CMVP Main Page

Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules

Historical, 1995-1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016
All

Last Updated: 11/29/2016

It is important to note that the items on this list are cryptographic modules. A module may either be an embedded component of a product or application, or a complete product in-and-of-itself. If the cryptographic module is a component of a larger product or application, one should contact the product or application vendor in order to determine how the product utilizes the embedded validated cryptographic module. There may be a larger number of security products or applications available which use an embedded validated cryptographic module, than the number of modules which are found in this list. In addition, other vendors, who are not found in this list, may incorporate a validated cryptographic module from this list embedded into their own products.

When selecting a module from a vendor, verify that the module is either the product or application itself (e.g. VPN, SmartCard, USB memory token, etc.) or the module is embedded in a larger product or application (e.g. toolkit, etc.). If the module is embedded in a product or application, ask the product or application vendor to provide a signed letter or statement affirming that the unmodified validated cryptographic module is integrated in the solution; the module provides all the cryptographic services in the solution; and provide reference to the modules validation certificate number from this listing.

NOTE1: Module descriptions are provided by the module vendors and have not been verified for accuracy by the CMVP. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-Approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (e.g. allowed or non-FIPS-Approved algorithms) have not been tested through the CMVP.

NOTE2: The operator of a cryptographic module is responsible for ensuring that the algorithms and key lengths are in compliance with the requirements of NIST SP 800-131A.

NOTE3: All questions regarding the implementation and/or use of any module located on the CMVP module validation lists should first be directed to the appropriate vendor point-of-contact (listed for each entry).

Please contact the CMVP if any errors are discovered or comments with suggestions for improvement of the validation listings.

Cert#Vendor / CST LabCryptographic ModuleModule
Type
Val.
Date
Level / Description
282Motorola, Inc.
1301 E. Algonquin Road
Schaumburg, IL 60196
USA

Kirk Mathews
TEL: 847-576-4101
FAX: 847-538-2770

CST Lab: NVLAP 100432-0
ASTRO Subscriber Universal Crypto Module
(Hardware Versions: P/Ns NTN9801B, NTN9738C, NNTN5032D, NNTN5032G, 0104020J49, 0104020J50, 0104020J51, 0104024J43, 0104024J44, 0104024J45, 0104025J11 and 0104025J12; Firmware Versions: R05.00.13, R05.02.00, R05.02.02, R05.03.00, R05.04.01 and R05.05.01)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware12/20/2002
05/30/2003
06/11/2003
11/26/2003
12/24/2003
03/30/2004
07/27/2004
01/13/2006
12/19/2006
Overall Level: 1

-Roles, Services, and Authentication: Level 2

-FIPS Approved algorithms: Triple-DES (Cert. #82); AES (Cert. #2)

-Other algorithms: DES (Cert. #151); DES MAC; SHA-1; AES MAC (Cert #2, P25 AES OTAR, vendor affirmed)

Multi-chip embedded

"Encryption modules used in Motorola ASTRO™ family of radios provides secure voice and data capabilities as well as APCO Over-the-Air-Rekeying (OTAR) and advanced key management."
281V-ONE Corporation, Inc.
20250 Century Blvd.
Suite 300
Germantown, MD 20874
USA

Chris Brook
TEL: 301-515-5242
FAX: 301-515-5280

CST Lab: NVLAP 200416-0
SmartGate®
(Software Version: 4.3)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Software12/23/2002
01/09/2003
06/18/2003
Overall Level: 1

-Roles and Services: Level 2
-Software Security: Level 3
-Operating System Security: Tested as meeting Level 1 with Red Hat Pro Linux 7.2 and Sun Solaris 8 (Single User Mode)

-FIPS Approved algorithms: Triple-DES (Cert. #46); SHA-1 (Cert. #10); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #159); DES MAC (Cert. #159); MD5; RC4; Diffie-Hellman (key agreement)

Multi-chip standalone

"V-ONE Corporations SmartGate is leading client/server Virtual Private Network (VPN) software that provides enterprise-level security to network-based users for private information and private TCP/IP application services. SmartGate provides encryption, strong user authentication, authorization, management, accounting, key distribution, and proxy capabilities. It consists of server (SmartGate) and client (SmartPass) software."
280Tricipher, Inc.
1900 Alameda de las Pulgas
Suite 112
San Mateo, CA 94403
USA

Tim Renshaw
TEL: 650-372-1300

CST Lab: NVLAP 200416-0
Secure Identity Appliance
(Hardware Version: Dell 2550 Server; Software Version: 2.5.1)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware12/12/2002
02/22/2005
Overall Level: 2

-Roles and Services: Level 3
-Software Security: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #101); SHA-1 (Cert. #90); RSA (PKCS #1, vendor affirmed)

-Other algorithms: HMAC-SHA-1 (Cert #90, vendor affirmed); MD5; RSA (encryption)

Multi-chip standalone

"The SingleSignOn.Net Secure Identity Appliance is a Public Key Infrastructure (PKI) and password authentication solution. It allows for the easy deployment of PKI scalable to large numbers of users and provides an ID/Password system that uses the underlying PKI to provide security and robustness. The Secure Identity Appliance is able to perform public key-based cryptography, including digital signatures and encryption."
279McAfee, Inc.
3965 Freedom Circle
Santa Clara, CA 95054
USA

Mike Siegel
TEL: 888-847-8766

CST Lab: NVLAP 200002-0
McAfee Endpoint Encryption for PCs Client (formerly SafeBoot Client)
(Software Version: 4.1)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Software11/26/2002
08/18/2006
08/29/2006
04/30/2007
06/23/2008
Overall Level: 1

-Operating System Security: Tested as meeting Level 1 with Microsoft Windows 95 SR2 (single user mode)

-FIPS Approved algorithms: AES (Cert. #21); DSA (Cert. #53); SHA-1 (Cert. #71)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip standalone

"McAfee Endpoint Encryption for PCsClient is a high performance softwaresolution that provides sector-levelencryption of a PC's hard drive in amanner that is totally transparent to theuser. In addition, the centralizedMcAfee Endpoint Encryptionmanagement system provides robustrecovery tools, administration, andimplementation."
278Entrust CygnaCom
7925 Jones Branch Drive
Suite 5200
McLean, VA 22102
USA

Entrust Sales

CST Lab: NVLAP 200427-0
Entrust CygnaCom IPSec Cryptographic Module
(Software Version: 1.0)

Validated to FIPS 140-1

Certificate

Security Policy
Software11/07/2002
08/23/2004
05/28/2014
Overall Level: 1

-Operating System Security: Tested as meeting Level 1 with SCO CMW+ V3.0.1 Operating System (single user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #91); SHA-1 (Cert. #79); HMAC-SHA-1 (Cert. #79, vendor affirmed)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip standalone

"The Entrust CygnaCom IPSec Cryptographic Module is a software cryptographic module intended to provide secure IPSEC communications between client workstations/laptops and servers. The communications are secured by the use of Triple DES (TDES) running in the Triple Cipher Block Chaining (TCBC) mode of operation to encrypt and the data portion of TCP/IP packets using either the IPSECESP-tunneled mode or ESP-transport mode. HMAC SHA-1 is used to authenticateIPSEC message headers and protocol data units."
275RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

Rohit Mathur
TEL: +61 7 3032 5220

CST Lab: NVLAP 200427-0
RSA BSAFE® Crypto-J Toolkit Module
(Software Version: 3.3.3)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy

Vendor Product Link
Software10/31/2002
10/01/2004
01/04/2008
10/16/2008
09/07/2010
03/28/2011
01/24/2013
02/12/2016
Overall Level: 1

-Operating System Security: Tested as meeting Level 1 with Windows NT SP6 (single user mode), JVM v1.3.1, JRE v1.3.1

-FIPS Approved algorithms: Triple-DES (Cert. #112); DSA (Cert. #63); SHA-1 (Cert. #97); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #168); AES; DESX; RC2; RC4; RC5; RC6; MD2; MD5; HMAC-SHA-1; Diffie-Hellman (key agreement); Base64

Multi-chip standalone

"The Crypto-J Module is a Java- language software development kit that allowssoftware and hardware developers to incorporate encryption technologies directlyinto their products. The tested Crypto-J Module is a Java-language API availableas a Java Archive, or JAR, file."
274SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0
SafeNet ATM Encryptor
(Hardware Versions: 4.5, ATM Encryptor Models: 450-016-003/004/005/006/007/008/009; Firmware Version: 5.0)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware10/24/2002
04/16/2003
10/19/2004
Overall Level: 2

-FIPS Approved algorithms: Triple-DES (Cert. #110); DSA/SHA-1 (Cert. #14); RSA (signature verification: PKCS#1, vendor affirmed)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip standalone

"The SafeNet™ SafeEnterprise™ ATM Encryptor provides data privacy and access control for connections between vulnerable public and private ATM networks. It employs FIPS approved DES or Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in T1, E1, T3, E3, OC3c and OC12c networks. The SafeNet™ SafeEnterprise™ ATM Encryptor can be centrally controlled or managed across multiple remote stations using SafeNet™ SafeEnterprise™ Security Management Center, an SNMP-based security management system."
273SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0
SafeNet ATM Encryptor
(Hardware Versions: 4.0, ATM Encryptor Models: 460-006-001/002/003/004/005/006/007/008/009; Firmware Version: 5.0)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware10/24/2002
04/16/2003
10/19/2004
Overall Level: 2

-FIPS Approved algorithms: Triple-DES (Cert. #15); DSA/SHA-1 (Cert. #14); RSA (signature verification: PKCS#1, vendor affirmed)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip standalone

"The SafeNet™ SafeEnterprise™ ATM Encryptor provides data privacy and access control for connections between vulnerable public and private ATM networks. It employs FIPS approved DES or Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in T1, E1, T3, E3, OC3c and OC12c networks. The SafeNet™ SafeEnterprise™ ATM Encryptor can be centrally controlled or managed across multiple remote stations using SafeNet™ SafeEnterprise™ Security Management Center, an SNMP-based security management system."
272SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0
SafeNet ATM Encryptor
(Hardware Versions: 3.5 and 3.6, ATM Encryptor Models: 450-004-001/002/003/004/005/006/007 and 450-013-003/004/005/006/007/008/009; Firmware Version: 5.0)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware10/24/2002
04/16/2003
10/19/2004
Overall Level: 2

