RCMP Certificate Services Program: Cryptographic Module

What is a cryptographic module?

A cryptographic module is a hardware device that stores information identifying the user along with the user’s private keys. Cryptographic modules can be either tokens or smart cards.

Police agencies are responsible for buying cryptographic modules for their employees.

Purchasing a cryptographic module

To obtain a digital certificate from the RCMP CA, police agencies must make sure their cryptographic modules meet approved USB Federal Information Processing Standard (FIPS) 140 -1 level 2. Both tokens and smart cards meet these standards.

Please note that the RCMP’s software security solution (Entrust bundle) was developed using token technology. Therefore we recommend that police agencies use token technology to benefit from the free software security solution provided by the RCMP.

Police agencies that choose a cryptographic module other than tokens are responsible for any costs associated with modifying the RCMP’s software security solution and ensuring that their cryptographic modules are compatible with hardware, software and/or desktop solutions.

Only one cryptographic module is required for each employee. A cryptographic module can be used to access a number of NPS applications depending on the role of the user.

RCMP Certificate Services can’t identify cryptographic module vendors on this website. If you require a list of vendors, please contact us.

About Tokens

A token is a cryptographic module that is used to store information identifying the user along with the user’s private keys. A token is plugged into a computer’s USB port. When a client attempts to log into a PKI protected NPS application he or she will be prompted to enter their unique passphrase. If the passphrase matches the personal identifier stored on the USB token, the appropriate digital credentials are passed to the network and access is granted. The personal identifiers stored on a token are encrypted for added security.

Tokens are considered very secure because: removing a token from the USB port will automatically terminate a client’s session with Entrust; tokens can’t be duplicated; and if a token is stolen, security is not completely compromised because the personal identifier (passphrase) is required.

About Smart Cards

A smart card is a small electronic device about the size of a credit card which contains electronic memory, either on a magnetic strip or in an embedded integrated circuit. Smart cards are similar to tokens because they are portable and require a personal identifier which must match the one stored on the card before access to the NPS network is granted.

Module Expiration

The cryptographic module itself does not expire. However, the secured information on your digital certificate needs to be updated once a month. We recommend that users access the Entrust application from the workstation where the NPS application is stored once a month.

Date modified: