Smart card PIN
Changing the smart card PIN
Attention
For security reasons, the smart card PIN can only be changed once. Once the PIN has been changed, the memory area of the card containing this information is sealed and can no longer be altered or tampered with.
Requirements
- Physical access to the HSMs with the smart cards and PIN for each one.
- Keyboard and monitor.
Procedure
-
To change the PIN, you must physically go to the HSM and authenticate with the cards.
-
Once authenticated, choose Configuration and then Smart card Manager
Dinamo - Local Management Console ┌─────────┤ Smart Card ├──────────┐ │ ◂ │ │ Inspect │ │ Change PIN │ │ Create Server Master Key │ │ Erase │ │ Create Partition Auth Set │ │ Get Label │ │ Copy Set │ │ Copy Card │ └─────────────────────────────────┘ Service running... Replication Domain: <none>Smart card management option -
Choose Change PIN, insert the card and press Enter.
Dinamo - Local Management Console ┌─────────────────┤ ├─────────────────┐ │ │ │ Please, insert a valid smart card... │ │ │ │ ┌────┐ │ │ │ OK │ │ │ └────┘ │ │ │ │ │ └──────────────────────────────────────┘ Service stopped Replication Domain: <none>Message to insert card -
Type in his current PIN, a message about the size and characteristics of the PIN will appear, press Enter again.
Dinamo - Local Management Console ┌──┤ Please, enter current PIN: ├─┐ │ │ │ │ │ PIN _________ │ │ │ │ │ │ ┌─────────┐ │ │ │ OK │ │ │ └─────────┘ │ │ │ │ │ └─────────────────────────────────┘ Service stopped Replication Domain: <none>Message to enter PIN -
Enter the new PIN and press Entera new screen to confirm the PIN will appear, type it again and Enter again.
Dinamo - Local Management Console ┌────┤ Please, enter new PIN: ├───┐ │ │ │ │ │ PIN _________ │ │ │ │ │ │ ┌─────────┐ │ │ │ OK │ │ │ └─────────┘ │ │ │ │ │ └─────────────────────────────────┘ Service stopped Replication Domain: <none>Message to confirm the new PIN -
After confirming the PIN, a message will appear confirming the change and another saying that the card is PIN locked (cannot be changed again).
Dinamo - Local Management Console ┌────────────────┤ ├─────────────┐ │ │ │ │ │ PIN changed and checked │ │ │ │ ┌────┐ │ │ │ OK │ │ │ └────┘ │ │ │ │ │ └─────────────────────────────────┘ Service stopped Replication Domain: <none>Confirmation message Dinamo - Local Management Console ┌──────────────┤ ├───────────────┐ │ │ │ │ │ -> PIN locked. │ │ │ │ ┌────┐ │ │ │ OK │ │ │ └────┘ │ │ │ │ │ └─────────────────────────────────┘ Service stopped Replication Domain: <none>Message showing that the card is in the locked state
Checking smart card status
You can check the status of the smart card by choosing the Inspect option within the Smart card manager
-
Once authenticated, choose Configuration and then Smart card Manager
Dinamo - Local Management Console ┌─────────┤ Smart Card ├──────────┐ │ ◂ │ │ Inspect │ │ Change PIN │ │ Create Server Master Key │ │ Erase │ │ Create Partition Auth Set │ │ Get Label │ │ Copy Set │ │ Copy Card │ └─────────────────────────────────┘ Service running... Replication Domain: <none>Smart card management option -
Choose the Inspect option, insert the card and press OK, if the card has already changed its password, YES will appear in the Pin Locked line.
Dinamo - Local Management Console ┌────────────────────────────┤ ├─────────────────────────────┐ │ │ │ ATR : 3B:7A:94:00:00:80:65:A2:01:01:01:3D:72:D6:43 ↑ │ │ CSN : 15C000E3A8171006F00FF0010 ▒ │ │ Family : Gemplus Generic Product ▒ │ │ Card Name : GemXpresso Pro R3.x ▒ │ │ Card OS : OSv09 ▒ │ │ Prog Ver : 01 ▒ │ │ Chip Ver : 38 ▒ │ │ LOCK1 byte : 02 ▒ │ │ LOCK2 byte : 02 ▒ │ │ Card Type : SmOe ▒ │ │ PIN Locked : no (one more PIN change allowed) ░ │ │ PIN SCR : 0 ↓ │ │ │ │ ┌────┐ │ │ │ OK │ │ │ └────┘ │ │ │ │ │ └─────────────────────────────────────────────────────────────┘ Service running... Replication Domain: <none>Inspect option