CMVP Main Page

Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules

Historical, 1995-1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016
All

Last Update: 5/25/2016)

It is important to note that the items on this list are cryptographic modules. A module may either be an embedded component of a product or application, or a complete product in-and-of-itself. If the cryptographic module is a component of a larger product or application, one should contact the product or application vendor in order to determine how the product utilizes the embedded validated cryptographic module. There may be a larger number of security products or applications available which use an embedded validated cryptographic module, than the number of modules which are found in this list. In addition, other vendors, who are not found in this list, may incorporate a validated cryptographic module from this list embedded into their own products.

When selecting a module from a vendor, verify that the module is either the product or application itself (e.g. VPN, SmartCard, USB memory token, etc.) or the module is embedded in a larger product or application (e.g. toolkit, etc.). If the module is embedded in a product or application, ask the product or application vendor to provide a signed letter or statement affirming that the unmodified validated cryptographic module is integrated in the solution; the module provides all the cryptographic services in the solution; and provide reference to the modules validation certificate number from this listing.

NOTE1: Module descriptions are provided by the module vendors and have not been verified for accuracy by the CMVP. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-Approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (e.g. allowed or non-FIPS-Approved algorithms) have not been tested through the CMVP.

NOTE2: The operator of a cryptographic module is responsible for ensuring that the algorithms and key lengths are in compliance with the requirements of NIST SP 800-131A.

NOTE3: All questions regarding the implementation and/or use of any module located on the CMVP module validation lists should first be directed to the appropriate vendor point-of-contact (listed for each entry).

Please contact the CMVP if any errors are discovered or comments with suggestions for improvement of the validation listings.

Cert#Vendor / CST LabCryptographic ModuleModule
Type
Val.
Date
Level / Description
372Giesecke & Devrient
45925 Horseshoe Drive
Dulles, VA 20166
USA

Michael Poitner
TEL: 650-312-1241
FAX: 650-312-8129

Jatin Deshpande
TEL: 650-312-8047
FAX: 650-312-8129

CST Lab: NVLAP 200002-0
STARCOS SPK 2.4 CHIP
(Hardware Version: P8WE 5032 M5.1; Software Version: CP5WxSPKI24-01-3-S_V0330)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware12/29/2003
03/19/2008
Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 2

-FIPS Approved algorithms: Triple-DES (Cert. #154); SHA-1 (Cert. #137); Triple-DES MAC (Cert. #154, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #200); DES MAC (Cert. #200, vendor affirmed)

Single-chip

"Giesecke & Devrient (G&D) Smart Card Chip Operating System Standard Version with Public Key Extension 2.4 (STARCOS SPK 2.4) is a scaleable multi-application operating system for smart cards and provides functionality that is necessary for public key infrastructure."
371Giesecke & Devrient
45925 Horseshoe Drive
Dulles, VA 20166
USA

Michael Poitner
TEL: 650-312-1241
FAX: 650-312-8129

Jatin Deshpande
TEL: 650-312-8047
FAX: 650-312-8129

CST Lab: NVLAP 200002-0
STARCOS SPK 2.4 in ID-1 Module
(Hardware Version: P8WE 5032 M5.1; Software Version: CP5WxSPKI24-01-3-S_V0330)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware12/29/2003
03/19/2008
Overall Level: 2

-FIPS Approved algorithms: Triple-DES (Cert. #154); SHA-1 (Cert. #137); Triple-DES MAC (Cert. #154, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #200); DES MAC (Cert. #200, vendor affirmed)

Single-chip

"Giesecke & Devrient (G&D) Smart Card Chip Operating System Standard Version with Public Key Extension 2.4 (STARCOS SPK 2.4) is a scaleable multi-application operating system for smart cards and provides functionality that is necessary for public key infrastructure."
370TECTIA Corporation
Kumpulantie 3
Helsinki FI-00520
Finland

Nicolas Gabriel-Robez
TEL: +358 20 500 7000
FAX: +358 20 500 7001

CST Lab: NVLAP 200583-0
SSH Cryptographic Library
(Software Version: 1.2.0)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Software12/24/2003
09/03/2004
09/21/2004
03/03/2006
03/06/2007
07/30/2010
Overall Level: 1

-EMI/EMC: Level 3
-Self-Tests: Level 4

-Operational Environment: Tested as meeting Level 1 with Windows XP, Solaris 8, AIX 4.3.3, HP-UX 11i (single user mode)

-FIPS Approved algorithms: AES (Cert. #52); Triple-DES (Cert. #162); DSA (Cert. #82); RSA (PKCS#1, vendor affirmed); SHA-1 (Cert. #145); HMAC-SHA-1 (Cert. #145, vendor affirmed)

-Other algorithms: DES (Cert. #207); MD5; SHA-256; HMAC-MD5; HMAC-SHA-1 96; CAST-128; Blowfish;Twofish; Arcfour; Diffie-Hellman (key agreement)

Multi-chip standalone

"The SSH Cryptographic Library is a standards-based shared library providing FIPS 140-2 certified cryptographic services for SSH Communications Security's security products. The library provides a rich API and a comprehensive set of state-of-the-art algorithms including AES, 3DES, SHA-1, HMAC, RSA and DSA."
369SPYRUS, Inc.
2355 Oakland Road
Suite 1
San Jose, CA 95131
USA

Tom Dickens
TEL: 408-953-0700
FAX: 408-953-9835

CST Lab: NVLAP 100432-0
Rosetta CSI sToken
(Software Versions: 4.2.2.0 and 4.2.2.1)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Software12/24/2003
10/14/2004
Overall Level: 1

-Roles, Services, and Authentication: Level 2
-EMI/EMC: Level 3
-Design Assurace: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000

-FIPS Approved algorithms: Skipjack (Cert. #12); DSA (Cert. #87); SHA-1 (Cert. #162)

-Other algorithms: DES (Cert #78); DES MAC (Cert #78, vendor affirmed); RC2; RSA (non-compliant); MD5; HMAC-SHA-1 (Cert #162, vendor-affirmed); KEA (key agreement); Triple-DES (Cert #179; non-compliant)

Multi-chip standalone

"The Rosetta CSI sToken is a software cryptographic token providing digital signature and encryption services in a PC environment. The Rosetta sToken provides for ease of use, deployment and the assurance provided through independent third party security validation."
368Entrust, Inc.
One Hanover Park
16633 Dallas Parkway
Suite 800
Addison, TX 75001
USA

Entrust Sales

CST Lab: NVLAP 200017-0
Entrust Authority™ Security Toolkit for C++
(Software Version: 6.2)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Software12/16/2003
05/28/2014
Overall Level: 1

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows XP, SP1a
Windows 2000, SP3
and Windows NT 4.0, SP 6a (single user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #6); Triple-DES MAC (Cert. #6, vendor affirmed); AES (Cert #59); DSA/SHA-1 (Cert #10); HMAC-SHA-1 (Cert #10, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert #56); DES MAC (Cert #56, vendor affirmed); CAST; CAST3; CAST5; IDEA; RC2; RC4; HMAC-MD5; HMAC-RIPEMD-160; CAST MAC; CAST3 MAC; CAST5 MAC; IDEA MAC; RC2 MAC; RC4 MAC; AES MAC; MD2; MD5; RIPEMD-160; SHA-256; DDiffie-Hellman (key agreement); SPEKE; ECDSA (non-compliant)

Multi-chip standalone

"The Kernel is a C++ class library of cryptographic functions bound together by a common object-oriented Application Programming Interface (API). Depending on the configuration and the runtime environment of the Kernel, the algorithms may be implemented in software, hardware, or a combination of both. The industry standard Cryptoki API, as described in PCKS #11, is used as the internal interface to hardware-based cryptographic tokens. Decisions are made at runtime whether to perform operations via cryptoki or in software, based on a table that records the crypto capabilities of particlular hardware devices. This table is built up at runtime by querying the actual token through Cryptoki."
3673e Technologies International, Inc.
700 King Farm Blvd.
Suite 600
Rockville, MD 20850
USA

Ryon Coleman
TEL: 301-944-1403

CST Lab: NVLAP 200427-0
3e-010F Cryptographic Client Software and 3e-010F-C Cryptographic Client Software for Intel® PRO/Wireless 2200BG Network Connection and Intel® PRO/Wireless 2915ABG Network Connection
(3e-010f: Software Versions 2.0, 2.01, and 2.04, and 3e-010F-C: Version 1.0 Build 14)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Software12/16/2003
01/20/2004
01/29/2004
05/25/2004
05/27/2004
11/04/2004
11/18/2004
Overall Level: 1

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows 2000, Windows XP, Windows NT 4.0 with Service Pack 6, Windows CE 3.0, and PocketPC 2003 (single user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #136 and #161); AES (Cert. #27); SHA-1 (Cert. #140); HMAC-SHA-1 (Cert. #140, vendlor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: N/A

Multi-chip standalone

"The 3e-010f Crypto Client Software provides advanced wireless RF data security with AES/3DES encryption plus Dynamic Key generation plus session protection. The advanced security options include the standards as established by FIPS-140-2 -- the Federal Information Processing Standards mandated by the US Department of Defense for use in wireless environments."
366M/A Com, Inc.
221 Jefferson Ridge Parkway
Lynchburg, VA 24501
USA

Stefan Backstrom
TEL: 434-455-6600
FAX: 434-455-6851

CST Lab: NVLAP 200002-0
EDACS ProVoice Orion System/Scan Mobile Two-Way FM Radios 806 - 870 MHz
(Hardware Versions: No's. D28LPXE and D28MPXE; Firmware Version: No. LZY213773/91 Rev 43A)

Revoked
DES Transition Ended

Security Policy
Hardware12/16/2003
01/23/2004
Overall Level: 1

-Other algorithms: DES (Cert. #218)

Multi-chip standalone

"The EDACS ProVoice Orion Mobile with FIPS 140-2 security level 1 validation provides digital voice for conventional and trunked communication environments. The Orion also allows for system and scan front mounting."
365Neopost Technologies
113, rue Jean-Marin Naudin
Bagneux 92220
France

Thierry Le Jaoudour
TEL: +33 (0) 1 45 36 30 36

CST Lab: NVLAP 100432-0
Neopostage PSD Module
(Hardware Version: P/N 04K9131; Software Version: 1.0.0.0)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware12/16/2003
10/03/2006
01/01/2014
Overall Level: 3

-Physical Security: Level 4

-FIPS Approved algorithms: Triple-DES (Cert. #124); SHA-1 (Cert. #107); DSA (Cert. #68); RSA (ANSI X9.31, vendor affirmed)

-Other algorithms: DES (Cert. #178); DSA (Cert. #84; non-compliant)

Multi-chip embedded

"The Neopostage Postal Security Device (PSD) Module functions as a software-based PSD that utilizes hardware-based cryptographic modules for securely managing and dispensing money and indicia via encryption and digital signature techniques. The module is ideally suited to Internet and high-volume mailing based applications requiring high-speed cryptographic functions. The module is designed to meet the applicable United States Postal Service Information-Based Indicium Program (USPS IBIP) specifications for postage meters."
364RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

Rohit Mathur
TEL: +61 7 3032 5220

CST Lab: NVLAP 200427-0
RSA BSAFE Crypto-C ME Toolkit
(Software Version: 1.7.2)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Software12/09/2003
04/07/2004
10/01/2004
01/04/2008
10/16/2008
09/07/2010
03/28/2011
01/24/2013
02/12/2016
Overall Level: 1

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000, RedHat Linux 7.1, Sun Solaris 8 (5.8), and Pocket PC 2002 (single user mode)

-FIPS Approved algorithms: DSA (Cert. #72); Triple-DES (Cert. #135); AES (Cert. #26); SHA-1 (Cert. #121); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #121, vendor affirmed)

-Other algorithms: DES (Cert. #186); SHA-2 (256, 384; 512); MD2; MD5; HMAC-MD5; RC2; RC4; RC5; Diffie-Hellman (key agreement); DSA (key sizes: 1032 to 4096 bits)

Multi-chip standalone

"The Crypto-C ME Module is RSA Security, Inc.'s cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors while offering great flexibility and choice by allowing developers to select only the algorithms needed in reduced code sizes. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the high-performing RC5, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
363IBM® Corporation
Saeumerstrasse 4
Rueschlikon, CH 8803
Switzerland

Michael Osborne
TEL: +41 1 724 8458

CST Lab: NVLAP 200427-0
JCOP21id 32K
(Hardware Version: P8WE5033AEV/034188i; Firmware Versions: Mask 20, Applet Version 1.0)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware11/26/2003Overall Level: 3

