This page provides technical information about implementations that have been validated as conforming to the Key Agreement Schemes and/or Key Confirmation using Finite Field Cryptography (FFC) or Elliptic Curve Cryptography (ECC) as specified in SP 800-56A, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography, using tests described in The KAS Validation System (KASVS) User's Guide. The testing is handled by NVLAP-accredited Cryptographic And Security Testing (CST) Laboratories.
The implementations below consist of software, firmware, hardware, and any combination thereof. The National Institute of Standards and Technology (NIST) has made every attempt to provide complete and accurate information about the implementations described in this document. However, due to the possibility of changes made within individual companies, NIST cannot guarantee that this document reflects the current status of each product. It is the responsibility of the vendor to notify NIST of any necessary changes to its entry in the following list.In addition to a general description of each implementation, this list mentions the features that were tested as conforming to the KAS; these features are listed below for each validation. The following notation is used to describe the implemented features that were successfully tested.
Functions included in IUT:
DPG – Domain Parameter Generation DPV – Domain Parameter Validation KPG – Key Pair Generation Full Validation – Full Public Key Validation (Sect 5.6.2.4 and/or Sect 5.6.2.5) Partial Validation – Partial Public Key Validation (Sect 5.6.2.6) (ECC Only) Key Regeneration – Public Key Regeneration | A list of functions from other algorithms included in the IUT that are used by the SP800-56A KAS implementation. This information may be used to help obtain information pertaining to the assurances listed in SP800-56A. Actually obtaining these assurances is out of scope of the CAVP. |
ALG([FFC] [ECC]) | Finite Field Cryptography, Elliptic Curve Cryptography |
For FFC, SCHEMES([HYBRID1] [MQV2] [EPHEM] [HYBRID1FLOW] [MQV1] [ONEFLOW] [STATIC]) For ECC, SCHEMES ([FULLUNIF] [FULLMQV] [EPHEMUNIF] [ONEPASSUNIF] [ONEPASSMQV] [ONEPASSDH] [STATICUNIF]) |
Key Agreement Schemes. Refer to SP800-56A for details on the specific schemes. |
KAROLES([INITIATOR] [RESPONDER] | Key Agreement Roles |
KCROLES([NA] [PROVIDER] [RECIPIENT]) | Key Confirmation Roles. If Key Confirmation is not tested, indicate N/A. |
KCTYPES([NA] [UNILATERAL] [BILATERAL]) | Key Confirmation Types. If Key Confirmation is not tested, indicate N/A. |
For FFC,
PARAMSET([FA] [FB] [FC]) For ECC,
|
Parameter Sets supported by IUT. Refer to Section 5.5.1.1 Table 1 for the FFC Parameter Size Sets and Section 5.5.1.2 Table 2 for the ECC Parameter Size Sets. |
For ECC,
CURVE(....) |
The NIST-recommended ECDSA curves supported by the IUT. |
SHA(SHA1 SHA224 SHA256 SHA384 SHA512) | Hash functions supported by the IUT |
If KC,
MAC(CMAC, CCM, HMAC) |
Only if Key Confirmation is supported, indicate the MACing algorithms tested. |
KDF ([ASN.1] [CONCAT]) | KDFs tested in the IUT |
The KAS validation process requires the following prerequisite testing:
1. The underlying DSA and/or ECDSA algorithm’s functions determined by the specified functions included in the implementation. See CAVP FAQ GEN.5 for a list of the required functions within the specified underlying algorithm that must be tested.Validation No. |
Vendor | Implementation | Operational Environment | Val. Date |
Description/Notes |
---|---|---|---|---|---|
38 | SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Chris Brych
-Laurie Smith
|
Version 6.3.1 (Firmware) |
AMCC 440EPx Power PC (PPC440EPx) Embedded Processor | 11/21/2012 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
KPG
)
SCHEMES
[
EphemeralUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EA:
P-192
 
SHA1
 
SHA224
 
SHA256
 
SHA384
 
SHA512
 
HMAC
)
(
EB:
P-224
 
SHA224
 
SHA256
 
SHA384
 
SHA512
 
HMAC
)
(
EC:
P-256
 
SHA256
 
SHA384
 
SHA512
 
HMAC
)
(
ED:
P-384
 
SHA384
 
SHA512
 
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
)
]
"The Luna IS cryptographic library provides a broad suite of high-performance cryptographic operations. All cryptographic algorithms are implemented within the module''s firmware or associated co-processor." |
37 | SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Chris Brych
-Laurie Smith
|
Version 6.2.3 (Firmware) |
AMCC PowerPC 440EPx | 10/23/2012 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
KPG
)
SCHEMES
[
EphemeralUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EA:
P-192
 
