Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules
1995-1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
All

*** NOTE: Module descriptions were provided by the vendors, and their contents have not been verified for accuracy by NIST or CSE. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (non-FIPS-approved algorithms) have not been validated or tested through the CMVP. ***

Questions regarding modules on this list should first be directed to the appropriate vendor.

Cert#	Vendor	Cryptographic Module	Module Type	Val. Date	Level / Description
372	Giesecke & Devrient 45925 Horseshoe Drive Dulles, VA 20166 USA -Michael Poitner TEL: 650-312-1241 FAX: 650-312-8129 -Jatin Deshpande TEL: 650-312-8047 FAX: 650-312-8129	STARCOS SPK 2.4 CHIP (Hardware P8WE 5032 M5.1, Software CP5WxSPKI24-01-3-S_V0330) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/29/2003; 03/19/2008	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 2 -FIPS-approved algorithms: Triple-DES (Cert. #154); SHA-1 (Cert. #137); Triple-DES MAC (Cert. #154, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #200); DES MAC (Cert. #200, vendor affirmed) Single-chip "Giesecke & Devrient (G&D) Smart Card Chip Operating System Standard Version with Public Key Extension 2.4 (STARCOS SPK 2.4) is a scaleable multi-application operating system for smart cards and provides functionality that is necessary for public key infrastructure."
371	Giesecke & Devrient 45925 Horseshoe Drive Dulles, VA 20166 USA -Michael Poitner TEL: 650-312-1241 FAX: 650-312-8129 -Jatin Deshpande TEL: 650-312-8047 FAX: 650-312-8129	STARCOS SPK 2.4 in ID-1 Module (Hardware P8WE 5032 M5.1, Software CP5WxSPKI24-01-3-S_V0330) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/29/2003; 03/19/2008	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #154); SHA-1 (Cert. #137); Triple-DES MAC (Cert. #154, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #200); DES MAC (Cert. #200, vendor affirmed) Single-chip "Giesecke & Devrient (G&D) Smart Card Chip Operating System Standard Version with Public Key Extension 2.4 (STARCOS SPK 2.4) is a scaleable multi-application operating system for smart cards and provides functionality that is necessary for public key infrastructure."
370	SSH Communications Security Corp. Valimotie 17 Helsinki, 00380 Finland -Nicolas Gabriel-Robez TEL: +358 20 500 7455 FAX: +358 20 500 7001	SSH Cryptographic Library (Software Version 1.2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	12/24/2003; 09/03/2004; 09/21/2004: 03/03/2006; 03/06/2007	Overall Level: 1  -EMI/EMC: Level 3 -Self-Tests: Level 4 -Operational Environment: Tested as meeting Level 1 with Windows XP, Solaris 8, AIX 4.3.3, HP-UX 11i (single user mode) -FIPS-approved algorithms: AES (Cert. #52); Triple-DES (Cert. #162); DSA (Cert. #82); RSA (PKCS#1, vendor affirmed); SHA-1 (Cert. #145); HMAC-SHA-1 (Cert. #145, vendor affirmed) -Other algorithms: DES (Cert. #207); MD5; SHA-256; HMAC-MD5; HMAC-SHA-1 96; CAST-128; Blowfish; Twofish; Arcfour; Diffie-Hellman (key agreement) Multi-chip standalone "The SSH Cryptographic Library is a standards-based shared library providing FIPS 140-2 certified cryptographic services for SSH Communications Security's security products. The library provides a rich API and a comprehensive set of state-of-the-art algorithms including AES, 3DES, SHA-1, HMAC, RSA and DSA."
369	SPYRUS, Inc. 2355 Oakland Road Suite 1 San Jose, CA 95131 USA -Tom Dickens TEL: 408-953-0700 FAX: 408-953-9835	Rosetta CSI sToken (Software Versions 4.2.2.0 and 4.2.2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	12/24/2003; 10/14/2004	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -EMI/EMC: Level 3 -Design Assurace: Level 3 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000 -FIPS-approved algorithms: Skipjack (Cert. #12); DSA (Cert. #87); SHA-1 (Cert. #162) -Other algorithms: DES (Cert #78); DES MAC (Cert #78, vendor affirmed); RC2; RSA (non-compliant); MD5; HMAC-SHA-1 (Cert #162, vendor-affirmed); KEA (key agreement); Triple-DES (Cert #179, non-compliant) Multi-chip standalone "The Rosetta CSI sToken is a software cryptographic token providing digital signature and encryption services in a PC environment. The Rosetta sToken provides for ease of use, deployment and the assurance provided through independent third party security validation."
368	Entrust, Inc. One Hanover Park 16633 Dallas Parkway Suite 800 Addison, TX 75001 USA -Entrust Sales TEL: 888-690-2424	Entrust Authority™ Security Toolkit for C++ (Software Version 6.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	12/16/2003	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows XP, SP1a; Windows 2000, SP3; and Windows NT 4.0, SP 6a (single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #6); Triple-DES MAC (Cert. #6, vendor affirmed); AES (Cert #59); DSA/SHA-1 (Cert #10); HMAC-SHA-1 (Cert #10, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert #56); DES MAC (Cert #56, vendor affirmed); CAST; CAST3; CAST5; IDEA; RC2; RC4; HMAC-MD5; HMAC-RIPEMD-160; CAST MAC; CAST3 MAC; CAST5 MAC; IDEA MAC; RC2 MAC; RC4 MAC; AES MAC; MD2; MD5; RIPEMD-160; SHA-256; DDiffie-Hellman (key agreement); SPEKE; ECDSA (non-compliant) Multi-chip standalone "The Kernel is a C++ class library of cryptographic functions bound together by a common object-oriented Application Programming Interface (API). Depending on the configuration and the runtime environment of the Kernel, the algorithms may be implemented in software, hardware, or a combination of both. The industry standard Cryptoki API, as described in PCKS #11, is used as the internal interface to hardware-based cryptographic tokens. Decisions are made at runtime whether to perform operations via cryptoki or in software, based on a table that records the crypto capabilities of particlular hardware devices. This table is built up at runtime by querying the actual token through Cryptoki."
367	3e Technologies International, Inc. 700 King Farm Blvd. Suite 600 Rockville, MD 20850 USA -Ryon Coleman TEL: 301-944-1403	3e-010F Cryptographic Client Software and 3e-010F-C Cryptographic Client Software for Intel® PRO/Wireless 2200BG Network Connection and Intel® PRO/Wireless 2915ABG Network Connection (3e-010f: Software Versions 2.0, 2.01, and 2.04, and 3e-010F-C: Version 1.0 Build 14) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	12/16/2003; 01/20/2004; 01/29/2004; 05/25/2004; 05/27/2004 11/04/2004 11/18/2004	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows 2000, Windows XP, Windows NT 4.0 with Service Pack 6, Windows CE 3.0, and PocketPC 2003 (single user mode) -FIPS-approved algorithms: Triple-DES (Certs. #136 and #161); AES (Cert. #27); SHA-1 (Cert. #140); HMAC-SHA-1 (Cert. #140, vendlor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: Multi-chip standalone "The 3e-010f Crypto Client Software provides advanced wireless RF data security with AES/3DES encryption plus Dynamic Key generation plus session protection. The advanced security options include the standards as established by FIPS-140-2 -- the Federal Information Processing Standards mandated by the US Department of Defense for use in wireless environments."
366	M/A Com, Inc. 221 Jefferson Ridge Parkway Lynchburg, VA 24501 USA -Stefan Backstrom TEL: 434-455-6600 FAX: 434-455-6851	EDACS ProVoice Orion System/Scan Mobile Two-Way FM Radios 806 - 870 MHz (Hardware Version No's. D28LPXE and D28MPXE, Firmware Version No. LZY213773/91 Rev 43A) Revoked DES Transition Ended Security Policy Certificate	Hardware	12/16/2003; 01/23/2004	Overall Level: 1  -FIPS-approved algorithms: -Other algorithms: DES (Cert. #218) Multi-chip standalone "The EDACS ProVoice Orion Mobile with FIPS 140-2 security level 1 validation provides digital voice for conventional and trunked communication environments. The Orion also allows for system and scan front mounting."
365	Neopost Technologies 113, rue Jean-Marin Naudin Bagneux, 92220 France -Thierry Le Jaoudour TEL: +33 (0) 1 45 36 30 36	Neopostage PSD Module (Hardware P/N 04K9131, Software Version 1.0.0.0) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/16/2003; 10/03/2006	Overall Level: 3  -Physical Security: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #124); SHA-1 (Cert. #107); DSA (Certs. #68 and #84); RSA (ANSI X9.31, vendor affirmed) -Other algorithms: DES (Cert. #178); Multi-chip embedded "The Neopostage Postal Security Device (PSD) Module functions as a software-based PSD that utilizes hardware-based cryptographic modules for securely managing and dispensing money and indicia via encryption and digital signature techniques. The module is ideally suited to Internet and high-volume mailing based applications requiring high-speed cryptographic functions. The module is designed to meet the applicable United States Postal Service Information-Based Indicium Program (USPS IBIP) specifications for postage meters."
364	RSA Security, Inc. 177 Bovet Road Suite 200 San Mateo, CA 94402-3118 USA -Kathy Kriese TEL: 650-931-9781	RSA BSAFE Crypto-C ME Toolkit (Software 1.7.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	12/09/2003; 04/07/2004; 10/01/2004; 01/04/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000, RedHat Linux 7.1, Sun Solaris 8 (5.8), and Pocket PC 2002 (single user mode) -FIPS-approved algorithms: DSA (Cert. #72); Triple-DES (Cert. #135); AES (Cert. #26); SHA-1 (Cert. #121); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #121, vendor affirmed) -Other algorithms: DES (Cert. #186); SHA-2 (256, 384; 512); MD2; MD5; HMAC-MD5; RC2; RC4; RC5; Diffie-Hellman (key agreement); DSA (key sizes: 1032 to 4096 bits) Multi-chip standalone "The Crypto-C ME Module is RSA Security, Inc.'s cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors while offering great flexibility and choice by allowing developers to select only the algorithms needed in reduced code sizes. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the high-performing RC5, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
363	IBM® Corporation Saeumerstrasse 4 Rueschlikon, CH 8803 Switzerland -Michael Osborne TEL: +41 1 724 8458	JCOP21id 32K (Hardware version: P8WE5033AEV/034188i, Firmware version: Mask 20, Applet Version 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/26/2003	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert.# 150); AES (Cert. # 44); SHA-1 (Cert.# 135); RSA (PKCS#1, vendor affirmed); Triple-DES MAC (Cert.#150, vendor affirmed) -Other algorithms: DES (Cert.# 197); DES MAC (Cert. #197, vendor affirmed); AES MAC Single-chip "The JCOP21id is IBM's multi-application smart card, designed to the Java Card v2.1.1 and Global Platform v2.0.1 specifications. The smart card features IBM's PKCS#15 applet which provides standardized high-level security services including, 2048 bit key generation, DES, 3DES, SHA-1, RSA and AES. Additional features include biometric extensions as defined by the Java Card Forum and DAP/mandated DAP security for post issuance applets."
