CryptoManager Root of Trust RT-660

Certificate #4758

Webpage information

Status active
Validation dates 12.08.2024
Sunset date 11-08-2029
Standard FIPS 140-3
Security level 2
Type Hardware
Embodiment Single Chip
Caveat When operated in approved mode
Exceptions
  • Operational environment: N/A
  • Non-invasive security: N/A
Description The CryptoManager Root of Trust (CMRT) RT-660 is an independent Silicon IP Security Module for integration into semiconductor devices, offering secure execution of authenticated user applications, tamper detection and protection, DPA resistance and secure storage and handling of keys and security assets.
Version (Hardware) 0x6000_0931
Version (Firmware) 2022-02-24-g801c166
Tested configurations
  • Xilinx Zynq XC7Z045 FPGA
Vendor Rambus Inc.
References

This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.
Certificate
Webpage

Security policy

Security target PDF TXT

Symmetric Algorithms
AES, AES-, AES-256, HMAC, HMAC-SHA-256, HMAC-SHA-224, HMAC-SHA-384, CMAC
Asymmetric Algorithms
RSA-CRT, ECDH, ECDSA, ECC, Diffie-Hellman, DSA
Hash functions
SHA-512, SHA-256, SHA-224, SHA-384, SHA2, SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHA-3, SHA3
Schemes
MAC, Key Agreement, Key agreement
Randomness
TRNG, DRBG, RNG
Elliptic Curves
P-224, P-256, P-384, P-521, NIST P-256, NIST P-224
Block cipher modes
ECB, CBC, CTR, CFB, OFB, GCM

Trusted Execution Environments
SSC

Security level
Level 2, Level 1
Side-channel analysis
side-channel, DPA, Fault Injection

Standards
FIPS 140-3, FIPS PUB 140-3, FIPS 197, FIPS186-4, FIPS198-1, FIPS180-4, FIPS202, FIPS 186-4, FIPS140-3, FIPS197, NIST SP 800-140B, NIST SP 800-140F, PKCS#1, RFC3394, RFC5649, ISO/IEC 24759, ISO/IEC 19790:2012

File metadata

Title DRAFT_140-3_CMRT_SecurityPolicy_v1.1
Author Marylene Palard
Creation date D:20240730155904Z00'00'
Modification date D:20240730155904Z00'00'
Pages 37
Creator Word
Producer macOS Version 14.5 (Build 23F79) Quartz PDFContext

References

Incoming
  • 661 - historical - IBM eServer Cryptographic Coprocessor Security Module

Heuristics

No heuristics are available for this certificate.

References

Updates

  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate was first processed.

