Authentication
Each SafeNet Luna HSM comes in one of two authentication types – Password authenticated or PED authenticated. The authentication type is configured at the factory and cannot be modified in the field.
For an outline of the key differences between password and PED authentication, see Authentication Types.
Table 1: Authentication Types
Two-factor authentication not available |
Two-factor authentication available by way of physical PED key per role and optional PED PIN per key |
Authentication can be input locally or from a remote terminal |
Authentication requires physical local connection or pre-configured remote PED link |
Knowledge of partition password sufficient for accessing cryptographic keys |
Access to cryptographic keys restricted to CO (read/write) and CU (read only), possession of appropriate PED key(s) and potentially their PED PINs required |
Dual or multi-person access control not available |
Dual or multi-person (quorum) access control available by way of MofN (split-knowledge secret sharing) |
Key-custodian responsibility and role separation linked to password knowledge only |
Key-custodian responsibility and role separation linked to partition password knowledge and PED key(s) ownership |
For more detailed information on each authentication type, see:
>Password Authentication
>PED Authentication