Key Benefits:
The Prime Minister,
Due to Act No. 2004-575 of June 21, 2004, as amended for confidence in the digital economy ;
In view of Decree No. 2007-663 of 2 May 2007 on the application of Articles 30, 31 and 36 of Law No. 2004-575 of 21 June 2004 on confidence in the digital economy and on the means and benefits of cryptology, in particular its Items 4, 7, and 9,
Stop:
The request for authorisation provided for in Article 9 of the decree of 2 May 2007 shall be made by means of the form attached in Annex III (AM) to this Order.
The order of 13 March 1998 laying down the special provisions which may be provided for in the authorisations for the supply of a means or a provision of cryptology, the order of 13 March 1998 Defining the pre-notification template by Provider of the identity of the intermediaries used for the supply of the means or benefits of cryptology subject to authorisation, the order of 13 March 1998 fixing the form and content of the application dossier for the approval of the bodies managing for the Account of another of the secret conventions, the decree of 13 March 1998 fixing the list of recognised organisations which may receive secret conventions, the decree of 13 March 1998 fixing the flat rate for the implementation of the secret conventions For the benefit of the authorities mentioned in the fourth paragraph of Article 28 of the Law No. 90-1170 of 29 December 1990 on the regulation of telecommunications and the order of 17 March 1999 defining the form and content of the file concerning the declarations or applications for authorisation relating to the means and benefits of Cryptology are repealed.
The Secretary General of National Defence is responsible for the execution of this Order, which will be published in the Official Journal of the French Republic.
A N N E X E I (D M)
OPERATING
A CRYPTOLOGY AVERAGE
Form (1) to be sent in three copies to the National Defence Secretariat, Central Office of the Security of information systems (industrial relations office), 51, boulevard de La Tour-Maubourg, 75700 Paris 07 SP (telephone: 33 [0] 1-71-75-82-75, fax: 33 [0] 1-71-75-82-60).
File number (administration reserved):
Check the corresponding box (s):
Declaration of supply.
Declaration of transfer from a Member State of the European Community
Declaration of transfer to a Member State of the European Community.
Declaration of import from:
Export Declaration.
A. -Declaring
A-1. Company
Attach a general document presenting the company and a K bis extract from the business register and companies that are less than three months old (or an equivalent document for foreign companies):
Social Name:
SIRET Number:
Nationality:
Address:
Telephone Number:
Fax Number:
Email Address:
Website Address:
Person Loaded Administrative folder
Name and first name:
Nationality:
Address:
Telephone number:
Fax number:
Email address:
A-2. Individual
Name and first name:
Nationality:
Address:
Telephone number:
Fax number:
Email address:
B. -Medium to which the
B-1 declaration applies. Means of cryptology
Attach a business brochure for cryptology and user manual:
Business reference:
Constructor reference:
Version:
General description of the means and its Functionalities:
Classify the means of cryptology in one or more of the following categories:
Personal Computer Encryption Software.
Operating System.
E-mail.
Wireless communication system.
Network level encryption.
Phone or fax.
Other (at Specify):
B-2. Manufacturer of cryptology (if different from A-1)
Social name:
SIRET number:
Nationality:
Address:
Telephone number:
Fax number:
Mail address Electronics:
Web site address:
B-3. Technical characteristics person
Name and first name:
Nationality:
Address:
Telephone number:
Fax number:
Email address:
B-4. Cryptology Services Provided
Specify the names of the algorithms used and the maximum length of cryptographic keys for each algorithm:
Authentication:
Signature:
Integrity Monitoring:
Privacy:
Other (Specify):
B-5. Implementation of algorithms
Software.
