beautypg.com

0 applicable documents, 0 overview – Nortel Networks NN46120-104 User Manual

Page 234

background image

234

HSM Security Policy

2.0 Applicable Documents

FIPS PUB 140-1 Federal Information Processing Standard, Security
Requirements for Cryptographic Modules. January, 11, 1994, U.S.
Department of Commerce, National Institute of Standards and Technology

Derived Test Requirements for FIPS PUB 140-1, Security Requirements
for Cryptographic Modules. FINAL, March 1995, Mitre for NIST Contract
50SBNIC6732

FIPS PUB 46-3 and FIPS PUB 81, for information about the Data
Encryption Standard (DES), and Triple DES algorithm. U.S. Department of
Commerce, National Institute of Standards and Technology

FIPS PUB 180-1, Secure Hash Algorithm (SHA-1), U.S. Department
of Commerce, National Institute of Standards and Technology. ANSI
Standard X9.17-1995, Financial Institution Key Management (Wholesale),
American Banking Association, X9 Financial Services, American National
Standards Institute

PKCS #1 RSA Cryptography Standard, Version 2.0,

http://www.rsasecurity.com/

RSA Security .Inc

3.0 Overview

The HSM is a cryptographic module which is used to accelerate
cryptographic processing for network based electronic commerce and
other network based applications. The board has two modes. These are
the non-FIPS140-1 mode and the FIPS140-1 mode. In the FIPS140-1
mode, the board can be used in servers to improve the performance
associated with high rate signing operations. In the non-FIPS140-1
mode, the board can be used to accelerate RSA operations for SSL
connections on web servers. Other uses are limited only by the creativity
of applications developers who can write to standard API’s such as
Cryptoki (PKCS#11).
The HSM is a PCI card. It has a serial port, a Universal Serial Bus
(USB) port, and an LED. The board is shipped with four tokens. These
tokens plug into the USB port. The first token is used for authenticating
the Security Officer to the HSM. The second token is used to for
authenticating the User. The third and fourth tokens are called "code
tokens." One of these is held (controlled) by the Security Officer. The
other held by the User. The code keys are used to move key parts
(also known as "key shares") between two HSM boards. Key parts
transferred by this mechanism are combined within the destination
boards so that a shared secret can exist on one or more boards without
having existed in plaintext outside of a family of HSM boards. The shared

Nortel VPN Gateway

User Guide

NN46120-104

02.01

Standard

14 April 2008

Copyright © 2007-2008 Nortel Networks

.