CMVP Main Page

Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules
1995-1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014,
All

Last Update: 6/26/2014

It is important to note that the items on this list are cryptographic modules. A module may either be an embedded component of a product or application, or a complete product in-and-of-itself. If the cryptographic module is a component of a larger product or application, one should contact the product or application vendor in order to determine how the product utilizes the embedded validated cryptographic module. There may be a larger number of security products or applications available which use an embedded validated cryptographic module, than the number of modules which are found in this list. In addition, other vendors, who are not found in this list, may incorporate a validated cryptographic module from this list embedded into their own products.

When selecting a module from a vendor, verify that the module is either the product or application itself (e.g. VPN, SmartCard, USB memory token, etc.) or the module is embedded in a larger product or application (e.g. toolkit, etc.). If the module is embedded in a product or application, ask the product or application vendor to provide a signed letter or statement affirming that the unmodified validated cryptographic module is integrated in the solution; the module provides all the cryptographic services in the solution; and provide reference to the modules validation certificate number from this listing.

NOTE1: Module descriptions are provided by the module vendors and have not been verified for accuracy by the CMVP. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-Approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (e.g. allowed or non-FIPS-Approved algorithms) have not been tested through the CMVP.

NOTE2: The operator of a cryptographic module is responsible for ensuring that the algorithms and key lengths are in compliance with the requirements of NIST SP 800-131A.

NOTE3: All questions regarding the implementation and/or use of any module located on the CMVP module validation lists should first be directed to the appropriate vendor point-of-contact (listed for each entry).

Please contact the CMVP if any errors are discovered or comments with suggestions for improvement of the validation listings.

Cert# Vendor / CST Lab Cryptographic Module
Module
Type
Val.
Date
Level / Description
84 Pitney Bowes, Inc.
35 Waterview Dr
Shelton, CT 06484
USA

-David Riley
TEL: 203-924-3500
FAX: 203-924-3385

CST Lab: NVLAP 100432-0

ClickStamp™ Online CCV
(ID: CCV assembly, ClickStamp™ Online CCV 1.40.5 and 1.40.23; KMS, K180034-AAA;
IBM 4758-001 Cert. #35)

Validated to FIPS 140-1

Security Policy

Hardware 12/22/1999;
08/21/2001
Overall Level: 3 

-Physical Security: Level 4 +EFP/EFT

-FIPS Approved algorithms: DSA/SHA-1 (Cert. #23); Triple-DES (vendor affirmed)

-Other algorithms: DES (Cert. #58); RSA

Multi-chip embedded

"The module provides security services to support the secure accounting and cryptographic functions necessary for value evidencing of electronic transactions, such as the United States Postal Service Information-Based Indicium Program (USPS IBIP)."
83 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0

Cylink Link Encryptor NRZ E1-75ohms and Link Encryptor RS-232
(Firmware versions 1.25 and 1.26)

Validated to FIPS 140-1

Security Policy

Hardware 12/22/1999;
12/04/2003;
10/18/2004
Overall Level: 2 

-Physical Security: Level 3
-Software Security: Level 3

-FIPS Approved algorithms: DSA/SHA-1 (Cert. #5); Triple-DES (DES Certs. #11 and #26, vendor affirmed)

-Other algorithms: DES (Certs. #11 and #26); Diffie-Hellman (key agreement)

Multi-chip standalone

"Cylink Link Encryptors secure sensitive data transmitted over high-speed, point-to-point communication links. The system supports synchronous, full-duplex data rates up to 2 Mbps over public and private data networks."
82 Motorola, Inc.
Secure Design Center
IL02 Room 0509A
1301 East Algonquin Rd
Schaumburg, IL 60196
USA

-Geoff Hobar
TEL: 847-576-9066
FAX: 847-538-2770

CST Lab: NVLAP 100432-0

ASTRO Subscriber Encryption Module
(Software versions 3.40, 3.43, 3.44, 3.46, 3.47 and 3.53a)

(When operated in FIPS mode by selection of the DES algorithm

Universal Crypto Module (UCM), (v3.44))

Revoked
DES Transition Ended

Security Policy

Hardware 12/22/1999;
03/30/2001;
08/17/2001;
10/04/2001;
05/15/2002;
09/10/2002
Overall Level: 1 

-Roles and Services: Level 2
-Software Security: Level 3

-FIPS Approved algorithms: Triple-DES (vendor affirmed)

-Other algorithms: DES; DES-XL; DVP-XL; DVI-XL; DVI-SPFL

Multi-chip embedded

"Encryption modules used in Motorola Astro™ Saber, Astro™ Spectra, Astro™ Consolette, and XTS3000 radios. Provides secure voice and data capabilities as well as APCO Over-the-Air-Rekeying and advanced key management."
81 IBM® Corporation
2455 South Rd
Mail Station P339
Poughkeepsie, NY 12601-5400
USA

-Helmy El-Sherif
TEL: 845-435-7033
FAX: 845-435-4092

CST Lab: NVLAP 100432-0

IBM 4758 PCI Cryptographic Coprocessor (Miniboot Layers 0 and 1)
(ID: PN IBM 4758-013, Miniboot 0 version B, Miniboot 1 version B)

Validated to FIPS 140-1

Security Policy

Hardware 11/29/1999 Overall Level: 3 

-Physical Security: Level 3 +EFP/EFT
-Cryptographic Module Specification: Level 4
-Module Interfaces: Level 4
-Roles and Services: Level 4
-Finite State Machine Model: Level 4
-Software Security: Level 4
-EMI/EMC: Level 4
-Self Tests: Level 4
-Key Management.: Level 4