-FIPS Approved algorithms: Triple-DES (Cert. #110); DSA/SHA-1 (Cert. #14); RSA (signature verification: PKCS#1, vendor affirmed)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip standalone

"The SafeNet™ SafeEnterprise™ ATM Encryptor provides data privacy and access control for connections between vulnerable public and private ATM networks. It employs FIPS approved DES or Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in T1, E1, T3, E3, OC3c and OC12c networks. The SafeNet™ SafeEnterprise™ ATM Encryptor can be centrally controlled or managed across multiple remote stations using SafeNet™ SafeEnterprise™ Security Management Center, an SNMP-based security management system."
271SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0
SafeNet ATM Encryptor
(Hardware Versions: 3.0 and 3.1, ATM Encryptor Models: 450-002-001/002/003/004/005/006/007 and 450-003-001/002/003/004/005/006/007/008/009; Firmware Version: 5.0)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware10/24/2002
04/16/2003
10/19/2004
Overall Level: 2

-FIPS Approved algorithms: Triple-DES (Cert. #15); DSA/SHA-1 (Cert. #14); RSA (signature verification: PKCS#1, vendor affirmed)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip standalone

"The SafeNet™ SafeEnterprise™ ATM Encryptor provides data privacy and access control for connections between vulnerable public and private ATM networks. It employs FIPS approved DES or Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in T1, E1, T3, E3, OC3c and OC12c networks. The SafeNet™ SafeEnterprise™ ATM Encryptor can be centrally controlled or managed across multiple remote stations using SafeNet™ SafeEnterprise™ Security Management Center, an SNMP-based security management system."
270SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

Randy Kun
TEL: 613-723-5077
FAX: 613-723-5078

CST Lab: NVLAP 200017-0
Luna® DSM
(Hardware Versions: 1 and 2; Firmware Version: 3.98)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware10/18/2002
10/18/2004
Overall Level: 2

-Software Security: Level 3
-Self Tests: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #73); DSA (Cert. #51); SHA-1(Cert. #64); Triple-DES MAC; RSA (FIPS 186-2, vendor affirmed)

-Other algorithms: DES (Cert. #134); DES MAC; RC2; RC4; RC5; CAST; CAST 3; CAST 5; CAST MAC; CAST 3 MAC; CAST 5 MAC; HMAC-SHA-1; MD2; MD5; Diffie-Hellman (key agreement); RSA (Encryption and Decryption)

Multi-chip standalone

"The Chrysalis-ITS™ Luna® DSM Digital Signature Module is a hardware-based, multiple-chip standalone module in the form of a PC card “token” based on the PCMCIA standard. The LUNA DSM token is a hardware crypto engine for digital signing, identification and authentication and is used in applications that require FIPS Level II key generation, protection and storage for limited numbers of digital keys."
269Cryptek, Inc.
1501 Moran Road
Sterling, VA 20166
USA

Timothy Williams
TEL: 571-434-2000
FAX: 571-434-2001

CST Lab: NVLAP 100432-0
DiamondVPN™
(Hardware Versions: 2020, P/N DV100-F; Software Versions: 2.1.4A, 2.1.6 and 2.1.6.1)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy

Vendor Product Link
Hardware10/18/2002
02/25/2003
10/02/2003
04/08/2005
Overall Level: 2

-FIPS Approved algorithms: Triple-DES (Cert. #71); SHA-1 (Cert. #63)

-Other algorithms: DES (Cert. #132); Diffie-Hellman (key agreement); MD5

Multi-chip standalone

"DiamondVPN™ is a rack- mounted network security appliance that can be installed at a LAN edge for a work group or department operating on your enterprise network to enforce a single security profile for traffic outbound from the LAN and access to the LAN from the outside. Unlike traditional VPNs, DiamondVPN™ also offers secure pass-through to networks in which DiamondLink™ protects some users."
268Cryptek, Inc.
1501 Moran Road
Sterling, VA 20166
USA

Timothy Williams
TEL: 571-434-2000
FAX: 571-434-2001

CST Lab: NVLAP 100432-0
DiamondPak™ and DiamondVPN-6™
(Hardware Versions: 2020, P/Ns DP600-F and DV600-F; Software Versions: 2.1.4A, 2.1.6 and 2.1.6.1)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy

Vendor Product Link
Hardware10/18/2002
02/25/2003
07/31/2003
10/02/2003
04/08/2005
Overall Level: 2

-FIPS Approved algorithms: Triple-DES (Cert. #71); SHA-1 (Cert. #63)

-Other algorithms: DES (Cert. #132); Diffie-Hellman (key agreement); MD5

Multi-chip standalone

"DiamondPak" is a rack- mounted network appliance for protecting multiple servers with each server protected by a dedicated self-protecting DiamondTEK" security computer enforcing a single security profile. DiamondPak"'s advanced access-control system for protecting critical backend systems is available in configurations to protect 2, 4, or 6 systems. DiamondVPN-6 is a network security appliance for protecting a group of servers or users within an organization with each group protected by a dedicated self-protecting DiamondTEK security computer enforcing a single security profile. DiamondVPN s advanced access control system for protecting critical backend groups is available in a configuration to protect 6 individual groups."
267Cryptek, Inc.
1501 Moran Road
Sterling, VA 20166
USA

Timothy Williams
TEL: 571-434-2000
FAX: 571-434-2001

CST Lab: NVLAP 100432-0
DiamondLink™
(Hardware Versions: 2000 and 2010 (fiber), P/Ns DL 100-F and DL 100F-F; Software Versions: 2.1.4A, 2.1.6 and 2.1.6.1)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy

Vendor Product Link
Hardware10/18/2002
02/25/2003
10/02/2003
04/08/2005
Overall Level: 2

-FIPS Approved algorithms: Triple-DES (Cert. #71); SHA-1 (Cert. #63)

-Other algorithms: DES (Cert. #132); Diffie-Hellman (key agreement); MD5

Multi-chip standalone

"DiamondLink™ is an external, drop- in network appliance for individual users thatfeatures a built- in security computer and authentication card reader in a single device. With its plug-and-play flexibility, DiamondLink™ can be easily extended to other network devices such as printers, fax machines, and networked manufacturing devices."
266F-Secure Corporation
Tammasaarenkatu 7
PL 24
Helsinki 00180
Finland

Alexey Kirichenko
TEL: +358 9 2520 5548

CST Lab: NVLAP 200427-0
F-Secure Pocket PC Cryptographic Library (Compact Version)
(Software Version: 1.1.9)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Software10/18/2002Overall Level: 1

-EMI/EMC: Level 3
-Self Tests: Level 3
-Operating Environment: Tested as meeting Level 1 with Windows CE 3.0

-FIPS Approved algorithms: AES (Cert. #4); SHA-1 (Cert. #122); HMAC-SHA-1 (Cert. #122, vendor affirmed)

-Other algorithms: N/A

Multi-chip standalone

"The F-Secure Pocket PC Cryptographic Library is a software module, implemented as a 32-bit Windows CE compatible DLL for Pocket PC and Pocket PC 2002 platforms. It provides an assortment of cryptographic services to any client process that attaches an instance of the module DLL. The services are accessible for the client through a C-language Application Program Interface. The cryptographic services are also available in the form of a static library and as source code."
265F-Secure Corporation
Tammasaarenkatu 7
PL 24
Helsinki 00180
Finland

Alexey Kirichenko
TEL: +358 9 2520 5548

CST Lab: NVLAP 200427-0
F-Secure Pocket PC Cryptographic Library (Full Version)
(Software Version: 1.1.7)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy

Vendor Product Link
Software10/18/2002
07/31/2003
Overall Level: 1

-EMI/EMC: Level 3
-Self Tests: Level 3
-Operating Environment: Tested as meeting Level 1 with Windows CE 3.0

-FIPS Approved algorithms: Triple-DES (Cert. #106); AES (Cert. #4); SHA-1 (Cert. #122); HMAC-SHA-1 (Cert. #122, vendor affirmed)

-Other algorithms: DES (Cert. #165); Blowfish; MD5; HMAC-MD5

Multi-chip standalone

"The F-Secure Pocket PC Cryptographic Library is a software module, implemented as a 32-bit Windows CE compatible DLL for Pocket PC and Pocket PC 2002 platforms. It provides an assortment of cryptographic services to any client process that attaches an instance of the module DLL. The services are accessible for the client through a C-language Application Program Interface. The cryptographic services are also available in the form of a static library and as source code."
264Lucent Technologies, Inc.
1600 Osgood St.
20-3E-15
North Andover, MA 01845
USA

Lori Heseltine
TEL: 978-960-6827

CST Lab: NVLAP 200427-0
Access Point 600 with 10/100 Ethernet, HSSI, ATM DS3, ATM OC3/STM-1 MMF, ATM OC3/STM-1 SMF-IR, 4-Port T1/E1, ATM OC3/STM-1 SMF-LR, MSSI, Frame-Based DS3, ISDN S/T, and ISDN U
(Hardware Versions: 4.2 with 10/100 Ethernet (AP-PMC-01/AP-SP-PMC-01), HSSI (AP-PMC-02/AP-SP-PMC-02), ATM DS3 (AP-PMC-03/AP-SP-PMC-03), ATM OC3/STM-1 MMF (AP-PMC-04/AP-SP-PMC-04), ATM OC3/STM-1 SMF-IR (AP-PMC-05/AP-SP-PMC-05), 4-Port T1/E1 (AP-PMC-06/AP-SP-PMC-06), ATM OC3/STM-1 SMF-LR (AP-PMC-07/AP-SP-PMC-07), MSSI (AP-PMC-08/AP-SP-PMC-08), Frame-Based DS3 (AP-PMC-0D/AP-SP-PMC-0D), ISDN S/T (AP-PMC-0S/AP-SP-PMC-0S), and ISDN U (AP-PMC-0U/AP-SP-PMC-0U); Firmware Version: V2.6.0.R3.IPSVCS)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware10/11/2002
11/18/2002
Overall Level: 2

