ID-One PIV (Type B)

Certificate #1416

Webpage information

Status historical
Historical reason RNG SP800-131A Revision 1 Transition
Validation dates 06.10.2010 , 24.11.2010 , 21.12.2010 , 10.02.2011 , 05.07.2011 , 04.10.2011 , 06.02.2014
Standard FIPS 140-2
Security level 2
Type Hardware
Embodiment Single Chip
Caveat When operated in FIPS mode with the fingerprint authentication mechanism parameters configured as indicated in the Security Policy Section 8.1
Exceptions
  • Roles, Services, and Authentication: Level 3
  • Physical Security: Level 3
  • EMI/EMC: Level 3
  • Design Assurance: Level 3
Description This new generation PIV Card addresses current & future needs of both Federal and Corporate customers with built-in support for all the cryptographic algorithms defined in SP800-78-2 including TDEA, AES, RSA, ECDSA, & ECDH with all possible key sizes as well as key history for over 20 retired decryption keys. It offers Identity proofing (storage of personal data), User authentication, Card authentication, digital signature, encryption, & secure post issuance management in the PIV system. Its fingerprint match-on-card has been validated in the MINEX II PIV Biometric interoperability program.
Version (Hardware) P/Ns BF [1, 2] and C0 [3, 4]
Version (Firmware) 0801 (with op-codes (071621 and 070534) [1], (071621 and 071891) [2], (071631 and 070544) [3] or (071631 and 071901) [4]) with ID-One PIV Applet Suite V2.3.2 [*] or V2.3.2-a [**]
Vendor Oberthur Technologies
References

This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.
Certificate
Webpage

Security policy

Security target PDF TXT

Symmetric Algorithms
AES, AES-128, AES-192, AES-256, DES, TDEA, Triple-DES, TDES
Asymmetric Algorithms
RSA 1024, RSA 2048, ECDH, ECDSA, ECC, Diffie-Hellman
Hash functions
SHA-1, SHA1, SHA-224, SHA-256, SHA-384, SHA-512
Schemes
MAC
Randomness
RNG
Elliptic Curves
Curve P-224, Curve P-256, Curve P-384, P-192, P-224, P-256, P-384
Block cipher modes
ECB, CBC

JavaCard versions
JavaCard 2.2.2, GlobalPlatform 2.1.1
Vendor
Oberthur Technologies, Oberthur

Security level
Level 2, Level 3
Side-channel analysis
SPA, DPA, Timing attacks, Fault Induction, fault induction, reverse engineering, Bellcore attack
Certification process
out of scope, SP 800-76-1). Though out of scope for the FIPS 140-2 or NPIVP validations of the ID-One PIV (Type B, defined in Biometric Data Specification for Personal Identity Verification (SP 800-76-1). Though out of scope for the FIPS 140-2 or NPIVP validations of the ID-One PIV (Type B) cryptographic module, the

Standards
FIPS 140-2, FIPS 201, FIPS 186-2, FIPS 180-3, FIPS140-2, FIPS 201-1, SP 800-732, SP 800-733, SP 800-73, SP 800-56A, SP 800-104, PKCS #1, ISO/IEC 14443, ISO/IEC 7816-11, ISO/IEC 7816, ISO/IEC 7816-3, ISO/IEC 19794-2, ISO/IEC 7816-4, ISO/IEC 7816-5, ISO/IEC 14443-3, ISO/IEC 14443-4

File metadata

Title Microsoft Word - 6d - Security Policy PIV on ID-One Cosmo v7-a cg cover - 2011-08-29.doc
Author seckgren
Creation date D:20110829092931-07'00'
Modification date D:20110829092931-07'00'
Pages 43
Creator PScript5.dll Version 5.2.2
Producer Acrobat Distiller 9.4.5 (Windows)

References

Outgoing
  • 1248 - historical - Oberthur ID-One Cosmo V7-a

Heuristics

No heuristics are available for this certificate.

References

Updates

  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate was first processed.

