Session

The communication interfaces are the local interface and the service interfaces. The separation between the local console communication interface and the service interfaces is quite distinct. Operation on the local interface is done with possession of the smart cards and physical access to the equipment, while operation on the service interfaces is done by HSM users and administrators remotely via the network, requiring connectivity.

In order for users to request services from the HSM, a session must be established, i.e. there must be a communication channel between the HSM and the server from where the user operates. These sessions are established through the HSM's service interfaces and can be kept in clear text or encrypted. To establish a session, the user must be authenticated, i.e. prove that they are a valid user of the HSM; this authentication can be done through knowledge (username and password) or possession (username, password and a physical token).

Within the established session, the services will be available according to the modules loaded into the HSM, which may vary according to the model and purchase option.