beautypg.com

0 conclusion – Nortel Networks NN46120-104 User Manual

Page 252

background image

252

HSM Security Policy

Self-Test

FIPS 140-1
Mode

Non-FIPS
140-1 Mode

When performed

RC4 KAT

No

Yes

Power-up, Self-Test
Service (ondemand)

RSA Key Gene
ration Pairwise
Consistency Test

Yes

Yes

Generate And Store
RSA Key Pair Service,
Generate And Return
RSA Key Pair Service

Statistical
Random Number
Generator Tests
(Monobit, Poker,
Runs, Long Run)

Yes

Yes

Power-up, Self-Test
Service (ondemand)

Continuous
Random Number
Generator Test

Yes

Yes

Whenever a pseudorand
om number is generated:
key generation, Generate
Random Number Service

Firmware RSA
Signature
Verification Test

Yes

Yes

Power-up, Self-Test
Service (ondemand),
Firmware Update, Verify
Firmware Image Service

13.0 Conclusion

The HSM provides FIPS 140-1 Level 3 cryptographic processing,
acceleration and security for RSA signing and verifying functions. In the
non-FIPS140-1 mode, it can also bulk data cryptographic algorithms for
PKI certificate server, firewall and web server equipment. It is suitable for
use in applications requiring up to 200 public key transactions per second
where protecting critical security parameters is a high priority. Industries
requiring this high level of performance and security include (but are
not limited to) banking, telecommunications, e-commerce, and medical
services. In the area of self-test, the HSM provides capabilities consistent
with FIPS 140-1 Level 4.

Nortel VPN Gateway

User Guide

NN46120-104

02.01

Standard

14 April 2008

Copyright © 2007-2008 Nortel Networks

.