ECCN 5A002

• a.Designed or modified to use 'cryptography for data confidentiality' having a 'described security algorithm', where that cryptographic capability is usable, has been activated, or can be activated by any means other than secure "cryptographic activation", as follows:
• 1. Items having "information security" as a primary function;
• 2. Digital communication or networking systems, equipment or components, not specified in paragraph 5A002.a.1;
• 3. Computers, other items having information storage or processing as a primary function, and components therefor, not specified in paragraphs 5A002.a.1 or .a.2;
• 4. Items, not specified in paragraphs 5A002.a.1 to a.3, where the 'cryptography for data confidentiality' having a 'described security algorithm' meets all of the following:
• 4.a. It supports a non-primary function of the item; and
• 4.b. It is performed by incorporated equipment or "software" that would, as a standalone item, be specified by ECCNs 5A002, 5A003, 5A004, 5B002 or 5D002.
• a.Whether the item meets the criteria of 5A002.a.1 to a.4; or
• b.Whether the cryptographic capability for data confidentiality specified by 5A002.a is usable without "cryptographic activation."
• a.Smart cards and smart card 'readers/writers' as follows:
• 1. A smart card or an electronically readable personal document (e.g., token coin, e-passport) that meets any of the following:
• 1.a. The cryptographic capability meets all of the following:
• 1.a.1. It is restricted for use in any of the following:
• 1.a.1.a. Equipment or systems, not described by 5A002.a.1 to a.4;
• 1.a.1.b. Equipment or systems, not using 'cryptography for data confidentiality' having a 'described security algorithm'; or
• 1.a.1.c. Equipment or systems, excluded from 5A002.a by entries b. to f. of this Note; and
• 1.a.2. It cannot be reprogrammed for any other use; or
• 1.b. Having all of the following:
• 1.b.1. It is specially designed and limited to allow protection of 'personal data' stored within;
• 1.b.2. Has been, or can only be, personalized for public or commercial transactions or individual identification; and
• 1.b.3. Where the cryptographic capability is not user-accessible;
• 2. 'Readers/writers' specially designed or modified, and limited, for items specified by paragraph a.1 of this Note;
• b.Cryptographic equipment specially designed and limited for banking use or 'money transactions';
• c.Portable or mobile radiotelephones for civil use (e.g., for use with commercial civil cellular radio communication systems) that are not capable of transmitting encrypted data directly to another radiotelephone or equipment (other than Radio Access Network (RAN) equipment), nor of passing encrypted data through RAN equipment (e.g., Radio Network Controller (RNC) or Base Station Controller (BSC));
• d.Cordless telephone equipment not capable of end-to-end encryption where the maximum effective range of unboosted cordless operation (i.e., a single, unrelayed hop between terminal and home base station) is less than 400 meters according to the manufacturer's specifications;
• e.Portable or mobile radiotelephones and similar client wireless devices for civil use, that implement only published or commercial cryptographic standards (except for anti-piracy functions, which may be non-published) and also meet the provisions of paragraphs a.2 to a.4 of the Cryptography Note (Note 3 in Category 5-Part 2), that have been customized for a specific civil industry application with features that do not affect the cryptographic functionality of these original non-customized devices;
• f.Items, where the "information security" functionality is limited to wireless "personal area network " functionality implementing only published or commercial cryptographic standards;
• g.Mobile telecommunications Radio Access Network (RAN) equipment designed for civil use, which also meet the provisions of paragraphs a.2 to a.4 of the Cryptography Note (Note 3 in Category 5-Part 2), having an RF output power limited to 0.1W (20 dBm) or less, and supporting 16 or fewer concurrent users;
• h.Routers, switches, gateways or relays, where the "information security" functionality is limited to the tasks of "Operations, Administration or Maintenance" ("OAM") implementing only published or commercial cryptographic standards;
• i.General purpose computing equipment or servers, where the "information security" functionality meets all of the following:
• 1. Uses only published or commercial cryptographic standards; and
• 2. Is any of the following:
• 2.a. Integral to a CPU that meets the provisions of Note 3 in Category 5-Part 2;
• 2.b. Integral to an operating system that is not specified by 5D002; or
• 2.c. Limited to "OAM" of the equipment; or
• j.Items specially designed for a 'connected civil industry application', meeting all of the following:
• 1. Being any of the following:
• 1.a. A network-capable endpoint device meeting any of the following:
• 1.a.1. The "information security" functionality is limited to securing 'non-arbitrary data' or the tasks of "Operations, Administration or Maintenance" ("OAM"); or
• 1.a.2. The device is limited to a specific 'connected civil industry application'; or
• 1.b. Networking equipment meeting all of the following:
• 1.b.1. Being specially designed to communicate with the devices specified by paragraph j.1.a. above; and
• 1.b.2. The "information security" functionality is limited to supporting the 'connected civil industry application' of devices specified by paragraph j.1.a. above, or the tasks of "OAM" of this networking equipment or of other items specified by paragraph j. of this Note; and
• 2. Where the "information security" functionality implements only published or commercial cryptographic standards, and the cryptographic functionality cannot easily be changed by the user.
• b.Being a 'cryptographic activation token';
• c.Designed or modified to use or perform "quantum cryptography";
• d.Designed or modified to use cryptographic techniques to generate channelizing codes, scrambling codes or network identification codes, for systems using ultra-wideband modulation techniques and having any of the following:
• 1. A bandwidth exceeding 500 MHz; or
• 2. A "fractional bandwidth" of 20% or more;
• e.Designed or modified to use cryptographic techniques to generate the spreading code for "spread spectrum" systems, not specified by 5A002.d, including the hopping code for "frequency hopping" systems.
• z.Other commodities, as follows:
• 1.a. Commodities that are described in 5A002.a and that also meet or exceed the performance parameters in 3A090.a or 4A090.a;
• z.1.b Commodities that are described in 5A002.a and that also meet or exceed the performance parameters in 3A090.b or 4A090.b;
• z.2.a Commodities that are described in 5A002.b and that also meet or exceed the performance parameters in 3A090.a or 4A090.a;
• z.2.b Commodities that are described in 5A002.b and that also meet or exceed the performance parameters in 3A090.b or 4A090.b;
• z.3.a Commodities that are described in 5A002.c and that also meet or exceed the performance parameters in 3A090.a or 4A090.a;
• z.3.b Commodities that are described in 5A002.c and that also meet or exceed the performance parameters in 3A090.b or 4A090.b;
• z.4.a Commodities that are described in 5A002.d and that also meet or exceed the performance parameters in 3A090.a or 4A090.a;
• z.4.b Commodities that are described in 5A002.d and that also meet or exceed the performance parameters in 3A090.b or 4A090.b;
• z.5.a Commodities that are described in 5A002.e and that also meet or exceed the performance parameters in 3A090.a or 4A090.a; or
• z.5.b Commodities that are described in 5A002.e and that also meet or exceed the performance parameters in 3A090.b or 4A090.b.

1 item reserved by BIS (not shown)