adyton

Transcription

adyton

REFERENCE GUIDE
ADYTON
revolutionary
security
Transactional services. Powering progress.
Legal disclaimer and copyrights
The information in this document is subject to change without notice and shall not be
construed as a commitment by Atos Worldline S.A./N.V.
The content of this document, including but not limited to trademarks, designs, logos, text,
images, is the property of Atos Worldline S.A/N.V. and is protected by the Belgian Act of
30.06.1994 related to author’s right and by the other applicable Acts.
ADYTON and the Atos Worldline logo are trademarks of Atos Worldline. Linux is a registered
trademark of Linus Torvalds, Java is a registered trademark of Sun Microsystems Inc. and
ARM is a registered trademark of ARM Limited.
The contents of this document can be reproduced by or on behalf of third parties with the prior
written consent of Atos Worldline S.A./N.V and following its instructions. Atos Worldline S.A/
N.V. accepts no responsibility for errors and omissions introduced when translating this
document.
Except with respect to the limited license to download and print certain material from this
document for non-commercial and personal use only, nothing contained in this document
shall grant any license or right to use any of Atos Worldline S.A./N.V's. proprietary material.
While Atos Worldline S.A./N.V. has made every attempt to ensure that the information
contained in this document is correct, Atos Worldline S.A./N.V. does not provide any legal of
commercial warranty on the document that is described in this specification. The technology
is thus provided “as is” without warranties of any kind, expressed or implied, included those
of merchantability and fitness for a particular purpose. Atos Worldline S.A./N.V. does not
warrant or assume any legal liability or responsibility for the accuracy, completeness, or
usefulness of any information, product or processes disclosed.
To the fullest extent permitted under applicable law, neither Atos Worldline S.A./N.V. nor its
affiliates, directors, employees and agents shall be liable to any party for any damages that
might result from the use of the technology as described in this document (including without
limitation direct, indirect, incidental, special, consequential and punitive damages, lost
profits).
These terms shall be governed by and construed in accordance with the laws of Belgium. You
irrevocably consent to the jurisdiction of the courts located in Brussels for any action arising
from or related to the use of this document.
Document information
document title
ADYTON reference guide
security
unrestricted
last modified
18 July 2013
owner
Baudouin Nyssen
author
Niels Grundtvig Nielsen
product version
2.1
© Atos Worldline 2013
REFERENCE GUIDE
ADYTON
Contents
Introduction ............................................................................................................ 1
Design ................................................................................................................ 1
What’s new in this version .................................................................................. 1
ADYTON overview.................................................................................................. 3
ADYTON rack..................................................................................................... 5
Accessories ........................................................................................................ 6
Chip card ...................................................................................................... 6
For standalone installation............................................................................ 6
Cables for rack installation ........................................................................... 6
USB stick (not included) ............................................................................... 6
User Roles............................................................................................................... 7
Administrator ...................................................................................................... 7
Security Officer ................................................................................................... 7
Key custodian ..................................................................................................... 8
Interfaces ................................................................................................................ 9
Display................................................................................................................ 9
Keypad ............................................................................................................. 11
Authentication devices ..................................................................................... 12
Operating ADYTON .............................................................................................. 13
Power up .......................................................................................................... 13
Insert ADYTON in rack ..................................................................................... 13
Remove ADYTON from rack ............................................................................ 14
Initial configuration ........................................................................................... 14
Logging on........................................................................................................ 17
