Authentication
Attention
If the device is being switched on for the first time, the HSM will need to be initialized; in this case, see the Initialization section before proceeding.
After the initial screen, the PIN entry screen will be displayed.
For each card in the M of N set, insert the smart card into the reader, enter the PIN and press the Enter key. If the PIN is correct, the system will request the next smart card (the message on the screen will change to Please, enter next start PIN) until the set of M cards needed to reconstruct the Server Master Key is complete, after which it will enable the network ports, some internal services and display the main menu of the HSM's local console.
Info
The smart card has a limit of 06 (six) PIN attempts. On the seventh attempt, if the PIN is wrong, the card will be DEFINITELY locked and can no longer be used. When the correct PIN is entered, the wrong attempt counter is reset to zero.
In HSMs with an injected Transport Key (TP Key), although it is only possible to generate a new Server Master Key on smart cards with the same TP Key injected, it is possible to authenticate with smart cards without a TP Key that were previously generated. This type of scenario is common in environments where an HSM operating with a smart card without a TP Key has had its firmware updated to a version with a TP Key; in this case the old smart cards will continue to function normally, it just won't be possible to generate a new Master Key with them. The TP Key is used for secure communication between the HSM and the smart card.
Info
After authentication it is not necessary to keep the smart card in the reader.
The HSM can be shut down without authenticating. To do this, press the ESC key and the local console will ask you to confirm the shutdown:
If you confirm the shutdown operation, the HSM will be deactivated. The smart card is not required for this operation. If you cancel the shutdown, the local console returns to the authentication screen.