -5): Publications:Publicat (A4980) Asymmetric ions: [FIPS 186-5], Counter AsymKeyPa RSA_GEN_KEY_PAIR Key-Pair [SP800-90A], DRBG: ir-KeyGen Generation [SP800-133r1], [IG (A4980) C.E] CKG1: () Key Type:: Symmetri c ECDSA KeyGen (FIPS186 -5): (A4980) Publications:[FIPS Asymmetric Counter AsymKeyPa 186-5], [SP800-90A], ECC_GEN_KEY_PAIR Key-Pair DRBG: ir-KeyGen [SP800-133r1], [IG Generation (A4980) C.A] CKG1: () Key Type:: Symmetri c AESCBC: Symmetric (A4980) Key Size: 128 Generation AESSections 4 GCM: and 6.1 (A4980) Direct Publications:[SP800- Size: 128 AES_KEY_GEN CKG symmetric 90A], [IG D.H], [FIPS AESkey 197] ECB: generation (A4980) using Size: 128 unmodified Counter DRBG DRBG: output (A4980) CKG1: () Key FEITIAN Technologies Public Material

Page 13

Descriptio Algorith Name Type Properties n ms Type:: Symmetri c AESCMAC: Symmetric (A4980) Key Publications:[SP800- Size: 128 SESSIONKEY_GEN KBKDF Generation 108r1], [SP800-38B], KDF using [FIPS 197] SP800KBKDF 108: (A4980) Size: 128 RSA SigGen (FIPS186 -5): (A4980) SHA2Digital Publications:[FIPS DigSig- 256: RSA_SIG_GEN Signature 186-5], [SP800SigGen (A4980) Generation 133r1], [IG C.E] SHA2384: (A4980) SHA2512: (A4980) RSA SigVer (FIPS186 -5): (A4980) SHA2DigSig- Signature Publications:[FIPS 256: RSA_SIG_VER SigVer Verification 186-5], [IG C.E] (A4980) SHA2384: (A4980) SHA2512: (A4980) ECDSA SigGen (FIPS186 Digital Publications:[FIPS DigSig- -5): ECC_SIG_GEN Signature 186-5], [SP800SigGen (A4980) Generation 133r1], [IG C.A] SHA2256: (A4980) FEITIAN Technologies Public Material

Page 14

Descriptio Algorith Name Type Properties n ms SHA2384: (A4980) SHA2512: (A4980) ECDSA SigVer (FIPS186 -5): (A4980) SHA2DigSig- Signature Publications:[FIPS 256: ECC_SIG_VER SigVer Verification 186-5], [IG C.A] (A4980) SHA2384: (A4980) SHA2512: (A4980) ECDSA Check the KeyVer AsymKeyPa validity of Publications:[FIPS ECC_KEY_VER (FIPS186 ir-KeyVer the public 186-5], [IG C.A] -5): key (A4980) Random Counter Publications:[SP800DRBG_GEN DRBG Number DRBG: 90A], [IG D.L] Generation (A4980) Publications:[SP800Entropy ENT_GEN ENT-ESV 90B], [IG 9.3.A], [IG Source D.J] [IG D.O] IG:D.F Scenario 2, Key path 2, end-to-end Agreement Caveat:Key Shared establishment KASSecret methodology ECC SHAREDSECRETKEY_GE Calculation KAS-Full provides 128 bits of Sp800N_KAS [56Ar3] security strength 56Ar3: Key Key confirmation:No (A4980) Derivation Key derivation:KDA KDA (tested as part KAS [56Cr2] certificate) AESCMAC: BC- Block Publications:[FIPS (A4980) AES_ENC_AUTH AuthEncrypt Cipher 197] Sizes: AESFEITIAN Technologies Public Material

Page 15

Descriptio Algorith Name Type Properties n ms GCM: (A4980) Size: 128 AESCBC: BCBlock Publications:[FIPS (A4980) AES_ENC UnAuthEncr Cipher 197] AESypt ECB: (A4980) AESCMAC: (A4980) BC- Block Publications:[FIPS Size: 128 AES_DEC_AUTH AuthDecrypt Cipher 197] AESGCM: (A4980) Size: 128 AESCBC: BCBlock Publications:[FIPS (A4980) AES_DEC UnAuthDecr Cipher 197] AESypt ECB: (A4980) HMACSHA-1: (A4980) HMACMessage SHA2Authenticati Publications:[FIPS19 256: HMAC_GEN MAC on 8-1] [IG C.B] (A4980) Generation SHA-1: (A4980) SHA2256: (A4980) AESStandard:SP 800- CBC: 38F (A4980) IG D.G:Approved Sizes: KTS- used as Caveat:Key 128 KTS_SCP03_WRAP Unwrap SCP03 establishment AESmethodology CMAC: provides 128 bits of (A4980) security strength Sizes: KTS- SP800-38D Standard:SP 800- AESKTS_AESGCM_WRAP Unwrap Based on 38F GCM: KTS-Wrap IG D.G IG D.G:Approved (A4980) FEITIAN Technologies Public Material

Page 16

Descriptio Algorith Name Type Properties n ms Caveat:Key Sizes: establishment 128 methodology provides 128 bits of security strength AESStandard:SP 800CBC: 38F (A4980) Key IG D.G:Approved KTS- Sizes: Wrapping Caveat:Key KTS_CTAP_WRAP Unwrap 128 Based on establishment KTS-Wrap HMACIG D.G methodology SHA2provides 128 bits of 256: security strength (A4980) SHA2256: (A4980) Secure SHA2Publications: [FIPS SHA_CAL SHA Hash 384: 180-4], [IG C.B] Standard (A4980) SHA2512: (A4980) Table 6: Security Function Implementations

2.7 Algorithm Specific Information

AES GCM IV Uniqueness FIPS140-3 IG C.H, Option 2 The IV is generated internally at its entirety randomly. The generation uses an Approved DRBG (Cert. #A4980) that is internal to the module’s boundary. The IV length shall be at least 96 bits (per SP 800-38D). KAS [56Ar3] - Per [IG] D.F Scenario 2 path (2), compliant key agreement scheme where testing is performed end-to-end for the shared secret computation and a KDF compliant with HKDF (2step KDF). The Module obtains the [FIPS140-3_IG] D.F required key agreement assurances [SP800-56Ar3] in accordance with Section 5.6.2.

2.8 RBG and Entropy

FEITIAN Technologies Public Material

Page 17

The scenario 1(a) in IG 9.3.A is applied to the module, the security strength of the DRBG seeded by the entropy source is 128-bit. According to table 4 of the ESV Public Use Document, to reach 128 bits of strength, at least 581 bits of random nonce are needed to seed the DRBG. A 640-bit nonce is used in the module, so the DRBG entropy strength is 128 bits. Cert Vendor Name Number E134 Feitian Technologies Co., Ltd. Table 7: Entropy Certificates The Module uses the following entropy sources: Entropy Operational Sample Conditioning Name Type per Environment Size Component Sample HSEC_ES Physical HSEC HSC 1 bit 0.3308 N/A Table 8: Entropy Sources

2.9 Key Generation

For Key Generation, see Section 2.5 and Section 2.6 above.

2.10 Key Establishment

Key Agreement Information For Key Agreement, see Section 2.5 and Section 2.6 above. Key Transport Information For Key Transport, see Section 2.5 and Section 2.6 above.

2.11 Industry Protocols

The module does not support any industry protocols that would be of interest to this standard. FEITIAN Technologies Public Material

Page 18
3 Cryptographic Module Interfaces
3.1 Ports and Interfaces

The Module’s ports and associated FIPS defined logical interface categories are listed below. Logical Physical Port Data That Passes Interface(s) Power Supply 2 Pins Power Vcc Vdd 1.62-5.5V Touch Button 1 Pin Control Input Physical input LED 1 Pin Status Output Physical output Data Input Data Output USB(D+/D-) 2 Pins Primary physical interface (USB) for all service data Control Input Status Output Table 9: Ports and Interfaces Note: The module does not support Control Output. FEITIAN Technologies Public Material

Page 19
4 Roles, Services, and Authentication
4.1 Authentication Methods

Security Strength Each Strength per Method Name Description Mechanism Attempt Minute A role is authenticated to the Module console with a PIN Each mechanism authentication The PIN must attempt takes be to changed approximately by the CO after

60 ms which

first allows a authentication PIN8-63 characters maximum of with default PIN, including

15 attempts

data. The numbers, letters, and per minute. Module Memorized special Authentication_PIN Therefore, the enforced a Secrets characters.Therefore, probability of minimum size the probability of successfully of 8 ASCII successful attempt is authenticating characters. 1/95^8 to the module The number of within one incorrect minute through attempts for random PIN is 3-15, attempts is which can be 15/95^8 set to a maximum of 15 times and a minimum of 3 times. The identity is Each authenticated authentication to the module attempt takes 128-bit AES-ECB Key with a approximately Challenge-Response challenge- 60 ms which A minimum 16 byte response allows a (128 bit) binary string Authentication_ mechanism AES-ECB maximum of has a probability that AuthKey (Cert. #A4980). (A4980) 15 attempts a random attempt will The entity gets per minute. succeed or a false challenge from Therefore, the acceptance will occur the module probability of of 1/2^128. then encrypts it successfully resulting in authenticating cryptogram to the module FEITIAN Technologies Public Material

Page 20

Security Strength Each Strength per Method Name Description Mechanism Attempt Minute using Auth key. within one The minute through cryptogram is random sent back and attempts is decrypted in 15/2^128 . the module using same key, then the module check if the result is matched with original challenge. The Auth key MUST be changed to specific value for each module by the CO after first authentication with default data. The Auth key is generally a random number automatically generated by HSM. The number of incorrect attempts for Auth key is 315, which can be set to a maximum of 15 times and a minimum of 3 times. Table 10: Authentication Methods All authentication states are all stored in RAM, so they are cleared automatically once the module is powered down. Note: Authentication-PIN is an abstract noun that includes the PIN of ePass2003 unit, PIN/PUK of PIV unit, PIN of FIDO unit, AccessiCode of OTP unit, PGP User PIN(PW1)/ PGP Admin PIN(PW3) of OpenPGP unit. FEITIAN Technologies Public Material

Page 21

Authentication-AuthKey is an abstract noun that includes the Device authenticate key of a universal service unit, the External Auth Key of an ePass2003 unit, and the PIV Authentication Key of a PIV unit.

