Octopus Authentication Server Cryptographic Module

Certificate #3388

Webpage information

Status historical
Historical reason Moved to historical list due to sunsetting
Validation dates 04.03.2019 , 20.02.2021
Standard FIPS 140-2
Security level 1
Type Software
Embodiment Multi-Chip Stand Alone
Caveat When operated in FIPS mode. When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module. This validation entry is a non-security relevant modification to Cert. #1747.
Exceptions
  • Roles, Services, and Authentication: Level 2
  • Physical Security: N/A
  • Design Assurance: Level 3
  • Mitigation of Other Attacks: N/A
Description The Octopus Authentication Server manages the authentication requests coming from the service provider and the connection to the application on the mobile device to get the user approval.
Tested configurations
  • Ubuntu 13.04 running on AM335x Cortex-A8 (ARMv7) with PAA (gcc Compiler Version 4.7.3)
  • Ubuntu 13.04 running on AM335x Cortex-A8 (ARMv7) without PAA (gcc Compiler Version 4.7.3) (single-user mode)
Vendor Secret Double Octopus Ltd.
References

This certificate's webpage directly references 1 certificates, transitively this expands into 1 certificates.
Certificate
Webpage

Security policy

Security target PDF TXT

Symmetric Algorithms
AES, TDEA, TDES, HMAC, CMAC
Asymmetric Algorithms
ECDSA, ECC, DH, Diffie-Hellman, DSA
Hash functions
SHA-1, SHA1, SHA-224, SHA224, SHA256, SHA384, SHA512, SHA-256, SHA-384, SHA-2
Schemes
Key Agreement, Key agreement
Protocols
TLS
Randomness
DRBG, RNG
Libraries
OpenSSL
Elliptic Curves
P-224, P-384, P-192, P-256, P-521, K-224, K-384, B-224, B-384, K-163, K-283, K-571, B-233, B-409, K-233, K-409, B-163, B-283, B-571
Block cipher modes
ECB, CBC, CTR, CFB, OFB, GCM, CCM, XTS

Vendor
Microsoft

Standards
FIPS 140-2, FIPS 186-2, FIPS 180-4, FIPS 186-4, FIPS 197, FIPS 198-1, FIPS 198, SP 800-38B, SP 800-38C, SP 800-38D, SP 800-56A, SP 800-89, SP 800-90A, SP 800-131A, SP 800-90, SP 800-67, SP 800-38E, SP 800-56B, PKCS#1, RFC5288

File metadata

Author Ryan Thomas
Creation date D:20210205203133+05'30'
Modification date D:20210205203133+05'30'
Pages 23
Creator Microsoft® Word for Microsoft 365
Producer Microsoft® Word for Microsoft 365

Heuristics

No heuristics are available for this certificate.

References

Updates

  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate was first processed.

