CMVP Main Page

Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules

Historical, 1995-1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016
All

Last Updated: 7/06/2016

It is important to note that the items on this list are cryptographic modules. A module may either be an embedded component of a product or application, or a complete product in-and-of-itself. If the cryptographic module is a component of a larger product or application, one should contact the product or application vendor in order to determine how the product utilizes the embedded validated cryptographic module. There may be a larger number of security products or applications available which use an embedded validated cryptographic module, than the number of modules which are found in this list. In addition, other vendors, who are not found in this list, may incorporate a validated cryptographic module from this list embedded into their own products.

When selecting a module from a vendor, verify that the module is either the product or application itself (e.g. VPN, SmartCard, USB memory token, etc.) or the module is embedded in a larger product or application (e.g. toolkit, etc.). If the module is embedded in a product or application, ask the product or application vendor to provide a signed letter or statement affirming that the unmodified validated cryptographic module is integrated in the solution; the module provides all the cryptographic services in the solution; and provide reference to the modules validation certificate number from this listing.

NOTE1: Module descriptions are provided by the module vendors and have not been verified for accuracy by the CMVP. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-Approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (e.g. allowed or non-FIPS-Approved algorithms) have not been tested through the CMVP.

NOTE2: The operator of a cryptographic module is responsible for ensuring that the algorithms and key lengths are in compliance with the requirements of NIST SP 800-131A.

NOTE3: All questions regarding the implementation and/or use of any module located on the CMVP module validation lists should first be directed to the appropriate vendor point-of-contact (listed for each entry).

Please contact the CMVP if any errors are discovered or comments with suggestions for improvement of the validation listings.

Cert#Vendor / CST LabCryptographic ModuleModule
Type
Val.
Date
Level / Description
599Blue Ridge Networks
14120 Parke Long Court
Suite 101
Chantilly, VA 20151
USA

Nancy Canty
TEL: 703-633-7331
FAX: 703-631-9588

CST Lab: NVLAP 200416-0
BorderGuard 5000
(Hardware Versions: BorderGuard 5100, 5200, 5400, 5500 and 5600; Firmware Version: DPF1 V7.1)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware12/08/2005Overall Level: 2

-FIPS Approved algorithms: AES (Certs. #173 and #116); Triple-DES (Certs. #275 and #57); SHS (Certs. #258 and #49); HMAC (Certs. #21 and #22)

-Other algorithms: DES (Certs. #271 and #119); DES MAC (Cert. #119; vendor affirmed); IDEA; HMAC-MD5; MD5; RSA (non-compliant); RSA BSAFE Crypto-C RNG; HiFn 7855 RNG; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength for Models 5100, 5200 and 5400; and between 112 and 150 bits of encryption strength for Models 5500 and 5600; non-compliant less than 112-bits of encryption strength)

Multi-chip standalone

"The BorderGuard hardware models 5100, 5200, 5400, 5500 and 5600 version DPF1 7.1 firmware are standalone hardware security appliances (routers) used to secure Internet traffic. The cryptographic module consists of firmware running on a dedicated hardware device. The module is a multi-chip-standalone device."
598Mobile Armor, LLC
400 South Woods Mill Rd.
Chesterfield, MO 63017
USA

Bryan Glancey
TEL: 636-449-0239
FAX: 314-205-2303

Chand Vyas
TEL: 636-449-0239
FAX: 314-205-2303

CST Lab: NVLAP 200427-0
Mobile Armor Warp Drive
(Software Version: 2.1.0.0)

Validated to FIPS 140-2

Certificate

Security Policy
Software12/01/2005Overall Level: 1

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional Service Pack 2 (in single user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #349); AES (Cert. #267); SHS (Cert. #346); HMAC (Cert. #81)

-Other algorithms: N/A

Multi-chip standalone

"Mobile Armor's highly optimized Microsoft Windows Certified Driver for Windows XP provides reliable high speed strong cryptographic services for systems running Mobile Armor's DataArmor Enterprise Mobile Data Protection software."
592High Density Devices AS
Vestre Strandgate 26
Kristiansand N-4611
Norway

