Code CR2500 Code FIPS User Manual
Page 6
C005590_01_CR2500_CR3500_User Manual_Appendix H
5
The code below shows the Authentication .crb file that contains a new value for the CO password. This code is provided
as an example only and Code Corporation recommends that the password below never be used in your production
environment. This is an example based on the Reader password ‘NewRPass’.
; 8/5/2010 20:15
;Authentication command for FIPS Code products
;This example shows
;%48 = H = FIPS Command Set
;%33 = 3 = Authenticate Command
;Cryptographic Officer Password is %4E%65%77%52%50%61%73%73 or NewRPass (Passwords must not contain
%00-%1F)
%48%33%4E%65%77%52%50%61%73%73
Initialization
The Initialization process updates the CO password, the Reader password and the KEK. Now that you have new
Authentication, Initialization, and new Authentication bar codes created you can use them to initialize the modules.
Note: Any customization bar codes such as Suffix Enter must be scanned before putting the modules in FIPS mode.
1.
Scan the QuickConnect code on the modem to pair the reader and modem modules.
2.
Authenticate the CO using the default Authentication bar code (See Figure 1). Observe the indicators on
the modules showing that the CO has been authorized. (See section ‘FIPS mode indicators on the
modules’ below)
3.
Initialize the modules using the custom Initialization bar code you created above. Observe the indicators
on the modules showing that the module has been initialized but no user is authenticated. (See section
‘FIPS mode indicators on the modules’ below)
4.
The FIPS modules are now ready to be authenticated by the Reader role to pass FIPS encrypted data or
the CO role to re-initialize again.
Zeroization
The Zeroization process removes the custom passwords and KEK applied in the Initialization process. If the FIPS modules
are in an unknown state, Zeroize the modules and re-Initialize. You would also want to Zeroize the modules if you
believe the passwords or KEK have been compromised. After Zeroization the modules will respond just as non-FIPS
readers and modems until they have been re-Initialized.
Below is the bar code for the Zeroization command:
Figure 2 - Zeroization Bar Code
FIPS Mode Indicators On the Modules
Due to the available lights and screens on the different FIPS modules they have slightly different behavior when
indicating FIPS modes.
CR2500 FIPS Reader -
The CR2500 module indicates FIPS mode in three stages. The three stages are: