Service | Description | CSPs Accessed (see section 6 | |
|
| below for complete description of | |
|
| CSPs) |
|
|
|
|
|
Creation/use of secure | The module supports use of | ∙ | IKEv1/IKEv2 Preshared |
management session between | IPSec for securing the |
| Secret |
module and CO | management channel. | ∙ | DH Private Key |
|
| ||
|
| ∙ | DH Public Key |
|
| ∙ | IPSec session encryption |
|
|
| keys |
|
| ∙ | IPSec session |
|
|
| authentication keys |
|
| ∙ | RSA key pair |
|
|
|
|
Creation/use of secure mesh | The module requires secure | ∙ |
|
channel | connections between mesh points | ∙ | 802.11i PMK |
| using 802.11i | ||
|
|
| |
|
| ∙ | 802.11i PTK |
|
| ∙ | 802.11i EAPOL MIC |
|
|
| Key |
|
| ∙ | 802.11i EAPOL |
|
|
| Encryption Key |
|
| ∙ 802.11i | |
|
| ∙ | 802.11i GMK |
|
| ∙ | 802.11i GTK |
|
| ∙ 802.11i | |
|
|
| |
System Status | CO may view system status | See creation/use of secure | |
| information through the secured | management session above. | |
| management channel |
|
|
|
|
|
|
4.2.2 User Services
The User services defined in Remote AP FIPS mode and CPSec protected AP FIPS mode shares the same services with the Crypto Officer role, please refer to Section 4.2.1, “Crypto Officer Services”. The following services are provided for the User role defined in Remote Mesh Portal FIPS mode and Remote Mesh Point FIPS mode:
Service | Description | CSPs Accessed (see section 6 | ||
|
| below for complete description of | ||
|
| CSPs) |
|
|
|
|
|
|
|
Generation and use of 802.11i | When the module is in mesh | ∙ | 802.11i | PMK |
cryptographic keys | configuration, the | ∙ | 802.11i | PTK |
| mesh links are secured with | |||
|
|
|
| |
| 802.11i. | ∙ | 802.11i | EAPOL MIC |
|
|
| Key |
|
|
| ∙ | 802.11i EAPOL | |
|
|
| Encryption Key | |
|
|
|
|
|
36