Aage Kalsaeg
TEL: +47 38 10 44 80
FAX: +47 38 10 44 99

CST Lab: NVLAP 100432-0
SecureD v.1.6
(Hardware Version: HW P/N SecureD v.1.6 Version 1.6.4; Firmware Version: 1.6.1)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware12/01/2005
01/05/2007
Overall Level: 3

-FIPS Approved algorithms: Triple-DES (Cert. #324); AES (Cert. #174)

Multi-chip embedded

"SecureD is a hardware based encryption device that offers optimal, fully integrated, protection for stored data in IDE data bus based computer systems. SecureD operates fully transparent at the speed of ATA-6 AT API. SecureD is using AES 128/192/256 bits encryption/decryption, and is 100% operating system independent. No SW is installed. Ideal for encryption of disks in Desktop environment, Laptop, and USB/Firewire connected disks."
581Fortress™ Technologies, Inc.
2 Technology Park Dr
Westford, MA 01886-3140
USA

Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0
AirFortress™ Wireless Security Gateway
(Hardware Version: Model AF2100; Firmware Versions: 2.5 and 2.1.0.AFG1178ag)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware10/27/2005
04/26/2007
03/26/2010
05/17/2013
Overall Level: 2

-FIPS Approved algorithms: AES (Cert. #14); Triple-DES (Cert. #107); SHS (Cert. #316); HMAC (Cert. #62)

-Other algorithms: DES (Cert. #23); Diffie-Hellman (key agreement; key establishment methodology provides 56 bits of encryption strength; non-compliant); MD5; RSA (non-compliant)

Multi-chip standalone

"The AirFortress ™ Wireless Security Gateway is an electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a production-quality hardware platform and deployable on any LAN or WAN, the AF Gateway provides encryption, data integrity checking, authentication, access control, and data compression."
573Pitney Bowes, Inc.
35 Waterview Drive
Shelton, CT 06484
USA

Douglas Clark
TEL: 203-924-3500
FAX: 203-924-3406

CST Lab: NVLAP 200427-0
Pitney Bowes iButton Postal Security Device (PSD)
(Hardware Version: DS1955B PB2 - 2.11)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware09/20/2005Overall Level: 3

-FIPS Approved algorithms: Triple-DES (Cert. #185); SHS (Cert. #167); DSA (Cert. #90); Triple-DES MAC (Cert. #185, vendor affirmed)

-Other algorithms: DES (Cert. #222); RSA (PKCS#1, key wrapping); RSA (OAEP, key wrapping)

Multi-chip standalone

"The Pitney Bowes iButton Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP). It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds and the production of postage meter indicia in a variety of Pitney Bowes Metering products. The PSD has been designed to support international postal markets and their evolving requirements for digital indicia."
570Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

Tim Fox
TEL: +44 1844 201800
FAX: +44 1844 202170

CST Lab: NVLAP 200002-0
Secure Generic Sub-System (SGSS), Version 3.2
(Hardware Versions: 1213B130, Rev 2 and 1213D130, Rev 3a; Software Version: 2.0.2)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware09/07/2005
10/13/2005
Overall Level: 3

-FIPS Approved algorithms: DSA/SHS (Cert. #24); RSA (Cert. #53)

Multi-chip embedded

"The Secure Generic Sub-System (SGSS) is a multi-chip embedded module used to provide secure cryptographic resources to a number of products in the Thales e-Security portfolio. This includes the Datacryptor 2000 family, WebSentry family, HSM 8000 family, P3CM family, PaySentry, 3D Security Module and SafeSign Crypto Module. The SGSS contains a secure bootstrap and authenticates application loading using the Digital Signature Algorithm (DSA) and the RSA algorithm."
561SPYRUS, Inc.
2355 Oakland Road
Suite 1
San Jose, CA 95131
USA

