Wisekey Semiconductors
This document can be reproduced and distributed only
whole and intact, including this copyright notice
VAULTIC 420/460 FIPS
140-2 NON-PROPRIETARY
SECURITY POLICY
Application Note
TPR0527J
TPR0527J
12Dec18
This document can be reproduced and distributed only whole and intact,
including this copyright notice.
VaultIC 420/460 FIPS 140-2 Non-
Proprietary Security Policy
1
1 Introduction ............................................................................................2
1.1 Purpose ..............................................................................................................2
1.2 References .........................................................................................................2
1.3 Document Organization ......................................................................................2
2 VaultIC Module Overview ......................................................................3
3 Security Level .........................................................................................5
4 Modes of Operation ...............................................................................6
4.1 FIPS Approved Mode of Operation ....................................................................6
4.2 Non-Approved Mode of Operation .....................................................................6
4.3 Approved and Allowed Algorithms .....................................................................7
4.4 Non-Approved, Non-Allowed Algorithms ............................................................8
5 Ports and Interfaces ..............................................................................8
6 Identification and Authentication Policy ..............................................9
6.1 Assumption of Roles ..........................................................................................9
6.2 Authenticated Services .....................................................................................10
6.3 Unauthenticated Services ................................................................................11
6.4 Definition of Critical Security Parameters (CSPs) ............................................12
6.5 Definition of Public Keys ...................................................................................14
6.6 Definition of CSPs Modes of Access ................................................................15
7 Operational Environment ....................................................................17
8 Security Rules ......................................................................................17
9 Physical Security Policy ......................................................................19
9.1 Physical Security Mechanisms .........................................................................19
10 Mitigation of Other Attacks Policy .....................................................19
1. Introduction
TPR0527J
12Dec18
2
This document can be reproduced and distributed only whole and intact,
including this copyright notice.
VaultIC 420/460 FIPS 140-2 Non-
Proprietary Security Policy
1. Introduction
1.1 Purpose
This is a non-proprietary Cryptographic Module Security Policy for the WISeKey VaultIC420 and
VaultIC460 security modules (respective ordering part numbers are ATVaultIC420 and
ATVaultIC460). This Security Policy describes how the VaultIC security module meets the secu-
rity requirements of Federal Information Processing Standard (FIPS) Publication 140-2 and how
to run the module in a secure FIPS 140-2 mode. This policy was prepared as part of the FIPS
140-2 level 3 validation of the module.
FIPS 140-2 details the U.S. and Canadian government requirements for cryptographic modules.
More information about the FIPS 140-2 standard and validation program is available on the
National Institute of Standards and Technology (NIST) Cryptographic Module Validation Pro-
gram (CMVP) website at: http://csrc.nist.gov/groups/STM/index.html.
The VaultIC security module is referred to in this document as cryptographic module, security
module, or the module.
1.2 References
This document deals only with operations and capabilities of the module in the technical terms of
a FIPS 140-2 cryptographic module security policy. More information is available on the module
from the following sources:
• The Wisekey website (http://www.wisekey.com) contains information on the full line of
products from Inside Secure.
• The CMVP website (http://csrc.nist.gov/groups/STM/index.html) contains contact information
for answers to technical or sales-related questions for the module.
1.3 Document Organization
The Security Policy document is one document in a FIPS 140-2 Submission Package. In addi-
tion to this document, the Submission Package contains:
• Module Technical Datasheet
• Algorithm Test Form
• Finite State Machine
• Other supporting documentation as additional references
TPR0527J
12Dec18
This document can be reproduced and distributed only whole and intact,
including this copyright notice.
VaultIC 420/460 FIPS 140-2 Non-
Proprietary Security Policy
3
2. VaultIC Module Overview
2. VaultIC Module Overview
The VaultIC420 or VaultIC460 are ASSPs designed to secure various systems against counter-
feiting, cloning or identity theft. It is a hardware security module that can be used in many
applications such as IP protection, access control or hardware protection.
The packages are shown in the figures below on 1mm by 1mm grid to indicate the size.
Figure 2-1. SOIC8 Package (letf/ Middle: top view USB / SPI printing, right: bottom view)
The proven technology used in the security module is already widespread and used in national
ID/health cards, e-passports, bank cards (storing user Personal Identification Number, account
numbers and authentication keys among others), pay-TV access control and cell phone SIM
cards (allowing the storage of subscribers’ unique ID, PIN code, and authentication to the net-
work), where cloning must definitely be prevented.
Designed to keep contents secure and avoid leaking information during code execution, the
security module includes voltage, frequency and temperature detectors, illegal code execution
prevention, tampering monitors and protection against side channel attacks (DPA) and probing.
The chips can detect tampering attempts and destroy sensitive data on such events, thus avoid-
ing data confidentiality being compromised. Strong Authentication capability, secure storage and
flexibility thanks to its various interfaces (USB, SPI, I2
C, ISO7816), low pin count and low power
consumption are main features of the VaultIC. Its embedded firmware provided advanced func-
tions such as Identity-based authentication, large Cryptographic command set, various Public
domain cryptographic algorithms, Cryptographic protocols, Secure Channel Protocols, Robust
communication protocol
Package Type printed on Package
QFN44 V460020 DCL0J1F 1919
SOIC8 VXXXUSB 1S80768 1207
SOIC8 VXXXSPI 1S8076A 1207
2. VaultIC Module Overview
TPR0527J
12Dec18
4
This document can be reproduced and distributed only whole and intact,
including this copyright notice.
VaultIC 420/460 FIPS 140-2 Non-
Proprietary Security Policy
Figure 2-2. Security Module block diagram
Below is described an example of VaultIC 4xx product in the typical USB eToken application.
Figure 2-3. USB eToken application
VaultIC Hardware
Hardware
Security
Power
Management
Device
SPI / I2
C / ISO7816 / USB
RAM
EEPROM
ISO
7816
HS
SPI
HS
I2C
USB
2.0
RISC
CPU
Public
Key
Crypto
Engine
AES
RNG
CryptoLibrary
(RSA,TDES,AES...)
