For the latest version, please use Key Management System 3.9.2!

Business Processes

This page describes the processes and tasks performed by the KMS-Tenant operator via the KMS-Tenant.

The KMS-Tenant provides methods for the following tasks:

Manage or add KMS-Tenant users
Manage the own KMS-Admin account
Manage or add KMS-Tenant-Clients
Manage or add KEK

The necessary identification and authentication against the KMS-Tenant application is outlined in the following process steps:

Process steps

Call the URL of the KMS-Tenant application with the browser, e.g.

<ipaddress>:<port>/kms-tenant/auth/login

and log in with username and password provided by the KMS-Tenant (e.g. in a sealed envelope or in an encrypted e-mail):

When logging in for the first time, the user is automatically prompted to change his initial password:

The operator should make sure that the dialog is really displayed at his first login. Otherwise, the used password is not an initial password. Then there is the risk that another person may know the password for this account.

After a successful login, the start page is displayed. If there are any open proposals, they will be listed:

It is recommended to change the randomly assigned user name into a meaningful name at the initial login:

In the navigation menu select "Accounts" → "Edit account";
Enter a new username and email address;
Click on "Save".

The workspace is shown in the image below. The page is divided into different areas, which are highlighted in color. The partitioning is typical for most pages of the KMS-Tenant.

From any page (see step 04), the desired functionality can be selected at any time. The following steps must be performed:

Select the appropriate menu item in the navigation menu;
Select the appropriate submenu item in the drop-down menu (see image below).

The functions offered in the sidebar depend on the selected submenu item. A functionality can also be selected via the sidebar.

P-KMS-TNT-01 – KMS-Tenant User Account (create, modify, delete)

Table 2. Profile: KMS-Tenant user account (create, modify, delete)
Profile
Designation	P-KMS-TNT-01 – Tenant user account (create, modify, delete)
Purpose	Only KMS-Tenant operators may use the KMS-Tenant, which provides methods for managing and configuring the tenant’s working area e.g. managing KMS-Tenant user accounts, KMS-Client-Users, KMS-Tenant-KEKs. With the creation and setup of a tenant on the KMS platform, at least 2 tenant operator accounts have already been created (to enable the 4-eye principle, see chapter [managing-dual-control-orders]).The access data was transferred to the persons responsible for the tenant’s area.This gives the tenant access to the KMS-Tenant and the opportunity to perform tenant-specific tasks (tenant self-management). The description of the management of KMS-Tenant user accounts is the subject of P-KMS-TNT-01. This includes in particular the management of the own account as well as the creation of further KMS-Tenant user accounts.
Responsibility	KMS-Tenant operator
Working tool(s)	Browser, KMS web application for KMS-Tenant operator (KMS-Tenant)
Precondition/input	The KMS platform is up and running. The KMS-Tenant user is logged in the KMS-Tenant.
Postcondition/output	A new KMS-Tenant user was created, or an existing KMS-Tenant user has been modified, or an existing KMS-Tenant user has been deleted, or a locked account due to 3-fold incorrect password input is unlocked again, or the password of the currently logged in user has been changed.
Remarks	After creating a new KMS-Tenant user account, the initial password should be sent securely to the responsible person (e.g. via encrypted email). The current operator should not be able to use and reset this initial password without the new operator noticing (e.g. to avoid abusing the new account by the approving operator). Therefore, when logging in for the first time with a newly created Tenant user account, the tenant operator is prompted to change his initial password. Creating a new user account as well as deleting an account are treated as dual-control orders. This means that the order remains in an open state until a second administrator finally unlocks the order (see chapter [managing-dual-control-orders]).

Table 3. Process steps: KMS-Tenant user account (Create, Modify, Delete)

Process steps

Display the list of KMS-Tenant user:

In the navigation menu, select the menu item "Accounts" → “Manage user accounts”.

Create KMS-Tenant user account – Step 1: Create creation request (proposal):

Click on "Create user account" in the list of KMS-Tenant users (see step 1) and confirm the action.

A proposal for a new user account has been created (dual control order). The vote counter indicates that another vote for the generation of the account is still pending.