Raw data 

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 3388,
  "dgst": "92558c434783e42c",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "RSA#1273",
        "ECDSA#413",
        "DRBG#342",
        "DSA#764",
        "Triple-DES#1522",
        "AES#2484",
        "SHS#2102",
        "CVL#85",
        "HMAC#1526"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "-"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": {
        "_type": "Set",
        "elements": [
          "1747"
        ]
      },
      "indirectly_referenced_by": null,
      "indirectly_referencing": {
        "_type": "Set",
        "elements": [
          "1747"
        ]
      }
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": [
        "1747"
      ]
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 3
          },
          "ECDSA": {
            "ECDSA": 16
          }
        },
        "FF": {
          "DH": {
            "DH": 9,
            "Diffie-Hellman": 1
          },
          "DSA": {
            "DSA": 17
          }
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 3
        },
        "CCM": {
          "CCM": 4
        },
        "CFB": {
          "CFB": 3
        },
        "CTR": {
          "CTR": 2
        },
        "ECB": {
          "ECB": 3
        },
        "GCM": {
          "GCM": 7
        },
        "OFB": {
          "OFB": 1
        },
        "XTS": {
          "XTS": 4
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {
        "OpenSSL": {
          "OpenSSL": 6
        }
      },
      "crypto_protocol": {
        "TLS": {
          "TLS": {
            "TLS": 1
          }
        }
      },
      "crypto_scheme": {
        "KA": {
          "Key Agreement": 2,
          "Key agreement": 2
        }
      },
      "device_model": {},
      "ecc_curve": {
        "NIST": {
          "B-163": 3,
          "B-224": 1,
          "B-233": 1,
          "B-283": 2,
          "B-384": 1,
          "B-409": 1,
          "B-571": 2,
          "K-163": 1,
          "K-224": 1,
          "K-233": 4,
          "K-283": 1,
          "K-384": 1,
          "K-409": 2,
          "K-571": 1,
          "P-192": 8,
          "P-224": 4,
          "P-256": 4,
          "P-384": 4,
          "P-521": 4
        }
      },
      "eval_facility": {},
      "fips_cert_id": {},
      "fips_certlike": {
        "Certlike": {
          "AES 128/ 192/256": 1,
          "AES 128/192/256": 2,
          "AES, 256": 1,
          "HMAC SHA-1": 1,
          "HMAC-SHA-1": 12,
          "HMAC-SHA1": 10,
          "PKCS#1": 2,
          "SHA- 224": 1,
          "SHA-1": 18,
          "SHA-1, 224": 18,
          "SHA-2": 3,
          "SHA-2 (224": 2,
          "SHA-224": 11,
          "SHA-256": 1,
          "SHA-384": 1,
          "SHA1": 1,
          "SHA224": 1,
          "SHA256": 3,
          "SHA384": 1,
          "SHA512": 2
        }
      },
      "fips_security_level": {},
      "hash_function": {
        "SHA": {
          "SHA1": {
            "SHA-1": 36,
            "SHA1": 1
          },
          "SHA2": {
            "SHA-2": 5,
            "SHA-224": 11,
            "SHA-256": 1,
            "SHA-384": 1,
            "SHA224": 1,
            "SHA256": 3,
            "SHA384": 1,
            "SHA512": 2
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 19
        },
        "RNG": {
          "RNG": 1
        }
      },
      "side_channel_analysis": {},
      "standard_id": {
        "FIPS": {
          "FIPS 140-2": 11,
          "FIPS 180-4": 2,
          "FIPS 186-2": 6,
          "FIPS 186-4": 10,
          "FIPS 197": 2,
          "FIPS 198": 1,
          "FIPS 198-1": 1
        },
        "NIST": {
          "SP 800-131A": 2,
          "SP 800-38B": 2,
          "SP 800-38C": 2,
          "SP 800-38D": 2,
          "SP 800-38E": 1,
          "SP 800-56A": 4,
          "SP 800-56B": 1,
          "SP 800-67": 1,
          "SP 800-89": 1,
          "SP 800-90": 4,
          "SP 800-90A": 2
        },
        "PKCS": {
          "PKCS#1": 1
        },
        "RFC": {
          "RFC5288": 1
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 21
          }
        },
        "DES": {
          "3DES": {
            "TDEA": 1,
            "TDES": 9
          }
        },
        "constructions": {
          "MAC": {
            "CMAC": 15,
            "HMAC": 7
          }
        }
      },
      "tee_name": {},
      "tls_cipher_suite": {},
      "vendor": {
        "Microsoft": {
          "Microsoft": 1
        }
      },
      "vulnerability": {}
    },
    "policy_metadata": {
      "/Author": "Ryan Thomas",
      "/CreationDate": "D:20210205203133+05\u002730\u0027",
      "/Creator": "Microsoft\u00ae Word for Microsoft 365",
      "/ModDate": "D:20210205203133+05\u002730\u0027",
      "/Producer": "Microsoft\u00ae Word for Microsoft 365",
      "pdf_file_size_bytes": 464753,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "http://software.intel.com/en%1fus/articles/intel%1fadvanced%1fencryption%1fstandard%1finstructions%1faes%1fni/?wapkw=aes%1fni",
          "http://www.arm.com/products/processors/technologies/neon.php",
          "http://www.openssl.org/",
          "http://www.intel.com/support/processors/sb/CS%1f030123.htm?wapkw=sse2"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 23
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_json_hash": null,
    "policy_pdf_hash": "9f5a9727052015cae3d577de5e748b44180d1aadf247ad761250c8e82c24cdf8",
    "policy_txt_hash": "ca53e5eb56cad94983f8e561834fd3371b9ea47fcf015fd7a71985bb4ba7b78e"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "When operated in FIPS mode. When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module. This validation entry is a non-security relevant modification to Cert. #1747.",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/FIPSConsolidatedMarch2019.pdf",
    "date_sunset": null,
    "description": "The Octopus Authentication Server manages the authentication requests coming from the service provider and the connection to the application on the mobile device to get the user approval.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Roles, Services, and Authentication: Level 2",
      "Physical Security: N/A",
      "Design Assurance: Level 3",
      "Mitigation of Other Attacks: N/A"
    ],
    "fw_versions": null,
    "historical_reason": "Moved to historical list due to sunsetting",
    "hw_versions": null,
    "level": 1,
    "mentioned_certs": {
      "1747": 1
    },
    "module_name": "Octopus Authentication Server Cryptographic Module",
    "module_type": "Software",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-2",
    "status": "historical",
    "sw_versions": "2.0.5",
    "tested_conf": [
      "Ubuntu 13.04 running on AM335x Cortex-A8 (ARMv7) with PAA (gcc Compiler Version 4.7.3)",
      "Ubuntu 13.04 running on AM335x Cortex-A8 (ARMv7) without PAA (gcc Compiler Version 4.7.3) (single-user mode)"
    ],
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2019-03-04",
        "lab": "Acumen Security",
        "validation_type": "Initial"
      },
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2021-02-20",
        "lab": "Acumen Security",
        "validation_type": "Update"
      }
    ],
    "vendor": "Secret Double Octopus Ltd.",
    "vendor_url": "https://doubleoctopus.com/"
  }
}