Module Name
Thales Cryptovisor K7+ Cryptographic Module
Caveat
When operated in FIPS mode and initialized to Overall Level 3 per Security Policy
Security Level Exceptions
- Physical Security: Level 4
Embodiment
Multi-Chip Embedded
Description
The Thales Cryptovisor K7+ Cryptographic Module is a high-assurance, Hardware Security Module with a tamper-active physical enclosure targeted at the service provider market. The cryptographic module secures sensitive data and critical applications by storing, protecting and managing cryptographic keys. It provides end users with industry-leading security and performance, and can quickly be embedded directly into servers and security appliances for FIPS 140-2 validated key security for elastic deployments particularly in support of cloud applications.
Approved Algorithms
AES |
Cert. #5652 |
CKG |
vendor affirmed |
CVL |
Cert. #A1171 |
DRBG |
Cert. #2283 |
DSA |
Cert. #1452 |
ECDSA |
Certs. #1526 and #A1171 |
ENT |
P |
HMAC |
Certs. #3766 and #A1171 |
KAS |
KAS-SSC Cert. #A1171, KDA Cert. #A1171; key establishment methodology provides between 112 and 256 bits of encryption strength |
KAS-SSC |
Cert. #A1171 |
KBKDF |
Cert. #234 |
KDA |
Cert. #A1171 |
KTS |
AES Cert. #5652; key establishment methodology provides between 128 and 256 bits of encryption strength |
KTS-RSA |
Certs. #A1170 and #A1171; key establishment methodology provides between 112 and 201 bits of encryption strength |
RSA |
Certs. #2631, #2632, #3042, #3043, #A1170 and #A1171 |
SHA-3 |
Cert. #A1171 |
SHS |
Certs. #3951, #3952, #4533 |
Allowed Algorithms
AES (Cert. #5652, key unwrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); EC Diffie-Hellman (shared secret computation provides between 112 and 285-bits of encryption strength).
Hardware Versions
808-000069-001 and 808-000070-001
Firmware Versions
2.0.0 and 2.0.2 with Boot Loader versions 1.1.1, 1.1.2, 1.1.4 and 1.1.5