Accessing Service

1. Subscribe to the Service on AWS Marketplace

Sign up and login to AWS Marketplace.

AWS Marketplace URL : https://aws.amazon.com/marketplace

② Search for “Key4C” or “JWT HTTP REST API Service” on AWS Marketplace.

③ In the service search results, click on “Key4C JWT HTTP REST API Service

④ On the service main page, click the [View Purchase Options] button in the upper-right corner to subscribe to the service.

2. Getting Started with the Service

① When your subscription is active, the service detail page will display a purchase notice and an [Set up your account] button at the top. Click [Set up your account] to proceed to the service onboarding page.

② When using the service for the first time, you must generate a service token (one-time) to enable the HSM-based security features. During token creation, please set both the So PIN and the User PIN.

PIN Configuration Guidelines

  • Minimum length of 9 characters

  • Must include a combination of uppercase letters, lowercase letters, numbers, and special characters

  • Allowed special characters: ( ) , . ! @ # $ % ^ & * - : ; space

  • Strings with 4 or more consecutive or repeated characters/numbers are not allowed (e.g., 1234, aaaa, 1111)

③ Once the service subscription and token have been successfully created, you will be able to view the service information as shown below.

Service Info

  • UUID : A unique identifier assigned to your service instance.

  • Token Generation Date: The date when the HSM token was issued. This marks the activation date of your service.

HSM Information

  • Manufacturer: The company providing the HSM-based service (e.g., Ksmartech Co., Ltd.).

  • Model: The model or version of the HSM currently in use (e.g., Key4C V3).

  • HW/FW Version: The hardware and firmware versions of the HSM.

  • PIN Length: The allowed range for PIN code length (e.g., 9–255 characters).

Token Information

  • So PIN: The Security Officer PIN used by the system administrator or security officer.

  • User PIN: The PIN used by your application or service account to access the HSM.

[API Key Information] The API Key required to use the Key4C service. Enter this value when configuring the executable program.

Both the So PIN and the User PIN are configured during the initial creation process, and it is recommended that you change them periodically for security purposes.

You can click the [Change] button to update each PIN.

3. Token PIN Guide

  • If an incorrect So PIN number is entered five (5) or more times during So PIN authentication, the PIN status will be changed to “Locked.”

  • When the PIN is in the “Locked” state, PIN authentication is not available.

  • If you submit an unlock request, the service provider will review and approve the request before unlocking the PIN.

  • Once the status is changed back to “Normal,” the PIN can be used again.

① On the Service Information (Main) screen, check the So PIN status in the Token PIN Information section. Select the [Unlock Request] button for a So PIN that is in the “Locked” state.

Functions are available depending on the So PIN status.

② After submitting the unlock request, enter the email address that will receive the unlock completion notification. After entering the email address, select the [Confirm] button.

③ Once the unlock request is submitted, an informational pop-up is displayed, and the So PIN status changes to “Unlock Request Pending.”

④ The service provider reviews the So PIN unlock request and proceeds with the approval process. Upon approval, an unlock completion email is sent to the specified email address. The So PIN status is changed to “Normal,” and the PIN can be used again.

Usage Information

PIN Configuration Guidelines

  • Minimum length of 9 characters

  • Must include a combination of uppercase letters, lowercase letters, numbers, and special characters

  • Allowed special characters: ( ) , . ! @ # $ % ^ & * - : ; space

  • Strings with 4 or more consecutive or repeated characters/numbers are not allowed (e.g., 1234, aaaa, 1111)

PIN Lock Notice (after 5 failed attempts)

- Both So PIN and User PIN will be locked after more than five (5) consecutive incorrect entries.

- A locked So PIN can be unlocked by submitting an “Unlock Request.” A locked User PIN can be unlocked through So PIN authentication. If the So PIN is also locked, please complete the So PIN unlock process first before proceeding.

- When a PIN is locked, the related functions will not operate even if the correct PIN is entered. Please make sure to unlock the PIN before use.

PIN Unlock Guide

- If the So PIN is in the “Locked” state, it can be unlocked only through mandatory verification and approval by the service provider for security reasons. Please select the [Unlock Request] button to submit a request to the service provider. Once the request is reviewed and approved, an unlock completion notification email will be sent.

When the So PIN status is “Normal,” it can be used without restrictions.

- If the User PIN is in the “Locked” state, it can be unlocked through So PIN authentication.

PIN Loss Notice

If the So PIN is lost, it cannot be recovered. Please keep it in a secure place. (Registered tokens and keys will be permanently lost.) However, if the User PIN is lost, you can set a new PIN through So PIN verification.

PIN Verification Guide

1) The following actions require So PIN authentication:

- Token creation - So PIN change

- User PIN change - So PIN unlock

- User PIN unlock

2) The following actions require User PIN authentication:

- Key creation

- Key deletion

PIN Change Notice

- The So PIN can be changed through So PIN verification. - The User PIN can also be changed through So PIN verification. However, you cannot change it to the same PIN as before.