Memory
Management
CommunicationStack
(USB,I2CT=0,T=1...)
Crypto
Services
(MAC, Signature...)
Application
Management
&
Storage
(File System)
Administration
Services
(Key Management)
Crypto
Module
Boundary
LAN / Internet
USB
ATVaultIC
TPR0527J
12Dec18
This document can be reproduced and distributed only whole and intact,
including this copyright notice.
VaultIC 420/460 FIPS 140-2 Non-
Proprietary Security Policy
5
2. VaultIC Module Overview
The module contains a cryptographic toolbox, providing basic FIPS Approved security functions
to support SCP protocols and secure key storage.
3. Security Level
TPR0527J
12Dec18
6
This document can be reproduced and distributed only whole and intact,
including this copyright notice.
VaultIC 420/460 FIPS 140-2 Non-
Proprietary Security Policy
Table 2-1 describes the configuration of hardware and firmware for the FIPS 140-2 validation.
3. Security Level
The cryptographic module meets the overall requirements applicable to Level 3 security of FIPS
140-2.
Table 2-1. Versioning Information
VaultIC420 VaultIC460
Commercial Part Number ATVaultIC420 ATVaultIC460
Hardware Platform AT90SO128 - Silicon Rev H
Firmware Version 1.2.14
Note
Note
VaultIC420 and VaultIC460 modules are all the same physically and offer the
same functionalities. They only differ in the size of the file system(32Kb for the
VaultIC420 and 99Kbfor the VaultIC460), which is a software configuration at
factory.
Table 3-1. Module Security Level Specification
Security Requirements Section Level
Cryptographic Module Specification 3
Module Ports and Interfaces 3
Roles, Services and Authentication 3
Finite State Model 3
Physical Security 4
Operational Environment N/A
Cryptographic Key Management 3
EMI/EMC 3
Self-Tests 3
Design Assurance 3
Mitigation of Other Attacks 3
TPR0527J
12Dec18
This document can be reproduced and distributed only whole and intact,
including this copyright notice.
VaultIC 420/460 FIPS 140-2 Non-
Proprietary Security Policy
7
4. Modes of Operation
4. Modes of Operation
VaultIC operates in different modes of operation, given different conditions of use of keys and
cryptographic services. The mode of operation is automatically selected according to the device
state and the authenticated operator. The selected mode of operation remains activated while
the operator is authenticated. The module operates in FIPS approved mode of operations when
an approved user is authenticated and the life cycle is in operational activated state. As soon as
the approved user is logged off (authentication canceled or secure channel is terminated), the
module operates in non-approved mode of operations.
FIPS Approved Mode of Operation and Non-Approved Mode of Operation specify the conditions
of use when the product is in the field.
In addition, for performance reasons, FIPS Approved Mode of Operation can be disabled at per-
sonalization time either at Wisekey office or at customer’s factory using the creation state. This
mode (creation state) is a non-approved mode of operation and can be used only by the manu-
facturer role to personalize the product. FIPS mode capability can be turned off and on by
logging in as the Manufacturer role and using the Set Config command. The module is zeroized
when switching between FIPS and non-FIPS mode (in either directions), including the file sys-
tem and cryptographic keys being wiped.
4.1 FIPS Approved Mode of Operation
This mode is automatically selected when the device is in ACTIVATED state and an approved
user or an approved administrator is successfully authenticated. While in an approved mode of
operation, only Approved and Allowed Algorithms are allowed. Additional security restrictions
may apply.
4.2 Non-Approved Mode of Operation
This mode is automatically selected when the device is in ACTIVATED state and a non-
approved user, a non-approved administrator or a manufacturer is successfully authenticated.
While in a non-approved mode of operation, the VaultIC™ usage is not restricted and both
Approved and Allowed Algorithms and Non-Approved, Non-Allowed Algorithms are allowed.
Note
Note
By default, the module is configured in FIPS mode.
Note
Note
The module will indicate that it is running in the FIPS Approved mode of operation
by indicating Mode of Operation: Approved in the response of a Get Info
command.
Note
Note
The module will indicate that it is running in the non-FIPS Approved mode of oper-
ation by indicating Mode of Operation: non-approved mode in the response of a
Get Info command.
4. Modes of Operation
TPR0527J
12Dec18
8
This document can be reproduced and distributed only whole and intact,
including this copyright notice.
VaultIC 420/460 FIPS 140-2 Non-
Proprietary Security Policy
CSPs are not shared between the non-Approved and Approved modes of operation.
The internal state of the DRBG is zeroized each time the DRBG is instantiated.
4.3 Approved and Allowed Algorithms
The cryptographic module supports the following FIPS Approved algorithms.
KTS (AES Cert. #5690; key establishment methodology provides between 128 and 256 bits of
encryption strength)
.
Table 4-1. FIPS Approved Algorithms used in VaultIC Module
FIPS Approved Algorithm CAVP Cert #
AES as per FIPS 197:
ECB, CBC, CFB-128, OFB and CTR modes
128, 192 and 256 bits
5690
AES CMAC as per NIST SP 800-38B:
128, 192 and 256 bits
5690
SHA-1, -224, -256, -384, -512 as per FIPS 180-4 4562
HMAC as per FIPS 198-1:
With SHA-1, -224, -256, -384, -512
3791
RSA 1024 bits as per FIPS 186-4:
Signature verification only for legacy use
RSA 2048 and 3072 bits:
Signature generation and verification
Keypair generation
3063
DSA 1024 bits as per FIPS 186-4:
Signature verification only for legacy use
DSA 2048 bits:
Signature generation and verification
Keypair generation
1464
ECDSA as per FIPS 186-4:
Keypair generation: curves B-233, B-283, B-409, B-571, K-
233, K-283, K-409, K-571, P-224, P-256, P-384, P-521
Signature Generation, Signature Verification:
curves B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-
571, P-224, P-256, P-384, P-521 (using SHA-224, SHA-256,
SHA-384 and SHA-512
For legacy use, the module supports curves B-163, K-163
and P-192 for signature verification
1544
DRBG as per NIST SP800-90:
Using CTR_DRBG_AES_256
2304
CKG as per NIST SP800-133 Vendor Affirmed
KBKDF per SP 800-108 in CTR mode using CMAC-AES128,
CMAC-AES-192 and CMAC-AES256
240
TPR0527J
12Dec18
This document can be reproduced and distributed only whole and intact,
including this copyright notice.