Raw data 

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 1416,
  "dgst": "c775788b4db45b59",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "AES#978",
        "CVL#221",
        "CVL#216",
        "Triple-DES#770",
        "SHS#949",
        "Triple-DES MAC#770",
        "RSA#471",
        "ECDSA#120",
        "RNG#555"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "2.3.2"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": {
        "_type": "Set",
        "elements": [
          "1248"
        ]
      },
      "indirectly_referenced_by": null,
      "indirectly_referencing": {
        "_type": "Set",
        "elements": [
          "1248"
        ]
      }
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": [
        "1248"
      ]
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 22
          },
          "ECDH": {
            "ECDH": 5
          },
          "ECDSA": {
            "ECDSA": 13
          }
        },
        "FF": {
          "DH": {
            "Diffie-Hellman": 1
          }
        },
        "RSA": {
          "RSA 1024": 2,
          "RSA 2048": 1
        }
      },
      "certification_process": {
        "OutOfScope": {
          "SP 800-76-1). Though out of scope for the FIPS 140-2 or NPIVP validations of the ID-One PIV (Type B": 1,
          "defined in Biometric Data Specification for Personal Identity Verification (SP 800-76-1). Though out of scope for the FIPS 140-2 or NPIVP validations of the ID-One PIV (Type B) cryptographic module, the": 1,
          "out of scope": 1
        }
      },
      "cipher_mode": {
        "CBC": {
          "CBC": 9
        },
        "ECB": {
          "ECB": 10
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {},
      "crypto_scheme": {
        "MAC": {
          "MAC": 6
        }
      },
      "device_model": {},
      "ecc_curve": {
        "NIST": {
          "Curve P-224": 4,
          "Curve P-256": 4,
          "Curve P-384": 4,
          "P-192": 2,
          "P-224": 6,
          "P-256": 6,
          "P-384": 6
        }
      },
      "eval_facility": {},
      "fips_cert_id": {
        "Cert": {
          "#1": 3,
          "#1248": 1,
          "#19": 1,
          "#26": 1,
          "#949": 1
        }
      },
      "fips_certlike": {
        "Certlike": {
          "AES 128": 5,
          "AES-128": 3,
          "AES-192": 3,
          "AES-256": 3,
          "DES 128": 5,
          "PKCS #1": 6,
          "RSA 1024": 2,
          "RSA 2048": 1,
          "SHA 256": 1,
          "SHA 384": 1,
          "SHA-1": 4,
          "SHA-224": 1,
          "SHA-256": 1,
          "SHA-384": 1,
          "SHA-512": 1,
          "SHA1": 1,
          "SHS Cert. #949": 1
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 2": 5,
          "Level 3": 5
        }
      },
      "hash_function": {
        "SHA": {
          "SHA1": {
            "SHA-1": 4,
            "SHA1": 1
          },
          "SHA2": {
            "SHA-224": 1,
            "SHA-256": 1,
            "SHA-384": 1,
            "SHA-512": 1
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {
        "com": {
          "com.oberthurcs.javacard.authentic.biometry.optional": 1,
          "com.oberthurcs.javacard.chv": 1,
          "com.oberthurcs.javacard.chv.cvm": 1,
          "com.oberthurcs.javacard.chv.cvm.bio": 1,
          "com.oberthurcs.javacard.chv.server": 1,
          "com.oberthurcs.javacard.chv.server.biometric": 1
        },
        "javacard": {
          "javacard.authentic.biometry.optional": 1,
          "javacard.chv": 1,
          "javacard.chv.cvm": 1,
          "javacard.chv.cvm.bio": 1,
          "javacard.chv.server": 1,
          "javacard.chv.server.biometric": 1
        }
      },
      "javacard_version": {
        "GlobalPlatform": {
          "GlobalPlatform 2.1.1": 1
        },
        "JavaCard": {
          "JavaCard 2.2.2": 3
        }
      },
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "RNG": {
          "RNG": 9
        }
      },
      "side_channel_analysis": {
        "FI": {
          "Fault Induction": 1,
          "fault induction": 1
        },
        "SCA": {
          "DPA": 6,
          "SPA": 7,
          "Timing attacks": 1
        },
        "other": {
          "Bellcore attack": 1,
          "reverse engineering": 1
        }
      },
      "standard_id": {
        "FIPS": {
          "FIPS 140-2": 24,
          "FIPS 180-3": 1,
          "FIPS 186-2": 3,
          "FIPS 201": 2,
          "FIPS 201-1": 1,
          "FIPS140-2": 1
        },
        "ISO": {
          "ISO/IEC 14443": 4,
