background image
Athena Smartcard Inc. IDProtect Key with LASER PKI
FIPS 140-2 Security Policy
Athena Smartcard Inc. Public Material
Version 1.0
Page 8 of 32
Copyright Athena Smartcard Inc., 2012
3 Hardware and Physical Cryptographic Boundary
The Module is a single-chip implementation that meets commercial-grade specifications for power,
temperature, reliability, and shock/vibrations. The Module is a USB token with two package options, as
shown in Figures 1 and 2. The physical boundary of the module is the outer enclosure of the token and the
USB connector. The single chip is packaged in an 8 pin SOIC with standard passivation techniques,
mounted on a PCB assembly with the SOIC package covered in epoxy, and further protected by a hard
enclosure for both package types. The PCB assembly includes only the single IC; the passives, crystal
resonator, PCB assembly and the USB token cap are excluded from the security requirements.
If malfunctioning or misused, the excluded components cannot cause a compromise under any reasonable
condition. The cap is cosmetic with no security function. Opacity is provided in multiple layers, including
the opaque epoxy, the SOIC package and layers of active and passive shielding (metal layer coverings
opaque to the circuitry below) on the die. Enclosure hardness is provided in multiple layers, including the
outer enclosure, the epoxy and the SOIC package. Tamper evidence is provided by the outer enclosure:
the tamper evidence inspection policy is described below. The die's active shielding provides a tamper
response mechanism: a tamper event detected by the active shield places the Module permanently in the
"Tamper is detected" error state. The Module also provides a transport key to protect against tampering
during manufacturing and the protections listed in Section 10 below.
The Module hardware and physical cryptographic boundary is pictured below:
Figure 1 ­ TIDPTMINI72 Hardware and Physical Cryptographic Boundary
Figure 2 ­ TIDPUSBV2J Hardware and Physical Cryptographic Boundary
Note that for the TIDPUSBV2J the color of the collar and/or the embossed brand name may be different.
This does not change the physical security or the part number.