4.2 Roles

The Module supports four distinct operator roles, User, Admin, Cryptographic Officer (CO) and Unauth. The CO role is responsible for device authentication, resetting applications and other roles' authentication data (User PINs, etc). The Admin role is responsible for configuring SSPs and managing User identities (such as unblock a User identity in the PIV application). The User role is responsible for performing cryptographic operations to utilize the module as an authenticator. The unauthenticated role can only access some non-operational SSP services, Such as Select functional unit, get a challenge, read non-security relevant information, self-tests, etc. The Module does not support a maintenance role. The Module does not support concurrent operators. The Roles Table below lists all operator roles supported by the Module. Name Type Operator Type Authentication Methods CO Identity Crypto Officer Authentication_ AuthKey Authentication_PIN Admin Identity User Authentication_ AuthKey User Identity User Authentication_PIN UnAuth Role Unauthenticated None Table 11: Roles FEITIAN Technologies Public Material

Page 22
4.3 Approved Services

All approved services implemented by the Module are listed in the table below: The SSPs modes of access shown in the table below are defined as:

9000 Comman

content or d without Get Device including Device Unauthen error input None Info versioning Info ticated statu paramete information s r and show status Request random Unauthen data that ticated

9000 Comman

will be used - DRBG or d with Get as a random DRBG_GEN V: G,Z error expected Challenge challenge value ENT_GEN - DRBG statu data within the Seed: G s length Device - DRBG Authenticat Key: G,Z e service 9000 Request CO Device or Kid and administrat - Device Authenticat error cipher N/A AES_DEC_AUTH or authentic e statu text privileges ate key: E s CO Change

9000 - KSenc:

Device or E authenticat cipher Update key error N/A AES_DEC - KSmac: e key, text statu E INIT_KEYe s - Device nc and authentic FEITIAN Technologies Public Material

Page 23

Descriptio Indic SSP Name Inputs Outputs Security Functions n ator Access INIT_KEY ate key: mac W,E,Z INIT_KEY enc: W,Z INIT_KEY mac: W,Z Admin INIT_KEY enc: E INIT_KEY mac: E - KSenc: G 9000 Create Host - KSmac: GP or Secure random cipher G Initialize error SESSIONKEY_GEN Channel Card text User Update statu Session random s INIT_KEY enc: E INIT_KEY mac: E - KSenc: G - KSmac: G This service Admin may also - KSenc: be used to E both 9000 GP - KSmac: authenticat or External cipher E e and error N/A SESSIONKEY_GEN Authenticat text User initiate a statu e - KSenc: secure s E session - KSmac: with an E external entity.

9000 Comman CO

The token or d without - DRBGTerminate into error input N/A None EI: Z token terminate statu paramete - DRBG state. s r V: Z FEITIAN Technologies Public Material

Page 24

Descriptio Indic SSP Name Inputs Outputs Security Functions n ator Access - DRBG Key: Z Managing Key: Z - Device authentic ate key: Z INIT_KEY enc: Z INIT_KEY mac: Z - KSenc: Z - KSmac: Z - AESGCM Key: Z - FIDO Device ECDSA Private Key: Z - FIDO Device ECDSA Public Key: Z - FIDO User ECDSA Private Key: Z - FIDO User ECDSA Public Key: Z - FIDO Agreeme nt ECC Private Key: Z - FIDO Agreeme FEITIAN Technologies Public Material

Page 25

Descriptio Indic SSP Name Inputs Outputs Security Functions n ator Access nt ECC Public Key: Z - FIDO Agreeme nt sharedSe cret: Z - FIDO SharedSe cret AES Key: Z - FIDO SharedSe cret HMAC Key: Z - FIDO PinUvAut hToken: Z - FIDO PIN: Z - PIV Authentic ation Key: Z - PIV ECC Signature Private Key: Z - PIV ECC verificatio n Public Key: Z - PIV RSA Signature Private Key: Z - PIV RSA verificatio n Public Key: Z - PIV User PIN: Z - PIV PUK PIN: Z - 2003 Internal FEITIAN Technologies Public Material

Page 26

Descriptio Indic SSP Name Inputs Outputs Security Functions n ator Access Auth Key: Z - 2003 External Auth Key: Z - 2003 PIN: Z - 2003 PSO calculatio n key: Z - 2003 Unblock PIN: Z - 2003 RSA Private Key: Z - 2003 RSA Public Key: Z - 2003 ECDSA Private Key: Z - 2003 ECDSA Public Key: Z - OTP HMAC Seed Key: Z - OTP AccessCo de: Z - PGP Admin PIN(PW3) :Z - PGP User PIN(PW1) :Z - PGP Resetting FEITIAN Technologies Public Material

Page 27

Descriptio Indic SSP Name Inputs Outputs Security Functions n ator Access Code: Z - PGP Signature Private Key: Z - PGP Verificatio n Public Key: Z - External Agreeme nt ECC Public Key: Z - DRBG Seed: Z - AESGCM IV: Z Prepares the Module

9000 Comman

Manage for the or d without Security subsequent User error input N/A None Environme commands, Admin statu paramete nt (MSE) Perform s r Security Operation. Performs a 9000 hash using or SHA-256, Hash Unauthen Hash error message SHA_CAL SHA-384, value ticated statu or SHAs 512. Allows read access to a binary file. 9000 A binary file or Comman Read is a file Binary Admin error d with file None Binary whose database User statu info content is a s sequential string of bits. 9000 Allows or Update write Binary Admin error N/A None Binary access to a data User statu binary file. s FEITIAN Technologies Public Material

Page 28

Descriptio Indic SSP Name Inputs Outputs Security Functions n ator Access Allows read access to a record. A record is a type of data 9000 storage or Comman Read Record Admin structure as error d With file None Record data User defined statu info within ISO s 7816. Records are stored in files. 9000 Allows or Update write Record Admin error N/A None Record access to a data User statu record s 9000 Allows a or Append Record Admin record to error N/A None Record data User be append statu s Authenticat e the cryptograp hic module by an external Admin entity - 2003 NOTE: In Internal 9000 order for Auth Key: Internal or this service Random cipher E Authenticat error AES_ENC to be data text User e statu utilized, the - 2003 s external Internal entity must Auth Key: have E privileged access to the referenced key. Authenticat 9000 Admin External es an or - 2003 cipher Authenticat external error N/A AES_DEC External text e entity by statu Auth Key: the s E FEITIAN Technologies Public Material

Page 29

Descriptio Indic SSP Name Inputs Outputs Security Functions n ator Access cryptograp User hic module. - 2003 NOTE: External Prerequisit Auth Key: e to this E service is the use of Get Challenge service. The key as referenced within the service call exists under the current file Admin - 2003 PIN: E - KSenc: E 9000 - KSmac: Provides or KTS_SCP03_WRA E Verify PIN PIN error PIN data N/A P User verification. statu - KSenc: s E - KSmac: E - 2003 PIN: E Admin - 2003 PIN: W,E - KSenc: E 9000 - KSmac: Change or PIN and Modify the KTS_SCP03_WRA E Reference error new PIN N/A PIN P User Data statu data - 2003 s PIN: W,E - KSenc: E - KSmac: E Reset Resets the 9000 Comman User KTS_SCP03_WRA Retry retry or d without N/A - KSenc: P Counter counter error input E FEITIAN Technologies Public Material

Page 30

Descriptio Indic SSP Name Inputs Outputs Security Functions n ator Access statu paramete - KSmac: s r E Admin - KSenc: E - KSmac: E Admin - DRBGEI: G,E - 2003 RSA Private Key: G - 2003 RSA Public Key: G - 2003 ECDSA Private Key: G - 2003 ECDSA Public

9000 Comman Key: G

Generates RSA_GEN_KEY_P Generate or d without - DRBG an AIR Asymmetri error input N/A Seed: Asymmetric ECC_GEN_KEY_P c Key Pair statu paramete G,E key pair. AIR s r User - DRBGEI: G,E - 2003 RSA Private Key: G - 2003 RSA Public Key: G - 2003 ECDSA Private Key: G - 2003 ECDSA Public Key: G FEITIAN Technologies Public Material

