0 conclusion – Nortel Networks NN46120-104 User Manual
Page 252
252
HSM Security Policy
Self-Test
FIPS 140-1
Mode
Non-FIPS
140-1 Mode
When performed
RC4 KAT
No
Yes
Power-up, Self-Test
Service (ondemand)
RSA Key Gene
ration Pairwise
Consistency Test
Yes
Yes
Generate And Store
RSA Key Pair Service,
Generate And Return
RSA Key Pair Service
Statistical
Random Number
Generator Tests
(Monobit, Poker,
Runs, Long Run)
Yes
Yes
Power-up, Self-Test
Service (ondemand)
Continuous
Random Number
Generator Test
Yes
Yes
Whenever a pseudorand
om number is generated:
key generation, Generate
Random Number Service
Firmware RSA
Signature
Verification Test
Yes
Yes
Power-up, Self-Test
Service (ondemand),
Firmware Update, Verify
Firmware Image Service
13.0 Conclusion
The HSM provides FIPS 140-1 Level 3 cryptographic processing,
acceleration and security for RSA signing and verifying functions. In the
non-FIPS140-1 mode, it can also bulk data cryptographic algorithms for
PKI certificate server, firewall and web server equipment. It is suitable for
use in applications requiring up to 200 public key transactions per second
where protecting critical security parameters is a high priority. Industries
requiring this high level of performance and security include (but are
not limited to) banking, telecommunications, e-commerce, and medical
services. In the area of self-test, the HSM provides capabilities consistent
with FIPS 140-1 Level 4.
Nortel VPN Gateway
User Guide
NN46120-104
02.01
Standard
14 April 2008
Copyright © 2007-2008 Nortel Networks
.