DS1955B Java™-powered
Cryptographic iButton®
FIPS 140-1 Non-Proprietary
Cryptographic Module Security Policy
Level 3 Validation
August 2000
© Copyright 2000 Dallas Semiconductor Corporation.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
1-Wire and Cryptographic iButton are trademarks of Dallas Semiconductor Corporation.
For important information regarding patents and other intellectual property rights,
please refer to Dallas Semiconductor data books.
Table of Contents
1
Introduction ............................................................................................................ 3
1.1
1.2
1.3
1.4
2
Purpose .............................................................................................................. 3
For more information.......................................................................................... 3
Terminology....................................................................................................... 3
Document Organization...................................................................................... 4
The DS1955B Java™-powered Cryptographic iButton® ..................................... 5
2.1 The iButton Cryptographic Module .................................................................... 5
2.1.1 Module Interfaces ........................................................................................ 6
2.1.2 Module Components .................................................................................... 6
2.2 Physical Security................................................................................................. 6
2.2.1 The Strength of Steel .................................................................................... 7
2.2.2 Goes Down in a Blaze of Zeroization ........................................................... 7
2.2.3 Neither snow nor rain nor heat… ................................................................. 7
2.2.4 Fortresses large and microscopic… ............................................................. 8
2.3 DS1955B Firmware Capabilities ......................................................................... 8
2.4 Roles & Services ................................................................................................ 8
2.4.1 Authentication.............................................................................................. 9
2.4.2 Crypto Officer Services................................................................................ 9
2.4.3 User Services ............................................................................................. 10
2.4.4 Status Functions......................................................................................... 10
2.5 Key Management.............................................................................................. 11
3
Java iButton FIPS Mode ...................................................................................... 12
3.1
3.2
3.3
3.4
FIPS Restrictions.............................................................................................. 12
FIPS Configuration........................................................................................... 12
Operation in FIPS mode ................................................................................... 13
Factory Configuration Reference ...................................................................... 14
2
1
Introduction
1.1 Purpose
This is a non-proprietary Cryptographic Module Security Policy for the Dallas
Semiconductor DS1955B Java™-powered Cryptographic iButton® (Java iButton). This
security policy was prepared as part of FIPS 140-1 certification of the Java iButton. FIPS
140-1 (Federal Information Processing Standards Publication 140-1 --
Security
Requirements for Cryptographic Modules)
gives U.S. Government requirements for
cryptographic modules, and defines the Security Policy as:
“A precise specification of the security rules under which the cryptographic module must operate,
including rules derived from the security requirements of this standard, and the additional security
rules imposed by the manufacturer.”
The Java iButton provides extraordinary security, meeting all
FIPS 140-1 level 3
requirements,
and some level 4 requirements. This security policy describes how the Java
iButton meets these requirements, and how it can be operated in a secure fashion.
1.2 For more information
This document describes the operations and capabilities of the DS1955B Java-powered
Cryptographic iButton in the technical terms of a FIPS 140-1 cryptographic module
security policy.
For more detailed information about the Java iButton, please visit the iButton web
site at
http://www.ibutton.com.
The web site contains non-technical descriptions
of Dallas iButton products, technical specifications, product offerings, iButton
functionality, iButton developer information, and much more.
Fore more information about the FIPS 140-1 standard and validation program
please visit the NIST web site at
http://csrc.nist.gov/cryptval/.
For answers to technical or sales related questions please refer to the contacts
listed on the iButton web site at
http://www.ibutton.com,
or the Dallas
Semiconductor web site at
http://www.dalsemi.com.
1.3 Terminology
In this document the Dallas Semiconductor DS1955B Java-powered Cryptographic
iButton is referred to as the DS1955B, Java iButton (JiB), cryptographic module, Java-
powered Crypto iButton, or module. The JiB is also referred to as simply “iButton”,
although this term also applies collectively to many other iButtons such as the DS1990,
DS1994, or DS1920.
3
1.4 Document Organization
The Security Policy document is part of the complete FIPS 140-1 Submission Package. In
addition to this document, the complete Submission Package contains:
♦
♦
♦
♦
Vendor Evidence document
Finite State Machine
Module Software Listing
A list of referenced Supporting Documents
This document provides an overview of the Java iButton and explains the secure
configuration and operation of the module. This introduction section is followed by
Section 2, which details the general features and functionality of the Java iButton. Section
3 specifically addresses the required configuration for the FIPS-mode of operation.
This Security Policy and other Validation Submission Documentation was produced by
Corsec Security, Inc. under contract to Dallas Semiconductor. With the exception of this
Non-Proprietary Security Policy, the FIPS 140-1 Certification Submission Documentation
is Dallas-proprietary and is releasable only under appropriate non-disclosure agreements.
For access to these documents, please contact Dallas Semiconductor.
4
2
The DS1955B Java™-powered Cryptographic iButton®
The Java-powered Cryptographic iButton provides hardware cryptographic services such
as a high-speed math accelerator for 1024-bit public key cryptography, and secure
message digest (hashing). In FIPS 140-1 terminology, the Crypto iButton is a “multi-chip
standalone cryptographic module”; however, the Java iButton actually provides all its
services using a single silicon chip packaged in a 16mm stainless steel case. Thus, the
iButton can be worn by a person or attached to an object for up-to-date information at the
point of use. The steel button is rugged enough to withstand harsh outdoor environments,
and is durable enough for a person to wear everyday on a digital accessory like a ring, key
fob, wallet, or badge.
Figure 1 – The DS1955B Java-powered Cryptographic iButton is laser–engraved in steel and silicon
2.1 The iButton Cryptographic Module
The cryptographic boundary for the iButton is the surrounding steel shell. This
surrounding shell is factory-lasered with the module's unique 64-bit registration number as
shown in Figure 2. The figure shows a button with registration number "
1A1D2516
"
16
,
which is engraved on the encased silicon chip.
Figure 2 – Java-powered Crypto iButton Case and Module Boundary
5