Raw data 

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4758,
  "dgst": "13908fe4d3eb986b",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "SHA2-512/224A2114",
        "SHA2-384A2114",
        "HMAC-SHA3-256A2115",
        "HMAC-SHA2-384A2115",
        "AES-ECBA2114",
        "KAS-ECC Sp800-56Ar3A2114",
        "KDA OneStep SP800-56Cr2A2114",
        "KDF SP800-108A2114",
        "SHA3-512A2115",
        "SHA3-224A2115",
        "AES-CFB128A2114",
        "HMAC-SHA3-224A2115",
        "SHA2-512/256A2114",
        "KDA TwoStep SP800-56Cr2A2114",
        "SHA3-384A2115",
        "HMAC-SHA2-512/256A2114",
        "AES-KWPA2114",
        "RSA KeyGen (FIPS186-4)A2114",
        "HMAC-SHA2-256A2115",
        "HMAC-SHA3-384A2115",
        "ECDSA KeyGen (FIPS186-4)A2114",
        "RSA SigGen (FIPS186-4)A2115",
        "HMAC-SHA2-224A2115",
        "RSA SigVer (FIPS186-4)A2115",
        "SHA3-256A2115",
        "SHA2-256A2114",
        "ECDSA SigVer (FIPS186-4)A2115",
        "SHA2-224A2114",
        "HMAC-SHA3-512A2115",
        "KAS-ECC-SSC Sp800-56Ar3A2114",
        "SHA2-512A2114",
        "AES-CTRA2114",
        "HMAC-SHA2-512/224A2114",
        "ECDSA KeyVer (FIPS186-4)A2114",
        "AES-CBCA2114",
        "ECDSA SigGen (FIPS186-4)A2115",
        "HMAC-SHA2-512A2115",
        "AES-GCMA2114",
        "AES-CMACA2114",
        "Counter DRBGA2114",
        "AES-GMACA2114"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "02",
        "660",
        "24",
        "2022"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": {
        "_type": "Set",
        "elements": [
          "661"
        ]
      },
      "directly_referencing": null,
      "indirectly_referenced_by": {
        "_type": "Set",
        "elements": [
          "909",
          "661"
        ]
      },
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 1
          },
          "ECDH": {
            "ECDH": 2
          },
          "ECDSA": {
            "ECDSA": 43
          }
        },
        "FF": {
          "DH": {
            "Diffie-Hellman": 44
          },
          "DSA": {
            "DSA": 2
          }
        },
        "RSA": {
          "RSA-CRT": 3
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 2
        },
        "CFB": {
          "CFB": 1
        },
        "CTR": {
          "CTR": 8
        },
        "ECB": {
          "ECB": 2
        },
        "GCM": {
          "GCM": 3
        },
        "OFB": {
          "OFB": 1
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {},
      "crypto_scheme": {
        "KA": {
          "Key Agreement": 9,
          "Key agreement": 1
        },
        "MAC": {
          "MAC": 20
        }
      },
      "device_model": {},
      "ecc_curve": {
        "NIST": {
          "NIST P-224": 3,
          "NIST P-256": 1,
          "P-224": 31,
          "P-256": 39,
          "P-384": 26,
          "P-521": 26
        }
      },
      "eval_facility": {
        "KTC": {
          "KTC": 8
        },
        "atsec": {
          "atsec": 39
        }
      },
      "fips_cert_id": {},
      "fips_certlike": {
        "Certlike": {
          "AES 256": 1,
          "AES key 128": 1,
          "AES-256": 1,
          "HMAC- SHA-256": 1,
          "HMAC- SHA-512": 2,
          "HMAC-SHA- 256": 4,
          "HMAC-SHA-224": 4,
          "HMAC-SHA-256": 14,
          "HMAC-SHA-384": 4,
          "HMAC-SHA-512/224": 2,
          "HMAC-SHA-512/256": 2,
          "HMAC-SHA256": 2,
          "PKCS#1": 14,
          "SHA-224": 4,
          "SHA-256": 12,
          "SHA-3": 2,
          "SHA-384": 4,
          "SHA-512": 5,
          "SHA-512 2048": 1,
          "SHA2": 3,
          "SHA2- 384": 2,
          "SHA2-224": 4,
          "SHA2-256": 14,
          "SHA2-384": 2,
          "SHA2-512": 5,
          "SHA3": 4,
          "SHA3- 384": 2,
          "SHA3- 512": 1,
          "SHA3- 512 2048": 1,
          "SHA3-224": 4,
          "SHA3-256": 6,
          "SHA3-384": 3,
          "SHA3-512": 3
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 1,
          "Level 2": 3
        }
      },
      "hash_function": {
        "SHA": {
          "SHA2": {
            "SHA-224": 4,
            "SHA-256": 12,
            "SHA-384": 4,
            "SHA-512": 6,
            "SHA2": 3
          },
          "SHA3": {
            "SHA-3": 2,
            "SHA3": 4,
            "SHA3-224": 5,
            "SHA3-256": 6,
            "SHA3-384": 3,
            "SHA3-512": 3
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 20
        },
        "RNG": {
          "RNG": 1
        },
        "TRNG": {
          "TRNG": 17
        }
      },
      "side_channel_analysis": {
        "FI": {
          "Fault Injection": 1
        },
        "SCA": {
          "DPA": 1,
          "side-channel": 1
        }
      },
      "standard_id": {
        "FIPS": {
          "FIPS 140-3": 42,
          "FIPS 186-4": 4,
          "FIPS 197": 2,
          "FIPS PUB 140-3": 2,
          "FIPS140-3": 2,
          "FIPS180-4": 3,
          "FIPS186-4": 10,
          "FIPS197": 1,
          "FIPS198-1": 5,
          "FIPS202": 2
        },
        "ISO": {
          "ISO/IEC 19790:2012": 1,
          "ISO/IEC 24759": 2
        },
        "NIST": {
          "NIST SP 800-140B": 2,
          "NIST SP 800-140F": 1
        },
        "PKCS": {
          "PKCS#1": 7
        },
        "RFC": {
          "RFC3394": 2,
          "RFC5649": 2
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 42,
            "AES-": 12,
            "AES-256": 1
          }
        },
        "constructions": {
          "MAC": {
            "CMAC": 3,
            "HMAC": 32,
            "HMAC-SHA-224": 2,
            "HMAC-SHA-256": 7,
            "HMAC-SHA-384": 2
          }
        }
      },
      "tee_name": {
        "IBM": {
          "SSC": 9
        }
      },
      "tls_cipher_suite": {},
      "vendor": {},
      "vulnerability": {}
    },
    "policy_metadata": {
      "/Author": "Marylene Palard",
      "/CreationDate": "D:20240730155904Z00\u002700\u0027",
      "/Creator": "Word",
      "/ModDate": "D:20240730155904Z00\u002700\u0027",
      "/Producer": "macOS Version 14.5 (Build 23F79) Quartz PDFContext",
      "/Title": "DRAFT_140-3_CMRT_SecurityPolicy_v1.1",
      "pdf_file_size_bytes": 908629,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": []
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 37
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_json_hash": null,
    "policy_pdf_hash": "17fbcef46b79ee1188bf371777701155c03f1f433c1955897486dd38ab2f44f5",
    "policy_txt_hash": "ce29758ade81c36a8a098dea47b0496c718c0df1dd532e8190e2bd220ac6b76d"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "When operated in approved mode",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/August 2024_010924_0336.pdf",
    "date_sunset": "2029-08-11",
    "description": "The CryptoManager Root of Trust (CMRT) RT-660 is an independent Silicon IP Security Module for integration into semiconductor devices, offering secure execution of authenticated user applications, tamper detection and protection, DPA resistance and secure storage and handling of keys and security assets.",
    "embodiment": "Single Chip",
    "exceptions": [
      "Operational environment: N/A",
      "Non-invasive security: N/A"
    ],
    "fw_versions": "2022-02-24-g801c166",
    "historical_reason": null,
    "hw_versions": "0x6000_0931",
    "level": 2,
    "mentioned_certs": {},
    "module_name": "CryptoManager Root of Trust RT-660",
    "module_type": "Hardware",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-3",
    "status": "active",
    "sw_versions": null,
    "tested_conf": [
      "Xilinx Zynq XC7Z045 FPGA"
    ],
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2024-08-12",
        "lab": "atsec information security corporation",
        "validation_type": "Initial"
      }
    ],
    "vendor": "Rambus Inc.",
    "vendor_url": "http://www.rambus.com"
  }
}