0 roles and services, 1 roles, 1 user – Nortel Networks NN46120-104 User Manual
Page 241: 2 security officer, 2 authentication, 3 initialization
9.0 Roles and Services
241
9.0 Roles and Services
9.1 Roles
The HSM supports two roles. These are the User role and the Security
Officer role. Each role has a username and an iKey ID that are selectable
by the security officer. The module must be handled in a secure manner
prior to initialization because authentication is not required to initialize the
module. Cryptographic keys and user-defined data which is created by a
specific authenticated user cannot be deleted or modified by another user,
regardless of the role. For example, a specific user of the User role may
not delete or modify keys or data created by a different user of either the
User or SO roles. The SO and User roles cannot operate simultaneously.
Only one authenticated user is allowed at a time.
9.1.1 User
The User role can perform cryptographic operations using private keys
which are encrypted and stored in flash. The User role cannot create a
user.
9.1.2 Security Officer
The Security Officer role can also perform cryptographic operations using
private keys which are encrypted and stored in flash. Additionally, the
Security Officer may create a user, update the HSM firmware, or command
the HSM to "uninitialize."
9.2 Authentication
The HSM uses identity-based authentication to allow subjects to assume
one of the two roles. Usernames are transmitted to the HSM over the
PCI interface to identify the user. A corresponding personal identification
number (SOPIN or UserPIN as described in section 8.0) is input to the
HSM from an iKey token over the trusted USB interface. This PIN is
hashed and compared with a hash value which is stored in flash and
associated with the user’s name on the HSM. If the two hash values
match, the user is authenticated and assigned a role that is associated
with the user’s name. To increase security in case the iKey token is
compromised, an iKey ID is used to unlock the plaintext PIN that is stored
in the iKey. This plaintext iKey ID is input into the module in plaintext
as part of the Login service. The module provides a SHA-1 of this iKey
ID to the iKey token to unlock the PIN. Because the iKey ID does not
authenticate the user to the module, but rather unlocks the plaintext PIN
from the iKey, the iKey ID is not an SRDI.
9.3 Initialization
The HSM is shipped in an un-initialized state. At this point, it contains
no private or secret keys. The Security Officer initializes the board.
Performing this function generates an internally stored master key,
and generates a random PIN, which is stored in the Security Officer’s
Nortel VPN Gateway
User Guide
NN46120-104
02.01
Standard
14 April 2008
Copyright © 2007-2008 Nortel Networks
.