Encryption Simplification and the October 3 rd rule. Michael Pender Senior Engineer Information Technology Controls Division

Similar documents
Encryption Export Controls: A Comparative Analysis between the EU and the US

3. Designed for installation by the user without further substantial support by the supplier; and

Department of Commerce

Rules and Regulations

Top 10 Questions to Ask Before Exporting Software Containing Encryption

Raytheon Oakley Systems

United States Export Controls on Internet Software Transactions. John F. McKenzie Partner, Baker & McKenzie LLP

Table of Contents INTRODUCTION INTRODUCTION IMPORTANT EAR TERMS AND PRINCIPLES ITEMS SUBJECT TO THE EAR..

Cuban Regulations and Recent Easing of Activities in Cuba

Table of Contents SCOPE RECORDS TO BE RETAINED

COMPUTER & INTERNET. Westlaw Journal. Expert Analysis Software Development and U.S. Export Controls

BID SPECIFICATION PACKAGE

ITL BULLETIN FOR AUGUST 2012

How To Design A School Communication System

Lesson 6: 6 EXAMPLES OF EMBEDDED SYSTEMS. Chapter-1L06: "Embedded Systems - ", Raj Kamal, Publs.: McGraw-Hill Education

Common Core Network Readiness Guidelines Is your network ready? Detailed questions, processes, and actions to consider.

DEFINING THE INTERNET OF THINGS AND IDENTIFYING KEY VERTICAL MARKET OPPORTUNITIES

Chapter 9A. Network Definition. The Uses of a Network. Network Basics

User Guide. BlackBerry Storm 9530 Smartphone. Version: 4.7

Overview of Network Hardware and Software. CS158a Chris Pollett Jan 29, 2007.

Introduction To Commerce Department. Export Controls U.S. DEPARTMENT OF COMMERCE BUREAU OF INDUSTRY AND SECURITY OFFICE OF EXPORTER SERVICES

PCI Security Standards Council

Overview of broadband powerline communications

Mobile Commerce and Ubiquitous Computing. Chapter 6

HEAT DSM Release Overview. Andreas Fuchs Product Management November 16th, 2015

CLASS 705 DATA PROCESSING: FINANCIAL, BUSINESS PRACTICE, MANAGE MENT, OR COST/PRICE DETERMINATION. 3..Patient record management

AES1. Ultra-Compact Advanced Encryption Standard Core. General Description. Base Core Features. Symbol. Applications

Cisco SPA525G2 5-Line IP Phone

Value networking via FMC (Broadband Extension by Wireless LAN)

Home networking Home automation. EASY & VALUE = MASS The business case is there Mark B.M. Ossel

ORDER National Policy. Effective Date 09/21/09. Voice Over Internet Protocol (VoIP) Security Policy SUBJ:

Certicom Security for Government Suppliers developing client-side products to meet the US Government FIPS security requirement

RSA. Frequently Asked Questions. RSA Data Security, Inc. About Cryptography Export Laws. Answers to THE KEYS TO PRIVACY AND AUTHENTICATION

WHITE PAPER COMBATANT COMMAND (COCOM) NEXT-GENERATION SECURITY ARCHITECTURE USING NSA SUITE B

Communication Networks. MAP-TELE 2011/12 José Ruela

Using & Offering Wholesale Ethernet Network and Operational Considerations

Export Controls on Intrusion Software. Collin Anderson Tom Cross

The Impact of IoT on Semiconductor Companies

FREQUENTLY ASKED QUESTIONS: HOMEPLUG

Table of Contents THE ELECTRONIC EXPORT INFORMATION (EEI) FILING TO THE AUTOMATED EXPORT SYSTEM (AES)

M2M ATDI services. M2M project development, Business model, Connectivity.

INTRODUCTION Indiana Public Library Technology Plan Template

Network Evolution, Cloud & Future Services. Opportunities & Challenges for Next-Decade Services

Chapter 1: Introduction. What is an Operating System?

