Module Name
ProtectServer Internal Express 2 (PSI-E2)
Historical Reason
SP 800-56Arev3 transition
Caveat
When operated in FIPS mode and installed, initialized and configured as specified in the Security Policy Section 3
Security Level Exceptions
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Embedded
Description
The Thales PSI-E 2 is a high-end intelligent PCI adapter card, used either standalone or in the Thales PSE 2 appliance, that provides a wide range of cryptographic functions using firmware and dedicated hardware processors. The module provides key management (e.g., generation, storage, deletion, and backup), an extensive suite of cryptographic mechanisms, and process management including separation between operators. The PSI-E 2 also features non-volatile tamper protected memory for key storage, a hardware random number generator, and an RTC.
Approved Algorithms
AES |
Certs. #4849, #4960, #5571 and #C1898 |
CKG |
Vendor Affirmed |
DRBG |
Cert. #1704 |
DSA |
Cert. #1434 |
ECDSA |
Cert. #1503 |
HMAC |
Cert. #3713 |
KAS |
Cert. #192 |
KTS |
AES Cert. #5571; key establishment methodology provides between 128 and 256 bits of encryption strength |
KTS |
Triple-DES Cert. #2807; key establishment methodology provides 112 bits of encryption strength |
RSA |
Cert. #2998 |
SHA-3 |
Cert. #57 |
SHS |
Cert. #4476 |
Triple-DES |
Certs. #2573 and #2807 |
Allowed Algorithms
AES (Cert. #5571, key unwrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); Triple-DES (Cert. #2807, key unwrapping; key establishment methodology provides 112 bits of encryption strength)
Hardware Versions
808-000064-005
Firmware Versions
5.06.01 with bootloader version 1.1.2