MOTOROLA MESSAGING SERVER SERVER AND MOTOROLA MYMAIL DESKTOP PLUS MODULE OVERVIEW. Security Policy REV 1.3, 10/2002



Similar documents
MOTOROLA ACCOMPLI 009 PERSONAL COMMUNICATOR MODULE OVERVIEW SCOPE OF DOCUMENT. Security Policy REV 1.2, 10/2002

Security Policy for Oracle Advanced Security Option Cryptographic Module

FIPS Security Policy. for Motorola, Inc. Motorola Wireless Fusion on Windows CE Cryptographic Module

Pulse Secure, LLC. January 9, 2015

Accellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0. Accellion, Inc.

Secure Network Communications FIPS Non Proprietary Security Policy

FIPS Security Policy LogRhythm Log Manager

SecureDoc Disk Encryption Cryptographic Engine

Symantec Corporation Symantec Enterprise Vault Cryptographic Module Software Version:

Nortel Networks, Inc. VPN Client Software (Software Version: 7_11.101) FIPS Non-Proprietary Security Policy

SkyRecon Cryptographic Module (SCM)

FIPS Security Policy LogRhythm or Windows System Monitor Agent

FIPS Security Policy 3Com Embedded Firewall PCI Cards

Windows Server 2008 R2 Boot Manager Security Policy For FIPS Validation

SECUDE AG. FinallySecure Enterprise Cryptographic Module. FIPS Security Policy

WebSphere DataPower Release FIPS and NIST SP a support.

Northrop Grumman M5 Network Security SCS Linux Kernel Cryptographic Services. FIPS Security Policy Version

Windows Server 2003 Enhanced Cryptographic Provider (RSAENH)

Windows Server 2003 Enhanced Cryptographic Provider (RSAENH)

VASCO Data Security International, Inc. DIGIPASS GO-7. FIPS Non-Proprietary Cryptographic Module Security Policy

FIPS Non-Proprietary Security Policy. IBM Internet Security Systems SiteProtector Cryptographic Module (Version 1.0)

Secure File Transfer Appliance Security Policy Document Version 1.9. Accellion, Inc.

Non-Proprietary Security Policy for the FIPS Level 1 Validated Fortress Secure Client Software Version 3.1

SECURE USB FLASH DRIVE. Non-Proprietary Security Policy

Using etoken for SSL Web Authentication. SSL V3.0 Overview

SNAPcell Security Policy Document Version 1.7. Snapshield

Security Policy. Trapeze Networks

FIPS SECURITY POLICY FOR

FIPS Level 1 Security Policy for Cisco Secure ACS FIPS Module

Kaseya US Sales, LLC Virtual System Administrator Cryptographic Module Software Version: 1.0

Complying with PCI Data Security

Security Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2

JUNOS-FIPS-L2 Cryptographic Module Security Policy Document Version 1.3

SPC5-CRYP-LIB. SPC5 Software Cryptography Library. Description. Features. SHA-512 Random engine based on DRBG-AES-128

FIPS Non- Proprietary Security Policy. McAfee SIEM Cryptographic Module, Version 1.0

Message Authentication Codes

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Computer System Management: Hosting Servers, Miscellaneous

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Security Policy: Key Management Facility Crypto Card (KMF CC)

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

VMware, Inc. VMware Java JCE (Java Cryptographic Extension) Module

13135 Lee Jackson Memorial Hwy., Suite 220 Fairfax, VA United States of America

ELECTRONIC COMMERCE OBJECTIVE QUESTIONS

2014 IBM Corporation

Security Policy. Trapeze Networks

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

SubmitedBy: Name Reg No Address. Mirza Kashif Abrar T079 kasmir07 (at) student.hh.se

HP ProtectTools Embedded Security Guide

Security Policy for FIPS Validation

Certicom Security for Government Suppliers developing client-side products to meet the US Government FIPS security requirement

FIPS Documentation: Security Policy 05/06/ :21 AM. Windows CE and Windows Mobile Operating System. Abstract

McAfee Firewall Enterprise 8.2.1

Security Policy, DLP Cinema, Series 2 Enigma Link Decryptor

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

BBM Protected Secure mobile

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

NitroGuard Intrusion Prevention System Version and Security Policy

FIPS Non-Proprietary Security Policy. FIPS Security Level: 2 Document Version: 0.9

BlackBerry Enterprise Server 5.0 SP3 and BlackBerry 7.1

Overview. SSL Cryptography Overview CHAPTER 1

Lukasz Pater CMMS Administrator and Developer

Introduction...3 Terms in this Document...3 Conditions for Secure Operation...3 Requirements...3 Key Generation Requirements...