SHA1
 
SHA224
 
SHA256
 
SHA384
 
SHA512
 
HMAC
)
(
EB:
P-224
 
SHA224
 
SHA256
 
SHA384
 
SHA512
 
HMAC
)
(
EC:
P-256
 
SHA256
 
SHA384
 
SHA512
 
HMAC
)
(
ED:
P-384
 
SHA384
 
SHA512
 
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
)
]
"The G5 Cryptographic Library provides a broad suite of high-performance cryptographic operations. All cryptographic algorithms are implemented within the module''s firmware or associated co-processor." 10/31/12: Updated implementation information; |
36 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Tim Myers
|
Version 6.2.9200 |
Qualcomm Snapdragon S4 w/ Windows RT (ARMv7 Thumb-2); NVIDIA Tegra T3 Quad-Core w/ Windows RT (ARMv7 Thumb-2); Intel Core i7 with AES-NI w/ Windows 8 Enterprise (x64); Intel Pentium D w/ Windows 8 Enterprise (x64); AMD Athlon 64 X2 Dual Core w/ Windows 8 Enterprise (x86); Intel Pentium D w/ Windows Server 2012 (x64); Intel Core i7 with AES-NI w/ Windows Server 2012 (x64); Qualcomm Snapdragon S4 w/ Windows Phone 8 (ARMv7 Thumb-2) | 9/26/2012 |
FFC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
DPV
KPG
Partial Validation
)
SCHEMES
[
dhEphem
(
KARole(s):
Initiator
/
Responder
)
( FA: SHA256 ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhOneFlow ( KARole(s): Initiator / Responder ) ( FA: SHA256 ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhStatic ( No_KC < KARole(s): Initiator / Responder > ) ( FA: SHA256 HMAC ) ( FB: SHA256 HMAC ) ( FC: SHA256   HMAC ) ] SHS Val#1903 DSA Val#687 DRBG Val#258 ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
DPV
KPG
Partial Validation
Key Regeneration
)
SCHEMES
[
EphemeralUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EC:
P-256
 
SHA256
 
HMAC
)
(
ED:
P-384
 
SHA384
 
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
)
]
"The Microsoft Windows Cryptographic Primitives Library is a general purpose, software-based, cryptographic module which can be dynamically linked into applications by developers to permit the use of FIPS 140-2 Level 1 compliant cryptography." 11/29/12: Added new tested information; |
35 | 3S Group Incorporated 125 Church Street, N.E., Suite 204 Vienna, VA 22180 USA -Satpal S. Sahni
|
Version 1.0 (Firmware) |
Cavium Octeon | 5/25/2012 |
FFC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
Full Validation
)
SCHEMES
[
Hybrid1
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
FA:
SHA1
 
SHA224
 
SHA256
 
SHA384
 
SHA512
 
CCM/HMAC
)
(
FB:
SHA224
 
SHA256
 
SHA384
 
SHA512
 
HMAC
)
]
[ dhEphem ( KARole(s): Initiator / Responder ) ( FA: SHA1   SHA224   SHA256   SHA384   SHA512 ) ( FB: SHA224   SHA256   SHA384   SHA512 ) ] [ dhHybirdOneFlow ( No_KC < KARole(s): Initiator Responder > ) ( FA: SHA1   SHA224   SHA256   SHA348   SHA512   HMAC ) ( FB: SHA224   SHA256   SHA384   HMAC ) ] [ dhOneFlow ( KARole(s): Initiator / Responder ) ( FA: SHA1   SHA224   SHA256   SHA384   SHA512 ) ( FB: SHA1   SHA256   SHA384   SHA512 ) ] [ dhStatic ( No_KC < KARole(s): Initiator / Responder > ) ( FA: SHA1   SHA224   SHA256   SHA384   SHA512   HMAC ) ( FB: SHA224   SHA256   SHA384   SHA512   HMAC ) ] SHS Val#1784 DSA Val#646 DRBG Val#200 ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
KPG
Full Validation
)
SCHEMES
[
FullUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EA:
P-192
 
SHA1
 
SHA224
 
SHA256
 
SHA384
 
SHA512
 
HMAC
)
(
EB:
P-224
 
SHA224
 
SHA256
 
SHA384
 
SHA512
 
HMAC
)
(
EC:
P-256
 
SHA256
 
SHA384
 
SHA512
 
HMAC
)
(
ED:
P-384
 
SHA384
 
SHA512
 
HMAC
)
(
EE:
P-521
(SHA512, HMAC_SHA512)
)
]
"3SGX is a high performance PCIe cryptograhic module that provides complete cryptographic support to large numbers of users or applications simultaneously. 3SGX is the core of 3S Group''s hardare security appliances, ideal for enterprise key management, virtualization and cloud server solutions that demand high throughput." |
34 | Thales e-Security 2200 North Commerce Parkway Suite 200 Weston, FL 33326 USA -Joe Warren
|
Version 5.0 (Firmware) |
PowerPC Core 405 | 4/30/2012 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
KPG
Full Validation
)
SCHEMES
[
FullUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
ED:
P-384
 
