Password-authenticated HSM | PED-authenticated HSM | |
---|---|---|
Ability to restrict access to cryptographic keys |
|
|
Dual Control |
|
|
Key-custodian responsibility |
|
|
Role-based Access Control (RBAC) - ability to confer the least privileges necessary to perform a role |
roles limited to:
|
available roles:
for all roles, two-factor authentication (selectable option) and MofN (selectable option)
|
Two-factor authentication for remote access |
|
|
"About Password Authentication"
"About Trusted Path Authentication"
Password Authentication (option)
PED Authentication (trusted path) (option)
PED Keys and Operational Roles
Multiple or Duplicate PED Keys
Complexity When Managing PED Keys
Updating PED Key for a Backup Token
Init an HSM with Existing Domain & Shared PED Keys
General Advice on PED Key Handling
Actions that need a PED Key - actions that don't