Table of Contents
Advertisement
Service
Creation/use of secure
management session between
module and CO
Creation/use of secure mesh
channel
System Status
4.2.2 User Services
The User services defined in Remote AP FIPS mode and CPSec protected AP FIPS mode shares the same
services with the Crypto Officer role, please refer to Section 4.2.1, "Crypto Officer Services". The
following services are provided for the User role defined in Remote Mesh Portal FIPS mode and Remote
Mesh Point FIPS mode:
Service
Generation and use of 802.11i
cryptographic keys
Description
The module supports use of
IPSec for securing the
management channel.
The module requires secure
connections between mesh points
using 802.11i
CO may view system status
information through the secured
management channel
Description
When the module is in mesh
configuration, the inter-module
mesh links are secured with
802.11i.
36
CSPs Accessed
(see section 6
below for complete description of
CSPs)
IKEv1/IKEv2 Preshared
Secret
DH Private Key
DH Public Key
IPSec session encryption
keys
IPSec session
authentication keys
RSA key pair
WPA2-PSK
802.11i PMK
802.11i PTK
802.11i EAPOL MIC
Key
802.11i EAPOL
Encryption Key
802.11i AES-CCM key
802.11i GMK
802.11i GTK
802.11i AES-CCM key
See creation/use of secure
management session above.
CSPs Accessed
(see section 6
below for complete description of
CSPs)
802.11i PMK
802.11i PTK
802.11i EAPOL MIC
Key
802.11i EAPOL
Encryption Key
Advertisement
Table of Contents