Logging off........................................................................................................ 17
Screensaver mode ........................................................................................... 17
Reboots and availability ................................................................................... 17
Filter ................................................................................................................. 18
Audit trail .......................................................................................................... 18
Warnings .......................................................................................................... 20
Transport and security...................................................................................... 21
PCI SSC ..................................................................................................... 21
Specifications ....................................................................................................... 23
ADYTON module.............................................................................................. 23
Rack ................................................................................................................. 24
Interfaces (ADYTON and rack) ........................................................................ 24
Certification and compliance ............................................................................ 24
i
PUBLIC
adytonRFGTOC.fm
version 2.1
last updated 18/7/13
REFERENCE GUIDE
ADYTON
Menu tree .............................................................................................................. 25
Keys ................................................................................................................. 25
Users ................................................................................................................ 26
Device .............................................................................................................. 27
Network ............................................................................................................ 28
Status ............................................................................................................... 29
Update.............................................................................................................. 30
Downtime during reboot ............................................................................. 30
Verifying the audit trail with Open SSL .............................................................. 31
ii
PUBLIC
version 2.1
adytonRFGTOC.fm
REFERENCE GUIDE
ADYTON
Introduction
Secure data transaction systems – including token generation, transaction processing,
digital signatures, data protection – are built around a Hardware Security Module
(encryption device). With ADYTON Atos Worldline now offers a revolutionary solution.
This radically new hardware-based cryptographic accelerator provides unprecedented
security, speed and user-friendliness.
ADYTON adds a new dimension to the overall security by including three authentication
methods: the fingerprint, chip-card and password authentication, all of which are
perfectly accessible at the front of the device. ADYTON guarantees dual control for
Administrators and Security Officers.
Meeting all current international standards such as FIPS 140-2 and PCI HSM, ADYTON
is also ready to match future regulatory requirements.
Design
The styling combines fashion and functional perfection – it is the product of ingenious
minds. The housing is aluminium, a perfect heat conductor which allows for passive
cooling. Removing the need for active cooling such as a fan means a lower energy
footprint, lower noise and higher reliability. ADYTON also hosts the latest technology, like
capacitive keys with distinct illumination, a fingerprint-reader, chip-card-reader, USB
connectors and a high-resolution colour display.
With the robust guide rails on each side, ADYTON easily slides into the ADYTON Rack
frame for simple, secure installation in IT-cabinets. This particular rack features two
physical locks, covered mounting holes, two hot-swappable power supplies and 1-gigabit
LAN connectors.
The design quality of the ADYTON has been recognised by awards including:
•
red dot design award 2012
The red dot is acknowledged as the seal of quality for exceptional product design.
•
IF award 2013
The iF product design award has been an internationally recognized label for
award-winning design for 60 years. The iF brand has become a symbol for
outstanding achievements in design.
What’s new in this version
Version 2.1 includes a new menu option to activate/deactivate SNMP traps, described
on page 27.
1
PUBLIC
ad_rfg_introduction.fm
version 2.1
REFERENCE GUIDE
ADYTON
2
ad_rfg_introduction.fm
– empty for double-sided printing –
REFERENCE GUIDE
ADYTON
ADYTON overview
The ADYTON front panel integrates a high-resolution colour display, a touch-sensitive
keypad, a USB port, a fingerprint reader and a chip-card reader. For more information on
the keypad, including the shift/shortcut functions, see Keypad, on page 11.
abc
def
ghi
jkl
mno
pqrs
tuv
wxyz
1
4
5
8
3
6
A
B
D
E
i
C
F
9
[
7
2
0
Figure 1.
OK
Front panel
Power and networking connectors are easily accessible whether the ADYTON is used
standalone or rack-mounted.
3
PUBLIC
ad_rfg_overview.fm
version 2.1
REFERENCE GUIDE
ADYTON
Clearly visible security stickers let you check the integrity of the unit before mounting it
in a rack.
1
7
2
