manualshive.com logo in svg

Sansec HSM, Руководство пользователя

Поделиться
Скачать
Sansec HSM Скачать руководство пользователя страница 39

Sansec HSM User Manual V2.2 

 

35 

Appendix A

  Management - Access Privilege Table

 

Management 
category 

Operations   

Required Access 
Privilege 

Device 
management 
Service 
management 

Check basic device information  

None 

Check working information 

Operator   

Check maintenance information 

None 

Modify maintenance information 

Administrator  

Check management audit logs 

Auditor 

 
Network 
management 

Start service 

Operator   

Stop service 

Operator   

Modify service configuration   

Operator   

 
Authority 
management 

Restart network 

Operator   

Modify network configuration 

Operator   

 
Key management 

Check login state 

None 

Check authority setting table 

None 

Add first administrator 

None 

Add administrator 

Super administrator  

Delete administrator 

Super administrator  

Add operator 

Super administrator  

Delete operator 

Super administrator  

 

Set system protection key 

Super administrator  

Check state of RSA key pair 

Operator   

Generate RSA key pair 

Administrator 

Delete RSA key pair 

Administrator  

Import RSA key pair 

Administrator  

Check SM2 key pair state 

Operator   

Generate SM2 key pair 

Administrator  

Delete SM2 key pair 

Administrator  

Import SM2 key pair 

Administrator  

Check ECDSA key pair state 

Operator   

Generate ECDSA key pair 

Administrator  

Delete ECDSA key pair 

Administrator  

Import ECDSA key pair 

Administrator  

Check symmetric key state 

Operator 

Generate Symmetric key 

Administrator 

Delete symmetric key 

Administrator 

Import symmetric key 

Administrator  

Backup and 
recovery 

Key backup 

Super administrator  

Key recovery 

None 

 

Содержание HSM

Страница 1: ...Sansec HSM User Manual v2 2 Beijing Sansec Technology Development Co Ltd July 2016...

Страница 2: ...company makes no express or implied warranties including the content of the manual on merchantability or implied warranties for the specific purpose In accordance with the copyright laws of China our...

Страница 3: ...mation 12 5 4 Viewing Modifying Network Configurations 13 5 5 Viewing Modifying Financial Application Parameters 13 5 6 View management audit log 13 6 Authority Management 15 6 1 Viewing Login Status...

Страница 4: ...Key Generation 25 7 6 2 Key Generation Via Synthesizing Key Segments 26 7 6 3 Key Deletion 28 7 6 4 View Key State 28 7 6 5 View Key Verification Value 28 7 7 Backup and Recovery 28 7 7 1 Key Backup...

Страница 5: ...cteristics applicable to all types of financial information systems especially for cross regional and cross agency financial transaction systems to provide data encryption and security protection It c...

Страница 6: ...and storage of ECDSA key pair with the curve P 256 P 384 P 521 Support a variety of Public Key Cryptography Standards such as PKCS1 ANSIX9 31 EMV2000 etc Support RSA ECDSA SM2 signature and verificati...

Страница 7: ...d development are based on a high stability optimized dedicated operating platform Hardware design stratifies FIPS140 2LEVEL3 standard so it has high security Support hierarchical authority management...

Страница 8: ...components At least two random or pseudo random parameters with key features of the encryption key The cryptographic key is made through a combination of one or more of such parameters Key segmentati...

Страница 9: ...ys The keys used by a group of specific entities when using symmetric cryptography Session key Key of the lowest layer within the key management system The key is only used for a session within a limi...

Страница 10: ...For more information refer to section 6 s administrator guide chapter 6 5 and operator guide chapter 6 6 f Modify PIN password For more information refer to section 6 s modify user password chapter 6...

Страница 11: ...etwork configuration chapter 5 4 l Service management and configuration For more information refer to section8 s Service management m Backup and recovery For more information refer to section 7 s Back...

Страница 12: ...4 2 Device management a Use the serial port control cable to connect the HSM to a personal computer with Windows operating system installed b Run the HyperTerminal tool that comes with the Windows op...

Страница 13: ...e terminal press any key the shell interface will appear 4 3 Start up Management Program a Connect to the HSM b Run management program execute the hsmm command to start the Sansec HSM management progr...

Страница 14: ...ervice 6 Backup and Recovery Back up the key information to file or restore key information from file to cryptography module 7 Installation Guide Complete the basic configuration of HSM according to t...

Страница 15: ...ate ECDSA key pairs and save them into the device h SM2 key management Generate SM2 key pairs and save them into the device i Network configuration View or modify networking configuration parameters o...

Страница 16: ...EC 2 Product Model secHSM V2 3 Product No SJ6A21 SC9EDLR 4 Serial No 2015040714501174 5 Version v2 00 0001 5 2 Viewing Modifying Device Maintenance Information Users can view or modify device maintena...

