User Guide DDOC0099-000-AH
DTS1 CSfC 2 - 5 Overview
© 2020 Curtiss-Wright Defense Solutions Revision 5.0
Figure 2.6 Hardware Encryption Layer Account Creation
2.3.1.2 Account Login
Any subsequent use of the equipment requires logging in (Figure 2.7) to the HWE layer before
data storage and/or transfer can begin. The user enters their user name and password into the
DTS1. The HWE layer checks the information against its accounts. If the user name and password
are recognized, a random one-time 64-byte key (also referred to as a nonce) is generated. The
nonce is sent to the end-user via the CLI. The user then enters the nonce and their specific-user
token key (generated when the account was created) into a third-party HMAC-SHA384 generator
using the user token as the key. The CLI then sends this data as a user-generated HMAC to the
DTS1 HWE layer. The layer compares the user HMAC and the HWE layer HMAC. If they are the
same, the user is logged in. If they do not compare, the user is denied access.
TERMINAL / PC
DTS1
CLI
HARDWARE
CRYPTO LAYER
Internally Generate
32-byte User
Token Key
PSK Keywraps
User Token
Key (AES256
Keywrap)
PSK
Generate
HMAC
(User Token
Key and PSK)
Send Encrypted
User Token
Key and HMAC
Login / Create
Account on
Hardware
Encryption
Layer
Validate HMAC (Use
PSK and Encrypted
User Token Key)
User Token Key is
Now a Specific-User
Token Key Tied to
Account
Decrypt User Token
Key (Use PSK )
DDOC0099-0017
TERMINAL / PC
DTS1
CLI
HARDWARE CRYPTO LAYER
Check / Verify End-User
Name / Password
Against Account Information
Generate Random One-Time
Use 64-byte Key (Nonce)
Send Nonce
Generate HMAC (Nonce
and Specific-User
Token Key)
Compare User HMAC
and Hardware Encryption
Layer HMAC
Log Into
Previously
Created
Account
Send
User-Generated
HMAC
User Generates
HMAC via 3rd-Party
Software (Use Specific
User Token Key
and Nonce)
If Comparison Passes,
User is Logged In
If Comparison Fails,
User is Denied Access
DDOC0099-0018
To Next Page
Loading...
Need help?
General