3
6
4
5
Figure 2.
Connectors and security stickers
1
Tamper-evident, holographic sticker (second sticker on underside of
ADYTON)
2
anti-removal lug
3
power supply socket
4
1Gb Ethernet connection
5
USB B (device) connection
6
ADYTON rack interface
7
Kensington lock point
There are two tamper-evident stickers (see Figure 2. Connectors and security stickers,
on page 4) on every ADYTON. Every sticker has its own unique security number, and
uses an extensive range of holographic techniques including:
•
•
•
microtext (for example, the word GENUINE on the crossbar of the A of Atos)
3D and lens effects
rainbow colours that change with the viewing angle
The stickers are also printed on a special backing, so that any attempt to peel them off
or re-use them leaves a visible tear.
4
PUBLIC
version 2.1
ad_rfg_overview.fm
ADYTON rack
The 19” rack was specifically designed to reach a high security level and fit in standard
IT cabinets. The lockable security clips (each with its own key) to either side hold the
ADYTON securely in place thanks to its integrated anti-removal lugs. Closed, the
security clips hide the fixation points, front plate screws and rack fixing screws. The USB
connector on the ADYTON remains available.
Figure 3.
ADYTON rack with ADYTON – front view, security clips open
1
2
Figure 4.
ADYTON rack – back view
1
two 1 Gigabit Ethernet connectors
Note: Ethernet IP1 connector is positioned to the RIGHT of Ethernet IP2
connector.
2
two power connectors for redundant, hot-swappable 12V power supply
ADYTON is immediately powered up when inserted into the rack
To remove a power connector, push the locking lever to the right and pull the connector
from its socket.
5
PUBLIC
ad_rfg_overview.fm
version 2.1
REFERENCE GUIDE
ADYTON
Accessories
ADYTON chip cards and cables are available as accessories.
Chip card
Figure 5.
Chip card
Chip cards are used for
•
•
user authentication
storing key components
You are recommended to use separate chip cards for user authentication and storage.
Every chip card has a unique serial number.
For standalone installation
•
•
•
1x power adaptor (Mean Well, model no. GS60A12)
input: 100-240VAC, 50/60Hz, 1.4A
output: 12V, 5.0 A, max. 60W
Cables for rack installation
2 x power cords with IEC 60320 C14 power plugs
USB stick (not included)
ADYTON supports standard USB sticks formatted as FAT16 and FAT32.
6
PUBLIC
version 2.1
ad_rfg_overview.fm
REFERENCE GUIDE
ADYTON
User roles
ADYTON works with only two user roles: Administrators and Security Officers. The
minimum requirement is to have two Administrators and two Security Officers (A and B;
one per group) enrolled in ADYTON.
Dual authentication is required for most operations, but there are also some freely
accessible functions such as view settings or performance. When dual authentication is
required, the wizards will indicate which user role has to log on.
We recommend enrolling more than two users in each group, to make sure back-ups are
available.
Administrator
The Administrator role is used to enrol users (but not security officers) and perform
configuration tasks. Administrators are grouped together in one single group, indicated
by the icon in the title bar. The title bar also shows the number of logged on
Administrators (0-n).
After two administrators have logged on, tasks that require dual authentication can be
performed without entering the credentials again. The same person may be enrolled both
as an Administrator and as a Security Officer, but must set up different accounts (with
different user names, fingerprints and chip cards) for each role.
The Administrator is also responsible for managing the audit trail; see Audit trail, on
page 18.
While the ADYTON is being configured, the first two administrator accounts can be set
up without logging on. After this, additional administrators can only be enrolled with two
administrators logged on.
Security Officer
The Security Officer role is used for all key management tasks. Security Officer users are
divided into group A and B, indicated by the two icons in the title bar. The icon on the left
refers to Security Officers A and the icon on the right to Security Officers B. The number
of users logged on is indicated in the icons (0-n).
Dual authentication means that at least one Security Officer from each group has to be
logged on.
It is mandatory to use two different security officers (one for each group) to guarantee
dual control. The same individual may be enrolled both as an Administrator and as a
Security Officer, but must set up different accounts (with different user names) for each
role.
7
PUBLIC
ad_rfg_roles.fm
version 2.1
REFERENCE GUIDE
ADYTON
While the ADYTON is being configured, the first two security officer accounts can be set
up without logging in. After this, additional security officers can only be enrolled with two
security officers logged in; at least one of them must belong to the same group as the
new security officer.
Key custodian
Key custodians are responsible for key components, including their secure storage.
Their intervention is required when importing cleartext key components (Load Key) or
exporting cleartext key components (Output Key).
Key Custodians do not normally need to be enrolled in ADYTON. They operate under the
control of the Security Officers (dual control).
8
PUBLIC
version 2.1
ad_rfg_roles.fm
REFERENCE GUIDE
ADYTON
Interfaces
Thanks to its well-designed interfaces, using ADYTON is as simple as using a smartphone.
•
•
•
•
wizards guide the user through each menu
menu titles and short menu trees help navigating through the menus
