Authentication

Attention

If the device is being switched on for the first time, the HSM will need to be initialized; in this case, see the Initialization section before proceeding.

After the initial screen, the PIN entry screen will be displayed.

                        Dinamo - Local Management Console




                    ┌───┤ Please, enter start PIN ├───┐
                    │                                 │
                    │                                 │
                    │     PIN     _________           │
                    │                                 │
                    │                                 │
                    │           ┌─────────┐           │
                    │           │   OK    │           │
                    │           └─────────┘           │
                    │                                 │
                    │                                 │
                    └─────────────────────────────────┘





  Service stopped                                   Replication Domain: <none>

Authentication screen Dinamo

For each card in the M of N set, insert the smart card into the reader, enter the PIN and press the EnterIf the PIN is correct, the system will request the next smart card (the message on the screen changes to Please, enter next start PIN) until it has completed the set of M cards needed to reconstruct the Server Master Key, after which it will enable the network ports, some internal services and display the main menu of the HSM's local console.

Info

The smart card has a limit of 06 (six) PIN attempts. On the seventh attempt, if the PIN is wrong, the card will be DEFINITELY locked and can no longer be used. When the correct PIN is entered, the wrong attempt counter is reset to zero.

In HSMs with an injected Transport Key (TP Key), although it is only possible to generate a new Server Master Key on smart cards with the same TP Key injected, it is possible to authenticate with smart cards without a TP Key that were previously generated. This type of scenario is common in environments where an HSM operating with a smart card without a TP Key has had its firmware updated to a version with a TP Key; in this case the old smart cards will continue to function normally, it just won't be possible to generate a new Master Key with them. The TP Key is used for secure communication between the HSM and the smart card.

Info

After authentication it is not necessary to keep the smart card in the reader.

The HSM can be switched off without authentication by pressing the Esc and the local console will ask you to confirm the shutdown:

                        Dinamo - Local Management Console






                     ┌───────────────┤  ├────────────────┐
                     │                                   │
                     │ Are you sure you want to shutdown │
                     │ the system?                       │
                     │                                   │
                     │     ┌────┐           ┌─────┐      │
                     │     │ No │           │ Yes │      │
                     │     └────┘           └─────┘      │
                     │                                   │
                     │                                   │
                     └───────────────────────────────────┘






  Service stopped                                   Replication Domain: <none>

Shutdown confirmation screen

If you confirm the shutdown operation, the HSM will be deactivated. The smart card is not required for this operation. If you cancel the shutdown, the local console returns to the authentication screen.