Activation Data Generation and Installation

CA Private Key activation data is generated by Trusted Role personnel under two person control, in accordance with the methods provided by the HSM. If the activation data must be transmitted, it is protected from tampering or disclosure and transmitted separately from the associated cryptographic module.

Activation data for RA private keys is transmitted via an appropriately protected channel, and out-of-band from the associated cryptographic module.

Activation Data Protection

Access to CA Private Key activation data is restricted to Trusted Role personnel. Physical storage of CA Private Key activation data is secured under two person control as described in section 5.1.2.

Protection of activation data for RA private keys is the responsibility of the RA.

Other Aspects of Activation Data

No stipulation.