icons show the available functions corresponding to a key on the keypad
authentication devices are easily accessible and work very fast
Display
ADYTON uses a high-resolution LCD colour display and a consistent structure for menu
screens.
Figure 6. Display
The display is NOT a touch screen.
title bar
The title bar contains the title of the active menu, and shows which users are
logged on. They are identified by icons on the right-hand end of the title bar.
Icons on the left-hand end of the title bar identify the active menu; there is more
information on menu icons under Menu tree, on page 25.
Table 1 Title bar icons
icon
description
Administrators – the number shows how many administrators are
logged on.
1
Security Officers – Left: Security Officer A; Right: Security Officer B.
The numbers show how many security officers are logged on in each
group.
9
PUBLIC
ad_rfg_interfaces.fm
version 2.1
REFERENCE GUIDE
ADYTON
main window
To navigate through the main window use the cursors, shortcut keys or the Back
command. To confirm a selection, touch OK.
function bar
The function bar shows icons for the available functions. Touch the
corresponding key or follow the on-screen instructions to perform the function.
Table 2 Function bar icons
icon
description
Back to main menu. All other shortcuts are also available when this
icon is shown.
OK key
previous page / one step back
left/right cursor (for example, to scroll through keys)
up/down cursor
alphabetic input, lower case (ASCII keys)
alphabetic input, upper case (ASCII keys)
numeric input (ASCII keys)
hexadecimal input (HEX and numeric keys available)
insert ADYTON chip card
remove ADYTON chip card
place finger on fingerprint reader
insert USB device
remove USB device
10
PUBLIC
version 2.1
Keypad
The ADYTON touch-sensitive keypad is made up of:
•
•
•
•
•
•
alphanumeric keys (phone-style)
HEX keys, also used as shortcut keys
cursor keys
Shift / Shortcut key
backspace / Back key
OK key (also for use with checkboxes)
abc
def
ghi
jkl
mno
pqrs
tuv
wxyz
1
4
5
8
3
6
A
B
D
E
i
C
F
9
[
7
2
0
OK
Figure 7. Keypad
Touch Shift/Shortcut to:
•
•
enter an upper-case letter from the alphanumeric keys
use a shortcut function (shown in blue) from the HEX keys
The Shift/Shortcut key changes from white to blue. After you enter an upper-case
letter or touch a shortcut key, the Shift/Shortcut key changes back to white.
The following shortcuts are available.
Table 3 Shortcut keys
normal shifted
description
A
Log off (Exit)
Log off users. The Log off menu opens
B
Information
Open the General Information menu and view serial number,
owner name, firmware and package name
C
Main Menu
Back to the main menu
D
View Keys
Display the list of security keys currently loaded
11
PUBLIC
version 2.1
REFERENCE GUIDE
ADYTON
Table 3 Shortcut keys (continued)
normal shifted
description
E
Network
View the network configuration
F
Performance
View the current performance values (for example,
commands, used capacity)
Back
Go back one page / one step
OK
Select
select a radio button; select/clear a checkbox
Authentication devices
ADYTON offers three authentication devices on the front panel:
•
Fingerprint reader
The thumbprint is probably the most convenient. When enrolling a user, ADYTON
will need several passes to read the print completely. Do not change fingers while
registering a fingerprint!
•
Chip-card reader
Insert the card with the chip facing to the left.
•
ASCII keypad
Users can enter case-sensitive passwords on the keypad.
Note: When enrolling a user you have to define all three authentication tokens. For
logging on later, the user only needs to use two of them.
12
PUBLIC
version 2.1
REFERENCE GUIDE
ADYTON
Operating ADYTON
ADYTON can be operated as a standalone device on a desktop, or integrated into in ITcabinets with the ADYTON Rack.
Table 4 Characteristics
standalone
Touch
rack-mounted
to switch on ADYTON
one 1Gb Ethernet
ADYTON automatically switched on
two 1Gb Ethernet
power supply via separate 12V adaptor two hot-swappable power supplies
(redundant)
USB device connector on the side of
the module
USB device connector on the front of
the rack
Power up
To power up ADYTON in standalone configuration:
1. plug the power supply cable from the adaptor into the power supply socket on
ADYTON
2. connect the adaptor to a mains power socket
3. touch the power button on the front panel
In rack configuration, ADYTON is powered instantaneously when fully inserted into the
rack.
Insert ADYTON in rack
ADYTON has two guide rails on each side for installing the device in the ADYTON rack.
To insert ADYTON into the rack:
1. open the rack doors fully
2. carefully slide the ADYTON into the rack
3. connect the two redundant power supplies
You can also connect the power supplies before inserting the ADYTON into the
rack.
4. close and lock the doors
13
PUBLIC
ad_rfg_operating.fm
version 2.1
REFERENCE GUIDE
ADYTON
Remove ADYTON from rack
To remove ADYTON from the rack:
1. unlock and open the rack doors
2. carefully slide the ADYTON out of the rack
3. close the doors
Initial configuration
At the first power up, ADYTON will start the initialisation wizard, which will guide you
through the process. The initialisation status is indicated by the Wizard icon in the title
bar.
The first three screens in the initialisation process are:
•
Welcome screen
From any point in the wizard you can go back to this screen by touching Shift/
Shortcuts and then the Main menu shortcut.
•
General Information screen
Displays the serial number, owner name, firmware and installed package. You
