5 sram, 6 real time clock/battery powered ram (rtc/bbram), 7 programmable logic device (pld) – Nortel Networks NN46120-104 User Manual

8.0 Definition of Security Relevant Data Items

239

It also contains public keys and other information that are not considered
dangerous if exposed (certificates, public keys, encrypted data, encrypted
keys and hash values used for authentication).

7.5 SRAM

SRAM is Static Random Access Memory. This memory will be used to
store plaintext data, ciphertext data, symmetric keys, asymmetric keys,
intermediate values, and firmware after it has been loaded from Flash.

7.6 Real Time Clock/Battery Powered RAM (RTC/BBRAM)

This component is used to store values that are to be retained when PCI
power is removed. This includes the master key (MK) that can be used to
decrypt encrypted private keys and symmetric keys stored in Flash. The
RTC is used to provide input to the key generation process so that it is
consistent with FIPS 140-1 key generation requirements.

7.7 Programmable Logic Device (PLD)

This component embodies all additional logic necessary to interface
components contained within the security envelope.

7.8 USB (Universal Serial Bus) Controller

This component allows the board to communicate with an iKey. The iKey
is used to store a Personal Identification
Number PIN that allows for user authentication, or to store key parts for
moving keys from one HSM to another HSM.

7.9 Universal Asynchronous Receiver Transmitter (UART)

This component is disabled in the production version of the HSM board.

7.10 33MHz Clock

This circuitry generates a square wave to provide the primary system clock
and to synchronize the various components of the HSM with the operation
of the FastMap chip.

8.0 Definition of Security Relevant Data Items

The following are the security relevant data items in this module:
Master Key (MK) = The 3DES3KEY key which encrypts all non-volatile
critical security parameters that are stored within the module (in the flash).
The master key is stored in the BBRAM, and is destroyed when power is
removed from both the PCI interface and the battery, and by the tamper
detection circuitry whenever tampering is detected. The master key is
randomly generated when the board is initialized (the Security Officer
role is created). Security Officer role PIN (SOPIN) = The SO role PIN is
generated randomly when the board is initialized. It is written to an iKey
token through the trusted USB interface. Refer to following section 9.2 for
a description of how this PIN is used for authentication.
User Role PIN (UserPIN) = The User Role PIN is generated randomly

Nortel VPN Gateway

User Guide

NN46120-104

02.01

Standard

14 April 2008

Copyright © 2007-2008 Nortel Networks

.