-FIPS Approved algorithms: DSA/SHA-1 (Cert. #16); Triple-DES (vendor affirmed)

-Other algorithms: DES (Cert. #41); RSA

Multi-chip embedded

"The 4758 is a tamper-responding, programmable, cryptographic PCI card, containing CPU, encryption hardware, RAM, EEPROM, hardware random number generator, time of day clock, firmware, and software."
80 Dallas Semiconductor, Inc.
4401 Beltwood Pkwy
Dallas, TX 75244-3292
USA

-Mr. Dennis Jarrett
TEL: 972-371-4416

CST Lab: NVLAP 200002-0

DS1954B-006 Cryptographic iButton™
(ID: B7-V1.02)

(When using vendor-initialized SHA-1 in transaction group 1)
(Note: This validation supersedes validation certificate #63)


Validated to FIPS 140-1

Security Policy

Hardware 11/29/1999 Overall Level: 3 

-Physical Security: Level 3 +EFP

-FIPS Approved algorithms: SHA-1 (Cert. #8)

-Other algorithms: MD5; RSA

Multi-chip standalone

"Inside the steel perimeter, the secure accounting and cryptographic services are performed to meet the requirements of the United States Postal Service Information Based Indicia Program. See Cert. #41."
79 Motorola, Inc.
Secure Design Center
IL02 Room 0509A
1301 East Algonquin Rd
Schaumburg, IL 60196
USA

-Jennifer Mitchell
TEL: 847-576-7251

CST Lab: NVLAP 200002-0

KVL 3000
(Hardware version CLN6738B; Firmware version R02.50.00)

(When operated in FIPS mode by selection of the DES algorithm)

Revoked
DES Transition Ended

Security Policy

Hardware 11/29/1999 Overall Level: 1 

-FIPS Approved algorithms:

-Other algorithms: DES (Cert. #5); DES-XL; DVP-XL; DVI-XL; DVI-SPEL

Multi-chip standalone

"The KVL3000 Key Variable Loader is a battery-powered portable unit used to create, store, and transfer encryption keys used by Motorola's secure communications products. The KVL3000 supports the following Motorola encryption protocols: SECURENET™, Advanced SECURENET™, ASTRO™, and ASTRO™25 systems."
78 SPYRUS, Inc.
2355 Oakland Road
Suite 1
San Jose, CA 95131
USA

-Tom Dickens
TEL: 408-953-0700
FAX: 408-953-9835

CST Lab: NVLAP 200002-0

LYNKS Privacy Card
(Hardware version 2.0; firmware version 1.2)

(For services provided by the listed FIPS-Approved algorithms)

Validated to FIPS 140-1

Security Policy

Hardware 11/29/1999 Overall Level: 2 

-FIPS Approved algorithms: Skipjack (Cert. #1); DSA/SHA-1 (Cert. #1); Triple-DES (vendor affirmed)

-Other algorithms: DES (Cert. #50); RSA; Diffie-Hellman (key agreement); KEA; MD5

Multi-chip standalone

"The SPYRUS family of LYNKS Privacy Card tokens provides high performance, high assurance cryptographic processing in a personal, portable PC card form factor. The LYNKS Privacy Card product enables security- critical capabilities such as user authentication, message privacy and integrity, authentication, and secure storage in rugged, tamper-evident hardware."
77 Attachmate Corporation
424 Wards Corner Road
Loveland, OH 45140
USA

-Bill Evans
TEL: 513-794-8140

CST Lab: NVLAP 200002-0

CryptoConnect ETS
(Version 2.2.1)

(For services provided by the listed FIPS-Approved algorithms)

Validated to FIPS 140-1

Security Policy

Software 11/29/1999 Overall Level: 1 

-EMI/EMC: Level 3

-Operating System Security: Tested as meeting Level 1 with Microsoft Windows95, Windows98, and WindowsNT 4.0, with SP3 or later (single- user mode).

-FIPS Approved algorithms: Triple-DES (vendor affirmed); DSA/SHA-1 (Cert. #18)

-Other algorithms: DES (Cert. #46); RSA (encryption); RC2; RC4

Multi-chip standalone

"CryptoConnect ETS is an INFOConnect transport system that provides encryption of all data between Attachmate's PEP/UTS client and Unisys 2200/ClearPath/IX Systems."
76 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984

CST Lab: NVLAP 200002-0

Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enchanced Cryptographic Provider, and Enhanced Cryptographic Provider
(Version 5.0.2150.1)

(For services provided by the listed FIPS-Approved algorithms)

Validated to FIPS 140-1

Security Policy

Software 11/09/1999;
10/15/2007
Overall Level: 1 

-EMI/EMC: Level 3

-Operating System Security: Tested as meeting Level 1 with Microsoft Windows2000 (operated in single-user mode).

-FIPS Approved algorithms: Triple-DES (vendor affirmed); DSA/SHA-1 (Certs. #28 and 29); RSA (vendor affirmed)

-Other algorithms: DES (Certs. #65, 66, 67 and 68); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"These are general-purpose software-based cryptomodules. They provide services that enable application developers to utilize several different cryptographic algorithms and functions via the Microsoft CryptoAPI without knowing the underlying implementation."
75 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984

CST Lab: NVLAP 200002-0

Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enchanced Cryptographic Provider, and Enhanced Cryptographic Provider
(Version 5.0.1877.6 and 5.0.1877.7)

(For services provided by the listed FIPS-Approved algorithms)

Validated to FIPS 140-1

Security Policy

Software 11/09/1999;
10/15/2007
Overall Level: 1 

-EMI/EMC: Level 3

-Operating System Security: Tested as meeting Level 1 with Microsoft Windows95 and Windows98 (operated in single-user mode).

