BSISO/IEC19790:2012

IncorporatingcorrigendumJune2016

Informationtechnology—Securitytechniques—Securityrequirementsforcryptographicmodules

bsie

BSISO/IEC19790:2012

BRITISHSTANDARD

Nationalforeword

ThisBritishStandardistheUKimplementationofISO/IEC19790:2012.ItsupersedesBSISO/IEC19790:2006whichiswithdrawn.

TheUKparticipationinitspreparationwasentrustedbyTechnicalCommitteeIST/33,IT-Securitytechniques,toSubcommitteeIST/33/3,SecurityEvaluation,TestingandSpecification.

Alistoforganizationsrepresentedonthissubcommitteecanbeobtainedonrequesttoitssecretary.

Thispublicationdoesnotpurporttoincludeallthenecessaryprovisionsofacontract.Usersareresponsibleforitscorrectapplication.

?TheBritishStandardsInstitution2016.

PublishedbyBSIStandardsLimited2016

ISBN9780580896835

ICS35.040

CompliancewithaBritishStandardcannotconferimmunityfromlegalobligations.

ThisBritishStandardwaspublishedundertheauthorityoftheStandardsPolicyandStrategyCommitteeon31August2012.

Amendments/corrigendaissuedsincepublication

Date Textaffected

30June2016ImplementationofISOcorrectedtext15December2015:seeISOforewordfordetails

?ISO/IEC2012

?ISO/IEC2012

INTERNATIONAL

STANDARD

ISO/IEC

19790

Secondedition2012-08-15

Correctedversion

2015-12-15

Informationtechnology—Securitytechniques—Securityrequirementsforcryptographicmodules

TechnologiesdeVin/drmation—Techniquesdesecurite—Exigencesdesecuritepourlesmodulescryptographiques

Referencenumber

ISO/IEC19790:2012(E)

BSISO/IEC19790:2012

ISO/IEC19790:2012(E)

#

?ISO/IEC2012-Allrightsreserved

BSISO/IEC19790:2012

ISO/IEC19790:2012(E)

?ISO/IEC2012-Allrightsreserved

#

BSISO/IEC19790:2012

ISO/IEC19790:2012(E)

?ISO/IEC2012-Allrightsreserved

#

企

COPYRIGHTPROTECTEDDOCUMENT

?ISO/IEC2012,PublishedinSwitzerland

Allrightsreserved.Unlessotherwisespecified,nopartofthispublicationmaybereproducedorutilizedotherwiseinanyformorbyanymeans,electronicormechanical,includingphotocopying,orpostingontheinternetoranintranet,withoutpriorwrittenpermission.PermissioncanberequestedfromeitherISOattheaddressbeloworISO'smemberbodyinthecountryoftherequester