Bill Bialick
TEL: 410-964-6400
FAX: 410-964-5154

CST Lab: NVLAP 200017-0
LYNKS Privacy Card
(Hardware Version: 2.0; Firmware Version: 1.c)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware07/29/2005Overall Level: 2

-FIPS Approved algorithms: Skipjack (Cert. #1); DSA/SHA-1 (Cert. #1)

-Other algorithms: DES (Cert. #50); RSA (non-compliant); Triple-DES; Diffie-Hellman (key agreement)); MD5; KEA

Multi-chip standalone

"The SPYRUS family of LYNKS Privacy Card tokens provides high performance, high assurance cryptographic processing in a personal, portable PC card form factor. The LYNKS Privacy Card product enables security- critical capabilities such as user authentication, message privacy and integrity, authentication, and secure storage in rugged, tamper-evident hardware."
557Telkonet Communications, Inc.
20374 Seneca Meadows Pkwy
Germantown, MD 20876-7004
USA

Jill Parlett
TEL: 410-627-3994
FAX: 240-912-1839

CST Lab: NVLAP 200416-0
Telkonet G3 Series iBridge and Telkonet G3 Series eXtender
(Hardware Versions: iBridge: IB8000, IB8001, IB8011, IB8200, IB8201, IB8211; eXtender: X7000, X7001, X7011, X7200, X7201, X7211; Firmware Versions: 2.12, 2.41 and 2.53)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware07/25/2005
04/04/2006
08/29/2007
Overall Level: 2

-FIPS Approved algorithms: AES (Cert. #223)

-Other algorithms: RSA (PKCS#1, key wrapping, key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5

Multi-chip standalone

"The Telkonet system uses power line communications (PLC) technology to deliver broadband internet to a building's existing electrical wiring. The system consists of four components: The Telkonet Gateway, Telkonet iBridge, Telkonet eXtender and Telkonet Coupler."
553Telkonet Communications, Inc.
20374 Seneca Meadows Pkwy
Germantown, MD 20876-7004
USA

Jill Parlett
TEL: 410-627-3994
FAX: 240-912-1839

CST Lab: NVLAP 200416-0
Telkonet G3 Series Gateway
(Hardware Versions: G3001 and G3201; Firmware Versions: GAF4.1.0, GAF4.2.0 and GAF4.2.1)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware06/27/2005
07/07/2005
03/29/2006
08/29/2007
Overall Level: 2

-FIPS Approved algorithms: AES (Cert. #223)

-Other algorithms: RSA (PKCS#1, key wrapping, key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5

Multi-chip standalone

"The Telkonet system uses power line communications (PLC) technology to deliver broadband internet to a building's existing electrical wiring. The system consists of four components: The Telkonet Gateway, Telkonet iBridge, Telkonet eXtender and Telkonet Coupler."
550Priva Technologies, Inc.
1054 S. De Anza Blvd.
Suite 201
San Jose, CA 95129
USA

William Sibert
TEL: 312-560-5317
FAX: 208-330-3470

CST Lab: NVLAP 100432-0
Priva Technologies Cleared IC
(Hardware Version: P/N PC1002SC-2 Version 3.0; Firmware Version: 4.0)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware06/09/2005Overall Level: 3

-FIPS Approved algorithms: Triple-DES (Cert. #299)

Single-chip

"This tamper protected custom integrated circuit provides secure cryptographic and multi-factor authentication services, including encryption/decryption, secure transactions, data verification, key storage, and further key management and non-repudiation functions as part of the Priva Technologies Cleared Security Platform."
538Rockwell Collins, Inc.
400 Collins Road NE
Cedar Rapids, IA 52498
USA


TEL: 319-295-5997

CST Lab: NVLAP 200002-0
Common Crypto Circuit Card Assembly
(Hardware Version: 944-2541-002; Software Version: 091-3186-001)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware05/10/2005Overall Level: 1

-Physical Security: Level 2
-Design Assurance: Level 2

-FIPS Approved algorithms: AES (Cert. #169)