SHA384
 
HMAC
)
]
"The Thales Datacryptor protects the confidentiality and integrity of sensitive data travelling over public networks." |
33 | Pitney Bowes, Inc. 37 Executive Drive Danbury, CT 06810 USA -Dave Riley
|
Version 02000007 (Firmware) |
ARM 7 TDMI | 4/9/2012 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
KPG
Partial Validation
)
SCHEMES
[
EphemeralUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EC:
P-256
 
SHA256
 
HMAC
)
)
]
"The Pitney Bowes Cygnus X-3 Hardware Security Module (HSM) employs strong cryptographic and physical security techniques for the protection of funds in Pitney Bowes Postage systems." |
32 | Certicom Corp. 4701 Tahoe Blvd. Building A Missisauga, ON L4W 0B5 Canada -Certicom Sales
-Kris Orr
|
Version 6.0.2 |
64-bit Intel Core i5-2300 w/ Red Hat Linux 5.6; 64-bit Intel Core i5-2300 w/ Windows 7 | 3/26/2012 |
FFC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
KPG
Key Regeneration
)
SCHEMES
[
Hybrid1
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
FA:
SHA256
 
HMAC
)
(
FB:
SHA256
 
HMAC
)
)
FC:
SHA256
 
HMAC
)
]
[ dhEphem ( KARole(s): Initiator / Responder ) ( FA: SHA256 ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhHybirdOneFlow ( No_KC < KARole(s): Initiator Responder > ) ( FA: SHA256 HMAC ) ( FB: SHA256 HMAC ) ( FC: SHA256   HMAC ) ] [ dhOneFlow ( KARole(s): Initiator / Responder ) ( FA: SHA256 ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhStatic ( No_KC < KARole(s): Initiator > ) ( FA: SHA256 HMAC ) ( FB: SHA256 HMAC ) ( FC: SHA256   HMAC ) ] SHS Val#1729 DSA Val#630 DRBG Val#178 ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
KPG
Key Regeneration
)
SCHEMES
[
FullUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EA:
P-192
 
SHA256
 
HMAC
)
(
EB:
P-224
 
SHA256
 
HMAC
)
(
EC:
P-256
 
SHA256
 
HMAC
)
(
ED:
P-384
 
SHA384
 
SHA512
 
HMAC
)
(
EE:
P-521
(SHA512, HMAC_SHA512)
)
]
"Security Builder FIPS Core provides application developers with cryptographics tools to easily integrate encryption, digital signatures and other security mechanisms into C-based apps for FIPS 140-2 and Suite B security. It can also be used with Certicom''s PKI, IPSec SSL and DRM modules." |
31 | FRAMA AG Unterdorf Lauperswil, Bern CH-3438 Switzerland -Beat Waelti
|
Version V2.0.4 (Firmware) Part # FRM-II Version 1.2 |
firmware: running on built-in Fujitsu MB91302APM1R micro controller | 2/21/2012 |
FFC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
Full Validation
)
SCHEMES
[
dhEphem
(
KARole(s):
Responder
)
( FB: SHA256 ) ] SHS Val#1699 DRBG Val#169 "The PSD-II (Postal Security Device-II) is a hardware/firmware cryptographic module to be used in automated franking machines." |
30 | Covia Labs 465 Fairchild Dr. Suite 130 Mountain View, CA 94043 USA -Bruce Bernstein
|
Version 2.0 |
Intel Pentium 4 w/ Ubuntu Linux version 11; AMD E-350 w/ Red Hat Enterprise Linux version 5.8 | 1/26/2012 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
KPG
Partial Validation
)
SCHEMES
[
FullUnified
(
KC
<
KCRole(s):
Provider
/
Recipient
>
<
KCType(s):
Bilateral
>
<
KARole(s):
Initiator
/
Responder
>
<
KDF:
CONCAT
>
)
(
EB:
P-224
 
SHA224
 
SHA256
 
HMAC
)
(
EC:
P-256
 
SHA256
 
SHA384
 
HMAC
)
(
ED:
P-384
 
SHA384
 
SHA512
 
HMAC
)
(
EE:
P-521
 
HMAC
(SHA512, HMAC_SHA512)
)
]
"The cccmLib is a dynamically linked library whose sole use is to serve as a cryptographic engine to the Covia Labs Connector application. In particular the cccmLib will provide the underlying functionality needed to implement secured communications and an encrypted file system." 08/21/12: Added new tested information; |
29 | SafeNet, Inc. 20 Colonnade Road Suite 200 Ottawa, ON K2E 7M6 Canada -Chris Brych
-Laurie Smith
|
Version 4.8.7 (Firmware) |
StrongARM II 80219 | 12/16/2011 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
)
SCHEMES
[
EphemeralUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EA:
P-192
 