ISOcopyrightoffice

Ch.deBlandonnet8?CP401

CH-1214Vernier;Geneva,Switzerland

Tel.+41227490111

Fax+41227490947

copyright@

Contents

Page

JZ.3.4

123455.5.5.J6

Scope

Normativereferences

Termsanddefinitions

Abbreviatedterms

Cryptographicmodulesecuritylevels

SecurityLevel1

SecurityLevel2

SecurityLevel3

SecurityLevel4

Functionalsecurityobjectives

Securityrequirements

1

1

15

15

15

16

16

17

17

18

TOC\o"1-5"\h\z

\o"CurrentDocument"\h

Cryptographicmodulespecification 20

Cryptographicmodulespecificationgeneralrequirements 20

\o"CurrentDocument"\h

Typesofcryptographicmodules 20

Cryptographicboundary 21

Modesofoperations 22

\o"CurrentDocument"\h

Cryptographicmoduleinterfaces 23

Cryptographicmoduleinterfacesgeneralrequirements 23

Typesofinterfaces 24

Definitionofinterfaces 24

\o"CurrentDocument"\h

Trustedchannel 25

\o"CurrentDocument"\h

Roles,services,andauthentication 25

Roles,services,andauthenticationgeneralrequirements 25

\o"CurrentDocument"\h

Roles 26

Services 26

Authentication 28

\o"CurrentDocument"\h

Software/Firmwaresecurity 29

\o"CurrentDocument"\h

Operationalenvironment 31

Operationalenvironmentgeneralrequirements 31

\o"CurrentDocument"\h

Operatingsystemrequirementsforlimitedornon-modifiableoperationalenvironments 33

\o"CurrentDocument"\h

Operatingsystemrequirementsformodifiableoperationalenvironments 33

\o"CurrentDocument"\h

Physicalsecurity 35

\o"CurrentDocument"\h

Physicalsecurityembodiments 35

Physicalsecuritygeneralrequirements 37

\o"CurrentDocument"\h

Physicalsecurityrequirementsforeachphysicalsecurityembodiment 39

\o"CurrentDocument"\h

Environmentalfailureprotection/testing 42

\o"CurrentDocument"\h

Non-invasivesecurity 43

\o"CurrentDocument"\h

Sensitivesecurityparametermanagement 44

Sensitivesecurityparametermanagementgeneralrequirements 44

\o"CurrentDocument"\h

Randombitgenerators 44

\o"CurrentDocument"\h

Sensitivesecurityparametergeneration 44

\o"CurrentDocument"\h

Sensitivesecurityparameterestablishment 45

\o"CurrentDocument"\h

Sensitivesecurityparameterentryandoutput 45

\o"CurrentDocument"\h

Sensitivesecurityparameterstorage 46

BSISO/IEC19790:2012

ISO/IEC19790:2012(E)

#

?ISO/IEC2012-Allrightsreserved

BSISO/IEC19790:2012

ISO/IEC19790:2012(E)

#

?ISO/IEC2012-Allrightsreserved

Sensitivesecurityparameterzeroisation

Self-tests

Self-testgeneralrequirements

Pre-operationalself-tests

Conditionalself-tests

Life-cycleassurance

Life-cycleassurancegeneralrequirements

Configurationmanagement

Design

Finitestatemodel

Development

Vendortesting

Deliveryandoperation

Endoflife

Guidancedocuments

Mitigationofotherattacks

AnnexA(normative)Documentationrequirements

A.1Purpose

A.2Items

A.2.1General

A.2.2Cryptographicmodulespecification

A.2.3Cryptographicmoduleinterfaces

A.2.4Roles,services,andauthentication

A.2.5Software/Firmwaresecurity

A.2.6Operationalenvironment

A.2.7Physicalsecurity

A.2.8Non-invasivesecurity

A.2.9Sensitivesecurityparametermanagement

A.2.10Self-tests

A.2.11Life-cycleassurance

A.2.12Mitigationofotherattacks

AnnexB(normative)Cryptographicmodulesecuritypolicy

B.1General

J.7.8.9J.1J222222222222B.B.B.B.B.B.B.B.B.B.B.B.

General Cryptographicmodulespecification Cryptographicmoduleinterfaces Roles,services,andauthentication Software/Firmwaresecurity Operationalenvironment Physicalsecurity Non-invasivesecurity SensitivesecurityparametersmanagementSelf-tests

Life-cycleassurance

Mitigationofotherattacks

AnnexC(normative)Approvedsecurityfunctions

C.1Purpose

C.1.1Blockciphers

C.1.2Streamciphers

C.1.3Asymmetricalgorithmsandtechniques…..

C.1.4Messageauthenticationcodes

C.1.5Hashfunctions

.46.47.47.47.4850

5051.51.51.52.53

54.54.54.55

.56565656.56.57.57.57585858585960.61

6262.62.62.62

63.63.64.64,64.6565.66

66.66

.67.67.67.67.67.6767,68

C.1.6Entityauthentication

BSISO/IEC19790:2012

ISO/IEC19790:2012(E)

?ISO/IEC2012-Allrightsreserved

BSISO/IEC19790:2012

ISO/IEC19790:2012(E)

