SVMK generation

To generate the Server Master Key in an M of N scheme, the following is required:

  1. definition of parameter N: the total number of cards that will be generated and distributed. This number can be between 2 and 64.
  2. definition of parameter M: the number of cards, out of the N generated, that will be requested to activate the HSM. This number must be between 2 and the number defined for N.
  3. N cards. If they already have a Server Master Key, the local console will ask for confirmation to overwrite it.

The parameters N and M must be entered; the maximum value of M shown by the local console will be a function of N.

Each Server Master Key generation is a unique process, as the output of the HSM's DRBG is used. There is no way for the operator to generate two identical Server Master Keys.

Warning

Immediately after generating the M of N set with the Server Master Key, try to make a copy(Copy Set) in a second set for security and to guarantee business continuity if the original set is lost or damaged. See Smart Card Management.

From the number of cards defined that will be part of the M of N scheme, the console will start prompting you to insert the cards and present the PIN for each card to generate the shared secret on each card (known as the shadow). The order requested is for reference and ease of use only; there is no set order in which the cards will be presented during activation. At the end of the process, a warning message informs you that the process has been successfully completed.

If the process is interrupted before the end, the console will issue an invalid set warning and inform you that the process must be restarted. In this case, the set should not be used to activate the HSM.

                        Dinamo - Local Management Console




                    ┌──────────┤ M of N scheme ├──────────┐
                    │                                     │
                    │                                     │
                    │    Please, choose a value for 'N'   │
                    │                                     │
                    │              N: ____                │
                    │                                     │
                    │                                     │
                    │               ┌────┐                │
                    │               │ OK │                │
                    │               └────┘                │
                    │                                     │
                    │                                     │
                    └─────────────────────────────────────┘





  Service stopped                                   Replication Domain: <none>
Configuring the N parameter in an M of N scheme
                        Dinamo - Local Management Console






                     ┌───────────────┤  ├────────────────┐
                     │                                   │
                     │ Please, insert a valid smart card │
                     │ for shadow #1 of 2...             │
                     │                                   │
                     │              ┌────┐               │
                     │              │ OK │               │
                     │              └────┘               │
                     │                                   │
                     │                                   │
                     └───────────────────────────────────┘






  Service stopped                                   Replication Domain: <none>
Requesting the first card in a scheme with N equal to 2
                        Dinamo - Local Management Console






               ┌─┤ You can provide a card label (optional)  ├─┐
               │                                              │
               │                                              │
               │                                              │
               │      _________________________________       │
               │                                              │
               │                ┌────┐  ┌──────┐              │
               │                │ OK │  │ Skip │              │
               │                └────┘  └──────┘              │
               │                                              │
               └──────────────────────────────────────────────┘






  Service stopped                                   Replication Domain: <none>
Request the label to be applied to the smart card
                        Dinamo - Local Management Console





                     ┌───────────────┤  ├────────────────┐
                     │                                   │
                     │                                   │
                     │ Server Master Key succesfully     │
                     │ created with Scheme '2 of 2'      │
                     │                                   │
                     │                                   │
                     │              ┌────┐               │
                     │              │ OK │               │
                     │              └────┘               │
                     │                                   │
                     │                                   │
                     └───────────────────────────────────┘





  Service stopped                                   Replication Domain: <none>
Success in creating an M of N scheme (2 of 2)