iTP Secure WebServer System Administrator's Guide (iTPWebSvr 6.0+)
Integrating the WebSafe2 Internet Security
Processor (WISP)
iTP Secure WebServer System Administrator’s Guide—523346-002
5-2
The WISP provides maximum security for private communication because
•
It encrypts the iTP Secure WebServer’s private key with a Master File Key (MFK).
The WISP keeps the only copy of the MFK.
•
The WISP’s contents cannot be accessed over a network.
WISPs use industry-standard RSA and DES algorithms to offload the public/private key
encryption/decryption tasks from the server. It provides a physically and logically
secure location for these tasks to be performed, preventing unwanted access to keying
material. The contents of WISPs are protected by the MFK, which is a key loaded into
it at initialization time. The WISP can only be initialized and managed using a device
called a Secure Configuration Terminal (SCT); it cannot be controlled or its contents
accessed using a network connection.
WISPs are equipped with sensors designed to detect tampering, extreme variations in
temperature, and dangerous fluctuations in voltage.
Figure 5-1. WebSafe2 Internet Security Processors (WISPS) in an iTP Secure
WebServer Environment
WebSafe2
Interface Driver
(WID)
iTP Secure
WebServer
NonStop Kernel
Web
Clients
3615 Ethernet
LAN Controller
WebSafe2
Internet Security
Processors
(WISPs)
CDT012.CDD
3615 Ethernet
LAN Controller