I can confirm that there is no new code or hardware inside the "cryptographic boundary" as validated by FIPS compared to the most recent release of our PCI cards; all necessary changes to the HSM were put in before the last re-validation of the cards. The UI components themselves are outside the cryptographic boundary. That said, communication with the HSM thought the screen and input devices on the front panel does NOT pass through the computer inside the case but instead goes through a micro-controller and into the serial port on the PCI card HSM. This is analogous to the way things have always been with out smart card readers plugged into the HSM which themselves were not FIPS certified.
I hope this makes things a little clearer.
Cheers,
Nicko van Someren
CTO, nCipherOn Monday, Oct 6, 2003, at 19:11 Europe/London, R. A. Hettinga wrote:
--- begin forwarded text
Status: U To: "R. A. Hettinga" <[EMAIL PROTECTED]> Subject: Re: nCipher netHSM From: Ronald Perez <[EMAIL PROTECTED]> Date: Mon, 6 Oct 2003 13:32:48 -0400
This looks like new packaging of an old/previously-announced product.
The NIST FIPS 140 site (http://csrc.nist.gov/cryptval/140-1/1401val2003.htm) does not list this device as having undergone any FIPS validation. And from the pictures and specs, it looks like what they did was to put one of their FIPS validated PCI cards into a 1U rack-mount format box -- along with one or two 10/100 Ethernet connections, an LCD display, keyboard input, and some other buttons and knobs (all of which have not gone through a FIPS validation no doubt).
-Ron
--- end forwarded text
-- ----------------- R. A. Hettinga <mailto: [EMAIL PROTECTED]> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
