|
Cryptographic Module
A cryptographic module is a component of a computer system that securely implements cryptographic algorithms, typically with some element of tamper resistance. NIST defines a cryptographic module as "The set of hardware, software, and/or firmware that implements security functions (including cryptographic algorithms), holds plaintext keys and uses them for performing cryptographic operations, and is contained within a cryptographic module boundary." Hardware security modules, including secure cryptoprocessors, are one way of implementing cryptographic modules. Standards for cryptographic modules include FIPS 140-3 and ISO/IEC 19790 ISO/IEC 19790 is an ISO/IEC standard for security requirements for cryptographic modules. It addresses a wide range of issues regarding their implementation, including specifications, interface definitions, authentication, operational and physical .... See also * Cryptographic Module Validation Program (CMVP) * Cryptographic Module Testing Labo ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Tamperproofing
Tamperproofing is a methodology used to hinder, deter or detect unauthorised access to a device or circumvention of a security system. Since any device or system can be foiled by a person with sufficient knowledge, equipment, and time, the term "tamperproof" is a misnomer unless some limitations on the tampering party's resources is explicit or assumed. Tamper resistance is resistance to intentional malfunction or sabotage by either the normal users of a product, package, or system or others with physical access to it. Tamper resistance ranges from simple features like List of screw drives#Tamper-resistant types, screws with special drives and Security_seal, tamper-evident seals to more complex devices that render themselves inoperable or encrypt all data transmissions between individual chips, use of materials needing special tools and knowledge. Tamper-resistant devices or features are common on packages to deter package or product tampering or enable its detection. Anti-tam ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
NIST
The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into physical science laboratory programs that include nanoscale science and technology, engineering, information technology, neutron research, material measurement, and physical measurement. From 1901 to 1988, the agency was named the National Bureau of Standards. History Background The Articles of Confederation, ratified by the colonies in 1781, provided: The United States in Congress assembled shall also have the sole and exclusive right and power of regulating the alloy and value of coin struck by their own authority, or by that of the respective states—fixing the standards of weights and measures throughout the United States. Article 1, section 8, of the Constitution of the United States, ratified in 1789, granted these powers to the new Co ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Hardware Security Module
A hardware security module (HSM) is a physical computing device that safeguards and manages secrets (most importantly digital keys), and performs encryption and decryption functions for digital signatures, strong authentication and other cryptographic functions. These modules traditionally come in the form of a plug-in card or an external device that attaches directly to a computer or network server. A hardware security module contains one or more secure cryptoprocessor chips. Design HSMs may have features that provide tamper evidence such as visible signs of tampering or logging and alerting, or tamper resistance which makes tampering difficult without making the HSM inoperable, or tamper responsiveness such as deleting keys upon tamper detection. Each module contains one or more secure cryptoprocessor chips to prevent tampering and bus probing, or a combination of chips in a module that is protected by the tamper evident, tamper resistant, or tamper responsive packaging. A ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Secure Cryptoprocessor
A secure cryptoprocessor is a dedicated computer-on-a-chip or microprocessor for carrying out cryptographic operations, embedded in a packaging with multiple physical security measures, which give it a degree of tamper resistance. Unlike cryptographic processors that output decrypted data onto a bus in a secure environment, a secure cryptoprocessor does not output decrypted data or decrypted program instructions in an environment where security cannot always be maintained. The purpose of a secure cryptoprocessor is to act as the keystone of a security subsystem, eliminating the need to protect the rest of the subsystem with physical security measures. Examples A hardware security module (HSM) contains one or more secure cryptoprocessor chips. These devices are high grade secure cryptoprocessors used with enterprise servers. A hardware security module can have multiple levels of physical security with a single-chip cryptoprocessor as its most secure component. The cryptoproc ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
FIPS 140-3