The process can now be continued (see Step 03) by giving the missing votes for the proposal. Alternatively, the votes can also be submitted at any time later via the menu item "Proposals" (see chapter [managing-dual-control-orders]).

Create KMS-Tenant user account – Step 2: Vote for creation request (proposal):

A second Tenant operator logs into the KMS-Tenant to give his vote for the proposal (dual order principle);
In the list of proposals (menu item “Proposals”), select the proposal by clicking the appropriate button “Details”;
Check the displayed information and click on "+ Vote";
If the required number of votes has been reached, click "complete proposal" to create the Tenant user account;
The password is generated and offered in a form. To make the password visible, the corresponding field must be clicked. The password can also be saved to the clipboard by clicking the "Copy" button.

By clicking on "Copy all data" all access data will be copied and stored in the clipboard as follows:
```
{
   "component": "KMS-Tenant",
   "users": [
       {
           "username": "……",
           "password": "……"
       }
   ]
}
```
With the creation of the account and the corresponding password the process is finished. The access data generated must be handed over to the responsible person in a secure manner. This is an organizational process that must be reliably established between the parties involved.

When logging in for the first time with the new account, the user will be prompted by the system to change the password.

Modify own KMS-Tenant user account:

Select menu item "Accounts" → “Edit account” in the navigation menu;
Edit "Username" or “E-Mail” and click “Save”.

Change own password:

In the navigation menu, select menu item "Account" → “Change password”;
Enter the new password and repeat your choice;
Click on “Submit” to change your password.

Reset an account:

Click the appropriate "Edit"-Button in the list of KMS-Tenant users (see step 1);
Click “reset” to reset the account.

Only locked accounts can be reset. An account will be locked after 3 incorrect password entries.

Delete KMS-Tenant user account: Create deletion request (proposal):

Select menu item "Accounts" → “Manage user accounts” in the navigation menu;
In the list of KMS-Tenant user accounts select the account by clicking the appropriate “Edit” button;
Check the displayed information and click “Delete”. The action must be confirmed. Since the deletion of an user account is based on the principle of dual control, only a deletion proposal has been created. This proposal must be confirmed (voted) by a second operator.

The process can now be continued (see Step 08) by giving the missing votes for the proposal. Alternatively, the votes can also be submitted at any time later via the menu item "Proposals" (see chapter [managing-dual-control-orders]).

When deleting a Tenant user, at least two (active) Tenant users must remain.

Delete KMS-Tenant user account – Step 2: Confirm deletion request by a second administrator:

A second Tenant operator log into the KMS-Tenant to give his vote for the proposal (dual order principle);
In the list of proposals (menu item “Proposals”), select the proposal by clicking the appropriate “Details” button.
Check the displayed information and click an "+ Vote";
If the required number of votes has been reached, click "Complete proposal" to delete the Tenant user account.

P-KMS-TNT-02 – KEKS (create, activate, delete)

Table 4. Profile: KEKS (create, activate, delete)
Profile
Designation	P-KMS-TNT-02 – KEKS (create, activate, delete)
Purpose	For security reasons, key material of a tenant may not be stored unencrypted in the KMS database. For this purpose, each tenant uses a so-called KEK (Key-Encryption-Key), which acts as the master key for encrypting the tenant’s own key material. The tenant himself is responsible for the production and administration of the KEK. The description of the management of KEKS is the subject of P-KMS-ADM-01.
Responsibility	KMS-Tenant operator
Working tool(s)	Browser, KMS web application for KMS-Tenant operator (KMS-Tenant)
Precondition/input	The KMS platform is up and running. The KMS-Tenant user is logged into KMS-Tenant. Tenants and HSMs are set up. At least 1 HSM-Profile was set up for the tenant by the KMS-Admin.
Postcondition/output	A new KEK for a tenant was created, or an existing KEK object has been modified, or an existing KEK object has been deleted.
Remarks	Since the KEK is stored in the safe environment of an HSM, the KMS-Tenant operator can only access a KEK by using the “key management" credentials stored within a tenant’s HSM-Profile (see chapter [tenant-hsm-profiles]). This calls for a dual control order, which requires using the voting system to restore the credentials of the "key management" HSM user. It should be noted that each tenant can create several KEKs but only one KEK is active at a time. Only the active KEK is used to encrypt the key material. The KMS does not re-encrypt existings object when generating a new KEK as this would be very time-consuming. Only new objects added to the KMS will be encrypted using the new KEK.

