SafeNet Luna PED Hardware Functions
The SafeNet Luna PED reads authentication secrets from PED keys on behalf of an HSM or partition. This section contains the following information about the Luna PED device:
Physical Features
The SafeNet Luna PED is illustrated below, with important features labeled.
1 | Liquid Crystal Display (LCD), 8 lines. |
2 | Keypad for command and data entry. See Keypad Functions. |
3 | DC power connector. Not used for PED version 2.8 and above. |
4 | USB mini-B connector. Used for connecting to the HSM and for file transfer to or from the PED. PED version 2.8 and above is powered by this USB connection. |
5 | Micro-D subminiature (MDSM) connector. Not used for Luna release 7.x. |
6 | USB A-type connector for PED keys. |
7 | PED key. Keys are inserted in the PED key connector (item 6). |
Keypad Functions
The Luna PED keypad functions are as follows:
Key | Function |
---|---|
Clear |
>Clear the current entry, such as when entering a PED PIN >Hold the key down for five seconds to reset the PED during an operation. This applies only if the PED is engaged in an operation or is prompting for action. There is no effect when no command has been issued or when a menu is open. |
< |
>Backspace: clear the most recent digit you typed on the PED. >Exit: return to the previous PED menu. |
> |
>Log: displays the most recent PED actions (since entering Local or Remote Mode). |
Numeric keys |
>Select numbered menu items. >Input PED PINs. |
Yes and No |
>Respond to Yes or No questions from the PED. |
Enter |
>Confirm an action or entry. |
Modes of Operation
The Luna PED can operate in four different modes, depending on the type of HSM connection you want to use:
>Local PED-SCP: This mode is reserved for legacy SafeNet Luna 6.x HSMs that use an MDSM connector between the PED and the HSM. It does not apply to Luna 7.x. Initial HSM configuration must be done in Local PED mode. See Local PED Setup for instructions.
>Admin: This mode is for upgrading the PED device firmware, diagnostic tests, and PED key duplication. See Admin Mode Functions for the functions available in this mode.
>Remote PED: In this mode, the PED is connected to a remote workstation and authenticated to the HSM with an orange PED key containing a Remote PED Vector (RPV) secret. This mode allows the SafeNet Luna PCIe HSM to be located in a data center or other location restricting physical access. See for more information.
>Local PED-USB: In this mode, the PED is connected directly to the HSM card with a USB mini-B to USB-A connector cable. Initial HSM configuration must be done in Local PED mode.
If the Luna PED is connected to an interface when it is powered up, it automatically detects the type of connection being used and switches to the appropriate mode upon receiving the first command from the HSM.
Changing Modes
If you change your PED configuration without disconnecting the PED from power, you must select the correct mode from the main menu.
To change the Luna PED's active mode:
1.Press the < key to navigate to the main menu.
The main menu displays all the available modes, as well as the PED’s current firmware version.
2.Press the corresponding number on the keypad for the desired mode.
NOTE The Luna PED must be in Local PED-USB mode when connected to a Release 7.x SafeNet Luna PCIe HSM card, or LunaCM will return an error (CKR_DEVICE_ERROR) when you attempt authentication.
Admin Mode Functions
In this mode, you can upgrade the PED device software, run diagnostic tests, and duplicate PED keys without having the Luna PED connected to an HSM. Press the corresponding number key to select the desired function.
>PED Key: allows you to identify the secret on an inserted PED key, or duplicate the key, without having the Luna PED connected to an HSM.
>Backup Devices: Not applicable to Luna 7.x.
>Software Update: requires a PED software file and instructions sent from Thales Group.
>Self Test: test the PED’s functionality. Follow the on-screen instructions to test button functions, display, cable connections, and the ability to read PED keys. The PED returns a PASS/FAIL report once it concludes the test.