cannot modify this information, but it may be used for audit purposes (serial number,
version).
•
ADYTON name screen
Enter a name with the ASCII-Keys. Use the [Shift]-key for upper case. The setting
is displayed in the function bar by ABC or abc
If you make a mistake during initialisation, touch Shift/Shortcuts and then the Main menu
shortcut to go back to the Welcome screen and start again. Any information you had
already entered will be discarded. You cannot go back one step.
If you reboot during the initialisation, ADYTON will go to the step where you rebooted.
After the first three screens the initialisation wizard guides you through the six steps of
the initial configuration.
Note: after you configure the network connection or connections, you can complete
the ADYTON configuration manually or duplicate the configuration of another
ADYTON.
14
PUBLIC
version 2.1
ad_rfg_operating.fm
Step 1.
Configure network connection
Prepare the following information: IP-address, Subnet Mask and Gateway.
•
Standalone
In standalone configuration there is only one Ethernet connector available. The
wizard will only guide you through the setup of IP1.
When placed in an ADYTON rack, ADYTON will ask you for the IP2 configuration
after starting up.
•
Rack configuration
In the rack, ADYTON can use two Ethernet connections (IP1 and IP2). The wizard
guides you through the setup of IP1 and IP2.
You can now select:
ᆦ 0DQXDOO\, to configure the ADYTON manually by continuing with steps 2 to 6
ᆧ &ORQLQJIURPPDVWHU, to duplicate the configuration of another ADYTON as
described under 2 Pull configuration, on page 30.
Step 2.
Enroll user (Administrators)
In this step the wizard asks you to enroll at least two administrators. For each
administrator, you need:
•
•
an ADYTON chip card
an individual who will record a fingerprint and define a password
Use at least two different people, to guarantee dual control.
Step 3.
Configure date/time
In this step the wizard prompts you to select the time zone before you set the time and
date.
•
Select the time zone and touch OK.
Use the ASCII keys to select a city/country. You can use the cursor keys to scroll
through the list, or enter all or part of the name with the alphanumeric keys. The list
is refreshed each time you add a letter, to show the nearest match.
•
Use the ASCII keys to enter the date and time, then touch OK
15
PUBLIC
ad_rfg_operating.fm
version 2.1
REFERENCE GUIDE
ADYTON
Step 4.
Enroll user (Security Officers)
In this step the wizard asks you to enroll at least two different security officers. You need:
•
•
two ADYTON chip cards
two security officers – each of them will record a fingerprint and define a password
It is mandatory to use two different security officers (one for group A and group B)
to guarantee dual control.
Step 5.
Load key
In this step the wizard asks you if you want to load a key (Yes or No). If you select Yes,
you have to select the key usage, put in a key name and enter the key components.
Step 6.
Update software
The wizard asks you if you want to update the software (Yes or No). If you select Yes,
be ready to insert the USB storage device with the updates.
16
PUBLIC
version 2.1
ad_rfg_operating.fm
Logging on
Users only need to log on to ADYTON when prompted. Since most operations require
dual authentication, people with the right roles should be present. Logging on requires
two of the three authentication tokens:
•
•
•
chip card
fingerprint
password
Logging off
There are three ways to log off users:
•
open the User management menu and select 5 Log off user; then select the
corresponding user and touch OK to confirm
•
•
use the shortcut to go directly to the Log off menu
wait 15 minutes until ADYTON switches into screensaver mode, where ALL users
will be logged off automatically
Screensaver mode
15 minutes after the last input, ADYTON switches into screensaver mode:
•
•
•
•
display is OFF
keypad illumination is OFF
users are LOGGED OFF automatically
the power LED (green) remains ON
To return to normal mode, tap anywhere on the keypad or touch the power button.
Reboots and availability
While operating ADYTON, the device remains available for all cryptographic services
accessed by the Ethernet ports (host communication). The exception is when the device
needs to be rebooted due to a software upgrade: while rebooting, the host needs to set
up the ADYTON connection again. Users are always warned in advance before any
operation that will require a reboot.
Example: a master ADYTON remains 100% available for cryptographic services while
it is being cloned. The slave ADYTON continues to deliver cryptographic services during
the cloning, unless the software version on the clone and master is different. In this case,
cryptographic services will be unavailable from the slave while it reboots at the end of the
cloning. When cloning involves a software update on the slave, the operator will be
warned about a reboot before starting the cloning.
17
PUBLIC
ad_rfg_operating.fm
version 2.1
REFERENCE GUIDE
ADYTON
Filter
The text entry field at the top of the screen is a filter with auto-complete. As you add
characters to the field, the filter redefines the list of options to show only words including
those characters.
Consider the following list of cities:
Amsterdam
Brussels
Frankfurt
Antwerp
Bucharest
Glasgow
Athens
Budapest
Hamburg
Barcelona
Cardiff
Helsinki
Berlin
Copenhagen
Istanbul
Bremen
Donetsk
Kiev
Bristol
Dublin
Melmby
•
•
if you enter B, the list is refreshed to show Barcelona, Berlin, Bremen, Bristol…
if you enter en, the list is refreshed to show Athens, Bremen, Copenhagen