362	RSA Security, Inc. 174 Middlesex Turnpike Bedford, MA 01730 USA -Darren Dupre TEL: 781-515-5000 FAX: 781-515-5010	RSA Applets on the Schlumberger Cyberflex Access 64k Platform (Hardware P/N M512LACC1, Firmware Versions: HardMask 5 V1 & SoftMask 2 V1, Applet Versions: ID Applet 00 01.00 09, GC Applet 00 01.00 09, PKI Applet 00 01.00 09) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/20/2003	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #125); Triple-DES MAC (Cert. #125, vendor affirmed); SHA-1 (Cert. #108); RSA (PKCS #1, vendor affirmed) -Other algorithms: DES (Cert. #179); DES MAC (Cert. #179, vendor affirmed) Single-chip "The RSA Applets on the Schlumberger Cyberflex Access 64k Platform module provides authentication, key generation and use, and secure data storage on a mobile platform. The module conforms to JavaCard 2.1.1, OpenPlatform 2.0.1, and GSC/IS 2.0. The module allows end-users to securely store certificates, key pairs, and passwords for authentication, public-key and single sign-on applications."
361	Francotyp-Postalia Triftweg 21-26 D-16547 Birkenwerder Germany -Dirk Rosenau TEL: +49 3303 525 616 FAX: +49 3303 525 609	Revenector (Hardware P/N 58.0036.0001.00/05 and 58.0036.0006.00/02, Firmware Version 3.22) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/20/2003	Overall Level: 3  -FIPS-approved algorithms: RSA (PKCS #1, vendor affirmed); SHA-1 (Cert. # 158) -Other algorithms: N/A Multi-chip embedded "Revenector is an embedded security device that can enhance the security of various kinds of appliances and computerized devices. The hardware of Revenector is designed to protect critical security parameters as well as application specific revenues. Its firmware enables hosting systems to load or update signed application specific firmware."
360	Research in Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Government Certifications Team TEL: 519-888-7465 x2921 FAX: 519-886-4839	BlackBerry® Cryptographic Kernel (Firmware Versions: 3.6.1, 3.7, and 3.7.1) Validated to FIPS 140-2 Security Policy Certificate	Firmware	11/20/2003; 04/29/2004; 08/24/2005	Overall Level: 1  -Design Assurance: Level 3 -Self Tests: Level 4 -Tested: BlackBerry® 5810 with the BlackBerry® OS, Version 3.6.1, 3.7 and 3.7.1 -FIPS-approved algorithms: Triple-DES (Cert. #167); SHA-1 (Cert. #147); HMAC-SHA-1 (Cert. #147, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: N/A Multi-chip standalone "BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-toend solution. The BlackBerry® Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry®."
359	Mitsubishi Electric Corporation 5-1-1 Ofuna Kamakura, 247-8501 Japan -Tetsuo Nakakawaji TEL: +81 0467 41 2186	TurboMISTY (Firmware v2.1.3, Hardware v1.01) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/20/2003	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. # 131); SHA-1 (Cert. #116); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #182); MD5; MISTY1 Multi-chip embedded "PCI Encryption Accelerator Card"
358	Fortress Technologies, Inc. 4025 Tampa Rd. Suite 1111 Oldsmar, FL 34677 USA -Dennis Joyce TEL: 813-288-7389	AirFortress™ Client Cryptographic Module (Version 2.4.0) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Software	11/20/2003	Overall Level: 1  -Software Security: Level 3 -Roles and Services: Level 2 -Operational Environment: Tested as meeting Level 1 with Windows XP Pro SP1, Windows 2000 SP2, Windows NT 4.0 SP2, Windows 98 2nd edition, Windows CE 3.0, PalmOS 4.1, MS DOS 6.20 (single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #19); SHA-1 (Cert. #34); AES (Cert. #14); HMAC-SHA-1 (Cert. #34, vendor affirmed) -Other algorithms: DES (Cert. #23); Diffie-Hellman (key agreement) Multi-chip standalone "The AirFortress(tm) Secure Client is a software module designed to deliver security on wireless devices such as bar scanners, handhelds, and laptops using various operating systems. A plug-and-play solution, the Client encrypts and decrypts communication across the WLAN and protects the device against attacks without user intervention."
357	Research In Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Government Certifications Team TEL: 519-888-7465 x2921 FAX: 519-886-4839	BlackBerry® Cryptographic Kernel (Firmware Version: 3.6) Validated to FIPS 140-2 Security Policy Certificate	Firmware	11/20/2003; 04/29/2004; 08/24/2005	Overall Level: 1  -Self Tests: Level 4 -Design Assurance: Level 3 -Tested: BlackBerry® 5810 with BlackBerry® OS, Version 3.6.0 -FIPS-approved algorithms: Triple-DES (Cert. #167); SHA-1 (Cert. #147); HMAC-SHA-1 (Cert. #147, vendor affirmed); RSA (PKCS #1, vendor affirmed) -Other algorithms: N/A Multi-chip standalone "BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-toend solution. The BlackBerry® Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry®."
356	IBM® Corporation Seaumerstrasse 4 Rueschlikon, CH 8803 Switzerland -Michael Osoborne TEL: +41 1 724 8458 FAX: +41 1 724 8953	IBM® CryptoLite in C (Software Version 3.0 (FIPS 140/Prod)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	11/20/2003	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 2000 Professional with SP3; Red Hat Linux 8.0 (single user mode) -FIPS-approved algorithms: SHA-1 (Cert. #163); Triple-DES (Cert. #180); AES (Cert. #70); DSA (Cert. #88); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #163, vendor affirmed) -Other algorithms: DES (Cert. #220); MD2; MD5; RC2; RC4; RC6; MDC-1; MDC-2; MDC-4; Unix_crypt; Blowfish; SHA-256; SHA-384; SHA-512; Diffie-Hellman (key agreement) Multi-chip standalone "IBM CryptoLite is a C software package providing advanced cryptographic services in a very small footprint. CryptoLite supports public key encryption, digital signatures, symmetric ciphers, hash functions, message authentication codes, and other cryptographic algorithms through a simple programming interface. There are no runtime dependencies and the code has been optimized for high performance."
355	3e Technologies International, Inc. 700 King Farm Blvd. Suite 600 Rockville, MD 20850 USA -Ryon Coleman TEL: 301-944-1403	3e-521NP, 3e-522FIPS and 3e-530NP Wireless Gateways (Hardware P/Ns 3e-521NP, 3e-522FIPS and 3e-530NP, Firmware Version 2.0) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/27/2003	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #136 and #161); AES (Cert. #27); SHA-1 (Cert. #140); HMAC-SHA-1 (Cert. #140, vendor affirmed) -Other algorithms: RSA (PKCS#1, decryption, vendor affirmed); Diffie-Hellman (key agreement) Multi-chip standalone "The 3e family of Secure Wireless Gateways implements a cryptographic suite including AES, 3DES, SHA-1, HMAC SHA-1, Diffie-Hellman, and HTTPS/TLS. These algorithms are used in combination to protect the main Gateway services of bridging from wired uplink LAN to the wireless LAN, NAT routing from the wired uplink LAN to the wireless LAN, and DHCP service to the local LAN allowing a wired local LAN to exist over the local wireless LAN interface."
354	IBM® Corporation Seaumerstrasse 4 Rueschlikon, CH 8803 Switzerland -Michael Osoborne TEL: +41 1 724 8458 FAX: +41 1 724 8953	IBM CryptoLite in Java (Software Version 3.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	10/27/2003	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 2000 Professional with service pack 3 (JRE 1.3.1_03), Sun Solaris 5.8 (JRE 1.3.1), AIX 5.2 (JRE 1.3.1) (single user mode) -FIPS-approved algorithms: SHA-1 (Cert. #148); Triple-DES (Cert. #163); AES (Cert.#53); DSA (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1(Cert. #148, vendor affirmed) -Other algorithms: DES (Cert. #208); MD2; MD5; RC2; RC4; RC6; MDC-1; MDC-2, MDC-4; Unix_crypt; Blowfish; SHA-256; SHA-384; SHA-512; Diffie-Hellman (key agreement); RSA (encryption/decryption) Multi-chip standalone "IBM CryptoLite is a 100% Java software package providing advanced cryptographic services in a very small footprint. CryptoLite supports public key encryption, digital signatures, symmetric ciphers, hash functions, message authentication codes, and other cryptographic algorithms through a simple programming interface. There are no runtime dependencies and the code has been optimized for high performance. It runs on JDK 1.1 or higher."
353	Fortress Technologies, Inc. 4025 Tampa Rd. Suite 1111 Oldsmar, FL 34677 USA -Dennis Joyce TEL: 813-288-7388	NetFortress™ Cryptographic Kernel (Standard Mode and Segemented Mode, Software Version 4.0) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Software	10/27/2003	Overall Level: 1  -Roles and Services: Level 2 -Software Security: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #19); SHA-1 (Cert. #34) -Other algorithms: DES (Cert. #23); Diffie-Hellman (key agreement); IDEA Multi-chip standalone "The NetFortress™ Cryptographic Kernel secures private communications among corporate divisions, branch offices, and mobile users. Installed by the vendor onto a production-quality hardware platform and deployable on any LAN or WAN, the NF Crypto Kernel provides encryption, data integrity checking, authentication, access control, data compression, and firewall capabilities; it is IPSec compliant."
352	Neopost Technologies 113, rue Jean-Marin Naudin Bagneux, 92220 France -Thierry Le Jaoudour TEL: +33 (0) 1 45 36 30 36	NSD Postage Meter (Versions (Hardware #4127906B-A, Software 10.2), (Hardware #4127906B-B, Software 10.2) and (Hardware #4127907C-A, Software 30.11, 30.13, 30.15 and 30.21)) Validated to FIPS 140-1 Security Policy Certificate	Hardware	10/21/2003; 08/06/2004; 08/09/2004; 08/11/2004; 10/06/2004; 04/27/2005; 10/18/2005; 10/03/2006	Overall Level: 2  -Physical Security: Level 3 +EFT -EMI/EMC: Level 3 -Software Security: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #119); SHA-1 (Cert. #41); DSA (Cert. #61); ECDSA (vendor affirmed); Triple-DES MAC (Cert. #119, vendor affirmed) -Other algorithms: N/A Multi-chip embedded "The NSD module is a postage meter supporting accounting and cryptographic functions including the generation of 2D barcodes w/ECDSA signatures for secure electronic transactions. Associated with a document transport system and an inkjet print-head, the module is capable of processing up to 250 envelopes per minute."
351	Certicom Corp. Certicom Corporate Headquarters 5520 Explorer Drive 4th Floor Mississauga, Ontario L4W 5L1 Canada -Mike Harvey TEL: 905-507-4220 FAX: 905-507-4230 -CerticomEastern US Sales Office TEL: 571-203-0700 FAX: 571-203-9653	Security Builder® Government Solutions Edition (SBGSE) (Version 1) (When operated in FIPS mode - for Palm) Validated to FIPS 140-2 Security Policy Certificate	Software	10/10/2003; 10/17/2003	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Palm OS 4.1 -FIPS-approved algorithms: Triple-DES (Cert. #100); AES (Cert. #5); SHA-1(Cert. #89); HMAC-SHA-1 (Cert. #89, vendor affirmed) -Other algorithms: DES (Cert. #160); MD5; DESX; HMAC-MD5 Multi-chip standalone "Security Builder GSE is a standards based cryptographic toolkit that provides application developers with sophistocated tools to flexibly integrate encryption, digital signatures and other security mechanisms into their applications. Security Builder provides the cryptographic core for Certicom's products, including movianCrypt, MovianVPN, SSL and wTLS Plus, and Trustpoint PKI products."
350	IBM® Corporation IBM/Tivoli PO Box 3499 Australia Fair Southport, Queensland 4215 Australia -Mike Thomas TEL: +61 7 5552 4030 FAX: +61 7 5571 0420 -Peter Waltenberg TEL: +61 7 5552 4016 FAX: +61 7 5571 0420	IBM® Crypto for C (ICC) (Software Version 0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	10/03/2003; 08/23/2004; 12/02/2004	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with SUN Solaris 5.8, AIX 5.2 and Windows 2000 (single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #174); AES (Cert. #65); SHA-1 (Cert. #159); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #216); HMAC-SHA-1 (Cert #159, vendor affirmed, non-compliant); RC2; RC2-40; RC2-64; RC4; Blowfish; CAST; RSA (encryption/decryption); MD2; MD4; MD5; RIPEMD; HMAC-MD5 Multi-chip standalone "The ICC is a C language implementation of cryptographic functions which uses the cryptographic library provided by the OpenSSL project. This enables IBM products to use an open source solution for cryptography and a FIPS 140-2 certified cryptographic provider."
349	Colubris Networks Inc. 420 Armand-Frappier Suite 200 Laval, Quebec H7V 4B4 Canada -Stephane Laroche TEL: 450-680-1661 x123 FAX: 450-680-1910	Colubris CN1050 and CN1054 Wireless LAN Routers (Hardware Versions CN1050 and CN1054; Firmware Version 1.24-01-1736) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/03/2003	Overall Level: 2  -FIPS-approved algorithms: SHA-1 (Certs. #149, #150; #151); HMAC-SHA-1 (Certs. #149, #150; #151, vendor affirmed); Triple-DES (Certs. #164, #165; #166); AES (Certs. #54 and #55); RSA (ANSI X9.31, vendor affirmed) -Other algorithms: DES (Cert. #209); MD4; MD5; HMAC-MD5; SHA-2; RC4; Diffie-Hellman (key agreement) Multi-chip standalone "Colubris CN105x Secure Wireless LAN Router enables strong security for wireless enterprise networking, using embedded IPSec VPN and firewall functionalities."
348	Francotyp-Postalia Francotyp-Postalia AG & Co. KG Triftweg 21-26 Birkenwerder, D-16547 Germany -Dirk Rosenau TEL: +49 3303 525 616 FAX: +49 3303 525 609	Postal Revenector (Hardware P/N Version 58.0036.0001.00/05, Firmware P/N Version 90.0036.0006.00/02) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/25/2003	Overall Level: 3  -Physical Security: Level 3 +EFP -FIPS-approved algorithms: Triple-DES (Cert. #39); SHA-1 (Cert. #43); RSA (PKCS #1, vendor affirmed); ECDSA (FIPS 186-2, vendor affirmed); HMAC-SHA-1 (Cert. #43, vendor affirmed) -Other algorithms: DES (Cert. #108); DES MAC (Cert. #108, vendor affirmed); Diffie-Hellman (key agreement) Multi-chip embedded "The Francotyp-Postalia Postal Revenector employs strong encryption, decryption, and digital signature techniques for the protection of customer revenues in Francotyp-Postalia’s mail handlers. The Postal Revenector has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP)."
347	Information Security Corporation 1141 Lake Cook Road Suite D Deerfield, IL 60015 USA -Michael J. Markowitz TEL: 847-405- 0500	ISC Cryptographic Development Kit (CDK) V7.0 (Version 7.0) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Software	09/24/2003	Overall Level: 1  -EMI/EMC: Level 3 -Software Security: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows 2000 (single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #115); DSA (Cert. #65); AES (Cert. #9); Skipjack (Cert. #9); SHA-1 (Cert. #100); HMAC-SHA-1 (Cert. #100, vendor affirmed); ECDSA (vendor affirmed); RSA (PDCS#1, vendor affirmed) -Other algorithms: DES (Cert. #171); MD2; MD5; RC2; RC4; DESX; ElGamal; EC EIGamal; HMAC-MD5; SHA-256; SHA-384; SHA-512 Multi-chip standalone "A software development toolkit providing a comprehensive set of cryptographic primitives for use in any application. includes RSA, DSA/Diffie-Hellman and elliptic curve algorithms, as well as a wide range of symmetric ciphers and hash functions."
346	IBM® Corporation 2455 South Road / P330 Poughkeepsie, NY 12601 USA -Barry Ward TEL: 845-435-4881 FAX: 845-435-5540	Security Module with CP/Q++ (Hardware: P/N 04K9036, EC CF75600M, Firmware: Miniboot 0 Version A, Miniboot 1 Version A, CP/Q++ 2.41) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	09/24/2003	Overall Level: 3  -Self Tests: Level 4 -FIPS-approved algorithms: Triple-DES (Certs. #4 and #124); DSA/SHA-1 (Cert. #34); SHA-1 (Cert. #107); DSA (Cert. #68); RSA (FIPS 186-2, vendor affirmed) -Other algorithms: DES (Certs. #86 and #178); OAEP; RSA (ISO 9796) Multi-chip embedded "The Security Module with CP/Q++ is the security-sensitive portion of the IBM 4758 Cryptographic Coprocessor. The Security Module is a tamper-responding, programmable module containing a CPU, encryption hardware, RAM, EEPROM, hardware random number generator, time of day clock, and firmware. The CP/Q++ control program provides basic services Coprocessor applications use for cryptographic and secure-storage processing. The validation affirms a secure environment in which to implement or extend an application program requiring secure storage, cryptographic capabilities, and processing integrity. The Coprocessor is available for use in typical PC servers and as features in IBM eServer iSeries, pSeries, and zSeries servers."
345	IBM® Corporation 2455 South Road / P330 Poughkeepsie, NY 12601 USA -Barry Ward TEL: 845-435-4881 FAX: 845-435-5540	Security Module with CP/Q++ (Hardware: P/N 04K9131, EC F 72272D, Firmware: Miniboot 0 Version A, Miniboot 1 Version A, CP/Q++ 2.41) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	09/24/2003	Overall Level: 3  -Physical Security: Level 4 -Self Tests: Level 4 -FIPS-approved algorithms: Triple-DES (Certs. #4 and #124); DSA/SHA-1 (Cert. #34); SHA-1 (Cert. #107); DSA (Cert. #68); RSA (FIPS 186-2, vendor affirmed) -Other algorithms: DES (Certs. #86 and #178); OAEP; RSA (ISO 9796) Multi-chip embedded "The Security Module with CP/Q++ is the security-sensitive portion of the IBM 4758 Cryptographic Coprocessor. The Security Module is a tamper-responding, programmable module containing a CPU, encryption hardware, RAM, EEPROM, hardware random number generator, time of day clock, and firmware. The CP/Q++ control program provides basic services Coprocessor applications use for cryptographic and secure- storage processing. The validation affirms a secure environment in which to implement or extend an application program requiring secure storage, cryptographic capabilities, and processing integrity. The Coprocessor is available for use in typical PC servers and as features in IBM eServer iSeries, pSeries, and zSeries servers."
344	Stonesoft, Inc. 115 Perimeter Center Place Suite 1000 Atlanta, GA 30346 USA -Klaus Majewski TEL: 678-259-3411 FAX: 770-668-1131	StoneGate High Availability Firewall and VPN (Version 2.0.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Firmware	09/16/2003; 10/07/2003; 04/29/2004	Overall Level: 1  -Tested: Debian GNU/Linux Version 3.0 -FIPS-approved algorithms: Triple-DES (Certs. #145, #146; #147); AES (Certs. #39 and #40); DSA (Certs. #77 and #78); SHA-1 (Certs. #131 and #132); HMAC-SHA-1 (Cert. #132, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #194); Blowfish; Twofish; CAST-128; SHA-256 (vendor affirmed, non-compliant); MD5; Diffie-Hellman (key agreement) Multi-chip standalone "StoneGate is a firewall and VPN software solution. It features clustering, load balancing between multiple ISPs, encrypted VPN client connectivity and advanced central administration tools."
343	Wei Dai 13440 SE 24th Street Bellevue, WA 98005 USA -Wei Dai TEL: 425-562-9677	Crypto++ Library (Version 5.0.4) Validated to FIPS 140-2 Security Policy Certificate	Software	09/05/2003; 10/28/2005	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows 2000 Professional Operating System, Service Pack 1 (single user mode) -FIPS-approved algorithms: AES (Cert. #87); Triple-DES (Cert. #198); Skipjack (Cert. #13); DSA (Cert. #79); SHA-1 (Cert. #134); HMAC-SHA-1 (Cert. #134, vendor affirmed); Triple-DES MAC (Cert. #198, vendor affirmed); ECDSA (vendor affirmed); RSA (PKCS #1, vendor affirmed) -Other algorithms: Diffie-Hellman (key agreement) Multi-chip standalone "The Crypto++ Library is a free, open source C++ class library providing public key encryption, digital signatures, symmetric ciphers, hash functions, message authentication codes, and other cryptographic algorithms. The dynamic link library (DLL) is FIPS 140-2 Level 1 validated. The source code of the validated module is available upon request."
342	Eracom Technologies Australia, Pty. Ltd. 28 Greg Chappell Drive Burleigh Heads, QLD 4220 Australia -Gerry Scott TEL: 916-677-2450 FAX: 916-677-2460	ProtectHost Orange Hardware Security Module and ProtectHost Orange Hardware Security Module with ORGA FM (Hardware Revision A, Firmware Version 1.34.00, Software Version 1.01.11, ORGA FM Version 1.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	09/05/2003; 09/24/2003; 10/18/2005	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #37); Triple-DES (Cert. #63); DSA (Cert. #47); ECDSA (vendor affirmed); HMAC-SHA-1 (Cert. #55); RSA (PKCS#1 and ANSI X9.31, vendor affirmed); SHA-1 (Cert. #55); Triple-DES MAC (Cert. #63, vendor affirmed) -Other algorithms: DES (Cert. #124); DES MAC (Cert. #124, vendor affirmed); Diffie-Hellman (key agreement); CAST 128; IDEA; MD2; MD5; HMAC-MD5; RC2; RC4; RIPEMD-128; RIPEMD-160; HMAC-RIPEMD-128; HMAC-RIPEMD-160; CAST MAC; IDEA MAC; RC2 MAC; RC4 MAC Multi-chip standalone "The Eracom protecthost orange is an advanced Hardware Security Module (HSM) offering high speed cryptographic processing and key management. The module implements the PKCS#11 cryptographic API and provides a comprehensive compliance to the PKCS#11 standard as well as vendor specific extensions."
341	ReefEdge, Inc. 2 Executive Dr. Fort Lee, NJ 07024 USA -Silvia Ercolani TEL: 201-242-9700 FAX: 201-242-9760	Edge Controller 100x (Software v3.1.3, Hardware v3.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/29/2003	Overall Level: 2  -Self Tests: Level 4 -FIPS-approved algorithms: Triple-DES (Certs. #171, #172; #173); SHA-1 (Certs. #155, #156; #157); HMAC-SHA-1 (Certs. #155, #156; #157, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: RC4; MD5; HMAC-MD5 Multi-chip standalone "The ReefEdge family of Edge Controllers provides perimeter security and high-speed subnet roaming to the ReefEdge Connect System, connecting an enterprise's access points to its wired LAN. Edge Controllers enforce access control rules, implement bandwidth management, and perform encryption, enabling users to roam freely - among offices, between floors, across campuses - without losing their secure connection."
340	SonicWALL, Inc. 1143 Borregas Ave. Sunnyvale, CA 94089-1306 USA -Usha Sanagala TEL: 408-962-6248	Cisco CSS Series 11000 Secure Content Accelerator/SonicWALL SSL-RX (Hardware P/N 103-500000-00/101-500040-00 Rev E/Rev C, Firmware Version 4.1) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/29/2003; 04/25/2007	Overall Level: 2  -FIPS-approved algorithms: SHA-1 (Cert. #146); HMAC-SHA-1 (Cert. #146, vendor affirmed); Triple-DES (Cert. #157); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #203); RC2; RC4; MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The SCA2/SSL-RX is an SSL proxy device designed for SSL acceleration and offloading. The SCA2/SSL-RX provides the ability to both terminate and initiate SSL connectio ns, converting cipher-text to clear-text, or clear-text to cipher-text."