Page 31

Descriptio Indic SSP Name Inputs Outputs Security Functions n ator Access - DRBG Seed: G,E Admin - 2003 PSO calculatio n key: E Performs an encrypt 9000 Managing operation or Kid and cipher Key: E Encrypt using an error AES_ENC plain text text User Approved statu - 2003 security s PSO function. calculatio n key: E Managing Key: E Admin - 2003 PSO calculatio n key: E 9000 Managing Performs a or Kid and Key: E Decrypt decrypt error cipher plain text AES_DEC User operation. statu text - 2003 s PSO calculatio n key: E Managing Key: E Admin - 2003 RSA Public Verifies a

9000 Key: E

digital Verify or RSA_SIG_VER - 2003 signature Signature Digital error N/A ECC_SIG_VER ECDSA using RSA and kid Signature statu ECC_KEY_VER Public PKCS#1 or s Key: E ECDSA User - 2003 RSA Public FEITIAN Technologies Public Material

Page 32

Descriptio Indic SSP Name Inputs Outputs Security Functions n ator Access Key: E - 2003 ECDSA Public Key: E Admin - 2003 RSA Private Key: E - 2003 Generates ECDSA 9000 a digital Private Generate or signature message RSA_SIG_GEN Key: E Digital error Signature using RSA and kid ECC_SIG_GEN User Signature statu PKCS#1 or - 2003 s ECDSA. RSA Private Key: E - 2003 ECDSA Private Key: E Admin - 2003 PSO 9000 Verify calculatio Performs or Cryptograp cipher n key: E AES CMAC error N/A AES_ENC_AUTH hic text User verification. statu Checksum - 2003 s PSO calculatio n key: E Admin - 2003 PSO 9000 Compute calculatio Compute or Cryptograp cipher n key: E AES error plain text AES_ENC_AUTH hic text User CMAC. statu Checksum - 2003 s PSO calculatio n key: E 9000 or Comman Create a Create File error d with file N/A None Admin file. statu info s FEITIAN Technologies Public Material

Page 33

Descriptio Indic SSP Name Inputs Outputs Security Functions n ator Access Admin - 2003 Internal Auth Key: Z - 2003 External Auth Key: Z - 2003 PIN: Z - 2003 Unblock 9000 PIN: Z or Comman Delete a - 2003 Delete File error d with file N/A None File. RSA statu info Private s Key: Z - 2003 RSA Public Key: Z - 2003 ECDSA Private Key: Z - 2003 ECDSA Public Key: Z Admin This - 2003 service is Internal used to Auth Key: enter AES W keys, and - 2003 PINs. SSPs External

9000 Encrypte

which may Auth Key: or d Install be entered KTS_SCP03_WRA W error Symmetri N/A Secret are as P - 2003 statu c Key or follows: * PSO s pin Internal calculatio Auth Key * n key: W External - KSenc: Auth Key * E Symmetric - KSmac: Key * PIN E - 2003 FEITIAN Technologies Public Material

Page 34

Descriptio Indic SSP Name Inputs Outputs Security Functions n ator Access PIN: W - 2003 Unblock PIN: W Allows the 9000 reading of or Get File the FID list Comman Admin error File info None List of child files d with file User statu of the s current file Admin - 2003 RSA Public Key: R - 2003 ECDSA 9000 Public Allows the or Comman RSA/ECC Read Key: R output of a error d with key Public None Public Key User public key. statu info Key - 2003 s RSA Public Key: R - 2003 ECDSA Public Key: R User - DRBGEI: G,E - DRBG V: G,E - AESThis GCM Key: service is Encrypte ECC_GEN_KEY_P E used to 00 or d Device Credentic AIR - FIDO Make generate a error ECDSA alID and ECC_SIG_GEN Device Credential new statu Private X.509 AES_ENC_AUTH ECDSA credential s Key and certificate KTS_AESGCM_WR Private in the message AP Key: E module - FIDO User ECDSA Private Key: G,R,W - FIDO FEITIAN Technologies Public Material

Page 35

Descriptio Indic SSP Name Inputs Outputs Security Functions n ator Access Device ECDSA Public Key: R - AESGCM IV: E - DRBG Seed: G,E - DRBG Key: G,E - FIDO User ECDSA Public Key: G,R User - DRBGEI: G,E - DRBG V: G,E - AESGCM Key: E - AESGCM IV: This Encrypte E service is ECC_SIG_GEN

00 or d User - DRBG

using ECC_SIG_VER Get error ECDSA Seed: Registratio Signature AES_DEC_AUTH Attestation statu Private G,E n's KTS_AESGCM_WR s Key and - DRBG credential AP message Key: G,E to signature - FIDO User ECDSA Private Key: E - FIDO User ECDSA Public Key: E The client OK Comman User calls this or d without - DRBGGet Next service error input Signature ECC_SIG_GEN EI: G,E Attestation when the statu paramete - DRBG Attestationr s00 r V: G,E FEITIAN Technologies Public Material

Page 36

Descriptio Indic SSP Name Inputs Outputs Security Functions n ator Access esponse or - AEScontains error GCM Key: the number statu E of s - DRBG credentials Seed: member G,E and the - DRBG number of Key: G,E credentials exceeds 1. Comman

00 or

d without Get Device error Unauthen input Version None Information Information statu ticated paramete s r User - FIDO PIN: W,E - FIDO PinUvAut hToken: G,R,E This - FIDO service is SharedSe used by the cret AES platform to Key: G,E establish - FIDO the ECC_GEN_KEY_P SharedSe sharedSecr AIR cret et key, AES_KEY_GEN

00 or HMAC

setting a ECC_KEY_VER PIN error PinUvAut Key: G,E new user PIN SHAREDSECRETK Service statu hToken - FIDO PIN, EY_GEN_KAS s Agreeme changing AES_ENC_AUTH nt existing HMAC_GEN sharedSe user PIN, KTS_CTAP_WRAP cret: G,E and getting - FIDO User Agreeme PinUvAuth nt ECC Token from Public the module Key: G,R - External Agreeme nt ECC Public Key: W,E FEITIAN Technologies Public Material

Page 37

Descriptio Indic SSP Name Inputs Outputs Security Functions n ator Access Managing Key: G CO - FIDO User ECDSA Private Key: Z - FIDO User ECDSA Public Key: Z - FIDO Agreeme nt ECC Private Key: Z - FIDO Agreeme nt ECC Comman Public

00 or

d without Key: Z FIDO error AES_KEY_GEN Zeroization input N/A - FIDO Reset statu DRBG_GEN paramete Agreeme s r nt sharedSe cret: Z - FIDO SharedSe cret AES Key: Z - FIDO SharedSe cret HMAC Key: Z - FIDO PinUvAut hToken: Z - FIDO PIN: Z - AESGCM Key: G Credential Listing AES_ENC

00 or pinUvAut User

Manageme credentials N/A HMAC_GEN error hParam - FIDO nt and KTS_CTAP_WRAP FEITIAN Technologies Public Material

Page 38

Descriptio Indic SSP Name Inputs Outputs Security Functions n ator Access deleting statu PinUvAut credentials s hToken: E used to configure various

00 or User

authenticat authenticat error pinUvAut AES_ENC - FIDO or features N/A orConfig statu hParam HMAC_GEN PinUvAut through the s hToken: E use of its subcomma nds. User - PIV ECC This 9000 Comman verificatio service is or d without n Public PIV GET data used to error input None Key: R DATA object read data statu paramete - PIV RSA object s r verificatio n Public Key: R User This 9000 - KSenc: service is or E PIV Verify KTS_SCP03_WRA used to error PIN N/A - KSmac: PIN P verify the statu E PIN. s - PIV User PIN: W,E Admin This 9000 - KSenc: service is or E PIV Verify KTS_SCP03_WRA used to error PUK N/A - KSmac: PUK P verify the statu E PUK. s - PIV PUK PIN: W,E This service is User used to 9000 - DRBGGeneralAut Random external or EI: E h data and AES_ENC_AUTH and mutual error N/A - PIV (Symmetric cipher AES_ENC authenticat statu Authentic Key) text e with PIV s ation Key: Symmetric E Key

9000 Comman CO

Reset PIV or d without - PIV User card state PIV Reset error input N/A SHA_CAL PIN: Z and delete statu paramete - PIV PUK all stored s r PIN: Z FEITIAN Technologies Public Material

Page 39

Descriptio Indic SSP Name Inputs Outputs Security Functions n ator Access information - PIV Zeroization Authentic ation Key: Z - PIV ECC Signature Private Key: Z - PIV ECC verificatio n Public Key: Z - PIV RSA Signature Private Key: Z - PIV RSA verificatio n Public Key: Z This Admin service is - PIV 9000 used to Encrypte AES_ENC Authentic Set or change d AES_DEC ation Key: Authenticat error N/A Authenticati Authentic KTS_SCP03_WRA W,E ion Key statu on key (PIV ation Key P s Symmetric Managing Key) Key: E Admin This 9000 - PIV PUK service is or PIN: W,E Change KTS_SCP03_WRA used to error PUK N/A - KSenc: PUK P change statu E PUK s - KSmac: E User

9000 - PIV User

This or PIN: W,E Change service is PIN and KTS_SCP03_WRA error N/A - KSenc: PIN used to new PIN P statu E change PIN s - KSmac: E This Admin 9000 Unblock service is - PIV User or PIN (Reset used to New PIN KTS_SCP03_WRA PIN: W,E error N/A retry reset retry and PUK P - PIV PUK statu counter) counter PIN: W,E s and set - KSenc: FEITIAN Technologies Public Material

