Filter
Top Products
CCA Release 2.54
The entire access-control-point structure is comprised of a header, followed by one
or more access-control-point segments. The header indicates how many segments
are contained in the entire structure.
The layout of this structure is illustrated in Figure B-33.
Bytes Field
┌───────┐ ──┐
2 │ │ Number of segments │
├───────┤ ├─ Header
2 │ │ Reserved │
├───────┤ ──┘ ──┐
2 │ │ Start bit number │
├───────┤ │
2 │ │ End bit number │
├───────┤ │ First
2 │ │ Number of bytes ├─ bitmap
├───────┤ │ segment
2 │ │ Reserved │
├───────┴──────────────────────────── ─ ─────────────┐ │
variable│ │ Bitmap data │
├───────┬──────────────────────────── ─ ─────────────┘ ─┘
..
..
..
├───────┤ ──┐
2 │ │ Start bit number │
├───────┤ │
2 │ │ End bit number │
├───────┤ │ Last
2 │ │ Number of bytes ├─ bitmap
├───────┤ │ segment
2 │ │ Reserved │
├───────┴──────────────────────────── ─ ─────────────┐ │
variable│ │ Bitmap data │
└──────────────────────────────────── ─ ─────────────┘ ─┘
Figure B-33. Access-Control-Point Structure
Default Role Contents
The default role will have the following characteristics.
The role ID will be DEFAULT.
The required authentication strength level will be zero.
The role will be valid at all times and on all days of the week.
The only functions that will be permitted are those related to access-control
initialization. This will guarantee that the owner will initialize the Coprocessor
before any useful cryptographic work can be done. This requirement prevents
security “accidents” in which unrestricted default authority might accidentally be
left intact when the system is put into service.
The access-control points that are enabled in the default role are shown in
Figure B-34.
Figure B-34 (Page 1 of 2). Functions Permitted in Default Role
Code Function Name
X'0107' PKA96 One Way Hash
X'0110' Set Clock
X'0111' Reinitialize Device
X'0112' Initialize access-control system roles and profiles
Appendix B. Data Structures B-31