?ISO/IEC2012-Allrightsreserved

TOC\o"1-5"\h\z

\o"CurrentDocument"\h

C.1.7Keymanagement 68

\o"CurrentDocument"\h

C.1.8Randombitgeneration 68

(normative)Approvedsensitivesecurityparametergenerationandestablishmentmethods69

\o"CurrentDocument"\h

D.1Purpose 69

\o"CurrentDocument"\h

D.1.1Sensitivesecurityparametergeneration 69

\o"CurrentDocument"\h

D.1.2Sensitivesecurityparameterestablishmentmethods 69

(normative)Approvedauthenticationmechanisms 70

\o"CurrentDocument"\h

E.1Purpose 70

\o"CurrentDocument"\h

E.1.1Authenticationmechanisms 70

\o"CurrentDocument"\h

(normative)Approvednon-invasiveattackmitigationtestmetrics 71

\o"CurrentDocument"\h

F.1 Purpose 71

\o"CurrentDocument"\h

F.1.1 Non-invasiveattackmitigationtestmetrics 71

BSISO/IEC19790:2012

ISO/IEC19790:2012(E)

#

?ISO/IEC2012-Allrightsreserved

BSISO/IEC19790:2012

ISO/IEC19790:2012(E)

#

?ISO/IEC2012-Allrightsreserved

Foreword

ISO(theInternationalOrganizationforStandardization)andIEC(theInternationalElectrotechnicalCommission)formthespecializedsystemforworldwidestandardization.NationalbodiesthataremembersofISOorIECparticipateinthedevelopmentofInternationalStandardsthroughtechnicalcommitteesestablishedbytherespectiveorganizationtodealwithparticularfieldsoftechnicalactivity.ISOandIECtechnicalcommitteescollaborateinfieldsofmutualinterest.Otherinternationalorganizations,governmentalandnon-governmental,inliaisonwithISOandIEC,alsotakepartinthework.Inthefieldofinformationtechnology,ISOandIEChaveestablishedajointtechnicalcommittee,ISO/IECJTC1.

TheproceduresusedtodevelopthisdocumentandthoseintendedforitsfurthermaintenancearedescribedintheISO/IECDirectives,Part1.Inparticularthedifferentapprovalcriterianeededforthedifferenttypesofdocumentshouldbenoted.ThisdocumentwasdraftedinaccordancewiththeeditorialrulesoftheISO/IECDirectives,Part2(see

www.iso.orq/directives

).

Attentionisdrawntothepossibilitythatsomeoftheelementsofthisdocumentmaybethesubjectofpatentrights.ISOandIECshallnotbeheldresponsibleforidentifyinganyorallsuchpatentrights.DetailsofanypatentrightsidentifiedduringthedevelopmentofthedocumentwillbeintheIntroductionand/orontheISOlistofpatentdeclarationsreceived(see

www.iso.orq/patents

).

Anytradenameusedinthisdocumentisinformationgivenfortheconvenienceofusersanddoesnotconstituteanendorsement.

ForanexplanationonthemeaningofISOspecifictermsandexpressionsrelatedtoconformityassessment,aswellasinformationaboutISO'sadherencetotheWTOprinciplesintheTechnicalBarrierstoTrade(TBT)seethefollowingURL:Foreword-Supplementaryinformation

Technicalcorrigendum1toISO/IEC19790:2012waspreparedbyJointTechnicalCommitteeISO/IECJTC1,Informationtechnology,SubcommitteeSC27,Securitytechniques.

ThiscorrectedversionofTechnicalcorrigendum1toISO/IEC19790:2012cancelsandreplacesthefirstedition(ISO/IEC19790:2012/Cor1:2015),incorporatingthesametechnicalrevisionsandmiscellaneouseditorialcorrectionsshowinginredtextinsteadofblackundeiiieina:

—3.21:Theterm"cryptographicboundary"iscorrected;

—3.80:ThetermMnon-securityrelevant"iscorrected;

—3.108:Theterm"self-test"iscorrected;

—7.2.2:Therequirements[02.04],[02.05]and[02.06]arecorrected;

—:Therequirement[02.31]iscorrected;

—7.3.3:Therequirement[03.14]iscorrected;

—7.5:Therequirements[05.06]and[05.07]areadded.Therequirements[05.08],[05.13]and[05.17]through[05.23]arecorrected;

—7.6.3:Therequirement[06.06]iscorrected;

BSISO/IEC19790:2012

ISO/IEC19790:2012(E)

?ISO/IEC2012-Allrightsreserved

BSISO/IEC19790:2012

ISO/IEC19790:2012(E)

?ISO/IEC2012-Allrightsreserved

—7.8:Therequirement[08.04]iscorrected;

—7.9.1:Therequirement[09.04]iscorrected;