VaultIC 420/460 FIPS 140-2 Non-
Proprietary Security Policy
9
5. Ports and Interfaces
In accordance with FIPS 140-2 IG D.12, the cryptographic module performs Cryptographic Key
Generation (CKG) as per SP 800-133 (vendor affirmed). The resulting generated symmetric key
and the seed used in the asymmetric key generation are the unmodified output from SP800-
90A DRBG.
The cryptographic module supports the following non-FIPS Approved algorithms which are
allowed for use in FIPS mode.
4.4 Non-Approved, Non-Allowed Algorithms
The cryptographic module supports the following non-Approved algorithms to be used only in a
non-Approved mode of operation. No security claim is made in the current module for any of the
following non-Approved algorithms.
5. Ports and Interfaces
The module is a single-chip module with ports and interfaces as shown below.
Table 4-2. FIPS Allowed Algorithms used in VaultIC Module
FIPS Allowed Algorithm
Hardware NDRNG: Entropy source internal to the module’s
cryptographic boundary and used to seed the Approved
DRBG; It provides 276 bits of min-entropy to seed the
DRBG.
Table 4-3. Non-Approved, Non-Allowed Algorithms used in VaultIC Module
Non-FIPS Allowed Algorithm
HOTP as per RFC 4226
TOTP as per OATH Draft v5
2-Key Triple-DES Encrypt of bulk data
RSA Encrypt/Decrypt of bulk data as per PKCS#1 v2.1
ISO 9797 security functions:
DES, DES MAC, 2-Key Triple-DES, Triple-DES MAC (non-compliant)
Triple-DES 3-Key:
ECB, CBC, CFB-64, OFB modes
EDE and EEE schemes
AES Key Unwrapping - Key establishment methodology provides 128, 192 or 256 bits of security
strength
6. Identification and Authentication Policy
TPR0527J
12Dec18
10
This document can be reproduced and distributed only whole and intact,
including this copyright notice.
VaultIC 420/460 FIPS 140-2 Non-
Proprietary Security Policy
6. Identification and Authentication Policy
6.1 Assumption of Roles
The module supports three distinct operator roles, the User, the Administrator (Cryptographic
Officer) and the Manufacturer. The cryptographic module enforces the separation of roles using
identity based authentication mechanisms. It is identity based because the keys and passwords
used for authentication are unique to each other.
Authentication is based on the following:
Table 5-1. VaultIC Pins and FIPS 140-2 Ports and Interfaces
Pin FIPS 140-2 Designation Name and Description
SPI_SCK Control Input SPI Clock
ISO_CLK Control Input ISO7816 Clock
USB_XIN Control Input USB 2.0 Resonator Input
USB_XOUT Status Output USB 2.0 Resonator Output
RST Control Input CPU Reset
VCC Power Power Supply
GND Power Ground
SPI_MISO Status Output, Data Output SPI Master In Slave Out
SPI_MOSI Control Input, Data Input SPI Master Out Slave In
RTC_XIN Control Input RTC Quartz signal Input
RTC_XOUT Status Output RTC Quartz signal Output
VBAT Power RTC Power Supply
SPI_SS
I2C_SCL
Control Input
Control Input
SPI Slave Select
I2C Clock
SPI_SEL
I2C_SDA
ISO_IO0
Control Input
Control Input, Data Input, Data Output, Status Output
Control Input, Data Input, Data Output, Status Output
SPI or I2C selection
I2C Data line
ISO7816 Data line
USB_DM Control Input, Data Input, Data Output, Status Output USB D- Differential Data
USB_DP Control Input, Data Input, Data Output, Status Output USB D+ Differential Data
GPIO#0 to #4 Control Input, Data Input, Data Output GPIO / I2C Address
GPIO#5 to #7 Data Input, Data Output GPIO
TPR0527J
12Dec18
This document can be reproduced and distributed only whole and intact,
including this copyright notice.
VaultIC 420/460 FIPS 140-2 Non-
Proprietary Security Policy
11
6. Identification and Authentication Policy
Remark: When operator is locked (Lock Mechanism), authentication data, files and keys owned by this
operator are deleted. Folders owned by the operator are not deleted.
Table 6-1. Roles and Required Identification and Authentication
Role Description Authentication Type
Authentication
Data
Approved-
Administrator
(CO)
The administrator can
authenticate to manage the
approved roles authentication
data and perform approved-
only cryptographic operations
and key sizes
Secure Channel Protocol 03
SCP03 S-MAC
Static Key
Approved-
User (User)
A user is authenticated to
perform general security
services and approved-only
cryptographic operations and
key sizes
Secure Channel Protocol 03
SCP03 S-MAC
Static Key
Manufacturer
(Manuf)
The manufacturer can
personalize and configure the
chip.
Password
OR
Secure Channel Protocol 03
4 - 32 byte string
OR
SCP03 S-MAC
Static Key
Table 6-2. Strengths of Authentication Mechanisms
Authentication
Mechanism Strength of Mechanism
Secure Channel
Protocol 03
Based on knowledge of a 128, 192 or 256 bit AES Key (S-MAC)
AES CMAC provides 128 bits of security. The probability of a random attempt or
a false acceptance occurring is then 1 in 2128
which is less than 1 in 1,000,000.
For multiple attempts in a one minute period, the device will lock out after a
maximum of 127 failed authentication attempts. Therefore, the probability of a
random attempt succeeding within a one minute period is 127 in 2128
which is
less than 1 in 100,000.