-FIPS Approved algorithms: Triple-DES (Cert. #105); SHA-1 (Cert. #94); DSA (Cert. #59); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #164); MD5; HMAC MD-5; HMAC-SHA-1; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Access Point 600 is a next-generation, high performance IP services router optimized for service providers wishing to quickly introduce man-aged IP services at mid-size branch and regional enterprise customer premises locations. Access Point 600 is purpose-built to deliver IP services with multi-access routing, Quality of Service (QoS) with Class-Based Queuing (CBQ), secure Virtual Private Networks (VPN), firewall security, and policy management. And the service provider has the advantages of easy deployment to multi-size customer premises locations, and the implementation of flexible management facilities that can be both customer and/or service provider managed."
263Communication Devices, Inc.
#1 Forstmann Court
Clifton, NJ 07011
USA

Donald Snook
TEL: 973-772-6997
FAX: 973-772-0740

CST Lab: NVLAP 200002-0
UniGuard-V90
(Hardware Version: UG-V90; Firmware Version: 7.17.01)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware10/11/2002Overall Level: 2

-Physical Security: Level 3
-Software Security: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #79); Triple-DES MAC

-Other algorithms: DES (Cert. #140); DES MAC

Multi-chip standalone

"Single port Triple DES encryption modem."
262Communication Devices, Inc.
#1 Forstmann Court
Clifton, NJ 07011
USA

Donald Snook
TEL: 973-772-6997
FAX: 973-772-0740

CST Lab: NVLAP 200002-0
UniGuard-V34
(Hardware Version: UG-V34; Firmware Version: 7.17.01)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware10/11/2002Overall Level: 2

-Physical Security: Level 3
-Software Security: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #79); Triple-DES MAC

-Other algorithms: DES (Cert. #140); DES MAC

Multi-chip standalone

"Single port Triple DES encryption modem."
260Motorola, Inc.
200 N. Center East
Suite 400
Alpharetta, GA 30022
USA

Christopher Yasko
TEL: 770-521-5150
FAX: 770-521-8067

CST Lab: NVLAP 100432-0
Encryption Services Module
(Software Version: 5.3)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Software10/08/2002Overall Level: 1

-EMI/EMC: Level 3
-Key Mangement: Level 3
-Software Security: Level 3
-Operating System Security: Tested as meeting Level 1 with Microware OS-9, Version 2.2 (single user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #104); SHA-1 (Cert. #92)

-Other algorithms: DES ECB (Cert. #163); DES MAC (DES CBC Cert. #188); RC4

Multi-chip embedded

"The Encryption Services Module is incorporated into the operating platform software of the Accompli 009 -- the first wireless communications device to incorporate tri-band GSM and GPRS protocols, telephone functionality, Internet access, e- mail, Triple-DES encryption, WAP browser and short message service (SMS) with a full QWERTY keyboard and 256-color screen."
259Motorola, Inc.
200 North Point Center East
Suite 400
Alpharetta, GA 30022
USA

Alfred Adler, Ph.D.
TEL: 770-521-5128
FAX: 770-521-8066

CST Lab: NVLAP 100432-0
Encryption DLL Module
(Software Version: 3.0)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Software10/08/2002Overall Level: 1

-EMI/EMC: Level 3
-Key Management: Level 3
-Sofware Security: Level 3
-Operating System Security: Tested as meeting Level 1 with Windows NT 4.0, SP 6 (single user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #103); SHA-1 (Cert. #93)

-Other algorithms: DES ECB (Cert. #162); DES MAC (DES CBC Cert. #189); RC4

Multi-chip standalone

"The Encryption DLL Module is incorporated into the Motorola Messaging Server, an enterprise system for managing data between a corporate e- mail or data base system and a wireless device, and the Motorola MyMail Desktop Plus, a personal application to manage e- mail between the desktop and a wireless device."
258Tumbleweed Communications Corp.
700 Saginaw Drive
Redwood City, CA 94063
USA

Ken Beer
TEL: 650-216-2083

CST Lab: NVLAP 200427-0
Tumbleweed Secure Mail™ Security Kernel
(Software Version: 5.0)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Software10/08/2002Overall Level: 1

-Operating System Security: Tested as meeting Level 1 with Windows NT 4.0, SP 6 (single user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #70); DSA (Cert. #49); SHA-1 (Cert. #59); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #131); MD2; MD5; RC2; RC5; RSA (key exchange)

Multi-chip standalone

"The Tumbleweed Secure MailTM Application is a software products designed to allow organizations to apply content filtering and secure messaging policies on email. The Secure MailTM Application uses a shared set of cryptographic functionality called the Secure MailTM Security Kernel. The Secure MailTM Security Kernel exposes cryptographic application programming interface (API) calls to the other portions of Secure MailTM."
257ActivCard, Inc.
6623 Dumbarton Circle
Fremont, CA 94555
USA

Eric Le Saint
TEL: 510-574-0100
FAX: 510-574-0101

CST Lab: NVLAP 100432-0
ActivCard Applet suite on SchlumbergerSema Cyberflex Access 32K
(Hardware Version: PN 15006436; Firmware Versions: M256EAPLP1_S1_9C_02, Softmask 7, Version 2)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware09/30/2002Overall Level: 2

-Physical Security: Level 3
-Software Security: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #65); SHA-1 (Cert. #57); RSA (PKCS#1 for signaure generation, vendor affirmed)

-Other algorithms: N/A

Single-chip

"The ActivCard Applet suite is based on the SchlumbergerSema Cyberflex Access 32K smart card platform, which is Java Card V2.1.1 and Global Platform V2.0.1 compliant. The applet suite relies on the security offered by Global Platform services to allow secure post-issuance operations, such as applet instantiation, key management and security policy configuration. The external interface provided by the applet suite is compliant with the smart card interoperability specification defined by the GSA."
256Neopost Technologies
113, rue Jean-Marin Naudin
Bagneux 92220
France

Thierry Le Jaoudour
TEL: +33 (0) 1 45 36 30 36

CST Lab: NVLAP 100432-0
N90i Secure Metering Moddule (SMM)
(Hardware Version: 3000099C_FIPS; Software Versions: SH1 3800157W, SH2 3800159Y)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware09/26/2002
10/25/2002
10/03/2006
Overall Level: 3

-Physical Security: Level 3 +EFP/EFT

-FIPS Approved algorithms: DSA/SHA (Cert. #39)

-Other algorithms: N/A

Multi-chip embedded

"The module provides services to an office and post room based mailing system. The systems features include hand or auto feed mail processing speeds in excess of 5000 envelopes per hour using Ink jet technology, a moistening option, scale interface, internal modem for remoterecrediting and memory card for slogan and rate loading, external printer for reports."
255Altarus Corporation
607 Herndon Pkwy
Suite 200
Herndon, VA 20170
USA

Ludge Olivier
TEL: 703-689-2223

CST Lab: NVLAP 200416-0
Altarus Cryptographic Module
(Software Version: 1.0)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Software09/20/2002Overall Level: 1

-EMI/EMC: Level 3
-Software Security: Level 3
-Operating System Security: Tested as meeting Level 1 with MS Windows 2000 Version 5.0 with SP2

-FIPS Approved algorithms: Triple-DES (Cert. #99); SHA-1 (Cert. #88); HMAC-SHA-1 (Cert. #88, vendor affirmed)

-Other algorithms: RSA

Multi-chip standalone

"The Altarus offering provides a premier platform and rapid development tools for creating, extending, and deploying secure enterprise applications to the desktop, mobile devices, or handheld devices"
254ITT
ITT A/CD
PO Box 3700
Ft. Wayne, IN 46801-3700
USA

Tom Jewel
TEL: 260-451-6000

CST Lab: NVLAP 200427-0
NEXCOM MDR/MDT Interface Security Card (MMISC)
(Hardware Version: 8196204-1; Software Version: 14.FIPS)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware09/20/2002Overall Level: 1

-FIPS Approved algorithms: RSA (PKCS#1, vendor affirmed); SHA-1 (Cert. #91)

-Other algorithms: N/A

Multi-chip embedded

"Software hosted on a Single Board Computer that acts as a public key, RSA/SHA-1 - based authentication agent within the FAA's NEXCOM Multi-Mode Digital Radio."
253SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

Chris Holland
TEL: 410-931-7500
FAX: 410-931-7524

CST Lab: NVLAP 200017-0
HighAssurance™ 2000 Gateway (HA2000)
(Hardware Versions: 01 and 03; Firmware Versions: 5.00.17 and 5.00.25)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware09/20/2002
07/03/2003
10/19/2004
Overall Level: 2

-FIPS Approved algorithms: Triple-DES (Cert. #36); DSA/SHA-1 (Cert. #5); RSA (PKCS #1, vendor affirmed)

-Other algorithms: DES (Cert. #104); DES MAC; HMAC-MD5; HMAC-SHA-1; Diffie-Hellman (key agreement)

Multi-chip standalone

"The HA2000 is a multi-chip standalone hardware-based, Virtual Private Network (VPN) box that provides authenticated, encrypted network communications. Secure, remote management is provided using the IPSec and SNMPv2 protocols. Custom hardware allows for speed and reliability along with high security and low cost."
252Novell, Inc.
1800 South Novell Place
Provo, UT 84606
USA

Developer Support
TEL: 801-861-7000

CST Lab: NVLAP 200002-0
Novell International Cryptographic Infrastructure (NICI)
(Software Version: 2.2.1)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Software09/20/2002
01/22/2003
01/31/2006
Overall Level: 2

-Operating System Security: Tested as meeting Level 2 with Microsoft Windows NT 4.0 with SP6a, TCSEC C2-rated on a Compaq Proliant 7000 Server

-FIPS Approved algorithms: Triple-DES (Cert. #35); SHA-1 (Cert. #40); DSA/SHA-1 (Cert. #18); RSA (ANSI X9.31 for signature generation and verification, vendor affirmed)

