Cryptographic Module Validation Program CMVP

Certificate #3564

Details

Module Name
ProtectServer Internal Express 2 (PSI-E2)
Standard
FIPS 140-2
Status
Active
Sunset Date
11/14/2024
Validation Dates
11/15/2019
Overall Level
3
Caveat
When operated in FIPS mode and installed, initialized and configured as specified in the Security Policy Section 3. The module generates cryptographic keys whose strengths are modified by available entropy.
Security Level Exceptions
  • Mitigation of Other Attacks: N/A
Module Type
Hardware
Embodiment
Multi-Chip Embedded
Description
The SafeNet PSI-E 2 is a high-end intelligent PCI adapter card, used either standalone or in the SafeNet PSE 2 appliance, that provides a wide range of cryptographic functions using firmware and dedicated hardware processors. The module provides key management (e.g., generation, storage, deletion, and backup), an extensive suite of cryptographic mechanisms, and process management including separation between operators. The PSI-E 2 also features non-volatile tamper protected memory for key storage, a hardware random number generator, and an RTC.
Tested Configuration(s)
  • N/A
FIPS Algorithms
AES Certs. #4849, #4960 and #5571
CKG vendor affirmed
DRBG Cert. #1704
DSA Cert. #1434
ECDSA Cert. #1503
HMAC Cert. #3713
KAS Cert. #192
KTS AES Cert. #5571; key establishment methodology provides between 128 and 256 bits of encryption strength
KTS Triple-DES Cert. #2807; key establishment methodology provides 112 bits of encryption strength
RSA Cert. #2998
SHA-3 Cert. #57
SHS Cert. #4476
Triple-DES Certs. #2573 and #2807
Allowed Algorithms
AES (Cert. #5571, key unwrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); Triple-DES (Cert. #2807, key unwrapping; key establishment methodology provides 112 bits of encryption strength)
Hardware Versions
VBD-05, Version Code 0200
Firmware Versions
5.03.01 and 5.03.02

Vendor

Gemalto
20 Colonnade Road, Suite 200
Ottawa, ON K2E 7M6
Canada

Security & Certifications Team
SecurityCertifications@gemalto.com

Lab

EWA CANADA
NVLAP Code: 200556-0