Setup

  1. Install and configure the Security World software. For instructions, see the Installation Guide and the User Guide for the HSM.

  2. Add the Security World utilities path C:\Program Files\nCipher\nfast\bin to the Windows system path.

  3. Open port 9004 in the firewall for inbound and outbound traffic for the HSM connection.

  4. Open port 9005 in the firewall for inbound and outbound traffic for remote administration using a nshield Trusted Verification Device (TVD).

  5. Install the nshield Connect HSM locally, remotely, or remotely via the serial console. See the following nshield Support articles and the Installation Guide for the HSM.

    6. Copy

    Run the enquiry utility to verify that the HSM is correctly configured:

    C:\Users\Administrator>enquiry
    Server
    enquiry reply flags none
    enquiry reply level Six
    serial number <ESN-of-HSM>
    mode operational
    ...
    Module #1
    enquiry reply flags none
    enquiry reply level Six
    serial number <ESN-of-HSM>
    mode operational
    ...

  6. Create your Security World if one does not already exist. Follow your organization’s security policy for this. Create extra ACS cards, one for each person with access privilege, plus spares.

    new-world -i -m <module_number> -Q <K/N>

    7. After an ACS card set has been created, the cards cannot be duplicated.

    Copy

    Run the nfkminfo utility to confirm the Security World is operational and usable:

    C:\Users\Administrator>nfkminfo
    World
    generation 2
    state 0x37270008 Initialised Usable ...
    ...
    Module #1
    generation 2
    state 0x2 Usable
    ...
    Module #1 Slot #0 IC 0
    generation 1
    phystype SmartCard
    ...
    error OK
    ...
    Module #1 Slot #1 IC 0
    generation 1
    phystype SoftToken
    ...
    error OK