Hardware (to be specified):
B-6. Medium security standards or standards
Standards or standards (to be specified):
C. -Case of a means of cryptology belonging to category 3
of Annex 2 to Decree No. 2007-663 of 2 May 2007
To present the mode of marketing of the means of cryptology:
Explain why the functionality Cryptographic cannot be easily modified by the user:
Explain how the method for installing the medium does not require significant future assistance from the provider:
D. -Certification
I undersigned (name, first name):
acting as:
on behalf of:
representing the " ", certify that the information contained in this statement and attached to this statement is correct and has been established in good faith, and that the notifier undertakes to bring to the attention of the Central Directorate of Security Information systems, without delay, any new element of fact or right of such a nature to amend this declaration or the attached elements, any omission or false declaration exposing the declarant to the sanctions provided for in Articles 34 and 35 of the Law No. 2004-575 of 21 June 2004, as amended.
Date:
Signature
Technical specifications to be provided on request
from the
Information Systems Security Central Directorate (To be provided in three
copies [except for Items under item 1])
1. The elements necessary to implement the cryptology method:
a) Two models of the means of cryptology;
b) Medium installation guides;
c) Means of activation of the means, if applicable (licence number, number Activation, hardware device, etc.) ;
d) Key injection or network activation devices, if applicable.
2. Elements of cryptographic algorithms:
a) The description of the cryptology functions offered by the means (encryption, signature, Key management, etc.) ;
b) The complete description of the cryptology processes employed, in the form of a synoptic and mathematical description and a simulation in a high level language;
or the reference to a file previously filed for a Means using the same methods of cryptology;
Either the reference to a recognised standard, unambiguous, and whose technical details are easily and unconditionally accessible, with the parameters and operating modes of its implementation ;
(c) If the encryption process implemented in the medium is not Recognized standard, three reference outputs of the encryption process, in electronic format, from a clear text and arbitrary key, which will also be provided, for the purpose of verifying the compliance of the implementation of the Process description.
3. Key management elements:
a) Key distribution mode;
b) Key generation process;
c) Key retention format;
d) Key transmission format.
4. The elements relating to the protection of the encryption process, namely the description of the technical measures implemented to prevent tampering with the encryption process or the associated key management.
5. Data processing elements:
a) The description of the preprocessing experienced by the data before encryption (compression, formatting, adding a header, etc.) ;
b) Post-processing description of encrypted data, after encryption (adding a header, formatting, packaging, etc.) ;
(c) Three reference outputs of the mean, in electronic format, made from a clear text and an arbitrarily chosen key, which will also be provided, for the purpose of verifying the implementation of the means in relation to the description Of this one.
6. The elements relating to the implementation of cryptology:
a) The source code of the means, and the elements for recompiling the source code or the references of the associated compilers;
b) The references of the components integrating the cryptology functions of the means and the names of the manufacturers of the Each of these components;
c) The cryptology functions implemented by each of these components;
d) The technical documentation of the component (s) performing the functions of cryptology;
(e) The types of memory (flash, ROM, EPROM, etc.) where functions and parameters are stored Cryptology and the references of these memoirs.
A N N E X E I I (D P)
DECLARATION OF PROVISION
OF A PROVISION OF CRYPTOLOGY
Form (1) to be sent in triplicate to General Secretariat of National Defence, Central Directorate for Security of Information Systems (Industrial Relations Office), 51, boulevard de La Tour-Maubourg, 75700 Paris 07 SP (Telephone: 33 [0] 1-71-75-82-75, fax: 33 [0] 1-71-75-82-60).
File number (reserved for administration):
Declaration
If the benefit consists of issuing qualified electronic certificates within the meaning of Order No. 2001-272 of March 30, 2001, as amended, check the box.
A. -Declaring
A-1. Company
Attach a general document presenting the company and a K bis extract from the business register and companies that are less than three months old (or an equivalent document for foreign companies):
Social Name:
SIRET Number:
Nationality:
Address:
Telephone Number:
Fax Number:
Email Address:
Website Address:
Person Loaded Administrative folder
Name and first name:
Nationality:
Address:
Telephone number:
Fax number:
Email address:
A-2. Individual
Name and first name:
Nationality:
Address:
Telephone number:
Fax number:
Email address:
B. -Description of the
B-1 benefit.