339	AKCode, LLC. 13130 Roundup Ave. San Diego, CA 92129 USA -Robert Spraggs TEL: 250-542-0112 FAX: 250-549-3751	Anonymous Key Technology-C++ and Java Suite (Software Versions 1.0.0 and 1.0.2) Validated to FIPS 140-2 Security Policy Certificate	Software	07/31/2003; 10/06/2003; 07/28/2005; 08/24/2005	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows 2000, XP, and NT 4.00; SUN Server Solaris Version 8, Linux 2.2, 2.4 and 2.4.18, Microsoft Internet Explorer 5.00 and Netscape 7.01-all configured in single user mode -FIPS-approved algorithms: AES (Certs. #38 and #47); SHA-1 (Certs. #128 and #142); HMAC-SHA-1 (Certs. #128 and #142, vendor affirmed) -Other algorithms: PPP (key transport) Multi-chip standalone "Product Description: “A non PKI based software suite to allow secure authenticated Internet transactions. The suite incorporates biometrics into the authentication and encryption algorithms. Currently, the suite has been tested with encrypted video conferencing, Internet email, secure Internet transactions, secure data storage and personal authentication. The suite uses smart cards, CAC cards, RF cards, and USB storage devices as personal authentication devices. Operating systems tested include the full suite of Microsoft, LINUX, and SUN Solaris. Supports Windows CE, in version 1.0.2, though not operationally tested. The suite has both client and server components, thus enabling a complete secure solution without using traditional PKI."
338	Axalto Inc. 8311 North FM 620 Rd. Austin, TX 78726 USA -David Teo TEL: 512-257-3895 FAX: 512-257-3881	Cyberflex Access e-gate 32K (Hardware P/N M256LCAEG1, Firmware Version HardMask 2v2, SoftMask 3v1) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/07/2003; 09/21/2004; 05/25/2006	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #143); Triple-DES MAC (Cert. #143, vendor affirmed); SHA-1 (Cert. #129); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #192); DES MAC (Cert. #192, vendor affirmed); Single-chip "Cybeflex Access e-gate 32K serves as a highly portable, secure token for enhancing the security of network access and ensuring secure electronic communications, supporting on-card DES (used only for legacy systems) and RSA algorithms with on-card key generation. It is compliant to Java Card v2.1.1 and Open Platform v2.0.1. The card incorporates, apart from the conventional ISO 7816-3 interface, also the USB interface normally resident in the smart card reader. Thus, it bridges the gulf between the public terminal infrastructure (ISO 7816-3) and the PC world (USB). The Cyberflex Access e-gate 32K is part of a range of Schlumberger highly secure, Java-based smart cards for physical and logical access, e-transactions and other applications."
337	Phaos Technology Corporation 520 Madison Avenue 30th Floor New York, NY 10022 USA -Darren Calman TEL: 212-508-7700	Phaos Crypto (Software Versions 3.0 and 3.0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	07/07/2003; 04/30/2004; 08/23/2004	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Window 2000 (Single User mode), Sun Java 2 Runtime Environment (V1.3.1) -FIPS-approved algorithms: AES (Cert. #42); Triple-DES (Cert. #148); SHA-1 (Cert. #138); HMAC-SHA-1 (Cert. #138, vendor affirmed); RSA (PKCS#1, vendor affirmed); DSA (Cert. #81); ECDSA (vendor affirmed) -Other algorithms: DES (Cert. #195); RC2; RC4; Blowfish; MD2; MD4; MD5; SHA-2; RSA (encryption/decryption); Diffie-Hellman (key agreement); EC Diffie-Hellman (key agreement) Multi-chip standalone "Phaos Crypto provides a state-of-the-art set of core cryptography algorithms in Java. It includes a comprehensive cryptographic library supporting the most current algorithms like AES, RSA-OAEP, SHA- 256/384/512, X.9-42 as well as legacy algorithms that are still used in corporate systems like 3DES, DES, MD2 etc.. Phaos Crypto allows developers to integrate cryptography into any Java application or applet. For high security deployments, Phaos Crypto provides transparent migration to cryptographic hardware without requiring any changes to existing applications."
336	Motorola, Inc. 8220 E Roosevelt St. Scottsdale, AZ 85257 USA -Randy Morton TEL: 480-441-4472 FAX: 480-441-3580	Digital Interface Unit Crypto Module (DIU CM) (Hardware P/N T6721A Version CLN7611C, Firmware Versions R82.00.02 and R82.01.02) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/07/2003; 01/05/2004; 03/30/2004	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #82); AES (Cert. #2) -Other algorithms: DES (Cert. #151); DES MAC (Cert. #151, vendor affirmed); DES-XL; DVI-XL; DVP-XL; HCA; AES MAC (Cert #2, P25 AES OTAR, vendor affirmed) Multi-chip embedded "The DIU CM provides secure voice and Over-the-Air-Rekeying (OTAR) advanced key management for Motorola’s Digital Interface Unit (DIU). The DIU and DIU CM combine to provide these cryptographic services for Motorola’s APCO-25 compliant Astro ™ family of console and base station radio infrastructure equipment."
335	NetScreen Technologies, Inc. 805 11th Avenue Building 3 Sunnyvale, CA 94089 USA -Lee Klarich TEL: 408-543-8209 FAX: 408-543-8200	NetScreen-204/208 (Hardware P/N NS-204 and NS-208 Version 0110(0), Software ScreenOS 4.0.0r7.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/07/2003; 08/29/2003	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #11); Triple-DES (Certs. #49 and #118); DSA/SHA-1 (Cert. #76); SHA-1 (Cert. #103); RSA (PKCS #1, vendor affirmed); HMAC-SHA-1 (Cert. #103, vendor affirmed) -Other algorithms: DES (Certs. #114 and #174); MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The NetScreen-204/208 are purpose-built network security appliances that deliver firewall, VPN, and traffic shaping optimized for the most demanding environments such as medium and large enterprise offices, e-business sites, data centers, and carrier infrastructures."
334	NetScreen Technologies, Inc. 805 11th Avenue Building 3 Sunnyvale, CA 94089 USA -Lee Klarich TEL: 408-543-8209 FAX: 408-543-8200	NetScreen-500 (Hardware P/N NS-500 Version 4110(0), Software ScreenOS 4.0.0r7.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/07/2003; 08/29/2003	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #12); Triple-DES (Certs. #49 and #50); DSA/SHA-1 (Cert. #75); SHA-1 (Cert. #47); RSA (PKCS #1, vendor affirmed); HMAC-SHA-1 (Cert. #47, vendor affirmed) -Other algorithms: DES (Certs. #114 and #115); MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The NetScreen-500 is a purpose-built internet security appliance that provides advanced firewall, IPSec VPN, and traffic management functionality, optimized for the most demanding environments such as medium and large enterprise offices, carrier infrastructures, or service providers."
333	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nCipher PMC 1600 PCI (Hardware Version: nC3033M-4K0, Build Standard A, Firmware Version: 2.1.23-3) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/27/2003	Overall Level: 3  -Self Tests: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #109); Triple-DES MAC (Cert. #109, vendor affirmed); AES (Cert. #15); DSA (Cert. #60); SHA-1 (Cert. #95); HMAC-SHA-1 (Cert. #95, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #173); DES MAC (Cert. #173, vendor affirmed); ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; MD2; MD5; SEED; KCDSA; HAS 160 Multi-chip embedded "The nCipher PMC 1600 PCI secure e-Commerce SSL family of secure ecommerce accelerators are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher PMC 1600 PCI is a FIPS 140-2 level 3 embedded device. The nCipher PMC 1600 PCI improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, e-commerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging."
332	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nCipher PMC 1600 PCI (Hardware Version: nC3033M-4K0, Build Standard A, Firmware Version: 2.1.23-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/27/2003	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Self Tests: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #109); Triple-DES MAC (Cert. #109, vendor affirmed); AES (Cert. #15); DSA (Cert. #60); SHA-1 (Cert. #95); HMAC-SHA-1 (Cert. #95, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #173); DES MAC (Cert. #173, vendor affirmed); ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; MD2; MD5; SEED; KCDSA; HAS 160 Multi-chip embedded "The nCipher PMC 1600 PCI secure e-Commerce SSL family of secure ecommerce accelerators are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher PMC 1600 PCI may be initialized as a FIPS 140-2 level 2 embedded device. The nCipher PMC 1600 PCI improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, e-commerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging."
331	Motorola, Inc. 8220 E Roosevelt St. Scottsdale, AZ 85257 USA -Randy Morton TEL: 480-441-4472 FAX: 480-441-3580	Key Management Facility Crypto Card (KMF CC) (Hardware P/N T6722A Version CLN7612B, Firmware Version R01.08) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/27/2003; 03/30/2004	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #2); Triple-DES (Cert. #82) -Other algorithms: DES (Cert. #151); DES MAC (Cert. #151, vendor affirmed); DES-XL; DVI-XL; DVP-XL; HCA; AES MAC (Cert #2, P25 AES OTAR, vendor affirmed) Multi-chip embedded "The KMF CC provides encryption and decryption services for secure key management and Over-the-Air-Rekeying (OTAR) for Motorola’s Key Management Facility (KMF). The KMF and KMF CC combine to provide these cryptographic services for Motorola’s APCO-25 compliant Astro ™ radio systems."
330	Lipman Electronic Engineering Ltd. 11 Haamal Street Park Afek, Rosh Haayin 48092 Israel -David S. Kaplan TEL: 972-3-902-9730 FAX: 972-3-902-9731	NURIT 202 PIN Pad (Hardware P/N NURIT 0202-XXX-M21-YYY [XXX: Country Code, YYY: Color Code]*, Firmware Version M02.25) (Refer to the cryptographic module’s security policy for the details on the letters) Validated to FIPS 140-1 Security Policy Certificate	Hardware	06/27/2003; 04/30/2004	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #123); Triple-DES MAC (Cert. #123, vendor affirmed) -Other algorithms: DES (Cert. #177); DES MAC (Cert. #177, vendor affirmed) Multi-chip standalone "The NURIT 202 is an advanced, easy-to- use handheld PIN Pad allowing for protected debit/credit transactions. The NURT 202 can be interconnected with any NURIT point-of-sale (POS) terminal, or terminals of other manufacturers."
329	CyberGuard Corporation 2000 W. Commercial Blvd Suite 200 Ft. Lauderdale, FL 33309 USA -Soheila Amiri TEL: 954-958-3900	CyberGuard Cryptographic Module (Version: 5.0P1f) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Software	06/27/2003	Overall Level: 1  -Roles and Services: Level 2 -Software Security: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #102); SHA-1 (Cert. #109); AES (Cert. #6); DSA (Cert. #69); HMAC-SHA-1 (Cert. #109, vendor affirmed) -Other algorithms: DES (Cert. #161); Diffie-Hellman (key agreement); Twofish; Blowfish; CAST-128; MD5; Tiger192; RIPEMD-160; HMAC-MD5 Multi-chip standalone "The CyberGuard Firewall/VPN is a packet-filtering and application proxy gateway, which allows or blocks the routing of specific network services between networks based on a set of administrator-defined rules."
328	Bodacion Technologies 18-3 E Dundee Rd Suite 300 Barrington, IL 60010 USA -Eric Uner TEL: 847-842-9008	HYDRA Server Cryptographic Module (Hardware Version: 1.4, Firmware Version: 1.4) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	06/27/2003	Overall Level: 1  -FIPS-approved algorithms: Triple-DES (Cert. #126); SHA-1 (Cert. #110) -Other algorithms: RSA (non-compliant); AES (non-compliant); RC4; MD5 Multi-chip standalone "HYDRA is an internet server built without an operating system from the ground up to be totally secure. It contains everything you need to run a high-performance, secure Web site including HTTP, HTTPS, and FTP servers, Web-based administration, and Java/JSP capabilities."