-FIPS Approved algorithms: Triple-DES (vendor affirmed); SHA-1 (Certs. #20 and 21); DSA/SHA-1 (Certs. #25 and 26); RSA (vendor- affirmed)

-Other algorithms: DES (Certs. #61, 62, 63 and 64); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"These are general-purpose software-based cryptomodules. They provide services that enable application developers to utilize several different cryptographic algorithms and functions via the Microsoft CryptoAPI without knowing the underlying implementation."
74 RedCreek Communications
3900 Newpark Mall Rd
Newark, CA 94056
USA

-Nicholas Brigman, Product Marketing
TEL: 510-795-6919

CST Lab: NVLAP 200002-0

Personal Ravlin
(Hardware v08; Firmware v3.32 Standard)

(For services provided by the listed FIPS-Approved algorithms)

Validated to FIPS 140-1

Security Policy

Hardware 11/04/1999 Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (vendor affirmed); DSA/SHA-1 (Cert. #22)

-Other algorithms: DES (Cert. #53); MD5

Multi-chip standalone

"The Personal Ravlin is a cost-effective network security solution. It addresses the needs of individual remote users who access corporations via cable, xDSL, and ISDN modems. It is also an ideal solution for network administrators who seek to establish private communications within a corporate intranet by providing security at the desktop level."
73 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0

Cylink Link Encryptor NRZ-L
(Firmware v1.25 and v1.26)

Validated to FIPS 140-1

Security Policy

Hardware 10/25/1999;
12/04/2003;
10/18/2004
Overall Level: 2 

-Physical Security: Level 3
-Software Security: Level 3

-FIPS Approved algorithms: DSA/SHA-1 (Cert. #5)

-Other algorithms: DES (Certs. #11 and #26); Triple-DES (allowed for US and Canadian Government use); Diffie-Hellman (key agreement)

Multi-chip standalone

"Cylink Link Encryptors secure sensitive data transmitted over high-speed, point-to-point communication links. The system supports synchronous, full-duplex data rates up to 2 Mbps over public and private data networks."
72 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0

Cylink Link Encryptor NRZ-H
(Firmware v1.25 and v1.26)

Validated to FIPS 140-1

Security Policy

Hardware 10/25/1999;
12/04/2003;
10/18/2004
Overall Level: 2 

-Physical Security: Level 3
-Software Security: Level 3

-FIPS Approved algorithms: DSA/SHA-1 (Cert. #5)

-Other algorithms: DES (Certs. #11 and #26); Triple-DES (allowed for US and Canadian Government use); Diffie-Hellman (key agreement)

Multi-chip standalone

"Cylink Link Encryptors secure sensitive data transmitted over high-speed, point-to-point communication links. The system supports synchronous, full-duplex data rates up to 2 Mbps over public and private data networks."
71 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0

Cylink Frame Encryptor CFE-L
(Firmware v4.02 and v4.04; Hardware revisions 4 and 5)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Hardware 09/13/1999;
12/04/2003;
10/18/2004
Overall Level: 3 

-Module Interfaces: Level 3*
-Roles and Services: Level 3*

*(Level 3 - Console interface disabled; Level 2 - Console interface enabled.)

-FIPS Approved algorithms: DSA/SHA-1 (Cert. #5)

-Other algorithms: DES (Certs. #11 and #20); Triple-DES (allowed for US and Canadian Government use); Diffie-Hellman (key agreement)

Multi-chip standalone

"Cylink Frame Encryptors secure sensitive data transmitted over high-speed, Frame Relay communication links."
70 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0

Cylink Frame Encryptor CFE-H
(Firmware v4.02 and v4.04; Hardware revisions 4 and 5)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Hardware 09/13/1999;
07/18/2002;
12/04/2003;
10/18/2004
Overall Level: 3 

-Module Interfaces: Level 3*
-Roles and Services: Level 3*

*(Level 3 - Console interface disabled; Level 2 - Console interface enabled.)

-FIPS Approved algorithms: DSA/SHA-1 (Cert. #5)

-Other algorithms: DES (Certs. #11 and #20); Triple-DES (allowed for US and Canadian Government use); Diffie-Hellman (key agreement)

Multi-chip standalone

"Cylink Frame Encryptors secure sensitive data transmitted over high-speed, Frame Relay communication links."
69 Mykotronx, Inc.
357 Van Ness Way
Suite 200
Torrance, CA 90501
USA

-Kevin Cook
TEL: 310-533-8100
FAX: 310-533-0527

CST Lab: NVLAP 100432-0

FORTEZZA Crypto Card
(Part Number 650000-2)

Validated to FIPS 140-1

Security Policy

Vendor Product Link
Hardware 09/13/1999 Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms: DSA/SHA-1 (Cert. #2); Skipjack (Cert. #2)

-Other algorithms: KEA

Multi-chip standalone

"The Mykotronx FORTEZZA card is a PC Card hardware token for advanced cryptography and authorization methods. The card incorporates the National Security Agency-certified CAPSTONE RISC-based cryptographic processor."
68 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984

CST Lab: NVLAP 200002-0

Base Cryptographic Provider, Enhanced Cryptographic Provider, Base DSS Cryptographic Provider, and DSS/Diffie-Hellman Enchanced Cryptographic Provider
(Version 5.0.1877.6 and 5.0.1877.7)

(For services provided by the listed FIPS-Approved algorithms and using Triple DES)

Validated to FIPS 140-1

Security Policy

Software 09/13/1999;
10/15/2007
Overall Level: 1 

-EMI/EMC: Level 3

-Operating System Security: Tested as meeting Level 1 with Microsoft WindowsNT 4.0 with Service Pack 6 (operated in single-user mode).