Safeguarding Data Using Encryption. Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST

FIPS Non Proprietary Security Policy: IBM Internet Security Systems Proventia GX Series Security

CSE/EE 461 Lecture 23

Personal Secure Certificate

Network FAX Driver. Operation Guide

DRAFT Standard Statement Encryption

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

OpenSSL FIPS Security Policy Version 1.2.4

Cryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.

A COMPARISON OF THE SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES IN FIPS AND FIPS 140-2

1C - FIPS Cisco VPN Client Security Policy

FIPS SECURITY POLICY

Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi

Application Note: Onsight Device VPN Configuration V1.1

Savitribai Phule Pune University

Security Technical. Overview. BlackBerry Enterprise Server for Microsoft Exchange. Version: 5.0 Service Pack: 4

FIPS SECURITY POLICY

Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths

McAfee Firewall Enterprise 8.3.1

Chapter 7 Transport-Level Security

I. Configuring Digital signature certificate in Microsoft Outlook 2003:

BlackBerry Enterprise Solution Security Release Technical Overview

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

EAC Decision on Request for Interpretation (Operating System Configuration)

Secure Computing Corporation Secure Firewall (Sidewinder) 2150E (Hardware Version: 2150 with SecureOS v )

Guidelines for Developing Cryptographic Service Providers (CSPs) for Acrobat on Windows

Legal Notes. Regarding Trademarks. Models supported by the KX printer driver KYOCERA MITA Corporation

Certification Report

FIPS Non Proprietary Security Policy: IBM Internet Security Systems Proventia GX Series Security

Microsoft SQL Server Integration Guide

: Network Security. Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT

RSA BSAFE. Crypto-C Micro Edition for MFP SW Platform (psos) Security Policy. Version , October 22, 2012

BlackBerry Enterprise Solution

HEWLETT PACKARD TIPPINGPOINT. FIPS NON PROPRIETARY SECURITY POLICY HP TippingPoint Security Management System

An Introduction to Cryptography as Applied to the Smart Grid

Chapter 17. Transport-Level Security

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

Transcription:

Security Policy MOTOROLA MESSAGING SERVER SERVER AND MOTOROLA MYMAIL DESKTOP PLUS ENCRYPTION DLL CRYPTOGRAPHIC MODULE REV 1.3, 10/2002 CONTENTS Module Overview... 1 Scope of Document... 2 Terms and Definitions... 2 Security Level... 3 Roles and Services... 3 Security Rules... 4 Definition of Security Relevant Data Items (SRDI)... 5 MODULE OVERVIEW The cryptographic boundary for Motorola Messaging Server (MMS) and Motorola MyMail Desktop Plus (MDP) is defined as the Encryption DLL program module. The program module is running on a Personal Computer running a WIN32 platform. This module is a software component installed by the MMS or MDP installation program. MMS is a program application server intended for enterprise use. It allows applications on wireless devices to securely access enterprise data. A prime example of such an application is Motorola MyMail. The Motorola MyMail application on the wireless device communicates with the Motorola MyMail plug-in on the MMS forming an end-to-end link giving the subscriber full secure wireless access to his enterprise e-mail. For those users where an enterprise solution would not be appropriate, MDP may be run on the user s workstation. This provides similar capabilities such as the ability to run Motorola MyMail, giving the user full secure wireless access to his enterprise e-mail. Motorola Encryption DLL Cryptographic Module Security Policy 1

SCOPE OF DOCUMENT This document outlines the security policy for the Encryption DLL used in the Motorola Messaging Server (MMS) and Motorola MyMail Desktop Plus (MDP). MMS and MDP are solutions designed to enable secure client-server applications. The security policy addresses all of the applicable requirements of FIPS 140-1, includes an overview of the cryptographic module, and lists roles and services of the module and how they are related, the different types of security relevant data items (keys, key components), capabilities and protections. TERMS AND DEFINITIONS Term ANSI X9.31 DAC DES DESMAC DLL MDP MMS PRNG RC4 SHA-1 SRDI Subscriber TDES Definition Standard of Digital Signature Using Reversible Public Key Cryptography for the Financial Services Industry Data authentication code Data encryption standard A type of integrity-checking (checksum) based on DES Dynamic link libraries Motorola MyMail Desktop Plus Motorola Messaging Server Pseudo-random number generator A stream cipher not approved under FIPS Secure hash algorithm Security relevant data items User, application Triple-DES, a block cipher approved under FIPS Motorola Encryption DLL Cryptographic Module Security Policy 2