A guide to VoIP for small to medium sized business

Level 3 Communications

COMPUTERS ARE YOUR FUTURE CHAPTER 8 WIRED & WIRELESS COMMUNICATION

How To Get A License To Sell A Computer In Iran

Pervasive Computing und. Informationssicherheit

CONNECT PROTECT SECURE. Communication, Networking and Security Solutions for Defense

DC-8706K Auto Dial Alarm System

Alexander Nikov. 6. Telecommunications and networks, the Internet. Hyundai Heavy Industries Creates A Wireless Shipyard. a Wireless Shipyard

Table of Contents INTRODUCTION (CCL) STRUCTURE

Information Systems Infrastructure. Learning Objectives. Components of Campus Telecommunications Infrastructure

Secure Navigation and Authentication. Sherman Lo November 2008

Definitions for KRS , , , and As used in KRS , , , and : (1) "Ancillary services"

Nokia Bluetooth Headset BH-604 User Guide

SOUL S DIGITAL VOICE 30

Guidelines for Preparing Export License Applications Involving Foreign Nationals

MPLS: Key Factors to Consider When Selecting Your MPLS Provider Whitepaper

The Ubiquitous Web, UPnP and Smart Homes

Cambium Networks Wireless Broadband Solutions for Service Providers

Systems Engineering. Aim. Dr Peter Jones. Degree Course Leader

THE ENTERPRISE MOBILITY POLICY GUIDEBOOK

Ethernet. Ethernet Frame Structure. Ethernet Frame Structure (more) Ethernet: uses CSMA/CD

That Point of Sale is a PoS

the about MPLS security

Upper Perkiomen School District

Lab Testing Summary Report

Preparing Your IP network for High Definition Video Conferencing

ADSL or Asymmetric Digital Subscriber Line. Backbone. Bandwidth. Bit. Bits Per Second or bps

Access alternatives to mobile services and content: analysis of handset-based smartphone usage data

Applying the NFC Secure Element in Mobile Identity Apps. RANDY VANDERHOOF Executive Director Smart Card Alliance

U.S. Department of Commerce Bureau of Industry and Security. How to Classify Your Item

Voice over Internet Protocol (VoIP) in the Hospitality and Gaming Sectors

Greater Orlando Aviation Authority Buildings. Orlando International Airport Orlando, Florida, USA

Mobility and cellular networks

TrustWay: the high security solution

Securing Wireless Access for Vehicular Environments (WAVE)

Telecom Applications:

AGENDA ITEM 11B: AUDIOVISUAL POLICY PUBLIC SERVICE BROADCASTING

An Introduction to Cryptography as Applied to the Smart Grid

Monitoring and Diagnosing Oracle RAC Performance with Oracle Enterprise Manager. Kai Yu, Orlando Gallegos Dell Oracle Solutions Engineering

Cisco Outdoor Wireless Network Serves Up Automatic Meter Reading

Wireless Local Area Network Deployment and Security Practices

Transcription:

Encryption Simplification and the October 3 rd rule Michael Pender Senior Engineer Information Technology Controls Division

Agenda Introduction Overview of the Encryption Simplification Process and the October 3 rd Rule Summary of changes New structure for License Exception ENC: - No review required, no reporting - No review required, with reporting - Review Required, no waiting - Review Required, with waiting period Questions and Answers

Introduction

Overview of Encryption Simplification and the October 3 rd Rule

Summary of Changes License Exception (LE) ENC restructured based on the type of review and the waiting period Removed Section 744.9 and revised ECCN 5E002 to clarify current control list restrictions pertaining to technical assistance by U.S. persons Removed notification requirements for items classified as 5A992, 5D992 and 5E992 Removed LE KMI as obsolete

Summary of Changes (cont d) Bulgaria, Canada, Iceland, Romania and Turkey were added to the list of countries that receive favorable treatment under LE ENC (Supplement 3 to Part 740) Excludes certain items from review and/or reporting requirements including personal area network commodities and ancillary cryptography items Revised Guidelines for Submitting Review Requests for Encryption Items

Summary of Changes (cont d) Makes it clear that commodities and software pending mass market review are authorized by LE ENC under ECCNS 5A002 and 5D002. After the mass market review is complete, such commodities and software may be exported under ECCNs 5A992 and 5D992 using No License Required (NLR) Increases certain parameters under License Exception ENC Restricted.

