The HSM Master Keys are loaded when a HSM is first put into service. Also, because keys are erased whenever the HSM is in an alarmed condition, they must subsequently be reloaded. The procedure for loading from Smartcards is described below.
The following are required:
· One Smartcard from each of the Sets.
· The Component Holders responsible for Smartcard custody (no one person should have access to all Smartcards).
In the description that follows, user entries at the Console are shown underlined. Characters returned by the HSM that depend on the values entered by the user (and therefore cannot be predicted) are shown as X.
The order in which the Smartcards are loaded into the HSM is not important, but, for convenience, they are referred to as the first, second and third (etc.) Smartcards.
1. Set the HSM into the Secure state: insert the keys in both of the key switches on the HSM front panel and rotate them both one quarter turn. The Console displays:
HSM going OFFLINE, press Reset to go Online.
Master Key loading facilities now available.
Secure>
2. Initiate the LMK loading. Use the LK command. The HSM responds with a series of prompts to ensure that the initial starting conditions are achieved.
Secure> LK <Return>
The HSM responds with:
LMKs must be erased before proceeding.
Erase LMKs? Y <Return>
3. The HSM prompts for the components:
Load LMK from components.
Insert card and enter PIN: <Return>
Insert the first Smartcard into the card reader on the front of the panel of the HSM.
4. When the Smartcard is inserted enter the PIN:
***** <Return>
5. The HSM reads the Smartcard then displays:
CHECK: XXXX XXXX XXXX XXXX
Load more components? [Y/N]: Y <Return>
If it displays an error message,
rectify the fault and repeat the operation as necessary.
When successful, remove the Smartcard.
6. Insert the second Smartcard and repeat the loading procedure, Steps 3 to 5.
7. Repeat Step 6 for the third (and any subsequent) set of components. When all have been loaded and the HSM displays the check value, RECORD THE CHECK VALUE (it is the check on the final LMK pairs and is subsequently used to verify that the LMK pairs are correct), then press N to terminate the loading procedure:
CHECK: XXXX XXXX XXXX XXXX
Load more components? [Y/N]: N <Return>
Use the LO command to load LMKs into key change storage
8. It is now possible to go to the key change storage procedure (Step 3), if required. Otherwise lock the cam locks on the front panel and remove the keys.
9. Ensure that the HSM can be set into the Authorized state by inserting the Smartcards or entering the Passwords (as applicable). Use the A command, and insert the Smartcards and enter the PINs (or enter the Passwords), in response to prompts. If used, the Passwords must be entered in the correct order (i.e., the first should be the Password loaded with Component Set 1).
Online> A <Return>
Enter the first PIN (or the Password), as applicable:
First Officer:
Insert card and enter PIN: ***** <Return>
or
Password: **************** <Return>
Enter the second PIN (or the Password), as applicable:
Second Officer:
Insert card and enter PIN: ***** <Return>
or
Password: **************** <Return>
When successful the HSM displays:
AUTHORIZED
Online–AUTH>
If one of the PINs (or Passwords) does not have the correct number of characters (excluding spaces), the HSM re-prompts, and, if one was incorrect it returns NOT AUTHORIZED. In either case, press <Delete> and re-enter the PINs (or Passwords).
10. To reset the HSM and set it online to the Host, press the RESET button on the front panel. This also removes the HSM from the Authorised state.
11. Check that the yellow Secure LED on the front panel is illuminated.