—7.9.7:Therequirement[09.37]iscorrected;

—:Therequirement[10.17]iscorrected;

—7.11.5:Therequirement[11.26]iscorrected;

—7.11.7:Therequirement[11.35]iscorrected;

—7.11.9:Therequirement[11.38]iscorrected;

—A.2.5:Therequirementsofthe1sland2ndbulletsarecorrected;

—A.2.7:Therequirementofthe3rdbulletiscorrected;

—A.2.10:Therequirementofthe4thbulletiscorrected;

—B.2.4:Therequirementofthe9lhbulletiscorrected;

—B.2.5:Therequirementofthe1stbulletiscorrected;

—B.2.7:Therequirementofthe2ndlevel6thbulletiscorrected;

—D.1:Duplicatetextisremoved;

—D.1.2:ThereferencetoISO/IEC15946-3isremoved;

—E.1:Duplicatetextisremoved;and

—F.1:Duplicatetextisremoved.

BSISO/IEC19790:2012

ISO/IEC19790:2012(E)

#

?ISO/IEC2012-Allrightsreserved

BSISO/IEC19790:2012

ISO/IEC19790:2012(E)

#

?ISO/IEC2012-Allrightsreserved

Introduction

InInformationTechnologythereisanever-increasingneedtousecryptographicmechanismssuchastheprotectionofdataagainstunauthoriseddisclosureormanipulation,forentityauthenticationandfornon-repudiation.Thesecurityandreliabilityofsuchmechanismsaredirectlydependentonthecryptographicmodulesinwhichtheyareimplemented.

ThisInternationalStandardprovidesforfourincreasing,qualitativelevelsofsecurityrequirementsintendedtocoverawiderangeofpotentialapplicationsandenvironments.Thecryptographictechniquesareidenticaloverthefoursecuritylevels.Thesecurityrequirementscoverareasrelativetothedesignandimplementationofacryptographicmodule.Theseareasincludecryptographicmodulespecification;cryptographicmoduleinterfaces;roles,services,andauthentication;software/firmwaresecurity;operationalenvironment;physicalsecurity;non-invasivesecurity;sensitivesecurityparametermanagement;self-tests;life-cycleassurance;andmitigationofotherattacks.

Theoverallsecurityratingofacryptographicmodulemustbechosentoprovidealevelofsecurityappropriateforthesecurityrequirementsoftheapplicationandenvironmentinwhichthemoduleistobeutilisedandforthesecurityservicesthatthemoduleistoprovide.Theresponsibleauthorityineachorganizationshouldensurethattheircomputerandtelecommunicationsystemsthatutilisecryptographicmodulesprovideanacceptablelevelofsecurityforthegivenapplicationandenvironment.Sinceeachauthorityisresponsibleforselectingwhichapprovedsecurityfunctionsareappropriateforagivenapplication,compliancewiththisInternationalStandarddoesnotimplyeitherfullinteroperabilityormutualacceptanceofcompliantproducts.Theimportanceofsecurityawarenessandofmakinginformationsecurityamanagementpriorityshouldbecommunicatedtoallconcerned.

Informationsecurityrequirementsvaryfordifferentapplications;organizationsshouldidentifytheirinformationresourcesanddeterminethesensitivitytoandthepotentialimpactofalossbyimplementingappropriatecontrols.Controlsinclude,butarenotlimitedto:

—physicalandenvironmentalcontrols;

—accesscontrols;

—softwaredevelopment;

—backupandcontingencyplans;and

—informationanddatacontrols.

Thesecontrolsareonlyaseffectiveastheadministrationofappropriatesecuritypoliciesandprocedureswithintheoperationalenvironment.

?ISO/IEC2012-Allrightsreserved

#

?ISO/IEC2012-Allrightsreserved

#

BSISO/IEC19790:2012

INTERNATIONALSTANDARD

ISO/IEC19790:2012(E)

Informationtechnology—Securitytechniques—Securityrequirementsforcryptographicmodules

Scope

ThisInternationalStandardspecifiesthesecurityrequirementsforacryptographicmoduleutilisedwithinasecuritysystemprotectingsensitiveinformationincomputerandtelecommunicationsystems.ThisInternationalStandarddefinesfoursecuritylevelsforcryptographicmodulestoprovideforawidespectrumofdatasensitivity(e.g.lowvalueadministrativedata,milliondollarfundstransfers,lifeprotectingdata,personalidentityinformation,andsensitiveinformationusedbygovernment)andadiversityofapplicationenvironments(e.g.aguardedfacility,anoffice,removablemedia,andacompletelyunprotectedlocation).ThisInternationalStandardspecifiesfoursecuritylevelsforeachof11requirementareaswitheachsecuritylevelincreasingsecurityovertheprecedinglevel.

