Performing PED Authentication

When connected, the Luna PED responds to authentication commands in LunaCM. Commands that require PED actions include:

>Role login commands (blue, black, gray, or white PED keys)

>Backup/restore commands (red PED keys)

>Remote PED connection commands (orange PED key)

NOTE   The PED screen prompts for a Black PED Key for any of "User", "Crypto Officer", "Limited Crypo Officer", "Crypto User". The PED is not aware that the key you present has a black or a gray sticker on it. The colored stickers are visual identifiers for your convenience in keeping track of your PED Keys. You differentiate by how you label, and how you use, a given physical key that the PED sees as "black" (once it has been imprinted with a secret).  

When you issue a command that requires PED interaction, the interface returns a message like the following:

lunacm:>role login -name po

        Please attend to the PED. 

The PED briefly displays the following message before prompting you for the appropriate PED key:

Whenever the Luna PED prompts you to insert a PED key, use the USB port on the top of the PED:

CAUTION!   Multiple failed authentication attempts result in zeroization of the HSM or partition, or role lockout, depending on the role. This is a security measure designed to thwart repeated, unauthorized attempts to access cryptographic material. For details, see Logging In as HSM Security Officer or Logging In to the Application Partition.

To perform PED authentication

1.The PED prompts for the corresponding PED key. Insert the PED key (or the first M of N split-secret key) and press Enter.

lunacm:>role login -name po

        Please attend to the PED. 

If the key you inserted has an associated PED PIN, continue to step 2.

If the key you inserted has no PED PIN, but it is an M of N split, skip to step 3.

Otherwise, authentication is complete and the PED returns control to the command interface.

Command Result : No Error

2.The PED prompts for the PED PIN. Enter the PIN on the keypad and press Enter.

If the key you inserted is an M of N split, continue to step 3.

Otherwise, authentication is complete and the PED returns control to the command interface.

Command Result : No Error

3.The PED prompts for the next M of N split-secret key. Insert the next PED key and press Enter.

If the key you inserted has an associated PED PIN, return to step 2.

Repeat steps 2 and/or 3 until the requisite M number of keys have been presented to the PED. At this point, authentication is complete and the PED returns control to the command interface.

Command Result : No Error