0 applicable documents, 0 overview – Nortel Networks NN46120-104 User Manual
Page 234
234
HSM Security Policy
2.0 Applicable Documents
FIPS PUB 140-1 Federal Information Processing Standard, Security
Requirements for Cryptographic Modules. January, 11, 1994, U.S.
Department of Commerce, National Institute of Standards and Technology
Derived Test Requirements for FIPS PUB 140-1, Security Requirements
for Cryptographic Modules. FINAL, March 1995, Mitre for NIST Contract
50SBNIC6732
FIPS PUB 46-3 and FIPS PUB 81, for information about the Data
Encryption Standard (DES), and Triple DES algorithm. U.S. Department of
Commerce, National Institute of Standards and Technology
FIPS PUB 180-1, Secure Hash Algorithm (SHA-1), U.S. Department
of Commerce, National Institute of Standards and Technology. ANSI
Standard X9.17-1995, Financial Institution Key Management (Wholesale),
American Banking Association, X9 Financial Services, American National
Standards Institute
PKCS #1 RSA Cryptography Standard, Version 2.0,
3.0 Overview
The HSM is a cryptographic module which is used to accelerate
cryptographic processing for network based electronic commerce and
other network based applications. The board has two modes. These are
the non-FIPS140-1 mode and the FIPS140-1 mode. In the FIPS140-1
mode, the board can be used in servers to improve the performance
associated with high rate signing operations. In the non-FIPS140-1
mode, the board can be used to accelerate RSA operations for SSL
connections on web servers. Other uses are limited only by the creativity
of applications developers who can write to standard API’s such as
Cryptoki (PKCS#11).
The HSM is a PCI card. It has a serial port, a Universal Serial Bus
(USB) port, and an LED. The board is shipped with four tokens. These
tokens plug into the USB port. The first token is used for authenticating
the Security Officer to the HSM. The second token is used to for
authenticating the User. The third and fourth tokens are called "code
tokens." One of these is held (controlled) by the Security Officer. The
other held by the User. The code keys are used to move key parts
(also known as "key shares") between two HSM boards. Key parts
transferred by this mechanism are combined within the destination
boards so that a shared secret can exist on one or more boards without
having existed in plaintext outside of a family of HSM boards. The shared
Nortel VPN Gateway
User Guide
NN46120-104
02.01
Standard
14 April 2008
Copyright © 2007-2008 Nortel Networks
.