-Other algorithms: Serpent; Twofish; Triple-DES

Multi-chip embedded

"The Common Crypto Circuit Card Assembly is a module designed for use in Link 16 communication platforms. The module can be used in an external cryptographic application or embedded in an internal application. The module hosts four commercial cryptographic algorithms for data encryption/decryption. The algorithms are stored in memory. One of the four algorithms is selected for use and loaded. The module accepts up to eight keys which are externally generated and loaded. The AES algorithm operates in a FIPS-approved mode."
521Communication Devices, Inc.
#1 Forstmann Court
Clifton, NJ 07011
USA

Donald Snook
TEL: 973-772-6997
FAX: 973-772-0740

CST Lab: NVLAP 200002-0
Port Authority 88
(Hardware Version: 01-03-0780; Firmware Version: 2.15)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware04/07/2005Overall Level: 2

-Roles, Services, and Authentication: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #297); Triple-DES MAC (Cert. #297, vendor affirmed)

Multi-chip standalone

"The Port Authority 88 is designed to protect firewall/router console port access. The device was designed to overcome the weaknesses of RADIUS and TACACS+ for remote access authentication. The Port Authority 88 stores its own database of up to 150 users right on board. The Port Authority 88 supports speeds up to 115.2 Kbps and has a built in V.34 internal modem. Full Triple-DES encryption is supported."
520Communication Devices, Inc.
#1 Forstmann Court
Clifton, NJ 07011
USA

Donald Snook
TEL: 973-772-6997
FAX: 973-772-0740

CST Lab: NVLAP 200002-0
Port Authority 44
(Hardware Version: 01-03-0782; Firmware Version: 2.15)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware04/07/2005Overall Level: 2

-Roles, Services, and Authentication: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #297); Triple-DES MAC (Cert. #297, vendor affirmed)

Multi-chip standalone

"The Port Authority 44 is designed to protect firewall/router console port access. The device was designed to overcome the weaknesses of RADIUS and TACACS+ for remote access authentication. The Port Authority 44 stores its own database of up to 150 users right on board. The Port Authority 44 supports speeds up to 115.2 Kbps and has a built in V.34 internal modem. Full Triple-DES encryption is supported."
513RELM Wireless Corporation
7100 Technology Drive
West Melbourne, FL 32904
USA

Jim Spence
TEL: 785-856-1300
FAX: 785-856-1302

CST Lab: NVLAP 100432-0
DPHx Radio with LZA0577 Cryptographic Module
(Hardware Versions: P/N DPHX5102X Versions 110504, 120104, 040805, 052005, 011606 and 030206; Firmware Versions: 722-05058-0000, 722-05059-0000, 722-05060-0000, 722-05061-0000)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware03/15/2005
04/20/2005
06/06/2005
01/31/2006
03/29/2006
Overall Level: 1

-FIPS Approved algorithms: AES (Cert. #195); RSA (Cert. #31); SHA-1 (Cert. #274)

-Other algorithms: DES (Cert. #280); NDRNG

Multi-chip standalone

"The DPHx Radio with LZA0577 Cryptographic Module is a public safety radio that provides secure, encrypted digital communication."
511Forum Systems, Inc.
45 West 10000 South
Suite 415
Sandy, UT 84070
USA

Bruce Herron
TEL: 425-882-9808
FAX: 801-313-4401

CST Lab: NVLAP 200017-0
Forum FIA Gateway 1504G
(Hardware Version: 1504; Firmware Version: 4.3)
(When operated in FIPS mode and using the nCipher 1600 PCI card (Cert. #402))

Validated to FIPS 140-2

Certificate

Security Policy
Hardware02/28/2005
03/02/2005
Overall Level: 2

-FIPS Approved algorithms: Triple-DES (Cert. #267); AES (Cert. #165); SHS (Cert. #249); HMAC-SHA-1 (Cert. #249, vendor affirmed); DSA (Cert. #60); RSA (PKCS #1, vendor affirmed)