No Review Required, No Reporting Exports to Private sector end users in countries in Supplement 3 to Part 740 ( 740.17(a)(1)) (for internal development or production of new products, only) To U.S. subsidiaries ( ( 740.17(a)(2)) and employees of U.S companies (internal use)

No Review Required, No Reporting: Short Range Wireless Items Short-range range wireless items not controlled under Cat. 5 ( ( 740.17(b)(4)(i) and 742.15(b)(3)(ii)) Nominal range 100 meters Examples: some* 802.11 and 802.15.1 May self classify under 5x002 or 5x992 as appropriate.

No Review Required, No Reporting: Wireless PAN Personal Area Network items arbitrary number of interconnected 'data devices' communicating directly with each other; and confined to immediate vicinity of an individual person or device controller (e.g.( e.g.,, single room, office, or automobile). 30 meters 802.15.1: class 2 and 3, but not class 1 May Self Classify as 5x002 or 5x992, as appropriate

No Review Required, No Reporting Wireless PAN Examples Hands-free headsets Wireless networking between personal computers Wireless mice, keyboards, printers GPS receivers with Bluetooth interfaces* Bar code scanners Wireless controllers for game consoles Software for transfer of files using OBEX

No Review Required, No Reporting Ancillary Cryptography Ancillary Cryptography 740.17(b)(4)(iv): not primarily useful for computing (including the operation of "digital computers"), communications, networking (includes operation, administration, management and provisioning) or "information security". May Self Classify as 5x002 or 5x992, as appropriate

No Review Required, No Reporting Ancillary Cryptography Examples Piracy and theft prevention for software, music, etc. Games and gaming Household utilities and appliances Printing, reproduction, imaging and video recording or playback Business process modeling and automation (e.g., supply chain management, inventory, scheduling and delivery) Industrial, manufacturing or mechanical systems (e.g., robotics, heavy equipment, facilities systems such as fire alarm, HVAC) Automotive, aviation, and other transportation systems

Mass Marketed Products No Review Required Short-range range wireless encryption functions (742.15 (b)(3)(i)) Wireless personal area network items (742.15 (b)(3)(ii)) Ancillary cryptography (742.15 (b)(3)(iii))

Paragraph 740.17 End User authorized (Outside E-1) E (a)(1) Private in Supp 3 (a)(2) U.S. Subs (b)(1)(i) In Supp 3 (b)(1)(ii) Outside Supp 3 (b)(2) (b)(3) (b)(4) 740.17 License Exception ENC- Encryption No Gov t outside Supp 3 All except E-1E All except E-1E Item Description or Purpose of Export Dev/Production only Any internal purpose End Use or Transfer 80/1024/160 and Source code Any purpose Any purpose Short-range range Wireless Wireless PAN; Ancillary Crypto Review Required? No Review* No Review* Review no waiting Review no waiting Review with 30 day wait Review with 30 day wait No Review (e) Reporting required for (b)(1), (b)(2), and (b)(3), (b)(4)(ii) (4)(ii) *All products developed are subject to the EAR and require review

No Review Required, No Reporting: Section 740.17(a) Applies to 5A002, 5B002, 5D002, and 5E002 740.17(a)(1) Internal development or production of new products No review, notification or reporting Only to private sector companies HQed in Supp. 3 country End use limited to internal use for the development or production of new products. 740.17(a)(2) U.S. Subsidiaries No review, notification or reporting Only to U.S. Subsidiaries as defined in 772. HQed in U.S. Internal use Employees of U.S. companies or U.S. subsidiaries