Page 40

Descriptio Indic SSP Name Inputs Outputs Security Functions n ator Access new user E PIN with - KSmac: known PUK E Admin - DRBG V: G,Z - PIV ECC Signature Private Key: G - PIV ECC verificatio n Public This Key: G service is 9000 Comman RSA_GEN_KEY_P - PIV RSA Generate used to or Asymmet d with AIR Signature Asymmetri generate error ric Public Key ECC_GEN_KEY_P Private c Key an statu key length AIR Key: G asymmetric s - PIV RSA key verificatio n Public Key: G - DRBG Key: G,Z - DRBG Seed: G,E - DRBGEI: G,E User This - PIV ECC service is

9000 Signature

GeneralAut used to or Private h generate RSA_SIG_GEN error message Signature Key: E (RSA/ECD signature ECC_SIG_GEN statu - PIV RSA SA) with s Signature asymmetric Private key Key: E This 9000 service is or PIV Put used to Data error N/A None Admin Data write data object statu (certicate, s ID and etc) Add a new User 9000 Personaliz entry and KTS_SCP03_WRA - OTP or Seed key N/A ation OTP initialize its P HMAC error seed key Seed FEITIAN Technologies Public Material

Page 41

Descriptio Indic SSP Name Inputs Outputs Security Functions n ator Access statu Key: W s - KSenc: E - KSmac: E - DRBG V: E - OTP AccessCo de: E - DRBG Key: E - DRBG Seed: G,E - DRBGEI: G,E User - OTP

9000 Comman

Remove an AccessCo or d without Delete entry and de: E error input N/A None OTP its seed - OTP statu paramete key. HMAC s r Seed Key: Z

9000 Comman

List all the or d without List names of error input Slot info None User the entries. statu paramete s r User 6-digit - OTP

9000 Comman

Calculate OTP HMAC or d without Calculate the OTP value or Seed error input HMAC_GEN OTP value for an 8-digit Key: E statu paramete entry. OTP - OTP s r value AccessCo de: E Reset the 9000 Comman CO applet to or d without - OTP OTP Reset manufactor error input N/A None HMAC y default statu paramete Seed settings. s r Key: Z 9000 User Verify Verify user or AccessC KTS_SCP03_WRA - OTP AccessCod AccessCod error N/A ode P AccessCo e e statu de: E s FEITIAN Technologies Public Material

Page 42

Descriptio Indic SSP Name Inputs Outputs Security Functions n ator Access 9000 Change User Change or user AccessC KTS_SCP03_WRA - OTP AccessCod error N/A AccessCod ode P AccessCo e statu e de: W,E s When the device is powered on and the 6-digit

9000 User

user OTP or - OTP Emit OTP presses the press- value or error HMAC_GEN HMAC from slot button, the button 8-digit statu Seed device OTP s Key: E outputs a value 6-byte or 8byte password Select a current DO 9000 ,a following or SELECT GET DATA Unauthen error DO Data N/A None DATA or PUT ticated statu DATA will s access this current DO Admin Verify using - PGP user PGP PGP Admin User 9000 User PIN(PW3) PIN(PW1) or PIN(PW1 KTS_SCP03_WRA :E VERIFY or error ) or PGP N/A P User administrat statu Admin - PGP or PGP s PIN(PW3 User Admin ) PIN(PW1) PIN(PW3) :E Admin Change - PGP user PGP Admin User 9000 OpenPGP PIN(PW3) PIN(PW1) or Comman CHANGE KTS_SCP03_WRA : W,E or error d with N/A REFEREN P User administrat statu data info CE DATA - PGP or PGP s User Admin PIN(PW1) PIN(PW3) : W,E Reset PGP 9000 Admin OpenPGP PW1 or KTS_SCP03_WRA User or N/A - PGP RESET PW3/ P PIN(PW1) error Admin FEITIAN Technologies Public Material

Page 43

Descriptio Indic SSP Name Inputs Outputs Security Functions n ator Access RETRY counter statu Resetting PIN(PW3) COUNTER and set s Code : W,E new PGP - PGP User User PIN(PW1) PIN(PW1) using PGP :W Admin User PIN(PW3) - PGP or User Resetting PIN(PW1) Code. :W - PGP Resetting Code: W,E User Read

9000 Comman - PGP

protected or d without User or Data GET DATA error input None PIN(PW1) unprotecte Object statu paramete :E d Data s r Unauthen Object ticated Admin Write data - PGP 9000 objects Resetting or except user Data to KTS_SCP03_WRA Code: W PUT DATA error None writable be written P - PGP statu data Admin s objects. PIN(PW3) :E Perform

9000 User

COMPUTE signature or - PGP DIGITAL primitive message error Signature RSA_SIG_GEN Signature SIGNATU with and kid statu Private RE signature s Key: E Private Key Admin - DRBG V: G,E - PGP OpenPGP 9000 Comman Admin GENERAT Generate or d without RSA RSA_GEN_KEY_P PIN(PW3) E asymmetric error input public key AIR :E ASYMMET key pair statu paramete - PGP RIC KEY s r Signature Private Key: G - PGP FEITIAN Technologies Public Material

Page 44

Descriptio Indic SSP Name Inputs Outputs Security Functions n ator Access Verificatio n Public Key: G,R - DRBG Key: G,E - DRBG Seed: G,E - DRBGEI: G,E This command is designed

9000 Comman Admin

to renew a or d without - PGP TERMINAT card in error input N/A None Admin E DF case of statu paramete PIN(PW3) blocked s r :E passwords or other problems. Admin - PGP Admin PIN(PW3) :Z - PGP User Initialize to PIN(PW1)

9000 Comman

the :Z or d without ACTIVATE manufactor - PGP error input N/A None FILE y default Resetting statu paramete settings. Code: Z s r Zeroization - PGP Signature Private Key: Z - PGP Verificatio n Public Key: Z

9000 Comman

Admin or d without Get Error Get self- Self-test - Device error input None log test result result authentic statu paramete ate key: E s r On- Initiate on- Admin Pass or Demand demand None None Unauthen Fail Self-test self-tests ticated FEITIAN Technologies Public Material

Page 45

Descriptio Indic SSP Name Inputs Outputs Security Functions n ator Access by reboot or power cycle Table 12: Approved Services

4.4 Non-Approved Services
4.5 External Software/Firmware Loaded

NOTE: There is no External Software/Firmware Loaded. FEITIAN Technologies Public Material

Page 46
5 Software/Firmware Security
5.1 Integrity Techniques

The Module is composed of the following firmware component(s): Component 1: cryptographic binary Component 2: non-modifiable operating system - binary The firmware components are protected with the error detection code CRC-16. Calculate CRC-16 on code and constant data in flash, then compare the result with expected value, which is also part of preoperational self-test.

5.2 Initiate on Demand

The operator can initiate integrity test on demand by restarting the module. FEITIAN Technologies Public Material

Page 47
6 Operational Environment
6.1 Operational Environment Type and Requirements

The Module has a non-modifiable operational environment at Level 3 under the FIPS 140-3 definitions therefore per the FIPS 140-3 Management Manual Section 7.5 Partial validations and non-applicable areas this section is not applicable. Type of Operational Environment: Non-Modifiable FEITIAN Technologies Public Material

Page 48
7 Physical Security

The Module is made of a completely hardened, production-grade polycarbonate or metal. The colored polycarbonate or metal enclosure obscures a clear view of the hardware components within. A hard, non-malleable metal casing surrounds the USB connector. The casing is made of hard, production-grade, black, opaque plastic. The coloring of the Module obscures any visible writing on the PCB. The visible critical components within the Module are further covered to meet FIPS 140-3 level 3 physical security requirements. The HSC32K2 with PAA microcontroller is covered with a black, opaque, tamper-resistant, epoxy encapsulated, thus completely covering all critical cryptographic components from plain view. The USB connector located outside of the casing (in the case of the USB Token-A3) of the USB token is made of a hard, black, opaque, production grade plastic and prevents access to the rest of the USB token. Any attempt at removal or penetration of the enclosure has a high probability of causing serious damage to the Module and the hardware components within the enclosure, which will reveal clear tamper evidence. Removal of the metal surrounding the USB connector will result in physical damage of the USB connector and its associated pins, rendering the entire cryptographic module useless. If the USB connector is exposed, there is no power going to the USB token. Once power is removed from the cryptographic module, all plaintext keys and unprotected SSPs in RAM are zeroized.