ThisInternationalStandardspecifiessecurityrequirementsspecifiedintendedtomaintainthesecurityprovidedbyacryptographicmoduleandcompliancetothisInternationalStandardisnotsufficienttoensurethataparticularmoduleissecureorthatthesecurityprovidedbythemoduleissufficientandacceptabletotheowneroftheinformationthatisbeingprotected.

Normativereferences

Thefollowingreferenceddocumentsareindispensablefortheapplicationofthisdocument.Fordatedreferences,onlytheeditioncitedapplies.Forundatedreferences,thelatesteditionofthereferenceddocument(includinganyamendments)applies.

ThedocumentslistedinISO/IEC19790AnnexesC,D,EandFInformationtechnology-Securitytechniques-Securityrequirementsforcryptographicmodules.

Termsanddefinitions

ForthepurposesofthisInternationalStandard,thefollowingtermsanddefinitionsapply.

3.1accesscontrollistACL

listofpermissionstograntaccesstoanobject

3.2

administratorguidance

writtenmaterialthatisusedbytheCryptoOfficerand/orotheradministrativerolesforthecorrectconfiguration,maintenance,andadministrationofthecryptographicmodule

3.3

automated

withoutmanualinterventionorinput(e.g.electronicmeanssuchasthroughacomputernetwork)

BSISO/IEC19790:2012

ISO/IEC19790:2012(E)

?ISO/IEC2012-Allrightsreserved

#

BSISO/IEC19790:2012

ISO/IEC19790:2012(E)

#

?ISO/IEC2012-Allrightsreserved

approvalauthority

anynationalorinternationalorganisation/authoritymandatedtoapproveand/orevaluatesecurityfunctions

NOTEAnapprovalauthorityinthecontextofthisdefinitionevaluatesandapprovessecurityfunctionsbasedontheircryptographicormathematicalmeritsbutisnotthetestingentitywhichwouldtestforconformancetothisInternationalStandard.

approveddataauthenticationtechnique

approvedmethodthatmayincludetheuseofadigitalsignature,messageauthenticationcodeorkeyedhash(e.g.HMAC)

approvedintegritytechnique

approvedhash,messageauthenticationcodeoradigitalsignaturealgorithm

approvedmodeofoperation

setofserviceswhichincludesatleastoneservicethatutilisesanapprovedsecurityfunctionorprocessandcanincludenon-securityrelevantservices

NOTE1Nottobeconfusedwithaspecificmodeofanapprovedsecurityfunction,e.g.CipherBlockChaining(CBC)mode

NOTE2Non-approvedsecurityfunctionsorprocessesareexcluded.

approvedsecurityfunction

securityfunction(e.g.cryptographicalgorithm)thatisreferencedinAnnexC

asymmetriccryptographictechnique

cryptographictechniquethatusestworelatedtransformations;apublictransformation(definedbythepublickey)andaprivatetransformation(definedbytheprivatekey).

NOTEThetwotransformationshavethepropertythat,giventhepublictransformation,itiscomputationallyinfeasibletoderivetheprivatetransformationinagivenlimitedtimeandwithgivencomputationalresources.