Review Required, no Waiting Period: Section 740.17(b)(1) Applies to 5A002, 5B002, and 5D002 740.17(b)(1)(i) Review required without waiting period to Supp 3 Countries Review Required prior to export Can export immediately after complete submission Only to Supplement 3 private companies and governments End use is not limited pending mass market reviews may be exported under this sec. Also includes 5E002 740.17(b)(1)(ii) Review required without waiting period to Non-Supp 3 Countries 80 bits Symmetric 1024 bits Asymmetric 160 bits Elliptic Curve Source Code to non-government end users

Review Required, with Waiting Period: 740.17(b)(2) ENC Restricted Applies to 5A002, 5B002, and 5D002 Products authorized under (b)(2) include: network infrastructure products source code that is not publicly available certain specialized commodities and software Require a license if going to government end-users not in a Supp 3 country. Question 11 of Supp. 6 means evaluate your products against B2 Criteria

740.17 (b)(2)(i)-(vi) (vi) Criteria (i) Network infrastructure items with any of the following: (A) Aggregate encrypted WAN, MAN, VPN or backhaul throughput exceeding 90 Mbps.; or or (B) Single-channel input data rate exceeding 154 Mbps; (C) 250 concurrent encrypted data channels, or encrypted signaling to more than 1,000 endpoints for VOIP or converged products; ; or (D) Air-interface interface coverage exceeding 1,000 meters, with: (1) Maximum data rates >10> Mbps (at >1,000 meters); or (2) Max # of concurrent full-duplex voice channels >30; or (3) Substantial support is required for installation or use.

740.17 (b)(2)(i)-(vi) (vi) Criteria cont. (ii) Encryption source code not authorized by EAR 740.13(e)(1) (iii) Encryption items: (A) that have been modified or customized for government end-user/ end-use (e.g., (SOC/NOC); or (B) modified or customized to customer specifications; or (C) user-accessible & easily changed by user. (iv) Cryptanalytic items ; ; or (v) Providing functions necessary for quantum cryptography; or (vi) Modified for computers controlled by ECCN 4A003

Review Required, with Waiting Period: 740.17(b)(3) ENC Unrestricted Everything else designed to use encryption (5A002, 5B002, 5D002) If not B2 then B3 If not Mass Market then B3. Export to both non-government AND government end-users without a license.

No Review Required, No Reporting: 740.17 (b)(4) Short-range range wireless encryption functions Foreign products developed with US- origin encryption source code, components or toolkits Wireless personal area network items Ancillary cryptography

Modifications to a Reviewed Product New review needed: Changes Cryptographic functionality affecting License Exception ENC eligibility New review NOT needed: Modifications do not change cryptographic functionality Name changes, version changes, updates to 3 rd party encryption library See Note to paragraph (b) at end of 740.17(b)

Guidance on the Web Step by step guidance to exporters for preparing review requests and notifications: http://www.bis.doc.gov www.bis.doc.gov/encryption EAR on the web: www.access.gpo.gov/bis/ear_data.html Specific questions: Information Technology Controls Division ENCRYPTION HOTLINE: (202) 482-0707

Information Technology Randy Pratt Director Ph: 202-482 482-5303 E-mail: cpratt@bis.doc.gov Contacts Michael Pender Senior Engineer Ph: 202-482 482-24582458 E-mail: mpender@bis.doc.gov Joe Young Senior Engineer Ph: 202-482 482-41974197 E-mail: jyoung@bis.doc.gov Judith Currie Senior Export Policy Analyst Ph: 202-482 482-5085 E-mail: jcurrie@bis.doc.gov Sylvia Jimmison Export Policy Analyst Ph: 202-482 482-23422342 E-mail: sjimmiso@bis.doc.gov Aaron Amundson Export Policy Analyst Ph: 202-482 482-5299 E-mail: aamundso@bis.doc.gov Anita Zinzuvadia BIS-Western Regional Office Electrical Engineer Ph: 949-660 660-0144x1310144x131 E-mail: azinzuva@bis.doc.gov

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information