-FIPS Approved algorithms: Triple-DES (Cert.# 150); AES (Cert. # 44); SHA-1 (Cert.# 135); RSA (PKCS#1, vendor affirmed); Triple-DES MAC (Cert.#150, vendor affirmed)

-Other algorithms: DES (Cert.# 197); DES MAC (Cert. #197, vendor affirmed); AES MAC

Single-chip

"The JCOP21id is IBM's multi-application smart card, designed to the Java Card v2.1.1 and Global Platform v2.0.1 specifications. The smart card features IBM's PKCS#15 applet which provides standardized high-level security services including, 2048 bit key generation, DES, 3DES, SHA-1, RSA and AES. Additional features include biometric extensions as defined by the Java Card Forum and DAP/mandated DAP security for post issuance applets."
362RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

Rohit Mathur
TEL: +61 7 3032 5220

CST Lab: NVLAP 100432-0
RSA Applets on the Schlumberger Cyberflex Access 64k Platform
(Hardware Version: P/N M512LACC1; Firmware Versions: HardMask 5 V1 & SoftMask 2 V1, Applet Versions: ID Applet 00 01.00 09, GC Applet 00 01.00 09, PKI Applet 00 01.00 09)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware11/20/2003
10/16/2008
09/07/2010
02/12/2016
Overall Level: 2

-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #125); Triple-DES MAC (Cert. #125, vendor affirmed); SHA-1 (Cert. #108); RSA (PKCS #1, vendor affirmed)

-Other algorithms: DES (Cert. #179); DES MAC (Cert. #179, vendor affirmed)

Single-chip

"The RSA Applets on the Schlumberger Cyberflex Access 64k Platform module provides authentication, key generation and use, and secure data storage on a mobile platform. The module conforms to JavaCard 2.1.1, OpenPlatform 2.0.1, and GSC/IS 2.0. The module allows end-users to securely store certificates, key pairs, and passwords for authentication, public-key and single sign-on applications."
361Francotyp-Postalia GmbH
Triftweg 21-26
Birkenwerder D-16547
Germany

Dirk Rosenau
TEL: +49 3303 525 616
FAX: +49 3303 525 609

CST Lab: NVLAP 100432-0
Revenector
(Hardware Versions: P/N 58.0036.0001.00/05 and 58.0036.0006.00/02; Firmware Version: 3.22)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware11/20/2003Overall Level: 3

-FIPS Approved algorithms: RSA (PKCS #1, vendor affirmed); SHA-1 (Cert. # 158)

-Other algorithms: N/A

Multi-chip embedded

"Revenector is an embedded security device that can enhance the security of various kinds of appliances and computerized devices. The hardware of Revenector is designed to protect critical security parameters as well as application specific revenues. Its firmware enables hosting systems to load or update signed application specific firmware."
360Research in Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

Government Certifications Team
TEL: 519-888-7465 x2921
FAX: 519-886-4839

CST Lab: NVLAP 200017-0
BlackBerry® Cryptographic Kernel
(Firmware Versions: 3.6.1, 3.7, and 3.7.1)

Validated to FIPS 140-2

Certificate

Security Policy
Firmware11/20/2003
04/29/2004
08/24/2005
Overall Level: 1

-Design Assurance: Level 3
-Self Tests: Level 4
-Tested: BlackBerry® 5810 with the BlackBerry® OS, Version 3.6.1, 3.7 and 3.7.1

-FIPS Approved algorithms: Triple-DES (Cert. #167); SHA-1 (Cert. #147); HMAC-SHA-1 (Cert. #147, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: N/A

Multi-chip standalone

"BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-toend solution. The BlackBerry® Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry®."
359Mitsubishi Electric Corporation
5-1-1 Ofuna
Kamakura 247-8501
Japan

Tetsuo Nakakawaji
TEL: +81 0467 41 2186

CST Lab: NVLAP 200556-0
TurboMISTY
(Hardware Version: v1.01; Firmware Version: v2.1.3)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware11/20/2003Overall Level: 3

-FIPS Approved algorithms: Triple-DES (Cert. # 131); SHA-1 (Cert. #116); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #182); MD5; MISTY1

Multi-chip embedded

"PCI Encryption Accelerator Card"
358Fortress™ Technologies, Inc.
2 Technology Park Dr
Westford, MA 01886-3140
USA

Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0
AirFortress™ Client Cryptographic Module
(Software Version: 2.4.0)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Software11/20/2003
03/26/2010
05/17/2013
Overall Level: 1

-Software Security: Level 3
-Roles and Services: Level 2

-Operational Environment: Tested as meeting Level 1 with Windows XP Pro SP1
Windows 2000 SP2
Windows NT 4.0 SP2
Windows 98 2nd edition
Windows CE 3.0
PalmOS 4.1
MS DOS 6.20 (single user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #19); SHA-1 (Cert. #34); AES (Cert. #14); HMAC-SHA-1 (Cert. #34, vendor affirmed)

-Other algorithms: DES (Cert. #23); Diffie-Hellman (key agreement)

Multi-chip standalone

"The AirFortress™ Secure Client is a software module designed to deliver security on wireless devices such as bar scanners, handhelds, and laptops using various operating systems. A plug-and-play solution, the Client encrypts and decrypts communication across the WLAN and protects the device against attacks without user intervention."
357Research In Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

Government Certifications Team
TEL: 519-888-7465 x2921
FAX: 519-886-4839

CST Lab: NVLAP 200017-0
BlackBerry® Cryptographic Kernel
(Firmware Version: 3.6)

Validated to FIPS 140-2

Certificate

Security Policy
Firmware11/20/2003
04/29/2004
08/24/2005
Overall Level: 1

-Self Tests: Level 4
-Design Assurance: Level 3
-Tested: BlackBerry® 5810 with BlackBerry® OS, Version 3.6.0

-FIPS Approved algorithms: Triple-DES (Cert. #167); SHA-1 (Cert. #147); HMAC-SHA-1 (Cert. #147, vendor affirmed); RSA (PKCS #1, vendor affirmed)

-Other algorithms: N/A

Multi-chip standalone

"BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-toend solution. The BlackBerry® Cryptographic Kernel is the software module that provides the basic cryptographic functionality for theBlackBerry®."
356IBM® Corporation
Seaumerstrasse 4
Rueschlikon, CH 8803
Switzerland

Michael Osoborne
TEL: +41 1 724 8458
FAX: +41 1 724 8953

CST Lab: NVLAP 200427-0
IBM® CryptoLite in C
(Software Version: 3.0 (FIPS 140/Prod))
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Software11/20/2003Overall Level: 1

-Operational Environment: Tested as meeting Level 1 with Windows 2000 Professional with SP3
Red Hat Linux 8.0 (single user mode)

-FIPS Approved algorithms: SHA-1 (Cert. #163); Triple-DES (Cert. #180); AES (Cert. #70); DSA (Cert. #88); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #163, vendor affirmed)

-Other algorithms: DES (Cert. #220); MD2; MD5; RC2; RC4; RC6; MDC-1; MDC-2; MDC-4; Unix_crypt; Blowfish; SHA-256; SHA-384; SHA-512; Diffie-Hellman (key agreement)

Multi-chip standalone

"IBM CryptoLite is a C software package providing advanced cryptographic services in a very small footprint. CryptoLite supports public key encryption, digital signatures, symmetric ciphers, hash functions, message authentication codes, and other cryptographic algorithms through a simple programming interface. There are no runtime dependencies and the code has been optimized for high performance."
3553e Technologies International, Inc.
700 King Farm Blvd.
Suite 600
Rockville, MD 20850
USA

Ryon Coleman
TEL: 301-944-1403

CST Lab: NVLAP 200427-0
3e-521NP, 3e-522FIPS and 3e-530NP Wireless Gateways
(Hardware Versions: P/Ns 3e-521NP, 3e-522FIPS and 3e-530NP; Firmware Version: 2.0)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware10/27/2003Overall Level: 2

-FIPS Approved algorithms: Triple-DES (Certs. #136 and #161); AES (Cert. #27); SHA-1 (Cert. #140); HMAC-SHA-1 (Cert. #140, vendor affirmed)

-Other algorithms: RSA (PKCS#1, decryption, vendor affirmed); Diffie-Hellman (key agreement)

Multi-chip standalone

"The 3e family of Secure Wireless Gateways implements a cryptographic suite including AES, 3DES, SHA-1, HMAC SHA-1, Diffie-Hellman, and HTTPS/TLS. These algorithms are used in combination to protect the main Gateway services of bridging from wired uplink LAN to the wireless LAN, NAT routing from the wired uplink LAN to the wireless LAN, and DHCP service to the local LAN allowing a wired local LAN to exist over the local wireless LAN interface."
354IBM® Corporation
Seaumerstrasse 4
Rueschlikon, CH 8803
Switzerland

Michael Osoborne
TEL: +41 1 724 8458
FAX: +41 1 724 8953

CST Lab: NVLAP 200427-0
IBM CryptoLite in Java
(Software Version: 3.0)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Software10/27/2003Overall Level: 1

-Operational Environment: Tested as meeting Level 1 with Windows 2000 Professional with service pack 3 (JRE 1.3.1_03), Sun Solaris 5.8 (JRE 1.3.1), AIX 5.2 (JRE 1.3.1) (single user mode)

-FIPS Approved algorithms: SHA-1 (Cert. #148); Triple-DES (Cert. #163); AES (Cert.#53); DSA (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1(Cert. #148, vendor affirmed)

-Other algorithms: DES (Cert. #208); MD2; MD5; RC2; RC4; RC6; MDC-1; MDC-2, MDC-4; Unix_crypt; Blowfish; SHA-256; SHA-384; SHA-512; Diffie-Hellman (key agreement); RSA (encryption/decryption)

Multi-chip standalone

"IBM CryptoLite is a 100% Java software package providing advanced cryptographic services in a very small footprint. CryptoLite supports public key encryption, digital signatures, symmetric ciphers, hash functions, message authentication codes, and other cryptographic algorithms through a simple programming interface. There are no runtime dependencies and the code has been optimized for high performance. It runs on JDK 1.1 or higher."
353Fortress™ Technologies, Inc.
2 Technology Park Dr
Westford, MA 01886-3140
USA

Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0
NetFortress™ Cryptographic Kernel
(Standard Mode and Segemented Mode, Software Version 4.0)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Software10/27/2003
03/26/2010
05/17/2013
Overall Level: 1

-Roles and Services: Level 2
-Software Security: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #19); SHA-1 (Cert. #34)

-Other algorithms: DES (Cert. #23); Diffie-Hellman (key agreement); IDEA

Multi-chip standalone

"The NetFortress™ Cryptographic Kernel secures private communications among corporate divisions, branch offices, and mobile users. Installed by the vendor onto a production-quality hardware platform and deployable on any LAN or WAN, the NF Crypto Kernel provides encryption, data integrity checking, authentication, access control, data compression, and firewall capabilities; it is IPSec compliant."
352Neopost Technologies
113, rue Jean-Marin Naudin
Bagneux 92220
France

Thierry Le Jaoudour
TEL: +33 (0) 1 45 36 30 36

CST Lab: NVLAP 200002-0
NSD Postage Meter
(Versions (Hardware #4127906B-A, Software 10.2), (Hardware #4127906B-B, Software 10.2) and (Hardware #4127907C-A, Software 30.11, 30.13, 30.15 and 30.21))

Validated to FIPS 140-1

Certificate

Security Policy
Hardware10/21/2003
08/06/2004
08/09/2004
08/11/2004
10/06/2004
04/27/2005
10/18/2005
10/03/2006
Overall Level: 2

-Physical Security: Level 3 +EFT
-EMI/EMC: Level 3
-Software Security: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #119); SHA-1 (Cert. #41); DSA (Cert. #61); ECDSA (vendor affirmed); Triple-DES MAC (Cert. #119, vendor affirmed)

-Other algorithms: N/A

Multi-chip embedded

"The NSD module is a postage meter supporting accounting and cryptographic functions including the generation of 2D barcodes w/ECDSA signatures for secure electronic transactions. Associated with a document transport system and an inkjet print-head, the module is capable of processing up to 250 envelopes per minute."
351Certicom Corp.
5520 Explorer Drive
4th Floor
Mississauga, Ontario L4W 5L1
Canada

sales@certicom.com
TEL: 905-507-4220
FAX: 905-507-4230

CST Lab: NVLAP 200002-0
Security Builder® Government Solutions Edition (SBGSE)
(Software Version: 1)
(When operated in FIPS mode - for Palm)

