You are here: Administration & Maintenance Manual > HSM Administration > Authenticating - PED and Password > PED (Trusted Path) Authentication - About



About Trusted Path Authentication

   A picture of an iKey PED Key, with no label.           












This section applies to versions of SafeNet HSM that control access via Trusted Path Authentication - that is, HSMs that control access by means of the PED and PED Keys, rather than by typed-in text strings. For Luna HSMs, this is sometimes referred to as "FIPS 140-2 Level 3" or simply "FIPS Level 3" or "FIPS 3" authentication.

If you did not receive a Luna PED and PED Keys, then your Luna HSM probably uses Password Authentication, and not Trusted Path Authentication (verify with the hsm displayLicenses command), and the pages in this section do not apply to you.
"About Password Authentication", instead.  

You can also verify the type of a Luna HSM by running the hsm showPolicies command. The output includes these lines near the top:
Description                          Value
===========                          =====
Enable PIN-based authentication                   Disallowed
Enable PED-based authentication               Allowed
The above result is from a PED-authenticated HSM.
A Password-authenticated HSM would show:
Description                           Value
===========                           =====
Enable PIN-based authentication             Allowed
Enable PED-based authentication      Disallowed

The Trusted Path is the connection between the Luna PED and the Luna HSM front panel. For local PED, the connection is a secure physical link, directly to the HSM, bypassing the computer memory and bus. For Remote PED, the connection is a cryptographically secured link across the network - when credentials travel between PED and HSM, they are encrypted throughout the journey. At no time does an authentication secret exist in-clear, anywhere in computer memory or on any computer bus.

In general, there are three paths to access the Luna HSM:

For SafeNet HSM with Trusted Path Authentication (see this diagram), the various, layered roles are protected by a combination of PED Keys and passwords:


What's The One-Sentence Summary of How This Works?

How about two sentences?

Objects on the HSM are encrypted by the owner of the HSM Admin space or of the User space (partition), and can be decrypted and accessed only by means of the specific secret injected from the blue PED Key (HSM Admin) or the black PED Key (User) respectively.

If you cannot present the secret (the PED Key) that encrypted the objects, then the HSM is just a secure storage device to which you have no access, and those objects might as well not exist.


Not mentioned above is the Auditor. This role combines a special, limited-access appliance account, and a special HSM role (authenticated by the white PED Key), for the purpose of managing HSM audit logs. These roles are distinct and separate from other roles on the appliance and the HSM, conforming to the requirements of auditing standards.


See Also




What is initialization?

Luna PED 2.x - About

Luna PED [General]

PED Keys

What is a PED PIN?

What is a Group PED Key

What is a duplicate PED Key?

What is a Domain PED Key?

How to Use a Luna PED

HSM - PED interaction

About Remote PED

Remote PED Architecture

MofN, About