Password
Based on knowledge of a hexadecimal string, between 4 and 32 bytes.
The highest probability of a random attempt or a false acceptance occurring is
then 1 in 232
which is less than 1 in 1,000,000.
For multiple attempts in a one minute period, the device will lock out after a
maximum of 127 failed authentication attempts. Therefore, the probability of a
random attempt succeeding within a one minute period is 127 in 232
which is
less than 1 in 100,000.
6. Identification and Authentication Policy
TPR0527J
12Dec18
12
This document can be reproduced and distributed only whole and intact,
including this copyright notice.
VaultIC 420/460 FIPS 140-2 Non-
Proprietary Security Policy
6.2 Authenticated Services
6.3 Unauthenticated Services
The cryptographic module supports the following unauthenticated services:
Table 6-3. Administrator, User and Manufacturer Services
Service Description
Initialize Update
Used for generation of session keys to setup secure channel and
authenticate its message contents
External Authenticate Allows transmission of authentication data
Manage Users
Authenticated administrator can add, delete or modify authentication data
of any approved operators.
Update Authentication
Data
Authenticated operator can update its own authentication data (change
password or static keyset)
Get Authentication Info
Returns authentication method, roles access, security level, number of
authentication attempts remaining, sequence counter
Cancel Authentication Returns module to un-authenticated state
Put Key Electronically enters keys (keys always encrypted in FIPS mode)
Read Key Electronically outputs keys (keys always encrypted in FIPS mode)
Delete Key Zeroizes keys
Initialize Algorithm
Initializes cryptographic algorithm with key and algorithm specific
parameters
Encrypt/Decrypt Message Performs data encryption/decryption of provided message
Generate/Verify Signature
Generates signature on incoming messages or verifies incoming message
and signature
Compute Message Digest Computes a digest of provided message
Generate Key Pair Internally generates public/private keypair
Generate Random Generates random data utilizing internal DRBG
GPIO command set Provides access to General Purpose I/O pin data (no CSP access)
File System Command set
Read/ Delete/ Modify files, folder, and access permissions of internal file
system (no CSP access)
Get Info (Get Status) Provides current status of the module, and returns FIPS mode indicator
Self-Tests Executes the suite of self-test
Set Status Changes the Life cycle state of the module
Set Config Changes internal parameters and settings of the module
Test Command set Dummy commands for integration testing purposes (no CSP access)
TPR0527J
12Dec18
This document can be reproduced and distributed only whole and intact,
including this copyright notice.
VaultIC 420/460 FIPS 140-2 Non-
Proprietary Security Policy
13
6. Identification and Authentication Policy
Table 6-4. Unauthenticated Services
Service Description
Initialize Update
Used for generation of session keys to setup secure channel and
authenticate its message contents
External Authenticate Allows transmission of authentication data
Get Authentication Info
Returns authentication method, roles access, security level, number of
authentication attempts remaining, sequence counter
Cancel Authentication Returns module to un-authenticated state
Generate Random
The random data generated by this service is not used by any other
internal service. It is considered to be user data. It is not CSP nor is it used
in the generation of any CSP or Key
General Purpose I/O Provides access to I/O pin data (no CSP access)
Get Info (Get Status) Provides current status of the module, and returns FIPS mode indicator
Self-Tests Executes the suite of self-test
6. Identification and Authentication Policy
TPR0527J
12Dec18
14
This document can be reproduced and distributed only whole and intact,
including this copyright notice.
VaultIC 420/460 FIPS 140-2 Non-
Proprietary Security Policy
6.4 Definition of Critical Security Parameters (CSPs)
The module contains the following CSPs:
Table 6-5. Private Keys and CSPs
Key Name Type Description Strength (bits)
SCP03 S-ENC Static Key
AES ECB, CBC, OFB, and
CTR (128, 192, or 256 bits)
and CFB-128
SCP03 static AES encryption key 128,192 or 256
SCP03 S-MAC Static Key
AES (128, 192, or 256 bits)
not used for encryption, to
be derivated for session
keys
SCP03 static AES MAC key 128,192 or 256
SCP03 C-MAC Session
Key
AES C-MAC(128, 192, or
256 bits)
SCP03 AES session key for authentication of
incoming data
128,192 or 256
SCP03 R-MAC Session
Key
AES C-MAC(128, 192, or
256 bits)
SCP03 AES session key for authentication of
outgoing data
128,192 or 256
SCP03 C-ENC Session
Key
AES (128, 192, or 256 bits) SCP03 AES session key for data encryption 128,192 or 256
AES Keys AES (128, 192, or 256 bits)
Used to encrypt/decrypt messages or generate
C-MACs
128,192 or 256
Seed and Seed Key Seed and Seed Key
Used to seed the FIPS Approved DRBG
(CTR_DRBG_AES256)
N/A
RSA Private Key RSA 2048 bits Used for RSA signature generation 112
RSA Private Key RSA 3072 bits Used for RSA signature generation 128
DSA Private Key DSA 2048 bits Used for DSA signature generation 112
ECDSA Private Key
ECDSA Key Pair
Generation: P224, P256,
P384, P521, K233, K283,
K409, K571, B233, B283,
B409, B571 (SHA-1, SHA-
224, SHA-256, SHA-384,
SHA -512)
Used for ECDSA key pair generation
112, 128, 192 or
256
ECDSA Private Key
ECDSA Sign: P224, P256,
P384, P521, K233, K283,
K409, K571, B233, B283,
B409, B571 (SHA-1, SHA-
224, SHA-256, SHA-384,
SHA -512)
Used for ECDSA signature generation
112, 128, 192 or
256
CTR_DRBG Key AES 256 bits Used for AES CTR DRBG encryption 256
CTR_DRBG V Initialisation Vector Used for AES CTR DRBG encryption 128
HMAC_Keys HMac Key Used for HMac computations
224, 256, 384 or
512
Manufacturer Password SHA-256 Hash
Used in creation state to authenticate the
manufacturer user
256
TPR0527J
12Dec18
This document can be reproduced and distributed only whole and intact,
including this copyright notice.
