beautypg.com

5 backup battery interface, 6 pci power interface, 1 components – Nortel Networks NN46120-104 User Manual

Page 238: 1 bulk crypto, 2 power management and tamper detect, 3 fastmap processor, 4 flash

background image

238

HSM Security Policy

6.5 Backup Battery Interface

The Backup Battery Interface is used to provide backup power to the HSM.
This gives the HSM the capability to maintain and protect secrets should
PCI power become unavailable. The battery is continuously monitored
by the HSM for a voltage low condition. This makes it possible to alert
an operator. The operator may then replace the battery. This can be
done without loss of critical security parameters as long as the battery is
replaced when PCI power is present. If the battery is removed while PCI
power is absent, all critical security parameters contained within the HSM
will be erased.

6.6 PCI Power Interface

The PCI Power Interface will provide the power necessary to perform all
other HSM functions.

7.1 Components

7.1 Bulk Crypto

This component performs cryptographic hashing and symmetric
cryptographic operations.

7.2 Power Management and Tamper Detect

This component monitors battery voltage and the security envelope
to detect conditions that will result in the zeroization of critical security
parameters. Battery voltage is also monitored to determine when it is
necessary to replace the battery.

7.3 FastMap Processor

This component contains a processor and internal SRAM. The processor
executes the software that initially resides in Flash memory and is
eventually loaded into the external SRAM (external to the FastMap
Processor yet still within the cryptographic boundary). The FastMap
Processor also contains large accumulators and a random number
generator. The accumulators are necessary for the acceleration of public
key cryptographic operations. The random number generator generates
truly random numbers through a stochastic process. The output of this
random number generator is used only for seeding the FIPS-approved
ANSI X9.17 Appendix C pseudo-random number generator (PRNG). The
output of the PRNG is used for generating 3DES and RSA keys, as well
as outputting random numbers requested through the Generate Random
Number service.

7.4 Flash

This component is non-volatile memory. The contents of Flash will
maintain its state after PCI power and Battery power have been removed.
The Flash contains the firmware that controls processing within the HSM.

Nortel VPN Gateway

User Guide

NN46120-104

02.01

Standard

14 April 2008

Copyright © 2007-2008 Nortel Networks

.