3.10

biometric

measurable,physicalcharacteristicorpersonalbehavioraltraitusedtorecognisetheidentity,orverifytheclaimedidentity,ofanoperator

3.11

bypasscapability

abilityofaservicetopartiallyorwhollycircumventacryptographicfunction

3.12

certificate

entity'sdatarenderedunforgeablewiththeprivateorsecretkeyofacertificationauthority

NOTENottobeconfusedwithamodulesvalidationcertificateissuedbyavalidationauthority

3.13

compromise

unauthoriseddisclosure,modification,substitution,oruseofcriticalsecurityparametersortheunauthorisedmodificationorsubstitutionofpublicsecurityparameters

3.14conditionalself-test

testperformedbyacryptographicmodulewhentheconditionsspecifiedforthetestoccur

3.15

confidentiality

propertythatinformationisnotmadeavailableordisclosedtounauthorisedentities

3.16

configurationmanagementsystemCMS

managementofsecurityfeaturesandassurancesthroughcontrolofchangesmadetohardware,softwareanddocumentationofacryptographicmodule

3.17

controlinformation

informationthatisenteredintoacryptographicmoduleforthepurposesofdirectingtheoperationofthemodule

3.18

criticalsecurityparameterCSP

securityrelatedinformationwhosedisclosureormodificationcancompromisethesecurityofacryptographicmodule

EXAMPLESecretandprivatecryptographickeys,authenticationdatasuchaspasswords,PINs,certificatesorothertrustanchors

NOTEACSPcanbeplaintextorencrypted.

3.19

cryptoofficer

roletakenbyanindividualoraprocess(i.e.subject)actingonbehalfofanindividualthataccessesacryptographicmoduleinordertoperformcryptographicinitialisationormanagementfunctionsofacryptographicmodule

3.20

cryptographicalgorithm

well-definedcomputationalprocedurethattakesvariableinputs,whichmayincludecryptographickeys,andproducesanoutput

3.21

cryptographicboundary

explicitlydefinedperimeterthatestablishestheboundaryofallcomponents(i.e.setofhardware,softwareorfirmwarecomponents)ofthecryptographicmodule

3.22

cryptographichashfunction

computationallyefficientfunctionmappingbinarystringsofarbitrarylengthtobinarystringsoffixedlength,suchthatitiscomputationallyinfeasibletofindtwodistinctvaluesthathashintoacommonvalue

3.23

cryptographickeykey

sequenceofsymbolsthatcontrolstheoperationofacryptographictransformation

EXAMPLEAcryptographictransformationcanincludebutnotlimitedtoencipherment,decipherment,cryptographiccheckfunctioncomputation,signaturegeneration,orsignatureverification.

3.24

cryptographickeycomponent

keycomponent

parameterusedinconjunctionwithotherkeycomponentsinanapprovedsecurityfunctiontoformaplaintextCSPorperformacryptographicfunction

3.25

cryptographicmodule

module

setofhardware,software,and/orfirmwarethatimplementssecurityfunctionsandarecontainedwithinthecryptographicboundary

3.26

cryptographicmodulesecuritypolicy

securitypolicy

precisespecificationofthesecurityrulesunderwhichacryptographicmoduleshalloperate,includingtherulesderivedfromtherequirementsofthisInternationalStandardandadditionalrulesimposedbythemoduleorvalidationauthority

NOTESeeAnnexB

3.27

datapath

physicalorlogicalrouteoverwhichdatapasses

NOTEAphysicaldatapathcanbesharedbymultiplelogicaldatapaths.

3.28

degradedoperation

operationwhereasubsetoftheentiresetofalgorithms,securityfunctions,servicesorprocessesareavailableand/orconfigurableasaresultofreconfigurationfromanerrorstate

3.29

differentialpoweranalysis

DPA

analysisofthevariationsoftheelectricalpowerconsumptionofacryptographicmodule,forthepurposeofextractinginformationcorrelatedtocryptographicoperation

3.30

digitalsignature

dataappendedto,oracryptographictransformationofadataunitthatallowstherecipientofthedataunittoprovetheoriginandintegrityofthedataunitandprotectagainstforgery(e.g.bytherecipient)

3.31

directentry

entryofaSSPorkeycomponentintoacryptographicmodule,usingadevicesuchasakeyboard

3.32

disjointsignature

oneormoresignatureswhichtogetherrepresentanentiresetofcode

3.33

electromagneticemanations

EME

intelligence-bearingsignal,which,ifinterceptedandanalyzed,potentiallydisclosestheinformationthatistransmitted,received,handled,orotherwiseprocessedbyanyinformation-processingequipment

BSISO/IEC19790:2012

ISO/IEC19790:2012(E)

?ISO/IEC2012-Allrightsreserved

BSISO/IEC19790:2012

ISO/IEC19790:2012(E)

?ISO/IEC2012-Allrightsreserved

3.34

electronicentry

entryofSSPsorkeycomponentsintoacryptographicmoduleusingelectronicmethods

NOTETheoperatorofthekeycanhavenoknowledgeofthevalueofthekeybeingentered.