user categories to which the benefit is intended
Administration (to be specified):
Large enterprises (specify industry):
Financial institutions:
SME (specify sector Activity):
Liberal Professions (specify business line):
Other (to be specified with industry):
B-2. Types of Data Affected by Delivery
Specify the type of data involved in the delivery (personal, medical, financial, administrative, other):
B-3. Cryptology Services Provided
Specify the names of the algorithms used and the maximum length of cryptographic keys for each algorithm:
Authentication:
Signature:
Privacy:
Timestamp:
Secure archive:
Cryptographic key management:
Key or data certification:
Other (to be specified):
B-4. Technical Element Person
Name and Prenames:
Nationality:
Address:
Phone Number:
Fax Number:
Email Address:
C. -Means of cryptology implemented by the provider
For the means of cryptology implemented by the provider to provide his service, indicate:
Business reference of means:
Reference Means constructor:
Version:
If applicable, reference means declarations or permissions:
D. -Certification
I undersigned (name, first name):
acting as:
on behalf of:
representing the " ", certify that the information contained in this statement and attached to this statement is correct and has been established in good faith, and that the notifier undertakes to bring to the attention of the Central Directorate of Security Information systems, without delay, any new element of fact or right of such a nature to amend this declaration or the attached elements, any omission or false declaration exposing the declarant to the sanctions provided for in Articles 34 and 35 of the Act No. 2004-575 of 21 June 2004 as amended and article 13 of Decree No. 2007-663 of 2 May 2007.
Date:
Signature
Technical elements to attach
to the declaration of provision of an
cryptology benefit (To be attached in three copies)
1. The description of the services provided to the benefit users.
2. The description of the cryptological functions implemented by the provider.
3. Description of the premises used to implement the benefit.
4. The description of computer hardware and software, including the means of cryptology used by the provider.
5. The description of physical protection and access control systems to the provider's premises and computer systems.
6. When the performance consists of the management of cryptographic keys or electronic certificates for the benefit of users:
a) The description of the procedure for generating keys and certificates;
b) The description of the distribution and delivery of keys and certificates to users;
c) The description of the technical measures and Organizational implementation for the protection and retention of keys;
d) The description of the key recovery procedure (for the confidentiality service only);
e) References of the cryptology resources put into action By the users of the benefit, where these means are specifically Designed to work with the keys or certificates issued by this provider.
A N N E X E I I I (A M)
REQUEST FOR AUTHORIZATION OR RENEWAL OF OPERATIONAL AUTHORIZATION DE CRYPTOLOGY
Form (1) to be sent in three copies to the General Secretariat of National Defence, Central Directorate for Security of Information Systems (Industrial Relations Office), 51, boulevard de La Tour-Maubourg, 75700 Paris 07 SP (Telephone: 33 [0] 1-71-75-82-75, Fax: 33 [0] 1-71-75-82-60).
Case Number (reserved for administration):
Check the corresponding box (s):
Request to transfer to a member state of the European Community for a period of
(five years to
Application for export authorization to a non-European Community State for a period of
(maximum five years).
Application to Renew a Transfer Authorization for a Duration of .............. (maximum five years).
Application to renew an export permit for a period of .............. (maximum five years).
A. -
A-1 authorization requester. Company
Attach a general document presenting the company and a K bis extract from the business register and companies that are less than three months old (or an equivalent document for foreign companies):
Social Name:
SIRET Number:
Nationality:
Address:
Telephone Number:
Fax Number:
Email Address:
Website Address:
Person Loaded Administrative folder
Name and first name:
Nationality:
Address:
Telephone number:
Fax number:
Email address:
A-2. Individual
Name and first name:
Nationality:
Address:
Telephone number:
Fax number:
Email address:
B. -Medium to which the
B-1 authorization request applies. Means of cryptology
Attach a business brochure for cryptology and user manual:
Business reference:
Constructor reference:
Version:
General description of the means and its Functionalities:
Classify the means of cryptology in one or more of the following categories:
Personal Computer Encryption Software.
Operating System.