-Other algorithms: DES (Cert. #265); Diffie-Hellman (key agreement); MD5; RC4

Multi-chip standalone

"Forum FIA Gateway provides the foundation infrastructure that drives a return on investment by enabling secure XML and Web services communications for mission critical applications. Forum FIA Gateway industry specific solutions include: government compliance, secure electronic forms, secure partner integration, secure partner collaboration, electronic notary, evidence repository as well as secure Service Oriented Architectures."
509Dreifus Associates Limited, Inc.
3300 W. Lake Mary Blvd.
Suite 300
Lake Mary, FL 32746
USA

Nicholas D. Pileggi Jr.
TEL: 407-585-2840
FAX: 407-531-9932

CST Lab: NVLAP 100432-0
DAL C32 Applet Suite on Axalto Cyberflex Access 64Kv1 Smart Card Chip
(Hardware Version: Cyberflex Access 64Kv1 P/N M512LACC1; Firmware Versions: OS HardMask 5 v1, OS SoftMask 4 v1, AC Applet v1.0, GSC Service Applet v1.0)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware02/28/2005
03/23/2005
Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #125); Triple-DES MAC (Cert. #125, vendor affirmed); SHS (Cert. #108); RSA (Cert. #58)

-Other algorithms: DES (Cert. #179); DES MAC (Cert. #179, vendor affirmed);

Single-chip

"The DAL C3 suite of Applets on the Axalto Cyberflex 64k smart card module provides digital signature, key generation, and secure storage of data. The smart card module conforms to Java Card 2.1.1, Open Platform 2.0.1, and GSC-ISv2.1. End users can utilize the module services for network authentication, physical access, digital signature, and secure storage."
507ALERTCO RF/RFID
217 New Brighton Lane SE
Calgary, Alberta T2Z 0E3
Canada

Gerry Smalley
TEL: 403-719-6249

CST Lab: NVLAP 100432-0
TIMAC Cryptographic Module
(Hardware Version: P/N EM01-01 Rev. 1.1; Firmware Version: ; 1.0)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware02/11/2005
04/07/2005
01/11/2012
Overall Level: 3

-FIPS Approved algorithms: AES (Cert. #149)

Multi-chip embedded

"The TIMAC module is a 17 pin header mounted multi-chip embedded firmware microprocessor module used to encrypt and decrypt point-to-point or point-to-multipoint serial data. The device is a FIPS 140-2 Level 3 compliant and certified, high performance device implementing the AES algorithm operating in 128 bit ECB, CBC, and CFB modes. This encryption engine can be incorporated into OEM projects and products with the addition of a simple API to their hardware, for both hardwired and wireless applications, as well as any other highly secured applications such as Government and Financial Institutions. It can be used in other data transmission applications requiring NSA approved serial data encryption."
505Meganet Corporation
350 South Figueroa Street
Suite 450
Los Angeles, CA 90071
USA

Saul Backal
TEL: 213-620-1666
FAX: 213-620-1655

CST Lab: NVLAP 100432-0
VME Crypto Engine
(Software Version: 4.4.0.0/M145)
(When operated with the Microsoft® Base Cryptographic Provider validated to FIPS 140-1 under Certificate #238 operating in FIPS mode for the operating systems specified)

Validated to FIPS 140-2

Certificate

Security Policy
Software01/24/2005
02/04/2005
05/04/2005
12/07/2007
Overall Level: 1

-Roles, Services, and Authentication: Level 2
-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional Version 2002 SP1. The following operating systems must use the Microsoft® Base Cryptographic Provider validated to FIPS 140-2 under Certificate #238 operatingin FIPS mode: Windows 98, Second Edition, Windows ME Build 4.90.3000, Windows NT 4.0 Workstation SP 6, Windows NT 4.0 Server SP 6, Windows 2000 Professional SP4, Windows 2000 Server SP 4, Windows 2000 Advanced Server SP 4, Windows XP Home Edition SP 1, Windows Server 2003 Enterprise Edition (all in single-user mode)

-FIPS Approved algorithms: AES (Cert. #77); Triple-DES (Cert. #188); SHA-1 (Cert. #83); RSA (PKCS #1, vendor affirmed)