7.1 Mechanisms and Actions Required

The enclosure of the module is designed with anti-dismantle. After assembly, any attempt at tampering will leave visible damage on the enclosure. So, each time a user uses the module, you should first check the outer appearance of the module to make sure the module has not been tampered since last time use. In case user detects any tamper during inspection, user must stop using the module immediately and contact manufacturer. Mechanism Inspection Frequency Inspection Guidance anti-dismantle Each time using the check the outer appearance of the enclosure module module Table 13: Mechanisms and Actions Required

7.2 EFP/EFT Information

EFP Temp/Voltage Temperature or Result Type or Voltage EFT LowTemperature -29.6 EFP shutdown HighTemperature +86.6 EFP shutdown LowVoltage 2.8V EFP shutdown HighVoltage 5.5V EFP shutdown Table 14: EFP/EFT Information FEITIAN Technologies Public Material

Page 49
7.3 Hardness Testing Temperature Ranges

Temperature Temperature Type LowTemperature -20C° HighTemperature +40C° Table 15: Hardness Testing Temperatures Notes: The module is hardness tested at the lowest and highest temperatures within the module's intended temperature range of operation. FEITIAN Technologies Public Material

Page 50
8 Non-Invasive Security
8.1 Mitigation Techniques

The Module does not implement any mitigation method against non-invasive attack. FEITIAN Technologies Public Material

Page 51
9 Sensitive Security Parameters Management
9.1 Storage Areas

Storage Area Persistence Description Name Type CHIPRAM(S1) Session Key stored in volatile memory in plaintext. Dynamic CHIPRAM(S2) Session Key stored in volatile memory in encrypted. Dynamic CHIPNVM(S3) CSP is encrypted with AES-128 and stored in FLASH Static CHIPNVM(S4) CSP stored in flash in SHA2-256 Static CHIPNVM(S5) CSP stored in flash in plaintext Static CHIPNVM(S6) PSP stored in flash in plaintext Static Table 16: Storage Areas

9.2 SSP Input-Output Methods

Format Distributi Entry Name From To SFI or Algorithm Type on Type Type Input encapsula Application ted by CHIPNVM( Encrypt Automate Electro KTS_SCP03_WR Software KTS-Wrap S3) ed d nic AP (outside) SCP03(IO 1) Input encapsula Application ted by CHIPRAM( Encrypt Automate Electro KTS_AESGCM_W Software KTS-Wrap S2) ed d nic RAP (outside) AES-GCM (IO2) Output encapsula Application ted by CHIPRAM( Encrypt Automate Electro KTS_AESGCM_W Software KTS-Wrap S2) ed d nic RAP (outside) AES-GCM (IO3) Input encapsula ted by Application KTS-Wrap CHIPNVM( Encrypt Automate Electro KTS_CTAP_WRA Software AES-CBC S4) ed d nic P (outside) with HMAC (IO4) Output Application CHIPRAM( Encrypt Automate Electro KTS_CTAP_WRA encapsula Software S2) ed d nic P ted by (outside) FEITIAN Technologies Public Material

Page 52

Format Distributi Entry Name From To SFI or Algorithm Type on Type Type KTS-Wrap AES-CBC with HMAC (IO5) Input in Application CHIPRAM( Plaintex Automate Electro plaintext Software S1) t d nic (IO6) (outside) Output in Application CHIPRAM( Plaintex Automate Electro plaintext Software S1) t d nic (IO7) (outside) Output in Application CHIPNVM( Plaintex Automate Electro plaintext Software S6) t d nic (IO8) (outside) Table 17: SSP Input-Output Methods

9.3 SSP Zeroization Methods

Zeroization Operator Description Rationale Method Initiation Zeroized by Terminate All SSP are cleared, completed by Z1 CO token command explicit indication of 9000 Status Overwritten with all 0 after Power on and implicit clear, completed Z2 Unauth power cycle by implicit indication of LED on. Received command to actively clear Zeroized by 2003 delete Z3 SSPs, completed by explicit indication CO MF of 9000 Status "TERMINATE DF" Received command to actively clear Z4 followed by "ACTIVATE SSPs, completed by explicit indication CO FILE" of 9000 Status Received command to actively clear Z5 Zeroized by FIDO Reset SSPs, completed by explicit indication CO of 00 Status Received command to actively clear Z6 Zeroized by PIV Reset SSPs, completed by explicit indication CO of 9000 Status Received command to actively clear Z7 Select functional unit SSPs, completed by explicit indication Unauth of 9000 Status Received command to actively clear Z8 Zeroized by OTP Reset SSPs, completed by explicit indication CO of 9000 Status Table 18: SSP Zeroization Methods FEITIAN Technologies Public Material

Page 53
9.4 SSPs

All usage of these SSPs by the Module are described in the services detailed in Section 4.3 Descriptio Size - Type Name Generated By Established By Used By n Strength Category 384-bit entropy and 256-bit entropy nonce input source collected DRBG-EI 640 - 128 and ENT_GEN DRBG_GEN from the nonce ESV,used CSP to derive the DRBG seed entropy 640-bit source DRBG DRBG

640 - 128 and ENT_GEN DRBG_GEN

Seed Seed from nonce DRBG-EI CSP Internal CTR_DRB G state value is state DRBG V used for 128 - 128 value - DRBG_GEN DRBG_GEN SP800-90A CSP CTR_DRB G (Consists of 128 bits) Internal CTR_DRB key value DRBG Key G state 128 - 128 DRBG_GEN DRBG_GEN - CSP value is used for FEITIAN Technologies Public Material

Page 54

Descriptio Size - Type Name Generated By Established By Used By n Strength Category SP800-90A CTR_DRB G (Consists of 128 bits) 128-bit AES key, Symmetri Managing used to AES_ENC

128 - 128 c Key - AES_KEY_GEN

Key encrypt AES_DEC CSP SSPs and keys 128-bit AES key Device Authentic used for input during authenticat 128 - 128 ation - AES_DEC CO role to manufacturing e key CSP reach a safe state AES 128bit key, used to derive KSenc and KSmac which is then used Symmetri INIT_KEYe input during to 128 - 128 c Key - SESSIONKEY_GEN nc manufacturing encrypt/dec CSP rypt data over a secure session between an authorized external FEITIAN Technologies Public Material

Page 55

Descriptio Size - Type Name Generated By Established By Used By n Strength Category entity and the Module. AES CMAC 128-bit key, used to derive a KSenc,KS mac which is then used to authenticat Symmetri INIT_KEY input during e an 128 - 128 c Key - SESSIONKEY_GEN mac manufacturing operator or CSP data over a secure session between an authorized external entity and the Module. AES 128bit key used to session encrypt/dec KSenc 128 - 128 Key - SESSIONKEY_GEN KTS_SCP03_WRAP rypt data CSP over a secure session AES CMAC session 128-bit key KSmac 128 - 128 Key - SESSIONKEY_GEN KTS_SCP03_WRAP used to CSP authenticat FEITIAN Technologies Public Material

Page 56

Descriptio Size - Type Name Generated By Established By Used By n Strength Category e data over a secure session 128-bit AES-GCM key used to Symmetri AES-GCM encrypt the AES_ENC_AUTH

128 - 128 c Key - AES_KEY_GEN

Key key handle AES_DEC_AUTH CSP or credentialI D 96-bit AESGCM IV used to AES-GCM encrypt the Random AES_ENC_AUTH

96 - N/A DRBG_GEN

IV key handle IV - CSP AES_DEC_AUTH or credentialI D 256-bit ECC Asymmet FIDO private key ric Device used to input during

256 - 128 Private ECC_SIG_GEN

ECDSA generate manufacturing Key Private Key signature CSP for registration. 256-bit FIDO ECC FIDO Asymmet Device public key, ric Public input during

256 - 128 ECC_SIG_VER

ECDSA it is Key - manufacturing Public Key returned to PSP the server FEITIAN Technologies Public Material

Page 57

Descriptio Size - Type Name Generated By Established By Used By n Strength Category via the certificate to verify the signature generated after registration 256-bit Asymmet ECC FIDO User ric private key ECDSA 256 - 128 Private ECC_GEN_KEY_PAIR ECC_SIG_GEN used to Private Key Key Attestation CSP signature 256-bit ECC FIDO public key, it is transmitted Asymmet FIDO User to the ric public ECDSA server for 256 - 128 ECC_GEN_KEY_PAIR ECC_SIG_VER Key Public Key verifying PSP signature generated after authenticati on 256-bit ECC Asymmet FIDO private key ric Agreement SHAREDSECRETKEY used to 256 - 128 Private ECC_GEN_KEY_PAIR ECC _GEN_KAS perform Key Private Key key CSP agreement FEITIAN Technologies Public Material

Page 58

Descriptio Size - Type Name Generated By Established By Used By n Strength Category with external public ECC key to get shared Secret 256-bit ECC public key used to perform FIDO key Asymmet Agreement agreement, ric public SHAREDSECRETKEY

256 - 128 ECC_GEN_KEY_PAIR

ECC Public the Module Key - _GEN_KAS Key returns it to PSP external to get sharedSecr et 256-bit key Used to derived FIDO FIDO SharedSec Shared Agreement ret AES SHAREDSECRETKEY KAS-ECC Sp800-56Ar3

256 - 128 Secret -

sharedSecr Key and _GEN_KAS (A4980) CSP et FIDO SharedSec ret HMAC Key by HKDF 256-bit Symmetri FIDO SHAREDSECRETKEY SHAREDSECRETKEY AES CBC 256 - 128 c Key SharedSec _GEN_KAS _GEN_KAS key used CSP FEITIAN Technologies Public Material

Page 59

Descriptio Size - Type Name Generated By Established By Used By n Strength Category ret AES for Key encryption calculation of pin related operations 256-bit AES CBC key used FIDO for HMAC Symmetri SharedSec SHAREDSECRETKEY SHAREDSECRETKEY SHA-256 256 - 128 c Key ret HMAC _GEN_KAS _GEN_KAS calculation CSP Key of pin related operations 256-bit HMAC SHA-256 FIDO Key used Authentic PinUvAuth to authorize 256 - 128 ation - DRBG_GEN HMAC_GEN Token operator CSP after PIN authenticati on Authenticat e the Authentic 32-248 FIDO PIN User,4 to ation - KTS_CTAP_WRAP N/A 63-byte CSP PIN value 128-bit PIV Authentic AES ECB Authenticat 128 - 128 ation - AES_ENC_AUTH key, used ion Key CSP for FEITIAN Technologies Public Material