Validated to FIPS 140-2

Certificate

Security Policy
Software10/10/2003
10/17/2003
03/06/2009
Overall Level: 1

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Palm OS 4.1

-FIPS Approved algorithms: Triple-DES (Cert. #100); AES (Cert. #5); SHA-1(Cert. #89); HMAC-SHA-1 (Cert. #89, vendor affirmed)

-Other algorithms: DES (Cert. #160); MD5; DESX; HMAC-MD5

Multi-chip standalone

"Security Builder GSE is a standards based cryptographic toolkit that provides application developers with sophistocated tools to flexibly integrate encryption, digital signatures and other security mechanisms into their applications. Security Builder provides the cryptographic core for Certicom's products, including movianCrypt, MovianVPN, SSL and wTLS Plus, and Trustpoint PKI products."
350IBM® Corporation
IBM/Tivoli
PO Box 3499
Australia Fair
Southport, Queensland 4215
Australia

Mike Thomas
TEL: +61 7 5552 4030
FAX: +61 7 5571 0420

Peter Waltenberg
TEL: +61 7 5552 4016
FAX: +61 7 5571 0420

CST Lab: NVLAP 200427-0
IBM® Crypto for C (ICC)
(Software Version: 0.1)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Software10/03/2003
08/23/2004
12/02/2004
Overall Level: 1

-Operational Environment: Tested as meeting Level 1 with SUN Solaris 5.8, AIX 5.2 and Windows 2000 (single user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #174); AES (Cert. #65); SHA-1 (Cert. #159); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #216); HMAC-SHA-1 (Cert #159, vendor affirmed; non-compliant); RC2; RC2-40; RC2-64; RC4; Blowfish; CAST; RSA (encryption/decryption); MD2; MD4; MD5; RIPEMD; HMAC-MD5

Multi-chip standalone

"The ICC is a C language implementation of cryptographic functions which uses the cryptographic library provided by the OpenSSL project. This enables IBM products to use an open source solution for cryptography and a FIPS 140-2 certified cryptographic provider."
349Colubris Networks Inc.
420 Armand-Frappier
Suite 200
Laval, Québec H7V 4B4
Canada

Stephane Laroche
TEL: 450-680-1661 x123
FAX: 450-680-1910

CST Lab: NVLAP 200427-0
Colubris CN1050 and CN1054 Wireless LAN Routers
(Hardware Versions: CN1050 and CN1054; Firmware Version: 1.24-01-1736)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware10/03/2003Overall Level: 2

-FIPS Approved algorithms: SHA-1 (Certs. #149, #150; #151); HMAC-SHA-1 (Certs. #149, #150; #151, vendor affirmed); Triple-DES (Certs. #164, #165; #166); AES (Certs. #54 and #55); RSA (ANSI X9.31, vendor affirmed)

-Other algorithms: DES (Cert. #209); MD4; MD5; HMAC-MD5; SHA-2; RC4; Diffie-Hellman (key agreement)

Multi-chip standalone

"Colubris CN105x Secure Wireless LAN Router enables strong security for wireless enterprise networking, using embedded IPSec VPN and firewall functionalities."
348Francotyp-Postalia GmbH
Triftweg 21-26
Birkenwerder D-16547
Germany

Dirk Rosenau
TEL: +49 3303 525 616
FAX: +49 3303 525 609

CST Lab: NVLAP 100432-0
Postal Revenector
(Hardware Version: P/N Version 58.0036.0001.00/05; Firmware Version: P/N Version 90.0036.0006.00/02)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware09/25/2003Overall Level: 3

-Physical Security: Level 3 +EFP

-FIPS Approved algorithms: Triple-DES (Cert. #39); SHA-1 (Cert. #43); RSA (PKCS #1, vendor affirmed); ECDSA (FIPS 186-2, vendor affirmed); HMAC-SHA-1 (Cert. #43, vendor affirmed)

-Other algorithms: DES (Cert. #108); DES MAC (Cert. #108, vendor affirmed); Diffie-Hellman (key agreement)

Multi-chip embedded

"The Francotyp-Postalia Postal Revenector employs strong encryption, decryption, and digital signature techniques for the protection of customer revenues in Francotyp-Postalia’s mail handlers. The Postal Revenector has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP)."
347Information Security Corporation
1141 Lake Cook Road
Suite D
Deerfield, IL 60015
USA

Michael J. Markowitz
TEL: 847-405-0500

CST Lab: NVLAP 200002-0
ISC Cryptographic Development Kit (CDK) V7.0
(Software Version: 7.0)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Software09/24/2003Overall Level: 1

-EMI/EMC: Level 3
-Software Security: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows 2000 (single user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #115); DSA (Cert. #65); AES (Cert. #9); Skipjack (Cert. #9); SHA-1 (Cert. #100); HMAC-SHA-1 (Cert. #100, vendor affirmed); ECDSA (vendor affirmed); RSA (PDCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #171); MD2; MD5; RC2; RC4; DESX; ElGamal; EC EIGamal; HMAC-MD5; SHA-256; SHA-384; SHA-512

Multi-chip standalone

"A software development toolkit providing a comprehensive set of cryptographic primitives for use in any application. includes RSA, DSA/Diffie-Hellman and elliptic curve algorithms, as well as a wide range of symmetric ciphers and hash functions."
346IBM® Corporation
2455 South Road / P330
Poughkeepsie, NY 12601
USA

Barry Ward
TEL: 845-435-4881
FAX: 845-435-5540

CST Lab: NVLAP 100432-0
Security Module with CP/Q++
(Hardware Versions: P/N 04K9036, EC CF75600M; Firmware Versions: Miniboot 0 Version A, Miniboot 1 Version A, CP/Q++ 2.41)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware09/24/2003Overall Level: 3

-Self Tests: Level 4

-FIPS Approved algorithms: Triple-DES (Certs. #4 and #124); DSA/SHA-1 (Cert. #34); SHA-1 (Cert. #107); DSA (Cert. #68); RSA (FIPS 186-2, vendor affirmed)

-Other algorithms: DES (Certs. #86 and #178); OAEP; RSA (ISO 9796)

Multi-chip embedded

"The Security Module with CP/Q++ is the security-sensitive portion of the IBM 4758Cryptographic Coprocessor. The Security Module is a tamper-responding, programmable module containing a CPU, encryption hardware, RAM, EEPROM, hardware random number generator, time of day clock, and firmware. The CP/Q++ control program provides basic services Coprocessor applications use for cryptographic and secure-storage processing. The validation affirms a secure environment in which to implement or extend an application program requiring secure storage, cryptographic capabilities, and processing integrity. The Coprocessor is available for use in typical PC servers and as features in IBM eServer iSeries, pSeries, and zSeries servers."
345IBM® Corporation
2455 South Road / P330
Poughkeepsie, NY 12601
USA

Barry Ward
TEL: 845-435-4881
FAX: 845-435-5540

CST Lab: NVLAP 100432-0
Security Module with CP/Q++
(Hardware Versions: P/N 04K9131, EC F 72272D; Firmware Versions: Miniboot 0 Version A, Miniboot 1 Version A, CP/Q++ 2.41)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware09/24/2003Overall Level: 3

-Physical Security: Level 4
-Self Tests: Level 4

-FIPS Approved algorithms: Triple-DES (Certs. #4 and #124); DSA/SHA-1 (Cert. #34); SHA-1 (Cert. #107); DSA (Cert. #68); RSA (FIPS 186-2, vendor affirmed)

-Other algorithms: DES (Certs. #86 and #178); OAEP; RSA (ISO 9796)

Multi-chip embedded

"The Security Module with CP/Q++ is the security-sensitive portion of the IBM 4758Cryptographic Coprocessor. The Security Module is a tamper-responding, programmable module containing a CPU, encryption hardware, RAM, EEPROM, hardware random number generator, time of day clock, and firmware. The CP/Q++ control program provides basic services Coprocessor applications use for cryptographic and secure- storage processing. The validation affirms a secure environment in which to implement or extend an application program requiring secure storage, cryptographic capabilities, and processing integrity. The Coprocessor is available for use in typical PC servers and as features in IBM eServer iSeries, pSeries, and zSeries servers."
344Stonesoft Corporation
115 Perimeter Center Place
Suite 1000
Atlanta, GA 30346
USA

Klaus Majewski
TEL: 678-259-3411
FAX: 770-668-1131

CST Lab: NVLAP 200002-0
StoneGate High Availability Firewall and VPN
(Firmware Version: 2.0.5)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Firmware09/16/2003
10/07/2003
04/29/2004
Overall Level: 1

-Tested: Debian GNU/Linux Version 3.0

-FIPS Approved algorithms: Triple-DES (Certs. #145, #146; #147); AES (Certs. #39 and #40); DSA (Certs. #77 and #78); SHA-1 (Certs. #131 and #132); HMAC-SHA-1 (Cert. #132, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #194); Blowfish; Twofish; CAST-128; SHA-256 (vendor affirmed; non-compliant); MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"StoneGate is a firewall and VPN software solution. It features clustering, load balancing between multiple ISPs, encrypted VPN client connectivityand advanced central administration tools."
343Wei Dai
13440 SE 24th Street
Bellevue, WA 98005
USA

Wei Dai
TEL: 425-562-9677

CST Lab: NVLAP 200002-0
Crypto++ Library
(Software Version: 5.0.4)

Validated to FIPS 140-2

Certificate

Security Policy
Software09/05/2003
10/28/2005
Overall Level: 1

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows 2000 Professional Operating System, Service Pack 1 (single user mode)

-FIPS Approved algorithms: AES (Cert. #87); Triple-DES (Cert. #198); Skipjack (Cert. #13); DSA (Cert. #79); SHA-1 (Cert. #134); HMAC-SHA-1 (Cert. #134, vendor affirmed); Triple-DES MAC (Cert. #198, vendor affirmed); ECDSA (vendor affirmed); RSA (PKCS #1, vendor affirmed)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip standalone

"The Crypto++ Library is a free, open source C++ class library providing public key encryption, digital signatures, symmetric ciphers, hash functions, message authentication codes, and other cryptographic algorithms. The dynamic link library (DLL) is FIPS 140-2 Level 1 validated. The source code of the validated module is available upon request."
342Eracom Technologies Group, Eracom Technologies Australia, Pty. Ltd.
28 Greg Chappell Drive
Burleigh Heads, QLD 4220
Australia

Gerry Scott
TEL: 916-677-2450
FAX: 916-677-2460

CST Lab: NVLAP 200427-0
ProtectHost Orange Hardware Security Module and ProtectHost Orange Hardware Security Module with ORGA FM
(Hardware Version: Revision A; Firmware Version: 1.34.00; Software Versions: 1.01.11, ORGA FM Version 1.2)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware09/05/2003
09/24/2003
10/18/2005
Overall Level: 3

-FIPS Approved algorithms: AES (Cert. #37); Triple-DES (Cert. #63); DSA (Cert. #47); ECDSA (vendor affirmed); HMAC-SHA-1 (Cert. #55); RSA (PKCS#1 and ANSI X9.31, vendor affirmed); SHA-1 (Cert. #55); Triple-DES MAC (Cert. #63, vendor affirmed)

-Other algorithms: DES (Cert. #124); DES MAC (Cert. #124, vendor affirmed); Diffie-Hellman (key agreement); CAST 128; IDEA; MD2; MD5; HMAC-MD5; RC2; RC4; RIPEMD-128; RIPEMD-160; HMAC-RIPEMD-128; HMAC-RIPEMD-160; CAST MAC; IDEA MAC; RC2 MAC; RC4 MAC

Multi-chip standalone

"The Eracom protecthost orange is an advanced Hardware Security Module (HSM) offering high speed cryptographic processing and key management. The module implements the PKCS#11 cryptographic API and provides a comprehensive compliance to the PKCS#11 standard as well as vendor specific extensions."
341ReefEdge, Inc.
2 Executive Dr.
Fort Lee, NJ 07024
USA

Silvia Ercolani
TEL: 201-242-9700
FAX: 201-242-9760

CST Lab: NVLAP 200556-0
Edge Controller 100x
(Hardware Version: v3.0; Software Version: v3.1.3)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware08/29/2003Overall Level: 2

-Self Tests: Level 4

-FIPS Approved algorithms: Triple-DES (Certs. #171, #172; #173); SHA-1 (Certs. #155, #156; #157); HMAC-SHA-1 (Certs. #155, #156; #157, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: RC4; MD5; HMAC-MD5

