SafeNet, Inc. eSafenet eToken 5100, 5105, 5200, and 5205
FIPS 140-2 Security Policy
Document is Uncontrolled When Printed.
Page 1 of 20
1 Introduction
1.1 General
This document defines the Security Policy for the SafeNet, Inc. eToken module.
The module is tested in the following configurations:
SafeNet eToken 5100 - mini form factor, SmartCard interface
SafeNet eToken 5105 - midi form factor, SmartCard interface
SafeNet eToken 5200 - mini form factor, HID interface
SafeNet eToken 5205 - midi form factor, HID interface
This document contains a description of the Module, its interfaces and services, the intended operators
and the security policies enforced in the approved mode of operation.
The Module contains a Java Card applet suite implementing the SafeNet eToken functionality running on a
GlobalPlatform Java Card operating system running on an INSIDE Secure microcontroller.
The primary purpose of the Module is to provide security functions for the host application. This includes
authentication, digital signing, encryption and decryption.
The applications work with the Module through the SafeNet Authentication Client middleware: (SAC). The
SafeNet eToken Applet Suite is the on-card representative of the Card Holder. This provides a variety of
SAC services to the Card Holder.
This Security Policy is organized as follows:
Module Overview and general specification (Sections 1-4)
Platform FIPS 140-2 specification (Section 5)
eToken Applet Suite FIPS 140-2 specification (Section 6)
Other Module level FIPs 140-2 compliance information (Sections 7- 10)
Lists of acronyms and references
This organization reflects the structure of the Module and the use of a previously validated platform and
its associated specification and Security Policy information. The total set of CSPs, roles, authentication
methods and services is the superset of the Platform information in Section 5 and the eToken Applet Suite
information in Section 6.
1.2 High-Level Module Architecture
The Module is a single chip micro-controller packaged in four USB token configurations as described above.
The Module architecture consists of three high-level architectural components:
Platform (GlobalPlatform operational environment, inclusive of Card Manager and Javacard API)
SafeNet eToken Applet
Microsoft Smart Card Minidriver compliant Applet (has no security functionality)
The purpose of the GlobalPlatform operational environment is to provide common smart card operational
environment facilities and services in accordance with the GlobalPlatform Specification[Global Platform].
The Card Manager manages the Applet Suite Life Cycle state and card content. The Javacard API provides
a library of standard smartcard functionality.