Table 5. Process steps: KEKS (Create, Delete)

Process steps

Display the list of KEKs:

Select menu item "Setup" → "Manage KEKS" in the navigation menu.

A list of the KEKs managed by the tenant is displayed. If there are still pending KEK proposals, these are shown in a separate list.

Create KEK – Step 1: Create creation request (proposal):

Select menu item "Setup" → “Create KEKS" in the navigation menu (or click “Create” in the list of KEKS, see step 01);
Enter a name for the KEK;
Click on “Select” and select the intended HSM-Profile from the list;
Click on “Create” to create a proposal for the KEK.

The proposal has been created and is now waiting for the pending votes because the generation of a KEK is a dual control order.

A missing vote can be submitted any time via the voting system (see chapter P-KMS-TNT-03 – KMS Clients (create, modify, delete)).

Create KEK – Step 2: Vote for creation request (proposal):

Log into the KMS-Tenant as second administrator to give the missing vote;
Select “Proposals” in the navigation menu;
Click the appropriate “Edit” button to select the proposal;
Click “+ Vote”;
If the required number of votes for the proposal is reached, click “Send proposal” to generate the KEK finally.

Activate the newly created KEK:

Click appropriate "Details" button in the list of KEKS (see step 01);
Click on "Activate" and confirm the action.

Usually exactly one KEK is active for a tenant (only if the active KEK is deleted, no KEK of the tenant is active). When the first KEK is created, it is automatically activated. If several KEKs are configured, activating a KEK will deactivate the currently active KEK. A functionality for explicitly deactivating a KEK is not offered by KMS.

Delete a KEK – Step 1: Create deletion request (proposal):

Click the appropriate "Details" in the list of KEK (see step 01);
Click on "Delete" and confirm the action;

If the process was successful, an open order (proposal) has been created waiting to be accepted by a second administrator (see step 05 or chapter P-KMS-TNT-03 – KMS Clients (create, modify, delete)).

Delete a KEK – Step 2: Confirm deletion request by a second administrator:

Log into the KMS-Tenant as second administrator;
Select the deletion proposal via menu item "Proposals" in the navigation menu and give the second vote. The process is described in detail in chapter P-KMS-TNT-03 – KMS Clients (create, modify, delete).

A missing vote can be submitted at any time via the voting system (see chapter P-KMS-TNT-03 – KMS Clients (create, modify, delete)).

P-KMS-TNT-03A – PROTECTED KEKS (create, activate, add HSM-Profile, remove HSM-Profile, delete, restore)

Table 6. Profile: PROTECTED KEKS (create, activate, add HSM-Profile, remove HSM-Profile, delete, restore)
Profile
Designation	P-KMS-TNT-03A – PROTECTED KEKS (create, activate, delete, …)
Purpose	While using traditional HSM KEKs for each cryptographic operation is simple and safe, it might not be best solution in all cases. The KMS offers an alternative to the traditional KEKs, called “KEK-protection mode”. In this mode, the actual encryption/decryption is done in-memory (using software KEKs), while the HSM is only used to initially derive and occasionally renew the said KEKs. This has the following advantages: Because the HSM is not required for each operation, most of the processing can be offloaded to the application server, which is often much cheaper to scale both horizontally and vertically. Because the selected key derivation method does not necessitate symmetric encryption, it is possible to use this mode with HSMs that only support asymmetric cryptography. It is possible to configure more than one HSM/HSM-Profile to protect the same software KEK, which mitigates the risk of a hardware malfunction. This is of great importance for HSMs that do not support backup functionality.
Responsibility	KMS-Tenant operator
Working tool(s)	Browser, KMS web application for KMS-Tenant operator (KMS-Tenant)
Precondition/input	The KMS platform is up and running. The KMS-Tenant user is logged into KMS-Tenant. Tenants and HSMs are set up. At least 1 HSM-Profile was set up for the tenant by the KMS-Admin.
Postcondition/output	A new KEK for a tenant was created, or an existing KEK object has been modified, or an existing KEK object has been deleted.
Remarks	While the protected KEK itself is stored in-memory, the key pair that is required to derive it is stored inside an HSM, which means the KMS-Tenant operator can only access a KEK by using the “key management" credentials stored within a tenant’s HSM-Profile (see chapter [tenant-hsm-profiles]). This calls for a dual control order, which requires using the voting system to restore the credentials of the "key management" HSM user.

