Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Cryptographic Module Validation Program

Certificate #1744

Details

Module Name
MiniHSM [1], MiniHSM for nShield Edge [2] and MiniHSM for Time Stamp Master Clock [3]
Standard
FIPS 140-2
Status
Historical
 Historical Reason
Moved to historical list in accordance with SP800-131A Revision 1 Transition (AES/TDES key wrapping)
Validation Dates
6/25/2012
8/16/2013
10/25/2013
10/31/2015
Overall Level
2
Caveat
When operated in FIPS mode and initialized to Overall Level 2 per Security Policy
Security Level Exceptions
  • Roles, Services, and Authentication: Level 3
  • Physical Security: Level 3
  • EMI/EMC: Level 3
  • Design Assurance: Level 3
Module Type
Hardware
Embodiment
Multi-chip embedded
Description
The MiniHSM, MiniHSM for nShield Edge and MiniHSM for Time Stamp Master Clock are fully featured HSMs supplied in a single chip package. The MiniHSM Modules offer all the security and key management features of other nShield modules - but with reduced processing speed. The MiniHSM modules are OEM parts and will be included within other appliances or products, for example switches or routers. The MiniHSM modules have a real time clock which also makes them suitable for use as a time-stamping engine.
FIPS Algorithms
AES Cert. #1770
CVL Cert. #6
DRBG Cert. #120
DSA Cert. #553
ECDSA Cert. #238
HMAC Cert. #1039
RSA Cert. #886
SHS Cert. #1554
Triple-DES Cert. #1146
Triple-DES MAC Triple-DES Cert. #1146, vendor affirmed
Other Algorithms
ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 112 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength)
Hardware Versions
nC4031Z-10 [1], nC3021U-10 [2] and TSMC200 [3], Build Standard N
Firmware Versions
2.50.17-2, 2.51.10-2, 2.50.35-2 and 2.55.1-2

Vendor

Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

sales@thalesesec.com
sales@thalesesec.com
Phone: 888-744-4976

Lab

CSC
NVLAP Code: 200426-0