K, is required to authorize an action. The required number K is known as the
quorum.
◦ The cards are distributed amongst authorized role holders so that a quorum of
role holders are required to authorize operations for a key.
◦ The role holders must insert the required cards to authorize the key loading.
◦ The card can be optionally protected with a pass phrase. This can be set at any
time.
◦ The cards can be created in persistent or non-persistent (default) mode and with
or without an associated time-out to provide different user options dependent
on the value of the data protected and physical and logical security controls
available in the environment.
Module-protected keys have no pass phrase and are usable by any instance of the
application for which they were created, provided that the application is running on a
server fitted with a HSM (or connected to an nShield Connect) which is initialized with
the same Security World that was used to create these keys.
This level of protection is suitable for high-availability web servers that you want to
recover immediately without intervention if the computer resets. However, the
environment should be secure as the security is dependent on any underlying access
control provided by the associated operating systems hosting the application instances.
See Module protection for guidance on the controls required to prevent unauthorized
key access.
The addition of a pass phrase allows tighter control over key usage through explicit
authorization. Controlling access to a key via a pass phrase is achieved through creating
a softcard. A softcard is a file containing a logical token that you cannot load without a
pass phrase. You must load the logical token to authorize the loading of any application
key that is protected by the softcard.
Softcard protected keys offer improved control over access than module protected keys
and less onerous access authorization constraints than OCS protected keys. However,
because softcard protected keys do not require physical tokens to authorize key-loading,
OCS protected keys offer far greater security than softcard protected keys. In the case of
a softcard, the attacker simply has to obtain a single pass phrase. In the case of an OCS,
the attacker has to obtain a quorum of the OCS plus any associated pass phrases. The
pass phrase of a softcard is set when you generate it, and you can use a single softcard
to protect multiple keys. Softcards function as persistent 1/1 logical tokens, and after a
softcard is loaded, it remains valid for loading its keys until its key handle is destroyed.
See Softcard protection for guidance on the controls required to prevent unauthorized
key access. See Operator Card Set (OCS) protection for guidance on the controls
required to prevent unauthorized key access.
All Security Worlds rely on you using the security features of your operating system to
nShield® Security Manual 30 of 90
To Next Page
Loading...
Need help?
General