-FIPS Approved algorithms: SHA-1 (Certs. #20 and 21); DSA/SHA- 1 (Certs. #25 and 26); RSA (vendor affirmed)

-Other algorithms: DES (Certs. #61, 62, 63 and 64); Triple-DES (allowed for US and Canadian Government use); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"These are general-purpose software-based cryptomodules. They provide services that enable application developers to utilize several different cryptographic algorithms and functions via the Microsoft CryptoAPI without knowing the underlying implementation."
67 Admiral Secure Products, Ltd.
866 Mantle Crescent
Mississauga, Ontario L5V 2G3
Canada

-Alex Chartier
TEL: 905-542-3351

CST Lab: NVLAP 100432-0

CERTIFAX Fax Encryptor CF3102
(ID: firmware version 2.21)

(When operated in FIPS mode using the listed FIPS-approved algorithms, and Triple DES not valid for FS1000 interoperability)

Validated to FIPS 140-1

Security Policy

Firmware 09/13/1999;
10/24/2002
Overall Level: 3 

-Self Tests: Level 4

-FIPS Approved algorithms: SHA-1 (Cert. #15)

-Other algorithms: DES (Cert. #42); Triple-DES (allowed for US and Canadian Government use); ECDSA; ECMQV2; Diffie-Hellman (key agreement)

Multi-chip standalone

"CERTIFAX 3000 secures sensitive facsimile communications from inadvertent or intentional disclosure. CERTIFAX ensures faxes get to the intended recipient every time, that the contents are never disclosed to unauthorized parties, that the sender is who it claims to be, and that the message is always kept private and unaltered. CERTIFAX provides two-way authentication using Certicom's Elliptic Curve Cryptography, and strong encryption using Triple DES. CERTIFAX's secure mailbox memory provides storage and retrieval for incoming faxes, and CERTIFAX can support up to 99 secure Virtual Private Fax Networks. The CF3102 also implements a non-FIPS mode for communications with Certicom's Legacy Fax Secret 1000 fax encryptor."
66 Thales e-Security
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

-Juan C. Asenjo
TEL: 888-744-4976 x6202
FAX: 954-888-6211

CST Lab: NVLAP 200002-0

Datacryptor® 2000 (DC2K) Link / Channelized / Frame Relay
(Hardware Version Issue 2 Motherboard; Software Version 1.02.36)

(When key zeroization is enabled)

Validated to FIPS 140-1

Security Policy

Vendor Product Link
Hardware 09/08/1999;
01/08/2003;
05/19/2003;
10/13/2005
Overall Level: 3 

-FIPS Approved algorithms: DSA/SHA-1 (Cert. #24)

-Other algorithms: DES (Cert. #57); Triple-DES (allowed for US and Canadian Government use); Diffie-Hellman (key agreement)

Multi-chip standalone

"The Datacryptor 2000 is a stand-alone multi-chip cryptographic module that secures communications using signed Diffie-Hellman key exchange and Triple-DES encryption. The unit also provides integrated secure unit management capability employing the same techniques used for traffic encryption."
65 RedCreek Communications
3900 Newpark Mall Rd
Newark, CA 94056
USA

-Nicholas Brigman, Product Marketing
TEL: 510-795-6919

CST Lab: NVLAP 200002-0

Ravlin 10
(Hardware v 09; Software v 3.32 Radius)

(For services provided by the listed FIPS-Approved algorithms and using Triple DES)

Validated to FIPS 140-1

Security Policy

Hardware 09/08/1999 Overall Level: 2 

-FIPS Approved algorithms: DSA/SHA-1 (Cert. #22)

-Other algorithms: DES (Cert. #53); Triple-DES (allowed for US and Canadian Government use); MD5

Multi-chip standalone

"The Ravlin 10/5100 is a network security solution that performs encryption and decryption with a throughput of the theoretical maximum of Ethernet (or wire speed). Network administrators use it to establish private communications within secure intranets (between corporate divisions, workgroups, branch offices, and individuals) or within secure extranets (between customers, suppliers, and strategic partners). This may be done over private or public IP networks."
64 PGP Corporation
200 Jefferson Dr.
Menlo Park, CA 94025
USA

-Vinnie Moscaritolo
TEL: 650-319-9000
FAX: 650-319-9001

CST Lab: NVLAP 100432-0

PGP Cryptographic SDK
(Version 1.5)

(When operated in FIPS mode using the listed FIPS-approved algorithms and using Triple DES)

Validated to FIPS 140-1

Security Policy

Software 08/26/1999;
02/20/2003;
03/07/2008;
07/28/2008
Overall Level: 2 

-Operating System Security: Tested as meeting Level 2 with Compaq DeskPro 5/166 w/ WindowsNT Workstation 3.51 w/ Service Pack 4 (ITSEC-rated).