VaultIC 420/460 FIPS 140-2 Non-
Proprietary Security Policy
15
6. Identification and Authentication Policy
Those keys have the following security properties:
Table 6-6. Private Keys and CSPs
Key Name
Generation
/ Usage Storage Entry Output Destruction
SCP03 S-ENC Static Key
Externally
generated
Stored &
optionally
masked (1)
in
EEPROM
Plaintext during
personalization
at factory or
wrapped during
operation
Plaintext during
personalization
at factory or
wrapped during
operation
Zeroized when user
is deleted (or
locked when
bSecurityOption is
1). The Lock
mechanism is
described in the
remark below the
table 6.2
SCP03 S-MAC Static Key
Externally
generated
Stored &
optionally
masked in
EEPROM
Plaintext during
personalization
at factory or
wrapped during
operation
Plaintext during
personalization
at factory or
wrapped during
operation
Zeroized when user
is deleted (or
locked when
bSecurityOption is
1)
SCP03 C-MAC Session Key
SCP03 AES
session key
derived from
KDF 800-
108/ MAC
on incoming
data
Stored &
optionally
masked in RAM
N/A N/A
Zeroized when
secure channel is
closed
SCP03 R-MAC Session Key
SCP03 AES
session key
derived from
KDF 800-
108/ MAC
on outgoing
data
Stored &
optionally
masked in RAM
N/A N/A
Zeroized when
secure channel is
closed
SCP03 C-ENC Session Key
SCP03 AES
session key
derived from
KDF 800-
108/encrypti
on on
incoming
data.
Stored &
optionally
masked in RAM
N/A N/A
Zeroized when
secure channel is
closed
AES Keys
Generated
externally
Stored &
optionally
masked in
EEPROM
Plaintext during
personalization
at factory or
wrapped during
operation
Plaintext during
personalization
at factory or
wrapped during
operation
Delete key service
Seed and Seed Key
Internal
generation
with
hardware
TRNG
Stored in RAM N/A N/A
Zeroized upon
reboot
6. Identification and Authentication Policy
TPR0527J
12Dec18
16
This document can be reproduced and distributed only whole and intact,
including this copyright notice.
VaultIC 420/460 FIPS 140-2 Non-
Proprietary Security Policy
RSA Private Key
Generated
Internallyvia
FIPS
Approved
DRBG or
Generated
externally
Stored &
optionally
masked in
EEPROM
Plaintext during
personalization
at factory or
wrapped during
operation
Plaintext during
personalization
at factory or
wrapped during
operation
Delete key service
DSA Private Key
Generated
Internallyvia
FIPS
Approved
DRBG or
Generated
externally
Stored &
optionally
masked in
EEPROM
Plaintext during
personalization
at factory or
wrapped during
operation
Plaintext during
personalization
at factory or
wrapped during
operation
Delete key service
ECDSA Private Key
Generated
Internallyvia
FIPS
Approved
DRBG or
Generated
externally
Stored &
optionally
masked in
EEPROM
Plaintext during
personalization
at factory or
wrapped during
operation
Plaintext during
personalization
at factory or
wrapped during
operation
Delete key service
CTR_DRBG Key
Generated
Internallyvia
FIPS
Approved
DRBG or
Generated
externally
Stored &
optionally
masked in
EEPROM
Plaintext during
personalization
at factory or
wrapped during
operation
Plaintext during
personalization
at factory or
wrapped during
operation
Delete key service
CTR_DRBG V
Generated
Internallyvia
FIPS
Approved
DRBG or
Generated
externally
Stored &
optionally
masked in
EEPROM
Plaintext during
personalization
at factory or
wrapped during
operation
Plaintext during
personalization
at factory or
wrapped during
operation
Delete key service
HMAC_Keys
Generated
externally
Stored &
optionally
masked in
EEPROM
Plaintext during
personalization
at factory or
wrapped during
operation
Plaintext during
personalization
at factory or
wrapped during
operation
Delete key service
Manufacturer Password
Externally
generated
(Done in
factory)
SHA-256 Hash
stored in
EEPROM N/A N/A
Zeroized when user
is deleted (or
locked when
bSecurityOption is
1)
1. The Key is Xor-ed with random data in order to avoid having them in plaintext in memory; this obfuscation operation pro-
vides no FIPS approved or allowed security.
Table 6-6. Private Keys and CSPs
Key Name
Generation
/ Usage Storage Entry Output Destruction
TPR0527J
12Dec18
This document can be reproduced and distributed only whole and intact,
including this copyright notice.
VaultIC 420/460 FIPS 140-2 Non-
Proprietary Security Policy
17
6. Identification and Authentication Policy
6.5 Definition of Public Keys
The module contains the following public keys:
Table 6-7. Public Keys
Key Name Type Description
RSA Public Key RSA 1024 bits Used to verify RSA signatures (legacy use)
RSA Public Key RSA 2048 & 3072 bits Used to verify RSA signatures
DSA Public Key DSA 1024 bits Used to verify DSA signatures (legacy use)
DSA Public Key DSA 2048 bits Used to verify DSA signatures
ECDSA Public Key ECDSA 224+ curves Used to verify ECDSA signatures
ECDSA Public Key ECDSA 163+ curves Used to verify ECDSA signatures (legacy use)
6. Identification and Authentication Policy
TPR0527J
12Dec18
18
This document can be reproduced and distributed only whole and intact,
including this copyright notice.
VaultIC 420/460 FIPS 140-2 Non-
Proprietary Security Policy
6.6 Definition of CSPs Modes of Access
Table 6-8 defines the relationship between access to CSPs and the different module services.
The modes of access shown in the table are defined as:
• G = Generate: the module generates the CSP.
• R = Read: the module reads the CSP. The read access is typically performed before the
module uses the CSP.
