HSM Authentication with One PED PIN

Home >

HSM Authentication with One PED PIN

Here is the pictorial explanation of a PED-authenticated HSM where both the PED Key secret and a typed-in PED PIN are necessary to create the PinKey and unlock the HSM. This diagram shows a blue SO secret (HSM Admin or application partition), but the concept is similar for any other type of PED Key (black Crypto Officer key, gray Crypto User key, red Cloning Domain key, orange Remote PED key, purple Secure Recover key).

An HSM authentication secret (on a PED Key) combines with a typed-in secret (a PED PIN) to create the secret that unlocks the HSM

For the same concept expanded to "duplicate" PED Keys, where they unlock the same role or partition, but where each holder has applied a different PED PIN, see HSM Authentication Model with Two PED PINs.

For a description of authentication where both MofN and PED PINs have been invoked for a single role or partition, see HSM Authentication Model with both PED PIN and MofN.