SHA1
 
SHA224
 
SHA256
 
SHA384
 
SHA512
 
HMAC
)
(
EB:
K-233
 
SHA224
 
SHA256
 
SHA384
 
SHA512
 
HMAC
)
(
EC:
B-283
 
SHA256
 
SHA384
 
SHA512
 
HMAC
)
(
ED:
K-409
 
SHA384
 
SHA512
 
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
)
]
"The Luna K5 Cryptographic Library provides a broad suite of high-performance cryptographic operations. All cryptographic algorithms are implemented within the module''s firmware and associated co-processor." |
28 | Motorola Solutions, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA -Kirk Mathews
|
Version R00.00.01_KAS (Firmware) Part # AT58Z04 |
Motorola µMace AT58Z04 | 11/17/2011 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
Partial Validation
)
SCHEMES
[
FullMQV
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
ED:
P-384
 
SHA384
)
]
"The µMace cryptographic processor is used in security modules embedded in Motorola Solutions security products." |
27 | NEC Corporation 1753 Shimonumabe Nakahara-ku Kawasaki-si, Kanagawa 211-8666 Japan -NEC Corporation
|
Version 01.00 (Firmware) |
MPC8314CVRAFDA; | 10/13/2011 |
FFC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
KPG
)
SCHEMES
[
dhEphem
(
KARole(s):
Initiator
/
Responder
)
( FA: SHA256 ) ] SHS Val#1610 DSA Val#574 RNG Val#873 "Key generation for iPASOLINK MODEM Card" |
26 | N/A | N/A | N/A | 9/30/2011 | N/A |
25 | Certicom Corp. 4701 Tahoe Blvd. Building A Missisauga, ON L4W 0B5 Canada -Certicom Sales
-Kris Orr
|
Version 6.0 |
64-bit Intel Core i5-2300 w/ RedHat Linux 5.6; 32-bit Intel Core i7 w/ RedHat Linux 5.6; 32-bit Intel Pentium III w/ QNX 6.5; ARM Cortex A9 MPCore w/ QNX 6.6; Intel Core 2 Duo w/ Mac OS X 10.5; 32-bit Intel Core i5-2300 w/ Windows 7 | 9/20/2011 |
FFC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
KPG
Key Regeneration
)
SCHEMES
[
Hybrid1
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
FA:
SHA256
 
HMAC
)
(
FB:
SHA256
 
HMAC
)
)
FC:
SHA256
 
HMAC
)
]
[ dhEphem ( KARole(s): Initiator / Responder ) ( FA: SHA256 ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhHybirdOneFlow ( No_KC < KARole(s): Initiator Responder > ) ( FA: SHA256 HMAC ) ( FB: SHA256 HMAC ) ( FC: SHA256   HMAC ) ] [ dhOneFlow ( KARole(s): Initiator / Responder ) ( FA: SHA256 ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhStatic ( No_KC < KARole(s): Initiator / Responder > ) ( FA: SHA256 HMAC ) ( FB: SHA256 HMAC ) ( FC: SHA256   HMAC ) ] SHS Val#1571 DSA Val#563 RNG Val#949 DRBG Val#127 ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
KPG
Key Regeneration
)
SCHEMES
[
FullUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EA:
P-192
 
SHA256
 
HMAC
)
(
EB:
P-224
 
SHA256
 
HMAC
)
(
EC:
P-256
 
SHA256
 
HMAC
)
(
ED:
P-384
 
SHA384
 
SHA512
 
HMAC
)
(
EE:
P-521
 
HMAC
(SHA512, HMAC_SHA512)
)
]
"Security Builder FIPS Core provides application developers with cryptographics tools to easily integrate encryption, digital signatures and other security mechanisms into C-based apps for FIPS 140-2 and Suite B security. It can also be used with Certicom''s PKI, IPSec SSL and DRM modules." 10/01/11: Update implementation information; |
24 | SafeNet, Inc. 20 Colonnade Road Suite 200 Ottawa, ON K2E 7M6 Canada -Chris Brych
-Laurie Smith
|
Version 4.8.7 (Firmware) |
StrongARM-11 80200 600 MHz | 9/6/2011 |
ECC:
SCHEMES
[
EphemeralUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EA:
P-192
 
SHA1
 
SHA224
 
SHA256
 
SHA384
 
SHA512
 
HMAC
)
(
EB:
K-233
 
SHA224
 
SHA256
 
SHA384
 
SHA512
 
HMAC
)
(
EC:
B-283
 
SHA256
 
SHA384
 
SHA512
 
HMAC
)
(
ED:
K-409
 
SHA384
 
SHA512
 
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
)
]
"The Luna PCM/PCM KE/CA4 offer dedicated hardware key management to protect sensitive cryptographic keys from attack. Digital sign/verify operations are performed in the HSM to increase performance and maintain security. Cryptographic keys are backed up by a FIPS-approved algorithm and can be stored in software or replicated on one or more tokens." |
23 | SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Chris Brych
-Laurie Smith
|
Version 6.2.1 (Firmware) |
AMCC PowerPC 440EPx | 8/3/2011 |
ECC:
SCHEMES
[
EphemeralUnified
(
EA:
P-192
 
