Sansec HSM User Manual V2.2
4
2.
Key Concepts
Device ID
:
The device serial number on the label. It consists of the production
date, production batch and a serial number. Combined with the product model, it
can uniquely identify with each product.
Device model
:
Encryption product model approved by the national
cryptography management agencies.
Digital envelope
:
A method of enveloping which uses data encryption keys to
protect data and the recipient public key to encrypt and protect the data
encryption key
Digital signature
:
Signature data attached to the data. It is used to protect and
verify the data source and its integrity as well as to prevent counterfeiting and
denial of issuing.
Key components
:
At least two random or pseudo random parameters with key
features of the encryption key. The cryptographic key is made through a
combination of one or more of such parameters.
Key segmentation
:
The key segments are distributed among several key
managers; the key can only be fully recovered when a minimum number of key
managers are present to restore the key.
Key encrypts key
(
KEK
):
The key used to encrypt the session key or file key.
Also known as secondary key or key for transporting key. Each node in the
communication network is assigned one such key.
Key index
:
The value that represents the numerical key location within the device
or system
。
Private signature key
:
Private key used for signature calculation.
Private encryption key
:
Used for implementing the private key for data
confidentiality.
Private key access control code
:
The password used for obtaining the private
key.