You can then use the arrow keys to move the selection highlight up and down the list.
Audit trail
Every change to the configuration of the ADYTON is logged in the audit trail, which is
digitally signed by ADYTON to guarantee integrity and authenticity. If the audit trail
reaches 90% full, ADYTON is restricted to Export audit trail. The Administrator is warned
when the audit trail buffer is 60% full.
You can export the audit trail as a delimited text file and read it in a spreadsheet or a text
editor:
•
From the Device menu, select 3 Export audit trail
This function copies the complete audit trail to a USB device and resets the audit
trail on ADYTON.
18
PUBLIC
version 2.1
ad_rfg_operating.fm
•
From the Status menu select 5 Audit trail
The function copies the complete audit trail to a USB device but does not reset the
audit trail on ADYTON or clear the buffer. The screen shows how much of the audit
trail buffer is occupied (in %).
19
PUBLIC
ad_rfg_operating.fm
version 2.1
REFERENCE GUIDE
ADYTON
Warnings
!
Read this section carefully before deleting administrators or security officers, reverting
the ADYTON to default settings, or using the Decommission option.
Remember that to continue normal operations, you need:
•
•
at least two security officers, from different groups
at least two administrators
Deleting security officers
–
there must always be at least two security officers defined, one security
officer group A and one security officer group B
–
if you delete the security officer from a group with only one member, all
keys will be erased.
At the initial configuration, you define at least two security officers: one for group
A and one for group B. Key management operations always require dual
authentication by two security officers, from different groups. If one or other
group does not include a security officer, dual authentication is no longer
possible and ADYTON will erase all keys.
Deleting administrators
At the initial configuration, you define at least two administrators. As soon as
there is only one administrator defined, ADYTON restarts with the factory
default settings. All the configuration information you have entered is lost.
Decommission
Use this option only at end-of-life, when you no longer require the ADYTON unit.
This option destroys all data, keys and software, and the ADYTON will no longer
boot up.
Back to default settings
Use this option only when you want to erase all data you have entered. This
option has no effect on software upgrades.
After resetting the ADYTON, you will need to run the installation wizard again to
set up administrators and security officers.
20
PUBLIC
version 2.1
ad_rfg_operating.fm
Transport and security
Good practice for secure transport of an ADYTON includes the following:
•
•
•
•
•
log hardware serial number before transport
transport rack and ADYTON separately
copy the ADYTON audit trail before transport
check audit trail after transport
check the two tamper evident stickers before and after transport
Verify both the authenticity and the integrity of the stickers: see page 4 for more
information.
•
•
check hardware serial number after transport
boot up the ADYTON to check for tamper alarm
The ADYTON has been transported securely if the tamper-evident stickers are OK, the
audit trails before and after transport match, and no tamper alarm is given when you boot
up the ADYTON. Make a full report after carrying out these checks.
PCI SSC
To meet PCI SSC requirements, you must work with clear procedures that guarantee the
chain of custody at all times. A documented chain of custody must exist to ensure that
all cryptographic hardware is controlled from its receipt through its installation and use.
This means that it must be clear who has responsibility during all the phases: initial,
transport, delivery …
For more information, see the on-line document Payment Card Industry (PCI) PIN
Security Requirements.
21
PUBLIC
ad_rfg_operating.fm
version 2.1
REFERENCE GUIDE
ADYTON
22
ad_rfg_operating.fm
– empty for double-sided printing –
REFERENCE GUIDE
ADYTON
Specifications
Table 5 DEP and ADYTON at a glance
DEP
ADYTON
Movement alarm
Yes
No
Entry of backup key
Yes (DMK)
Yes (DMK or ABK)
Off-line mode
Yes
No (see note)
Connection to port
1000
4000
•
•
A key backup created on a DEP can be restored on an ADYTON, but an ADYTON
backup cannot be used on a DEP.
ADYTON off-line mode: local operations have no impact on host connections, except
when the ADYTON is rebooted after a software update. See also Reboots and
availability, on page 17.
ADYTON module
general specifications
–
–
tamper-evident, tamper-responsive and tamper-proof design
–
around 7,000 digital RSA private key and over 10,000 symmetric key
transactions per second
–
–
–
–
host authentication through SSL (optional)
colour display, fingerprint reader (FIPS 201), chip-card reader, USB-Host,
HEX-keypad
push/pull cloning
dimensions: 24 cm wide x 7 cm high x 18.5 cm deep
power supply 100-240 VAC, 50/60Hz, 1.4A
operating conditions
–
–
operating temperature: 0°C – 35°C
relative humidity: 10% – 90% (non-condensing)
communications
–
–
USB device
1 gigabit LAN connector
basic cryptographics
–
–
random generator (SP800-90)
ad_rfg_specifications.fm
version 2.1
RSA (X9.31 key generation, encrypt/decrypt, sign/verify)
23
PUBLIC
REFERENCE GUIDE
ADYTON
–
–
–
–
–
–
–
ECC (key generation, encrypt/decrypt, sign/verify)
(T)DES (encrypt/decrypt, MAC)
AES (encrypt/decrypt, MAC)
HMAC
MD5, SHA1, SHA2, SHA256, SHA512
X509
All functions supported by OpenSSL Crypto Library (www.openssl.org)
Rack
