Controls

[1] During the Key Access Component Card Set Configuration, at least two people from the Key Ceremony Attendees list of personnel were present at all times. No other personnel were permitted access to the room. The Cryptographic Operation Control Software required a PIN code to be entered before the software could communicate with any smart card (holding encryption key component [Key Access Component Card]) used during the Key Access Component Card Set configuration.

5.Generation Event

• 5.1 Key Generation Ceremony
1. An IBM compatible computer (hereafter referred to as "the computer") was set up in a room providing strict personnel access control, security camera monitoring [and electronic isolation from any computer networks].

2. The computer has a hard disk which has been pre-prepared with a fresh installation of a [Red Hat Enterprise Linux, version 5.0] operating system, the requisite HSM driver, nToken authentication PCI device, HSM device Support Software and the Digi-CA™ PKI [2] System, both acting as the Cryptographic Operation Control Software. The software was tested for correct operation prior to the Key Generation Ceremony by using an HSM reserved for backup purposes.

3. The first HSM device (designated #1) was removed from production and connected to the computer prior to this ceremony and the event was monitored and supervised by an appointed company’s Head of Security. The Cryptographic Operation Control Software is now about to be used to cause the numbered (in section 3 above) operations to occur in the following sequence:

9, 2, 4, 3, 4, 6, 6, 6.

During this step, the Key Generation Ceremony Administrator will capture and store any relevant informational output produced on the computer screen by the Cryptographic Operation Control Software in the Key Map Document.

Also during this step, the Key Generation Ceremony Administrator will require any 3 (three) Key Access Component Holders from the previously created Key Access Component Card Set, to separately follow the steps below:

a. Access their PIN envelope, that were previously placed on the Inventory Table

b. Re-read and memorize their PIN codes, that were previously written on their PIN Code paper sheet

c. Confirm to memorize their PIN code

d. Place their PIN Code paper sheet back into their envelope and place the envelope not sealed back on the Inventory Table

e. Take their smart card from the Inventory Table and when requested by the Key Generation Ceremony Administrator, walk towards the HSM device

f. When requested by the Key Generation Ceremony Administrator, insert their smart card into the smart card reader interface of the HSM device and when requested by the Key Generation Ceremony Administrator, enter their memorized PIN Code.

g. When requested by the Key Generation Ceremony Administrator, remove the smart card from the HSM smart card reader interface and place their smart card back on the Inventory Table on top of their PIN envelope.
The above sequence of steps will be repeated for the number of Key Access Component Holders that are selected by the Key Generation Ceremony Administrator.
All attending Witnesses must ensure, that each Key Access Component Holder accesses only their own Key Access Component Card and PIN envelope. They must also ensure, that all PIN Code paper sheets remain in envelopes, which are not sealed, and that relevant Key Access Component Cards reside on the top of each envelope on the Inventory Table at the end of this step.