English
57
1.3 Administrating the cryptographic keys
With the device PIN the user can copy the cryptographic keys to another smart card,
initialize new smart cards on the HS256 S3 and manage the lock-out mode. Instructions
to this can be found in chapter 5.
In particular usage scenarios the knowledge of the smart card PIN and the device PIN
can be split between two people, with the intention that only one person knows the
device PIN and the other one smart card PIN. Knowledge of device PIN only will not
enable the individual access to the data.
The cryptographic keys needed for de- and encrypting of the data is externally created
and saved encrypted.
This means there is a physical separation between the encrypted data and the
cryptographic keys, which makes it impossible to read the cryptographic keys from the
DIGITTRADE HS256 S3. After the PIN has been correctly entered the cryptographic keys
is transferred to the encryption module of the HS256 S3 to de-/encrypts the data. The
external storage of the cryptographic keys enables a number of possible applications
which are described in chapter 10.
1.4 The Smartcard
Serially the HS256 S3 works with two java based and Common Criteria EAL5 certified
smart cards (NXP J2E081_M64 R3, CC EAL 5). For the use according with the BSI
certification only these NXP smart cards are permitted.
These smart cards enable the creating, copying, changing and destroying of the
cryptographic keys in use. The administration of the keys is supported by the DIGITTRADE
HS256 S3 applet.
For the login on the hard drive are both smart cards needed with the the same
cryptographic keys. The smart card PIN can be set differently for each smart card.
The type and the serial number of each smart card are displayed on the front of the
smart card. The DIGITTRADE HS256 S3 version number is plotted on the back.
The permitted smart cards can be ordered separately at DIGITTRADE. These will be
delivered without the cryptographic keys and have the factory set PIN (see chapter 3.2).
To activate new smart cards, please refer to chapter 4.1, 5.3 and 5.4.
To Next Page
Loading...
Need help?
General
