5 key destruction, 6 key archiving, 0 modes – Nortel Networks NN46120-104 User Manual
Page 250: 1 fips 140-1 mode
250
HSM Security Policy
10.5 Key Destruction
Critical security parameters including plaintext private keys, symmetric
keys and intermediate values will be zeroized according to various
conditions as described in
Table 10 "Key Destruction" (page 250)
. It is
also possible for the security officer to command the board to un-initialize,
which causes the data stored in RAM, FLASH and BBRAM to be erased.
Table 10
Key Destruction
Voltage Applied
Storage
Tamper
Detected
Battery
PCI
BRAM
RAM and Other
Flash
NO
YES
YES
Retained
Retained
Retained
NO
YES
NO
Retained
Erased
Retained
NO
NO
YES
Retained
Retained
Retained
NO
NO
NO
Erased
Erased
Retained
YES
YES
YES
Erased
Erased
Retained
YES
YES
NO
Erased
Erased
Retained
YES
NO
YES
Erased
Erased
Retained
YES
NO
NO
Erased
Erased
Retained
10.6 Key Archiving
Under the control of the Rainbow Technologies key management utility,
it is also possible to archive keys. This may be done so that keys may
be stored on backup media such as tape or hard drives. The Rainbow
Technologies key management utility utilizes the "Wrap Key" command to
perform key archival. All archived keys are 3DES3KEY encrypted. Keys
may only be archived and restored between devices in the same family.
11.0 Modes
The HSM has two operating modes. These are the FIPS140-1 mode and
the non-FIPS140-1 mode. Before the HSM is initialized with the "Initialize
Card" command, it is in the non-FIPS140-1 mode. This command has
an input parameter that specifies the mode of the card after initialization.
Once initialized, the board remains in one of the two modes. If one
wishes to change the operating mode of the card, the card must first be
uninitialized using the "Uninitialize Card" command. Then, the card can be
initialized with a different operating mode. Uninitializing the card removes
all secrets from the card.
11.1 FIPS 140-1 Mode
In the FIPS 140-1 mode, the board may only perform FIPS approved
algorithms.
These are as follows:
Nortel VPN Gateway
User Guide
NN46120-104
02.01
Standard
14 April 2008
Copyright © 2007-2008 Nortel Networks
.