-Other algorithms: DES (Cert. #103); RSA (encryption/decryption); MD2; MD4; MD5; RC2; RC4; RC5; CAST-128; HMAC-MD5; HMAC-SHA-1; Diffie-Hellman (key agreement)

Multi-chip standalone

"Novell International Cryptographic Infrastructure for Windows"
251SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0
SafeEnterprise™ Link Encryptor-T1 (SLE-T1) and SafeEnterprise™ Link Encryptor-E1 120ohms (SLE-E1-120)
(Hardware Version: 16284-020-04; Firmware Version: 1.33)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware09/19/2002
07/03/2003
10/19/2004
Overall Level: 2

-Physical Security: Level 3
-Software Security: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #21 and #22)

-Other algorithms: DES (Certs. #11 and #26); Diffie-Hellman (key agreement)

Multi-chip standalone

"SLEs secure sensitive data transmitted over high-speed, point-to-point communication links. The system supports synchronous, full-duplex data rates up to 4 Mbps over public and private data networks."
250Lucent Technologies, Inc.
1600 Osgood St.
20-3E-15
North Andover, MA 01845
USA

Lori Heseltine
TEL: 978-960-6827

CST Lab: NVLAP 200427-0
Access Point 300-ST, 300-M-ST, 300-2M-ST, 300-2T1E1-ST, 300-M-U, and 300-2T1E1-U
(Hardware Versions: (300-M-U and 300-2T1E1-U; v1.0) (300-ST; v1.1) (300-ST, 300-M-ST, 300-2M-ST, and 300-2T1E1-ST; v3.0); Firmware Version: V2.6.2.R3.IPSVCS)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware09/19/2002
11/05/2002
03/17/2003
Overall Level: 1

-Roles and Services: Level 2

-FIPS Approved algorithms: Triple-DES (Cert. #105); SHA-1 (Cert. #94); DSA (Cert. #59); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #164); MD5; HMAC MD-5; HMAC-SHA-1; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Access Point 300 is a next-generation, high performance IP Services router optimized for service providers wishing to quickly introduce high demand managed IP services at small to medium-sized enterprise customer premises locations."
249Motorola, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

Kirk Mathews
TEL: 847-576-4101
FAX: 847-538-2770

CST Lab: NVLAP 100432-0
ASTRO Subscriber Encryption Module
(NTN8967 and 0105956v67, Firmware Version 3.53)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware09/18/2002Overall Level: 1

-Roles and Services: Level 2
-Software Security: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #82); AES (Cert. #2)

-Other algorithms: DES (Cert. #151); DES-XL; DVI-XL; DVI-SPFL; DVP-XL

Multi-chip embedded

"Encryption modules used in Motorola Astro™ family of radios. Provides secure voice and data capabilities as well as APCO Over-the-Air- Rekeying and dvanced key management."
248Sun Microsystems, Inc.
USCA 17-201
4170 Network Circle
Santa Clara, CA 95054
USA

Stephen Borcich
TEL: 408-276-3964
FAX: 408-276-4952

CST Lab: NVLAP 100432-0
Network Security Services
(Software Version: 3.2.2)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Software09/04/2002Overall Level: 2

-Operating System Security: Tested as meeting Level 2 with Solaris v8.0 with AdminSuite 3.0.1 as specified in UK IT SEC CC Report No. P148 EAL4 on a SUN SPARC Ultra-1

-FIPS Approved algorithms: Triple-DES (Cert. #72); SHA-1 (Cert. #70); DSA (Cert. #52); RSA (PKCS#1. Vendor affirmed)

-Other algorithms: DES (Cert. #133); MD2; MD5; RC2; RC4; Diffie-Hellman (key agreement)

Multi-chip standalone

"Network Security Services (NSS) is a set of libraries designed to support cross-platformdevelopment of security-enabled applications. The Sun Microsystems, Inc., Network Security Services (NSS) module is a library that provides a series of cryptographic services to client programs. It provides support for a FIPS 140-1 compatible subset of SSL and TLS."
247Sun Microsystems, Inc.
USCA 17-201
4170 Network Circle
Santa Clara, CA 95054
USA

Stephen Borcich
TEL: 408-276-3964
FAX: 408-276-4952

CST Lab: NVLAP 100432-0
Network Security Services
(Software Version: 3.2.2)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Software08/30/2002
02/04/2003
Overall Level: 1

-Roles and Services: Level 2
-Operating System Security: Tested as meeting Level 1 with Windows 98 (single user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #72); SHA-1 (Cert. #70); DSA (Cert. #52); RSA (PKCS#1. Vendor affirmed)

-Other algorithms: DES (Cert. #133); MD2; MD5; RC2; RC4; Diffie-Hellman (key agreement)

Multi-chip standalone

"Network Security Services (NSS) is a set of libraries designed to support cross-platformdevelopment of security-enabled applications. The Sun Microsystems, Inc., Network Security Services (NSS) module is a library that provides a series of cryptographic services to client programs. It provides support for a FIPS 140-1 compatible subset of SSL and TLS."
246SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0
SafeEnterprise™ Link Encryptor NRZ-H (SLE NRZ-H) and SafeEnterprise™ Link Encryptor NRZ-L (SLE NRZ-L)
(Hardware Version: 16284-020-04; Firmware Version: 1.33)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware08/30/2002
07/03/2003
10/19/2004
Overall Level: 2

-Physical Security: Level 3
-Software Security: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #21 and #22); DSA/SHA-1 (Cert. #5)

-Other algorithms: DES (Certs. #11 and #26); Diffie-Hellman (key agreement)

Multi-chip standalone

"SLEs secure sensitive data transmitted over high-speed, point-to-point communication links. The system supports synchronous, full-duplex data rates up to 4 Mbps over public and private data networks."
245SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0
SafeEnterprise™ Link Encryptor RS-232 (SLE RS-232) and SafeEnterprise™ Link Encryptor-E1 75ohms (SLE-E1-75)
(Hardware Versions: 16284-010-04 and 16284-020-04; Firmware Version: 1.33)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware08/30/2002
07/03/2003
10/19/2004
Overall Level: 2

-Physical Security: Level 3
-Software Security: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #21 and #22); DSA/SHA-1 (Cert. #5)

-Other algorithms: DES (Certs. #11 and #26); Diffie-Hellman (key agreement)

Multi-chip standalone

"SLEs secure sensitive data transmitted over high-speed, point-to-point communication links. The system supports synchronous, full-duplex data rates up to 4 Mbps over public and private data networks."
243Entrust, Inc.
1000 Innovation Drive
Ottawa, Ontario K2K 3E7
Canada

Entrust Sales

CST Lab: NVLAP 200017-0
Entrust GUTS Security Kernel 6.1
(Software Version: 6.1)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Software08/15/2002
05/27/2003
05/28/2014
Overall Level: 2

-Roles and Services: Level 2*
-EMI/EMC: Level 3
-Key Management: Level 2*
-Operating System Security: Tested as meeting Level 2 with Microsoft Windows NT 4.0 with SP6a, TCSEC C2-rated on a Compaq Proliant 7000 Server
*When operated in FIPS mode

-FIPS Approved algorithms: AES (Cert. #10); Triple-DES (Cert. #6); DSA/SHA-1 (Cert. #10); RSA (FIPS 186-2 and PKCS #1, vendor affirmed); HMAC-SHA-1 (Cert. #10, vendor affirmed)

-Other algorithms: DES (Cert. #56); DES MAC; RC2; RC4; IDEA; MD5; MD2; RIPEMD-160; HMAC-MD5; HMAC-RMD160; CAST; CAST3; CAST5; Diffie-Hellman (key agreement); Ephemeral-Static Diffie-Hellman; ECDSA (non-compliant)

Multi-chip standalone

"The Kernel is a C++ class library of cryptographic functions bound together by a common object-oriented Application Programming Interface (API). Depending on the configuration and runtime environment of the Kernel, the algorithms may be implemented in software, hardware, or a combination of both. The industry standard Cryptoki API, as described in PKCS #11, is used as the internal interface to hardware-based cryptographic tokens. Decisions are made at runtime whether to perform operations via cryptoki or in software, based on a table that records the crypto capabilities of particular hardware devices. This table is built up at runtime by querying the actual token through Cryptoki."
242Axalto Inc.
36-38 rue de la Princesse BP 45
78431 Louveciennes
France

Francisco Alcalde
TEL: +33 1 3008 4685
FAX: +33 1 3008 4527

CST Lab: NVLAP 100432-0
Cryptoflex e-Gate 32K Smart Card
(Hardware Version: ST19XT34; Firmware Versions: Hardmask 01 Version 01, Softmask 05 Version 01 and Hardmask 01 Version 03, Softmask 05 Version 02)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware08/01/2002
08/28/2002
09/21/2004
05/16/2006
Overall Level: 2

-EMI/EMC: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #97); SHA-1 (Cert. #80); RSA (PKCS #1, vendor affirmed)

-Other algorithms: DES (Cert. #158);

Single-chip

"The Cryptoflex e-Gate card is a credit-card sized computer with a crypto-processordedicated to security. Cryptoflex e-Gate card implements security industry functionsbased on public key cryptography directly onto the card, therefore eliminating the risk of sending secret data across a network. Keys and certificates for a variety of applications are stored in a single secure location, isolated from computer disks, which can fail or damaged and are susceptible to security breaches ad theft.The card provides maximum security and flexibility of system integration thanks toadministrative functions such as secure key loading, on-card key generation andciphering of imported/exported data.The Cryptoflex e- gate card incorporates, apart from the conventional ISO 7816-3interface, also the USB interface normally resident in the smart card reader. Thus, it bridges the gulf between the public terminal infrastructure (ISO 7816-3) and the PC world (USB)."
241Microsoft Corporation
One Microsoft Way
Redmond, WA 98052
USA

Dave Friant
TEL: 425-704-7984

CST Lab: NVLAP 200002-0
Kernel Mode Cryptographic Module for Windows XP
(Software Version: 5.1.2600.0)
(For services provided by the FIPS-Approved algorithms listed on the reverse)

