C_Login

This function operates as specified in PKCS#11 with the following exceptions:

>If the security mode NoClearPINs is enabled, then the PIN value is encrypted by the host library before it is supplied to the module.

>To negate a brute force attack on the PIN, after the third failed attempt, a delay is imposed (incrementing in multiples of 5 seconds) until the next presented PIN is checked.

For example, after the third failed attempt, the device imposes a delay of 1*5 seconds, after the fourth the delay is 2*5=10 seconds, after the fifth, the delay is 3*5=15 seconds, and so on.

If a PIN presentation occurs before the delay period has expired, the attempt fails with CKR_PIN_LOCKED.

Synopsis

C_Login(
        CK_SESSION_HANDLE hSession,
        CK_USER_TYPE userType,
        CK_CHAR_PTR pPin,
        CK_ULONG ulPinLen
);

Operation in WLD Mode

When SafeNet ProtectToolkit is configured to operate in WLD mode, the login state is replicated across all tokens in user slots associated with the same WLD slot. For example, if an application has 3 sessions, across 3 HSMs, with one session on each HSM then any change in the login state in one session, will result in the session on the other 2 HSMs being changed to the same session state. 


Customer Support Portal

SafeNet ProtectToolkit 5.9 Product Documentation  06 January 2020  Copyright 2009-2020 Thales. All rights reserved.