4.0 Capabilities 235

secret is a Key-Wrapping-Key. When two or more boards contain the same Key-Wrapping-Key, they are said to be in the same family. The Key-Wrapping-Key is used to encrypt other keys. These encrypted keys can then be transmitted between boards over untrusted paths under the control of a Rainbow Technologies key management utility. This allows boards to share keys as be appropriate for load distribution or redundancy needs.

The key wrapping key also makes it possible for keys to be stored in encrypted form on backup tapes or hard drives for archival purposes. The keys encrypted with the Key-Wrapping-Key need never exist in plaintext form outside of an HSM.

When an operator uses an HSM, he will be assisted by a key management utility. This utility will prompt the operator when it is time to plug a particular token into a particular HSM. A particular host system may contain one or more HSM’s. So that there is no confusion, the key management utility will control an LED on each HSM to alert the operator to know where to insert a particular token.

1.The HSM can detect attempts to penetrate its cryptographic envelope. If it detects a tamper attempt, the HSM will erase all of the critical security parameters that it contains.

The HSM is controlled through its PCI interface. Commands are entered through the PCI bus, and status is read from the PCI bus. Also, both plaintext and encrypted data is transmitted over the PCI interface. The serial port is disabled in the production version of the HSM. A primary function of the HSM is to securely generate, store, and use private keys (particularly for signing operations).

4.0Capabilities

The HSM is capable of performing a wide variety of cryptographic calculations including DES, SHA-1, DSA, 3DES, RSA exponentiation, RC4 and HMAC. When in the FIPS 140-1 mode, the board can perform DES, 3DES, RSA Signatures, RSA Signature Verifications and SHA-1 functions. When in the non-FIPS 140-1 mode, the board can also perform the RSA exponentiation, RC4, MD5, HMAC (SHA-1 and MD5) and DSA.

The RSA signature and verification implementation is compliant with the PKCS #1 standard. The following table describes how each cryptographic algorithm is used by our module while operating in the FIPS 140-1 Mode:

Algorithm

How it is used by the HSM module

Used in

 

 

FIPS 140-1

 

 

Mode?

 

 

 

DES

The module provides services for encryption/decryption. As currently

No

 

implemented, the plaintext key must be input through the PCI

 

 

interface. Therefore, this algorithm is not accessible in the FIPS

 

 

140-1 Mode. The self-tests perform a known answer test on this

 

 

algorithm in FIPS 140-1 Mode.

 

 

 

 

 

 

 

 

Nortel VPN Gateway

 

 

User Guide

 

 

NN46120-104 02.01 Standard

 

 

14 April 2008

 

Copyright © 2007-2008 Nortel Networks

Page 234 Page 236
Page 235
Image 235
Nortel Networks NN46120-104 manual Capabilities, Algorithm How it is used by the HSM module Used Fips Mode?
Page 234 Page 236

NN46120-104 specifications

Nortel Networks NN46120-104 is a versatile and efficient telecommunications hardware platform designed to meet the demands of modern networking environments. As a part of Nortel’s extensive portfolio, this device showcases the company’s commitment to innovation and reliability in the telecom sector.

One of the main features of the NN46120-104 is its robust performance capabilities. This platform is capable of handling high traffic volumes, making it suitable for medium to large enterprises. With its advanced routing capabilities and support for various protocols, the device ensures seamless communication across multiple network segments, providing efficient data transfer and connectivity.

The NN46120-104 is built upon the foundation of Nortel's renowned Layer 3 switching technology. This allows it to intelligently direct data packets based on their IP addresses, optimizing both speed and reliability. The inclusion of Virtual LAN (VLAN) support enhances network segmentation, improving security and management while reducing broadcast domains.

In terms of interface options, the NN46120-104 supports an array of Ethernet configurations, including Gigabit and Fast Ethernet ports. This flexibility allows organizations to tailor their networking solutions to their specific needs while enabling easy upgrades as technology evolves. The device also supports Power over Ethernet (PoE), facilitating the deployment of powered devices like IP phones and wireless access points without the need for additional power sources.

Another significant characteristic of the NN46120-104 is its robustness in terms of security features. With support for advanced security protocols and features such as Access Control Lists (ACLs), the device helps safeguard sensitive data by controlling traffic flow and restricting unauthorized access.

Additionally, the NN46120-104 is designed for ease of management. It offers an intuitive interface and supports various management protocols, including Simple Network Management Protocol (SNMP), enabling administrators to monitor and configure the device efficiently.

In summary, the Nortel Networks NN46120-104 combines high performance, extensive connectivity options, advanced security features, and ease of management, making it a formidable choice for enterprises looking to enhance their network infrastructure. Its capabilities align well with the rigorous demands of today’s digital communication landscape, ensuring reliability and efficiency in organizational operations.
Top Page Image Contents