8.0 Definition of Security Relevant Data Items 239

It also contains public keys and other information that are not considered dangerous if exposed (certificates, public keys, encrypted data, encrypted keys and hash values used for authentication).

7.5 SRAM

SRAM is Static Random Access Memory. This memory will be used to store plaintext data, ciphertext data, symmetric keys, asymmetric keys, intermediate values, and firmware after it has been loaded from Flash.

7.6 Real Time Clock/Battery Powered RAM (RTC/BBRAM)

This component is used to store values that are to be retained when PCI power is removed. This includes the master key (MK) that can be used to decrypt encrypted private keys and symmetric keys stored in Flash. The RTC is used to provide input to the key generation process so that it is consistent with FIPS 140-1 key generation requirements.

7.7 Programmable Logic Device (PLD)

This component embodies all additional logic necessary to interface components contained within the security envelope.

7.8 USB (Universal Serial Bus) Controller

This component allows the board to communicate with an iKey. The iKey is used to store a Personal Identification

Number PIN that allows for user authentication, or to store key parts for moving keys from one HSM to another HSM.

7.9 Universal Asynchronous Receiver Transmitter (UART)

This component is disabled in the production version of the HSM board.

7.10 33MHz Clock

This circuitry generates a square wave to provide the primary system clock and to synchronize the various components of the HSM with the operation of the FastMap chip.

8.0 Definition of Security Relevant Data Items

The following are the security relevant data items in this module: Master Key (MK) = The 3DES3KEY key which encrypts all non-volatile critical security parameters that are stored within the module (in the flash). The master key is stored in the BBRAM, and is destroyed when power is removed from both the PCI interface and the battery, and by the tamper detection circuitry whenever tampering is detected. The master key is randomly generated when the board is initialized (the Security Officer role is created). Security Officer role PIN (SOPIN) = The SO role PIN is generated randomly when the board is initialized. It is written to an iKey token through the trusted USB interface. Refer to following section 9.2 for a description of how this PIN is used for authentication.

User Role PIN (UserPIN) = The User Role PIN is generated randomly

Nortel VPN Gateway

User Guide

NN46120-104 02.01 Standard

14 April 2008

Copyright © 2007-2008 Nortel Networks

Page 239
Image 239
Nortel Networks NN46120-104 manual Definition of Security Relevant Data Items

NN46120-104 specifications

Nortel Networks NN46120-104 is a versatile and efficient telecommunications hardware platform designed to meet the demands of modern networking environments. As a part of Nortel’s extensive portfolio, this device showcases the company’s commitment to innovation and reliability in the telecom sector.

One of the main features of the NN46120-104 is its robust performance capabilities. This platform is capable of handling high traffic volumes, making it suitable for medium to large enterprises. With its advanced routing capabilities and support for various protocols, the device ensures seamless communication across multiple network segments, providing efficient data transfer and connectivity.

The NN46120-104 is built upon the foundation of Nortel's renowned Layer 3 switching technology. This allows it to intelligently direct data packets based on their IP addresses, optimizing both speed and reliability. The inclusion of Virtual LAN (VLAN) support enhances network segmentation, improving security and management while reducing broadcast domains.

In terms of interface options, the NN46120-104 supports an array of Ethernet configurations, including Gigabit and Fast Ethernet ports. This flexibility allows organizations to tailor their networking solutions to their specific needs while enabling easy upgrades as technology evolves. The device also supports Power over Ethernet (PoE), facilitating the deployment of powered devices like IP phones and wireless access points without the need for additional power sources.

Another significant characteristic of the NN46120-104 is its robustness in terms of security features. With support for advanced security protocols and features such as Access Control Lists (ACLs), the device helps safeguard sensitive data by controlling traffic flow and restricting unauthorized access.

Additionally, the NN46120-104 is designed for ease of management. It offers an intuitive interface and supports various management protocols, including Simple Network Management Protocol (SNMP), enabling administrators to monitor and configure the device efficiently.

In summary, the Nortel Networks NN46120-104 combines high performance, extensive connectivity options, advanced security features, and ease of management, making it a formidable choice for enterprises looking to enhance their network infrastructure. Its capabilities align well with the rigorous demands of today’s digital communication landscape, ensuring reliability and efficiency in organizational operations.