Voglio sapere a riguardo di…

16498

Federal Register / Vol. 86, No. 58 / Monday, March 29, 2021 / Rules and Regulations
b. Whether the cryptographic capability for data confidentiality specified by 5A002.a is usable without cryptographic activation.
Note 2: 5A002.a does not control any of the following items, or specially designed information security components therefor:
a. Smart cards and smart card readers/
writers as follows:
a.1. A smart card or an electronically readable personal document e.g., token coin, e-passport that meets any of the following:
a.1.a. The cryptographic capability meets all of the following:
a.1.a.1. It is restricted for use in any of the following:
a.1.a.1.a. Equipment or systems, not described by 5A002.a.1 to a.4;
a.1.a.1.b. Equipment or systems, not using cryptography for data confidentiality having a described security algorithm; or a.1.a.1.c. Equipment or systems, excluded from 5A002.a by entries b. to f. of this Note;
and a.1.a.2. It cannot be reprogrammed for any other use; or a.1.b. Having all of the following:
a.1.b.1. It is specially designed and limited to allow protection of personal data stored within;
a.1.b.2. Has been, or can only be, personalized for public or commercial transactions or individual identification; and a.1.b.3. Where the cryptographic capability is not user-accessible;
Technical Note to paragraph a.1.b of Note 2: Personal data includes any data specific to a particular person or entity, such as the amount of money stored and data necessary for authentication.
a.2. Readers/writers specially designed or modified, and limited, for items specified by paragraph a.1 of this Note;
Technical Note to paragraph a.2 of Note 2: Readers/writers include equipment that communicates with smart cards or electronically readable documents through a network.
b. Cryptographic equipment specially designed and limited for banking use or money transactions;
Technical Note to paragraph b. of Note 2: Money transactions in 5A002 Note 2
paragraph b. includes the collection and settlement of fares or credit functions.
c. Portable or mobile radiotelephones for civil use e.g., for use with commercial civil cellular radio communication systems that are not capable of transmitting encrypted data directly to another radiotelephone or equipment other than Radio Access Network RAN equipment, nor of passing encrypted data through RAN equipment e.g., Radio Network Controller RNC or Base Station Controller BSC;
d. Cordless telephone equipment not capable of end-to-end encryption where the maximum effective range of unboosted cordless operation i.e., a single, unrelayed hop between terminal and home base station is less than 400 meters according to the manufacturers specifications;
e. Portable or mobile radiotelephones and similar client wireless devices for civil use,
VerDate Sep<11>2014

18:05 Mar 26, 2021

Jkt 253001

that implement only published or commercial cryptographic standards except for anti-piracy functions, which may be nonpublished and also meet the provisions of paragraphs a.2 to a.4 of the Cryptography Note Note 3 in Category 5Part 2, that have been customized for a specific civil industry application with features that do not affect the cryptographic functionality of these original non-customized devices;
f. Items, where the information security functionality is limited to wireless personal area network functionality implementing only published or commercial cryptographic standards;
g. Mobile telecommunications Radio Access Network RAN equipment designed for civil use, which also meet the provisions of paragraphs a.2 to a.4 of the Cryptography Note Note 3 in Category 5Part 2, having an RF output power limited to 0.1W 20 dBm or less, and supporting 16 or fewer concurrent users;
h. Routers, switches, gateways or relays, where the information security functionality is limited to the tasks of Operations, Administration or Maintenance OAM implementing only published or commercial cryptographic standards;
i. General purpose computing equipment or servers, where the information security functionality meets all of the following:
i.1. Uses only published or commercial cryptographic standards; and i.2. Is any of the following:
i.2.a. Integral to a CPU that meets the provisions of Note 3 in Category 5Part 2;
i.2.b. Integral to an operating system that is not specified by 5D002; or i.2.c. Limited to OAM of the equipment;
or j. Items specially designed for a connected civil industry application, meeting all of the following:
j.1. Being any of the following:
j.1.a. A network-capable endpoint device meeting any of the following:
j.1.a.1. The information security functionality is limited to securing nonarbitrary data or the tasks of Operations, Administration or Maintenance OAM;
or j.1.a.2. The device is limited to a specific connected civil industry application; or j.1.b. Networking equipment meeting all of the following:
j.1.b.1. Being specially designed to communicate with the devices specified by paragraph j.1.a. above; and j.1.b.2. The information security functionality is limited to supporting the connected civil industry application of devices specified by paragraph j.1.a. above, or the tasks of OAM of this networking equipment or of other items specified by paragraph j. of this Note; and j.2. Where the information security functionality implements only published or commercial cryptographic standards, and the cryptographic functionality cannot easily be changed by the user.

civil industry application other than information security, digital communication, general purpose networking or computing.
2. Non-arbitrary data means sensor or metering data directly related to the stability, performance or physical measurement of a system e.g., temperature, pressure, flow rate, mass, volume, voltage, physical location, etc., that cannot be changed by the user of the device.

Technical Notes:
1. Connected civil industry application means a network-connected consumer or
Reporting Requirements See 743.1 of the EAR for reporting requirements for exports under License
PO 00000

Frm 00018

Fmt 4701

Sfmt 4700

b. Being a cryptographic activation token;
Technical Note: A cryptographic activation token is an item designed or modified for any of the following:
1. Converting, by means of cryptographic activation, an item not specified by Category 5Part 2 into an item specified by 5A002.a or 5D002.c.1, and not released by the Cryptography Note Note 3 in Category 5
Part 2; or 2. Enabling by means of cryptographic activation, additional functionality specified by 5A002.a of an item already specified by Category 5Part 2;

c. Designed or modified to use or perform quantum cryptography;
Technical Note: Quantum cryptography is also known as Quantum Key Distribution QKD.

d. Designed or modified to use cryptographic techniques to generate channelizing codes, scrambling codes or network identification codes, for systems using ultra-wideband modulation techniques and having any of the following:
d.1. A bandwidth exceeding 500 MHz;
or d.2. A fractional bandwidth of 20%
or more;
e. Designed or modified to use cryptographic techniques to generate the spreading code for spread spectrum systems, not specified by 5A002.d, including the hopping code for frequency hopping systems.
29. In supplement no. 1 to part 774, Category 6, ECCN 6A004 is revised to read as follows:

6A004 Optical equipment and components, as follows see List of Items Controlled.
License Requirements Reason for Control: NS, AT
Controls NS applies to entire entry.
AT applies to entire entry.

E:FRFM29MRR3.SGM

29MRR3

Country Chart See Supp. No. 1 to part 738
NS Column 2
AT Column 1