Страница 17: ...t mask 255 255 255 0 3 Default gateway 192 168 1 1 4 Enable the above configuration immediately Select the function to be performed or Quit Q Next Step N 5 5 Viewing Modifying Financial Application Pa...

Страница 18: ...017 09 04 14 12 13 swhsm start hsmm success 2017 09 04 14 12 20 swhsm start hsmm success 2017 09 04 14 12 55 swhsm Administrator 3 log in success 2017 09 04 14 13 35 swhsm Administrator 2 log in succe...

Страница 19: ...in the administrator or operator token in the direction indicated and enter the PIN to gain access to the token User login Insert the user s token into the USB port in the correct direction and input...

Страница 20: ...ogin status which is enough for running the financial data HSM cryptographic services and status monitoring function 6 4 Modify User Password a Insert the administrator token in the USB port indicated...

Страница 21: ...afety reminder The device supports up to 5 administrators To ensure security it is recommended to have at least 3 administrators Safety reminder The default passwords of all the user tokens are initia...

Страница 22: ...e of the operators and the login passwords saved in the device After this operation is completed all existing operators will be deleted so the Add operator function will be needed to run in order to a...

Страница 23: ...gin passwords saved in the device After this operation is completed all existing auditors will be deleted so the Add auditor function will be needed to run in order to add new auditor to the system Up...

Страница 24: ...for viewing the system management service management and other functions 2 Viewing permission for management privilege The privilege for viewing administrators and operators and other functions 3 Vie...

Страница 25: ...keys Three key fragments need to be entered to set up the master key and the HSM will automatically synthesize the master key internally Setting local master key Please select the type to setting _ _...

Страница 26: ...48 Generating RSA key pair with index 1 and 2048 bits successful Select Quit Q Return R Previous Step P 7 3 2 Key Pair Deletion Follow the prompts to enter the key index and delete the RSA key pair fo...

Страница 27: ...ystem protection key Generating SM2 key pair with index 11 and 256 bits successful 7 4 2 Key Pair Deletion Based on the prompt input the key index and delete SM2 key pair in the specified location Thi...

Страница 28: ...bit size of the key from 256 bits to 521 bits _ ___________________________________ 1 256 2 384 3 521 Select bit size of the key Default 256 or Quit Q Return R Previous Step P Next Step N 1 c The gene...

Страница 29: ..._ _______________________________________________________________________ 1 521 521 384 384 11 256 256 256 256 7 6 Symmetric Key Management This is to manage various symmetric keys saved in the HSM Sy...

Страница 30: ...choose the 3DES or 3DES variant in the above step please select the key strength Select the bit size of the key from 64 bits to 192 bits _ ___________________________________ 1 64 2 128 3 192 Select b...

Страница 31: ...7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 Check value is 8ca64de9c1b123a7 c Verify whether the key ciphertext is needed to be exported or not and if it does then ente...

Страница 32: ...the symmetric key with index 200 7 6 4 View Key State View the existing key information 1 128 X 128 S 128 U 9 17 25 33 41 49 57 65 73 81 89 97 7 6 5 View Key Verification Value Input key index view ke...

Страница 33: ...egment Please select an administrator USB token to insert the USB port in the correct direction and enter the protection password Please enter USB token password or Quit Q 3 Output the second backup k...

Страница 34: ...topped and the backup file will be deleted from HSM Please seriously manage backup file and USB tokens Please select Quit Q Return R 7 7 2 Key Recovery Run the recovery wizard to synthesize the key se...

Страница 35: ...strator USB token to insert the USB port in the correct direction and enter the protection password Please enter USB token password or Quit Q 4 Import the second backup key segment Please select anoth...

Страница 36: ...vice automatically start up at boot The 0 indicates that the service does not automatically start up at boot 3 Session timeout minutes 100 In order to prevent the idle service caused by the abnormal s...

Страница 37: ...boot Yes Y No N or Quit Q Return R b After completing the parameter modification press the Enter key to save the modified configuration Select the item to be modified or Quit Q Return R Save S s Succ...

Страница 38: ...t Safety reminder If the white list is empty it means this function is disabled However for safety reasons it is recommended not to disable this function Reminder If the service has been started the n...

Страница 39: ...or None Add administrator Super administrator Delete administrator Super administrator Add operator Super administrator Delete operator Super administrator Set system protection key Super administrato...

Страница 40: ...er cord near entrances or exits to avoid being trampled 8 When using extension cord please pay attention to its power load The total electricity consumption of devices attached to the same extension l...

Страница 41: ...e product is accidentally dropped on the ground or the shell has any damage e When product features change significantly which indicates a need for maintenance Appendix C Technical Support If you have...

Страница 42: ...Sansec HSM User Manual V2 2 38...

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды