nCipher netHSM

Nicko van Someren nicko at ncipher.com
Tue Oct 7 09:51:58 EDT 2003 

Ronald,

	I can confirm that there is no new code or hardware inside the 
"cryptographic boundary" as validated by FIPS compared to the most 
recent release of our PCI cards; all necessary changes to the HSM were 
put in before the last re-validation of the cards.  The UI components 
themselves are outside the cryptographic boundary.  That said, 
communication with the HSM thought the screen and input devices on the 
front panel does NOT pass through the computer inside the case but 
instead goes through a micro-controller and into the serial port on the 
PCI card HSM.  This is analogous to the way things have always been 
with out smart card readers plugged into the HSM which themselves were 
not FIPS certified.

	I hope this makes things a little clearer.

	Cheers,
		Nicko van Someren
		CTO, nCipher

On Monday, Oct 6, 2003, at 19:11 Europe/London, R. A. Hettinga wrote:

>
> --- begin forwarded text
>
>
> Status:  U
> To: "R. A. Hettinga" <rah at shipwright.com>
> Subject: Re: nCipher netHSM
> From: Ronald Perez <ronpz at us.ibm.com>
> Date: Mon, 6 Oct 2003 13:32:48 -0400
>
>
> This looks like new packaging of an old/previously-announced product.
>
> The NIST FIPS 140 site 
> (http://csrc.nist.gov/cryptval/140-1/1401val2003.htm) does not list 
> this device as having undergone any FIPS validation. And from the 
> pictures and specs, it looks like what they did was to put one of 
> their FIPS validated PCI cards into a 1U rack-mount format box -- 
> along with one or two 10/100 Ethernet connections, an LCD display, 
> keyboard input, and some other buttons and knobs (all of which have 
> not gone through a FIPS validation no doubt).
>
> -Ron
>
> --- end forwarded text
>
>
> -- 
> -----------------
> R. A. Hettinga <mailto: rah at ibuc.com>
> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
> 44 Farquhar Street, Boston, MA 02131 USA
> "... however it may deserve respect for its usefulness and antiquity,
> [predicting the end of the world] has not been found agreeable to
> experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list