Validated to FIPS 140-1

Certificate

Security Policy
Software08/01/2002
10/15/2007
Overall Level: 1

-EMI/EMC: Level 3
-Operating System Security: Tested as meeting Level 1 with Microsoft Windows XP (single user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Cert. #35); HMAC-SHA-1 (Cert. #35, vendor affirmed)

-Other algorithms: DES (Cert. #89)

Multi-chip standalone

"Microsoft Kernel Mode Cryptographic Module (FIPS.SYS) is a FIPS 140-1 Level 1compliant, general-purpose, software-based, cryptographic module residing at the Kernel Mode level of the Windows Operating System. It runs as a kernel mode export driver (a kernel-mode DLL) and encapsulates several different cryptographic algorithms in an easy-tousecryptographic module accessible by other kernel mode drivers. It can be linked into other kernel mode services to permit the use of FIPS 140-1 Level 1 compliant cryptography."
240Microsoft Corporation
One Microsoft Way
Redmond, WA 98052
USA

Dave Friant
TEL: 425-704-7984

CST Lab: NVLAP 200002-0
DSS/Diffie-Hellman Enhanced Cryptographic Provider for Windows XP
(Software Versions: 5.1.2518.0 and 5.1.2600.2133)
(For services provided by the FIPS-Approved algorithms listed on the reverse)

Validated to FIPS 140-1

Certificate

Security Policy
Software08/01/2002
02/25/2005
10/15/2007
Overall Level: 1

-EMI/EMC: Level 3
-Operating System Security: Tested as meeting Level 1 with Microsoft Windows XP and XP Service Pack 2 (single user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Cert. #29)

-Other algorithms: DES (Cert. #66); RC2; RC4; MD5; DES40; Diffie-Hellman (key agreement)

Multi-chip standalone
239Nortel Networks
80 Central Street
Boxboro, MA 01719
USA

Jonathan Lewis
TEL: 978-264-7045 x277
FAX: 978-264-7600

CST Lab: NVLAP 200002-0
Contivity Extranet Switch 600
(Hardware Version: #600; Firmware Version: #3.61.02)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware07/24/2002Overall Level: 2

-FIPS Approved algorithms: Triple-DES (Certs. #29 and #53); SHA-1 (Certs. #28, #31 and #51); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Certs. #44, #48 and #101); DES MAC; MD5; HMAC (MD5 and SHA-1); 40-bit DES; RC4 (40-bit and 128-bit); Diffie-Hellman (key agreement)

Multi-chip standalone

"The Contivity 600 Extranet Switch provides up to 30 branch office or end user IPSECtunnels with a flexible easy to manage and cost effective package. The Switch provides an optional PCI expansion slot and dual 10/100 LAN ports."
238Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Dave Friant
TEL: 425-704-7984

CST Lab: NVLAP 200427-0
Microsoft Enhanced Cryptographic Provider
(Software Versions: 5.1.2518.0, 5.1.2600.1029 and 5.1.2600.2161)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Software07/11/2002
11/18/2002
02/25/2005
10/15/2007
Overall Level: 1

-Operating System Security: Tested as meeting Level 1 with Microsoft Windows XP, XP Service Pack 1 and XP Service Pack 2 (single user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #81); AES (Cert. #33); SHA-1 (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #83, vendor affirmed)

-Other algorithms: DES (Cert. #156); RC2; RC4; MD5

Multi-chip standalone

"The Microsoft Enhanced Cryptographic Provider (RSAENH) is a FIPS 140-1Level 1 compliant, general-purpose, software-based, cryptographic module. Likeother cryptographic providers that ship with Microsoft Windows XP, RSAENHencapsulates several different cryptographic algorithms (including SHA-1, DES, 3DES, AES, RSA, SHA-1-based HMAC) in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. It can be dynamically linked intoapplications by software developers to permit the use of general-purpose FIPS140-1 Level 1 compliant cryptography."
237F-Secure Corporation
Tammasaarenkatu 7
PL 24
Helsinki 00180
Finland

Alexey Kirichenko
TEL: +358 9 2520 5548

CST Lab: NVLAP 200427-0
F-Secure Kernel Mode Cryptographic Driver
(Software Version: 1.1.7)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy

Vendor Product Link
Software07/15/2002
07/31/2003
02/09/2007
Overall Level: 1

-Self Tests: Level 3
-Operating Environment: Tested as meeting Level 1 with Windows 2000 (SP2)
Windows NT 4.0 (SP6)
Windows XP

-FIPS Approved algorithms: Triple-DES (Cert. #106); AES (Cert. #3); SHA-1 (Cert. #84); HMAC-SHA-1 (Cert. #84, vendor affirmed)

-Other algorithms: DES (Cert. #165); Blowfish; CAST-128; MD5; HMAC-MD5

Multi-chip standalone

"The F-Secure Kernel Mode Cryptographic Driver is a FIPS 140-2 Level 1 validated software module, implemented as a 32-bit Windows NT/2000/XP compatible export driver. When loaded into computing system memory, it resides at the kernel mode level of the Windows OS and provides anassortment of cryptographic services that are accessible by other kernel mode drivers through a C-language Application Program Interface. The cryptographic services are also available in the form of a static library and as source code."
236Motorola, Inc.
8220 East Roosevelt Street
Scottsdale, AZ 85257
USA

Randy Morton
TEL: 480-441-4472
FAX: 480-441-3580

CST Lab: NVLAP 100432-0
Digital Interface Unit Crypto Module
(Hardware Version: T6721B; Firmware Version: R01.09.00 / 81)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware07/11/2002Overall Level: 1

-Roles and Services: Level 2
-Software Security: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #82); AES (Cert. #2)

-Other algorithms: DES (Cert. #151); DES-XL; DVI-XL; DVP-XL; HCA

Multi-chip embedded

"The DIU CM provides secure voice and Over-the-Air-Rekeying (OTAR) advanced key management for Motorola’s Digital Interface Unit (DIU). The DIU and DIU CM combine to provide these cryptographic services for Motorola’s APCO-25 compliant Astro ™ family of console and base station radio infrastructure equipment."
235AEP Networks
Focus 31, West Wing
Cleveland Road
New Hempstead, Herts HP2 7BW
United Kingdom

David Miller
TEL: +44 1442 458617

CST Lab: NVLAP 200017-0
Advanced Configurable Crypto Environment (ACCE)
(Hardware Version: 2640-G3; Firmware Versions: 2.2 and 2.3)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware07/11/2002
07/22/2002
10/04/2002
06/05/2003
04/21/2005
Overall Level: 4

-FIPS Approved algorithms: Triple-DES (Certs. #24 and #25); Triple-DES MAC: SHA-1 (Cert. #38); DSA (Cert. #36); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES MAC; MD5; Diffie-Hellman (key agreement); RSA (encryption and decryption); RSA (ISO 9796 and X509)

Multi-chip embedded

"The AEP Networks Advanced Configurable Crypto Environment (ACCE) provides highly-secure cryptographic services and key storage. It is used in a range of AEP Networks and OEM products including the SureWare Keyper family."
234Check Point Software Technologies Ltd.
9900 Belward Campus Drive
Suite 250
Rockville, MD 20850
USA

David Ambrose
TEL: 703-628-2935

Malcolm Levy
TEL: +972-37534561

CST Lab: NVLAP 200002-0
VPN-1 Gateway NG FP 1
(Software Version: NG FP1)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Software06/19/2002
06/28/2002
02/09/2004
05/19/2004
11/17/2005
01/06/2006
05/02/2008
05/28/2009
Overall Level: 2

-Operating System Security: Tested as meeting Level 2 with Microsoft Windows NT4.0 with SP6a
TCSEC C2-rated on a Compaq ProLiant 7000 Server

-FIPS Approved algorithms: Triple-DES (Cert. #80); SHA-1 (Cert. #69); RSA (PKCS #1, vendor affirmed); HMAC-SHA-1 (Cert. #69, vendor affirmed)

-Other algorithms: DES (Cert. #142); Diffie-Hellman (key agreement); AES; CAST; MD5; HMAC-MD5; FWZ; FWZ1

Multi-chip standalone

"Check Point VPN-1 Gateway Next Generation (NG) is a tightly integrated software solution combining the FireWall-1® security suite with sophisticated VPN technologies. With Check Point’s Secure Virtual Network architecture, VPN-1 Gateway NG meets the demanding requirements of Internet, intranet, and extranet VPNs by providing secureconnectivity to corporate networks, remote and mobile users, satellite offices, and keypartners."
233Entrust, Inc.
1000 Innovation Drive
Ottawa, Ontario K2K 3E7
Canada

Entrust Sales

CST Lab: NVLAP 200017-0
Entrust TruePass Applet Cryptographic Module
(Software Version: 6.0)
(When operated in FIPS mode with FIPS validated browser services operating in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Software06/19/2002
06/28/2002
07/18/2002
05/28/2014
Overall Level: 1

-Operating System Security: Tested as meeting Level 1 with Windows NT4.0 (SP3)
Windows 95/98
Windows 2000 (SP2) and Netscape 4.72 (Cert. #47) or Microsoft IE 5.5 (Cert. #103) (operated in single user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #69); SHA-1 (Cert. #60); RSA (PKCS #1; vendor affirmed)

-Other algorithms: DES (Cert. #130); CAST 128

Multi-chip standalone

"The module performs low level cryptographic operations – encryption, decryption and hashes – implemented in software using the high-level Java programming language. Currently, the module is imbedded into an applet as part of the TruePass product suite that allows integration of cryptographic security into web applications."
232Proofpoint Inc.
892 Ross Drive
Sunnyvale, CA 94089
USA

Stephen Lewis
TEL: 408-517-4710
FAX: 408-517-4711

CST Lab: NVLAP 200427-0
Sigaba Gateway
(Software Version: 3.0.20-FIPS)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Software06/19/2002
07/18/2002
Overall Level: 1

-Operating System Security: Tested as meeting Level 1 with Microsoft Windows NT4 SP6 (single user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #94); SHA-1 (Cert. #78); DSS (Cert. #56); HMAC-SHA-1 (Cert. #78, vendor affirmed)