SHA1
 
SHA224
 
SHA256
 
SHA384
 
SHA512
 
HMAC
)
(
EB:
P-224
 
SHA224
 
SHA256
 
SHA384
 
SHA512
 
HMAC
)
(
EC:
P-256
 
SHA256
 
SHA384
 
SHA512
 
HMAC
)
(
ED:
P-384
 
SHA384
 
SHA512
 
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
)
]
"The K6 Cryptographic Library provides a broad suite of high-performance cryptographic operations. All cryptographic algorithms are implemented within the module''s firmware or associated co-processor." 11/08/11: Update implementation information; 01/05/12: Correction made to the tested information; |
22 | SPYRUS, Inc. 1860 Hartog Drive San Jose, CA 95131-2203 USA -Jack Young
|
Version 03.00.0C (Firmware) Part # 8800740013F |
NXP LPC3131 | 6/16/2011 |
ECC:
ASSURANCES
<
5.5.2:
#1
>
<
5.6.2.1:
#1
>
<
5.6.2.3:
#3
>
<
5.6.3.1:
#5
>
"The Spyrus FIPS Sector-based Encryption Module is a multifunctional USB security device combining security token and portable secure storage drive features with the strongest hardware-based encryption technology commercially available for protection of user data files." 06/27/11: Update implementation information; |
21 | SPYRUS, Inc. 1860 Hartog Drive San Jose, CA 95131-2203 USA -Jack Young
|
Version 03.00.0C (Firmware) Part # 8800740012F |
NXP LPC3131 | 6/16/2011 |
ECC:
ASSURANCES
<
5.5.2:
#1
>
<
5.6.2.1:
#3
>
<
5.6.2.1:
#1
>
<
5.6.2.3:
#3
>
<
5.6.3.1:
#5
>
"The Spyrus FIPS Sector-based Encryption Module is a multifunctional USB security device combining security token and portable secure storage drive features with the strongest hardware-based encryption technology commercially available for protection of user data files." 06/27/11: Update implementation information; |
20 | SPYRUS, Inc. 1860 Hartog Drive San Jose, CA 95131-2203 USA -Jack Young
|
Version 03.00.0C (Firmware) Part # 8800740010F |
NXP LPC3131 | 6/16/2011 |
ECC:
ASSURANCES
<
5.5.2:
#1
>
<
5.6.2.1:
#3
>
<
5.6.2.1:
#1
>
<
5.6.2.3:
#3
>
<
5.6.3.1:
#5
>
"The Spyrus FIPS Sector-based Encryption Module is a multifunctional USB security device combining security token and portable secure storage drive features with the strongest hardware-based encryption technology commercially available for protection of user data files." 06/27/11: Update implementation information; |
19 | SPYRUS, Inc. 1860 Hartog Drive San Jose, CA 95131-2203 USA -Jack Young
|
Version 03.00.0C (Firmware) Part # 880074009F |
NXP LPC3131 | 6/16/2011 |
ECC:
ASSURANCES
<
5.5.2:
#1
>
<
5.6.2.1:
#3
>
<
5.6.2.1:
#1
>
<
5.6.2.3:
#3
>
<
5.6.3.1:
#5
>
"The Spyrus FIPS Sector-based Encryption Module is a multifunctional USB security device combining security token and portable secure storage drive features with the strongest hardware-based encryption technology commercially available for protection of user data files." 06/27/11: Update implementation information; |
18 | SPYRUS, Inc. 1860 Hartog Drive San Jose, CA 95131-2203 USA -Jack Young
|
Version 03.00.0C (Firmware) Part # 880074007F |
NXP LPC3131 | 6/16/2011 |
ECC:
ASSURANCES
<
5.5.2:
#1
>
<
5.6.2.1:
#3
>
<
5.6.2.1:
#1
>
<
5.6.2.3:
#3
>
<
5.6.3.1:
#5
>
"The Spyrus FIPS Sector-based Encryption Module is a multifunctional USB security device combining security token and portable secure storage drive features with the strongest hardware-based encryption technology commercially available for protection of user data files." 06/27/11: Update implementation information; |
17 | SPYRUS, Inc. 1860 Hartog Drive San Jose, CA 95131-2203 USA -Jack Young
|
Version 03.00.0C (Firmware) Part # 880074006F |
NXP LPC3131 | 6/16/2011 |
ECC:
ASSURANCES
<
5.5.2:
#1
>
<
5.6.2.1:
#3
>
<
5.6.2.1:
#1
>
<
5.6.2.3:
#3
>
<
5.6.3.1:
#5
>
"The Spyrus FIPS Sector-based Encryption Module is a multifunctional USB security device combining security token and portable secure storage drive features with the strongest hardware-based encryption technology commercially available for protection of user data files." 06/27/11: Update implementation information; |
16 | Francotyp Postalia GmbH Triftweg 21-26 Birkenwerder, 16547 Germany -Dirk Rosenau
|
Version 1.1 (Firmware) |
Maxim IC0400 | 6/16/2011 |
FFC:
SCHEMES
[
dhEphem
(
KARole(s):
Responder
)
( FB: SHA256 ) ] SHS Val#1346 DSA Val#522 DRBG Val#61 "The firmware implementation of the FPmCryptoLibrary, which runs on an embedded hardware module, with a Maxim IC0400 processor. The cryptographic algortihm implementation is used in context of security critical services." |
15 | N/A | N/A | N/A | 6/7/2011 | N/A |
14 | Certicom Corp. 5520 Explorer Drive., 4th Floor Mississauga, Ontario L4W 5L1 Canada -Atsushi Yamada
-Kris Orr
|
Version 5.6 |
ARMv7 w/ QNX Neutrino 6.6 | 4/8/2011 |
FFC:
ASSURANCES
<
5.5.2:
#1
,
#3
>
<
5.6.2.1:
#1
,
#3
>
<
5.6.2.2:
#1
>
<
5.6.2.3:
#1
>
<
5.6.3.1:
,
#4
,
#5
>
<
5.6.3.2:
#1
,
#2
>
SCHEMES [ Hybrid1 ( No_KC < KARole(s): Initiator / Responder > ) ( FA: SHA256   HMAC ) ( FB: SHA256   HMAC ) ) FC: SHA256   HMAC ) ] [ dhEphem ( KARole(s): Initiator / Responder ) ( FA: SHA256 ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhHybirdOneFlow ( No_KC < KARole(s): Initiator Responder > ) ( FA: SHA256 HMAC ) ( FB: SHA256 HMAC ) ( FC: SHA256   HMAC ) ] [ dhOneFlow ( KARole(s): Initiator / Responder ) ( FA: SHA256 ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhStatic ( No_KC < KARole(s): Initiator / Responder > ) ( FA: SHA256 HMAC ) ( FB: SHA256 HMAC ) ( FC: SHA256   HMAC ) ] SHS Val#1422 DSA Val#500 RNG Val#863 ECC:
ASSURANCES
<
5.5.2:
#3
>
<
5.6.2.1:
#1
,
#3
>
<
5.6.2.1:
#1
>
<
5.6.2.3:
#1
>
<
5.6.3.1:
#4
#5
>
<
5.6.3.2:
#1
 
