Performing PED Authentication

When connected, the SafeNet Luna PED responds to authentication commands in LunaSH or LunaCM. Commands that require PED actions include:

>Role login commands (blue, black, gray, or white PED keys)

>Backup/restore commands (red PED keys)

>Remote PED connection commands (orange PED key)

When you issue a command that requires PED interaction, the interface returns a message like the following:

lunash:>hsm login
 
Luna PED operation required to login as HSM Administrator - use Security Officer (blue) PED key.
 

The PED briefly displays the following message before prompting you for the appropriate PED key:

Whenever the Luna PED prompts you to insert a PED key, use the USB port on the top of the PED:

CAUTION!   Multiple failed authentication attempts result in zeroization of the HSM or partition, or role lockout, depending on the role. This is a security measure designed to thwart repeated, unauthorized attempts to access cryptographic material. For details, see Failed Logins.

To perform PED authentication:

1.The PED prompts for the corresponding PED key. Insert the PED key (or the first M of N split-secret key) and press Enter. 

lunacm:>role login -name po
 
        Please attend to the PED. 
 

If the key you inserted has an associated PED PIN, continue to step 2.

If the key you inserted has no PED PIN, but it is an M of N split, skip to step 3.

Otherwise, authentication is complete and the PED returns control to the command interface.

Command Result : No Error
 

2.The PED prompts for the PED PIN. Enter the PIN on the keypad and press Enter.

If the key you inserted is an M of N split, continue to step 3.

Otherwise, authentication is complete and the PED returns control to the command interface.

Command Result : No Error
 

3.The PED prompts for the next M of N split-secret key. Insert the next PED key and press Enter.

If the key you inserted has an associated PED PIN, return to step 2.

Repeat steps 2 and/or 3 until the requisite M number of keys have been presented to the PED. At this point, authentication is complete and the PED returns control to the command interface.

Command Result : No Error
 
lunacm:>


Customer Support Portal

SafeNet Luna Network HSM 7.1 Product Documentation  13 December 2019  Copyright 2001-2019 Thales Group. All rights reserved.