The Federal Information Processing Standard Publication 140-3 (FIPS PUB 140-3) is a U.S. government computer security standard used to approve cryptographic modules. The title is ''Security Requirements for Cryptographic Modules''. Initial publication was on March 22, 2019 and it supersedes FIPS 140-2. Purpose The National Institute of Standards and Technology (NIST) issued the FIPS 140 Publication Series to coordinate the requirements and standards for cryptography modules that include both hardware and software components. Federal agencies and departments can validate that the module in use is covered by an existing FIPS 140 certificate that specifies the exact module name, hardware, software, firmware, and/or applet version numbers. The cryptographic modules are produced by the private sector or open source communities for use by the U.S. government and other regulated industries (such as financial and health-care institutions) that collect, store, transfer, share and disseminat ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
ISO/IEC 19790
ISO/IEC 19790 is an ISO/IEC standard for security requirements for cryptographic modules. It addresses a wide range of issues regarding their implementation, including specifications, interface definitions, authentication, operational and physical security, configuration management, testing, and life-cycle management. The first version of ISO/IEC 19790 was derived from the U.S. government computer security standard FIPS 140-2, ''Security Requirements for Cryptographic Modules''. , the current version of the standard is ISO/IEC 19790:2025 that replaced the previous versions, ISO/IEC 19790:2012 and ISO/IEC 19790:2006, which are now obsolete. Use of ISO/IEC 19790 is referenced in the U.S. government standard FIPS 140-3 The Federal Information Processing Standard Publication 140-3 (FIPS PUB 140-3) is a U.S. government computer security standard used to approve cryptographic modules. The title is ''Security Requirements for Cryptographic Modules''. Initial publica .... As an ISO/IEC ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Cryptographic Module Validation Program
The Cryptographic Module Validation Program (CMVP) is a joint American and Canadian security accreditation program for cryptographic modules. The program is available to any vendors who seek to have their products certified for use by the U.S. Government and regulated industries (such as financial and health-care institutions) that collect, store, transfer, share and disseminate " sensitive, but not classified" information. All of the tests under the CMVP are handled by third-party laboratories that are accredited as Cryptographic Module Testing Laboratories by the National Voluntary Laboratory Accreditation Program (NVLAP). Product certifications under the CMVP are performed in accordance with the requirements of FIPS 140-3. The CMVP was established by the U.S. National Institute of Standards and Technology (NIST) and the Communications Security Establishment (CSE) of the Government of Canada The Government of Canada (), formally His Majesty's Government (), is the body res ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Cryptographic Module Testing Laboratory
{{Short description, Computer security testing laboratory Cryptographic Module Testing Laboratory (CMTL) is an information technology (IT) computer security testing laboratory that is accredited to conduct cryptographic module evaluations for conformance to the FIPS 140-2 U.S. Government standard. The National Institute of Standards and Technology (NIST) National Voluntary Laboratory Accreditation Program (NVLAP) accredits CMTLs to meet Cryptographic Module Validation Program (CMVP) standards and procedures. This has been replaced bFIPS 140-2 and the Cryptographic Module Validation Program (CMVP) CMTL requirements These laboratories must meet the following requirements: * NIST Handbook 150, NVLAP Procedures and General Requirements * NIST Handbook 150-17 Information Technology Security Testing - Cryptographic Module Testing **NVLAP Specific Operations Checklist for Cryptographic Module Testing FIPS 140-2 in relation to the Common Criteria A CMTL can also be a Common Criteria (CC ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Cryptography
Cryptography, or cryptology (from "hidden, secret"; and ''graphein'', "to write", or ''-logy, -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of Adversary (cryptography), adversarial behavior. More generally, cryptography is about constructing and analyzing Communication protocol, protocols that prevent third parties or the public from reading private messages. Modern cryptography exists at the intersection of the disciplines of mathematics, computer science, information security, electrical engineering, digital signal processing, physics, and others. Core concepts related to information security (confidentiality, data confidentiality, data integrity, authentication, and non-repudiation) are also central to cryptography. Practical applications of cryptography include electronic commerce, Smart card#EMV, chip-based payment cards, digital currencies, password, computer passwords, and military communications. ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
