Partitions

Partitions are the storage areas for HSM users' keys and objects. Each user has an associated partition that is for their exclusive use and access.

In addition to permissions on the partition itself, a user can be granted permission to operate on other users' partitions. These are called partition permissions and have the following properties:

  1. Non-transitive. If user A grants permission on his partition to user B, and this user B grants permission to user C, it does not imply that C has permission on A's partition;
  2. Reflexive. The user always has all permissions on the partition itself. These permissions cannot be revoked;
  3. Not symmetrical. If user A grants permission to user B, it does not imply that B grants permission to A.

The partition permissions that a user can grant to another user are:

  1. Create objects;
  2. Remove objects;
  3. Access to the content of objects;
  4. Update attributes of log objects

The permissions assigned apply to all objects on the partition, there is no discretion as to which objects are assigned.

The partition can optionally be configured when it is created to require authorization for the use of the keys, in which case the authorization is done locally in the HSM via a set of cards in an M of N scheme. With this configuration activated, the partition has three possible states:

  1. unassociated, unauthorized;
  2. associated and unauthorized;
  3. associated and authorized.

As soon as the partition is created, it will be in the unassociated state, which means that it has not yet been linked to a set of cards in an M of N scheme. Once the partition has been linked to a set of cards and is in the associated state, it can be authorized for encryption operations with the keys in the partition, leaving it in the authorized state. Keys can be generated in the partition in the unassociated and associated states, but they can only be used for encryption effectively when the partition is in the authorized state, and as long as it remains in this state, new keys cannot be created and existing keys cannot be removed.

In addition to the states, there is an ACL (Access Control List), which defines the actions allowed with the keys: creation, reading (for use in cryptographic operations), destruction, locking and the destruction of the partition itself (along with all the keys it contains).

The actual use of the keys then becomes a function of the state of the partition and the configuration of the ACL, allowing the administrator more precise and granular control over the cryptographic keys.

All actions involving the keys, state and ACL changes are recorded in the HSM event log, including identifying the smart cards in the set used in the operation, when the label is available on the smart card.