• W = Write: the module writes the CSP. The write access is typically performed after a CSP is
imported into the module, or the module generates a CSP, or the module overwrites an
existing CSP.
• Z = Zeroize: the module zeroizes the CSP.
Table 6-8. CSP Access Rights within Roles & Services
Role Authorized Service Mode Cryptographic Key or CSP
User, CO,
Manuf
Initialize Update R
SCP03 S-ENC Static Key
SCP03 S-MAC Static Key
User, CO,
Manuf
Initialize Update G
SCP03 C-MAC Session Key
SCP03 R-MAC Session Key
SCP03 C-ENC Session Key
Seed and Seed Key
User, CO,
Manuf
External Authenticate R
SCP03 C-MAC Session Key
SCP03 R-MAC Session Key
SCP03 C-ENC Session Key
CO Manage Users W, Z
SCP03 S-ENC Static Key (W, Z)
SCP03 S-MAC Static Key (W, Z)
User, CO Update Authentication Data W
SCP03 S-ENC Static Key
SCP03 S-MAC Static Key
User, CO Put Key W
RSA private keys
DSA private keys
ECDSA private keys
AES keys
HMAC Keys
User, CO Read Key R
RSA private keys
DSA private keys
ECDSA private keys
AES keys
HMAC Keys
User, CO Delete Key Z
RSA private keys
DSA private keys
ECDSA private keys
AES keys
HMAC Keys
User, CO Encrypt / Decrypt R AES keys
User, CO Generate / Verify Signature R, G
RSA private keys (R, G)
DSA private keys (R, G)
ECDSA private keys (R, G)
AES keys (R)
HMAC Keys (R)
Seed and Seed Key (R)
User, CO Compute Message Digest N/A N/A
TPR0527J
12Dec18
This document can be reproduced and distributed only whole and intact,
including this copyright notice.
VaultIC 420/460 FIPS 140-2 Non-
Proprietary Security Policy
19
7. Operational Environment
7. Operational Environment
The FIPS 140-2 Area 6 Operational Environment requirements are not applicable because the
Module does not contain a modifiable operational environment.
User, CO Generate Key Pair G, W
RSA private keys
DSA private keys
ECDSA private keys
Seed and Seed Key
User, CO,
Manuf
Get Info N/A N/A
User, CO,
Manuf
Self-Tests R
RSA private keys
DSA private keys
ECDSA private keys
AES keys
HMAC Keys
Manuf Set Status Z
RSA private keys
DSA private keys
ECDSA private keys
AES keys
HMAC Keys
User, CO,
Manuf
Get Authentication Info N/A N/A
User, CO,
Manuf
Cancel Authentication Z
SCP03 C-MAC Session Key
SCP03 R-MAC Session Key
SCP03 C-ENC Session Key
User, CO Initialize Algorithm R
RSA private keys
DSA private keys
ECDSA private keys
AES keys
HMAC Keys
User, CO,
Manuf
Generate Random N/A N/A
User, CO,
Manuf
GPIO Command Set N/A N/A
User, CO,
Manuf
File System Command Set N/A N/A
CO Set Config N/A N/A
User, CO,
Manuf
Test Command Set N/A N/A
Table 6-8. CSP Access Rights within Roles & Services
Role Authorized Service Mode Cryptographic Key or CSP
8. Security Rules
TPR0527J
12Dec18
20
This document can be reproduced and distributed only whole and intact,
including this copyright notice.
VaultIC 420/460 FIPS 140-2 Non-
Proprietary Security Policy
8. Security Rules
The module design corresponds to the module's security rules. This section documents the
security rules enforced by the cryptographic module to implement the security requirements of
this FIPS 140-2 Level 3 module.
1. The cryptographic module shall provide three distinct operator roles. These are the
Approved User role, the Cryptographic Officer role and the Manufacturer role.
2. The cryptographic module shall provide identity-based authentication.
3. The cryptographic module shall clear previous authentications on power cycle.
4. When the module has not been placed in a valid role, the operator shall not have
access to any cryptographic services.
5. The cryptographic module shall perform the following tests
a. Power up Self-Tests
– Cryptographic algorithm tests
–AES Encrypt and Decrypt Known Answer Tests: ECB-128, CBC-128, OCB-
128, CFB-128, CMAC-128
–AES CMAC Known Answer Test (the generate/verify operations are
performed as part of the CMAC KAT)
–HMAC-SHA-1, -256 and -512 Known Answer Test
–DRBG Known Answer Test
–RSA Sign/Verify Known Answer Test
–DSA Sign/Verify Known Answer Test
–ECDSA Sign/Verify Known Answer Test
– Firmware Integrity Test - 16 bit CRC
b. Critical Functions Tests:
–Testing the Instantiate function
–Testing the Generate function
–Testing the Reseed function
c. Conditional Self-Tests
– Continuous Random Number Generator (RNG) test - performed on NDRNG and
DRBG, 128 bits
– DSA Pairwise Consistency Test
– RSA Pairwise Consistency Test
– ECDSA Pairwise Consistency Test
6. The operator shall be capable of commanding the module to perform the power-up self-
test by cycling power or resetting the module.
7. Power-up self tests do not require any operator action.
8. Data output shall be inhibited during key generation, self-tests, zeroization, and error
states.
9. Status information does not contain CSPs or sensitive data that if misused could lead to
a compromise of the module.
10. There are no restrictions on which keys or CSPs are zeroized by the zeroization
method.
11. The module does not support concurrent operators.
12. The module does not support a maintenance interface or role.
TPR0527J
12Dec18
This document can be reproduced and distributed only whole and intact,
including this copyright notice.
VaultIC 420/460 FIPS 140-2 Non-
Proprietary Security Policy
21
8. Security Rules
13. The module does not support manual key entry.
14. The module does not have any external input/output devices used for entry/output of
data.
15. The module does not enter or output plaintext CSPs.
16. The module does not output intermediate key values.
9. Physical Security Policy
TPR0527J
12Dec18
22
This document can be reproduced and distributed only whole and intact,
including this copyright notice.