Multi-chip standalone

"The ReefEdge family of Edge Controllers provides perimeter security and high-speed subnet roaming to the ReefEdge Connect System, connecting an enterprise's access points to its wired LAN. Edge Controllers enforce access control rules, implement bandwidth management, and perform encryption, enabling users to roam freely - among offices, between floors, across campuses - without losing their secure connection."
340Dell Software, Inc.
5455 Great America Parkway
Santa Clara, CA 95054
USA

Lawrence Wagner
TEL: 408-752-7886

CST Lab: NVLAP 100432-0
Cisco CSS Series 11000 Secure Content Accelerator/SonicWALL SSL-RX
(Hardware Version: P/N 103-500000-00/101-500040-00 Rev E/Rev C; Firmware Version: 4.1)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware08/29/2003
04/25/2007
04/21/2015
Overall Level: 2

-FIPS Approved algorithms: SHA-1 (Cert. #146); HMAC-SHA-1 (Cert. #146, vendor affirmed); Triple-DES (Cert. #157); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #203); RC2; RC4; MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The SCA2/SSL-RX is an SSL proxy device designed for SSL acceleration and offloading. The SCA2/SSL-RX provides the ability to both terminate and initiate SSL connectio ns, converting cipher-text to clear-text, or clear-text to cipher-text."
339AKCode, LLC.
13130 Roundup Ave.
San Diego, CA 92129
USA

Robert Spraggs
TEL: 858-484-5634
FAX: 516-706-6468

CST Lab: NVLAP 100432-0
Anonymous Key Technology-C++ and Java Suite
(Software Versions: 1.0.0 and 1.0.2)

Validated to FIPS 140-2

Certificate

Security Policy
Software07/31/2003
10/06/2003
07/28/2005
08/24/2005
06/07/2013
03/20/2015
Overall Level: 1

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows 2000, XP, NT 4.00 and 7 x64
SUN Server Solaris Version 8, Linux 2.2, 2.4 and 2.4.18, Microsoft Internet Explorer 5.00 and Netscape 7.01-all configured in single user mode

-FIPS Approved algorithms: AES (Certs. #38, #47, #3193 and #3194); SHA-1 (Certs. #128, #142, #2640 and #2641); HMAC-SHA-1 (Certs. #128 and #142, vendor affirmed)

-Other algorithms: PPP (key transport)

Multi-chip standalone

"Product Description: “A non PKI based software suite to allow secure authenticated Internet transactions. The suite incorporates biometrics into the authentication and encryption algorithms. Currently, the suite has been tested with encrypted video conferencing, Internet email, secure Internet transactions, secure data storage and personal authentication. The suite uses smart cards, RF cards, and USB storage devices as personal authentication devices. Operating systems tested include the full suite of Microsoft, LINUX, and SUN Solaris. Supports Windows Mobile, MAC iOS, MAC OSX and Google Android, in version 1.0.2, though not operationally tested. The suite has both client and server components, thus enabling a complete secure solution without using traditional PKI."
338Axalto Inc.
8311 North FM 620 Rd.
Austin, TX 78726
USA

David Teo
TEL: 512-257-3895
FAX: 512-257-3881

CST Lab: NVLAP 100432-0
Cyberflex Access e-gate 32K
(Hardware Version: P/N M256LCAEG1; Firmware Versions: HardMask 2v2, SoftMask 3v1)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware07/07/2003
09/21/2004
05/25/2006
Overall Level: 3

-FIPS Approved algorithms: Triple-DES (Cert. #143); Triple-DES MAC (Cert. #143, vendor affirmed); SHA-1 (Cert. #129); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #192); DES MAC (Cert. #192, vendor affirmed);

Single-chip

"Cybeflex Access e-gate 32K serves as a highly portable, secure token for enhancing the security of network access and ensuring secure electronic communications, supporting on-card DES (used only for legacy systems) and RSA algorithms with on-card key generation. It is compliant to Java Card v2.1.1 and Open Platform v2.0.1. The card incorporates, apart from the conventional ISO 7816-3 interface, also the USB interface normally resident in the smart card reader. Thus, it bridges the gulf between the public terminal infrastructure (ISO 7816-3) and the PC world (USB). The Cyberflex Access e-gate 32K is part of a range of Schlumberger highly secure, Java-based smart cards for physical and logical access, e-transactions and other applications."
337Phaos Technology Corporation
520 Madison Avenue
30th Floor
New York, NY 10022
USA

Darren Calman
TEL: 212-508-7700

CST Lab: NVLAP 200427-0
Phaos Crypto
(Software Versions: 3.0 and 3.0.1)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Software07/07/2003
04/30/2004
08/23/2004
Overall Level: 1

-Operational Environment: Tested as meeting Level 1 with Window 2000 (Single User mode), Sun Java 2 Runtime Environment (V1.3.1)

-FIPS Approved algorithms: AES (Cert. #42); Triple-DES (Cert. #148); SHA-1 (Cert. #138); HMAC-SHA-1 (Cert. #138, vendor affirmed); RSA (PKCS#1, vendor affirmed); DSA (Cert. #81); ECDSA (vendor affirmed)

-Other algorithms: DES (Cert. #195); RC2; RC4; Blowfish; MD2; MD4; MD5; SHA-2; RSA (encryption/decryption);Diffie-Hellman (key agreement); EC Diffie-Hellman (key agreement)

Multi-chip standalone

"Phaos Crypto provides a state-of-the-art set of core cryptography algorithms in Java. It includes a comprehensive cryptographic library supporting the most current algorithms like AES, RSA-OAEP, SHA- 256/384/512, X.9-42 as well as legacy algorithms that are still used in corporate systems like 3DES, DES, MD2 etc.. Phaos Crypto allows developers to integrate cryptography into any Java application or applet. For high security deployments, Phaos Crypto provides transparent migration to cryptographic hardware without requiring any changes to existing applications."
336Motorola, Inc.
8220 E Roosevelt St.
Scottsdale, AZ 85257
USA

Randy Morton
TEL: 480-441-4472
FAX: 480-441-3580

CST Lab: NVLAP 100432-0
Digital Interface Unit Crypto Module (DIU CM)
(Hardware Version: P/N T6721A Version CLN7611C; Firmware Versions: R82.00.02 and R82.01.02)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware07/07/2003
01/05/2004
03/30/2004
Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #82); AES (Cert. #2)

-Other algorithms: DES (Cert. #151); DES MAC (Cert. #151, vendor affirmed); DES-XL; DVI-XL; DVP-XL; HCA; AES MAC (Cert #2, P25 AES OTAR, vendor affirmed)

Multi-chip embedded

"The DIU CM provides secure voice and Over-the-Air-Rekeying (OTAR) advanced key management for Motorola’s Digital Interface Unit (DIU). The DIU and DIU CM combine to provide these cryptographic services for Motorola’s APCO-25 compliantAstro ™ family of console and base station radio infrastructure equipment."
335NetScreen Technologies, Inc.
805 11th Avenue
Building 3
Sunnyvale, CA 94089
USA

Lee Klarich
TEL: 408-543-8209
FAX: 408-543-8200

CST Lab: NVLAP 100432-0
NetScreen-204/208
(Hardware Versions: P/N NS-204 and NS-208 Version 0110(0); Software Version: ScreenOS 4.0.0r7.3)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware07/07/2003
08/29/2003
Overall Level: 2

-FIPS Approved algorithms: AES (Cert. #11); Triple-DES (Certs. #49 and #118); DSA/SHA-1 (Cert. #76); SHA-1 (Cert. #103); RSA (PKCS #1, vendor affirmed); HMAC-SHA-1 (Cert. #103, vendor affirmed)

-Other algorithms: DES (Certs. #114 and #174); MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The NetScreen-204/208 are purpose-built network security appliances that deliver firewall, VPN, and traffic shaping optimized for the most demanding environments such as medium and large enterprise offices, e-business sites, data centers, and carrier infrastructures."
334NetScreen Technologies, Inc.
805 11th Avenue
Building 3
Sunnyvale, CA 94089
USA

Lee Klarich
TEL: 408-543-8209
FAX: 408-543-8200

CST Lab: NVLAP 100432-0
NetScreen-500
(Hardware Version: P/N NS-500 Version 4110(0); Software Version: ScreenOS 4.0.0r7.3)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware07/07/2003
08/29/2003
Overall Level: 2

-FIPS Approved algorithms: AES (Cert. #12); Triple-DES (Certs. #49 and #50); DSA/SHA-1 (Cert. #75); SHA-1 (Cert. #47); RSA (PKCS #1, vendor affirmed); HMAC-SHA-1 (Cert. #47, vendor affirmed)

-Other algorithms: DES (Certs. #114 and #115); MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The NetScreen-500 is a purpose-built internet security appliance that provides advanced firewall, IPSec VPN, and traffic management functionality, optimized for the most demanding environments such as medium and large enterprise offices, carrier infrastructures, or service providers."
333nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801
USA

sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0
nCipher PMC 1600 PCI
(Hardware Versions: nC3033M-4K0, Build Standard A; Firmware Version: 2.1.23-3)
(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware06/27/2003Overall Level: 3

-Self Tests: Level 4

-FIPS Approved algorithms: Triple-DES (Cert. #109); Triple-DES MAC (Cert. #109, vendor affirmed); AES (Cert. #15); DSA (Cert. #60); SHA-1 (Cert. #95); HMAC-SHA-1 (Cert. #95, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #173); DES MAC (Cert. #173, vendor affirmed); ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; MD2; MD5; SEED; KCDSA; HAS 160

Multi-chip embedded

"The nCipher PMC 1600 PCI secure e-Commerce SSL family of secure ecommerceaccelerators are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher PMC 1600 PCI is a FIPS 140-2 level 3 embedded device. The nCipher PMC 1600 PCI improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, e-commerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging."
332nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801
USA

sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0
nCipher PMC 1600 PCI
(Hardware Versions: nC3033M-4K0, Build Standard A; Firmware Version: 2.1.23-2)
(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware06/27/2003Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Self Tests: Level 4

-FIPS Approved algorithms: Triple-DES (Cert. #109); Triple-DES MAC (Cert. #109, vendor affirmed); AES (Cert. #15); DSA (Cert. #60); SHA-1 (Cert. #95); HMAC-SHA-1 (Cert. #95, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #173); DES MAC (Cert. #173, vendor affirmed); ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; MD2; MD5; SEED; KCDSA; HAS 160

Multi-chip embedded

"The nCipher PMC 1600 PCI secure e-Commerce SSL family of secure ecommerceaccelerators are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher PMC 1600 PCI may be initialized as a FIPS 140-2 level 2 embedded device. The nCipher PMC 1600 PCI improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, e-commerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging."
331Motorola, Inc.
8220 E Roosevelt St.
Scottsdale, AZ 85257
USA

Randy Morton
TEL: 480-441-4472
FAX: 480-441-3580

CST Lab: NVLAP 100432-0
Key Management Facility Crypto Card (KMF CC)
(Hardware Versions: P/N T6722A Versions CLN7612B and CLN8306C; Firmware Version: R01.08)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware06/27/2003
03/30/2004
02/10/2011
Overall Level: 1

-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #2); Triple-DES (Cert. #82)

-Other algorithms: DES (Cert. #151); DES MAC (Cert. #151, vendor affirmed); DES-XL; DVI-XL; DVP-XL; HCA; AES MAC (Cert #2, P25 AES OTAR, vendor affirmed)

Multi-chip embedded

"The KMF CC provides encryption and decryption services for secure key management and Over-the-Air-Rekeying (OTAR) for Motorola’s Key Management Facility (KMF). The KMF and KMF CC combine to provide these cryptographic services for Motorola’s APCO-25 compliant Astro ™ radio systems."
330Lipman Electronic Engineering Ltd.
11 Haamal Street
Park Afek, Rosh Haayin 48092
Israel

David S. Kaplan
TEL: 972-3-902-9730
FAX: 972-3-902-9731

CST Lab: NVLAP 100432-0
NURIT 202 PIN Pad
(Hardware Versions: P/N NURIT 0202-XXX-M21-YYY [XXX: Country Code, YYY: Color Code]*; Firmware Version: M02.25)
(Refer to the cryptographic module’s security policy for the details on the letters)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware06/27/2003
04/30/2004
Overall Level: 2

-FIPS Approved algorithms: Triple-DES (Cert. #123); Triple-DES MAC (Cert. #123, vendor affirmed)

-Other algorithms: DES (Cert. #177); DES MAC (Cert. #177, vendor affirmed)

