4 Finite State Machine
As part of FIPS 140-2 Level 2 compliance, the Acme Packet 1100 and Acme Packet 3900 platforms support a Finite State Machine (FSM).
The following Diagram displays the state model of the FSM in the FIPS 140-approved mode of operation:

State Diagram
The following sections describe all states and transitions that can occur with the Finite State Diagram. The finite state machine never ends in an undefined state. Any combination of data and control inputs always place the FSM in a well-defined state.
		
                     
                        
                     	 
                  
               Note:
The inputs described in this document for each state are inputs that would result in a successful operation.State 0 - Power Off
 Either the power
		switch is in the off position, or there is no power connected to the FSM. No
		services are available in this state. This state is available from every other
		state, and can be entered using the power switch and cycling power. 
	 
                     
                     | Transition Number | Transition | Next State | 
|---|---|---|
| 01a | Module is powered on | 0a | 
| Data Input | None | N/A | 
| Data Output | None | N/A | 
| Control Input | Connect Power Supply | N/A | 
| Status Output | LED - power | N/A | 
State 0a - Power On
 The FSM's power
		switch is turned on. No services are available in this state. The FSM
		automatically transitions to the Power-On Self-Tests state. 
	 
                     
                     | Transition Number | Transition | Next State | 
|---|---|---|
| 01b | Begin boot | 1 | 
| Data Input | None | N/A | 
| Data Output | None | N/A | 
| Control Input | Power switch on | N/A | 
| Status Output | LED - power | N/A | 
State 1 - Power-On Self-Tests
 The FSM performs a
		series of self-tests to ensure correct operation; these include a software
		integrity check, cryptographic known answer tests, and other self-tests
		described in the Security Policy. If the POSTs are successful, the module
		continues to boot, and this state automatically transfers to the "No Auth"
		state. If the POSTs should fail, the module transitions to the "Error" state. 
	 
                     
                     | Transition Number | Transition | Next State | 
|---|---|---|
| 13 | Self Tests Pass | 3 | 
| Data Input | None | N/A | 
| Data Output | None | N/A | 
| Control Input | None | N/A | 
| Status Output | Initial login prompt | N/A | 
| 12 | POST Failure | 2 | 
| Data Input | None | N/A | 
| Data Output | None | N/A | 
| Control Input | None | N/A | 
| Status Output | Error logged | N/A | 
| 20 | Power Switch to Off/Reboot | 0 | 
| Data Input | None | N/A | 
| Data Output | None | N/A | 
| Control Input | Disconnect Power Supply | N/A | 
| Status Output | None / Display boot status on startup | N/A | 
State 2 - Error
 This state
		represents an error, such as a POST failure or Conditional Self-Test Failure.
		The FSM halts cryptographic operations and the operator must use any of the 3
		possible recovery options: 
		
                        
                     
                     - Reset the FSM
- Reset the FSM and use the bootloader to select the valid image
- Reset the FSM and use the bootloader to zeroize the system to RMA
| Transition Number | Transition | Next State | 
|---|---|---|
| 20 | Power Switch to Off/Reboot | 0 | 
| Data Input | None | N/A | 
| Data Output | None | N/A | 
| Control Input | Disconnect Power Supply | N/A | 
| Status Output | None / Display boot status on startup | N/A | 
State 3 - No Auth
 The FSM transitions
		to this state when startup has completed and the module is fully configured for
		FIPS mode of operation. In this state no User or Crypto Officer is logged in,
		and the module is in an idle state. The FSM is operational but is not providing
		security services or performing cryptographic functions. Cryptographic keys and
		security parameters are loaded, and the FSM is waiting for data or control
		inputs. The FSM transitions to the User state when a User is successfully
		authenticated or it transitions to the Crypto Officer state when a Crypto
		Officer is successfully authenticated. 
	 
                     
                     | Transition Number | Transition | Next State | 
|---|---|---|
| 34 | User Login | 4 | 
| Data Input | User or SSH public key | N/A | 
| Data Output | Acceptance / Denial of Authentication Attempt | N/A | 
| Control Input | Authentication Data | N/A | 
| Status Output | User Authentication Prompt | N/A | 
| 35 | Crypto Officer Login | 5 | 
| Data Input | Crypto Officer Authentication Data | N/A | 
| Data Output | Acceptance / Denial of Authentication Attempt | N/A | 
| Control Input | Authentication Data | N/A | 
| Status Output | Crypto Officer Authentication Prompt | N/A | 
| 30 | Power Switch to Off/Reboot | 0 | 
| Data Input | None | N/A | 
| Data Output | None | N/A | 
| Control Input | Disconnect Power Supply | N/A | 
| Status Output | None / Display boot status on startup | N/A | 
| 02 | Conditional Test Failure | 2 | 
| Data Input | None | N/A | 
| Data Output | None | N/A | 
| Control Input | None | N/A | 
| Status Output | Error logged | N/A | 
State 4 - User
 The FSM transitions
		into this state when a User authenticates to the module or when an encrypted
		session has been initiated. After successful login, the User has access to the
		services defined in the Roles, Services, and Authentication section of the
		Security Policy. 
	 