E-mail.
Wireless communication system.
Network level encryption.
Phone or fax.
Other (at Specify):
B-2. Manufacturer of cryptology (if different from A-1)
Social name:
SIRET number:
Nationality:
Address:
Telephone number:
Fax number:
Mail address Electronics:
Web site address:
B-3. Technical Element Person
Name and first name:
Nationality:
Address:
Telephone number:
Fax number:
Email address:
B-4. Cryptology Services Provided
Specify the names of the algorithms used and the maximum length of cryptographic keys for each algorithm:
Authentication:
Signature:
Integrity Monitoring:
Privacy:
Other (Specify):
B-5. Implementation of algorithms
Software.
Hardware (to be specified):
B-6. Medium security standards or standards
Standards or standards (to be specified):
C.-
or export transfer authorization renewal
If the Cryptology, with the same technical elements, has already been the subject of an authorization to transfer or export, indicate the references of this authorization:
File number (mentioned on the receipt and on the authorisation):
Date of Authorization:
Authorization number (mentioned on authorization):
D. -Certification
I undersigned (name, first name):
acting as:
on behalf of:
representing the " Applicant for authorization ", certify that the information contained in this application for authorization and attached to this application is correct and has been established in good faith and that the applicant undertakes to bring to the knowledge of the central management The security of the information systems, without delay, any new de facto or right-of-nature elements to amend this application or the attached elements, any omissions or false statements exposing the applicant to the sanctions provided for in the Articles 34 and 35 of Law No. 2004-575 of 21 June 2004, as amended.
Date:
Signature
Technical elements to attach to the
request for authorization of a
cryptology operation (To be attached in three copies
[except For the elements referred to in point 1])
1. The elements necessary to implement the means of cryptology (to provide only upon request from the central management of information systems security):
a) Two models of the means of cryptology;
b) Installation guides of the Medium;
(c) The means of activation of the means, if any (licence number, activation number, equipment, etc.) ;
d) Key injection or network activation devices, if applicable.
2. Elements of cryptographic algorithms:
a) The description of the cryptology functions offered by the means (encryption, signature, Key management, etc.) ;
b) The complete description of the cryptology processes employed, in the form of a synoptic and mathematical description and a simulation in a high level language;
or the reference to a file previously filed for a Means using the same methods of cryptology;
Either the reference to a recognised standard, unambiguous, and whose technical details are easily and unconditionally accessible, with the parameters and operating modes of its implementation ;
(c) If the encryption process implemented in the medium is not Recognized standard, three reference outputs of the encryption process, in electronic format, from a clear text and arbitrary key, which will also be provided, for the purpose of verifying the compliance of the implementation of the Process description.
3. Key management elements:
a) Key distribution mode;
b) Key generation process;
c) Key retention format;
d) Key transmission format.
4. The elements relating to the protection of the encryption process, namely the description of the technical measures implemented to prevent tampering with the encryption process or the associated key management.
5. Data processing elements:
a) The description of the preprocessing experienced by the data before encryption (compression, formatting, adding a header, etc.) ;
b) Post-processing description of encrypted data, after encryption (adding a header, formatting, packaging, etc.) ;
(c) Three reference outputs of the mean, in electronic format, made from a clear text and an arbitrarily chosen key, which will also be provided, for the purpose of verifying the implementation of the means in relation to the description Of this one.
6. The elements relating to the implementation of cryptology (to be provided only at the request of the central management of information systems security):
a) The source code of the means, and the elements for recompiling the source code or the references of the associated compilers;
b) The references of the components integrating the cryptology functions of the means and the names of the manufacturers of the Each of these components;
c) The cryptology functions implemented by each of these components;
d) The technical documentation of the component (s) performing the functions of cryptology;
(e) The types of memory (flash, ROM, EPROM, etc.) where functions and parameters are stored Cryptology and the references of these memories.
Done at Paris, May 25, 2007.
For the Prime Minister
and by delegation:
The Secretary General
National Defence,
F. Delon