Table 7. Process steps: PROTECTED KEKS (create, activate, add HSM-Profile, remove HSM-Profile, delete, restore)

Process steps

Display the list of KEKs:

Select menu item "Setup" → "Manage KEKS" in the navigation menu.

A list of the KEKs managed by the tenant is displayed. If there are still pending KEK proposals, these are shown in a separate list.

Create a protected KEK – Step 1: Create creation request (proposal):

Select menu item "Setup" → “Create KEK (protected)" in the navigation menu (or click “Create KEK (protected)” in the list of KEKS, see step 01);
Enter a name for the KEK;
Click on “Select” and select the intended HSM-Profile from the list;
Click on “Create” to create a proposal for the KEK.

The proposal has been created and is now waiting for the pending votes because the generation of a KEK is a dual control order.

A missing vote can be submitted any time via the voting system (see chapter P-KMS-TNT-03 – KMS Clients (create, modify, delete)).

Create a protected KEK – Step 2: Vote for creation request (proposal):

Log into the KMS-Tenant as second administrator to give the missing vote;
Select “Proposals” in the navigation menu;
Click the appropriate “Edit” button to select the proposal;
Click “+ Vote”;
If the required number of votes for the proposal is reached, click “Send proposal” to generate the KEK finally.

If the process was successful, the protected KEK would have been created and a backup string would be displayed on screen. Make sure to store this backup securely before leaving the page as it will not be shown a second time.

You can later use this backup string to restore the KEK in case of major malfunction on a configured HSM/HSM-Profile (see step 08).

Activate a protected KEK:

Click appropriate "Details" button in the list of KEKS (see step 01);
Click on "Activate" and confirm the action.

Add an HSM-Profile to a protected KEK – Step 1: Create “Add HSM-Profile” request (proposal):

Click the appropriate "Details" in the list of KEK (see step 01);
Click on "Add HSM-Profile";
Click on “Select” and select the intended HSM-Profile from the list (Note: you cannot use the same HSM-Profile twice for the same protected KEK);
Click on “Add”.

If the process was successful, an open order (proposal) has been created waiting to be accepted by a second administrator (see step 05).

Add a HSM-Profile to a protected KEK – Step 2: Confirm “Add HSM-Profile” request by a second administrator:

Log into the KMS-Tenant as second administrator;
Select the “Add HSM-Profile” proposal via menu item "System" → "Available proposals" in the navigation menu and give the second vote. The process is described in detail in chapter P-KMS-TNT-03 – KMS Clients (create, modify, delete).

A missing vote can be submitted at any time via the voting system (see chapter P-KMS-TNT-03 – KMS Clients (create, modify, delete)).

Remove a HSM-Profile from a protected KEK – Step 1: Create removal request (proposal):

Click the appropriate "Details" in the list of KEK (see step 01);
Click on "Remove" next to the desired HSM-Profile and confirm the action;

If the process was successful, an open order (proposal) has been created waiting to be accepted by a second administrator (see step 05).

Remove a HSM-Profile from a protected KEK – Step 2: Confirm removal request by a second administrator:

Log into the KMS-Tenant as second administrator;
Select the removal proposal via menu item "System" → "Available proposals" in the navigation menu and give the second vote. The process is described in detail in chapter P-KMS-TNT-03 – KMS Clients (create, modify, delete).

A missing vote can be submitted at any time via the voting system (see chapter P-KMS-TNT-03 – KMS Clients (create, modify, delete)).

Restore a KEK from a backup string:

Click the appropriate "Details" in the list of KEK (see step 01);
Enter the backup string inside the “Backup string” input field;
Click on “Select” and select the intended HSM-Profile from the list;
Click on “Create from backup”.