                     
                     | Transition Number | Transition | Next State | 
|---|---|---|
| 43 | User Logoff | 3 | 
| Data Input | None | N/A | 
| Data Output | None | N/A | 
| Control Input | Initiate Log Off | N/A | 
| Status Output | Logoff confirmation | N/A | 
| 47 | Initial Bypass | 7 | 
| Data Input | Call from endpoint configured for plaintext received | N/A | 
| Data Output | Plaintext call output | N/A | 
| Control Input | Endpoint Configuration | N/A | 
| Status Output | Call Successful | N/A | 
| 30 | Power Switch to Off/Reboot | 0 | 
| Data Input | None | N/A | 
| Data Output | None | N/A | 
| Control Input | Disconnect Power Supply | N/A | 
| Status Output | None / Display boot status on startup | N/A | 
| 02 | Conditional Test Failure | 2 | 
| Data Input | None | N/A | 
| Data Output | None | N/A | 
| Control Input | None | N/A | 
| Status Output | Error logged | N/A | 
State 5 - Crypto Officer
 This state is
		entered when an operator successfully authenticates as a Crypto Officer. A
		Crypto Officer may configure the FSM as defined in the Secure Operation section
		of the Security Policy. A Crypto Officer can re-enter the 
		No Auth state by
		logging out. The Crypto Officer may return to 
		Power On Self Tests
		state by rebooting the software. Physically removing power from the module will
		return it to the Power Off state. The Crypto Officer can transition to the 
		Edit Configuration
		state to edit the running configuration and manipulate keys. 
	 
                     
                     
                     | Transition Number | Transition | Next State | 
|---|---|---|
| 56 | Initiate Configuration Edit | 6 | 
| Data Input | Configuration Parameters | N/A | 
| Data Output | None | N/A | 
| Control Input | Configuration Parameters | N/A | 
| Status Output | Configuration Verifications | N/A | 
| 53 | Crypto Officer Logoff | 3 | 
| Data Input | None | N/A | 
| Data Output | None | N/A | 
| Control Input | Initiate Log Off | N/A | 
| Status Output | Logoff confirmation | N/A | 
| 50 | Power Switch to Off/Reboot | 0 | 
| Data Input | None | N/A | 
| Data Output | None | N/A | 
| Control Input | Disconnect Power Supply | N/A | 
| Status Output | None / Display boot status on startup | N/A | 
| 02 | Conditional Test Failure | 1 | 
| Data Input | None | N/A | 
| Data Output | None | N/A | 
| Control Input | None | N/A | 
| Status Output | None | N/A | 
State 6 - Edit Configuration
 This state is
		entered from the 
		Crypto Officer
		state with various commands to configure the FSM and enter cryptographic keys.
		Only a Crypto Officer may edit the configuration of the FSM. Once the
		configuration is complete, the new configurations are effective immediately
		once the configuration is activated. The FSM returns to the 
		Crypto Officer
		state when the Crypto Officer has completed configuration. 
	 
                     
                     
                     | Transition Number | Transition | Next State | 
|---|---|---|
| 65 | Edit Configuration Complete | 5 | 
| Data Input | Configuration Parameters | N/A | 
| Data Output | None | N/A | 
| Control Input | Configuration Parameters | N/A | 
| Status Output | Configuration Verifications | N/A | 
| 60 | Power Switch to Off/Reboot | 0 | 
| Data Input | None | N/A | 
| Data Output | None | N/A | 
| Control Input | Disconnect Power Supply | N/A | 
| Status Output | None / Display boot status on startup | N/A | 
| 02 | Conditional Test Failure | 2 | 
| Data Input | None | N/A | 
| Data Output | None | N/A | 
| Control Input | None | N/A | 
| Status Output | Error logged | N/A | 
State 7 - Bypass
 The FSM is
		providing services without cryptographic processing (e.g., transferring
		plaintext calls through the FSM). In this state, the FSM is providing services
		with non-cryptographic processing (e.g., transferring plaintext through the
		module). The FSM can transition to a Bypass state when a call is received from
		an end point configured for non-encrypted calls. 
	 
                     
                     | Transition Number | Transition | Next State | 
|---|---|---|
| 74 | POST Failure | 4 | 
| Data Input | None | N/A | 
| Data Output | None | N/A | 
| Control Input | Call is disconnected | N/A | 
| Status Output | Call ends | N/A | 
| 70 | Power Switch to Off/Reboot | 0 | 
| Data Input | None | N/A | 
| Data Output | None | N/A | 
| Control Input | Disconnect Power Supply | N/A | 
| Status Output | None / Display boot status on startup | N/A |