Security Policy nToken Version: 4.6 Date: 29 October 2019 Copyright © 2019 nCipher Security Limited. All rights reserved. Copyright in this document is the property of nCipher Security Limited. It is not to be reproduced, modified, adapted, published, translated in any material form (including storage in any medium by electronic means whether or not transiently or incidentally) in whole or in part nor disclosed to any third party without the prior written permission of nCipher Security Limited neither shall it be used otherwise than for the purpose for which it is supplied. Words and logos marked with ® or ™ are trademarks of nCipher Security Limited or its affiliates in the EU and other countries. Information in this document is subject to change without notice. nCipher Security Limited makes no warranty of any kind with regard to this information, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. nCipher Security Limited shall not be liable for errors contained herein or for incidental or consequential damages concerned with the furnishing, performance or use of this material. Where translations have been made in this document English is the canonical language. nCipher Security Limited Registered Office: One Station Square, Cambridge, CB1 2GA, United Kingdom Registered in England No. 11673268 Page 2 of 36 Security Policy Contents 1 Purpose .........................................................................................................................................5 1.1 Initializing the nToken ............................................................................................................6 1.2 Using the nToken ...................................................................................................................7 2 Ports and Interfaces ......................................................................................................................8 3 Roles .............................................................................................................................................9 3.1 Unauthenticated .....................................................................................................................9 3.2 User .......................................................................................................................................9 3.3 Administrator ..........................................................................................................................9 4 Services available to each role ..................................................................................................10 4.1 Terminology .........................................................................................................................20 5 Keys .............................................................................................................................................21 5.1 Long term signing key ..........................................................................................................21 5.2 Module signing key ..............................................................................................................21 5.3 Module Keys ........................................................................................................................21 5.4 Key objects ..........................................................................................................................21 5.5 Archiving keys ......................................................................................................................22 5.6 Firmware Integrity Key .........................................................................................................22 5.7 Firmware Confidentiality Key ................................................................................................23 5.8 Master Feature Enable Key..................................................................................................23 5.9 DRBG Key ...........................................................................................................................23 6 Rules ............................................................................................................................................24 6.1 Identification and authentication ...........................................................................................24 6.1.1 Access Control ..........................................................................................................24 6.1.2 Access Control List ...................................................................................................24 6.1.3 Object re-use ............................................................................................................25 6.1.4 Error conditions .........................................................................................................25 6.1.5 Security Boundary .....................................................................................................25 6.1.6 Status information .....................................................................................................25 6.2 Operating a level 2 module in FIPS mode ............................................................................. 25 7 Physical security .........................................................................................................................27 Security Policy Page 3 of 36 7.1 Checking the module ...........................................................................................................27 8 Strength of functions ..................................................................................................................28 8.1 Object IDs ...........................................................................................................................28 8.2 Key Blobs .............................................................................................................................28 8.3 Feature Enable certificates ..................................................................................................28 8.4 Firmware Images .................................................................................................................28 8.5 Impath authentication ...........................................................................................................29 8.6 Derived Keys .......................................................................................................................29 9 Self Tests .....................................................................................................................................30 10 Supported Algorithms .......................................................................................................31 10.1 FIPS approved and allowed algorithms: ............................................................................... 31 10.1.1 Symmetric Encryption ..............................................................................................31 10.1.2 Hashing and Message Authentication ....................................................................... 31 10.1.3 Signature ..................................................................................................................32 10.1.4 Key Establishment ....................................................................................................32 10.1.5 Other .........................................................................................................................33 10.2 Non-FIPS Approved Algorithms ...........................................................................................33 10.2.1 Symmetric .................................................................................................................34 10.2.2 Asymmetric ...............................................................................................................34 10.2.3 Hashing and Message Authentication ....................................................................... 34 10.2.4 Other .........................................................................................................................34 Contact Us ..........................................................................................................................................35 Page 4 of 36 Security Policy 1 Purpose nToken is a FIPS 140-2 level 2 module designed to protect a DSA key used to authenticate a host computer to an nShield Connect. This authentication is made by signing a nonce message to prove to the nShield Connect that the session was instigated by a client running on the host. Though it inherits additional restricted HSM capabilities from the nShield family. The nShield nToken Hardware Security Modules are defined as multi-chip embedded cryptographic modules as defined by FIPS PUB 140-2. Unit ID Model Real Time Secure Potting EMC Crypto Number Clock Execution (epoxy classification Accelerator (RTC) Environment resin) NVRAM (SEE) nToken nC2023E- No No Yes A No 000 All modules are now supplied at build standard “N” to indicate that they meet the latest EU regulations regarding ROHS. The modules run firmware provided by nCipher Security. There is the facility for the factory to upgrade this firmware. In order to determine that the module is running the correct version of firmware they should use the New Enquiry service which reports