Multi-chip standalone

"The NURIT 202 is an advanced, easy-to- use handheld PIN Pad allowing for protected debit/credit transactions. The NURT 202 can be interconnected with any NURIT point-of-sale (POS) terminal, or terminals of other manufacturers."
329CyberGuard Corporation
2000 W. Commercial
Blvd Suite 200
Ft. Lauderdale, FL 33309
USA

Soheila Amiri
TEL: 954-958-3900

CST Lab: NVLAP 200416-0
CyberGuard Cryptographic Module
(Software Version: : 5.0P1f)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Software06/27/2003Overall Level: 1

-Roles and Services: Level 2
-Software Security: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #102); SHA-1 (Cert. #109); AES (Cert. #6); DSA (Cert. #69); HMAC-SHA-1 (Cert. #109, vendor affirmed)

-Other algorithms: DES (Cert. #161); Diffie-Hellman (key agreement); Twofish; Blowfish; CAST-128; MD5; Tiger192; RIPEMD-160; HMAC-MD5

Multi-chip standalone

"The CyberGuard Firewall/VPN is a packet-filtering and application proxy gateway, which allows or blocks the routing of specific network services between networks based on a set of administrator-defined rules."
328Bodacion Technologies
18-3 E Dundee Rd
Suite 300
Barrington, IL 60010
USA

Eric Uner
TEL: 847-842-9008

CST Lab: NVLAP 200416-0
HYDRA Server Cryptographic Module
(Hardware Version: 1.4; Firmware Version: 1.4)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware06/27/2003Overall Level: 1

-FIPS Approved algorithms: Triple-DES (Cert. #126); SHA-1 (Cert. #110)

-Other algorithms: RSA (non-compliant); AES (non-compliant); RC4; MD5

Multi-chip standalone

"HYDRA is an internet server built without an operating system from the ground up to be totally secure. It contains everything you need to run a high-performance, secure Web site including HTTP, HTTPS, and FTP servers, Web-based administration, and Java/JSP capabilities."
327Axalto Inc.
8311 North FM 620 Road
Austin, TX 78726
USA

David Teo
TEL: 512-257-3895
FAX: 512-257-3881

CST Lab: NVLAP 100432-0
Schlumberger Cyberflex Access 32K Smart Card Module with Schlumberger PKI Applets
(Hardware Version: P/N SLE66CX320P; Firmware Versions: Softmask 7 V2, Hardmask 2 V2; Applets: Gina Applet Version 1.1, Smart Login Applet Version 1.1, PKI Applet Version1.1)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware06/17/2003
09/21/2004
05/25/2006
Overall Level: 2

-Physical Security: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #65); Triple-DES MAC (Cert. #65, vendor affirmed); SHA-1 (Cert. #57); RSA (PKCS#1, vendor affirmed)

-Other algorithms: N/A

Single-chip

"The Schlumberger Cyberflex Access 32K Smart Card Module with Schlumberger PKI Applets is a single chip implementation of a Java Card 2.1.1 compliant smart card module. It is also compliant with OP 2.0.1, thus establishing a well defined security infrastructure through applet instantiation, key management and security policy configuration which can be performed using FIPS 140-2 compliant mechanisms."
326NetScreen Technologies, Inc.
805 11th Avenue
Building 3
Sunnyvale, CA 94089
USA

Lee Klarich
TEL: 408-543-8209
FAX: 408-543-8200

CST Lab: NVLAP 100432-0
NetScreen-5200
(Hardware Version: P/N NS-5200 Version 3010(0); Firmware Version: 4.0.0r7.3)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware06/17/2003
08/29/2003
Overall Level: 2

-FIPS Approved algorithms: AES (Cert. #11); Triple-DES (Certs. #118 and #133); DSA/SHA-1 (Cert. #76); SHA-1 (Certs. #103 and #119); RSA (PKCS #1, vendor affirmed); HMAC-SHA-1(Certs. #103 and #119, vendor affirmed)

-Other algorithms: DES (Certs. #174 and #184); MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The NetScreen-5200 is a purpose-built internet security appliance that provides advanced firewall and IPSec VPN functionality, optimized for the most demanding environments such as large enterprise offices, carrier infrastructures, or service providers. The NetScreen-5200 is capable of 2 Gbps 3DES VPN throughput."
325NetScreen Technologies, Inc.
805 11th Avenue
Building 3
Sunnyvale, CA 94089
USA

Lee Klarich
TEL: 408-543-8209
FAX: 408-543-8200

CST Lab: NVLAP 100432-0
NetScreen-5XT
(Hardware Version: P/N NS-5XT Version 3010(0); Firmware Version: 4.0.0r7.3)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware06/17/2003
08/29/2003
Overall Level: 2

-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Cert. #11); Triple-DES (Certs. #49 and #118); DSA/SHA-1 (Cert. #76); SHA-1 (Cert. #103); RSA (PKCS #1, vendor affirmed); HMAC-SHA-1 (Cert. #103, vendor affirmed)

-Other algorithms: DES (Certs. #114 and #174); MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The NetScreen-5XT is a purpose-built internet network security appliance that delivers firewall, VPN, and traffic management optimized for remote offices, home offices, and telecommuters."
324IP Dynamics, Inc.
2880 Stevens Creek Boulevard
San Jose, CA 95128
USA

Zulfikar Ramzan
TEL: 408-961-6349
FAX: 408-961-6390

CST Lab: NVLAP 100432-0
VCN Member Agent Cryptographic Module
(Software Version: 4.2)

Validated to FIPS 140-2

Certificate

Security Policy
Software06/06/2003Overall Level: 1

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Window 2000 professional, Service Pack 2 Operation System (single-user mode)

-FIPS Approved algorithms: AES (Cert. #34); SHA-1 (Cert. #126); HMAC-SHA-1 (Cert. #126, vendor affirmed); Triple-DES (Cert. #141)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip standalone

"IP Dynamics’ VCN Software Suite creates a secure network services layer above the flat Internet address space allowing the creation of dynamic virtual communities, which are the secure, collaborative communications platforms designed for a wide range of intranet, extranet, remote access and collaboration applications."
323IP Dynamics, Inc.
2880 Stevens Creek Boulevard
San Jose, CA 95128
USA

Zulfikar Ramzan
TEL: 408-961-6349
FAX: 408-961-6390

CST Lab: NVLAP 100432-0
VCN Manager Cryptographic Module
(Software Version: 4.2)

Validated to FIPS 140-2

Certificate

Security Policy
Software06/06/2003
06/27/2003
Overall Level: 1

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 2 with Solaris Version 8 FCS with AdminSuite Version 3.0.1 FCS with patches 108875 and 108879-02 for SPARC platforms, Sun Ultra 10 with UltraSPARC IIi 333MHz, JDK 1.4.0

-FIPS Approved algorithms: AES (Cert. #34); SHA-1 (Cert. #126); HMAC-SHA-1 (Cert. #126, vendor affirmed)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip standalone

"IP Dynamics’ VCN Software Suite creates a secure network services layer above the flat Internet address space allowing the creation of dynamic virtual communities, which are the secure, collaborative communications platforms designed for a wide range of intranet, extranet, remote access and collaboration applications."
322Palm Solutions Group
400 N. McCarthy Blvd
Milpitas, CA 95035
USA

Rebecca Taylor
TEL: 408-503-7500
FAX: 408-503-2750

CST Lab: NVLAP 100432-0
Crypto Manager
(Software Version: 2.0)

Validated to FIPS 140-2

Certificate

Security Policy
Software06/06/2003Overall Level: 1

-Operational Environment: Tested as meeting Level 1 with Palm OS 4.1

-FIPS Approved algorithms: AES (Cert. #19); SHA-1 (Cert. #115); HMAC-SHA-1 (Cert. #115, vendor affirmed)

-Other algorithms: N/A

Multi-chip standalone

"Crypto Manager Version 2.0 provides cryptographic services to applications on the Palm platform. Using the Crypto Manager API (Application Programming Interface), application developers can access strong cryptographic services without having expertise in cryptography. Crypto manager is designed to be usedon any devices running Palm OS 3.0 or higher. It features strong encryption viaAES, HMAC SHA-1 message authentication and SHA-1 digests Crypto Manager is built to comply with FIPS 140-2 Level 1."
321IBM® Corporation
CC1A/502/K301
4205 S. Miami Blvd.
Durham, NC 27703
USA

Keith Medlin
TEL: 919-543-2014
FAX: 919-486-0675

CST Lab: NVLAP 200556-0
IBM® Everyplace™ Wireless Gateway Cryptographic Module
(Software Version: 1.6)

Validated to FIPS 140-2

Certificate

Security Policy
Software05/29/2003Overall Level: 2

-Operational Environment: Tested as meeting Level 2 with Trusted Solaris 8 4/01 EAL4 (Solaris SunBlade 1000)
AIX 5L Version 5.2 EAL4+ (IBM pSeries 660 Model 6H1)

-FIPS Approved algorithms: Triple-DES (Cert. #142); AES (Cert. #36); SHA-1 (Cert. #127); DSA (Cert. #74)

-Other algorithms: DES (Cert. #191)

Multi-chip standalone

"The IBM® Everyplace Wireless Gateway Cryptographic Module provides encryption and other cryptographic services for the IBM® Everyplace Wireless Gateway for Multiplatforms. The IBM® Everyplace Wireless Gateway for Multiplatforms is a distributed, scalable, multipurpose UNIX® communications platform that can support optimized, security-enhanced data access by both Wireless Application Protocol (WAP) clients and non- WAP clients over a wide range of international wireless networktechnologies, as well as local area (LAN) and wide area (WAN) wire line networks. The cryptographic module was tested on a AIX Version 5.2 platform."
320IBM® Corporation
CC1A/502/K301
4205 S. Miami Blvd.
Durham, NC 27703
USA

Keith Medlin
TEL: 919-543-2014
FAX: 919-486-0675

CST Lab: NVLAP 200556-0
IBM® Everyplace™ Wireless Gateway Cryptographic Module
(Software Version: 1.6)

Validated to FIPS 140-2

Certificate

Security Policy
Software05/29/2003Overall Level: 1

-Roles, Services, and Authentication: Level 2
-EMI/EMC: Level 3
-Design Assurance: Level 2

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000 SP2
Microsoft Pocket PC 2002

-FIPS Approved algorithms: Triple-DES (Cert. #142); AES (Cert. #36); SHA-1 (Cert. #127); DSA (Cert. #74)

-Other algorithms: DES (Cert. #191)

Multi-chip standalone

"The IBM® Everyplace Wireless Gateway Cryptographic Module provides encryption and other cryptographic services for the IBM® Everyplace Wireless Gateway for Multiplatforms. The IBM® Everyplace Wireless Gateway for Multiplatforms is a distributed, scalable, multipurpose UNIX® communications platform that can support optimized, securityenhanced data access by both Wireless Application Protocol (WAP) clients and non-WAP clients over a wide range of international wireless networktechnologies, as well as local area (LAN) and wide area (WAN) wire line networks."
319ActivCard, Inc.
6623 Dumbarton Circle
Fremont, CA 94555
USA

Eric Le Saint
TEL: 510-574-0100
FAX: 510-574-0101

CST Lab: NVLAP 100432-0
Cyberflex Access 64K v1 with ActivCard applet suite
(Hardware Versions: P/N M512LACC1, FW HardMask 5 v1 & SoftMask 2 v1 and 4 v1, Applet versions: ID Applet 1.0.0.23, 1.0.0.24 and 1.14.0.19, PKI Applet 1.0.0.26, 1.0.0.30 and 1.14.0.21, GC Applet 1.0.0.26 and 1.0.0.28)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware05/29/2003
10/03/2003
12/03/2003
08/03/2004
Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: Triple-DES (Cert #125); Triple-DES MAC; SHA-1 (Cert. #108); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #179); DES MAC

Single-chip

"Cyberflex Access 64K v1 with ActivCard applet suite, which incorporates PKI (public key infrastructure) and digital signature technology, serve as highly portable, secure tokens for enhancing the security of network access and ensuring secure electronic communications. The SmartCard platform has on board Triple DES and RSA algorithms and can provide on board key generation. It is compliant to Java Card V2.1.1 and Open Platform V2.0.1."
318Axalto Inc.
8311 North FM 620 Road
Austin, TX 78726
USA

David Teo
TEL: 512-257-3895
FAX: 512-257-3881

CST Lab: NVLAP 100432-0
Cyberflex Access 64K
(Hardware Version: M512LACC1; Firmware Versions: HardMask 5v1, SoftMask 2v1, 4v1, and 4v2)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware05/29/2003
07/03/2003
07/15/2003
06/25/2004
09/21/2004
06/06/2005
05/25/2006
Overall Level: 3

