When new LMKs have been loaded into the HSM, using the LK command, the HSM prompts whether a set of old LMKs needs to be loaded into Key Change Storage for use in translations from old to new keys. If so, proceed as follows:
1. Ensure that the HSM is in the Secure state (see Step 1 of procedure Loading the LMKs).
2. Ensure that the HSM is in authorised state (see Step 9 of procedure Loading the LMKs).
3. Initiate moving ‘Old’ keys into key change storage. Use the LO command:
Secure-AUTH> LO <Return>
Load Old LMK from components.
Insert card and enter PIN:
4. Insert the first (old) Smartcard.
5. When the Smartcard is inserted enter the PIN:
***** <Return>
6. The HSM reads the Smartcard then displays:
CHECK: XXXX XXXX XXXX XXXX
Load more components? [Y/N]: Y <Return>
If it displays an error message, rectify the fault and repeat the operation as necessary.
When successful, remove the Smartcard.
7. Insert the second Smartcard and repeat the procedure from Step 5.
8. Repeat Step 5 as necessary until all old component sets have been moved into key change storage. When all have been moved and the HSM displays the check value, press N to terminate the procedure:
CHECK: XXXX XXXX XXXX XXXX
Load more components? [Y/N]: N <Return>
9. Return the HSM to normal use, as described in Generating Component Set 3, Step (2).