3.35

encompassingsignature

singlesignatureforanentiresetofcode

3.36

encryptedkey

cryptographickeythathasbeenencryptedusinganapprovedsecurityfunctionwithakeyencryptionkey.Consideredprotected

3.37

entity

person,group,deviceorprocess

3.38

entropy

measureofthedisorder,randomnessorvariabilityinaclosedsystem

NOTETheentropyofarandomvariableXisamathematicalmeasureoftheamountofinformationprovidedbyanobservationofX.

3.39

environmentalfailureprotection

EFP

useoffeaturestoprotectagainstacompromiseofthesecurityofacryptographicmoduleduetoenvironmentalconditionsoutsideofthemodule'snormaloperatingrange

3.40

environmentalfailuretesting

EFT

useofspecificmethodstoprovidereasonableassurancethatthesecurityofacryptographicmodulewillnotbecompromisedbyenvironmentalconditionsoutsideofthemodule'snormaloperatingrange

3.41

errordetectioncode

EDC

valuecomputedfromdataandcomprisedofredundantbitsofinformationdesignedtodetect,butnotcorrect,unintentionalchangesinthedata

3.42

executableform

formofthecodeinwhichthesoftwareorfirmwareismanagedandcontrolledcompletelybytheoperationalenvironmentofthemoduleanddoesnotrequirecompilation(e.g.nosourcecode,objectcodeorjust-in-timecompiledcode)

3.43

faultinduction

techniquetoinduceoperatingbehaviourchangesinhardwarebytheapplicationoftransientvoltages,radiation,laserorclockskewingtechniques

BSISO/IEC19790:2012

ISO/IEC19790:2012(E)

?ISO/IEC2012-Allrightsreserved

#

BSISO/IEC19790:2012

ISO/IEC19790:2012(E)

#

?ISO/IEC2012-Allrightsreserved

3.44

finitestatemodel

FSM

mathematicalmodelofasequentialmachinethatiscomprisedofafinitesetofinputevents,afinitesetofoutputevents,afinitesetofstates,afunctionthatmapsstatesandinputtooutput,afunctionthatmapsstatesandinputstostates(astatetransitionfunction),andaspecificationthatdescribestheinitialstate

3.45

firmware

executablecodeofacryptographicmodulethatisstoredinhardwarewithinthecryptographicboundaryandcannotbedynamicallywrittenormodifiedduringexecutionwhileoperatinginanon-modifiableorlimitedoperationalenvironment

EXAMPLEStoragehardwarecanincludebutnotlimitedtoPROM,EEPROM,FLASH,solidstatememory,harddrives,etc

3.46

firmwaremodule

modulethatiscomposedsolelyoffirmware

3.47

functionalspecification

high-leveldescriptionoftheportsandinterfacesvisibletotheoperatorandhigh-leveldescriptionofthebehaviourofthecryptographicmodule

3.48

functionaltesting

testingofthecryptographicmodulefunctionalityasdefinedbythefunctionalspecification

3.49

hard/hardness

relativeresistanceofametalorothermaterialtodenting,scratching,orbending;physicallytoughened;rugged,anddurable

NOTETherelativeresistancesofthematerialtobepenetratedbyanotherobject.

.50

hardware

physicalequipment/componentswithinthecryptographicboundaryusedtoprocessprogramsanddata

3.51

hardwaremodule

modulecomposedprimarilyofhardware,whichmayalsocontainfirmware

3.52

hardwaremoduleinterface

HMI

totalsetofcommandsusedtorequesttheservicesofthehardwaremodule,includingparametersthatenterorleavethemodule'scryptographicboundaryaspartoftherequestedservice

3.53

hashvalue

outputofacryptographichashfunction

3.54

hybridmodule

modulewhosecryptographicboundarydelimitsthecompositeofasoftwareorfirmwarecomponentandadisjointhardwarecomponent

3.55

hybridfirmwaremoduleinterface

HFMI

tota