Page 60

Descriptio Size - Type Name Generated By Established By Used By n Strength Category authenticati on of PIV CO

256 bit

Asymmet ECC PIV ECC ric private key, Signature 256 - 128 Private ECC_GEN_KEY_PAIR ECC_SIG_GEN used for Private Key Key signature CSP operations 256-bit ECC public Asymmet PIV ECC key, used ric public verification 256 - 128 ECC_GEN_KEY_PAIR for client Key Public Key verification PSP operations

2048 -bit

Asymmet RSA PIV RSA ric private key, Signature 2048 - 112 Private RSA_GEN_KEY_PAIR RSA_SIG_GEN used for Private Key Key signature CSP operations

2048 -bit

RSA public Asymmet PIV RSA key, used ric public verification 2048 - 112 RSA_GEN_KEY_PAIR for client Key Public Key verification PSP operations 8-byte pin, used for Authentic PIV User authenticati 64 - N/A ation - KTS_SCP03_WRAP PIN ng the PIV CSP user for FEITIAN Technologies Public Material

Page 61

Descriptio Size - Type Name Generated By Established By Used By n Strength Category Asymmetric services 8-byte pin, used for Authentic PIV PUK unblocking 64 - N/A ation - KTS_SCP03_WRAP PIN the PIV CSP admin pin AES 128,192,25 6-bit ,used

2003 to Authentic

128-256 Internal authenticat ation - AES_ENC 128-256 Auth Key e the CSP Module to an external entity AES 128,192,25 6-bit, used

2003 to modify Authentic

128-256 External the security ation - AES_DEC 128-256 Auth Key state of the CSP currently selected DF. 8-16 byte secret used to modify Authentic the security 64-128 -

2003 PIN ation -

state of the N/A CSP currently selected DF. FEITIAN Technologies Public Material

Page 62

Descriptio Size - Type Name Generated By Established By Used By n Strength Category AES 128,192,25 6-bit, Used to encryption,

2003 PSO decryption, Symmetri

128-256 - AES_ENC calculation checksum c Key 128-256 AES_DEC key calculation, CSP and checksum verification in Unit 2003 8-16 byte secret used to

2003 unblocking Authentic

64-128 Unblock the 2003 ation - AES_ENC N/A PIN pin the CSP currently selected DF. 2048,3072, Asymmet

4096 bit
2003 RSA RSA

,4096 - Private RSA_GEN_KEY_PAIR RSA_SIG_GEN Private Key private key 112-152 Key is used to CSP sign data 2048,3072, Asymmet 4096-bit 2048,3072

2003 RSA ric public

RSA public ,4096 - RSA_GEN_KEY_PAIR RSA_SIG_VER Public Key Key key used to 112-152 PSP verify data FEITIAN Technologies Public Material

Page 63

Descriptio Size - Type Name Generated By Established By Used By n Strength Category 256,384,52 Asymmet 1bit

2003 256,384,5 ric

ECDSA ECDSA 21 - 128- Private ECC_GEN_KEY_PAIR ECC_SIG_GEN private key Private Key 256 Key used to CSP sign data. 256,384,52 1bit Asymmet

2003 256,384,5

ECDSA ric public ECDSA 21 - 128- ECC_GEN_KEY_PAIR ECC_SIG_VER public key Key Public Key 256 used to PSP verify data.

16 to 64-

byte HMAC SHAOTP 1,HMAC Authentic 128-512 HMAC SHA-256 ation - HMAC_GEN Seed Key key ,used CSP to calculate OTP values for the User 8-byte pin, OTP used for Authentic HMAC_GEN AccessCod authenticati 64 - N/A ation KTS_SCP03_WRAP e ng the OTP CSP user

8 to 127-

byte, used PGP for Authentic 64-1024 Admin authenticati ation - KTS_SCP03_WRAP N/A PIN(PW3) on of the CSP OpenPGP CO. FEITIAN Technologies Public Material

Page 64

Descriptio Size - Type Name Generated By Established By Used By n Strength Category

8 to 127-

byte, used for authenticati Authentic PGP User 64-1024 ng the ation - KTS_SCP03_WRAP PIN(PW1) N/A OpenPGP CSP user for Asymmetric services.

8 to 127-

byte.Used PGP Authentic for 64-1024 Resetting ation - KTS_SCP03_WRAP resetting N/A Code CSP the User PIN 2048,3072,

4096 bit

RSA Asymmet PGP private key, 2048,3072 ric Signature used for ,4096 - Private RSA_GEN_KEY_PAIR RSA_SIG_GEN Private Key PKCS#1 112-152 Key v1.5 CSP signing operation 2048,3072,

4096 bit

RSA public Asymmet PGP key, used 2048,3072 ric public Verification for ,4096 - RSA_GEN_KEY_PAIR Key Public Key verification 112-152 PSP specified in PKCS#1 v1.5 FEITIAN Technologies Public Material

Page 65

Descriptio Size - Type Name Generated By Established By Used By n Strength Category 256-bit ECC Public key used to perform key External Asymmet agreement Agreement ric public SHAREDSECRETKEY with FIDO 256 - 128 ECC Public Key - _GEN_KAS Agreement Key PSP ECC Private Key to get sharedSecr et Table 19: SSP Table 1 Storage Name Input - Output Storage Zeroization Related SSPs Duration after usage DRBG-EI CHIPRAM(S1):Plaintext Z2 is complete after usage DRBG Seed CHIPRAM(S1):Plaintext Z2 is complete after usage DRBG V CHIPRAM(S1):Plaintext Z2 DRBG-EI:Derived From is complete after usage DRBG Key CHIPRAM(S1):Plaintext Z2 DRBG-EI:Derived From is complete Device authenticate key:Encrypts INIT_KEYenc:Encrypts INIT_KEYmac:Encrypts Managing Key CHIPNVM(S5):Plaintext Z1 FIDO Device ECDSA Private Key:Encrypts FIDO User ECDSA Private Key:Encrypts FEITIAN Technologies Public Material

Page 66

Storage Name Input - Output Storage Zeroization Related SSPs Duration PIV Authentication Key:Encrypts PIV ECC Signature Private Key:Encrypts PIV RSA Signature Private Key:Encrypts

2003 Internal Auth
2003 External Auth
2003 PSO calculation
2003 RSA Private
2003 ECDSA Private

Key:Encrypts OTP HMAC Seed Key:Encrypts PGP Resetting Code:Encrypts PGP Signature Private Key:Encrypts Managing Key:Encrypted Device authenticate CHIPNVM(S3):Encrypted Z1 by key KSenc:Derives Managing Key:Encrypted INIT_KEYenc CHIPNVM(S3):Encrypted Z1 by KSenc:Derives Managing Key:Encrypted INIT_KEYmac CHIPNVM(S3):Encrypted Z1 by KSmac:Derives after usage INIT_KEYenc:Derived KSenc CHIPRAM(S1):Plaintext Z7 is completed From FEITIAN Technologies Public Material

Page 67

Storage Name Input - Output Storage Zeroization Related SSPs Duration after usage INIT_KEYmac:Derived KSmac CHIPRAM(S1):Plaintext Z7 is completed From FIDO User ECDSA Private AES-GCM Key CHIPNVM(S5):Plaintext Z5 Key:Wraps FIDO User ECDSA Private AES-GCM IV CHIPNVM(S5):Plaintext Z5 Key:Wraps FIDO Device ECDSA Public Key:Paired With FIDO Device Managing Key:Encrypted ECDSA Private CHIPNVM(S3):Encrypted Z1 by Key AES-GCM Key:Wrapped by FIDO Device Output in plaintext FIDO Device ECDSA CHIPNVM(S6):Plaintext Z1 ECDSA Public Key (IO8) Private Key:Paired With FIDO User ECDSA Public Input encapsulated Key:Paired With by KTS-Wrap AESManaging Key:Encrypted FIDO User ECDSA GCM (IO2) CHIPNVM(S3):Encrypted Z5 by Private Key Output encapsulated AES-GCM Key:Wrapped by KTS-Wrap AESby GCM (IO3) AES-GCM IV:Wrapped by FIDO User ECDSA Output in plaintext FIDO User ECDSA Private CHIPNVM(S6):Plaintext Z5 Public Key (IO7) Key:Paired With FIDO Agreement ECC FIDO Agreement Public Key:Paired With CHIPRAM(S1):Plaintext Z2 ECC Private Key FIDO Agreement sharedSecret:Derives FIDO Agreement Output in plaintext FIDO Agreement ECC CHIPRAM(S1):Plaintext Z2 ECC Public Key (IO7) Private Key:Paired With FIDO Agreement ECC after their FIDO Agreement Private Key:Derived From CHIPRAM(S1):Plaintext usage is Z2 sharedSecret External Agreement ECC completed Public Key:Derived From FEITIAN Technologies Public Material