327	Axalto Inc. 8311 North FM 620 Road Austin, TX 78726 USA -David Teo TEL: 512-257-3895 FAX: 512-257-3881	Schlumberger Cyberflex Access 32K Smart Card Module with Schlumberger PKI Applets (Hardware P/N SLE66CX320P, Firmware Version Softmask 7 V2, Hardmask 2 V2; Applets: Gina Applet Version 1.1, Smart Login Applet Version 1.1, PKI Applet Version1.1) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/17/2003; 09/21/2004; 05/25/2006	Overall Level: 2  -Physical Security: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #65); Triple-DES MAC (Cert. #65, vendor affirmed); SHA-1 (Cert. #57); RSA (PKCS#1, vendor affirmed) -Other algorithms: N/A Single-chip "The Schlumberger Cyberflex Access 32K Smart Card Module with Schlumberger PKI Applets is a single chip implementation of a Java Card 2.1.1 compliant smart card module. It is also compliant with OP 2.0.1, thus establishing a well defined security infrastructure through applet instantiation, key management and security policy configuration which can be performed using FIPS 140-2 compliant mechanisms."
326	NetScreen Technologies, Inc. 805 11th Avenue Building 3 Sunnyvale, CA 94089 USA -Lee Klarich TEL: 408-543-8209 FAX: 408-543-8200	NetScreen-5200 (Hardware P/N NS-5200 Version 3010(0), Firmware Version 4.0.0r7.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/17/2003; 08/29/2003	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #11); Triple-DES (Certs. #118 and #133); DSA/SHA-1 (Cert. #76); SHA-1 (Certs. #103 and #119); RSA (PKCS #1, vendor affirmed); HMAC-SHA-1(Certs. #103 and #119, vendor affirmed) -Other algorithms: DES (Certs. #174 and #184); MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The NetScreen-5200 is a purpose-built internet security appliance that provides advanced firewall and IPSec VPN functionality, optimized for the most demanding environments such as large enterprise offices, carrier infrastructures, or service providers. The NetScreen-5200 is capable of 2 Gbps 3DES VPN throughput."
325	NetScreen Technologies, Inc. 805 11th Avenue Building 3 Sunnyvale, CA 94089 USA -Lee Klarich TEL: 408-543-8209 FAX: 408-543-8200	NetScreen-5XT (Hardware P/N NS-5XT Version 3010(0), Firmware Version 4.0.0r7.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/17/2003; 08/29/2003	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #11); Triple-DES (Certs. #49 and #118); DSA/SHA-1 (Cert. #76); SHA-1 (Cert. #103); RSA (PKCS #1, vendor affirmed); HMAC-SHA-1 (Cert. #103, vendor affirmed) -Other algorithms: DES (Certs. #114 and #174); MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The NetScreen-5XT is a purpose-built internet network security appliance that delivers firewall, VPN, and traffic management optimized for remote offices, home offices, and telecommuters."
324	IP Dynamics, Inc. 2880 Stevens Creek Boulevard San Jose, CA 95128 USA -Zulfikar Ramzan TEL: 408-961-6349 FAX: 408-961-6390	VCN Member Agent Cryptographic Module (Software Version 4.2) Validated to FIPS 140-2 Security Policy Certificate	Software	06/06/2003	Overall Level: 1  -EMI/EMC: Level 3; -Operational Environment: Tested as meeting Level 1 with Window 2000 professional, Service Pack 2 Operation System (single-user mode) -FIPS-approved algorithms: AES (Cert. #34); SHA-1 (Cert. #126); HMAC-SHA-1 (Cert. #126, vendor affirmed); Triple-DES (Cert. #141) -Other algorithms: Diffie-Hellman (key agreement) Multi-chip standalone "IP Dynamics’ VCN Software Suite creates a secure network services layer above the flat Internet address space allowing the creation of dynamic virtual communities, which are the secure, collaborative communications platforms designed for a wide range of intranet, extranet, remote access and collaboration applications."
323	IP Dynamics, Inc. 2880 Stevens Creek Boulevard San Jose, CA 95128 USA -Zulfikar Ramzan TEL: 408-961-6349 FAX: 408-961-6390	VCN Manager Cryptographic Module (Software Version 4.2) Validated to FIPS 140-2 Security Policy Certificate	Software	06/06/2003; 06/27/2003	Overall Level: 1  -EMI/EMC: Level 3; -Operational Environment: Tested as meeting Level 2 with Solaris Version 8 FCS with AdminSuite Version 3.0.1 FCS with patches 108875 and 108879-02 for SPARC platforms, Sun Ultra 10 with UltraSPARC IIi 333MHz, JDK 1.4.0 -FIPS-approved algorithms: AES (Cert. #34); SHA-1 (Cert. #126); HMAC-SHA-1 (Cert. #126, vendor affirmed) -Other algorithms: Diffie-Hellman (key agreement) Multi-chip standalone "IP Dynamics’ VCN Software Suite creates a secure network services layer above the flat Internet address space allowing the creation of dynamic virtual communities, which are the secure, collaborative communications platforms designed for a wide range of intranet, extranet, remote access and collaboration applications."
322	Palm Solutions Group 400 N. McCarthy Blvd Milpitas, CA 95035 USA -Rebecca Taylor TEL: 408-503-7500 FAX: 408-503-2750	Crypto Manager (Software Version 2.0) Validated to FIPS 140-2 Security Policy Certificate	Software	06/06/2003	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Palm OS 4.1 -FIPS-approved algorithms: AES (Cert. #19); SHA-1 (Cert. #115); HMAC-SHA-1 (Cert. #115, vendor affirmed) -Other algorithms: N/A Multi-chip standalone "Crypto Manager Version 2.0 provides cryptographic services to applications on the Palm platform. Using the Crypto Manager API (Application Programming Interface), application developers can access strong cryptographic services without having expertise in cryptography. Crypto manager is designed to be used on any devices running Palm OS 3.0 or higher. It features strong encryption via AES, HMAC SHA-1 message authentication and SHA-1 digests Crypto Manager is built to comply with FIPS 140-2 Level 1."
321	IBM® Corporation CC1A/502/K301 4205 S. Miami Blvd. Durham, NC 27703 USA -Keith Medlin TEL: 919-543-2014 FAX: 919-486-0675	IBM® Everyplace™ Wireless Gateway Cryptographic Module (Version 1.6) Validated to FIPS 140-2 Security Policy Certificate	Software	05/29/2003	Overall Level: 2  -Operational Environment: Tested as meeting Level 2 with Trusted Solaris 8 4/01 EAL4 (Solaris SunBlade 1000); AIX 5L Version 5.2 EAL4+ (IBM pSeries 660 Model 6H1) -FIPS-approved algorithms: Triple-DES (Cert. #142); AES (Cert. #36); SHA-1 (Cert. #127); DSA (Cert. #74) -Other algorithms: DES (Cert. #191) Multi-chip standalone "The IBM® Everyplace Wireless Gateway Cryptographic Module provides encryption and other cryptographic services for the IBM® Everyplace Wireless Gateway for Multiplatforms. The IBM® Everyplace Wireless Gateway for Multiplatforms is a distributed, scalable, multipurpose UNIX® communications platform that can support optimized, security-enhanced data access by both Wireless Application Protocol (WAP) clients and non- WAP clients over a wide range of international wireless network technologies, as well as local area (LAN) and wide area (WAN) wire line networks. The cryptographic module was tested on a AIX Version 5.2 platform."
320	IBM® Corporation CC1A/502/K301 4205 S. Miami Blvd. Durham, NC 27703 USA -Keith Medlin TEL: 919-543-2014 FAX: 919-486-0675	IBM® Everyplace™ Wireless Gateway Cryptographic Module (Version 1.6) Validated to FIPS 140-2 Security Policy Certificate	Software	05/29/2003	Overall Level: 1  -Roles, Services, and Authentication: Level 2; -EMI/EMC: Level 3; -Design Assurance: Level 2; -Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000 SP2; Microsoft Pocket PC 2002 -FIPS-approved algorithms: Triple-DES (Cert. #142); AES (Cert. #36); SHA-1 (Cert. #127); DSA (Cert. #74) -Other algorithms: DES (Cert. #191) Multi-chip standalone "The IBM® Everyplace Wireless Gateway Cryptographic Module provides encryption and other cryptographic services for the IBM® Everyplace Wireless Gateway for Multiplatforms. The IBM® Everyplace Wireless Gateway for Multiplatforms is a distributed, scalable, multipurpose UNIX® communications platform that can support optimized, securityenhanced data access by both Wireless Application Protocol (WAP) clients and non-WAP clients over a wide range of international wireless network technologies, as well as local area (LAN) and wide area (WAN) wire line networks."
319	ActivCard, Inc. 6623 Dumbarton Circle Fremont, CA 94555 USA -Eric Le Saint TEL: 510-574-0100 FAX: 510-574-0101	Cyberflex Access 64K v1 with ActivCard applet suite (P/N M512LACC1, FW HardMask 5 v1 & SoftMask 2 v1 and 4 v1, Applet versions: ID Applet 1.0.0.23, 1.0.0.24 and 1.14.0.19, PKI Applet 1.0.0.26, 1.0.0.30 and 1.14.0.21, GC Applet 1.0.0.26 and 1.0.0.28) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/29/2003; 10/03/2003; 12/03/2003; 08/03/2004	Overall Level: 2  -Roles, Services, and Authentication: Level 3; -Physical Security: Level 3; -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert #125); Triple-DES MAC; SHA-1 (Cert. #108); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #179); DES MAC Single-chip "Cyberflex Access 64K v1 with ActivCard applet suite, which incorporates PKI (public key infrastructure) and digital signature technology, serve as highly portable, secure tokens for enhancing the security of network access and ensuring secure electronic communications. The SmartCard platform has on board Triple DES and RSA algorithms and can provide on board key generation. It is compliant to Java Card V2.1.1 and Open Platform V2.0.1."
318	Axalto Inc. 8311 North FM 620 Road Austin, TX 78726 USA -David Teo TEL: 512-257-3895 FAX: 512-257-3881	Cyberflex Access 64K (Hardware: M512LACC1, Firmware: HardMask 5v1, SoftMask 2v1, 4v1, and 4v2) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/29/2003; 07/03/2003; 07/15/2003; 06/25/2004; 09/21/2004; 06/06/2005; 05/25/2006	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #125); Triple-DES MAC; SHA-1 (Cert. #108); RSA (PKCS #1, vendor affirmed) -Other algorithms: DES (Cert. #179); DES MAC Single-chip "The Cyberflex Access 64K can be employed in solutio ns which provide secure PKI (public key infrastructure) and digital signature technology. Cyberflex Access 64K serves as a highly portable, secure token for enhancing the security of network access and ensuring secure electronic communications. Cyberflex Access 64K supports on-card Triple DES and 1024-bit RSA algorithms with on-card key generation. It is compliant to Java Card v2.1.1 and Open Platform v2.0.1. The Cyberflex Access 64K is part of a range of Schlumberger highly secure, Java-based smart cards for physical and logical access, e-transactions and other applications."
