3.4.1 Create the Security World

Security World is created with the New-World utility documented in the nShield Edge and Solo User Guide for Windows. The module must be moved to the pre-initialization mode.

The new-world utility has the following options:

-i: Creates a new Security World.
-m: Specifies ID of the physical HSM module to be added to the Security World.
-i: Creates a new Security World.
-Q: Specifies the minimum number of smart cards needed from the ACS to authorize a feature and the total number of smart cards to be used in the ACS. This example has a total of two cards, with only one card needed to authorize a feature.
-c: Specifies the type of key to use for the new Security World. This example uses the AES key.

The example shown in Figure 3-5 creates a new Security World.

During creation of the Security World, the user is prompted to insert and initialize all ACS cards specified by the -Q option.

Figure 3-5. Sample Output from Creation of New Security World

Note:

The values of the hknso parameters can be used to uniquely identify the Security World.
If the module is not in the pre-initialization state, creation of the Security World may encounter an error:
Figure 3-6. Error Message if Module is not in Pre-Initialization State

The new Security World is a file that is created in the following location: %NFAST_KMDATA%\local

Note: This location also contains all other related security keys.

Once the Security World is created, the module must be moved to the operational mode.