Page 68

Storage Name Input - Output Storage Zeroization Related SSPs Duration FIDO SharedSecret AES Key:Derives FIDO SharedSecret HMAC Key:Derives FIDO SharedSecret FIDO Agreement CHIPRAM(S1):Plaintext Z5 AES Key sharedSecret:Derived From FIDO SharedSecret FIDO Agreement CHIPRAM(S1):Plaintext Z5 HMAC Key sharedSecret:Derived From Output encapsulated FIDO SharedSecret AES after their FIDO by KTS-Wrap AES- Key:Wrapped by CHIPRAM(S1):Plaintext usage is Z5 PinUvAuthToken CBC with HMAC FIDO SharedSecret HMAC completed (IO5) Key:Wrapped by Input encapsulated by KTS-Wrap AESFIDO PIN CHIPNVM(S4):Encrypted Z5 CBC with HMAC (IO4) Managing Key:Encrypted Input encapsulated PIV Authentication by by KTS-Wrap CHIPNVM(S3):Encrypted Z6 Key KSenc:Unwrapped by SCP03(IO1) KSmac:Unwrapped by PIV ECC verification Public PIV ECC Signature Key:Paired With CHIPNVM(S3):Encrypted Z6 Private Key Managing Key:Encrypted by PIV ECC Output in plaintext PIV ECC Signature Private verification Public CHIPNVM(S6):Plaintext Z6 (IO8) Key:Paired With Key PIV RSA verification Public PIV RSA Signature Key:Paired With CHIPNVM(S3):Encrypted Z6 Private Key Managing Key:Encrypted by FEITIAN Technologies Public Material

Page 69

Storage Name Input - Output Storage Zeroization Related SSPs Duration PIV RSA Output in plaintext PIV RSA Signature Private verification Public CHIPNVM(S6):Plaintext Z6 (IO8) Key:Paired With Key Input encapsulated KSenc:Unwrapped by PIV User PIN by KTS-Wrap CHIPNVM(S4):Encrypted Z6 KSmac:Unwrapped by SCP03(IO1) Input encapsulated KSenc:Unwrapped by PIV PUK PIN by KTS-Wrap CHIPNVM(S4):Encrypted Z6 KSmac:Unwrapped by SCP03(IO1) Managing Key:Encrypted Input encapsulated

2003 Internal Auth by

by KTS-Wrap CHIPNVM(S3):Encrypted Z3 Key KSenc:Unwrapped by SCP03(IO1) KSmac:Unwrapped by Managing Key:Encrypted Input encapsulated

2003 External Auth by

by KTS-Wrap CHIPNVM(S3):Encrypted Z3 Key KSenc:Unwrapped by SCP03(IO1) KSmac:Unwrapped by Input encapsulated

2003 PIN by KTS-Wrap CHIPNVM(S4):Encrypted Z3

SCP03(IO1) Managing Key:Encrypted Input encapsulated

2003 PSO by

by KTS-Wrap CHIPNVM(S3):Encrypted Z3 calculation key KSenc:Unwrapped by SCP03(IO1) KSmac:Unwrapped by Managing Key:Encrypted Input encapsulated by

2003 Unblock PIN by KTS-Wrap CHIPNVM(S4):Encrypted Z3

KSenc:Unwrapped by SCP03(IO1) KSmac:Unwrapped by

2003 RSA Public

2003 RSA Private Key:Paired With

CHIPNVM(S3):Encrypted Z3 Key Managing Key:Encrypted by FEITIAN Technologies Public Material

Page 70

Storage Name Input - Output Storage Zeroization Related SSPs Duration

2003 RSA Public Output in plaintext 2003 RSA Private

CHIPNVM(S6):Plaintext Z3 Key (IO8) Key:Paired With Managing Key:Encrypted

2003 ECDSA by

CHIPNVM(S3):Encrypted Z3 Private Key 2003 ECDSA Public Key:Paired With

2003 ECDSA Output in plaintext 2003 ECDSA Private

CHIPNVM(S6):Plaintext Z3 Public Key (IO8) Key:Paired With Managing Key:Encrypted Input encapsulated OTP HMAC Seed by by KTS-Wrap CHIPNVM(S3):Encrypted Z1 Key KSenc:Unwrapped by SCP03(IO1) KSmac:Unwrapped by Input encapsulated KSenc:Unwrapped by OTP AccessCode by KTS-Wrap CHIPNVM(S4):Encrypted Z8 KSmac:Unwrapped by SCP03(IO1) Input encapsulated PGP Admin KSenc:Unwrapped by by KTS-Wrap CHIPNVM(S4):Encrypted Z4 PIN(PW3) KSmac:Unwrapped by SCP03(IO1) Input encapsulated PGP User KSenc:Unwrapped by by KTS-Wrap CHIPNVM(S4):Encrypted Z4 PIN(PW1) KSmac:Unwrapped by SCP03(IO1) Input encapsulated PGP Resetting KSenc:Unwrapped by by KTS-Wrap CHIPNVM(S3):Encrypted Z4 Code KSmac:Unwrapped by SCP03(IO1) Managing Key:Encrypted PGP Signature by CHIPNVM(S3):Encrypted Z4 Private Key PGP Verification Public Key:Paired With PGP Verification Output in plaintext PGP Signature Private CHIPNVM(S6):Plaintext Z4 Public Key (IO8) Key:Paired With External Input in plaintext FIDO Agreement ECC Agreement ECC CHIPRAM(S1):Plaintext Z2 (IO6) Private Key:Used With Public Key FEITIAN Technologies Public Material

Page 71

Storage Name Input - Output Storage Zeroization Related SSPs Duration FIDO Agreement sharedSecret:Derives Table 20: SSP Table 2 FEITIAN Technologies Public Material

Page 72
9.5 Transitions

The SHA-1 algorithm as implemented by the module will be non-approved for all purposes, starting January 1, 2031. FEITIAN Technologies Public Material

Page 73
10 Self-Tests

The Module performs self-tests to ensure the proper operation of the Module. Per FIPS 140-3 these are categorized as either pre-operational self-tests or conditional self-tests.

10.1 Pre-Operational Self-Tests

The Module performs the following pre-operational self-tests in table below Algorithm or Test Test Test Type Indicator Details Test Properties Method SW/FW 9000 or Executed on the whole firmware stored in EEPROM FIPS_CRC16_FIT CRC-16 KAT Integrity 6F90 before the Module transition to the idle state. Table 21: Pre-Operational Self-Tests

10.2 Conditional Self-Tests

The Module performs the following conditional self-tests in the table below Algorithm or Test Test Test Properties Indicator Details Conditions Test Method Type 9000(meaning AES Encrypt AES-128-bit - ECB KAT CAST Successful) or AES Encryption Bootup 6F90(meaning fail) 9000(meaning AES Decrypt AES-128-bit - ECB KAT CAST Successful) or AES decryption Bootup 6F90(meaning fail) FEITIAN Technologies Public Material

Page 74

Algorithm or Test Test Test Properties Indicator Details Conditions Test Method Type 9000(meaning AES-CMAC AES-128-bit CMAC KAT CAST Successful) or Message Authentication Bootup 6F90(meaning fail) 9000(meaning AES-GCM AES-128-bit GCM KAT CAST Successful) or Authenticated encryption Bootup Encrypt 6F90(meaning fail) 9000(meaning AES-GCM AES-128-bit GCM KAT CAST Successful) or Authenticated decryption Bootup Decrypt 6F90(meaning fail) AES-128 CTR_DRBG 9000(meaning instantiation, generate, and Counter DRBG AES-128-bit- ECB KAT CAST Successful) or reseed KATs performed Bootup 6F90(meaning fail) before the first random data generation ECDH: P-256 HKDF: 9000(meaning KAS-SSC Shared Secret KAS-ECC Using HMAC-Two KAT CAST Successful) or generation with P-256 per IG Bootup Sp800-56Ar3 step 6F90(meaning fail) D.F. 9000(meaning Generate ECDSA KeyGen ECDSA Key Signature and Verification PCT PCT Successful) or ECDSA key (FIPS186-5) Generation Per IG C.A 6F90(meaning fail) pairs 9000(meaning ECDSA SigGen ECDSA Signature ECDSA P-256 with SHA-256 KAT CAST Successful) or Bootup (FIPS186-5) Generation Signature Generation 6F90(meaning fail) 9000(meaning ECDSA SigVer ECDSA Signature ECDSA P-256 with SHA-256 KAT CAST Successful) or Bootup (FIPS186-5) Verification Signature Verification 6F90(meaning fail) 9000(meaning using HMACHMAC-SHA2-256 KAT CAST Successful) or HMAC-SHA-256 KAT Bootup SHA256 6F90(meaning fail) 2048-bit 3072-bit 9000(meaning RSA KeyGen 4096-bit RSA Key Signature and Verification Generate RSA PCT PCT Successful) or (FIPS186-5) Generation Pairwise per IG C.E. key pairs 6F90(meaning fail) Consistency Test FEITIAN Technologies Public Material

