|
Home > |
|---|
As soon as it receives power, the PED performs its start-up and self-test routines and then goes into its normal operating mode.
The Luna PED automatically detects the active interface that it is plugged into, and defaults to the appropriate mode after the first command is sent to it. The Luna PED waits in either Remote PED-USB mode (if the PED is connected to the USB port in the back of the HSM card) or in its Scanning state (if the PED is connected to an SCP port) until a command is received from the HSM.
•If the PED is directly connected to the HSM via USB port, it enters Local PED-USB mode.
•If the PED is remotely connected to the HSM via remote host, it enters Remote PED-USB mode.
•If the PED is directly connected to the HSM via SCP port, it enters Local PED-SCP mode.
If you need to switch between these modes, press < to navigate to the main menu. Then, press 1 to enter Local PED-SCP mode or press 0 to enter Local PED-USB mode.
Note: To operate in Local PED-USB mode, the PED must be connected directly to the HSM card's USB port, and not one of the other USB connection ports on the
There are several things that you can do with the PED at this point:
•Wait for a prompt, which results when a program has caused the HSM to request authentication.
•Imprint new PED keys. See Creating New PED Keys.
•Create copies of your PED keys. See Duplicating Existing PED Keys.
•Change to the Remote Mode (which expects encrypted commands from a computer USB connection, where you would be running PED Server, rather than from a direct PED-HSM connection). See "Changing Menus" on page 1.
•Change to the Admin Mode to run tests or update PED software. See "Changing Menus" on page 1.
When you perform an HSM operation that requires a PED key, you should already have the PED connected to the HSM or appliance.
When the command is issued, the system tells you when to look to the PED. The PED prompts you when to insert various PED keys, appropriate to the task. When prompted, insert the indicated PED key into the PED, then respond to further instructions on the PED display.
To perform prompted actions, just do what is asked on the PED screen. Normally the prompts are:
•Insert a PED key
•Press Yes, No or Enter on the keypad
The authentication information for your HSM roles is contained on the PED key, and Luna PED is the device that provides the interface so that authentication data can pass between PED key and HSM.
You should have the PED connected and in Local PED-USB mode when you issue a command that invokes the PED.
The keypad on the PED is used to acknowledge prompts on the PED screen and to optionally input a “something you know” PED PIN to augment the “something you have” secret contained in the PED key.
If you are using the Activation/Auto-Activation feature then, after authentication, the data is cached on the HSM, where it remains until you deactivate or remove power to the HSM. In that case, once the authentication is performed, you can disconnect the PED and store it until the next time it is required. See Activation and Auto-Activation on PED-Authenticated Partitions.
If you are not using Activation, then authentication data is not cached and every time you or your client application needs access to the HSM, the HSM will look to the PED, which must remain connected.
Upon successful authentication, you can continue with your operations (initializing the HSM, using the shell or LunaCM, duplicating keys, etc.).