Here is the pictorial explanation of a PED-authenticated HSM where both the PED Key secret and a typed-in PED PIN are necessary to create the PinKey and unlock the HSM. This diagram shows a blue SO (HSM Admin) secret, but the concept is similar for any other type of PED Key (black User/Owner key, red Cloning Domain key, orange Remote PED key, purple Secure Recover key).