Page 75

Algorithm or Test Test Test Properties Indicator Details Conditions Test Method Type 2048-bit RSA 2048-bit RSA PKCSv1.5 RSA SigVer Signature KAT CAST 9000 or 6F90 with SHA-256 Signature Bootup (FIPS186-5) Verification Verification 2048-bit RSA 2048-bit RSA PKCSv1.5 RSA SigGen Signature KAT CAST 9000 or 6F90 with SHA-256 Signature Bootup (FIPS186-5) Generation Generation 9000(meaning SHA-1 SHA-1 KAT CAST Successful) or SHA-1 Bootup 6F90(meaning fail) 9000(meaning SHA2-256 SHA2-256 KAT CAST Successful) or SHA2-256 Bootup 6F90(meaning fail) 9000(meaning SHA2-384 SHA2-384 KAT CAST Successful) or SHA2-384 Bootup 6F90(meaning fail) 9000(meaning SHA2-512 SHA2-512 KAT CAST Successful) or SHA2-512 Bootup 6F90(meaning fail) 9000(meaning Using AES128 KDF SP800-108 KAT CAST Successful) or AES128 CMAC KAT Bootup CMAC 6F90(meaning fail) Entropy 90B Start-up Repetition Count Success or Failure As specified in [90B] RCT RCT CAST At boot up Repetition Count Test Code startup health tests Test (RCT) Entropy 90B Start-up Adaptive Adaptive Proportion Success or Failure As specified in [90B] APT APT CAST At boot up Proportion Test Test Code startup health tests (APT) Entropy 90B Continuous Continuous Repetition Count Success or Failure As specified in [90B] RCT RCT CAST when entropy Repetition Count Test Code continuous health tests is requested Test (RCT) FEITIAN Technologies Public Material

Page 76

Algorithm or Test Test Test Properties Indicator Details Conditions Test Method Type Entropy 90B Continuous Continuous Adaptive Proportion Success or Failure As specified in [90B] APT Adaptive APT CAST when entropy Test Code continuous health tests Proportion Test is requested (APT) Table 22: Conditional Self-Tests

10.3 Periodic Self-Test Information

Algorithm or Test Test Method Test Type Period Periodic Method performed by the every 1000 services are FIPS_CRC16_FIT KAT SW/FW Integrity Module processed or power on programmatically Table 23: Pre-Operational Periodic Information Algorithm or Test Test Method Test Type Period Periodic Method every 1000 services are AES Encrypt KAT CAST Automatic processed or power on FEITIAN Technologies Public Material

Page 77

Algorithm or Test Test Method Test Type Period Periodic Method every 1000 services are AES Decrypt KAT CAST processed and power Automatic on every 1000 services are AES-CMAC KAT CAST Automatic processed or power on every 1000 services are AES-GCM Encrypt KAT CAST Automatic processed or power on every 1000 services are AES-GCM Decrypt KAT CAST Automatic processed or power on every 1000 services are Counter DRBG KAT CAST Automatic processed or power on every 1000 services are KAS-ECC Sp800-56Ar3 KAT CAST Automatic processed or power on ECDSA KeyGen Everytime a key pair is PCT PCT Automatic (FIPS186-5) generated ECDSA SigGen every 1000 services are KAT CAST Automatic (FIPS186-5) processed or power on ECDSA SigVer every 1000 services are KAT CAST Automatic (FIPS186-5) processed or power on every 1000 services are HMAC-SHA2-256 KAT CAST Automatic processed or power on RSA KeyGen (FIPS186- Everytime a key pair is PCT PCT Automatic 5) generated RSA SigVer (FIPS186- every 1000 services are KAT CAST Automatic 5) processed or power on RSA SigGen (FIPS186- every 1000 services are KAT CAST Automatic 5) processed or power on every 1000 services are SHA-1 KAT CAST Automatic processed or power on every 1000 services are SHA2-256 KAT CAST Automatic processed or power on every 1000 services are SHA2-384 KAT CAST Automatic processed or power on FEITIAN Technologies Public Material

Page 78

Algorithm or Test Test Method Test Type Period Periodic Method every 1000 services are SHA2-512 KAT CAST Automatic processed or power on every 1000 services are KDF SP800-108 KAT CAST processed and power Automatic on Entropy 90B Start-up Repetition Count Test RCT CAST On Demand Device Reset (RCT) Entropy 90B Start-up Adaptive Proportion APT CAST On Demand Device Reset Test (APT) Entropy 90B Continuous Repetition RCT CAST N/A N/A Count Test (RCT) Entropy 90B Continuous Adaptive APT CAST N/A N/A Proportion Test (APT) Table 24: Conditional Periodic Information The condition of initiating Periodic Self-Test is to execute every 1000 services. Once every 1000 services being executed, the periodic self-test function will call Pre-Operational Self-Tests and Conditional Self-Tests. Self-test failures are indicated to the user through LED status and service return status. FEITIAN Technologies Public Material

Page 79
10.4 Error States

Recovery Name Description Conditions Indicator Method The Module fails at CRC16 FIT, ENT RCT and APT, CTR DRBG KAT, ECDSA KAT, RSA KAT, AES ECB The Module Reboot/Power 6F90 and KAT, AES CMAC KAT, AES GCM ES1 enters Critical cycle the blinking KAT, HMAC KAT, KBKDF KAT, error state. module LED KAS-ECC KAT, SHS KAT, RSA Generate key pair PCT, ECC Generate key pair PCT Table 25: Error States

10.5 Operator Initiation of Self-Tests

All self-tests, except for the continuous health tests, can be invoked on demand by restarting the module. FEITIAN Technologies Public Material

Page 80
11 Life-Cycle Assurance
11.1 Installation, Initialization, and Startup Procedures

Installation and Initialization: The following steps must be performed in order to securely install, initialize, and start up the ePass Token cryptographic module in the FIPS 140-3 Approved mode of operation. The steps for the CO to enter the module and change the default password gain authorized access to the module. The module is setup at manufacturing and delivered to the CO in approved mode. Delivery: The following steps must be performed in order to securely deliver the ePass Token cryptographic module to the authorized operator:

  1. Set the required keys in a secure factory environment
  2. Complete packaging and user manual
  3. Shipping the modules to the final customer. For each shipment, our factory will use the courier agreed with customer, such as FedEx or DHL. Our factory will inform customer in advance with the shipment info by email. When the goods arriving in customer site, the customer will first check the goods according to the shipment info they received, and sign for acceptance.
  4. The final customer check the module information according to administrator manual.
11.2 Administrator Guidance

Refer to FEITIAN ePass Token Cryptographic Module Administrator Guidance.docx, which will be provided to the issuer through secure communications.

11.3 Non-Administrator Guidance

Refer to FEITIAN ePass Token Cryptographic Module Non-Administrator Guidance.docx, which will be provided to the issuer through secure communications.

11.4 Design and Rules

Rules of Operation

  1. The Module provides two distinct operator roles: User and Cryptographic Officer.
  2. The Module provides identity-based authentication.
  3. The Module clears previous authentications on power cycle.
  4. An operator does not have access to any cryptographic services prior to assuming an authorized role.
  5. The Module allows the operator to initiate power-up self-tests by power cycling power or resetting the Module. FEITIAN Technologies Public Material – May be reproduced only in its original entirety (without revision).
Page 81
  1. All self-tests do not require any operator action.
  2. Data output is inhibited during key generation, self-tests, zeroization, and error states.
  3. Status information does not contain CSPs or sensitive data that if misused could lead to a compromise of the Module.
  4. There are no restrictions on which keys or SSPs are zeroized by the zeroization service.
  5. The Module does not support concurrent operators.
  6. The Module does not support a maintenance interface or role.
  7. The Module does not have any proprietary external input/output devices used for entry/output of data.
  8. The Module does not enter or output plaintext CSPs.
  9. The Module does not store any plaintext CSPs.
  10. The Module does not output intermediate key values.
  11. The Module does not provide bypass services or ports/interfaces.
11.5 Maintenance Requirements

The module does not require any maintenance requirements

11.6 End of Life

Administrator SHALL invoke Terminate token service after authentication to switch device into the terminated state as a result, all CSPs are cleared, and all services are not available anymore. The device shall be destroyed. FEITIAN Technologies Public Material

Page 82
12 Mitigation of Other Attacks

The Module does not implement any mitigation method against other attacks. FEITIAN Technologies Public Material

Page 83

References and Definitions The following standards are referred to in this Security Policy. Table 26 References Abbreviation Full Specification Name * [FIPS140-3] Security Requirements for Cryptographic Modules, March 22, 2019 [ISO19790] International Standard, ISO/IEC 19790, Information technology

Page 84

Abbreviation Full Specification Name * [56Ar3] NIST Special Publication 800-56A Revision 3, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography, April 2018 [56Br2] NIST Special Publication 800-56B Revision 2, Recommendation for Pair-Wise Key Establishment Schemes Using Finite Field Cryptography, March 2019 [56Cr2] NIST Special Publication 800-56C Revision 2, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography, August 2020 [90A] National Institute of Standards and Technology, Recommendation for Random Number Generation Using Deterministic Random Bit Generators, Special Publication 800-90A, Revision 1, June 2015. [90B] National Institute of Standards and Technology, Recommendation for the Entropy Sources Used for Random Bit Generation, Special Publication 800-90B, January 2018. Table 27 Acronyms and Definitions Acronym* Definition APT Adaptative Proportion Test KAT Know Answer Test RCT Repetition Count Test SSP Sensitive Security Parameter PCT Pairwise Consistency Test KDF Key Derivation Function KTS Key Transport Scheme KAS Key Agreement Scheme VCC Voltage(at the) Common Collector PIN Personal Identification Number PGP User user-password PIN (PW1) PGP Admin admin-password PIN (PW3) CO Crypto Officer PUK PIN Unblocking Key FEITIAN Technologies Public Material