>
"Security Builder® FIPS Core provides application developpers with cryptographics tools to easily integrate encryption, digital signatures and other security mechanisms into C-based apps for FIPS 140-2 and Suite B security. It can also be used with Certicom''s PKI, IPSec SSL and DRM modules." |
13 | Research in Motion 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Security Certifications Team
|
Version 5.6 |
ARMv7 w/ BlackBerry Tablet OS | 4/8/2011 |
FFC:
ASSURANCES
<
5.5.2:
#1
,
#3
>
<
5.6.2.1:
#1
,
#3
>
<
5.6.2.2:
#1
>
<
5.6.2.3:
#1
>
<
5.6.3.1:
,
#4
,
#5
>
<
5.6.3.2:
#1
,
#2
>
SCHEMES [ Hybrid1 ( No_KC < KARole(s): Initiator / Responder > ) ( FA: SHA256   HMAC ) ( FB: SHA256   HMAC ) ) FC: SHA256   HMAC ) ] [ dhEphem ( KARole(s): Initiator / Responder ) ( FA: SHA256 ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhHybirdOneFlow ( No_KC < KARole(s): Initiator Responder > ) ( FA: SHA256 HMAC ) ( FB: SHA256 HMAC ) ( FC: SHA256   HMAC ) ] [ dhOneFlow ( KARole(s): Initiator / Responder ) ( FA: SHA256 ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhStatic ( No_KC < KARole(s): Initiator / Responder > ) ( FA: SHA256 HMAC ) ( FB: SHA256 HMAC ) ( FC: SHA256   HMAC ) ] SHS Val#1421 DSA Val#499 RNG Val#862 ECC:
ASSURANCES
<
5.5.2:
#3
>
<
5.6.2.1:
#1
,
#3
>
<
5.6.2.1:
#1
>
<
5.6.2.3:
#1
>
<
5.6.3.1:
#4
#5
>
<
5.6.3.2:
#1
 
