The IBM Cryptographic Security Chip for PC Clients Manufactured by Atmel (AT90SP0801) resides on a daughter card on the system motherboard of an IBM Personal Computer (PC) or is surface mounted in an IBM ThinkPad. The IBM Cryptographic Security Chip performs RSA digital signature, RSA data decryption, and authentication. It is packaged in a 20 pin SOIC package or a 28 pin TSSOP package and includes EEPROM memory that can be loaded with RSA public/private key pairs. Communication with the main processor is via an SM bus. There are eleven simple commands accepted by the chip. The IBM Cryptographic Security Chip is used in a number of standard, off-the-shelf IBM PC Client configurations. The chip and its firmware and configuration are independent of the characteristics of the host PC.
\r\nThe IBM Cryptographic Security Chip performs RSA signature and decryption. There are two types of key pairs: the hardware key pair and user key pairs. The hardware key pair and its associated password are stored on the chip during initialization. The hardware password is used to control access to signing and decryption operations using the hardware key pair. The hardware password is also used to control access to the administrative functions that configure the chip. User key pairs can be loaded by a user application at any time during normal system operation. Up to two user key pairs can be loaded on the chip at one time. The user keys may or may not be password protected, at the discretion of the user. The user keys are used for RSA signature and decryption.
\r\nThere are three types of passwords: the hardware password, the failure reset password, and user passwords. The hardware password protects the hardware key pair and the configuration of the chip. The failure reset password protects the password failure counter. The user passwords are loaded with their associated user key pairs. They control access to cryptographic operations on the chip using user keys. The use of user passwords is discretionary.
\r\nThe hardware private key and the hardware password can never be read from the chip. The hardware public key can be read without authentication. The chip can be configured to either allow or not allow the hardware key pair to be changed.
","evaluation_configuration":null,"security_evaluation_summary":"The evaluation demonstrated that the IBM Cryptographic Security Chip meets the security requirements contained in its Security Target. The evaluation assurance level (EAL) for the product is EAL3 Augmented. The product, configured as specified in the Installation, Generation, and Start-up Procedures, satisfies all of the security functional requirements stated in the Security Target. Version 2.1 of the Common Criteria for Information Technology Security Evaluation, was used as the source of requirements for the Security Target.
\r\nThe Common Methodology for Information Technology Security Evaluation, Version 1.0, was used by the evaluation team to conduct the evaluation. The evaluation was conducted by CygnaCom Solutions in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process. Two validators on behalf of the CCEVS Validation Body provided oversight to the evaluation. The evaluation was completed in August 2001. The evaluation results are contained in the IBM Cryptographic Security Chip for PC Clients, Manufactured by Atmel (AT90SP0801) Common Criteria Evaluation Technical Report prepared by CygnaCom Solutions.
","environmental_strengths":"The chip provides two authentication failure mechanisms to protect against password guessing attacks. The cumulative authentication failure mechanism keeps track of failed attempts on all passwords. An immediate lockout occurs when the number of cumulative password failures is a multiple of 32. The first lockout period is for 1.2 minutes. The lockout period is increased for successive multiples of 32 up to a maximum of 27 days. In addition, the chip detects when ten unsuccessful authentication attempts occur for the hardware and failure reset passwords. The password failure counter is immediately incremented to 224 resulting in a lockout period of over an hour. The password failure counter is reset when either the hardware password or the failure reset password is correctly entered.
\r\nThe chip is designed to interoperate with related security services on the IBM PC such as user identification and authentication, RSA key generation, secure hash, and software random number generation that are available through APIs and other software running on the PC. These services and APIs are not part of the evaluated product.
","features":[]}