-FIPS Approved algorithms: Triple-DES (Cert. #125); Triple-DES MAC; SHA-1 (Cert. #108); RSA (PKCS #1, vendor affirmed)

-Other algorithms: DES (Cert. #179); DES MAC

Single-chip

"The Cyberflex Access 64K can be employed in solutio ns which provide secure PKI (public key infrastructure) and digital signature technology. Cyberflex Access 64K serves as a highly portable, secure token for enhancing the security of network access and ensuring secure electronic communications. Cyberflex Access 64K supports on-card Triple DES and 1024-bit RSA algorithms with on-card key generation. It is compliant to Java Card v2.1.1 and Open Platform v2.0.1. The Cyberflex Access 64K is part of a range of Schlumberger highly secure, Java-based smart cards for physical and logical access, e-transactions and other applications."
317Motorola, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

Kirk Mathews
TEL: 847-576-4101
FAX: 847-538-2770

CST Lab: NVLAP 100432-0
Astro Subscriber Encryption Module
(Hardware Versions: HW PNs Astro Saber, Astro Spectra, Astro Consolette-NTN8967C, Astro XTS3000-0105956v67, FW v03.55, and v03.56)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware05/29/2003
06/11/2003
03/30/2004
Overall Level: 1

-Roles, Services, and Authentication: Level 2

-FIPS Approved algorithms: Triple-DES (Cert. #82); AES (Cert. #2)

-Other algorithms: DES (Cert. #151); DES MAC (Cert. #151, vendor affirmed); DES-XL; DVI-XL; DVI-SPFL; DVP-XL; SHA-1 (non-compliant); AES MAC (Cert #2, P25 AES OTAR, vendor affirmed)

Multi-chip embedded

"Encryption modules used in Motorola Astro family of radios provide secure voice and data capabilities as well as APCO Over-the-Air-Rekeying (OTAR) and advanced key management."
316Certicom Corp.
5520 Explorer Drive
4th Floor
Mississauga, Ontario L4W 5L1
Canada

sales@certicom.com
TEL: 905-507-4220
FAX: 905-507-4230

CST Lab: NVLAP 200002-0
Security Builder® Government Solutions Edition (SBGSE)
(Software Version: 1.0.1)
(When operated in FIPS mode - for Windows and WinCE)

Validated to FIPS 140-2

Certificate

Security Policy
Software05/13/2003
06/30/2003
03/06/2009
Overall Level: 1

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Dell Optiplex GX1 (Windows 98)
Compaq iPAQ Pocket PC (WinCE)

-FIPS Approved algorithms: Triple-DES (Cert. #100); AES (Cert. #5); SHA-1 (Cert. #89); HMAC-SHA-1 (Cert. #89, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #160); MD5; DESX; HMAC-MD5

Multi-chip standalone

"Security Builder GSE is a standards-based cryptography toolkit that provides application developers with the sophisticated tools and flexibility needed to integrate encryption, digital signatures, and other security mechanisms into their applications. Security Builder provides the cryptographic core for a variety of Certicom products, including movianCrypt, movianVPN, SSL Plus, Trustpoint PKI products and toolkits and certificates, and WTLS Plus. Security Builder is also licensed to third party companies."
315Motorola, Inc.
1301 E. Algonquin Rd.
Schaumburg, IL 60196
USA

Phil Gemmato
TEL: 847-576-4707
FAX: 847-538-2770

CST Lab: NVLAP 100432-0
Motorola Gold Elite Gateway Secure Card (MGEG SC)
(Hardware Versions: HW CLN7637b and CLN7637c, FW R01.00.00, R01.03.07 and R01.04.02)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware05/13/2003
11/26/2003
12/03/2003
12/24/2003
04/13/2004
07/27/2004
Overall Level: 1

-Roles, Services, and Authentication: Level 2

-FIPS Approved algorithms: Triple-DES (Cert. #82); AES (Cert. #2)

-Other algorithms: DES (Cert. #151); SHA-1; DES-XL; DVI-XL; DVI-SPFL; DVP-XL; AES MAC (Cert #2, P25 AES OTAR, vendor affirmed)

Multi-chip embedded

"The MGEG Secure Card is a cPCI device which performs encryption and decryption for all voice traffic through the Motorola Gold Elite Gateway (MGEG)."
314SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

Hazem Hassan
TEL: 952-808-2372
FAX: 952-890-2726

CST Lab: NVLAP 200427-0
Model 330J with JCCOS Applet
(Hardware Version: P8WE5033AEV/024A181; Firmware Version: 2.0)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware04/24/2003
02/22/2005
Overall Level: 2

-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #144); SHA-1 (Cert. #130); RSA (singnature generation/verification PKCS#1 v1.5, vendor affirmed)

-Other algorithms: DES (Cert. #193); RSA (decryption)

Single-chip

"The Model 330J is SAFENET'S multi-application smart card, designed to the JavaCard v2.1.1 and Global Platform v2.0.1 specifications. The Model 330J smart card features SAFENET'S JCCOS operating system applet (Javabased Cryptographic Card Operating System). JCCOS is an advanced cryptographic applet that, when loaded onto a multi-application JavaCard, enables FIPS 140-2 Level 2 validation."
313Entrust, Inc.
1000 Innovation Drive
Ottawa, Ontario K2K 3E7
Canada

Entrust Sales

CST Lab: NVLAP 200017-0
Entrust Authority Security Toolkit for Java
(Software Version: 6.1)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Software03/28/2003
05/28/2014
Overall Level: 1

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Win XP SP1a, Win 2000 SP3, Win NT 4.0 SP 6a and WIN ME in single user mode running Sun JRE v1.2.2, 1.3.1 and 1.4.0, and IBM JRE v1.3

-FIPS Approved algorithms: Triple-DES (Cert. #140); Triple-DES MAC (Cert. #140, vendor affirmed); AES (Cert. #31); DSA (Cert. #73); ECDSA (vendor affirmed); SHA-1 (Cert. #125); HMAC-SHA-1 (Cert. #125, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #190); DES MAC (Cert. #190, vendor affirmed); CAST 128; IDEA; RC2; RC4; Rijndael 256; HMAC-MD5; CAST 128 MAC; IDEA MAC; MD2; MD5; Diffie-Hellman (key agreement); SPEKE; RSA (encryption/decryption)

Multi-chip standalone

"Entrust AuthorityTM Toolkits provide customers and partners with the ability to apply best-in-class security to almost any business application. These Toolkits provide a common set of services to permit developers to rapidly deploy applications that solve business problems without having to spend valuable development cycles developing these common services. Entrust Authority's standards-based, application programming interfaces (APIs) make it possible to implement a single enhanced Internet securityarchitecture across multiple applications and platforms. By minimizing the need for separate administration modules with every deployed application, these Toolkits provide a reduction in administrative duplication and help to reduce the cost to deploy across multiple platforms."
312Research In Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

Government Certifications Team
TEL: 519-888-7465 x2921
FAX: 519-886-4839

CST Lab: NVLAP 200017-0
BlackBerry Cryptographic Kernel
(Firmware Versions: 3.3 and 3.3.1)

Validated to FIPS 140-2

Certificate

Security Policy
Firmware03/28/2003
04/25/2003
05/02/2003
04/29/2004
08/24/2005
Overall Level: 1

-Tested: BlackBerry 5810 with the RIM Proprietary OS, Version 3.3.0

-FIPS Approved algorithms: Triple-DES (Cert. #167); SHA-1 (Cert. #147); HMAC-SHA-1 (Cert. #147, vendor affirmed); RSA (signature verification: PKCS#1, vendor affirmed)

-Other algorithms: N/A

Multi-chip standalone

"BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-toend solution. The BlackBerryTM Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerryTM."
311TLC-Chamonix, LLC
120 Village Square
Suite 11
Orinda, CA 94563
USA

Phil Smith
TEL: 877-479-4500
FAX: 877-639-3470

CST Lab: NVLAP 100432-0
Cranite Wireless Access Controller
(Software Versions: 2.0, 3.0, 3.0.5e and 3.0.5f)

Validated to FIPS 140-2

Certificate

Security Policy
Software03/20/2003
07/10/2003
03/29/2004
02/03/2005
02/21/2006
02/24/2006
03/10/2006
05/20/2008
Overall Level: 1

-EMI/EMC: Level 3
-Cryptographic Key Managements: Level 3


-Operational Environment: Tested as meeting Level 1 with RedHat Linux 7.0

-FIPS Approved algorithms: Triple-DES (Cert. #130); AES (Cert. #24); SHA-1 (Cert. #113); HMAC-SHA-1 (Cert. #113, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: MD5; RSA (key exchange)

Multi-chip standalone

"The Cranite Wireless® Access Controller is a cryptographic software system for wireless LANs that enforces network access rights, encrypts / decrypts authorized traffic, and provides seamless, secure mobility services to users as they mo ve across subnets. The Cranite Wireless Access Controller software installs onto a standard, enterprise-class hardware platform."
310Standard Networks, Inc.
344 South Yellowstone Drive
Madison, WI 53705
USA

Reid MacGuidwin
TEL: 608-227-6100

CST Lab: NVLAP 200427-0
MOVEit Crypto
(Software Versions: 1.0.1.0 and 1.1.0.0)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Software03/11/2003
03/20/2003
01/30/2004
Overall Level: 1

-Operational Environment: Tested as meeting Level 1 with Windows 2000 and RedHat Linux 9.0 (single user mode)

-FIPS Approved algorithms: AES (Cert. #30); SHA-1 (Cert. #124); HMAC-SHA-1 (Cert. #124, vendor affirmed)

-Other algorithms: MD5; HMAC-MD5

Multi-chip standalone

"MOVEit Crypto is a 32-bit compact dynamically linked library (DLL) that provides fast encryption services to applications running on Microsoft Windows operating systems. MOVEit Crypto is supported on Windows 95/98/ME/NT 4.0/2000/XP. MOVEit Crypto provides an API featuring NIST-approved AES encryption, SHA-1 hashing, and pseudo-random number generation algorithms. The easy-to-use programming interface allows applications to be written without special code for details like block size, padding mode, and so on. MOVEit Crypto is a member of the MOVEit security and file transfer product family."
309RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

Rohit Mathur
TEL: +61 7 3032 5220

CST Lab: NVLAP 200427-0
RSA BSAFE Crypto-C ME Toolkit Module
(Software Version: 1.7)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Software03/07/2003
10/01/2004
01/04/2008
10/16/2008
09/07/2010
03/28/2011
01/24/2013
02/12/2016
Overall Level: 1

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000 (single user mode)

-FIPS Approved algorithms: DSA (Cert. #72); Triple-DES (Cert. #135); AES (Cert. #26); SHA-1 (Cert. #121); RSA (PKCS #1, vendor affirmed); HMAC-SHA-1 (Cert. #121, vendor affirmed)

-Other algorithms: DES (Cert. #186); SHA-2 (256, 384, 512); MD2; MD5; HMAC-MD5; RC2; RC4; RC5; Diffie-Hellman (key agreement); RSA (encryption/decryption)

Multi-chip standalone

"The Crypto-C ME Module is RSA Security, Inc.’s cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors while offering great flexibility and choice by allowing developers to select only the algorithms needed in reduced code sizes. Its functionality includes a wide range of data encryption and signingalgorithms, including Triple-DES, the high-performing RC5, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
308Entrust, Inc.
1000 Innovation Drive
Ottawa, Ontario K2K 3E7
Canada

Entrust Sales

CST Lab: NVLAP 200017-0
Entrust Security Kernel Version 7.0
(Software Version: 7.0)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Software03/07/2003
05/28/2014
Overall Level: 2

-Roles and Services: Level 2*
-EMI/EMC: Level 3
-Key Management: Level 2*
-Operating System Security: Tested as meeting Level 2 with Microsoft Windows NT 4.0 with SP6a, TCSEC C3-2-rated on a Compaq ProLiant 7000 Server

*When operated in the FIPS mode

-FIPS Approved algorithms: Triple-DES (Cert. #6); AES (Cert. #10); HMAC-SHA-1 (Cert. #10, vendor affirmed); DSA/SHA-1 (Cert. #10); RSA (PKCS #1, vendor affirmed)

-Other algorithms: DES (Cert. #56); DES MAC; RC2; RC4; IDEA; MD5; MD2; RIPEMD-160; HMAC-MD5; HMAC-RIPEMD-160; CAST; CAST3; CAST5; Diffie-Hellman (key agreement); Ephemeral-Static Diffie-Hellman; ECDSA (vendor affirmed; non-compliant)