VaultIC 420/460 FIPS 140-2 Non-
Proprietary Security Policy
9. Physical Security Policy
9.1 Physical Security Mechanisms
The VaultIC single-chip module has the following physical security mechanisms
• Environmental failure protection (EFP) features for temperature, voltage, internal clock
frequency, and duty cycle are provided by immediate reset circuitry.
• The removal-resistant coating with hardness and adhesion characteristics covers the single-
chip module, and attempts to peel or pry the coating from the module results in irreparable
damage to the module
• The shield removal detection circuitry results in reset upon an attempt to remove the metal
coating from the unit
• The removal-resistant coating has solvency characteristics such that dissolving the coating
has a high probability of seriously damaging the module
10. Mitigation of Other Attacks Policy
The module has been designed to mitigate against UV light attacks and DPA attacks, which are
outside of the scope of FIPS 140-2.
Referenced Documents
[R1] RSA Laboratories. PKCS#1 v1.5: RSA Cryptography Standard. March 1998.
[R2] RSA Laboratories. PKCS#1 v2.1: RSA Cryptography Standard. June 2004.
[R3] RSA Laboratories. PKCS#5 v2.0: Password-based Cryptography Standard. Mar 1999
[R4] RSA Laboratories. PKCS#7 v1.5: Cryptographic Message Syntax Standard. Nov 1993
[R5] RSA Laboratories. PKCS#11 v2.20: Cryptographic Token Interface Standard. Jun 2004
[R6] FIPS PUB 46-3. Data Encryption Standard (DES). October 1999.
[R7] FIPS PUB 186-4. Digital Signature Standard. July 2013.
[R8] FIPS PUB 180-4. Secure Hash Standard. March 2012.
[R9] FIPS PUB 140-2. Security requirements for Cryptographic Modules. May 2001.
[R10] FIPS PUB 196. Entity authentication using public key cryptography. Feb 1997.
Table 10-1. Mitigation of Other Attacks
Other Attacks Mitigation Mechanism Specific Limitations
UV Light Attacks
The module contains a UV light detector that will
trigger when the surface of the chip is submitted to a
certain cumulative UV light. Once this kind of attack is
detected, the device stays under infinite reset even
when the light source is removed.
N/A
Side Channel
Attacks (DPA)
It is not feasible to monitor current consumption to
determine the value of an algorithm's keys. Current
consumption has been designed and tested to be
equivalent for both a logic "0" or logic "1".
N/A
TPR0527J
12Dec18
This document can be reproduced and distributed only whole and intact,
including this copyright notice.
VaultIC 420/460 FIPS 140-2 Non-
Proprietary Security Policy
23
10. Mitigation of Other Attacks Policy
[R11] FIPS PUB 197. Advanced Encryption Standard. Nov 2001
[R12] FIPS PUB 198-1. The Keyed-Hash Message Authentication Code (HMAC). July 2007.
[R13] ISO9798-2 Entity authentication - Part 2: Mechanisms using symmetric encipherment
algorithms. July 1999.
[R14] ISO9797-1. Information technology -- Security techniques -- Message Authentication
Codes (MACs) -- Part 1: Mechanisms using a block cipher, 1999
[R15] ISO7816-3. Integrated Circuit Cards - Part 3: Cards with contacts: Electrical interface
and transmission protocols. Dec 2004.
[R16] ISO7816-4. Integrated Circuit Cards - Part 4: Organization, security and commands for
interchange. Sept 2004.
[R17] RFC 2459. Internet X509 Public Key Infrastructure Certificate and CRL profile Jan 1999
[R18] RFC 4226. HOTP: An HMAC-Based One-Time Password Algorithm. Dec 2005
[R19] ANSI X9.19
[R20] ANSI X9.31. Digital Signatures Using Reversible Public Key Cryptography for the Finan-
cial Services Industry (rDSA). 1998.
[R21] ANSI X9.62. Public Key Cryptography For The Financial Services Industry: The Elliptic
Curve Digital Signature Algorithm (ECDSA)©. 1998.
[R22] Philips®
- THE I2
C-BUS SPECIFICATION VERSION 2.1 - January 2000
[R23] Universal Serial Bus Specification Revision 2.0. April 2000
[R24] DWG - Specification for USB Integrated Circuit(s) Card Devices Revision 1.0. April 2005
[R25] DWG - Specification for Integrated Circuit(s) Cards Interface Devices Revision 1.1 April
2005
[R26] GlobalPlatform. Card specification v2.2. March 2006.
[R27] GlobalPlatform. Secure Channel Protocol 03 - Card Specification v2.2 Amendment D -
February 2009
[R28] Handbook of Applied Cryptography. ISBN: 0-8493-8523-7. Oct. 1996.
[R29] WISeKey. 6528B Secure your embedded devices - February 2011.
[R30] Microsoft®
- Smart Card Minidriver Specification for Windows®
Base Cryptographic Ser-
vice Provider (Base CSP) and Smart Card Key Storage Provider (KSP) Version
5.07 - Sept 2007
[R31] NIST SP 800-89 - Recommendation for Obtaining Assurances for Digital Signature
Applications - November 2006
[R32] NIST SP 800-108 - Recommendation for Key Derivation Using Pseudorandom Func-
tions, November 2008
[R33] NIST SP 800-38B - Recommendation for Block Cipher Modes of Operation: The CMAC
Mode for Authentication - June 2016
[R34] NIST SP 800-63 - Electronic Authentication Guideline - April 2006
[R35] NIST SP 800-90A Rev 1 - Recommendation for Random Number Generation Using
Deterministic Random Bit Generators - March 2007
Definitions and abbreviations
AES Advanced Encryption Standard algorithm as defined in FIPS PUB 197 [11]
Authentication An identification or entity authentication technique assures one party (the verifier), through acqui-
sition of corroborative evidence, of both the identity of a second party involved, and that the
second (the claimant) was active at the time the evidence was created or acquired. (From Hand-
book of Applied Cryptography [28])
Authenticity The property that data originated from its purported source.
