Module Name
ID-One PIV on Cosmo V8.1 - SPE Configurations
Historical Reason
SP 800-56Arev3 transition
Caveat
When operated in FIPS mode and initialized to Overall Level 3 per the Security Policy
Security Level Exceptions
- Physical Security: Level 4
Description
ID-One PIV on Cosmo V8.1 is the next generation of Personal Identification and Verification cards, avalaible in multiple FIPS 140-2 validated configurations. The SPE configurations are extensions to the PIV/CIV configurations where the module enforces the encryption of the PIN when submitted to the module for card holder verification, regardless of the communication interface being used (contact & contactless). The EP (Enhanced Privacy) option added to the default SPE configuration prevents the leaking from the card of any traceable or PII over the contactless interface.
Approved Algorithms
| AES |
Certs. #4107, #4108 and #4109 |
| CVL |
Certs. #921, #953 and #954 |
| DRBG |
Cert. #1234 |
| ECDSA |
Cert. #933 |
| HMAC |
Cert. #2683 |
| KAS |
Cert. #48 |
| KBKDF |
Cert. #106 |
| KTS |
AES Cert. #4107 and AES Cert. #4108; key establishment methodology provides between 128 and 256 bits of encryption strength |
| KTS |
AES Cert. #4109; key establishment methodology provides between 128 and 256 bits of encryption strength |
| RSA |
Certs. #2252 and #2253 |
| SHA-3 |
Cert. #6 |
| SHS |
Certs. #3379 and #3380 |
| Triple-DES |
Cert. #2245 |
Hardware Versions
P/Ns ‘30-5F01’ [1], ‘30-5F02’ [2], '40-6001' [3] and '40-6002' [4]
Firmware Versions
Firmware Extension: ‘086294’+’086683’ (ID-One PIV Applet Suite 2.4.0 on Cosmo V8.1 LARGE) [1], Firmware Extension: ‘090191’ (ID-One PIV 2.4.1 on Cosmo V8.1 LARGE) [2], Firmware Extension: ‘086294’+’086693’ (ID-One PIV Applet Suite 2.4.0 on Cosmo V8.1 STD) [3] and Firmware Extension: ‘090211’ (ID-One PIV 2.4.1 on Cosmo V8.1 STD) [4]
