Banco Central de Costa Rica

|/js/Menu_Izquierda_eng.htm

Homologation of cryptographic devices

 

SINPE’s Certifying Authority (CA SINPE - Private individual) maintains a permanently open process for homologation of cryptographic devices.

 

All those interested in homologating such devices should submit a written request to the Banco Central de Costa Rica’s Payment Systems Division, satisfying the following requirements:

 

 Región de Acordeón

Certification from the cryptographic device provider

A certification from the provider of the Hardware Security Module - HSM must be requested, certifying that said device has a FIPS-140-2 l3 and/or CC EAL4 + SSDC certification.

Information about the cryptographic device

You must request the brochure of the device’s manufacturer from the provider, where the following features must be specified (if it has them):

 

-Signatures/transactions per second

-Backup support

-Support for partitions

-Support for pooling

-Support for high availability

-Unattended operation (automatic partition activation)

-Operating systems supported by the device

Operating System

In cases in which the device is supported by several families of operating systems (Windows, Linux), the provider must present a request for a test certificate generated using the device in all supported operating systems, indicated in the above step, to validate compliance with CA requirements.

 

-Request in Linux: request additional technical information from the provider, certifying that private keys associated with the generated request are stored in the cryptographic device (contents of the partition and/or device, general information about the device, among others).

Guide for generating a request

Describes the steps to follow to generate a request for a corporate certificate, to homologate the cryptographic devices (HSM). See request guide (Spanish)

 

 

List of homologated devices

 

 

Feitian

Characteristics

 

Model

ePass Token 1.0.0

Firmware version

1.0.0

FIPS 140-2 level 3

Yes

Connectivity

USB

Signatures per second (2048 bit key)

0.7

Backups

No

Partitions

No

Pooling

No

High availability

No

Unattended operation

No

Windows Operating System

Yes

Linux Operating System

Yes

 

 

Gemalto- Safenet

Characteristics

 

 

Model

Luna G5*

Luna SA5 ***

Firmware version

2.4.3

4.7.6

FIPS 140-2 level 3

Yes

Yes

Connectivity

USB**

Network

Signatures per second (2048 bit key)

100 to 125

1.000 to 1.200

Backups

Yes

Yes

Partitions

No

Yes

Pooling

Yes

Yes

High availability

Yes

Yes

Unattended operation

Yes

Yes

Windows Operating System

Yes

Yes

Linux Operating System

Yes

Yes

 

Notes:

* Backups in keys of these devices require acquisition of separate backup.

** High-availability configuration assumes that there is a physical connection (USB) of 2 or more cryptographic devices to the same server that stores the digital certificate.

*** Each partition stores a certificate with its respective private key.

 

 

Thales

Characteristics

 

 

 

 

 

 

Model

nShield Connect 500+

nShield Connect 1500+

nShield Connect 6000+

nShield Solo 500+

nShield Solo 6000+

nShield Edge F3

Firmware version

2.51.10-3

2.55.1-3

2.51.10-3

2.55.1-3

2.51.10-3

2.55.1-3

2.51.10-3

2.55.1-3

2.51.10-3

2.55.1-3

2.50.17-3

2.51.10-3

2.50.35-3

2.55.1-3

FIPS 140-2 level 3

Yes

Yes

Yes

Yes

Yes

Yes

Connectivity

Ethernet

Ethernet

Ethernet

PCIe

PCIe

USB

Signatures per second (2048-bit key)

150

450

3000

150

3000

2

Backups

Yes

Yes

Yes

Yes

Yes

Yes

Partitions

Yes

Yes

Yes

Yes

Yes

Yes

Pooling

Yes

Yes

Yes

Yes

Yes

Yes

High availability

Yes

Yes

Yes

Yes

Yes

No

Unattended operation

Yes

Yes

Yes

No

No

Yes

Windows Operating System

Yes

Yes

Yes

Yes

Yes

Yes

Linux Operating System

Yes

Yes

Yes

Yes

Yes

Yes

 

 

 

 

 

 

structure image
Banco Central de Costa Rica © 2014.