Entrust nShield Security Manual page 85

encryption: {A}
B
This notation indicates the result of
Federal Information Processing Standards (FIPS)
The Federal Information Processing Standards (FIPS) were developed by the United
States federal government for use by non-military government agencies and
government contractors. FIPS 140 is a series of publications intended to coordinate
the requirements and standards for cryptographic security modules, including both
their hardware and software components.
All Security Worlds are compliant with FIPS 140-2. By default, Security Worlds are
created to comply with FIPS 140-2 at level 2, but those customers who have a
regulatory requirement for compliance with FIPS 140-2 at level 3 can also choose to
create a Security World that meets those requirements.
For more details about FIPS 140-2, see
2/fips1402.pdf.
Hardserver
The hardserver software controls communication between applications and nShield
modules, which may be installed locally or remotely. It runs as a service on the host
computer. The behavior of the hardserver is controlled by the settings in the
hardserver configuration file.
The hardserver software controls communication between the internal hardware
security module and applications on the network. The module hardserver is
configured using the front panel on the module or by means of uploaded
configuration data. Configuration data is stored on the module and in files in a
specially configured file system on each client computer.
hardware security module (HSM)
A hardware security module (commonly referred to as an HSM) is a hardware device
used to hold cryptographic keys and software securely.
Hash: H(X)
This notation indicates a fixed length result that can be obtained from a variable
length input and that can be used to identify the input without revealing any other
information about it. The nShield module uses the Secure Hash Algorithm (SHA-1) for
its internal security.
Identifier hash: H (X)
ID
An identifier hash is a hash that uniquely identifies a given object (for example, a key)
without revealing the data within that object. The module calculates the identity hash
of an object by hashing together the object type and the key material. The identity
nShield® Security Manual
A encrypted with key B.
http://csrc.nist.gov/publications/fips/fips140-
85 of 90