Specifications
© Copyright 2007 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
24
TLS
Encryption
Key
AES/TRIPLE-
DES
Key used to encrypt TLS session
data
DRAM Automatically when
TLS session is
terminated
TLS Integrity
Key
HMAC-SHA-1 HMAC-SHA-1 used for TLS data
integrity protection
DRAM Automatically when
TLS session is
terminated
Table 5 - Cryptographic Keys and CSPs
SRDI/Role/Service
Access Policy
(r = read,
w = write,
d = delete)
Roles/Service
User Role
Status Functions
Network Functions
Terminal Functions
Directory Services
SSL-TLS/VPN
EASY VPN
Crypto Officer Role
Configure the Router
Define Rules and Filters
Status Functions
Manage the Router
Set Encryption/Bypass
Change WAN Interface Cards
Security Relevant Data Item
PRNG Seed
r
d r
w
d
PRNG Seed Key
r
d r
w
d
Diffie Hellman private
exponent
r
r
w
d
Diffie Hellman public
key
r
r
w
d
skeyid
r
r
w
d
r
w
d
skeyid_d
r
r
w
d
r
w
d
skeyid_a
r
r
w
d
r
w
d
skeyid_e
r
r
w
d
r
w
d
IKE session encrypt
key
r
r
w
d
r
w
d
IKE session
authentication key
r
r
w
d
r
w
d