317	Motorola, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA -Kirk Mathews TEL: 847-576-4101 FAX: 847-538-2770	Astro Subscriber Encryption Module (HW PNs Astro Saber, Astro Spectra, Astro Consolette-NTN8967C, Astro XTS3000-0105956v67, FW v03.55, and v03.56) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/29/2003; 06/11/2003; 03/30/2004	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -FIPS-approved algorithms: Triple-DES (Cert. #82); AES (Cert. #2) -Other algorithms: DES (Cert. #151); DES MAC (Cert. #151, vendor affirmed); DES-XL; DVI-XL; DVI-SPFL; DVP-XL; SHA-1 (non-compliant); AES MAC (Cert #2, P25 AES OTAR, vendor affirmed) Multi-chip embedded "Encryption modules used in Motorola Astro family of radios provide secure voice and data capabilities as well as APCO Over-the-Air-Rekeying (OTAR) and advanced key management."
316	Certicom Corp. Certicom Corporate Headquarters 5520 Explorer Drive 4th Floor Mississauga, Ontario L4W 5L1 Canada -Mike Harvey TEL: 905-507-4220 FAX: 905-507-4230 -Certicom Eastern US Sales Office TEL: 571-203-0700 FAX: 571-203-9653	Security Builder® Government Solutions Edition (SBGSE) (Version 1.0.1) (When operated in FIPS mode - for Windows and WinCE) Validated to FIPS 140-2 Security Policy Certificate	Software	05/13/2003; 06/30/2003	Overall Level: 1  -EMI/EMC: Level 3; -Operational Environment: Tested as meeting Level 1 with Dell Optiplex GX1 (Windows 98); Compaq iPAQ Pocket PC (WinCE) -FIPS-approved algorithms: Triple-DES (Cert. #100); AES (Cert. #5); SHA-1 (Cert. #89); HMAC-SHA-1 (Cert. #89, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #160); MD5; DESX; HMAC-MD5 Multi-chip standalone "Security Builder GSE is a standards-based cryptography toolkit that provides application developers with the sophisticated tools and flexibility needed to integrate encryption, digital signatures, and other security mechanisms into their applications. Security Builder provides the cryptographic core for a variety of Certicom products, including movianCrypt, movianVPN, SSL Plus, Trustpoint PKI products and toolkits and certificates, and WTLS Plus. Security Builder is also licensed to third party companies."
315	Motorola, Inc. 1301 E. Algonquin Rd. Schaumburg, IL 60196 USA -Phil Gemmato TEL: 847-576-4707 FAX: 847-538-2770	Motorola Gold Elite Gateway Secure Card (MGEG SC) (HW Versions CLN7637b and CLN7637c, FW Versions R01.00.00, R01.03.07 and R01.04.02) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/13/2003; 11/26/2003; 12/03/2003; 12/24/2003; 04/13/2004; 07/27/2004	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -FIPS-approved algorithms: Triple-DES (Cert. #82); AES (Cert. #2) -Other algorithms: DES (Cert. #151); SHA-1; DES-XL; DVI-XL; DVI-SPFL; DVP-XL; AES MAC (Cert #2, P25 AES OTAR, vendor affirmed) Multi-chip embedded "The MGEG Secure Card is a cPCI device which performs encryption and decryption for all voice traffic through the Motorola Gold Elite Gateway (MGEG)."
314	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Hazem Hassan TEL: 952-808-2372 FAX: 952-890-2726	Model 330J with JCCOS Applet (Firmware Version: 2.0, Hardware Version: P8WE5033AEV/024A181) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/24/2003; 02/22/2005	Overall Level: 2  -Physical Security: Level 3; -EMI/EMC: Level 3; -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #144); SHA-1 (Cert. #130); RSA (singnature generation/verification PKCS#1 v1.5, vendor affirmed) -Other algorithms: DES (Cert. #193); RSA (decryption) Single-chip "The Model 330J is SAFENET'S multi-application smart card, designed to the JavaCard v2.1.1 and Global Platform v2.0.1 specifications. The Model 330J smart card features SAFENET'S JCCOS operating system applet (Javabased Cryptographic Card Operating System). JCCOS is an advanced cryptographic applet that, when loaded onto a multi-application JavaCard, enables FIPS 140-2 Level 2 validation."
313	Entrust, Inc. 1000 Innovation Drive Ottawa, Ontario K2K 3E7 Canada -Pierre Boucher TEL: 613-270-2599 FAX: 613-270-2501	Entrust Authority Security Toolkit for Java (Software Version 6.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	03/28/2003	Overall Level: 1  -EMI/EMC: Level 3; -Operational Environment: Tested as meeting Level 1 with Win XP SP1a, Win 2000 SP3, Win NT 4.0 SP 6a and WIN ME in single user mode running Sun JRE v1.2.2, 1.3.1 and 1.4.0, and IBM JRE v1.3 -FIPS-approved algorithms: Triple-DES (Cert. #140); Triple-DES MAC (Cert. #140, vendor affirmed); AES (Cert. #31); DSA (Cert. #73); ECDSA (vendor affirmed); SHA-1 (Cert. #125); HMAC-SHA-1 (Cert. #125, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #190); DES MAC (Cert. #190, vendor affirmed); CAST 128; IDEA; RC2; RC4; Rijndael 256; HMAC-MD5; CAST 128 MAC; IDEA MAC; MD2; MD5; Diffie-Hellman (key agreement); SPEKE; RSA (encryption/decryption) Multi-chip standalone "Entrust AuthorityTM Toolkits provide customers and partners with the ability to apply best-in-class security to almost any business application. These Toolkits provide a common set of services to permit developers to rapidly deploy applications that solve business problems without having to spend valuable development cycles developing these common services. Entrust Authority's standards-based, application programming interfaces (APIs) make it possible to implement a single enhanced Internet security architecture across multiple applications and platforms. By minimizing the need for separate administration modules with every deployed application, these Toolkits provide a reduction in administrative duplication and help to reduce the cost to deploy across multiple platforms."
312	Research In Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Government Certifications Team TEL: 519-888-7465 x2921 FAX: 519-886-4839	BlackBerry Cryptographic Kernel (Firmware Versions 3.3 and 3.3.1) Validated to FIPS 140-2 Security Policy Certificate	Firmware	03/28/2003; 04/25/2003; 05/02/2003; 04/29/2004; 08/24/2005	Overall Level: 1  -Tested: BlackBerry 5810 with the RIM Proprietary OS, Version 3.3.0 -FIPS-approved algorithms: Triple-DES (Cert. #167); SHA-1 (Cert. #147); HMAC-SHA-1 (Cert. #147, vendor affirmed); RSA (signature verification: PKCS#1, vendor affirmed) -Other algorithms: Multi-chip standalone "BlackBerryTM is the leading wireless enterprise solution that allows users to stay onnected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerryTM is a totally integrated package that includes hardware, software and service, providing a complete end-toend solution. The BlackBerryTM Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerryTM."
311	TLC-Chamonix, LLC 120 Village Square Suite 11 Orinda, CA 94563 USA -Phil Smith TEL: 877-479-4500 FAX: 877-639-3470	Cranite Wireless Access Controller (Software Versions 2.0, 3.0, 3.0.5e and 3.0.5f) Validated to FIPS 140-2 Security Policy Certificate	Software	03/20/2003; 07/10/2003; 03/29/2004; 02/03/2005; 02/21/2006; 02/24/2006; 03/10/2006; 05/20/2008	Overall Level: 1  -EMI/EMC: Level 3; -Cryptographic Key Managements: Level 3; -Operational Environment: Tested as meeting Level 1 with RedHat Linux 7.0 -FIPS-approved algorithms: Triple-DES (Cert. #130); AES (Cert. #24); SHA-1 (Cert. #113); HMAC-SHA-1 (Cert. #113, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: MD5; RSA (key exchange) Multi-chip standalone "The Cranite Wireless® Access Controller is a cryptographic software system for wireless LANs that enforces network access rights, encrypts / decrypts authorized traffic, and provides seamless, secure mobility services to users as they mo ve across subnets. The Cranite Wireless Access Controller software installs onto a standard, enterprise-class hardware platform."
310	Standard Networks, Inc. 344 South Yellowstone Drive Madison, WI 53705 USA -Reid MacGuidwin TEL: 608-227-6100	MOVEit Crypto (Versions 1.0.1.0 and 1.1.0.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	03/11/2003; 03/20/2003; 01/30/2004	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 2000 and RedHat Linux 9.0 (single user mode) -FIPS-approved algorithms: AES (Cert. #30); SHA-1 (Cert. #124); HMAC-SHA-1 (Cert. #124, vendor affirmed) -Other algorithms: MD5; HMAC-MD5 Multi-chip standalone "MOVEit Crypto is a 32-bit compact dynamically linked library (DLL) that provides fast encryption services to applications running on Microsoft Windows operating systems. MOVEit Crypto is supported on Windows 95/98/ME/NT 4.0/2000/XP. MOVEit Crypto provides an API featuring NIST-approved AES encryption, SHA-1 hashing, and pseudo-random number generation algorithms. The easy-to-use programming interface allows applications to be written without special code for details like block size, padding mode, and so on. MOVEit Crypto is a member of the MOVEit security and file transfer product family."
309	RSA Security, Inc. 177 Bovet Road Suite 200 San Mateo, CA 94402-3118 USA -Kathy Kriese TEL: 650-931-9781	RSA BSAFE Crypto-C ME Toolkit Module (Version 1.7) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	03/07/2003; 10/01/2004; 01/04/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000 (single user mode) -FIPS-approved algorithms: DSA (Cert. #72); Triple-DES (Cert. #135); AES (Cert. #26); SHA-1 (Cert. #121); RSA (PKCS #1, vendor affirmed); HMAC-SHA-1 (Cert. #121, vendor affirmed) -Other algorithms: DES (Cert. #186); SHA-2 (256, 384, 512); MD2; MD5; HMAC-MD5; RC2; RC4; RC5; Diffie-Hellman (key agreement); RSA (encryption/decryption) Multi-chip standalone "The Crypto-C ME Module is RSA Security, Inc.’s cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors while offering great flexibility and choice by allowing developers to select only the algorithms needed in reduced code sizes. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the high-performing RC5, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
308	Entrust, Inc. 1000 Innovation Drive Ottawa, Ontario K2K 3E7 Canada -Pierre Boucher TEL: 613-270-2599 FAX: 613-270-2504	Entrust Security Kernel Version 7.0 (Version 7.0) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Software	03/07/2003	Overall Level: 2  -Roles and Services: Level 2*; -EMI/EMC:Level 3; -Key Management: Level 2*; -Operating System Security: Tested as meeting Level 2 with Microsoft Windows NT 4.0 with SP6a, TCSEC C3-2-rated on a Compaq ProLiant 7000 Server; *When operated in the FIPS mode -FIPS-approved algorithms: Triple-DES (Cert. #6); AES (Cert. #10); HMAC-SHA-1 (Cert. #10, vendor affirmed); DSA/SHA-1 (Cert. #10); RSA (PKCS #1, vendor affirmed) -Other algorithms: DES (Cert. #56); DES MAC; RC2; RC4; IDEA; MD5; MD2; RIPEMD-160; HMAC-MD5; HMAC-RIPEMD-160; CAST; CAST3; CAST5; Diffie-Hellman (key agreement); Ephemeral-Static Diffie-Hellman; ECDSA (vendor affirmed, non-compliant) Multi-chip standalone "The Kernel is a C++ class library of cryptographic functions bound together by a common object-oriented Application Programming Interface (API). Depending on the configuration and runtime environment of the Kernel, the algorithms may be implemented in software, hardware, or a combination of both. The industry standard Cryptoki API, as described in PKCS #11, is used as the internal interface to hardware-based cryptographic tokens. Decisions are made at runtime whether to perform operations via cryptoki or in software, based on a table that records the crypto capabilities of particular hardware devices. This table is built up at runtime by querying the actual token through Cryptoki."
