Initial default-role commands
The characteristics of the default role after the coprocessor is initialized and when no other access control data exists are described. Also, the enabled access control commands are listed.
For the initial default role commands, the role ID is the default and the authentication strength is zero. The default role is valid at all times of the day and on all days of the week. The only functions permitted are those necessary to load access control data.
Important: The cryptographic mode is not secure when
unauthenticated users can load access control data by using the default
role. Restrict these commands to selected supervisory roles.
Table 1 lists the access control commands that are enabled in the default role when the CCA software is initially loaded and when the CCA node is initialized.
| Code | Command name |
|---|---|
| X'0107' | One-Way Hash, SHA-1 |
| X'0110' | Set Clock |
| X'0111' | Reinitialize Device |
| X'0112' | Initialize Access Control System |
| X'0113' | Change User Profile Expiration Date |
| X'0114' | Change User Profile Authentication Data |
| X'0115' | Reset User Profile Logon-Attempt-Failure Count |
| X'0116' | Read Public Access Control Information |
| X'0117' | Delete User Profile |
| X'0118' | Delete Role |
| X'0119' | Load Function-Control Vector |
| X'011A' | Clear Function-Control Vector |