-FIPS Approved algorithms: DSA/SHA-1 (Cert. #20)

-Other algorithms: DES (Cert. #40); Triple-DES (allowed for US Government use); RSA, El Gamal; CAST5; IDEA; MD5; RIPEMD60; HMAC; Shamir Threshold Secret Sharing

Multi-chip standalone

"The PGP SDK provides all cryptographic and key management functionality for the PGP suite of products, including PGP Desktop Security, PGPnet VPN Client, PGPdisk and the PGP Certificate Server. This is a high-level toolkit for use with C/C++ applications on Windows. It also supports PGP/MIME, TLS, Certificate Server management, LDAP, and Blakely-Shamir Key Splitting, as well as many user interface components for simple integration into other applications. PGP SDK implements only strong cryptography, and the source code is published in book form for peer review."
63 Dallas Semiconductor, Inc.
4401 Beltwood Pkwy
Dallas, TX 75244-3292
USA

-Mr. Dennis Jarrett
TEL: 972-371-4416

CST Lab: NVLAP 200002-0

DS1954B Cryptographic iButton™
(ID: B7-V1.02)

(When using vendor-initialized SHA-1 in transaction group 1)
(Note: This validation is superseded by validation certificate #80)


Validated to FIPS 140-1

Security Policy

Hardware 08/26/1999 Overall Level: 3 

-Physical Security: Level 3 +EFP

-FIPS Approved algorithms: SHA-1 (Cert. #8)

-Other algorithms: MD5; RSA

Multi-chip standalone

"Inside the steel perimeter, the secure accounting and cryptographic services are performed to meet the requirements of the United States Postal Service Information Based Indicia Program. See Cert. #41."
62 Francotyp-Postalia
Triftweg 21-26
Birkenwerder, D-16547
Germany

-Andreas Wagner

CST Lab: NVLAP 100432-0

Francotyp-Postalia Security Module (FPSM)
(Software Version 1.1; Hardware Version 1.0)

(When operated in FIPS mode using using Triple DES)

Validated to FIPS 140-1

Security Policy

Hardware 08/17/1999 Overall Level: 2 

-Physical Security: Level 3
-Key Management: Level 3
-Module Interfaces: Level 3
-Software Security: Level 3
-Self Tests: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms:

-Other algorithms: DES (Cert. #59); Triple-DES (allowed for US Government use)

Multi-chip embedded

"The FPSM is a multi-chip embedded cryptomodule. The FPSM is embedded in Postage Meters and provides security services to support the secure accounting and cryptographic functions necessary to implement a value evidencing apparatus."
61 Kasten Chase Applied Research, Ltd.
5100 Orbitor Drive
Mississauga, Ontario L4W 4Z4
Canada

-Cyril Fernandes
TEL: 905-238-6900 x3310
FAX: 905-212-2003

CST Lab: NVLAP 200002-0

Palladium Secure Modem / FORTEZZA CryptoCard
(Hardware Version 1.5; Software Version p1.81)

Validated to FIPS 140-1

Security Policy

Hardware 08/11/1999 Overall Level: 1 

-EMI/EMC: Level 3

-FIPS Approved algorithms: DSA/SHA-1 (Cert. #2); Skipjack (Cert. #2)

-Other algorithms:

Multi-chip standalone

60 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984

CST Lab: NVLAP 200002-0

DSS/Diffie-Hellman Enhanced Cryptographic Provider
(Version 5.0.1998.1)

(For services provided by the listed FIPS-Approved algorithms and using Triple DES)

Validated to FIPS 140-1

Security Policy

Software 08/05/1999;
10/15/2007
Overall Level: 1 

-EMI/EMC: Level 3

-Operating System Security: Tested as meeting Level 1 with Microsoft WindowsNT 4.0 with Service Pack 4 (operated in single-user mode).

-FIPS Approved algorithms: DSA/SHA-1 (Cert. #17)

-Other algorithms: DES (Cert. #45); Triple-DES (allowed for US Government use); RC2; RC4; MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"Microsoft's DSSENH is a general-purpose software-based cryptographic module. It provides services that enable application developers to utilize several different cryptographic algorithms and functions via the Microsoft CryptoAPI without knowing the underlying implementation."
59 Admiral Secure Products, Ltd.
866 Mantle Crescent
Mississauga, Ontario L5V 2G3
Canada

-Alex Chartier
TEL: 905-542-3351

CST Lab: NVLAP 100432-0

CERTIFAX Fax Encryptor CF3002 and CF3003
(ID: firmware version 2.20)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Firmware 08/05/1999;
10/24/2002
Overall Level: 3 

-Self Tests: Level 4

-FIPS Approved algorithms: SHA-1 (Cert. #15)

-Other algorithms: DES (Cert. #42); Triple-DES (allowed for US Government use); ECDSA; ECMQV2; Diffie-Hellman (key agreement)

Multi-chip standalone

"CERTIFAX 3000 secures sensitive facsimile communications from inadvertent or intentional disclosure. CERTIFAX ensures faxes get to the intended recipient every time, that the contents are never disclosed to unauthorized parties, that the sender is who it claims to be, and that the message is always kept private and unaltered. CERTIFAX provides two-way authentication using Certicom's Elliptic Curve Cryptography, and strong encryption using Triple DES. CERTIFAX's secure mailbox memory provides storage and retrieval for incoming faxes, and CERTIFAX can support up to 99 secure Virtual Private Fax Networks."
58 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Randy Kun
TEL: 613-723-5077
FAX: 613-723-5078

