Universal Cloning

The simplest method of migrating key material to a new partition is slot-to-slot cloning. Universal Cloning (CPv4) can be used for key migration to any trusted Thales HSMs that support the Universal Cloning protocol.

Key migration is considered to be a "Hardware to Hardware" flow equivalent to cloning and is not considered to be an export flow.

The term "Key Migration" encompasses all situations where key material (including but not limited to symmetric/asymmetric keys, certificates, and other unstructured/structured objects) protected by an HSM are moved to be protected by another HSM which stands alone.

Universal Cloning focuses on:

>Properties of the KMP supported by Universal Cloning.

>Establishing trust between devices (using PKA and a PSK).

>Sharing keys between PED and PWD authenticated HSMs.

>Configuration of Universal Cloning in the Luna HSMs.

>How Universal Cloning will co-exist with CPv1/CPv3 and SKS.

>Luna HSM Time/Clock management.

>Updating the Root of Trust supported by Luna HSMs.

>Managing unknown objects and attributes.

>Manufacturing and Firmware Update related to Universal Cloning.

>Library APIs to support Universal Cloning.

The primary reason for introducing Universal Cloning in to Luna HSMs is to address the Luna and DPoD interoperability problems. On a larger scale, Universal Cloning can be used to migrate keys to just about any HSM, product, HW or SW as the underlying KMP has very few limitations.

Universal Cloning allows for key migration to any trusted Thales HSMs that also support the Universal Cloning protocol.



	SUPPORT	LEGAL
Luna Cloud HSM Documentation © Copyright 2001-2024, Thales Group Last Updated: 2024-03-21 11:07:25 GMT-04:00	Customer Release Notes Customer Support Portal Support Contacts	End User License Agreement Document Information