Key separation

The cryptographic coprocessor controls the use of keys by separating them into unique types, allowing you to use a specific type of key only for its intended purpose.

For example, a key used to protect data cannot be used to protect a key.

A CCA system has only one DES or AES master key. However, to provide for key separation, the cryptographic coprocessor automatically encrypts each type of key in a fixed-length token under a unique variation of the master key. Each variation of the master key encrypts a different type of key. Although you enter only one master key, you have a unique master key to encrypt all other keys of a certain type.