C005590_01_CR2500_CR3500_User Manual_Appendix H
1
The FIPS versions of the Code Reader 2500 FIPS (CR2500 FIPS), Code Reader 3500 FIPS (CR3500 FIPS) and CodeXML® FIPS
Bluetooth® Modem (hereaer referred to as the modules) are bar code reading devices that have passed the rigorous
tesng of the FIPS 140-2 standard. The modules use FIPS approved AES-256 algorithms to encrypt data transmied
wirelessly between the reader and modem.
The versions of the FIPS modules are as follows:
• Code Reader 2500 – 2512FIPS_01 using rmware 4641
• Code Reader 3500 – 3512FIPS_01 using rmware 4641
• CODE FIPS Bluetooth Modem – BTHDFIPS-M2_01 using rmware 0187
The FIPS modules are based on the standard CR2500, CR3500, and CodeXML® Bluetooth® Modem. Therefore most
operaon quesons can be answered in the User Manual for those devices. This document will call out the dierences
in behavior and operaon of the FIPS modules.
Chapter 1 – What you need to know about FIPS Mode
The FIPS modules must be used in a CR2500 FIPS /CodeXML® FIPS Bluetooth® Modem or CR3500 FIPS/CodeXML® FIPS
Bluetooth® Modem pair while in FIPS mode. FIPS mode is dened as a reader and modem paired together;
transming data encrypted with FIPS approved AES algorithms. In order to achieve FIPS mode the reader and modem
must be inialized with passwords for two dierent roles – Cryptographic Ocer (CO) and Reader – plus a Key
Encrypon Key (KEK) that is used to encrypt transmissions of passwords and keys between the reader and modem. The
readers and modem come with a default password installed for the CO role. The default password cannot be used to
transmit encrypted data and must be updated through the Inializaon process. The CO and Reader roles can’t be
inialized to the same password. Once inialized you may authencate the CO role or the Reader role by expressly
reading a bar code containing the corresponding password. The roles have dierent purposes and a dierent set of
services that are available to them in the FIPS process, as explained below.
Roles
Cryptographic Ocer (CO) – this role can request the following FIPS services:
1. Authencate to the modules
2. Inialize the modules with new CO and Reader passwords and a new Key Encrypon Key (KEK)
3. Zeroizaon of non-default passwords and KEK
Reader – this role can request the following FIPS services:
1. Authencate to the modules
2. Transmit encrypted data between the reader and the modem
3. Zeroizaon of a non-default passwords and KEK
Services
Authencaon – This is the service where a role can prove it is authorized to access the modules. Only the CO role can
authencate to the modules using the default password. Either role can authencate to either module as long as the CO
has inialized the modules with new passwords and KEK. Acvaon of this service is accomplished through reading a
Data Matrix bar code that contains the Authencaon command plus the password of the role wishing to authencate.
Code FIPS Overview
(62 strony)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentarze do niniejszej Instrukcji