Domain Restricted PINs page
You can restrict the use of weak or trivial Personal Identification Numbers (PINs) in a domain by using the Domain Restricted PINs page. You can specify up to 20 PIN values to be disallowed. Disallowing a PIN value prevents users from changing a PIN to the disallowed value, and prevents CCA verbs from ever generating the disallowed PIN value. Disallowing a PIN value on the Domain Restricted PINs page does not affect the use of existing PINs, however, even if they have the disallowed value.
The PINs to be disallowed can be 4 - 12 digits long, and can contain only decimal digits ('0' through '9'). The Domain Restricted PINs page is displayed only for host crypto modules that support restricting weak or trivial PINs.
- Load
- Activate
- Activate All
- Delete
- Delete All
- Load Restricted PIN
- Activate Restricted PIN
- Delete Restricted PIN
When you select the Load option, a window opens in which you can enter the value of the PIN to be restricted. You can enter 4 - 12 decimal digits. If the role of the current authority has both the load and the activate ACPs selected, the entry goes to the Active state. If the role of the current authority has only the load but not the activate ACP selected, the entry goes to the Loaded state. Separate ACPs for the load and activate options supports dual control of adding a PIN to the restricted PINs list, for users who require dual control.
You can load an entry that is already in the Loaded or Active state, if the role of the current authority has the Delete Restricted PIN ACP. This ACP is required because reloading an entry effectively deletes the current entry.
The Activate option changes the state of the entry from Loaded to Active.
The Delete option removes the PIN and changes the state of the entry to Empty.
The Activate All option activates all entries that are in the Loaded state.
The Delete All option deletes all entries in the table.