Module Name
PKI BLADE Cosmo
Historical Reason
RNG SP800-131A Revision 1 Transition
Caveat
When operated in FIPS mode with the fingerprint authentication mechanism parameters configured as indicated in the Security Policy Section 8.6
Security Level Exceptions
- Roles, Services, and Authentication: Level 3
- Physical Security: Level 4
- EMI/EMC: Level 3
- Design Assurance: Level 3
Description
The PKI/BLADE applet is based on ISO 7816 and GSC-IS commands interface. The applet is designed to be loaded on any Java card compliant with JavaCard v2.2.1 and Global Platform v2.1.1 specifications including PIV certified Java cards. It is designed to provide services for PKI based logical access applications and to provide strong two factor authentication using fingerprint biometrics.
Approved Algorithms
AES |
Cert. #840 |
CVL |
Cert. #3 |
ECDSA |
Cert. #94 |
RNG |
Cert. #480 |
RSA |
Cert. #403 |
SHS |
Cert. #833 |
Triple-DES |
Cert. #698 |
Triple-DES MAC |
Triple-DES Cert. #698, vendor affirmed |
Other Algorithms
Triple-DES (Cert. #698, key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #840, key wrapping; key establishment methodology provides 128 bits of encryption strength); AES MAC (AES Cert. #840; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
Firmware Versions
FC10 (with op-code 071964) with ID-One PIV Applet Suite V2.3.2-a and PKI BLADE Applet V1.2