SECURITY LEVEL The cryptographic module meets the overall requirements applicable to Level 1 security of FIPS 140-1. The module embodiment is a multi-chip standalone module. Security Requirements Section Level Cryptographic Module 1 Module Interfaces 1 Roles and Services 1 Finite State Machine 1 Physical Security 1 Software Security 3 Operating System Security 1 Key Management 3 Cryptographic Algorithms 1 EMI/EMC 3 Self Test 1 ROLES AND SERVICES The cryptographic module supports the following roles: Application Role (User Role): Other MMS/MDP program modules assume the application role when making calls into the Encryption DLL. Crypto-Officer: This consists of the MMS or MDP install programs that are used to install and if necessary, uninstall the MMS application. The Encryption DLL provides the following indirect services to the User Role: FMSInit: An initialization function that processes all power-up self-tests and initializes the log file. FMSTerm: A function that stops the logging before unloading the DLL. DecryptPreProc: A function that looks at each incoming message, determines if it is encrypted, and decrypts it using the TDES algorithm. DecryptAction: A function that performs a custom action to process errors that are identified from the key exchange protocol message within the DecryptPreProc service. If an error has occurred, this function will handle the event. EncryptPostProc: A function that encrypts a block of data using the TDES algorithm. The Encryption DLL provides the following direct services to the User Role: Motorola Encryption DLL Cryptographic Module Security Policy 3

FMSInitEncryption: An initialization function that processes all power-up self-tests and initializes the log file. FMSTermEncryption: A function that stops the logging before unloading the DLL. EncryptFSEncode: A function that provides access to the TDES encryption algorithm. EncryptFSDecode: A function that provides access to the TDES encryption algorithm. EncryptFSGetAppString: A function that parses the data to determine if the message is an encrypted data packet, and if so, retrieves the clear text application string available in the data header. EncryptFSParseKeyMessage: A function that takes an encrypted key from the key exchange protocol message, decrypts it, potentially verifies the sender using a password parameter, and encrypts the data before storing it in the database. EncryptFSBuildKeyMessage: A function that performs a look up within the database for the given subscriber. If a subscriber key is not found a new one will be generated before building a key exchange protocol message. If a key is found, it will use the existing key before building a key exchange protocol message. EncryptFree: A function that releases memory allocated and returned by another service. SelfTest: A function that performs all self-tests on demand and provides a status to the user. SECURITY RULES 1. The module does not support a maintenance role. 2. The module supports a Bypass state. 3. The module provides status upon completion of a function call (service) with the exception of the FMSTerm and FMSTermEncryption. 4. The chips are of production-grade quality, which include standard passivation techniques. 5. The module is implemented for use on a production-grade multi-chip general purpose personal computer as defined by FIPS. 6. The module supports the following FIPS approved cryptographic algorithms: TDES DESMAC SHA-1 PRNG per ANSI X9.31 Note: The module also supports the RC4 algorithm; this algorithm is not used in FIPS mode. 7. The module is entirely written using a high level language, C and C++. 8. The operating system supported by the module is the Microsoft Windows 2000 SP1 (MMS/ MDP), WindowsNT 4.0 SP4-6a (MMS), WindowsNT 4.0 SP3-6a (MDP), Windows98 (MDP), Windows98 SE (MDP) and WindowsME (MDP). 9. The cryptographic software/firmware is installed only as executable code. 10. The cryptographic module is limited to a single user at a time, which is enforced by the Operating System when configured for single user mode. 11. Use of the cryptographic module is dedicated to the cryptographic process during the time the cryptographic process is in use. 12. The module does not distribute cryptographic keys in plaintext form. 13. The module provides a mechanism to ensure that keys are associated with the correct entity. 14. The module performs a continuous random number generator test. Motorola Encryption DLL Cryptographic Module Security Policy 4

DEFINITION OF SECURITY RELEVANT DATA ITEMS (SRDI) The following are the cryptographic keys that are contained in the module: Server Key: This is a TDES key used to encrypt cryptographic keys. Root Key: This is a TDES key used to encrypt the Subscriber key before transport. Storage Key: This is a TDES key used to encrypt the Subscriber key before storage. PRNG Key: This is the key used during the PRNG process per ANSI X9.31. Subscriber Key: This is a TDES key used to encrypt data. DAC Key: This is a DESMAC key used to authenticate the Software/Firmware power-up selftest. The following lists other SRDIs that are contained in the module: Server Password: This is used to authenticate a key exchange protocol message from the device. Key Password: This is used to access keys contained in the module. Application ID: This is used to associate a specific key to a specific application on the device. Key Index: This is used to allow an application to support multiple keys. Motorola Encryption DLL Cryptographic Module Security Policy 5

MOTOROLA, the Stylized M Logo, and all other trademarks indicated as such herein are trademarks of Motorola, Inc. Reg. U.S. Pat. & Tm. Off.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information