You can only restore a protected KEK if there currently are no active HSM-Profiles protecting it.

Delete a protected KEK:

Click the appropriate "Details" in the list of KEK (see step 01);
Click on "Delete" and confirm the action;

You can only delete a protected KEK if there currently are no active HSM-Profiles protecting it.

P-KMS-TNT-03 – KMS Clients (create, modify, delete)

Table 8. Profile: KMS-Client-Users (create, modify, delete)
Profile
Designation	P-KMS-TNT-03 – KMS Clients (create, modify, delete)
Purpose	A KMS-Tenant-Client accesses and uses the KMS’s APIs to interact with the KMS-Server on behalf of a KMS-Tenant (see chapter [architecture-overview]).Access is only permitted after successful authentication.To perform authentication, the KMS-Server uses basic authentication with UserID+Password. The KMS-Tenant-Client Users define the client’s name and credentials for accessing the KMS-Webservices (KMIP-API).The creation and management of KMS-Tenant-Client users is the responsibility of KMS-Tenant operators. The description of the management of KMS-Tenant-Client Users is the subject of P-KMS-TNT-03.
Responsibility	KMS-Tenant operator
Working tool(s)	Browser, KMS web application for KMS-Tenant operator (KMS-Tenant)
Precondition/input	The KMS platform is up and running. The KMS-Tenant user is logged into KMS-Tenant.
Postcondition/output	A new KMS-Client object was created, or an existing KMS-Client object has been modified, or an existing KMS-Client object has been deleted.
Remarks	None

Table 9. Process steps: KMS Clients (Create, Modify, Delete)

Process steps

Display the list of KMS-Clients:

Select menu item "Setup" → "Manage KMS-Clients" in the navigation menu.

Create KMS-Client:

Click on "Create Credentials" in the list of KMS-Clients (see step 1) and confirm the action.
Safely store access data for the new KMS-Client:

The access data will only become visible when you click on the corresponding field.

By clicking on "Copy access data" all access data will be copied and stored in the clipboard as follows:
```
{
   "component": “KMS-API",
   "category": “kms-clients",
   "credentials": {
       "username": "…",
       "password": "…"
   }
}
```

The access data generated must be handed over to the responsible person in a secure manner. This is an organizational process that must be reliably established between the parties involved.

Modify KMS-Client object:

Click on "Edit" in the list of KMS-Clients (see step 1) to select the client to be modified;
Edit "Description" attribute;
Click on "Save".

Delete KMS-Client object:

Click on "Edit" in the list KMS-Clients (see step 1) to select the client to be deleted;
Click on "Delete Credentials" and confirm.

P-KMS-TNT-04 – Dual control orders (vote, delete, complete)

Table 10. “Dual control” orders (vote, delete, complete)
Profile
Designation	P-KMS-TNT-04 – Dual Control orders (Create, Modify, Delete)
Purpose	For security reasons, the principle of dual control (see chapter [managing-dual-control-orders]) is used for certain processes executed by the KMS tenant operator.This means that when a proposal is created, it has to be accepted (voted) by other KMS tenant operators. In summary, the following actions can be performed upon a proposal: Vote: Voting for a proposal means accepting the proposal. A KMS-Tenant operator can vote only once for a proposal. Delete: A proposal can be rejected by a KMS-Tenant operator. The proposal is then deleted and no longer appears in the list of proposals. Complete: After a proposal has received the required number of votes, the proposal can be released (completed) by any KMS-Tenant operator. A proposal has the following properties, which are displayed to the KMS-Tenant operator during editing: Proposed by: KMS-Tenant operator who originally placed the order. Proposal type: Type of the proposal, e.g. CREATE or DELETE. Vote count: Number of received or missing votes. In most cases, exactly two votes from two different tenant operators are required. The first vote is assigned directly when the proposal is created. The second vote must be given by another KMS-Tenant operator. When a proposal has received the required number of votes, the proposal can be completed by any KMS-Tenant operator. Processes that require dual control: Creation of a tenant user account (see chapter P-KMS-TNT-01 – KMS-Tenant User Account (create, modify, delete)). Deletion of a tenant user account (see chapter P-KMS-TNT-01 – KMS-Tenant User Account (create, modify, delete)). Creation of a KEK (see chapter P-KMS-TNT-01 – KMS-Tenant User Account (create, modify, delete)). Deletion of a KEK (see chapter P-KMS-TNT-01 – KMS-Tenant User Account (create, modify, delete)).
Responsibility	KMS-Tenant operator
Working tool(s)	Browser, KMS web application for KMS-Tenant operator (KMS-Tenant)
Precondition/input	The KMS platform is up and running. The KMS-Tenant user is logged into KMS-Tenant.
Postcondition/output	An available dual order is accepted, or an available dual order is rejected, or an own dual order is retracted.
Remarks	Actions on proposals (e.g. delete proposal) are always performed immediately without applying the dual control principle.