CST Lab: NVLAP 200017-0

LunaCAł
(Firmware versions 3.2, 3.9 and 3.93)

(For services provided by the listed FIPS-Approved algorithms and using Triple DES)

Validated to FIPS 140-1

Security Policy

Hardware 08/05/1999;
09/14/2001;
10/18/2004
Overall Level: 3 

-FIPS Approved algorithms: DSA/SHA-1 (Cert. #13); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #32); Triple-DES (allowed for US Government use); CAST; CAST3; CAST5; RC2; RC4; MD2; MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

57 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Randy Kun
TEL: 613-723-5077
FAX: 613-723-5078

CST Lab: NVLAP 200017-0

LunaCA
(Firmware version 3.2)

(For services provided by the listed FIPS-Approved algorithms and using Triple DES)

Validated to FIPS 140-1

Security Policy

Hardware 08/05/1999;
10/18/2004
Overall Level: 2 

-Software Security: Level 3
-Self Tests: Level 3

-FIPS Approved algorithms: DSA/SHA-1 (Cert. #13); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #32); Triple-DES (allowed for US Government use); CAST; CAST3; CAST5; RC2; RC4; RC5; MD2; MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"LunaCA is a hardware crypto engine for identification and authentication (I&A) and digital signing; supports encryption/decryption and random number generation. Its target is certification authority systems that require a secure key generation and signing capability. LunCA is a token based on the PCMCIA standard - now known as PC Card."
56 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Randy Kun
TEL: 613-723-5077
FAX: 613-723-5078

CST Lab: NVLAP 200017-0

Luna2
(Firmware versions 3.2 and 3.9)

(For services provided by the listed FIPS-Approved algorithms and using Triple DES)

Validated to FIPS 140-1

Security Policy

Hardware 08/08/1999;
09/14/2001;
10/18/2004
Overall Level: 2 

-Software Security: Level 3
-Self Tests: Level 3

-FIPS Approved algorithms: DSA/SHA-1 (Cert. #13); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #32); Triple-DES (allowed for US Government use); CAST; CAST3; CAST5; RC2; RC4; RC5; MD2; MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"Luna2 is a hardware crypto engine for identification and authentication (I&A) and digital signing; supports encryption/decryption and random number generation. Its target is certification authority systems that require a secure key generation and signing capability. Luna2 is a token based on the PCMCIA standard - now known as PC Card."
55 Admiral Secure Products, Ltd.
866 Mantle Crescent
Mississauga, Ontario L5V 2G3
Canada

-Alex Chartier
TEL: 905-542-3351

CST Lab: NVLAP 200002-0

Elliptic Curve Security Module (CLv)
(Hardware version R4, firmware version R1.4.1)

Validated to FIPS 140-1

Security Policy

Hardware 06/21/1999;
10/24/2002
Overall Level: 2 

-FIPS Approved algorithms: DSA/SHA-1 (Cert. #19)

-Other algorithms: DES (Cert. #51); Triple-DES (allowed for US Government use); EC-DH

Multi-chip embedded

54 TimeStep Corporation
359 Terry Fox Dr
Kanata, Ontario K2K 2E7
Canada

-Brett Howard
TEL: 613-599-3610 x4554
FAX: 613-599-3617

CST Lab: NVLAP 200017-0

PERMIT/Gate 2520™ Cryptographic Module
(Hardware version 1.20)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Hardware 06/15/1999 Overall Level: 2 

-Software Security: Level 3

-FIPS Approved algorithms: DSA/SHA-1 (Cert. #21)

-Other algorithms: DES; Triple-DES (allowed for US Government use); MD5

Multi-chip standalone

"PERMIT/Gate 2520™ is a high-speed VPN component of the PERMIT™ Enterprise product suite. It is a tamper-resistant gateway that secures data communications for Intranets, Extranets, and Internet remote access. The 2520 has 4Mbps throughput."
53 TimeStep Corporation
359 Terry Fox Dr
Kanata, Ontario K2K 2E7
Canada

-Brett Howard
TEL: 613-599-3610 x4554
FAX: 613-599-3617

CST Lab: NVLAP 200017-0

PERMIT/Gate 4520™ Cryptographic Module
(Hardware version 1.20)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Hardware 06/15/1999 Overall Level: 2 

-Software Security: Level 3

-FIPS Approved algorithms: DSA/SHA-1 (Cert. #21)

-Other algorithms: DES; Triple-DES (allowed for US Government use); MD5

Multi-chip standalone

"PERMIT/Gate 4520™ is a high-speed VPN component of the PERMIT™ Enterprise product suite. It is a tamper-resistant gateway that secures data communications for Intranets, Extranets, and Internet remote access. The 4520 has 10Mbps throughput. The 4520 is the same as the 2520, except that the 4520 has a faster CPU, running at a higher bus frequency."
52 Admiral Secure Products, Ltd.
866 Mantle Crescent
Mississauga, Ontario L5V 2G3
Canada

-Alex Chartier
TEL: 905-542-3351

CST Lab: NVLAP 100432-0

CERTIFAX Fax Encryptor CF3001
(ID: firmware version 2.2)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Hardware 06/15/1999;
10/24/2002
Overall Level: 3 

-Self Tests: Level 4

-FIPS Approved algorithms: SHA-1 (Cert. #15)

-Other algorithms: DES (Cert. #42); Triple-DES (allowed for US Government use); ECDSA; ECMQV2

Multi-chip standalone

"CERTIFAX 3000 secures sensitive facsimile communications from inadvertent or intentional disclosure. CERTIFAX provides two-way authentication using Certicom's Elliptic Curve Cryptography, and strong encryption using Triple DES. CERTIFAX can support up to 99 secure Virtual Private Fax Networks."
51 Pitney Bowes, Inc.
1 Elmcroft Rd
Stamford, CT 06926-0700
USA

-Frederick W. Ryan, Jr.
TEL: 203-924-3500
FAX: 203-924-3385

CST Lab: NVLAP 100432-0

Clickstamp
(Part #P200, Version AAA; Version AAB - 03/15/2000)

(Validated only for the DES MAC authenticated services: Credit, Put IBIP Data, and Zeroize Keys)

Revoked
DES Transition Ended

Security Policy

Hardware 05/10/1999 Overall Level: 3 

-FIPS Approved algorithms: SHA-1 (Cert. #11)

-Other algorithms: DES (Cert. #35); RSA

Multi-chip standalone

"The module provides security services to support the secure accounting and cryptographic functions necessary for value evidencing of electronic transactions, such as the United States Postal Service Information-Based Indicium Program (USPS IBIP)."
50 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200002-0

BSAFE Crypto-C Toolkit, Version 4.11
(Software Version 4.11)

(For services provided by the listed FIPS-Approved algorithms and using Triple DES)

Validated to FIPS 140-1

Security Policy

Software 04/29/1999;
01/04/2008;
10/16/2008;
09/07/2010;
03/28/2011;
01/24/2013
Overall Level: 1 

-EMI/EMC: Level 3

-FIPS Approved algorithms: DSA/SHA-1 (Cert. #18)

-Other algorithms: DES (Cert. #46); Triple-DES (allowed for US Government use); RSA; MD2; MD5; HMAC; DESX; RC2; RC4; Elliptic Curve (F2&Fp); Elliptic Curve Encryption Scheme; Elliptic Curve DSA; Bloom-Shamir

Multi-chip standalone

"Cryptographic Toolkit provides cryptographic services to calling applications."
49 Intel Network Systems, Inc.
2 Eva Road
Suite 220
Toronto, Ontario M9C 2A8
Canada

-Robert Eng
TEL: 416-622-8987
FAX: 416-622-7577

CST Lab: NVLAP 200017-0

LAN Rover VPN Gateway (LRVG) V6.59
(Firmware version V6.59)

Validated to FIPS 140-1

Security Policy

Hardware 04/28/1999 Overall Level: 2 

-Software Security: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: SHA-1 (Cert. #18)

-Other algorithms: DES; Triple-DES (allowed for US Government use)

Multi-chip standalone

"The LRVG is a network packet encryption device which incorporates firewall and tunneling functionality compatible with a variety of protocols over Ethernet, V.35, and RS-232."
48 SPYRUS, Inc.
2355 Oakland Road
Suite 1
San Jose, CA 95131
USA

-Tom Dickens
TEL: 408-953-0700
FAX: 408-953-9835

CST Lab: NVLAP 200002-0

FORTEZZA Crypto Card
(Hardware Version 0.1, Firmware v0.5, v0.6 and v0.7)

Jumbo FORTEZZA Crypto Card
(Hardware Version 0.2, Firmware vA1)

Validated to FIPS 140-1

Security Policy

Hardware 04/23/1999;
05/14/2001;
06/18/2003
Overall Level: 2 

-FIPS Approved algorithms: Skipjack (Cert. #1); DSA/SHA-1 (Cert. #1)

-Other algorithms: KEA

Multi-chip standalone

"SPYRUS's FORTEZZA is a PC Card that is used to provide cryptographic services."
47 Netscape Communications Corporation
6905 Rockledge Dr
Suite 820
Bethesda, MD 20817
USA

-Ed Hicks
TEL: 301-571-3900

-Mitch Green

CST Lab: NVLAP 100432-0

Netscape Security Module 1.01
(ID: fipscm_v1.01)

(When operated in FIPS mode and when correctly implementing the tamper evident mechanism specified in the security policy.)

Validated to FIPS 140-1
Not Available

Security Policy

Software 03/17/1999 Overall Level: 2 

-Physical Security: Level 2

-Operating System Security: Tested as meeting Level 2 with Sun Ultra-5 w/ Sun Trusted Solaris version 2.5.1 (ITSEC-rated).

-FIPS Approved algorithms: DSA/SHA-1 (Cert. #14); RSA (vendor affirmed)

-Other algorithms: DES (Certs. #33 and #34); Triple-DES (allowed for US Government use); RC2; RC4; MD2; MD5

Multi-chip standalone

"Security module used in various Netscape products."
46 SPYRUS, Inc.
2355 Oakland Road
Suite 1
San Jose, CA 95131
USA

-Tom Dickens
TEL: 408-953-0700
FAX: 408-953-9835

CST Lab: NVLAP 200002-0

LYNKS Metering Device (LMD)
(Firmware version 9012)

Validated to FIPS 140-1

Security Policy

Hardware 03/17/1999 Overall Level: 2 

-Physical Security: Level 3 +EFT

-FIPS Approved algorithms: Skipjack (Cert. #1); DSA/SHA-1 (Cert. #1)

-Other algorithms:

Multi-chip standalone

45 Netscape Communications Corporation
6905 Rockledge Dr
Suite 820
Bethesda, MD 20817
USA

-Ed Hicks
TEL: 301-571-3900

-Mitch Green

CST Lab: NVLAP 100432-0

Netscape Security Module 1.01
(ID: fipscm_v1.01)

(When operated in FIPS mode)

Validated to FIPS 140-1
Not Available

Security Policy

Software 03/17/1999 Overall Level: 1 

-Operating System Security: Tested as meeting Level 1 for WindowsNT 4.0 workstation (single-user mode).

