Transport OEM

Communication between the smart card chip and the HSM (called a terminal in this context) is protected by a mechanism called Secure Messaging.

An engraving process called OEM Injection is carried out at the manufacturing stage, where a code, called TP OEM, is injected into both the HSM and the smart card.

Any attempt to generate the Server Master Key on a card that has a different OEM TP to the HSM will result in failure.

When you receive and start operating the HSM, check that the OEM TP indicated on the HSM console is the same as the one on the smart card label. An identification label (by name and/or code id) is affixed to each card.

Older cards without an injected OEM TP, but which already have an SVMK generated, can be used to authenticate and activate an HSM with an OEM TP, as long as it is operating in non-restricted mode (NRM).