>
"The BlackBerry Tablet Cryptographic Library is the software module that provides advanced cryptographic functionality to BlackBerry Tablets." |
12 | Imation Corp. Discovery Bldg. 1A-041 Oakdale, MN 55128 USA -Larry Hamid
|
Version 2.4 (Firmware) |
Bluefly Processor | 6/7/2011 |
FFC:
SCHEMES
[
dhEphem
(
KARole(s):
Responder
)
( FC: SHA256 ) ] SHS Val#1456 DSA Val#519 RNG Val#884 "The Bluefly processor is a cryptographic and authentication engine for Personal Portable Security Devices (PPSDs). It provides secure storage, digital identity functions, and multifactor user authentication for USB-based peripherals." 04/23/12: Updated vendor information; |
11 | Imation Corp. Discovery Bldg. 1A-041 Oakdale, MN 55128 USA -Larry Hamid
|
Version 2.3 (Firmware) |
Bluefly Processor | 2/24/2011 |
FFC:
ASSURANCES
<
5.5.2:
#3
>
<
5.6.2.3:
#1
>
SCHEMES [ dhEphem ( KARole(s): Responder ) ( FC: SHA256 ) ] SHS Val#1394 DSA Val#485 RNG Val#848 "The Bluefly processor is a cryptographic and authentication engine for Personal Portable Security Devices (PPSDs). It provides secure storage, digital identity functions, and multifactor user authentication for USB-based peripherals." 04/23/12: Updated vendor information; |
10 | Fortress Technologies, Inc. 1 Technology Park Drive Westford, MA 01886 USA -Cerification Director
|
Version 1.0 (Firmware) |
AMD Alchemy MIPS Processor | 12/6/2010 |
FFC:
SCHEMES
[
dhEphem
(
KARole(s):
Initiator
/
Responder
)
( FC: SHA256 ) ] SHS Val#1357 DRBG Val#66 ECC:
SCHEMES
[
EphemeralUnified
(
EC:
P-256
 