-FIPS Approved algorithms: DSA/SHA-1 (Cert. #14); RSA (vendor affirmed)

-Other algorithms: DES (Certs. #33 and #34); Triple-DES (allowed for US Government use); RC2; RC4; MD2; MD5

Multi-chip standalone

"Security module used in various Netscape products."
44 M/A Com, Inc.
221 Jefferson Ridge Parkway
Lynchburg, VA 24501
USA

-John Casler
TEL: 434-455-6600
FAX: 434-455-6851

CST Lab: NVLAP 200002-0

Aegis MR-K I and II System/Scan Radios
VHF range: 136-174 MHz
UHF range: 378-500 MHz
800 range: 806-870 MHz

(Hardware Versions: PK1GEXE, PK1PEXE, PK1XEXE, PK18EXE, PK2GEXE, PK2PEXE, PK2XEXE, PK28EXE, PK3GEXE, PK3PEXE, PK3XEXE, PK38EXE, (SYSTEM) PK2NEXE, (SCAN) PK3NEXE; Software Load: CXC 112 1279/1, Version: M2G30408)

Revoked
DES Transition Ended

Security Policy

Hardware 03/04/1999;
11/16/2001;
12/06/2001;
04/05/2002;
03/07/2003;
03/13/2003
Overall Level: 1 

-FIPS Approved algorithms:

-Other algorithms: DES (04/22/1994)

Multi-chip standalone

"The M-RK II System/Scan (AEGIS) and M-RK I handheld personal portable two-way FM radio is a high-quality, high performance FM radio. The radio is synthesized and operates in both trunked (EDACS™) and conventional communications systems. The trunked mode allows selection of either a communications group or an individual radio within a system. Both the selected group and the individual radio are secured through AEGIS digital signaling and DES encryption."
43 SafeNet, Inc.
4690 Millennium Drive
Suite 300
Belcamp, MD 21017
USA

-Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 100432-0

Turbo Crypto Card (TCC), v09, 14.04
(Part#: AB-14094-050-09)

Validated to FIPS 140-1

Security Policy

Hardware 02/17/1999;
12/04/2003;
10/18/2004
Overall Level: 1 

-EMI/EMC: Level 3

-FIPS Approved algorithms: DSA/SHA-1 (Cert. #5)

-Other algorithms: DES (Certs. #11and #20); Diffie-Hellman (key agreement)

Multi-chip embedded

"Turbo Crypto Card is used in a variety of Cylink's host encryption products, including the Secure Frame Unit (SFU) and the Secure Domain Unit (SDU)."
42 Fortress™ Technologies, Inc.
2 Technology Park Dr
Westford, MA 01886-3140
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200002-0

Segmented NetFortress™ GVPN-S
(Version - 1)

(When factory configured in FIPS mode and using Triple-DES)

Validated to FIPS 140-1

Security Policy

Hardware 01/27/1999;
03/26/2010;
05/17/2013
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms:

-Other algorithms: DES (Cert.#23); Triple-DES (allowed for US Government use); IDEA

Multi-chip standalone

"VPN Encryptor."
41 Dallas Semiconductor, Inc.
4401 Beltwood Pkwy
Dallas, TX 75244-3292
USA

-Mr. Dennis Jarrett
TEL: 972-371-4416

CST Lab: NVLAP 200002-0

DS1954B Cryptographic iButton™
(ID: B4-V1.02)

(When using vendor-initialized SHA-1 in transaction group 1)

Validated to FIPS 140-1

Security Policy

Hardware 01/26/1999 Overall Level: 3 

-Physical Security: Level 3 +EFP

-FIPS Approved algorithms: SHA-1 (Cert. #8)

-Other algorithms: MD5; RSA

Multi-chip standalone

"Provides hardware cryptographic services (e.g., secure private key storage, high-speed math accelerator for 1024-bit public key crypto, hashing). Services are provided using a single silicon chip packaged in a 16mm stainless steel case. Can be worn or attached to an object for info at point of use. Can withstand harsh outdoor environments and is durable for everyday wear."
40 IBM® Corporation
2455 South Rd
Mail Station P371
Poughkeepsie, NY 12601-5400
USA

-Clark D. Norberg
TEL: 845-435-6434
FAX: 845-435-1858

-Phil C. Yeh

CST Lab: NVLAP 100432-0

IBM S/390 CMOS Cryptographic Coprocessor
(ID: IBM Part #s 88H3637 and 29L3659)

(When configured for External Key Entry)

Validated to FIPS 140-1

Security Policy

Hardware 01/07/1999 Overall Level: 4 

-FIPS Approved algorithms: DSA/SHA-1 (Cert. #4, 12); RSA (internal use)

-Other algorithms: DES (Certs. #7 and 29); Triple-DES (allowed for US Government use); CDM; MDC-2; MDC-4; Diffie-Hellman (key agreement); ANSI: X3106, X99, X919

Single-chip

"Encryption module for S/390 CMOS Enterprise Server family."


Need Assistance?