Utimaco Safeware AG
CryptoServer 2000 Security Policy Version 1.1.4
Page 13
module.
·
List Files: Retrieve a list of all files stored in the flash file system of the module.
·
List Active Modules: List all currently active firmware modules.
·
List Operators: Read a list of all Cryptographic Users and Administrators.
·
End Session: Terminate a (Secure Messaging) session by invalidating the
respective session key.
·
Get Log File: Read a log file.
·
Get Memory Info: Return statistical information regarding the file system usage.
·
Echo: Communication test (echo input data).
·
Get Challenge: Generate and output a challenge (8 bytes random value) for usage
of the challenge/response mechanism with the next authenticated command.
·
Initiate Self Tests: At any time the execution of the self-tests required by FIPS
140-2 can be forced by performing a reset or power-cycle of the module. During
self-test execution no further command processing is possible.
·
Zeroize: Zeroize the cryptographic module including all firmware, data and
critical security parameters. This service will be executed if an external erase
input is given.
If the module is in a FIPS error state, only unauthenticated services that only output status and do
not
perform any cryptographic functions are available.
Definition of Critical Security Parameters (CSPs)
The following are CSPs contained in the module:
·
Master Key (TDES 24 bytes) KCS2
·
Session Key (volatile storage only)
·
Seed for Deterministic Random Number Generator (DRNG) (volatile storage only)
·
Seed Key for DRNG (volatile storage only).
The following CSPs are stored within the cryptographic module encrypted with the Master Key
KCS2 (TDES): (Note: These non-volatile CSPs are not subject to the zeroization requirement
since they are encrypted using TDES.)
·
RSA Private Sign Key
·
RSA Private Key Decryption Key
·
TDES Key Encryption Key