-Other algorithms: VME

Multi-chip standalone

"VME Crypto Engine is a suite of tools that make data encryption and decryption easy and reliable. VME Crypto Engine also provides tools that allow you to encrypt and decrypt email messages, chat sessions, files transmitted ftp, and more."
501Dreifus Associates Limited, Inc.
3300 W. Lake Mary Blvd.
Suite 300
Lake Mary, FL 32746
USA

Nicholas D. Pileggi Jr.
TEL: 407-585-2840
FAX: 407-531-9932

CST Lab: NVLAP 100432-0
DAL C3 Applet Suite on Axalto Cyberflex Access 64Kv1 Smart Card Chip
(Hardware Version: Cyberflex Access 64Kv1 P/N M512LACC1; Firmware Versions: OS HardMask 5 v1, OS SoftMask 4 v1, AC Applet v1.0, GSC Service Applet v1.0)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware01/18/2005Overall Level: 3

-FIPS Approved algorithms: Triple-DES (Cert. #125); Triple-DES MAC (Cert. #125, vendor affirmed); SHS (Cert. #108); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #179); DES MAC (Cert. #179, vendor affirmed)

Single-chip

"The DAL C3 suite of Applets on the Axalto Cyberflex 64k smart card module provides digital signature, key generation, and secure storage of data. The smart card module conforms to Java Card 2.1.1, Open Platform 2.0.1, and GSC-ISv2.1. End users can utilize the module services for network authentication, physical access, digital signature, and secure storage."
498Pitney Bowes, Inc.
35 Waterview Drive
Shelton, CT 06484-8000
USA

Dennis Crowe
TEL: 203-924-3612
FAX: 203-924-3352

CST Lab: NVLAP 100432-0
Compliant Meter Postal Security Device (CoMet PSD)
(Hardware Versions: P/Ns 1A00 Version BAA, 1AEC Version AAA, 1APC Version ABC)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware01/18/2005Overall Level: 3

-FIPS Approved algorithms: Triple-DES (Cert. #98); Triple-DES MAC (Cert. #98, vendor affirmed); DSA (Cert. #58); SHS (Cert. #86); Skipjack (Cert. #6); RSA (PKCS #1, vendor affirmed); HMAC-SHA-1 (Cert #86, vendor affirmed); ECDSA (vendor affirmed)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip standalone

"The Pitney Bowes Compliant Meter Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP) and with the Canada Post Corporation’s Digital Meter Indicia Specification 3457. It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes IBIP Metering products. The PSD is a secure module employed within the metering product which performs high-speed cryptographic functions, funds management, and printer administration functions that preclude unauthorized disbursing of indicia. The PSD has been designed to support international postal markets and their rapidly evolving requirements for digital indicia."
495Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

Juan Asenjo
TEL: 888-744-4976 x6202
FAX: 954-888-6211

CST Lab: NVLAP 200017-0
Thales Datacryptor Gigabit
(Hardware Version: C; Firmware Version: 2.2)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware01/07/2005
10/13/2005
Overall Level: 2

-FIPS Approved algorithms: Triple-DES (Cert. #258); AES (Cert. #156); SHA-1 (Cert. #117); HMAC-SHA-1 (Cert. #117, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #260); Diffie-Hellman (key agreement); MD5; HMAC-MD5

Multi-chip standalone

"The Datacryptor Gigabit is a high performance, integrated security appliance that offers Gigabit Ethernet IPSec encryption. Housed in a tamper evident chassis, the Datacryptor Gigabit has two Gigabit Ethernet ports. Traffic on the local port is received in the clear, while traffic on the remote port has security processing applied to it. Fully compatible with existing IP networks, the Datacryptor Gigabit can be seamlessly deployed into Gigabit Ethernet environments, including IP siteto-site VPNs and storage over IP networks. Its high-speed AES and 3DES IPSec processing eliminates bottlenecks while providing data authentication, confidentiality, and integrity."