Cryptographic Module Validation Program CMVP

Certificate #2642

Details

Module Name
MiniHSM, MiniHSM for nShield Edge F2, and MiniHSM for Time Stamp Master Clock
Standard
FIPS 140-2
Status
Active
Sunset Date
5/12/2021
Validation Dates
05/13/2016;07/24/2018;06/03/2019
Overall Level
2
Caveat
When operated in FIPS mode and initialized to Overall Level 2 per Security Policy. The protocol TLS shall not be used when operated in FIPS mode
Security Level Exceptions
  • Roles, Services, and Authentication: Level 3
  • Physical Security: Level 3
  • EMI/EMC: Level 3
  • Design Assurance: Level 3
  • Mitigation of Other Attacks: N/A
Module Type
Hardware
Embodiment
Multi-Chip Embedded
Description
The MiniHSM, MiniHSM for nShield Edge F2 and MiniHSM for Time Stamp Master Clock are fully featured HSMs supplied in a single chip package. The MiniHSM Modules offer all the security and key management features of other nShield modules - but with reduced processing speed. The MiniHSM modules are OEM parts and will be included within other appliances or products, for example switches or routers. The MiniHSM modules have a real time clock which also makes them suitable for use as a time-stamping engine.
Tested Configuration(s)
  • N/A
FIPS Algorithms
AES Cert. #3419
CVL Cert. #515
DRBG Cert. #824
DSA Cert. #963
ECDSA Cert. #686
HMAC Cert. #2177
KBKDF Cert. #57
KTS AES Cert. #3419; key establishment methodology provides between 128 and 256 bits of encryption strength
RSA Cert. #1751
SHS Cert. #2825
Triple-DES Cert. #1930
Triple-DES MAC Triple-DES Cert. #1930, vendor affirmed
Other Algorithms
ARC4; Aria; Camellia; CAST-256; DES; Diffie-Hellman (CVL Cert. #515, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #515, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); El-Gamal; HAS-160; HMAC-MD5; HMAC-RIPEMD160; HMAC-Tiger; KCDSA; MD5; NDRNG; RIPEMD-160; RSA (encrypt/decrypt); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Tiger; TLS KDF (non-compliant); Triple-DES (key wrapping; non-compliant)
Hardware Versions
nC4031Z-10, nC3021U-10, and TSMC200, Build Standard N
Firmware Versions
2.61.1-2 and 2.62.1-2

Vendor

nCipher Security Limited
One Station Square
Cambridge CB1 2GA
United Kingdom

sales@ncipher.com
sales@ncipher.com

Lab

Computer Sciences Corporation
NVLAP Code: 200996-0