The optional ADYTON rack farther increases the reliability of the module, and makes it
possible to hot-swap ADYTON.
•
19" rack for integration in standard IT cabinets – 2U High
actual measurements 48 cm wide x 8.8 cm high x 43 cm deep; weight ~15 kg
•
•
•
•
2 redundant hot-swappable power supplies (100-240 VAC, 47-63Hz, 1.5-1A)
2 redundant 1Gb Ethernet
2 physical locks (different keys) to prevent unauthorised removal of ADYTON
USB device connector on front
Interfaces (ADYTON and rack)
•
•
•
•
•
•
•
Dedicated API – for a list of the complete API, please contact your account manager
PKCS #11
JCE (Java Cryptographic Extension)
EJBCA
IAIK-JCE
OpenSSL Engine
SNMP
Certification and compliance
•
•
•
•
•
•
FIPS 140-2 Level 3 certified
Hardware FIPS 140-2 Level 4 certified
FIPS 140-3 (draft) compliant
Fingerprint reader FIPS 201 certified
PCI HSM compliant
FCC and EC certified, ROHS compliant
24
PUBLIC
version 2.1
ad_rfg_specifications.fm
REFERENCE GUIDE
ADYTON
Menu tree
If you are reading this document on-line, click on any command name to see related
access rights and brief notes.
Users
Keys
1 Load key
2 Generate key
3 Delete key
4 View keys
5 Backup keys
6 Restore keys
7 Output key
1 Enroll user
2 View users
3 Modify user
4 Delete user
5 Log off users
Network
1 Configure IP1
2 Configure IP2
3 Configure SSL
4 View configuration
Status
1 General information
2 Logged on users
3 Date/time
4 Licence
5 Audit trail
6 Performance
7 Footprints
Device
1 Set ADYTON name
2 Activate traces
3 Activate SNMP traps
4 Export audit trail
5 Set date/time
6 Back to default settings
7 Decommission
ADYTON
Update
1 Push configuration
2 Pull configuration
3 Update licence
4 Update software
Keys
1 Load key
ACCESS
Dual security officer
Key names are used to identify the key in the server commands.
–
in DEP compatibility mode (DS2/DS3/DS4), the key name should match
the last byte of the key tag
–
In DS5, key names are free text but must match the names used by the
host application
2 Generate key
ACCESS
3 Delete key
ACCESS
25
PUBLIC
ad_rfg_menuTree.fm
version 2.1
REFERENCE GUIDE
ADYTON
4 View keys
ACCESS
No authentication required
–
–
Select a key and touch [OK] to show details
–
You can also use the shortcut
Scroll left/right to view details of the previous/next key.
to view the list of keys
5 Backup keys
ACCESS
Dual security officer or dual administrator
The ADYTON backup key is used to create a backup file containing all the keys.
–
–
all keys in ADYTON are backed up: partial/selective backup is not possible
it is not possible to make a backup protected by the DEP Master Key (DMK)
6 Restore keys
ACCESS
Dual security officer or dual administrator
Supports the restore of a key backup file (ADYTON or DEP)
–
when restoring an ADYTON key backup file, use the same key name as
used for the creation of the ADYTON key backup file
If keys are already present in ADYTON, the Restore operation will execute
replace and add.
–
when restoring a DEP key backup file, enter the correct value of the DEP
Master Key (DMK TDES or DMK AES)
7 Output key
ACCESS
Key Custodian
Cleartext key components can be exported on Adyton chip card
Key cryptograms (asymmetric keys) can be exported on USB
Users
1 Enroll user
For initialisation: no authentication required.
Afterwards: Dual security officer or dual administrator
ACCESS
–
The first two Administrator accounts can be created without any operator
logon.
Once two Administrator accounts are in the user account table, additional
Administrators can only be enrolled under dual Administrator control.
–
The first Security Officer Group A account and the first Security Officer
Group B account can be created without any operator logon.
Additional Security Officers can only be enrolled under dual Security
Officer control. When at least one Security Officer from Group A and at
26
PUBLIC
version 2.1
ad_rfg_menuTree.fm
least one Security Officer from Group B are logged on, all dual control
Security Officer services are available.
When all the security officers logged on are from the same group, new
security officers can only be enrolled in that group.
2 View users
ACCESS
To show user details, select the user and touch [OK]. Use the arrow keys to
scroll.
3 Modify user
ACCESS
The user in question must be authenticated
After authentication (using two tokens) is accepted, the user can update
password, fingerprint or chip card.
4 Delete user
ACCESS
To avoid a situation where a user cannot be deleted, no authentication is
required.
For more details see Warnings, on page 20.
5 Log off users
ACCESS
You can also use the shortcut
Device
1 Set ADYTON name
ACCESS
Dual administrator
2 Activate traces
ACCESS
Dual administrator
All inputs and outputs (server commands) are logged in clear text, even when
using SSL. In case of confidential information, procedural actions will be taken
to protect the data (for example, cardholder data in case of PCI DSS).
3 Activate SNMP traps
ACCESS
Dual administrator
Toggle between:
–
Activate SNMP traps; you will need to specify the IP address of the trap
receiver
–
Deactivate SNMP traps
27
PUBLIC
ad_rfg_menuTree.fm
version 2.1
REFERENCE GUIDE
ADYTON
4 Export audit trail
ACCESS
Dual administrator
The export function copies the audit trail to a USB device as a delimited text file
you can read in a spreadsheet or a text editor, together with a digital signature
and certificate tree, and resets the audit trail on ADYTON. See Verifying the
audit trail with Open SSL, on page 31, for additional information.
If the buffer for the audit trail reaches 90% only the Export audit trail function can
be performed.
5 Set date/time