-Other algorithms: AES; MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"Sigaba Gateway ensures the confidentiality, integrity and authenticity of all email sent over the Internet. Sigaba Gateway resides between an organization's email server and firewall. It encrypts outbound messages and decrypts inbound messages based on organization-defined policies. It uses a key server to retrieve a unique key to individually encrypt each outgoing message and decrypt each incoming message. The Sigaba Gateway works with any authentication mechanism."
231Fortress™ Technologies, Inc.
2 Technology Park Dr
Westford, MA 01886-3140
USA

Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0
AirFortress Wireless Security Gateway Cryptographic Module
(Software Versions: 2.0 and 2.1)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Software06/19/2002
07/26/2002
03/26/2010
05/17/2013
Overall Level: 1

-Roles and Services: Level 2
-Software Security: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #19); SHA-1 (Cert. #34); HMAC-SHA-1 (Cert. #34, vendor affirmed); AES (Cert. #14)

-Other algorithms: DES (Cert. #23); Diffie-Hellman (key agreement); IDEA

Multi-chip standalone

"The AirFortress™ Wireless Security Gateway is an electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a production-quality hardware platform and deployable on any LAN or WAN, the AF Gateway provides encryption, data integrity checking, authentication, access control, and data compression."
230Motorola, Inc.
1301 E Algonquin Road
Schaumburg, IL 60196
USA

Arun Victor
TEL: 847-538-5221
FAX: 847-538-2770

CST Lab: NVLAP 200002-0
KVL 3000 Plus
(Hardware Version: 8482867Y02 rev. B; Software Version: R3.51.06)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware06/19/2002Overall Level: 1

-FIPS Approved algorithms: Triple-DES (Cert. #82); AES (Cert. #2)

-Other algorithms: DES (Cert. #151); DES-XL; DVI-XL; DVP-XL; DVI-SPEL

Multi-chip standalone

"The KVL 3000 Plus is a portable key distribution device. Encryption keys can beloaded into the KVL manually through its keypad interface or transferred from a KeyManagement Facility through its serial interface. These keys can then be distributed to various secure communications equipment such as mobile and portable radios, base stations, zone controllers, data controllers, and other fixed network devices. The KVL also includes a PCMCIA interface for software upgrades. This version of the product supports AES in addition to other FIPS approved algorithms."
229Motorola, Inc.
1301 E Algonquin Road
Schaumburg, IL 60196
USA

Arun Victor
TEL: 847-538-5221
FAX: 847-538-2770

CST Lab: NVLAP 200002-0
KVL 3000 Plus
(Hardware Version: 8482867Y02 rev. B; Software Version: R3.51.01)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware06/19/2002Overall Level: 1

-FIPS Approved algorithms: Triple-DES (Cert. #82)

-Other algorithms: DES (Cert. #151); DES-XL; DVI-XL; DVP-XL; DVI-SPEL

Multi-chip standalone

"The KVL 3000 Plus is a portable key distribution device. Encryption keys can be loaded into the KVL manually through its keypad interface or transferred from a KeyManagement Facility through its serial interface. These keys can then be distributed to various secure communications equipment such as mobile and portable radios, base stations, zone controllers, data controllers, and other fixed network devices. The KVL also includes a PCMCIA interface for software upgrades."
228nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0
nForce 400 SCSI and nForce 150 SCSI
(Hardware Versions: nC3022W-400 and nC3022W-150, Build standard D; Firmware Version: 1.77.100)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware06/05/2002
07/22/2002
01/23/2004
03/09/2006
03/15/2006
Overall Level: 2

-Roles and Services: Level 3*
-Key Management: Level 3*
-Module Interfaces: Level 3
-Software Security: Level 3
-Self Tests: Level 3
*When operated in FIPS mode

-FIPS Approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC; AES; ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD160); MD2; MD5; SHA-256; SHA-384; SHA-512; RIPEMD 160; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent

Multi-chip standalone

"The nCipher nForce SSL family of secure e-commerce accelerators improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, e-commerce sites, Internet financial transactions, authenticated accessto intranets and extranets and digital signatures and secure messaging."
227nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0
nForce 300 PCI and nForce 150 PCI
(Hardware Versions: nC3022P-300 and nC3022P-150, Build standard E; Firmware Version: 1.77.100)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware06/05/2002
07/22/2002
01/23/2004
03/09/2006
03/15/2006
Overall Level: 2

-Roles and Services: Level 3*
-Physical Security: Level 3
-Key Management: Level 3*
-Module Interfaces: Level 3
-Software Security: Level 3
-Self Tests: Level 3
*When operated in FIPS mode

-FIPS Approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC; AES; ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD160); MD2; MD5; SHA-256; SHA-384; SHA-512; RIPEMD 160; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent

Multi-chip standalone

"The nCipher nForce SSL family of secure e-commerce accelerators improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, e-commerce sites, Internet financial transactions, authenticated accessto intranets and extranets and digital signatures and secure messaging."
226nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0
nForce 300 SCSI, nForce 150 SCSI and nForce 75 SCSI
(Hardware Versions: nC3021S-300, nC3021S-150 and nC3021S-75, Build standard E; Firmware Version: 1.77.100)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware06/05/2002
07/22/2002
03/09/2006
03/15/2006
Overall Level: 2

-Roles and Services: Level 3*
-Key Management: Level 3*
-Module Interfaces: Level 3
-Software Security: Level 3
-Self Tests: Level 3
*When operated in FIPS mode

-FIPS Approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC; AES; ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD160); MD2; MD5; SHA-256; SHA-384; SHA-512; RIPEMD 160; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent

Multi-chip standalone

"The nCipher nForce SSL family of secure e-commerce accelerators improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, e-commerce sites, Internet financial transactions, authenticated accessto intranets and extranets and digital signatures and secure messaging."
225nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0
nShield 300 SCSI, nShield 150 SCSI and nShield 75 SCSI
(Hardware Versions: nC3031S-300, nC3031S-150 and nC3031S-75, Build standard E; Firmware Version: 1.77.100)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware06/05/2002
07/22/2002
03/09/2006
03/15/2006
Overall Level: 3

-Roles and Services: Level 3*
-Key Management: Level 3*
*When operated in FIPS mode

-FIPS Approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC; AES; ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD160); MD2; MD5; SHA-256; SHA-384; SHA-512; RIPEMD 160; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent

Multi-chip standalone

"The nCipher nShield range of tamper resistant Hardware Security Modules improves the security of cryptographic keys and increases server throughput for digital signature and encryption applications. Supporting many commercial public key infrastructure (PKI) products such as certificate authorities and on-line validation servers, the nShield family of HSMs is also used for building custom security applications requiring secure and flexible key management."
224nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0
nShield F2 PCI and nShield F2 Ultrasign PCI
(Hardware Versions: nC4022P-300 and nC4022P-150, Build standard E; Firmware Version: 1.77.100)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware06/05/2002
07/22/2002
01/23/2004
03/09/2006
03/15/2006
Overall Level: 2

-Roles and Services: Level 3*
-Physical Security: Level 3
-Key Management: Level 3*
-Module Interfaces: Level 3
-Software Security: Level 3
-Self Tests: Level 3
*When operated in FIPS mode

-FIPS Approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC; AES; ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD160); MD2; MD5; SHA-256; SHA-384; SHA-512; RIPEMD 160; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent

Multi-chip standalone

"The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
223nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0
nShield F2 SCSI and nShield F2 Ultrasign SCSI
(Hardware Versions: nC4022W-400 and nC4022W-150, Build standard D; Firmware Version: 1.77.100)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware06/05/2002
07/22/2002
01/23/2004
03/09/2006
03/15/2006
Overall Level: 2

-Roles and Services: Level 3*
-Key Management: Level 3*
-Module Interfaces: Level 3
-Software Security: Level 3
-Self Tests: Level 3
*When operated in FIPS mode

-FIPS Approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC; AES; ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD160); MD2; MD5; SHA-256; SHA-384; SHA-512; RIPEMD 160; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent

Multi-chip standalone

"The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
222nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0
nShield F3 PCI and nShield F3 Ultrasign PCI
(Hardware Versions: nC4032P-300 and nC4032P-150, Build standard E; Firmware Version: 1.77.100)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware06/05/2002
07/22/2002
01/23/2004
03/09/2006
03/15/2006
Overall Level: 3

-Roles and Services: Level 3*
-Key Management: Level 3*
*When operated in FIPS mode

-FIPS Approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC; AES; ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD160); MD2; MD5; SHA-256; SHA-384; SHA-512; RIPEMD 160; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent

Multi-chip standalone

"The nCipher nShield "SEE Ready" range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
221nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0
nShield F3 SCSI, nShield F3 Ultrasign SCSI and payShield
(Hardware Versions: nC4032W-400 and nC4032W-150, Build standard D; Firmware Version: 1.77.100)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware06/05/2002
07/22/2002
10/04/2002
01/23/2004
03/09/2006
03/15/2006
Overall Level: 3

-Roles and Services: Level 3*
-Key Management: Level 3*
*When operated in FIPS mode

-FIPS Approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC; AES; ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD160); MD2; MD5; SHA-256; SHA-384; SHA-512; RIPEMD 160; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent

Multi-chip standalone

"The nCipher nShield "SEE Ready" range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions.

payShield meets the stringent security requirements of the online payments industry and speeds up cryptographic processing through its secure, tamper resistant hardware and dedicated cryptographic processors. In addition to generic cryptographic functions, payShield supports a number of payments specific protocols and functions which provide support for 3-D Secure, EMV and PIN processing."
220SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

Randy Kun
TEL: 613-723-5077
FAX: 613-723-5078

CST Lab: NVLAP 200017-0
Luna® XPplus
(Hardware Versions: 1 and 2; Firmware Version: 3.97)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware05/28/2002
10/18/2004
Overall Level: 3

-FIPS Approved algorithms: Triple-DES (Cert. #73); DSA (Cert. #51); SHA-1 (Cert. #64); Triple-DES MAC; RSA (ANSI X9.31, vendor affirmed)

-Other algorithms: DES (Cert. #134); DES MAC; RC2; RC4; RC5; CAST; CAST3; CAST5; CAST MAC; CAST 3 MAC; CAST 5 MAC; MD2; MD5; Diffie-Hellman (key agreement); RSA (Encryption/Decryption);