Multi-chip standalone

"The Kernel is a C++ class library of cryptographic functions bound together by a common object-oriented Application Programming Interface (API). Depending on the configuration and runtime environment of the Kernel, the algorithms may be implemented in software, hardware, or a combination of both. The industry standard Cryptoki API, as described in PKCS #11, is used as the internal interface to hardware-based cryptographic tokens. Decisions are made at runtime whether to perform operations via cryptoki or in software, based on a table that records the crypto capabilities of particular hardware devices. This table is built up at runtime by querying the actual token through Cryptoki."
307Symbol (Columbitech)
641 Alpha Drive
Pittsburgh, PA 15238
USA

Bill Forrest
TEL: 412-968-2200
FAX: 412-968-2269

CST Lab: NVLAP 100432-0
WTLS Cryptographic Module
(Software Versions: 1.2, 1.3.1 and 1.3.3)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Software03/07/2003
03/14/2003
03/20/2003
05/23/2003
03/30/2004
03/11/2005
09/12/2006
Overall Level: 1

-EMI/EMC: Level 3
-Design Assurance: Level 2
-Self Tests: Level 4
-Operating Environment: Tested as meeting Level 1 with Windows 2000
Windows XP
Windows NT4.0
Windows CE3.0

-FIPS Approved algorithms: Triple-DES (Cert. #134); AES (Cert. #25); SHA-1 (Cert. #120); HMAC-SHA-1 (Cert. #120, vendor affirmed); RSA (PKCS #1, vendor affirmed)

-Other algorithms: DES (Cert. #185); RSA (encrypt/decrypt); SHA-256; SHA-384; SHA-512; MD5; HMAC-MD5

Multi-chip standalone

"Symbol Technologies Inc is using the WTLS Cryptographic Module in the AirBEAM® Safe product, a software only VPN solution built on standards, installable today, without any proprietary adjustments, and extendable for any future needs and technologies. In summary, AirBEAM® Safe benefits include strong security framework, using an advanced architecture with PKI support, true end-to-end security, authentication outside the firewall; optimized wireless performance using advanced data compression; convenience of always-on connectivity and seamless roaming between different public networks, LAN/WLAN/GPRS. Supported clients; PPC 2002, Windows 2000/XP Supported servers: Windows 2000/NT 4.0"
306Lucent Technologies, Inc.
101 Crawfords Corner Road
Room 4D-218
Holmdel, NJ 07733
USA

Steve Reustle
TEL: 732-332-6281
FAX: 732-949-1373

CST Lab: NVLAP 200427-0
Brick 1000
(Hardware Versions: 1000, Part #300533882; Software Version: 6.0.554)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware03/07/2003Overall Level: 2

-Roles and Services: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #108); DSA (Cert. #62); SHA-1 (Certs. #96)

-Other algorithms: DES (Certs. #166); MD5; RC4; HMAC-SHA-1; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Brick 1000 is a carrier-grade integrated firewall and virtual private network(VPN) gateway appliance specifically designed for web/application data centersecurity, large-scale managed security services, and remote access VPN services.Called the Brick because of its rugged, reliable design, this is an ideal platform forservice providers seeking wide scalability, ready manageability, and industryleadingperformance."
305Lucent Technologies, Inc.
101 Crawfords Corner Road
Room 4D-218
Holmdel, NJ 07733
USA

Steve Reustle
TEL: 732-332-6281
FAX: 732-949-1373

CST Lab: NVLAP 200427-0
Brick 1000 with Encryption Accelerator Card
(Hardware Versions: 1000, Part #300533890; Software Version: 6.0.554)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware03/07/2003Overall Level: 2

-Roles and Services: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #108 and #111); DSA (Cert. #62); SHA-1 (Certs. #16 and #96)

-Other algorithms: DES (Certs. #43 and #166); MD5; RC4; HMAC-SHA-1; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Brick 1000 is a carrier-grade integrated firewall and virtual private network(VPN) gateway appliance specifically designed for web/application data centersecurity, large-scale managed security services, and remote access VPN services.Called the Brick because of its rugged, reliable design, this is an ideal platform forservice providers seeking wide scalability, ready manageability, and industryleadingperformance."
304Lucent Technologies, Inc.
101 Crawfords Corner Road
Room 4D-218
Holmdel, NJ 07733
USA

Steve Reustle
TEL: 732-332-6281
FAX: 732-949-1373

CST Lab: NVLAP 200427-0
Brick 201
(Hardware Versions: 201, Part #300546884; Software Version: 6.0.554)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware03/07/2003Overall Level: 2

-Roles and Services: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #108); DSA (Cert. #62); SHA-1 (Certs. #96)

-Other algorithms: DES (Certs. #166); MD5; RC4; HMAC-SHA-1; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Brick 201 is a carrier-grade integrated firewall and virtual private network (VPN) gateway appliance specifically designed for web/application data center security, large-scale managed security services, and remote access VPN services. Called the Brick because of its rugged, reliable design, this is an ideal platform for service providers seeking wide scalability, ready manageability, and industryleading performance."
303Lucent Technologies, Inc.
101 Crawfords Corner Road
Room 4D-218
Holmdel, NJ 07733
USA

Steve Reustle
TEL: 732-332-6281
FAX: 732-949-1373

CST Lab: NVLAP 200427-0
Brick 201 with Encryption Accelerator Card
(Hardware Versions: 201, Part #300546892; Software Version: 6.0.554)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware03/07/2003Overall Level: 2

-Roles and Services: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #108 and #111); DSA (Cert. #62); SHA-1 (Certs. #16 and #96)

-Other algorithms: DES (Certs. #43 and #166); MD5; RC4; HMAC-SHA-1; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Brick 201 is a carrier-grade integrated firewall and virtual private network (VPN) gateway appliance specifically designed for web/application data center security, large-scale managed security services, and remote access VPN services. Called the Brick because of its rugged, reliable design, this is an ideal platform for service providers seeking wide scalability, ready manageability, and industryleading performance."
302nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801
USA

sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0
nForce 150 SCSI and nForce 400 SCSI
(Hardware Versions: nC3022W-150 and nC3022W-400, Build Standard D; Firmware Versions: 2.0.0, 2.0.2, 2.0.4 and 2.0.5)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware03/07/2003
05/09/2003
01/23/2004
Overall Level: 2

-Roles, Services, and Authentication: Level 2 or 3*
-Cryptographic Module Ports and Interfaces: Level 2 or 3*
-Cryptographic Key Management: Level 2 or 3*
*Level Conditional on configuration as per Security Policy

-FIPS Approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; EI-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip standalone

"The nCipher nForce SSL family of secure e-commerce accelerators improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, ecommerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging."
301nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801
USA

sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0
nForce 150 PCI and nForce 300 PCI
(Hardware Versions: nC3022P-150 and nC3022P-300, Build Standard E; Firmware Versions: 2.0.0, 2.0.2, 2.0.4 and 2.0.5)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware03/07/2003
05/09/2003
01/23/2004
Overall Level: 2

-Roles, Services, and Authentication: Level 2 or 3*
-Physical Security: Level 3

-Cryptographic Module Ports and Interfaces: Level 2 or 3*

-Cryptographic Key Management: Level 2 or 3*
*Level Conditional on configuration as per Security Policy

-FIPS Approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; EI-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip embedded

"The nCipher nForce SSL family of secure e-commerce accelerators improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, ecommerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging."
300nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801
USA

sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0
nShield F3 SCSI, nShield F3 Ultrasign SCSI and nShield F3 Ultrasign 32 SCSI and payShield
(Hardware Versions: nC4032W-150, nC4032W-400 and nC4132W-400, Build Standard DP; Firmware Versions: 2.0.0, 2.0.2, 2.0.4 and 2.0.5)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware03/07/2003
05/09/2003
01/23/2004
Overall Level: 3

-FIPS Approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; EI-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip standalone

"The nCipher nShield "SEE Ready" range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
299nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801
USA

sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0
nShield F2 SCSI, nShield F2 Ultrasign SCSI and nShield F2 Ultrasign 32 SCSI
(Hardware Versions: nC4022W-150, nC4022W-400 and nC4122W-400, Build Standard DR; Firmware Versions: 2.0.0, 2.0.2, 2.0.4 and 2.0.5)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware03/07/2003
05/09/2003
01/23/2004
Overall Level: 2

-Roles, Services, and Authentication: Level 2 or 3*
-EMI/EMC: Level 3
-Cryptographic Module Ports and Interfaces: Level 2 or 3*
-Cryptographic Key Management: Level 2 or 3*
*Level conditional on configuration as per Security Policy

-FIPS Approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; EI-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip standalone

"The nCipher nShield "SEE Ready" range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
298nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801
USA

sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0
nShield F2 PCI, nShield F2 Ultrasign PCI and nShield F2 Ultrasign 32 PCI
(Hardware Versions: nC4022P-150, nC4022P-300 and nC4122P-300, Build Standard ER; Firmware Versions: 2.0.0, 2.0.2, 2.0.4 and 2.0.5)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware03/07/2003
05/09/2003
01/23/2004
Overall Level: 2

-Roles, Services, and Authentication: Level 2 or 3*
-Physical Security: Level 3

-Cryptographic Module Ports and interfaces: Level 2 or 3*

-Cryptographic Key Management: Level 2 or 3*
*Level conditional on configuration as per Security Policy

-FIPS Approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; EI-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip embedded

"The nCipher nShield "SEE Ready" range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
297nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801
USA

sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0
nShield F3 PCI, nShield F3 Ultrasign PCI and nShield F3 Ultrasign 32 PCI
(Hardware Versions: nC4032P-150, nC4032P-300 and nC4132P-300, Build Standard ER; Firmware Versions: 2.0.0, 2.0.2, 2.0.4 and 2.0.5)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware03/07/2003
05/09/2003
01/23/2004
Overall Level: 3

-FIPS Approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; EI-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip embedded

"The nCipher nShield "SEE Ready" range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
296Hewlett Packard®, Enterprise.
10810 Farnam Drive OMA01
Omaha, NE 68154
USA

Theresa Conejero
TEL: 408-447-2964
FAX: 408-447-5525

CST Lab: NVLAP 100432-0
Atalla Cryptographic Engine (ACE)
(ACE Product 524103 Rev. F, ACE Hardware 429728-006 Rev. H, Loader Software 523044-004 Rev. D)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware03/07/2003
03/18/2003
09/19/2011
01/25/2016
Overall Level: 3

-Physical Security: Level 3 +EFP
-Self Tests: Level 4

-FIPS Approved algorithms: Triple-DES (Cert. #128); SHA-1 (Cert. #112); Triple-DES MAC (Cert. #128, vendor affirmed)

-Other algorithms: MD5; RIPEMD; RSA (PKCS#1 Version 2 for decryption)

Multi-chip embedded

"The Atalla Cryptographic Engine (ACE) is a multichip module that provides state of the art, secure cryptographic processing. The ACE features secure key management and storage capabilities, and also provides high performance Triple DES processing and Public Key Infrastructure support required to support a broad range of payment and authentication applications. The ACE is used in the Atalla A10100, A9100, and A8100 Network Security Processors Series products."
295nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801
USA

sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0
nCipher 800 PCI and nCipher 1600 PCI
(Hardware Versions: nC3033-800 and nC3033-1K6, Build Standard C; Firmware Versions: 2.0.1-2 and 2.0.5-2)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware03/07/2003
01/23/2004
Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert.#109); Triple-DES MAC (Cert. #109, vendor affirmed); AES (Cert. #15); DSA (Cert. #60); SHA-1 (Cert. #95); HMAC-SHA-1 (Cert. #95, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #173); DES MAC (Cert. #173); ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD 160); SHA-256; SHA-384; SHA-512; RIPEMD 160; EI-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; MD2; MD5; SEED; KCDSA; HSA 160

Multi-chip embedded

"The nCipher nForce II secure e-Commerce SSL family of secure ecommerce accelerators are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nForce modules: nForce 800, nForce 1600 are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
294nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801
USA

sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0
nCipher 800 PCI and nCipher 1600 PCI
(Hardware Versions: nC3033-800 and nC3033-1K6, Build Standard C; Firmware Versions: 2.0.1-3 and 2.0.5-3)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware03/07/2003
01/23/2004
Overall Level: 3

-FIPS Approved algorithms: Triple-DES (Cert.#109); Triple-DES MAC (Cert. #109, vendor affirmed); AES (Cert. #15); DSA (Cert. #60); SHA-1 (Cert. #95); HMAC-SHA-1 (Cert. #95, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #173); DES MAC (Cert. #173); ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD 160); SHA-256; SHA-384; SHA-512; RIPEMD 160; EI-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; MD2; MD5; SEED; KCDSA; HSA 160

