The Console interface is a configurable serial port provided on both the front and rear panels of the HSM. It is the right-hand connector on the rear panel (see Figure 3). The connector is an industry standard D-type 9-way female connector (socket) with screw fittings. Note that the two Console port connections are electrically the same and only allow control by connection to one at a time.
The Console is required during installation, and for operations in which secret data is entered into the HSM. Console operations include generating and loading the Local Master Keys (LMKs) and passwords, putting the HSM into the Authorised state, generating manually-distributed master keys and performing diagnostic functions. The terminal must therefore be located in a secure access area,
The Console terminal is not supplied with the HSM and must be provided by the user. It can be any type of standard terminal, e.g. a VT100. It is connected to the HSM by a cable, also user-supplied, which must not be more than 50ft (1524cm) in length.
The Console terminal is not required for normal day-to-day HSM operation, so a single terminal can be shared across a set of HSMs.
|
Character set |
: |
ASCII |
|
Interface |
: |
RS-232-C (DTE) |
|
Baud |
: |
300 bps to 38,400 bps (default 9600bps) |
|
Stop bits |
: |
1 |
|
Data bits |
: |
7 or 8 (default 8) |
|
Parity |
: |
Odd, even or none (default none) |
|
Flow control |
: |
XON, XOFF |
The Console must not be able to store information and display it at a later time (because some data may be of a sensitive nature).
Character transmission rates and formats are specified by the user and can be configured at the time of HSM installation. The Console must be capable of operating at the HSM factory default settings. See the HSM 8000 Security Operations Manual.
RTS must be asserted to allow output from the HSM.
Assuming the HSM default settings (as shipped from the factory, or after a cold start) apply, configure the Console as instructed in the HSM 8000 Security Operations Manual, and for full duplex with no local echo.
Press the <Return> key. The HSM should respond with:
Online >
which indicates that correct communications have been achieved but a valid command has not been entered.
|
Pin |
Signal |
Details |
|
1 |
Protect Ground |
Connected to the HSM chassis |
|
2 |
TX Data |
To HSM |
|
3 |
RX Data |
From HSM |
|
4 |
RTS (Request To Send) |
To HSM (must be asserted) |
|
5 |
CTS (Clear To Send) |
From HSM (always asserted) |
|
6 |
DSR (Data Set Ready) |
From HSM (always asserted) |
|
7 |
Signal Ground |
|
|
8 |
DCD (Data Carrier Detect) |
From HSM (always asserted) |
|
15 |
TX Clock (DCE Source) |
16 x Baud, from HSM |
|
17 |
RX Clock (DCE Source) |
16 x Baud, from HSM |
|
20 |
DTR (Data Terminal Ready) |
To HSM (ignored) |