Multi-chip standalone

"Luna XPplus, Luna XL/XLR and XL/XLR Premium are cryptographic modules based on a board that is equivalent to two Luna CA3 tokens with hardware cryptographic acceleration support. The XL/XLR is configured as a Level 2 stand-alone module. The XPplus and XL/XLR Premium operate as subordinate devices in conjunction with a Luna CA3 token. Each module can support all cryptographic algorithms listed in Appendix A of the Luna XPplus, XL/XLR and XL/XLR Premium Security Policy."
219Oberthur Card Systems
4250 Pleasant Valley Road
Chantilly, VA 20151
USA

Antoine Kelman
TEL: 703-263-0100
FAX: 703-263-7134

CST Lab: NVLAP 200002-0
CosmopollC V4 Smart Card with ActivCard Applets
(Hardware Version: CosmpollC V4; Software Versions: Configurations CAC01-D904 and CAC02-D906)
(Certificate 219a supersedes and replaces Certificate 219)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware05/28/2002
12/12/2002
12/20/2002
02/27/2004
03/30/2004
09/23/2005
Overall Level: 2

-Software Security: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #87); SHA-1 (Cert. #75); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #148);

Single-chip

"The Oberthur Card Systems CosmopolIC product is a highly secure and powerful multi-application Java Card platform for smart card. With a better management of memory (ROM and EEPROM), it offers more space for the development of e-commerce, m-commerce, payment (Debit/ Credit), network access, pay-TV, loyalty and many other applications including WAP."
218SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

Randy Kun
TEL: 613-723-5077
FAX: 613-723-5078

CST Lab: NVLAP 200017-0
Luna® XLR Premium
(Hardware Versions: LXL-002-101 and LXL-003-001; Firmware Version: 3.96)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware04/30/2002
10/18/2004
Overall Level: 3

-FIPS Approved algorithms: Triple-DES (Cert. #73); DSA (Cert. #51); SHA-1 (Cert. #64); Triple-DES MAC; RSA (FIPS 186-2, vendor affirmed)

-Other algorithms: DES (Cert. #134); DES MAC; RC2; RC4; RC5; CAST; CAST3; CAST5; CAST MAC; CAST 3 MAC; CAST 5 MAC; MD2; MD5; Diffie-Hellman (key agreement); RSA (Encryption/Decryption);

Multi-chip standalone

"Luna® XLR Premium provides high-performance hardware-based key management and cryptographic acceleration for secure web servers, e-commerce servers and Internet-based financial systems in a 1U Rack-mount form factor. Combining the Luna® XLR with the proven Luna® CA3 cryptographic token, the Luna® XLR Premium offers the ultimate security solution for SSL transaction processing, based on the key management strength of the Luna® cryptographic engine and, at the same time, offers easily scalable improvement in system performance."
217SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

Randy Kun
TEL: 613-723-5077
FAX: 613-723-5078

CST Lab: NVLAP 200017-0
Luna® XLR
(Hardware Versions: LXL-002-101 and LXL-003-001; Firmware Version: 3.96)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware04/30/2002
10/18/2004
Overall Level: 2

-Physical Security: Level 3
-EMI/EMC: Level 3
-Software Security: Level 3
-Self Tests: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #73); DSA (Cert. #51); SHA-1 (Cert. #64); Triple-DES MAC; RSA (FIPS 186-2, vendor affirmed)

-Other algorithms: DES (Cert. #134); DES MAC; RC2; RC4; RC5; CAST; CAST3; CAST5; CAST MAC; CAST 3 MAC; CAST 5 MAC; MD2; MD5; Diffie-Hellman (key agreement); RSA (Encryption/Decryption);

Multi-chip standalone

"Luna® XLR provides high-performance hardware-based key management and cryptographic acceleration for secure web servers, e-commerce servers and Internet-based financial systems in a 1U Rack-mount form factor. Luna® XLR offers a highly secure solution for SSL transaction processing, based on the key management strength of the Luna® cryptographic engine and, at the same time, offers easily scalable improvement in system performance."
216SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

Randy Kun
TEL: 613-723-5077
FAX: 613-723-5078

CST Lab: NVLAP 200017-0
Luna® XL Premium
(Hardware Version: LXP-002-101; Firmware Version: 3.96)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware04/30/2002
10/18/2004
Overall Level: 3

-FIPS Approved algorithms: Triple-DES (Cert. #73); DSA (Cert. #51); SHA-1 (Cert. #64); Triple-DES MAC; RSA (FIPS 186-2, vendor affirmed)

-Other algorithms: DES (Cert. #134); DES MAC; RC2; RC4; RC5; CAST; CAST3; CAST5; CAST MAC; CAST 3 MAC; CAST 5 MAC; MD2; MD5; Diffie-Hellman (key agreement); RSA (Encryption/Decryption);

Multi-chip standalone

"Luna® XL Premium provides high-performance hardware-based key management and cryptographic acceleration for secure web servers, e-commerce servers and Internet-based financial systems in a desktop form factor. Combining the Luna® XL with the proven Luna® CA3 cryptographic token, the Luna® XL Premium offers the ultimate security solution for SSL transaction processing, based on the key management strength of the Luna® cryptographic engine and, at the same time, offers easily scalable improvement in system performance."
215SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

Randy Kun
TEL: 613-723-5077
FAX: 613-723-5078

CST Lab: NVLAP 200017-0
Luna® XL
(Hardware Version: LXP-002-101; Firmware Version: 3.96)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware04/30/2002
10/18/2004
Overall Level: 2

-Physical Security: Level 3
-EMI/EMC: Level 3
-Software Security: Level 3
-Self Tests: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #73); DSA (Cert. #51); SHA-1 (Cert. #64); Triple-DES MAC; RSA (FIPS 186-2, vendor affirmed)

-Other algorithms: DES (Cert. #134); DES MAC; RC2; RC4; RC5; CAST; CAST3; CAST5; CAST MAC; CAST 3 MAC; CAST 5 MAC; MD2; MD5; Diffie-Hellman (key agreement); RSA (Encryption/Decryption);

Multi-chip standalone

"Luna® XL provides high-performance hardware-based key management and cryptographic acceleration for secure web servers, e-commerce servers and Internet-based financial systems. Luna® XL offers a highly secure solution for SSL transaction processing, based on the key management strength of the Luna® cryptographic engine and, at the same time, improves system performance."
214SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

Randy Kun
TEL: 613-723-5077
FAX: 613-723-5078

CST Lab: NVLAP 200017-0
Luna® CA³
(Hardware Versions: 1 and 2; Firmware Versions: 3.97 and 3.102)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware04/30/2002
04/05/2004
10/18/2004
Overall Level: 3

-FIPS Approved algorithms: Triple-DES (Cert. #73); DSA (Cert. #13); SHA-1 (Cert. #64); Triple-DES MAC; RSA (ANSI X9.31, vendor affirmed)

-Other algorithms: DES (Cert. #32); DES MAC; RC2; RC4; RC5; CAST; CAST3; CAST5; CAST MAC; CAST 3 MAC; CAST 5 MAC; MD2; MD5; Diffie-Hellman (key agreement); RSA (Encryption/Decryption);

Multi-chip standalone

"The Luna® CA³ token securely stores data and keying material inside its cryptographic boundary. It also performs cryptographic operations on data provided by external applications using the keying material stored in the token. These abilities are defined as key management, object management, and cryptographic capability."
213Cryptek, Inc.
1501 Moran Road
Sterling, VA 20166
USA

Timothy Williams
TEL: 571-434-2000
FAX: 572-434-2001

CST Lab: NVLAP 100432-0
DiamondPak
(Part Number DP600, Hardware Version 2020, Software Versions 2.1.3, 2.1.4, 2.1.4A, 2.1.6 and 2.1.6.1)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware04/16/2002
04/16/2002
08/08/2002
02/25/2003
04/08/2005
Overall Level: 1

-Roles and Services: Level 2

-FIPS Approved algorithms: Triple-DES (Cert. #71); SHA-1 (Cert. #63)

-Other algorithms: DES (Cert. #132); Diffie-Hellman (key agreement); MD5

Multi-chip standalone

"DiamondPak™ is a rack-mounted network appliance for protecting multiple servers witheach server protected by a dedicated self-protecting DiamondTEK™ security computerenforcing a single security profile."
212Gemplus Corp. and ActivCard Inc.
Avenue du Pic de Bretagne
BP 100
Gémenos Cedex 13881
France

Lus Astier
TEL: +33 (0) 4 42 36 5000

Eric Le Saint
TEL: 510-745-0100 x6211

CST Lab: NVLAP 200427-0
Gemplus GemXpresso Pro E64 PK - FIPS ICC with ActivCard Applet Suite
(Hardware Version: GP92; Software Versions: GXP3-FIPS, GXP3-FIPS EI15, GXP3-FIPS EI15 with single ATR, and GXP3-FIPS EI19 with new ATR and fast ATR)

Validated to FIPS 140-1

Certificate

Security Policy

Vendor Product Link
Hardware04/10/2002
07/26/2002
07/15/2003
10/30/2003
01/19/2005
Overall Level: 2

-Physical Security: Level 3
-EMI/EMC: Level 3
-Software Security: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #95); SHA-1 (Cert. #82); RSA (PKCS#1; vendor affirmed)

-Other algorithms: DES (Cert. #155);

Single-chip

"The “GemXpresso Pro E64 PK – FIPS ICC with ActivCard Applet Suite” is basedon a Gemplus Open OS Smart Card with 64K of EEPROM, and on platform-independent cryptographic applets developed by ActivCard. The card and applets provide authentication and digital signature cryptographic services to end-users."
211Cisco Systems, Inc.
7025-6 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

Global Certification Team

CST Lab: NVLAP 200416-0
VPN 3002-8E and VPN 3002 Hardware Client
(Hardware Versions: Models 3002-8E and 3002; Firmware Version: 3.1 FIPS)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware03/26/2002
04/05/2002
06/10/2002
01/10/2003
05/24/2005
05/28/2010
02/23/2012
Overall Level: 2