Table 11. Process steps: “Dual control” orders (edit, accept, reject, withdraw)

Process steps

Display the list of all pending proposals:

Select menu item "Proposals" in the navigation menu.

If there exist any non-completed proposals, they are displayed separately in a list of the proposals for accounts as well as for KEKs. The list shows both your own suggestions and those of another tenant operator.

After the login of a tenant operator, the lists of open proposals are displayed on the welcome page.

Submit a vote for an account proposal:

In the list of account proposals, click on “Details” for the proposal that should be voted for;
Check the displayed data;
Click on "+ Vote";

The given vote is the second vote for the proposal. The first vote was already given when the proposal was made. Because the creation of an account is a basic dual control order, the proposal has received all the required votes. The proposal is therefore now ready for completion (see step 04).

User account proposals are based on the basic dual control principle. An administrator cannot vote twice for a proposal. An administrator can only vote for proposals with missing votes. A proposal that has received all the required votes is waiting to be completed by any administrator.

Complete an account proposal:

In the list of account proposals, click on “Details” for the proposal that should be completed;
Click on “Complete proposal”;
The password is generated and offered in a response page. To make the password visible, the corresponding field must be clicked. The password can also be saved to the clipboard by clicking the "Copy" button. With the creation of the admin and the corresponding password the process is finished. The access data generated must be handed over to the responsible person in a secure manner.

Only proposals that have already received all the required votes can be completed.

Delete an account proposal:

In the list of account proposals, click on “Details” for the proposal that should be deleted;
Click on “Delete Proposal” and confirm. The proposal is now deleted and no longer appears in a list of proposals;

Only non-completed proposals can be deleted. A proposal can be deleted by any operator.

Submit a vote for an KEK proposal:

In the list of KEK proposals, click on “Edit” for the proposal that should be voted for;
Check the displayed data;
Click on "+ Vote";

The vote count for the KEK proposal has been incremented.

A KMS-Tenant operator cannot vote twice for a proposal. A KMS-Tenant operator can only vote for proposals with missing votes. A proposal that has received all the required votes is waiting to be completed by any administrator.

Delete a KEK proposal:

In the list of account proposals, click on “Details” for the proposal that should be deleted;
Click on “Delete Proposal” and confirm;

Only non-completed proposals can be deleted. A proposal can be deleted by any operator.

Complete an KEK proposal:

In the list of KEK proposals, click on “Details” for the proposal that should be completed;
Click on “Complete proposal”;
The KEK has been created. Optional: Click on “Activate” to activate the KEK.

Only proposals that have already received all the required votes can be completed.

P-KMS-TNT-05 – Client certificate (generate, export)

Table 12. Profile: “Client certificate” orders (generate, export)
Profile
Designation	P-KMS-TNT-05 – Client certificate (generate, export)
Purpose	MTG-KMS supports client authentication with certificates for the KMS-Server communication through the KMIP-API. Therefore a certificate can be generated and exported.
Responsibility	KMS-Tenant operator
Working tool(s)	Browser, KMS web application for KMS-Tenant operator (KMS-Tenant)
Precondition/input	The KMS platform is up and running. The KMS-Tenant user is logged into KMS-Tenant.
Postcondition/output	A client had to be generated.
Remarks	The keystore for the generated certificate is only available for download until the Tenant logs out. It has to be ensured to download the certificate and store its password securely before logging out.