ASSP Application Specific Standard Product
10. Mitigation of Other Attacks Policy
TPR0527J
12Dec18
24
This document can be reproduced and distributed only whole and intact,
including this copyright notice.
VaultIC 420/460 FIPS 140-2 Non-
Proprietary Security Policy
Brute force attack Hacking technique that consist in trying every character combination to guess a password.
CBC Cipher Block Chaining method applied to block ciphers
CFB Cipher Feedback Register chaining method applied to block ciphers
CMAC Cipher-based Message Authentication Code
CPU Central Processing Unit
Cryptographic key A bit string used as a secret parameter by a cryptographic algorithm. To prevent a key from
being guessed, keys need to be generated truly randomly and contain sufficient entropy.
DES Data Encryption Standard algorithm as defined in FIPS PUB 46-3 [6]
Device Any CPU with master or slave capability
DRBG Deterministic Random Bit Generator as defined in SP 800-90 [35]
Dictionary attack Hacking technique that consist in trying commonly used passwords to guess a password.
DSA Digital Signature Algorithm as defined in FIPS PUB 186-4 [7]
ECB Electronic Code Book chaining method applied to block ciphers
ECDSA Elliptic Curves DSA as defined in FIPS PUB 186-4 [7]
FIPS Federal Information Processing Standards
FIPS-Approved An algorithm or technique that is specified or adopted in FIPS.
HMAC Hash-based Message Authentication Code as defined in FIPS PUB 198 [12]
Host Entity that communicates (directly or not) with the device.
HOTP HMAC-based One Time Password algorithm as defined in RFC 4226 [18]
Integrity The property that received data has not been altered
ISO7816 Smart Card interface
MAC Message Authentication Code - A bit string of fixed length, computed by a MAC generation algo-
rithm, that is used to establish the authenticity and, hence, the integrity of a message.
Master The device that initiates and terminates a transmission. The Master also generates the clock for
synchronous interface.
NIST National Institute of Standards and Technology
OFB Output Feedback Register chaining method applied to block ciphers
OS Operating Systems
PKI Public Key Infrastructure
Receiver The device reading data from the bus
RSA Rivest Shamir Adleman algorithm
Seed (pseudo-)random number
SCP Secure Channel Protocol as defined by GlobalPlatform v2.2 [27]
SHA Secure Hash Algorithm as defined in FIPS PUB 180-4 [8]
Slave The device addressed by a master
Headquarters Product Contact
WISeKey
Arteparc de Bachasson - Bat A
Rue de la Carrière de Bachasson
CS 70025
13590 Meyreuil - France
Tel: +33 (0)4-42-370-370
Fax: +33 (0)4-42-370-024
Web Site
www.wisekey.com
Technical Support
support@wisekey.com
Sales Contact
sales@wisekey.com
Disclaimer: All products are sold subject to WISeKey Terms & Conditions of Sale and the provisions of any agreements made between WISeKey and the Cus-
tomer. In ordering a product covered by this document the Customer agrees to be bound by those Terms & Conditions and agreements and nothing contained in
this document constitutes or forms part of a contract (with the exception of the contents of this Notice). A copy of WISeKey's Terms & Conditions of Sale is avail-
able on request. Export of any WISeKey product outside of the EU may require an export Licence.
The information in this document is provided in connection with WISeKey products. No license, express or implied, by estoppel or otherwise, to any intellectual
property right is granted by this document or in connection with the sale of WISeKey products. EXCEPT AS SET FORTH IN WISEKEY'S TERMS AND CONDI-
TIONS OF SALE, WISEKEY OR ITS SUPPLIERS OR LICENSORS ASSUME NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR
STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, SATIS-
FACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL WISEKEY BE LIABLE FOR ANY DIRECT,
INDIRECT, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS
OF PROFITS, LOSS OF REVENUE, BUSINESS INTERRUPTION, LOSS OF GOODWILL, OR LOSS OF INFORMATION OR DATA) NOTWITHSTANDING THE
THEORY OF LIABILITY UNDER WHICH SAID DAMAGES ARE SOUGHT, INCLUDING BUT NOT LIMITED TO CONTRACT, TORT (INCLUDING NEGLIGENCE),
PRODUCTS LIABILITY, STRICT LIABILITY, STATUTORY LIABILITY OR OTHERWISE, EVEN IF WISEKEY HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES. WISeKey makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves
the right to make changes to specifications and product descriptions at any time without notice. WISeKey does not make any commitment to update the informa-
tion contained herein. WISeKey advises its customers to obtain the latest version of device data sheets to verify, before placing orders, that the information being
relied upon by the customer is current. WISeKey products are not intended, authorized, or warranted for use as critical components in life support devices, sys-
tems or applications, unless a specific written agreement pertaining to such intended use is executed between the manufacturer and WISeKey. Life support
devices, systems or applications are devices, systems or applications that (a) are intended for surgical implant to the body or (b) support or sustain life, and which
defect or failure to perform can be reasonably expected to result in an injury to the user. A critical component is any component of a life support device, system or
application which failure to perform can be reasonably expected to cause the failure of the life support device, system or application, or to affect its safety or
effectiveness.
The security of any system in which the product is used will depend on the system's security as a whole. Where security or cryptography features are mentioned
in this document this refers to features which are intended to increase the security of the product under normal use and in normal circumstances.
© WISeKey 2018. All Rights Reserved. WISeKey ®, WISeKey logo and combinations thereof, and others are registered trademarks or tradenames of WISeKey or
its subsidiaries. Other terms and product names may be trademarks of others.
The products identified and/or described herein may be protected by one or more of the patents and/or patent applications listed in related datasheets, such doc-
ument being available on request under specific conditions. Additional patents or patent applications may also apply depending on geographic regions.
GENERAL BUSINESS USE
DO NOT COPY
TPR0527J
12Dec18