307	Symbol (Columbitech) 641 Alpha Drive Pittsburgh, PA 15238 USA -Bill Forrest TEL: 412-968-2200 FAX: 412-968-2269	WTLS Cryptographic Module (Software Versions 1.2, 1.3.1 and 1.3.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	03/07/2003; 03/14/2003; 03/20/2003; 05/23/2003; 03/30/2004; 03/11/2005; 09/12/2006	Overall Level: 1  -EMI/EMC: Level 3; -Design Assurance: Level 2; -Self Tests: Level 4; -Operating Environment: Tested as meeting Level 1 with Windows 2000, Windows XP, Windows NT4.0 and Windows CE3.0 -FIPS-approved algorithms: Triple-DES (Cert. #134); AES (Cert. #25); SHA-1 (Cert. #120); HMAC-SHA-1 (Cert. #120, vendor affirmed); RSA (PKCS #1, vendor affirmed) -Other algorithms: DES (Cert. #185); RSA (encrypt/decrypt); SHA-256; SHA-384; SHA-512; MD5; HMAC-MD5 Multi-chip standalone "Symbol Technologies Inc is using the WTLS Cryptographic Module in the AirBEAM® Safe product, a software only VPN solution built on standards, installable today, without any proprietary adjustments, and extendable for any future needs and technologies. In summary, AirBEAM® Safe benefits include strong security framework, using an advanced architecture with PKI support, true end-to-end security, authentication outside the firewall; optimized wireless performance using advanced data compression; convenience of always-on connectivity and seamless roaming between different public networks, LAN/WLAN/GPRS. Supported clients; PPC 2002, Windows 2000/XP Supported servers: Windows 2000/NT 4.0"
306	Lucent Technologies, Inc. 101 Crawfords Corner Road Room 4D-218 Holmdel, NJ 07733 USA -Steve Reustle TEL: 732-332-6281 FAX: 732-949-1373	Brick 1000 (Software Version 6.0.554, Hardware Version 1000, Part #300533882) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	03/07/2003	Overall Level: 2  -Roles and Services: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #108); DSA (Cert. #62); SHA-1 (Certs. #96) -Other algorithms: DES (Certs. #166); MD5; RC4; HMAC-SHA-1; Diffie-Hellman (key agreement) Multi-chip standalone "The Brick 1000 is a carrier-grade integrated firewall and virtual private network (VPN) gateway appliance specifically designed for web/application data center security, large-scale managed security services, and remote access VPN services. Called the Brick because of its rugged, reliable design, this is an ideal platform for service providers seeking wide scalability, ready manageability, and industryleading performance."
305	Lucent Technologies, Inc. 101 Crawfords Corner Road Room 4D-218 Holmdel, NJ 07733 USA -Steve Reustle TEL: 732-332-6281 FAX: 732-949-1373	Brick 1000 with Encryption Accelerator Card (Software Version 6.0.554, Hardware Version 1000, Part #300533890) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	03/07/2003	Overall Level: 2  -Roles and Services: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #108 and #111); DSA (Cert. #62); SHA-1 (Certs. #16 and #96) -Other algorithms: DES (Certs. #43 and #166); MD5; RC4; HMAC-SHA-1; Diffie-Hellman (key agreement) Multi-chip standalone "The Brick 1000 is a carrier-grade integrated firewall and virtual private network (VPN) gateway appliance specifically designed for web/application data center security, large-scale managed security services, and remote access VPN services. Called the Brick because of its rugged, reliable design, this is an ideal platform for service providers seeking wide scalability, ready manageability, and industryleading performance."
304	Lucent Technologies, Inc. 101 Crawfords Corner Road Room 4D-218 Holmdel, NJ 07733 USA -Steve Reustle TEL: 732-332-6281 FAX: 732-949-1373	Brick 201 (Software Version 6.0.554, Hardware Version 201, Part #300546884) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	03/07/2003	Overall Level: 2  -Roles and Services: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #108); DSA (Cert. #62); SHA-1 (Certs. #96) -Other algorithms: DES (Certs. #166); MD5; RC4; HMAC-SHA-1; Diffie-Hellman (key agreement) Multi-chip standalone "The Brick 201 is a carrier-grade integrated firewall and virtual private network (VPN) gateway appliance specifically designed for web/application data center security, large-scale managed security services, and remote access VPN services. Called the Brick because of its rugged, reliable design, this is an ideal platform for service providers seeking wide scalability, ready manageability, and industryleading performance."
303	Lucent Technologies, Inc. 101 Crawfords Corner Road Room 4D-218 Holmdel, NJ 07733 USA -Steve Reustle TEL: 732-332-6281 FAX: 732-949-1373	Brick 201 with Encryption Accelerator Card (Software Version 6.0.554, Hardware Version 201, Part #300546892) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	03/07/2003	Overall Level: 2  -Roles and Services: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #108 and #111); DSA (Cert. #62); SHA-1 (Certs. #16 and #96) -Other algorithms: DES (Certs. #43 and #166); MD5; RC4; HMAC-SHA-1; Diffie-Hellman (key agreement) Multi-chip standalone "The Brick 201 is a carrier-grade integrated firewall and virtual private network (VPN) gateway appliance specifically designed for web/application data center security, large-scale managed security services, and remote access VPN services. Called the Brick because of its rugged, reliable design, this is an ideal platform for service providers seeking wide scalability, ready manageability, and industryleading performance."
302	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nForce 150 SCSI and nForce 400 SCSI (Firmware Versions 2.0.0, 2.0.2, 2.0.4 and 2.0.5, Hardware Versions nC3022W-150 and nC3022W-400, Build Standard D) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/07/2003; 05/09/2003; 01/23/2004	Overall Level: 2  -Roles, Services, and Authentication: Level 2 or 3*; -Cryptographic Module Ports and Interfaces: Level 2 or 3*; -Cryptographic Key Management: Level 2 or 3*; *Level Conditional on configuration as per Security Policy -FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; EI-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip standalone "The nCipher nForce SSL family of secure e-commerce accelerators improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, ecommerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging."
301	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nForce 150 PCI and nForce 300 PCI (Firmware Versions 2.0.0, 2.0.2, 2.0.4 and 2.0.5, Hardware Versions nC3022P-150 and nC3022P-300, Build Standard E) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/07/2003; 05/09/2003; 01/23/2004	Overall Level: 2  -Roles, Services, and Authentication: Level 2 or 3*; -Physical Security: Level 3; -Cryptographic Module Ports and Interfaces: Level 2 or 3*; -Cryptographic Key Management: Level 2 or 3*; *Level Conditional on configuration as per Security Policy -FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; EI-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip embedded "The nCipher nForce SSL family of secure e-commerce accelerators improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, ecommerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging."
300	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 SCSI, nShield F3 Ultrasign SCSI and nShield F3 Ultrasign 32 SCSI and payShield (Firmware Versions 2.0.0, 2.0.2, 2.0.4 and 2.0.5, Hardware Versions nC4032W-150, nC4032W-400 and nC4132W-400, Build Standard DP) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/07/2003; 05/09/2003; 01/23/2004	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; EI-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip standalone "The nCipher nShield "SEE Ready" range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
299	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F2 SCSI, nShield F2 Ultrasign SCSI and nShield F2 Ultrasign 32 SCSI (Firmware Versions 2.0.0, 2.0.2, 2.0.4 and 2.0.5, Hardware Versions nC4022W-150, nC4022W-400 and nC4122W-400, Build Standard DR) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/07/2003; 05/09/2003; 01/23/2004	Overall Level: 2  -Roles, Services, and Authentication: Level 2 or 3*; -EMI/EMC: Level 3; -Cryptographic Module Ports and Interfaces :Level 2 or 3*; -Cryptographic Key Management: Level 2 or 3*; *Level conditional on configuration as per Security Policy -FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; EI-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip standalone "The nCipher nShield "SEE Ready" range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
298	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F2 PCI, nShield F2 Ultrasign PCI and nShield F2 Ultrasign 32 PCI (Firmware Versions 2.0.0, 2.0.2, 2.0.4 and 2.0.5, Hardware Versions nC4022P-150, nC4022P-300 and nC4122P-300, Build Standard ER) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/07/2003; 05/09/2003; 01/23/2004	Overall Level: 2  -Roles, Services, and Authentication: Level 2 or 3*; -Physical Security: Level 3; -Cryptographic Module Ports and interfaces: Level 2 or 3*; -Cryptographic Key Management: Level 2 or 3*; *Level conditional on configuration as per Security Policy -FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; EI-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip embedded "The nCipher nShield "SEE Ready" range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
297	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 PCI, nShield F3 Ultrasign PCI and nShield F3 Ultrasign 32 PCI (Firmware Versions 2.0.0, 2.0.2, 2.0.4 and 2.0.5, Hardware Versions nC4032P-150, nC4032P-300 and nC4132P-300, Build Standard ER) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/07/2003; 05/09/2003; 01/23/2004	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; EI-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip embedded "The nCipher nShield "SEE Ready" range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
296	Atalla Security Products of Hewlett Packard Corporation 10555 Ridge View Court Cupertino, CA USA -Denise Santos TEL: 800-523-9981 FAX: 408-285-2221	Atalla Cryptographic Engine (ACE) (ACE Product 524103 Rev. F, ACE Hardware 429728-006 Rev. H, Loader Software 523044-004 Rev. D) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/07/2003; 03/18/2003	Overall Level: 3  -Physical Security: Level 3 +EFP; -Self Tests: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #128); SHA-1 (Cert. #112); Triple-DES MAC (Cert. #128, vendor affirmed) -Other algorithms: MD5; RIPEMD; RSA (PKCS#1 Version 2 for decryption) Multi-chip embedded "The Atalla Cryptographic Engine (ACE) is a multichip module that provides state of the art, secure cryptographic processing. The ACE features secure key management and storage capabilities, and also provides high performance Triple DES processing and Public Key Infrastructure support required to support a broad range of payment and authentication applications. The ACE is used in the Atalla A10100, A9100, and A8100 Network Security Processors Series products."
295	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nCipher 800 PCI and nCipher 1600 PCI (Firmware Versions 2.0.1-2 and 2.0.5-2, Hardware Versions nC3033-800 and nC3033-1K6, Build Standard C) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/07/2003; 01/23/2004	Overall Level: 2  -Roles, Services, and Authentication: Level 3; -Physical Security: Level 3; -EMI/EMC: Level 3; -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert.#109); Triple-DES MAC (Cert. #109, vendor affirmed); AES (Cert. #15); DSA (Cert. #60); SHA-1 (Cert. #95); HMAC-SHA-1 (Cert. #95, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #173); DES MAC (Cert. #173); ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD 160); SHA-256; SHA-384; SHA-512; RIPEMD 160; EI-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; MD2; MD5; SEED; KCDSA; HSA 160 Multi-chip embedded "The nCipher nForce II secure e-Commerce SSL family of secure ecommerce accelerators are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nForce modules: nForce 800, nForce 1600 are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
294	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nCipher 800 PCI and nCipher 1600 PCI (Firmware Versions 2.0.1-3 and 2.0.5-3, Hardware Versions nC3033-800 and nC3033-1K6, Build Standard C) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/07/2003; 01/23/2004	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert.#109); Triple-DES MAC (Cert. #109, vendor affirmed); AES (Cert. #15); DSA (Cert. #60); SHA-1 (Cert. #95); HMAC-SHA-1 (Cert. #95, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #173); DES MAC (Cert. #173); ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD 160); SHA-256; SHA-384; SHA-512; RIPEMD 160; EI-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; MD2; MD5; SEED; KCDSA; HSA 160 Multi-chip embedded "The nCipher nForce II secure e-Commerce SSL family of secure ecommerce accelerators are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nForce modules: nForce 800, nForce 1600 are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
293	Aladdin Knowledge Systems, Ltd. 15 Beit Oved Street Tel Aviv, 61110 Israel -Leedor Agam TEL: +972 3636 2222 FAX: +972 3537 5796	eToken PRO 32K (Version 4.2.5.4) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	02/13/2003	Overall Level: 2  -Roles and Services: Level 3; -EMI/EMC: Level 3; -Key Management: Level 3; -Module Interfaces: Level 3; -Software Security: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #153); Triple-DES MAC; SHA-1 (Cert. #118); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #199); DES MAC; RSA (encryption/decryption, PKCS#1) Multi-chip standalone "The eToken PRO is a fully portable USB device the size of an average house key offering a cost-Effective method for authenticating users when accessing a network and for securing electronic business applications. The eToken PRO can generate and store users' personal credentials, such as private keys, passwords and digital certificates, inside the protected environment of the token itself. Users' private keys never leave the token."