Table 13. Process steps: “Client certificate” orders (generate, export)
Process steps
01	Generate and export a client certificate and the appropriate keystore: Go to on “Setup” → “Manage KMS clients”; Click on “Edit” for the appropriate client; Click on the checkbox for “ Client-Auth using certificate”; Click in “Generate certificate” Click on “Download .p12” to save your PKCS#12 keystore file. Save the appropriate password. Click on “Download .pem” to download your certificate.

P-KMS-TNT-06 – Application Namespaces (create, modify, delete)

Table 14. Profile: “Application Namespaces” orders (create, modify, delete)
Profile
Designation	P-KMS-TNT-06 – Application Namespaces (create, modify, delete)
Purpose	MTG-KMS allows the user to determine application namespaces for objects. Those can be managed by the Tenant interface of MTG-KMS.
Responsibility	KMS-Tenant operator
Working tool(s)	Browser, KMS web application for KMS-Tenant operator (KMS-Tenant)
Precondition/input	The KMS platform is up and running. The KMS-Tenant user is logged into KMS-Tenant.
Postcondition/output	None
Remarks	None

Table 15. Process steps: “Application Namespaces” orders (create, modify, delete)
Process steps
01	Create an Application Namespace: Go to “Setup” → “Manage Application Namespaces”; Click on “Create Application Namespace”; Insert the “Namespace” (mandatory field) and the “Data”; Click on “Create” to generate the Application Namespace.
02	Modify an Application Namespace: Go to “Setup” → “Manage Application Namespaces”; Click on “Edit” for the appropriate Application Namespace; Insert a new value for “Data”; Click on “Save”;
03	Delete an Application Namespace: Go to “Setup” → “Manage Application Namespaces”; Click on “Edit” for the appropriate Application Namespace; Click on “Delete Application Namespace”.

P-KMS-TNT-07 – “Cryptotoken Migration” (migrate)

Table 16. Profile: “Cryptotoken Migration” (gather shares, migrate)
Profile
Designation	P-KMS-TNT-07– “Cryptotoken Migration” (gather shares, migrate)
Purpose	MTG-KMS allows the Administrator to migrate any existing legacy cryptotokens to the new HSM-Profiles. HSM-Profiles replace cryptotokens (starting from KMS version 2.x on) and are a new method of protecting the configured cryptotoken HSM user credentials that does not require the creation, distribution and usage of "key management shares" when performing "key management" operations on the HSM.
Responsibility	KMS-ADMIN
Working tool(s)	Browser, KMS web application for KMS-Admin (KMS-Admin)
Precondition/ input	The KMS platform is up and running. The KMS-Admin is logged in the KMS-Admin. There is at least one existing legacy cryptotoken that requires migration to an HSM-Profile.
Postcondition/ output	All existing legacy cryptotokens have been migrated to HSM-Profiles
Remarks	Migrating to HSM-Profiles requires KMS version 2.x to have been installed. See [KMS010 - MTG-KMS-Installation-Manual] for instructions.

Table 17. Process steps: “Cryptotoken Migration” (gather shares, migrate)
Process steps
01	When a KMS-Tenant operator logs in for the first time after the installation of KMS version 2.x, if there are any cryptotokens configured in the system, the "Migrate legacy cryptotokens" page will be displayed. The KMS-Tenant operator won’t be able to proceed to the application until all legacy cryptotokens are successfully migrated. Gather key shares: For each legacy cryptotoken on the page, enter its key share (as provided to you by the KMS-Admin) by entering it in the respective input field and clicking on the "+ Add share" button. If you suspect you have entered the wrong key share (or a key share associated with another cryptotoken) you can click on "Remove share" and enter a new one. Repeat this process with different KMS-Tenant operators (that have different key shares) until enough key shares have been gathered.
02	When enough key shares for a cryptotoken have been gathered, a "Migrate legacy cryptotoken" button will be shown. Migrate legacy cryptotoken: Click on “Migrate legacy cryptotoken”. The gathered key shares will be used to migrate the cryptotoken to an HSM-Profile. Repeat this process for all legacy cryptotokens. When all legacy cryptotokens were successfully migrated, click on "Proceed" to access the application.