Key Ceremony Overview

You must perform a key ceremony for a Transport Key, to securely import key components into an HSM A Hardware Security Module (HSM) securely stores secret key material. They are similar to large-storage, multisession smart cards. However, unlike smart cards, they are used mainly on the server side of a system..

To ensure the integrity and security of the key, a key ceremony requires at least seven people (a Security Officer and three pairs of officers responsible for securely holding their key components).

In emergency situations, you can have an optional eighth person (another Security Officer) to memorize the administrator’s PIN. Each pair of officers (of the six) owns one key component (there are three components for each site key or transport key). Component owners must ensure that no other component owner or other entity intercepts or learns of their key components.

The following steps present an overview of the steps leading up to (and including) a site key Ceremony during the initialization of a Principal HSM The first or main HSM. If you require multiple HSMs with the same master keys, use HSM manufacturer tools to duplicate the keys in the other HSM.. These are intended to present an overview only. Several different scenarios for ActivID KMS operations that require key ceremonies are described in detail later in this document.

  1. Security officer assembles at least six security team members.

  2. The officer divides the six team members into pairs and asks them to temporarily leave the room.

  3. The Security Officer launches ActivID KMS, creates the administrator and operator PIN and memorizes them. The Security Officer must create a new administrator PIN for every HSM to be initialized.

  4. ActivID KMS automatically generates the key in the Principal HSM. ActivID KMS reveals the three components, one at a time. For each component, one pair of team members enters the room and takes note of the component, before leaving.