HSM Management

Setting the Security Policy

The most important aspect of SafeNet ProtectToolkit-C administration is choosing the settings, or Security Policy, which will determine how SafeNet ProtectToolkit-C can be used. The Administrator is strongly advised to read Security Policies and User Roles, which explains how different settings affect the security and performance of the SafeNet ProtectToolkit-C environment.

To set the HSM security policy:

1.Select Edit> Security Mode...

2.Select the required settings from the Modify Security Mode dialog box.

3.Click OK to store the selected security policy.

Setting the Transport Mode

The HSM transport mode is used to set the method in which the HSM responds when removed from the PCI bus.

To set the HSM transport mode:

1.Select Edit> Transport Mode... to open the Transport Mode dialog box.

2.Choose from the following selections:

Disabled

To be applied when HSM is installed and configured. This mode will tamper the HSM if removed from the PCI bus.

Single Shot

The HSM will not be tampered after removal from the PCI bus. HSM will automatically disable Transport Mode the next time the HSM is reset or power is removed and restored.

Continuous

The HSM will not be tampered by being removed from the PCI bus.

NOTE   The transport mode does not disable the tamper response mechanism entirely. Any attempt to physically attack the HSM will still result in a tamper event.

3.Click OK to set the Transport Mode.

Clock Drift Correction

The HSM hardware's internal clock may occasionally need to be adjusted, due to clock drifts and other timing differences between the HSM and the host system. The clock can be adjusted manually or synchronized with the host system's clock (recommended).

To synchronize the HSM clock:

1.Select Edit> Clock.

The current value of the HSM clock is displayed.

2.Edit the date and time manually, or synchronize the HSM clock to the host clock (recommended) by clicking Synch.

3.Click OK to close the dialog box.

Viewing and Purging the System Event Log

SafeNet ProtectToolkit-C maintains a system event log as a means of tracking serious hardware or operational faults, tamper events, and self-test error information. For full details on what the event log stores and how to interpret its data, please refer to Using the System Event Log.

When the event log is full, the HSM will no longer store new event records and will need to be purged. The event log cannot be purged until it is full.

To view the event log:

Select Event Log> Event Log View.

A dialog is shown containing a list of events with columns for “Firmware Type”, “Firmware Date”, “Error”, “Date”.

To purge the event log:

1.Select Event Log>Event Log Purge. A confirmation dialog appears.

2.Click Yes to confirm you want to purge the event log.

NOTE   If the event log is not full, an error is displayed.

Updating HSM Firmware

The firmware that operates on the ProtectServer hardware can be upgraded to newer versions through a secure upgrade facility. This facility will only allow the HSM to be upgraded to firmware versions that have been digitally signed by SafeNet.

CAUTION!   Depending on the active security policy, the HSM might execute a soft tamper before completing the upgrade process. This tamper will erase all key and configuration data on the HSM. See Security Policies and User Roles

Firmware upgrades are distributed in the form of a digitally-signed file. Before a firmware upgrade, ensure that:

>All important user data and keys have been backed up

>The current HSM configuration has been noted

>All applications using the HSM have been closed

To upgrade the HSM firmware:

1.Select File> Upgrade Firmware.

2.Select the firmware upgrade file and click OK to continue with the firmware upgrade.

NOTE   The upgrade process may take up to two minutes to complete. Following the upgrade, a dialog appears, stating the success or failure of the upgrade operation.

Tampering the HSM

It may be necessary to tamper the HSM at the end of its lifecycle, or after any other security-sensitive event requiring all stored data to be immediately destroyed.

A tamper formats the secure memory of the HSM, erasing all configuration and user data.

To tamper the HSM:

1.Select File> Tamper Adapter.

2.Click OK to confirm the action.