          "ISO/IEC 14443-3": 1,
          "ISO/IEC 14443-4": 1,
          "ISO/IEC 19794-2": 2,
          "ISO/IEC 7816": 2,
          "ISO/IEC 7816-11": 1,
          "ISO/IEC 7816-3": 2,
          "ISO/IEC 7816-4": 1,
          "ISO/IEC 7816-5": 1
        },
        "NIST": {
          "SP 800-104": 1,
          "SP 800-56A": 1,
          "SP 800-73": 2,
          "SP 800-732": 1,
          "SP 800-733": 1
        },
        "PKCS": {
          "PKCS #1": 3
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 20,
            "AES-128": 3,
            "AES-192": 3,
            "AES-256": 3
          }
        },
        "DES": {
          "3DES": {
            "TDEA": 1,
            "TDES": 10,
            "Triple-DES": 1
          },
          "DES": {
            "DES": 17
          }
        }
      },
      "tee_name": {},
      "tls_cipher_suite": {},
      "vendor": {
        "Oberthur": {
          "Oberthur": 16,
          "Oberthur Technologies": 46
        }
      },
      "vulnerability": {}
    },
    "policy_metadata": {
      "/Author": "seckgren",
      "/CreationDate": "D:20110829092931-07\u002700\u0027",
      "/Creator": "PScript5.dll Version 5.2.2",
      "/ModDate": "D:20110829092931-07\u002700\u0027",
      "/Producer": "Acrobat Distiller 9.4.5 (Windows)",
      "/Title": "Microsoft Word - 6d - Security Policy PIV on ID-One Cosmo v7-a cg cover - 2011-08-29.doc",
      "pdf_file_size_bytes": 255172,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": []
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 43
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_json_hash": null,
    "policy_pdf_hash": "ad53f693eae17f28f79d94c64fecb4f77ab2244917bf6d6dd1197a9bd7cb2136",
    "policy_txt_hash": "a8ffac6727ca7c62e01c67b71611c7908973aeba8db8d3b7665416e8d2e0ca86"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "When operated in FIPS mode with the fingerprint authentication mechanism parameters configured as indicated in the Security Policy Section 8.1",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/140crt1416.pdf",
    "date_sunset": null,
    "description": "This new generation PIV Card addresses current \u0026 future needs of both Federal and Corporate customers with built-in support for all the cryptographic algorithms defined in SP800-78-2 including TDEA, AES, RSA, ECDSA, \u0026 ECDH with all possible key sizes as well as key history for over 20 retired decryption keys. It offers Identity proofing (storage of personal data), User authentication, Card authentication, digital signature, encryption, \u0026 secure post issuance management in the PIV system. Its fingerprint match-on-card has been validated in the MINEX II PIV Biometric interoperability program.",
    "embodiment": "Single Chip",
    "exceptions": [
      "Roles, Services, and Authentication: Level 3",
      "Physical Security: Level 3",
      "EMI/EMC: Level 3",
      "Design Assurance: Level 3"
    ],
    "fw_versions": "0801 (with op-codes (071621 and 070534) [1], (071621 and 071891) [2], (071631 and 070544) [3] or (071631 and 071901) [4]) with ID-One PIV Applet Suite V2.3.2 [*] or V2.3.2-a [**]",
    "historical_reason": "RNG SP800-131A Revision 1 Transition",
    "hw_versions": "P/Ns BF [1, 2] and C0 [3, 4]",
    "level": 2,
    "mentioned_certs": {},
    "module_name": "ID-One PIV (Type B)",
    "module_type": "Hardware",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-2",
    "status": "historical",
    "sw_versions": null,
    "tested_conf": null,
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2010-10-06",
        "lab": "UL Verification Services, Inc.",
        "validation_type": "Initial"
      },
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2010-11-24",
        "lab": "",
        "validation_type": "Update"
      },
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2010-12-21",
        "lab": "",
        "validation_type": "Update"
      },
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2011-02-10",
        "lab": "UL Verification Services, Inc.",
        "validation_type": "Update"
      },
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2011-07-05",
        "lab": "",
        "validation_type": "Update"
      },
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2011-10-04",
        "lab": "UL Verification Services, Inc.",
        "validation_type": "Update"
      },
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2014-02-06",
        "lab": "",
        "validation_type": "Update"
      }
    ],
    "vendor": "Oberthur Technologies",
    "vendor_url": "http://www.oberthur.com"
  }
}