Multi-chip embedded

"The nCipher nForce II secure e-Commerce SSL family of secure ecommerce accelerators are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nForce modules: nForce 800, nForce 1600 are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
293Aladdin Knowledge Systems, Ltd.
15 Beit Oved Street
Tel Aviv 61110
Israel

Leedor Agam
TEL: +972 3636 2222
FAX: +972 3537 5796

CST Lab: NVLAP 200556-0
eToken PRO 32K
(Hardware Version: 4.2.5.4)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware02/13/2003Overall Level: 2

-Roles and Services: Level 3
-EMI/EMC: Level 3
-Key Management: Level 3
-Module Interfaces: Level 3
-Software Security: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #153); Triple-DES MAC; SHA-1 (Cert. #118); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #199); DES MAC; RSA (encryption/decryption, PKCS#1)

Multi-chip standalone

"The eToken PRO is a fully portable USB device the size of an average house key offering a cost-Effective method for authenticating users when accessing a network and for securing electronic business applications. The eToken PRO can generate and store users' personal credentials, such as private keys, passwords and digital certificates, inside the protected environment of the token itself. Users' private keys never leave the token."
292Aladdin Knowledge Systems, Ltd.
15 Beit Oved Street
Tel Aviv 61110
Israel

Leedor Agam
TEL: +972 3636 2222
FAX: +972 3537 5796

CST Lab: NVLAP 200556-0
eToken PRO 32K HD
(Hardware Version: 4.2.5.4.HD)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware02/13/2003Overall Level: 3

-FIPS Approved algorithms: Triple-DES (Cert.#153); Triple-DES MAC; Triple-SHA-1 (Cert. #118); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #199); DES MAC; RSA (encryption/decryption, PKCS#1)

Multi-chip standalone

"The eToken PRO is a fully portable USB device the size of an average house key offering a cost-effective method for authenticating users when accessing a network and for securing electronic business applications. The eToken PRO can generate and store users' personal credentials, such as private keys, passwords and digital certificates, inside the protected environment of the token itself. Users' private keys never leave the token."
291Aladdin Knowledge Systems, Ltd.
15 Beit Oved Street
Tel Aviv 61110
Israel

Leedor Agam
TEL: +972 3636 2222
FAX: +972 3537 5796

CST Lab: NVLAP 200556-0
eToken PRO 16K
(Hardware Version: 4.1.5.4)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware02/13/2003Overall Level: 2

-Roles and Services: Level 3
-EMI/EMC: Level 3
-Key Management: Level 3
-Module Interfaces: Level 3
-Software Security: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #152); Triple-DES MAC; SHA-1 (Cert. #118); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #198); DES MAC; RSA (encryption/decryption, PKCS#1)

Multi-chip standalone

"The eToken PRO is a fully portable USB device the size of an average house key offering a cost-Effective method for authenticating users when accessing a network and for securing electronic business applications. The eToken PRO can generate and store users' personal credentials, such as private keys, passwords and digital certificates, inside the protected environment of the token itself. Users' private keys never leave the token."
290Aladdin Knowledge Systems, Ltd.
15 Beit Oved Street
Tel Aviv 61110
Israel

Leedor Agam
TEL: +972 3636 2222
FAX: +972 3537 5796

CST Lab: NVLAP 200556-0
eToken PRO 16K HD
(Hardware Version: 4.1.5.4.HD)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware02/13/2003Overall Level: 3

-FIPS Approved algorithms: Triple-DES (Cert. #152); Triple-DES MAC; SHA-1 (Cert. #118); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #198); DES MAC; RSA (encryption/decryption, PKCS#1)

Multi-chip standalone

"The eToken PRO is a fully portable USB device the size of an average house key offering a cost-effective method for authenticating users when accessing a network and for securing electronic business applications. The eToken PRO can generate and store users' personal credentials, such as private keys, passwords and digital certificates, inside the protected environment of the token itself. Users' private keys never leave the token."
289RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

Rohit Mathur
TEL: +61 7 3032 5220

CST Lab: NVLAP 200427-0
RSA BSAFE® Crypto-J Toolkit Module
(Software Version: 3.3.4.2)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Software02/04/2003
10/01/2004
12/14/2004
12/16/2004
01/04/2008
10/16/2008
09/07/2010
03/28/2011
01/24/2013
02/12/2016
Overall Level: 1

-Operating System Security: Tested as meeting Level 1 with Windows NT SP 6 (single user mode), JVM v1.3.1, JRE v1.3.1

-FIPS Approved algorithms: Triple-DES (Cert. #112); AES (Cert. #45); SHA-1 (Cert. #97); DSA (Cert. #63); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #168); DESX; RC2; RC4; RC5; MD2; MD5; HMAC-SHA-1 (Cert #97); Diffie-Hellman (key agreement); Base64

Multi-chip standalone

"The Crypto-J Module is a Java-language software development kit that allows software and hardware developers to incorporate encryption technologies directly into their products. The tested Crypto-J Module is a Java-language API available as a Java ARchive, or JAR, file."
288Tumbleweed Communications Corp.
700 Saginaw Drive
Redwood City, CA 94063
USA

Ann Smith
TEL: 703-248-6931
FAX: 703-248-6932

CST Lab: NVLAP 100432-0
ValiCert Security Module
(Software Version: SW 1.0)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Software02/04/2003
06/10/2004
Overall Level: 1

-Operating System Security: Tested as meeting Level 1 with Microsoft Windows 2000 Server, SUN Solaris 2.8 (single user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #83); SHA-1 (Cert. #72); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #72, vendor affirmed)

-Other algorithms: DES (Cert. #144); MD2; MD5; RC2; RC4; RSA encryption (key distribution)

Multi-chip standalone

"The ValiCert VA Toolkit 4.3 is built on our FIPS 140-1 cryptographic module. The 4.3 toolkit release has several new APIs and features. The library is also used within ValiCert Desktop Validator, Server Validators, Enterprise Validation Server, Document Authority, and Secure Transport Products. New features in VA Toolkit 4.3 include New APIs for fetching CRLs; Extended APIs for Certificate-Store ; Extended support for CRLs ; JITC compliance features ; TLS ; SSL Tunneling via Proxy Servers. The 4.3 release and prior releases support OCSP, SCVP, CRL, CRLdp protocols over HTTP, and HTTPS. The VA Toolkit 4.3 supports Windows 98/ NT/2000, Solaris 5.6/5.7/5.8, HP UX 11.0, and AIX 4.3. The Toolkit works along with FIPS 140-1 Level 3 and Level 4 validated hardware devices: e.g. nCipher, Baltimore, and Chrysalis-ITS hardware signing / encryption modules. The toolkit is also tested for interoperability with various PKI vendors: AOL/Netscape, Sun/Iplanet, Entrust, Baltimore, Verisign, Computer Associates and RSA Security products."
287Mykotronx, Inc.
357 Van Ness Way
Suite 200
Torrance, CA 90501
USA

B. Yamamoto
TEL: 310-533-8100

CST Lab: NVLAP 100432-0
82A FORTEZZA Crypto Card
(Hardware Versions: HW PN 650000-3 6, FW 3)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware02/04/2003Overall Level: 2

-EMI/EMC: Level 3

-FIPS Approved algorithms: DSA (Cert. #58); SHA-1 (Cert. #86); Skipjack (Certs. #7 and #10)

-Other algorithms: KEA

Multi-chip standalone

"The Mykotronx 82A FORTEZZA Crypto Card provides cryptographic security andauthentication methods in a PC Card hardware token for government and commercial applications. Self- contained, standardized, and easily integrated, the 82A FORTEZZA Crypto Card enables portable security, with onboard storage of user credentials, keys, and digital certificates."
286Novell, Inc.
1800 South Novell Place
Provo, UT 84606
USA

Developer Support
TEL: 801-861-7000

CST Lab: NVLAP 200002-0
Novell International Cryptographic Infrastructure (NICI)
(Software Version: 2.4.0)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Software01/17/2003
01/22/2003
01/31/2006
Overall Level: 2

-EMI/EMC: Level 3
-Operating System Security: Tested as meeting Level 2 with Sun SPARC Ultra-10 running Sun Solaris 8 Operating System (EAL 4 configuration)

-FIPS Approved algorithms: Triple-DES (Cert. #120); AES (Cert. #13); DSA (Cert. #66); SHA-1 (Cert. #104); RSA (signature generation/verification: ANSI X9.31, vendor affirmed); HMAC-SHA-1 (Cert. #104, vendor affirmed)

-Other algorithms: DES (Cert. #175); Diffie-Hellman (key agreement); RSA (encryption/decryption, PKCS#1); RSA (key-distribution); MD2; MD4; MD5; HMAC-MD5; RC2; RC4; RC5; CAST128; Password Based Encryption (PKCS#12); UNIX Crypt; LMdigest (CIFS); TLS-KeyExchange-RSASign; NetWarePassword (Novell)

Multi-chip standalone

"Novell International Cryptographic Infrastructure (NICI) for Solaris is a cryptographic module providing keys, algorithms, various key storage and usage mechanisms, and a large-scale key management system. Supported Novell services utilizing NICI includes eDirectory, Novell Modular Authentication Service (NMAS), Public Key Infrastructure Services, Novell SecretStore, and TLS/SSL."
285M/A Com, Inc.
221 Jefferson Ridge Parkway
Lynchburg, VA 24501
USA

Greg Farmer
TEL: 434-455-6600
FAX: 434-455-6851

CST Lab: NVLAP 100432-0
Jaguar 700P/Pi
(Hardware Versions: HW P/Ns [HA8ESE, HA8ETE, HA8MSE, HA8MTE, HA8SSE, HA8STE, HA8TSE and HA8TTE], FW i6r06a01.dsp)

Revoked
DES Transition Ended

Security Policy
Hardware01/17/2003
02/12/2003
Overall Level: 1

-Other algorithms: DES (Cert. #141)

Multi-chip standalone

"Portable, 64-bit Encryption, EDACS JAGUAR 700P, 800MHZ, 128 SYSTEMS/GROUPS, DATA ENABLED EDACS radio. System and Scan version,with Intrinsically Safe (IS), and Immersion options."
284NetScreen Technologies, Inc.
805 11th Avenue
Bldg. 3
Sunnyvale, CA 94089
USA

Lee Klarich
TEL: 408-543-8209
FAX: 408-543-8200

CST Lab: NVLAP 100432-0
NetScreen-204 and NetScreen-208
(Hardware Versions: PN's NS-204 and NS-208, Version 0110(0); Software Version: ScreenOS 3.1.0)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware01/17/2003
02/21/2003
06/03/2003
Overall Level: 2

-Software Security: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #49 and #118); SHA-1(Certs. #44 and #103); DSA (Cert. #44); AES (Certs. #11 and #12); HMAC-SHA-1 (Cert. #44, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Certs. #114 and #174); RC2; RC4; MD5; RSA (Encryption and Decryption); Diffie-Hellman (key agreement)

Multi-chip standalone

"NetScreen-204 and NetScreen-208 are purpose-built internet security appliances that deliver firewall, VPN, and traffic shaping optimized for the most demanding environments such as medium and large enterprise offices, e-business sites, data centers, and carrier infrastructures."
283Simple Access Inc.
7755 Boul. Henri Bourassa Ouest
Saint-Laurent, Québec H4S 1P7
Canada

Gatéan Haché
TEL: 514-335-7676
FAX: 514-335-2099

CST Lab: NVLAP 200017-0
SSL-100 SDK Accelerator
(Hardware Version: Revision 2.0.1.4a; Firmware Version: 1.1B)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware01/17/2003Overall Level: 2

-FIPS Approved algorithms: Triple-DES (Cert. #122); DSA (Cert. #67); SHA-1 (Cert. #106); RSA (PKCS#1, vendor affirmed)

-Other algorithms: MD5; Diffie-Hellman (key agreement)

Multi-chip embedded

"The Simple Access SSL-100 SDK is a high performance drop-in accelerator card that processes up to 4000 1024-bit RSA keys/second. A single SSL-100 SDK will allow a Web server to achieve sustained throughput of up to 1600 new SSL connections per second using 1024-bit operands. The SSL-100 SDK offloads SSL processing and the huge cryptographic computations from the server, freeing the CPU to respond immediately to transactions. This solution eliminates dropped connections, failed transactions and slow response times thereby maintaining user loyalty to transactional Web sites."