Checklist for Products with Encryption

GENERAL INFORMATION






Product Description:

SPECIAL LIMITED USES OF ENCRYPTION

1. Is the product a "personalized smart card" where the cryptographic capability is restricted for use in equipment or systems described below?     Yes   No

2. Is this product receiving equipment for radio broadcast, pay television or similar restricted audience television of the consumer type, without digital encryption except that exclusively used for sending the billing or program-related information back to the broadcast providers?  Yes    No

3. Is this product a portable or mobile radiotelephone for civil use (e.g., for use with commercial civil cellular radio communications systems) and not capable of end-to-end encryption?  Yes  No

4. Is this product equipment where the cryptographic capability is not user-accessible and which is specially designed and limited to allow:

a.) Execution of copy-protected software?   Yes  No
Access to any of the following:
b.) Copy-protected read-only media ?    Yes  No
c.) Information stored in encrypted form on media (e.g., in connection with the protection of intellectual property rights) where the media is offered for sale in identical sets to the public?  

 

 Yes  No
d.) One-time encryption of copyright protected audio/video data?  Yes  No

5.  Is this product cryptographic equipment specially designed and limited for banking use or money transactions?    Yes  No

If yes, please describe how this product is limited to banking/money transactions.

6. Is this product cordless telephone equipment not capable of end-to-end encryption where the maximum effective range of unboosted cordless operation (e.g., a single, unrelayed hop between terminal and home basestation) is less than 400 meters according to the manufacturer's specifications?    Yes  No

 

ACCESS CONTROL / AUTHENTICATION  / FIXED CODING TECHNIQUES

1.   Is this product’s use of cryptography limited to authentication or digital signatures?   Yes  No

2.  Is this product’s use of cryptography limited to fixed data compression or coding techniques?  Yes  No


ENCRYPTION FOR PRIVACY / SECURE COMMUNICATIONS

1.Describe the symmetric and asymmetric encryption algorithms and key lengths and how the algorithms are used (e.g., 56-bit DES, 168-bit 3DES, 128-bit RC4, 448-bit Blowfish, etc.). 
 Specify which encryption modes are supported (e.g., cipher feedback mode or cipher block chaining mode).

2. State the key management algorithms, including modulus sizes, that are supported (e.g., 512-bit RSA, 1024-bit Diffie-Hellman, etc.).

3. If using a proprietary algorithm, include a textual description of the algorithm and send the source code of the algorithm to terri@t-b.com.  

4. Describe the pre-processing methods (e.g., data compression [LZS, Deflate, etc.] or data interleaving) that are applied to the plaintext data prior to encryption.

5.Describe the post-processing methods (e.g., packetization, encapsulation) that are applied to the cipher text data after encryption.

6. List the communication protocols (e.g., X.25, Telnet or TCP) and encryption protocols (e.g., SSL, IPSEC or PKCS standards) that are supported.

7. Does this product contain an open cryptographic interface?   Yes  No

If yes, describe briefly

8. Does this product contain a cryptographic interface that implements a fixed set of cryptographic algorithms, key lengths or key exchange management systems, that cannot be changed?  Yes No

If yes, describe briefly

9.Does this product contain a general application programming interface (e.g., one that accepts either a cryptographic or non-cryptographic interface but does not itself maintain any cryptographic functionality)?
  Yes  No

10.     a.)Are the cryptographic routines statically or dynamically linked?   Static Dynamic

b.) Describe the routines (if any) that are provided by third-party modules or libraries. 

c.) Identify the third-party manufacturers of the modules or toolkits.

11. For commodities or software using Java byte code, describe the techniques that are used to protect against decompilation and misuse.
 

12. Explain how the product precludes user modification of the encryption algorithms, key management and key space.

13. Is this product:

a.) A retail operating system? Yes  No
b.) Part of a retail operating system? Yes  No
c.) A desktop application (i.e., browser, e-mail, word processing, database, game or financial application) for personal computers, laptops or handheld devices? Yes  No
d.) A component or software designed for use in retail wireless communication devices? Yes  No

14. If this product uses an encryption algorithm with a key length less than or equal to 64-bits, answer the following:

a.) Is the product generally available to the public Yes  No
b.) Does the product require substantial support for installation and use (beyond phone support, e.g. requiring a service contract)? Yes  No

15. If this product uses an encryption algorithm with a key length greater than 64-bits, answer the following:  

a.) Is this a finance-specific product restricted by design and used to secure financial communications such as electronic commerce (i.e., the SET protocol)? Yes  No
b.) Is the product generally available to the public? Yes  No
c.) Is the product sold in tangible form through retail outlets independent of the manufacturer? Yes  No
d.) If yes, list the potential Retail Outlets.
e.) Is the product specifically designed for individual consumer use and sold or transferred through tangible or intangible means? Yes  No
f.) Explain how the product will be used and by what type of customer.
g.) Describe how the product will be sold/distributed (e.g. Retail outlets, OEM, S/W Download, etc.
h.) Will the product be sold in large volume (i.e., over 1000 units/month) without restriction through mail order transactions, electronic transactions, or telephone call transactions? Yes  No
i.) Please list estimated monthly volume in quantity of product to be sold worldwide (base information on prior sales of non-encryption version or similar product).

j.) Check all that apply to this product:

  The cryptographic functionality cannot be easily changed by the user.

  Does not require substantial support for installation and use (beyond phone support, e.g. requiring a service contract).

  The cryptographic functionality has not been modified or customized to customer specification.

  The product is not network a infrastructure product such as a high end router (e.g. faster than T1 or E1 WAN interfaces) or switch designed for large volume communications.

ENCRYPTION COMPONENTS

1. Describe the application the component is used in, if known.

2. Is there is a general programming interface to the component?  Yes  No

3.  Is the component is constrained by function?   Yes  No

4. If a 3rd party component, please include the name of the manufacturer, component model number or other identifier.

SOURCE CODE

If source code will be exported, please complete the following:

1. Has the executable (object code) product previously been reviewed by the government? Yes No
   If yes, when? 
   

2. Has the source code has been modified since the review of the executable product?     Yes No
   If yes, include the technical details on how the source code was modified.
   

3. Please paste a copy of the sections of the source code that contain the encryption algorithm, key management routines and their related calls below or send them to terri@t-b.com.
   

 

PLEASE SEND A DATASHEET/BROCHURE FOR THIS PRODUCT TO terri@t-b.com OR PROVIDE A URL FOR PRODUCT INFORMATION