Authentication

Each SafeNet Luna HSM comes in one of two authentication types – Password authenticated or PED authenticated. The authentication type is configured at the factory and cannot be modified in the field.

For an outline of the key differences between password and PED authentication, see Authentication Types.

Table 1: Authentication Types
Password Authentication PED Authentication
Two-factor authentication not available Two-factor authentication available by way of physical PED key per role and optional PED PIN per key
Authentication can be input locally or from a remote terminal Authentication requires physical local connection or pre-configured remote PED link
Knowledge of partition password sufficient for accessing cryptographic keys Access to cryptographic keys restricted to CO (read/write) and CU (read only), possession of appropriate PED key(s) and potentially their PED PINs required
Dual or multi-person access control not available Dual or multi-person (quorum) access control available by way of MofN (split-knowledge secret sharing)
Key-custodian responsibility and role separation linked to password knowledge only Key-custodian responsibility and role separation linked to partition password knowledge and PED key(s) ownership

For more detailed information on each authentication type, see:

>Password Authentication

>PED Authentication


Customer Support Portal

SafeNet Luna PCIe HSM 7.3 Product Documentation  13 December 2019  Copyright 2001-2019 Thales. All rights reserved.