-EMI/EMC: Level 3
-Software Security: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #86); DSA (Cert. #54); SHA-1 (Cert. #73); HMAC/SHA-1 (Cert. #73; vendor affirmed); RSA (PKCS#1; vendor affirmed)

-Other algorithms: DES (Cert. #147); MD5; HMAC/MD5; RC4; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Cisco VPN 3002-8E Hardware Client is a small hardware appliance that operates as a client in Virtual Private Networking (VPN) environments. It combines the best features of a software client, including scalability and easy deployment, with the stability and independence of a hardware platform."
210Cisco Systems, Inc.
7025-6 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

Global Certification Team

CST Lab: NVLAP 200416-0
VPN 3000 Concentrator Series
(Hardware Versions: models: 3005, 3015, 3030, 3060, 3080; Firmware Version: 3.1 FIPS)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware03/26/2002
01/10/2003
05/24/2005
05/28/2010
02/23/2012
Overall Level: 2

-Software Security: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #32 and #86); DSA/SHA-1 (Cert. #38); DSA (Cert. #54); SHA-1 (Cert. #73); RSA (PKCS#1; vendor affirmed); HMAC SHA-1 (Cert. #73; vendor affirmed)

-Other algorithms: DES (Certs. #100 and #147); MD5; HMAC/MD5; RC4; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Cisco VPN 3000 Concentrator Series is a family of purpose-built, remote access Virtual Private Network (VPN) platforms and client software that incorporates high availability, high performance and scalability with the most advanced encryption and authentication techniques available today."
209WinMagic Incorporated
200 Matheson Blvd W.
Suite 201
Mississauga, Ontario L5R 3L7
Canada

Thi Nguyen-Huu
TEL: 905-502-7000

CST Lab: NVLAP 200017-0
SecureDoc® Cryptographic Engine
(Software Version: 3.2)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Software03/26/2002
04/04/2002
05/08/2002
07/02/2007
Overall Level: 2

-Roles and Services: Level 3
-Operating System Security: Tested as meeting Level 2 with Microsoft Windows NT 4.0 with SP6a, TCSEC C2-rated on a Compaq Professional Workstation 5100

-FIPS Approved algorithms: Triple-DES (Cert. #7); SHA-1 (Cert. #76); AES (Cert. #1); Triple-DES MAC

-Other algorithms: DES (Cert. #87); DES MAC; RIPEMD 160; AES MAC

Multi-chip standalone

"SecureDoc® Cryptographic kernel used in all of WinMagic’s SecureDoc® cryptographic products including the Disk Encryption application and the Central Database administration facility."
208Check Point Software Technologies Ltd.
9900 Belward Campus Drive
Suite 250
Rockville, MD 20850
USA

David Ambrose
TEL: 703-628-2935

Malcolm Levy
TEL: +972-37534561

CST Lab: NVLAP 200002-0
Pointsec 4.1
(Software Version: 4.1)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Software03/21/2002
03/28/2002
06/18/2003
04/29/2008
05/28/2009
Overall Level: 1

-Operating System Security: Tested as meeting Level 1 with Microsoft Windows 2000, Windows 95 and NT Server/Workstation 4.0 (SP6a)

-FIPS Approved algorithms: Triple-DES (Cert. #85)

-Other algorithms: DES (Cert. #146); BLOWFISH; AES; CAST

Multi-chip standalone

"Pointsec version 4.1 employs hard disk encryption to guarantee that no users can access or manipulate information on an encrypted device, either from available files, erased files, or temporary files. Pointsec version 4.1 safeguards the operating system and the important systemfiles (which often contain clues to passwords for Windows), shared devices, and the network."
207Motorola, Inc.
8220 E. Roosevelt St.
Scottsdale, AZ 85257
USA

Randy Morton
TEL: 480-441-4472
FAX: 480-441-3580

CST Lab: NVLAP 100432-0
Key Management Facility Crypto Card (KMF CC)
(Hardware Version: Issue O; Software Version: R01.06)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware03/01/2002Overall Level: 1

-EMI/EMC: Level 3
-Software Security: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #82)

-Other algorithms: DES (Cert. #151); DES-XL; DVI-XL; DVP-XL; HCA

Multi-chip embedded

"The KMF CC provides encryption and decryption services for secure key management and Over-the-Air-Rekeying (OTAR) for Motorola’s Key Management Facility (KMF). The KMF and KMF CC combine to provide these cryptographic services for Motorola’s APCO-25 compliant Astro ™ radio systems."
206Axalto Inc.
36-38 rue de la Princesse BP 45
78431 Louveciennes
France

Francisco Alcalde
TEL: +33 1 3008 4685
FAX: +33 1 3008 4527

CST Lab: NVLAP 100432-0
Cryptoflex 8K Smart Card
(Hardware Version: ST19CF68 revision B; Firmware Version: v2)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware02/27/2002
09/21/2004
Overall Level: 2

-FIPS Approved algorithms: Triple-DES (Cert. #67); SHA-1 (Cert. #61)

-Other algorithms: RSA (non-compliant)

Single-chip

"Cryptoflex is a credit-card sized computer with a crypto-processor dedicated to security. Cryptoflex implements security industry functions based on public key cryptography directly onto the card, therefore eliminating the risk of sending secret data across a network. Keys and certificates for a variety of applications are stored in a single secure location, isolated from computer disks, which can fail or damaged and are susceptible to security breaches ad theft."
205SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0
Cylink ATM Encryptor
(Hardware Versions: 3.0 and 3.1, Cylink ATM Encryptor Models: 450-002-001, 450-002-002, 450-002-003, 450-002-004, 450-002-005, 450-002-006, 450-002-007, 450-003-001, 450-003-002, 450-003-003, 450-003-004, 450-003-005, 450-003-006, 450-003-007, 450-003-008 and 450-003-009; Firmware Versions: 4.0 and 4.1)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware01/31/2002
02/01/2002
06/17/2002
12/04/2003
10/18/2004
Overall Level: 2

-FIPS Approved algorithms: Triple-DES (Cert. #15); DSA/SHA-1 (Cert. #14)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip standalone

"The Cylink ATM Encryptor provides data privacy and access control for connections between vulnerable public and private ATM networks. It employs FIPS approved DES or Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in T1, E1, T3, E3, OC3c and OC12c networks. The Cylink ATM Encryptor can be centrally controlled or managed across multiple remote stations using Cylink's PrivaCy Manager®, an SNMP-based security management system."
204SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0
SafeEnterprise™ Frame Encryptor II (SFE II)
(Hardware Version: Version 16326-06(6B) and; Firmware Versions: 4.08, Firmware Version 4.09)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware01/31/2002
04/11/2002
07/18/2002
12/17/2002
12/27/2002
07/03/2003
10/19/2004
Overall Level: 3

-FIPS Approved algorithms: Triple-DES (Certs. #5 and #22); DSS (Cert. #57); SHA-1 (Cert. #81)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip standalone

"The SFE protects information flowing between nodes or sites of a frame relay network. It can be con-figured to either allow or disallow information flow between two frame relay nodes. Furthermore, the information flow can be either protected through encryption or passed without encryption. The SFE II supports Full-Duplex throughput of up to 4 Mbps and 1022 active secure connections."
203SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0
SafeEnterprise™ Frame Encryptor-L (SFE-L) and SafeEnterprise™ Frame Encryptor-H (SFE-H)
(Hardware Version: 4B & 5B; Firmware Version: 4.08)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware01/31/2002
04/11/2002
07/18/2002
07/03/2003
10/19/2004
Overall Level: 3

-FIPS Approved algorithms: Triple-DES (Certs. #21 and #22); DSS (Cert. #57); SHA-1 (Cert. #81)

-Other algorithms: DES (Certs. #11 and #20); Diffie-Hellman (key agreement)

Multi-chip standalone

"The SFE protects information flowing between nodes or sites of a frame relay network. It can be configured to either allow or disallow information flow between two frame relay nodes. Furthermore, the information flow can be either protected through encryption or passed without encryption. The SFE-L supports Full-Duplex throughput of 256 Kbps traffic and 32 active secure connections.The SFE-H supports Full-Duplex throughput of 8 Mbps and 1022 active secure connections."
202PrivyLink Pte Ltd.
77 Science Park Drive
#02-05/07
CINTECH III
Singapore Science Park 1 118254
Singapore

Daphne Tng
TEL: (65) 882-0700
FAX: (65) 872-5490

CST Lab: NVLAP 100432-0
TrustField™ Cryptographic Key Server, CKS Model 2000-J
(Version T2000, Hardware Version 2A, Firmware Version 2.0)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware01/25/2002Overall Level: 3

-Self Tests: Level 4

-FIPS Approved algorithms: Triple-DES (Cert. #62); ShA-1 (Cert. #53); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #123);

Multi-chip standalone

"TrustField™ Cryptographic Key Server (CKS) is a hardware security solution that offers a tamper-resistant environment for highly sensitive e-commerce transaction processing. It adds hardware-based security functionality to Internet, Intranet, Extranet, and enterprise applications such as Banking, e-Banking, Public Key Management for e-Commerce, and Secure e-Transaction."
201Neopost Online, Inc.
3400 Bridge Parkway
Suite 201
Redwood City, CA 94065
USA

Chandra Shah
TEL: 650-620-3600

CST Lab: NVLAP 200002-0
PROmail II
(Simply Postage III)

(Hardware Version: FAB 7480079; Software Version: 85)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware01/25/2002Overall Level: 3

-Physical Secuirty: Level 3 +EFT

-FIPS Approved algorithms: DSA/SHA-1 (Cert. #39)

-Other algorithms: N/A

Multi-chip embedded

"The Promail II is an electronic device developed by Neopost Online that storesrevenue and dispenses it to a host computer, such as a PC compatible, under control and direction of a Neopost Online customer. The Promail II attaches to andcommunicates with the host computer via either a serial or USB interface. Therevenue is dispensed from the Promail II in the form of a digitally signed indicium, aunique bit pattern that can be determined to have originated from a particular device at a particular point in time."