Unauthenticated Reset

Once the HSM has been initialized and activated with a particular set of smart cards, it is only possible to operate the keys created in the HSM with this set (or one generated from a copy of it).

When activating an HSM that has already been initialized, if a different set of smart cards is used than the one that initialized the HSM, it is possible to reset the database and put it back into First/Fresh status Boot to start operating with the new set. Note that in this case all the keys in the HSM's database will be destroyed in order to generate a new one. In any case, the TP Key injected into the smart card (if any) must be the same as the TP injected into the HSM. Without this condition, there is no communication between the card and the HSM.

Info

If a set of smart cards with a Server Master Key other than the one expected is used to activate an already initialized HSM(Wrong SVMK), the system gives the operator the chance to proceed with a complete reset of the database.

Wrong SVMK warning

Wrong SVMK warning

This mechanism prevents the HSM from logically locking when a new Master Key is generated in the card set, without previously resetting the database, leaving the operator with an HSM waiting for an old SVMK on one side and a card set with a new SVMK on the other.

It is possible to restore the old base and operate again with the old cards if a Restore is made from a backup file that has been generated in an HSM with the old base and activated with the old set of smart cards.