9.0 Roles and Services 247

Service

FIPS140-1 Level 3 Mode

Non- FIPS140-1 Mode

 

 

 

 

 

 

 

 

 

 

 

Not auth

User

SO Role

Not auth

User

SO Role

SRDIs Access

 

enticated

Role

 

enticated

Role

 

ed

 

 

 

 

 

 

 

 

Uninitialize Card (note 7)

NO

NO

YES

NO

NO

YES

Destroy all of

 

 

 

 

 

 

 

the following:

 

 

 

 

 

 

 

MK, SOPIN,

 

 

 

 

 

 

 

UserPIN, KWK,

 

 

 

 

 

 

 

SPK, VPK,

 

 

 

 

 

 

 

EPK, DPK

 

 

 

 

 

 

 

 

User Login/Change PIN

YES

NO

NO

YES

NO

NO

UserPIN (read

(note 5)

 

 

 

 

 

 

from trusted

 

 

 

 

 

 

 

interface)

 

 

 

 

 

 

 

 

Create User

NO

NO

YES

NO

NO

YES

UserPIN

 

 

 

 

 

 

 

(create, write

 

 

 

 

 

 

 

to trusted

 

 

 

 

 

 

 

interface)

 

 

 

 

 

 

 

interface)

 

 

 

 

 

 

 

 

User Logout

NO

YES

YES

NO

YES

YES

None

 

 

 

 

 

 

 

 

Derive Key (note 2)

NO

NO

NO

NO

NO

YES

KWK (create)

 

 

 

 

 

 

 

 

Wrap Key (note 4)

NO

YES

YES

NO

YES

YES

KWK (use),

 

 

 

 

 

 

 

Wrap: SPK,

 

 

 

 

 

 

 

DPK

 

 

 

 

 

 

 

 

Unwrap Key (note 4)

NO

YES

YES

NO

YES

YES

KWK (use),

 

 

 

 

 

 

 

Unwrap: SPK,

 

 

 

 

 

 

 

DPK

 

 

 

 

 

 

 

 

Modify Object

NO

YES

YES

NO

YES

YES

None

 

 

 

 

 

 

 

 

RSA Sign (note 4)

NO

YES

YES

NO

YES

YES

SPK (use)

 

 

 

 

Note 1 = The key for these commands is input through the PCI bus (data input interface)

 

Note 2 = This is a PKCS 12 method for deriving a 3DES key from a password, salt and iteration count.

Note 3 = The Exponentiation Using CRT and Exponentiation functions are generic math functions; all parameters are input through the PCI interface (data input interface).

Note 4 = When operating in the FIPS140-1 mode, it is not possible for secret keys, private keys or critical security parameters to cross the PCI bus without being wrapped (encrypted) using the Key-Wrapping Key.

Note 5 = User Login is the process that takes the board from an unauthenticated state to the authenticated state. Only one user may be authenticated at a particular time. Consequently, the User Login process cannot be started from the authenticated state. Nonetheless, the User Login process cannot be completed successfully without authentication.

Note 6 = This command is used for generating the key-wrapping-key.

Note 7 = When the board is in the zeroized state, it is possible to for an unauthenticated user to uninitialize the board.

Note 8 = These operations must access stored cryptographic keys. The keys may not be input through the PCI interface.

Nortel VPN Gateway

User Guide

NN46120-104 02.01 Standard

14 April 2008

Copyright © 2007-2008 Nortel Networks

Page 247
Image 247
Nortel Networks NN46120-104 manual MK, Sopin

NN46120-104 specifications

Nortel Networks NN46120-104 is a versatile and efficient telecommunications hardware platform designed to meet the demands of modern networking environments. As a part of Nortel’s extensive portfolio, this device showcases the company’s commitment to innovation and reliability in the telecom sector.

One of the main features of the NN46120-104 is its robust performance capabilities. This platform is capable of handling high traffic volumes, making it suitable for medium to large enterprises. With its advanced routing capabilities and support for various protocols, the device ensures seamless communication across multiple network segments, providing efficient data transfer and connectivity.

The NN46120-104 is built upon the foundation of Nortel's renowned Layer 3 switching technology. This allows it to intelligently direct data packets based on their IP addresses, optimizing both speed and reliability. The inclusion of Virtual LAN (VLAN) support enhances network segmentation, improving security and management while reducing broadcast domains.

In terms of interface options, the NN46120-104 supports an array of Ethernet configurations, including Gigabit and Fast Ethernet ports. This flexibility allows organizations to tailor their networking solutions to their specific needs while enabling easy upgrades as technology evolves. The device also supports Power over Ethernet (PoE), facilitating the deployment of powered devices like IP phones and wireless access points without the need for additional power sources.

Another significant characteristic of the NN46120-104 is its robustness in terms of security features. With support for advanced security protocols and features such as Access Control Lists (ACLs), the device helps safeguard sensitive data by controlling traffic flow and restricting unauthorized access.

Additionally, the NN46120-104 is designed for ease of management. It offers an intuitive interface and supports various management protocols, including Simple Network Management Protocol (SNMP), enabling administrators to monitor and configure the device efficiently.

In summary, the Nortel Networks NN46120-104 combines high performance, extensive connectivity options, advanced security features, and ease of management, making it a formidable choice for enterprises looking to enhance their network infrastructure. Its capabilities align well with the rigorous demands of today’s digital communication landscape, ensuring reliability and efficiency in organizational operations.