36
Service
Description
CSPs Accessed
(see section 6
below for complete description of
CSPs)
Creation/use of secure
management session between
module and CO
The module supports use of
IPSec for securing the
management channel.
IKEv1/IKEv2 Preshared
Secret
DH Private Key
DH Public Key
IPSec session encryption
keys
IPSec session
authentication keys
RSA key pair
Creation/use of secure mesh
channel
The module requires secure
connections between mesh points
using 802.11i
WPA2-PSK
802.11i PMK
802.11i PTK
802.11i EAPOL MIC
Key
802.11i EAPOL
Encryption Key
802.11i AES-CCM key
802.11i GMK
802.11i GTK
802.11i AES-CCM key
System Status
CO may view system status
information through the secured
management channel
See creation/use of secure
management session above.
4.2.2 User Services
The User services defined in Remote AP FIPS mode and CPSec protected AP FIPS mode shares the same
services with the Crypto Officer role, please refer to Section 4.2.1, “Crypto Officer Services”. The
following services are provided for the User role defined in Remote Mesh Portal FIPS mode and Remote
Mesh Point FIPS mode:
Service
Description
CSPs Accessed
(see section 6
below for complete description of
CSPs)
Generation and use of 802.11i
cryptographic keys
When the module is in mesh
configuration, the inter-module
mesh links are secured with
802.11i.
802.11i PMK
802.11i PTK
802.11i EAPOL MIC
Key
802.11i EAPOL
Encryption Key