ACCESS
Dual administrator
Daylight saving time is automatically applied
!
6 Back to default settings
ACCESS
Deletes all keys and user entered data, but has no effect on date/time settings
or software updates. For more details see Warnings, on page 20.
!
7 Decommission ADYTON
ACCESS
Dual administrator
Decommissioning may only be used for an end of life ADYTON. After
decommissioning, ADYTON will not boot any more.
Undoing this action involves huge costs, due to hardware intervention in a repair
environment. For more details see Warnings, on page 20.
Network
1 Configure IP1
ACCESS
2 Configure IP2
ACCESS
3 Configure SSL
ACCESS
Dual administrator
4 View configuration
ACCESS
–
Scroll left/right to view details of other configurations
28
PUBLIC
version 2.1
ad_rfg_menuTree.fm
Status
1 General information
ACCESS
2 Logged on users
ACCESS
To show the details, select the user and touch [OK]. Use the arrow keys to scroll.
3 Date/time
ACCESS
4 Licence
ACCESS
5 Audit trail
ACCESS
Copies the audit trail to a USB device as a delimited text file you can read in a
spreadsheet or a text editor, together with a digital signature and certificate tree,
but does not reset the audit trail on ADYTON. It also shows how much of the
audit trail buffer is still free, as a percentage.
See Verifying the audit trail with Open SSL, on page 31, for additional
information.
6 Performance
ACCESS
Shows the performance in real-time and an estimation of the available capacity
– can be used to scale an ADYTON park.
7 Footprints
ACCESS
Shows information such as the number of keys installed, and a checksum based
on the key values – can be used to compare installations on different ADYTONs.
29
PUBLIC
ad_rfg_menuTree.fm
version 2.1
REFERENCE GUIDE
ADYTON
Update
1 Push configuration
ACCESS
Dual administrator
Duplicate the configuration of a master ADYTON on one or more clone
ADYTONS, by pushing the configuration from master to clones.
•
the remote ADYTON or ADYTONS must be idle or displaying the main menu before
you can start pushing the configuration
•
if the clone ADYTON needs to reboot after the configuration has been duplicated,
you receive a warning
2 Pull configuration
ACCESS
Dual administrator (remote login)
Duplicate the configuration of a (remote) master ADYTON on a clone ADYTON,
by pulling the configuration from master to clone. This can also be done by
running the initialisation wizard on the slave ADYTON again.
•
the remote (master) ADYTON must be idle or displaying the main menu before you
can start pulling the configuration; you receive a warning if this is not the case
•
if a clone ADYTON needs to reboot after the configuration has been duplicated, you
receive a warning
3 Update licence
ACCESS
Dual administrator
4 Update software
ACCESS
Dual administrator
ADYTON has to be rebooted at the end of the software update, which causes a
short downtime.
Downtime during reboot
When the ADYTON needs to be rebooted because of a software upgrade, the host
needs to set up communications again; this involves a short downtime. See Reboots and
availability, on page 17.
30
PUBLIC
version 2.1
ad_rfg_menuTree.fm
REFERENCE GUIDE
ADYTON
Verifying the audit trail with Open SSL
Exporting the audit trail from ADYTON puts the following files on the USB stick:
files with a fixed name
•
•
AtosRootCa.cer
FactIntCa.cer
files with a variable name
•
MmSign.cer, prefixed with the ADYTON serial number: for example
8700C7D4091B415D_MmSign.cer
•
audit-trail.log, prefixed with the ADYTON serial number and including a timestamp:
for example
8700C7D4091B415D_adyton-audit-trail_20130201_114055.log
•
audit-trail signature, prefixed with the ADYTON serial number and including a
timestamp: for example
8700C7D4091B415D_adyton-audit-trail_20130201_114055signature.bin
You can use OpenSSL (version 1.0.1c or higher) from a terminal window to verify the
signature of the audit trail, as follows.
Step 1.
convert the three certificates to PEM-format
openssl x509 -outform PEM -in AtosRootCa.cer -out AtosRootCa.pem
openssl x509 -outform PEM -in FactIntCa.cer -out FactIntCa.pem
openssl x509 -outform PEM -in {serial_}MmSign.cer -out {serial_}MmSign.pem}
Step 2.
Step 3.
combine AtosRootCa.pem and FactIntCa.pem into a single file both.pem
•
on a Windows PC
type AtosRootCa.pem FactIntCa.pem > both.pem
•
on a Linux PC
cat AtosRootCa.pem FactIntCa.pem > both.pem
verify the certificate tree
openssl verify -verbose -CAfile both.pem {MmSign.pem}
When verification is successful, the message {MmSign.pem}: OK is displayed.
Step 4.
calculate hash over audit trail
openssl dgst -sha256 -binary < {audit-trail.log} > hash.bin
Step 5.
verify the audit trail signature
31
PUBLIC
ad_rfg_appxAuditOpenSSL.fm
version 2.1
REFERENCE GUIDE
ADYTON
openssl pkeyutl -verify -in hash.bin -sigfile {audit-trail-signature.bin}
-certin -inkey {MmSign.pem} -pkeyopt digest:sha256 -pkeyopt
rsa_padding_mode:pss
When verification is successful, the message Signature Verified Successfully is
displayed.
32
PUBLIC
version 2.1
ad_rfg_appxAuditOpenSSL.fm

adyton

Transcription

Similar documents

How to make a saddle rack

Invu Document Management Product Sheet

Brochure AP-810-AH-T

Invu Document Management Product Sheet

Trail of Tears (Robert Lindneux in 1942)

TotalCard™ Key Management Data Sheet

What is CETech? - CE Systems, your technical file solution

Ribbon Cutting Ceremony - Great Rivers United Way

RackBuilder® Delivered - Milestone AV Technologies

SSTF - TUHAYE.mxd - South Summit Trails Foundation

ADYTON Reference Guide

bring innovation - Worldline Virtual booth

rhodes food group (pty) ltd - Anti