The PKCS #11 standard is for systems that grant access to token information based on a personal identification number (PIN).
The standard defines two types of users, each has its own PIN:
The User has access to the private objects on a token and has the power to change their PIN. The User cannot reinitialize a token. The PIN the user enters determines which role that user takes. z/OS does not use PINs, profiles in the SAF CRYPTOZ class control access to tokens.
The SO can initialize a token (zero the contents) and set the User's PIN. The SO can access the public objects on the token but not the private ones.
A user can fill both roles by knowing both PINs.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|