292	Aladdin Knowledge Systems, Ltd. 15 Beit Oved Street Tel Aviv, 61110 Israel -Leedor Agam TEL: +972 3636 2222 FAX: +972 3537 5796	eToken PRO 32K HD (Version 4.2.5.4.HD) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	02/13/2003	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert.#153); Triple-DES MAC; Triple-SHA-1 (Cert. #118); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #199); DES MAC; RSA (encryption/decryption, PKCS#1) Multi-chip standalone "The eToken PRO is a fully portable USB device the size of an average house key offering a cost-effective method for authenticating users when accessing a network and for securing electronic business applications. The eToken PRO can generate and store users' personal credentials, such as private keys, passwords and digital certificates, inside the protected environment of the token itself. Users' private keys never leave the token."
291	Aladdin Knowledge Systems, Ltd. 15 Beit Oved Street Tel Aviv, 61110 Israel -Leedor Agam TEL: +972 3636 2222 FAX: +972 3537 5796	eToken PRO 16K (Version 4.1.5.4) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	02/13/2003	Overall Level: 2  -Roles and Services: Level 3; -EMI/EMC: Level 3; -Key Management: Level 3; -Module Interfaces: Level 3; -Software Security: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #152); Triple-DES MAC; SHA-1 (Cert. #118); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #198); DES MAC; RSA (encryption/decryption, PKCS#1) Multi-chip standalone "The eToken PRO is a fully portable USB device the size of an average house key offering a cost-Effective method for authenticating users when accessing a network and for securing electronic business applications. The eToken PRO can generate and store users' personal credentials, such as private keys, passwords and digital certificates, inside the protected environment of the token itself. Users' private keys never leave the token."
290	Aladdin Knowledge Systems, Ltd. 15 Beit Oved Street Tel Aviv, 61110 Israel -Leedor Agam TEL: +972 3636 2222 FAX: +972 3537 5796	eToken PRO 16K HD (Version 4.1.5.4.HD) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	02/13/2003	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #152); Triple-DES MAC; SHA-1 (Cert. #118); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #198); DES MAC; RSA (encryption/decryption, PKCS#1) Multi-chip standalone "The eToken PRO is a fully portable USB device the size of an average house key offering a cost-effective method for authenticating users when accessing a network and for securing electronic business applications. The eToken PRO can generate and store users' personal credentials, such as private keys, passwords and digital certificates, inside the protected environment of the token itself. Users' private keys never leave the token."
289	RSA Security, Inc. 177 Bovet Road Suite 200 San Mateo, CA 94402-3118 USA -Kathy Kriese TEL: 650-931-9781	RSA BSAFE® Crypto-J Toolkit Module (Version 3.3.4.2) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate Vendor Product Link	Software	02/04/2003; 10/01/2004; 12/14/2004; 12/16/2004; 01/04/2008	Overall Level: 1  -Operating System Security: Tested as meeting Level 1 with Windows NT SP 6 (single user mode), JVM v1.3.1, JRE v1.3.1 -FIPS-approved algorithms: Triple-DES (Cert. #112); AES (Cert. #45); SHA-1 (Cert. #97); DSA (Cert. #63); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #168); DESX; RC2; RC4; RC5; MD2; MD5; HMAC-SHA-1 (Cert #97); Diffie-Hellman (key agreement); Base64 Multi-chip standalone "The Crypto-J Module is a Java-language software development kit that allows software and hardware developers to incorporate encryption technologies directly into their products. The tested Crypto-J Module is a Java-language API available as a Java ARchive, or JAR, file."
288	Tumbleweed Communications Corp. 700 Saginaw Drive Redwood City, CA 94063 USA -Ann Smith TEL: 703-248-6931 FAX: 703-248-6932	ValiCert Security Module (SW Version 1.0) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Software	02/04/2003; 06/10/2004	Overall Level: 1  -Operating System Security: Tested as meeting Level 1 with Microsoft Windows 2000 Server, SUN Solaris 2.8 (single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #83); SHA-1 (Cert. #72); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #72, vendor affirmed) -Other algorithms: DES (Cert. #144); MD2; MD5; RC2; RC4; RSA encryption (key distribution) Multi-chip standalone "The ValiCert VA Toolkit 4.3 is built on our FIPS 140-1 cryptographic module. The 4.3 toolkit release has several new APIs and features. The library is also used within ValiCert Desktop Validator, Server Validators, Enterprise Validation Server, Document Authority, and Secure Transport Products. New features in VA Toolkit 4.3 include New APIs for fetching CRLs; Extended APIs for Certificate-Store ; Extended support for CRLs ; JITC compliance features ; TLS ; SSL Tunneling via Proxy Servers. The 4.3 release and prior releases support OCSP, SCVP, CRL, CRLdp protocols over HTTP, and HTTPS. The VA Toolkit 4.3 supports Windows 98/ NT/2000, Solaris 5.6/5.7/5.8, HP UX 11.0, and AIX 4.3. The Toolkit works along with FIPS 140-1 Level 3 and Level 4 validated hardware devices: e.g. nCipher, Baltimore, and Chrysalis-ITS hardware signing / encryption modules. The toolkit is also tested for interoperability with various PKI vendors: AOL/Netscape, Sun/Iplanet, Entrust, Baltimore, Verisign, Computer Associates and RSA Security products."
287	Mykotronx, Inc. 357 Van Ness Way Suite 200 Torrance, CA 90501 USA -B. Yamamoto TEL: 310-533-8100	82A FORTEZZA Crypto Card (HW PN 650000-3 Version 6, FW Version 3) Validated to FIPS 140-1 Security Policy Certificate Vendor Product Link	Hardware	02/04/2003	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: DSA (Cert. #58); SHA-1 (Cert. #86); Skipjack (Certs. #7 and #10) -Other algorithms: KEA Multi-chip standalone "The Mykotronx 82A FORTEZZA Crypto Card provides cryptographic security and authentication methods in a PC Card hardware token for government and commercial applications. Self- contained, standardized, and easily integrated, the 82A FORTEZZA Crypto Card enables portable security, with onboard storage of user credentials, keys, and digital certificates."
286	Novell, Inc. 1800 South Novell Place Provo, UT 84606 USA -Developer Support TEL: 801-861-7000	Novell International Cryptographic Infrastructure (NICI) (Software Version 2.4.0) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Software	01/17/2003; 01/22/2003; 01/31/2006	Overall Level: 2  -EMI/EMC: Level 3 -Operating System Security: Tested as meeting Level 2 with Sun SPARC Ultra-10 running Sun Solaris 8 Operating System (EAL 4 configuration) -FIPS-approved algorithms: Triple-DES (Cert. #120); AES (Cert. #13); DSA (Cert. #66); SHA-1 (Cert. #104); RSA (signature generation/verification: ANSI X9.31, vendor affirmed); HMAC-SHA-1 (Cert. #104, vendor affirmed) -Other algorithms: DES (Cert. #175); Diffie-Hellman (key agreement); RSA (encryption/decryption, PKCS#1); RSA (key-distribution); MD2; MD4; MD5; HMAC-MD5; RC2; RC4; RC5; CAST128; Password Based Encryption (PKCS#12); UNIX Crypt; LMdigest (CIFS); TLS-KeyExchange-RSASign; NetWarePassword (Novell) Multi-chip standalone "Novell International Cryptographic Infrastructure (NICI) for Solaris is a cryptographic module providing keys, algorithms, various key storage and usage mechanisms, and a large-scale key management system. Supported Novell services utilizing NICI includes eDirectory, Novell Modular Authentication Service (NMAS), Public Key Infrastructure Services, Novell SecretStore, and TLS/SSL."
285	M/A Com, Inc. 221 Jefferson Ridge Parkway Lynchburg, VA 24501 USA -Greg Farmer TEL: 434-455-6600 FAX: 434-455-6851	Jaguar 700P/Pi (HW P/Ns [HA8ESE, HA8ETE, HA8MSE, HA8MTE, HA8SSE, HA8STE, HA8TSE and HA8TTE], FW Version i6r06a01.dsp) Revoked DES Transition Ended Security Policy Certificate	Hardware	01/17/2003; 02/12/2003	Overall Level: 1  -FIPS-approved algorithms: -Other algorithms: DES (Cert. #141) Multi-chip standalone "Portable, 64-bit Encryption, EDACS JAGUAR 700P, 800MHZ, 128 SYSTEMS/GROUPS, DATA ENABLED EDACS radio. System and Scan version, with Intrinsically Safe (IS), and Immersion options."
284	NetScreen Technologies, Inc. 805 11th Avenue Bldg. 3 Sunnyvale, CA 94089 USA -Lee Klarich TEL: 408-543-8209 FAX: 408-543-8200	NetScreen-204 and NetScreen-208 (Hardware PN's NS-204 and NS-208, Version 0110(0), Software ScreenOS 3.1.0) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate Vendor Product Link	Hardware	01/17/2003; 02/21/2003; 06/03/2003	Overall Level: 2  -Software Security: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #49 and #118); SHA-1 (Certs. #44 and #103); DSA (Cert. #44); AES (Certs. #11 and #12); HMAC-SHA-1 (Cert. #44, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Certs. #114 and #174); RC2; RC4; MD5; RSA (Encryption and Decryption); Diffie-Hellman (key agreement) Multi-chip standalone "NetScreen-204 and NetScreen-208 are purpose-built internet security appliances that deliver firewall, VPN, and traffic shaping optimized for the most demanding environments such as medium and large enterprise offices, e-business sites, data centers, and carrier infrastructures."
283	Simple Access Inc. 7755 Boul. Henri Bourassa Ouest Saint-Laurent, Québec H4S 1P7 Canada -Gatéan Haché TEL: 514-335-7676 FAX: 514-335-2099	SSL-100 SDK Accelerator (Hardware Revision 2.0.1.4a, Firmware Version 1.1B) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	01/17/2003	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #122); DSA (Cert. #67); SHA-1 (Cert. #106); RSA (PKCS#1, vendor affirmed) -Other algorithms: MD5; Diffie-Hellman (key agreement) Multi-chip embedded "The Simple Access SSL-100 SDK is a high performance drop-in accelerator card that processes up to 4000 1024-bit RSA keys/second. A single SSL-100 SDK will allow a Web server to achieve sustained throughput of up to 1600 new SSL connections per second using 1024-bit operands. The SSL-100 SDK offloads SSL processing and the huge cryptographic computations from the server, freeing the CPU to respond immediately to transactions. This solution eliminates dropped connections, failed transactions and slow response times thereby maintaining user loyalty to transactional Web sites."

Need Assistance?