Managing card sets and softcards

When you create a Security World, an Administrator Card Set (ACS) is created at the same time. You use the ACS to:

  • Control access to Security World configuration

  • Authorize recovery and replacement operations.

The Security World is used to create and manage keys, and the Operator Card Sets (OCSs) and softcards you create with the Security World are used to protect those keys.

A Security World offers three levels of key protection:

Level of protection Description

Direct protection

Keys that are directly protected by the Security World are usable at any time without further authorization.


Keys that are protected by a softcard can only be used by the operator who possesses the relevant passphrases.


Keys that are protected by an OCS can only be used by the operator who possesses the OCS and any relevant passphrases (if set).

For more information about creating a Security World, see Create a new Security World.

For more information about key management, see Working with keys.

After a Security World has been created, you can use it to create and manage OCSs and softcards (as described in this chapter), as well as to create and manage the keys it protects (see Working with keys).

Network-attached HSMs

To perform the tasks described in this chapter, we recommend using the unit front panel or a client on the same computer that contains the RFS. To perform these tasks on a different client, you must transfer the card data to the RFS.

If you are sharing the Security World across several client computers, you must ensure that the changes are propagated to all your computers. One way to achieve this is to use client cooperation. For more information, see Setting up client cooperation in the User Guide for your HSM.

If you want to use the Remote Operator feature to configure smart cards for use with a remote unit or module, see Remote Operator.