SHA256
 
HMAC
)
(
ED:
P-384
 
SHA384
 
HMAC
)
)
]
"Fortress KAS Implementation version 1.0 from Fortress Technologies, Inc." |
9 | Imation Corp. Discovery Bldg. 1A-041 Oakdale, MN 55128 USA -Larry Hamid
|
Version 2.2 (Firmware) |
Bluefly Processor | 8/30/2010 |
FFC:
ASSURANCES
<
5.5.2:
#3
>
<
5.6.2.3:
#1
>
SCHEMES [ dhEphem ( KARole(s): Responder ) ( FC: SHA256 ) ] SHS Val#1315 RNG Val#795 "The Bluefly processor is a cryptographic and authentication engine for Personal Portable Security Devices (PPSDs). It provides secure storage, digital identity functions, and multifactor user authentication for USB-based peripherals." 04/23/12: Updated vendor information; |
8 | Certicom Corp. 5520 Explorer Drive., 4th Floor Mississauga, Ontario L4W 5L1 Canada -Rob Williams
-Atsushi Yamada
|
Version 2.8 |
Intel Pentium D w/ Red Hat Enterprise Linux AS 5.5 with SUN JRE 1.5.0; Intel Pentium D w/ Red Hat Enterprise Linux AS 5.5 with SUN JRE 1.6.0; Intel Xeon w/ Red Hat Enterprise Linux AS 5.5 x64 with SUN JRE 1.5.0; Intel Xeon w/ Red Hat Enterprise Linux AS 5.5 x64 with SUN JRE 1.6.0; SPARC v9 w/ Sun Solaris 10 (32-bit) with SUN JRE 1.5.0; SPARC v9 w/ Sun Solaris 10 (32-bit) with SUN JRE 1.6.0; SPARC v9 w/ Sun Solaris 10 (64-bit) with SUN JRE 1.5.0; SPARC v9 w/ Sun Solaris 10 (64-bit) with SUN JRE 1.6.0; Intel Xeon w/ MS-Windows Vista SP2 (32-bit) with SUN JRE 1.5.0; Intel Xeon w/ MS-Windows Vista SP2 (32-bit) with SUN JRE 1.6.0; Intel Xeon w/ MS-Windows Vista SP2 (64-bit) with SUN JRE 1.5.0; Intel Xeon w/ MS-Windows Vista SP2 (64-bit) with SUN JRE 1.6.0; Intel Xeon w/ MS-Windows 2008 Server SP2 (64-bit) with JRE 1.5.0; Intel Xeon w/ MS-Windows 2008 Server SP2 (64-bit) with JRE 1.6.0 | 6/30/2010 |
FFC:
ASSURANCES
<
5.5.2:
#2
>
<
5.6.2.1:
#1
,
#3
>
<
5.6.2.2:
#1
>
<
5.6.2.3:
#1
>
SCHEMES [ Hybrid1 ( No_KC < KARole(s): Initiator / Responder > ) ( FA: SHA1   CCM ) ] [ dhEphem ( KARole(s): Initiator / Responder ) ( FA: SHA1 ) ] [ dhHybirdOneFlow ( No_KC < KARole(s): Initiator Responder > ) ( FA: SHA1   CCM ) ] [ dhOneFlow ( KARole(s): Initiator / Responder ) ( FA: SHA1 ) ] [ dhStatic ( No_KC < KARole(s): Initiator / Responder > ) ( FA: SHA1   CCM ) ] SHS Val#1281 DSA Val#455 RNG Val#773 DRBG Val#52 ECC:
ASSURANCES
<
5.5.2:
#2
>
<
5.6.2.1:
#1
,
#3
>
<
5.6.2.1:
#1
>
<
5.6.2.3:
#1
>
"Java cryptographic toolkit." 10/12/10: Update vendor information; |
7 | Imation Corp. Discovery Bldg. 1A-041 Oakdale, MN 55128 USA -Larry Hamid
|
Version 2.1 (Firmware) |
Bluefly Processor | 4/26/2010 |
FFC:
ASSURANCES
<
5.5.2:
#3
>
<
5.6.2.3:
#1
>
SCHEMES [ dhEphem ( KARole(s): Responder ) ( FC: SHA256 ) ] SHS Val#1220 RNG Val#735 "The Bluefly processor is a cryptographic and authentication engine for Personal Portable Security Devices (PPSDs). It provides secure storage, digital identity functions, and multifactor user authentication for USB-based peripherals." 04/23/12: Updated vendor information; |
6 | Imation Corp. Discovery Bldg. 1A-041 Oakdale, MN 55128 USA -Larry Hamid
|
Version 2.0 (Firmware) |
Bluefly Processor | 3/17/2010 |
FFC:
ASSURANCES
<
5.5.2:
#3
>
<
5.6.2.3:
#1
>
SCHEMES [ dhEphem ( KARole(s): Responder ) ( FC: SHA256 ) ] SHS Val#1186 RNG Val#720 "The Bluefly processor is a cryptographic and authentication engine for Personal Portable Security Devices (PPSDs). It provides secure storage, digital identity functions, and multifactor user authentication for USB-based peripherals." |
5 | Cavium Networks 805 E Middlefield Road Mountain View, CA 94109 USA -TA Ramanujam
|
Version 1.0 (Firmware) |
Cavium Networks OCTEON CN52XX Processor with NITROX CN16XX Security Processor | 1/7/2010 |
ECC:
ASSURANCES
<
5.5.2:
#3
>
<
5.6.2.1:
#3
>
<
5.6.2.1:
#1
>
<
5.6.3.1:
#5
>
"NITROX XL CN16XX-NFBE HSM (Hardware Security Module) Adapter family." |
4 | Renesas Technology America, Inc. 450 Holger Way San Jose, CA 95134 USA -Murthy Vedula
|
Version BOS_AE57C1_v_2.1_1012 (Firmware) Part # AE57C1, Version 19 |
Renesas AE57C1 | 10/9/2009 |
FFC:
ASSURANCES
<
5.5.2:
#3
>
<
5.6.2.1:
#1
,
#4
>
<
5.6.2.2:
#1
,
#3
>
<
5.6.3.1:
,
#4
>
SCHEMES [ dhStatic ( KC < KCRole(s): Recipient > < KCType(s): Unilateral > < KARole(s): Responder > ) ( FC: SHA256   HMAC ) ] SHS Val#982 RNG Val#585 "Renesas BOS software development framework is a mask ROM used for prototyping and mass production of embedded smart chip systems based on AE4XC/AE5XC/N2xx devices. BOS provides authentication and secure program download mechanism. Users can develop embedded applications using the BOS cryptographic, communication, and OS application interfaces." |
3 | Pitney Bowes, Inc. 35 Waterview Drive Shelton, CT 06484-8000 USA -Robert Sisson
|
Version 01.00.0004 (Firmware) |
Sigma ASIC | 8/17/2009 |
ECC:
ASSURANCES
<
5.5.2:
#3
>
<
5.6.2.3:
#4
>
"The Pitney Bowes Cygnus X-3 Postal Security Device (PSD) is designed in compliance with FIPS 140-2 and IPMAR standards to support the USPS IBIP and international digital indicia standards globally. The PSD employs strong cryptographic and physical security techniques for the protection of customer funds in Pitney Bowes Postage Metering products." |
2 | Memory Experts International Inc. 227 Montcalm Suite 101 & 202 Gatineau, Quebec J8Y 3B9 Canada -Larry Hamid
|
Version 1.3 (Firmware) |
Bluefly Processor | 6/26/2009 |
FFC:
ASSURANCES
<
5.5.2:
#3
>
<
5.6.2.3:
#1
>
SCHEMES [ dhEphem ( KARole(s): Responder ) ( FC: SHA256 ) ] SHS Val#1042 RNG Val#622 "The Bluefly processor is a cryptographic and authentication engine for Personal Portable Security Devices (PPSDs). It provides secure storage, digital identity functions, and multifactor user authentication for USB-based peripherals." |
1 | Pitney Bowes, Inc. 35 Waterview Drive Shelton, CT 06484-8000 USA -Robert Sisson
|
Version 03.00.0049 (Firmware) |
Sigma ASIC | 5/28/2009 |
ECC:
SCHEMES
[
EphemeralUnified
(
EC:
P-256
 
SHA256
 
HMAC
)
)
]
"The Pitney Bowes Cygnus X-3 Postal Security Device (PSD) is designed in compliance with FIPS 140-2 and IPMAR standards to support the USPS IBIP and international digital indicia standards globally. The PSD employs strong cryptographic and physical security techniques for the protection of customer funds in Pitney Bowes Postage Metering products." |
Computer Security Division
National Institute of Standards and Technology