Just like for administrator smart cards, CAT offers the ability to change the PIN protecting an MBK smart card's share. This should be done after generating the MBK share on a smart card or as a standard process of a company's security policy for the HSM. This operation has no effect on the HSM itself, and thus does not require administrators to log into CAT.
Make sure you have your smart card reader setup properly for operations with CAT (see Setting Up the Smart Card Reader). From CAT, select Manage → Master Backup Key.
In the Remote Master Backup Key (MBK) Management window, select the MBK Change PIN tab:
Click Change PIN.
The administrator of the smart card must follow the prompts on the smart card reader to complete the PIN Change. If the PIN has not been changed before, each smart card will be protected by a default PIN of 123456. Once the administrator has run through the prompts on the smart card reader successfully, the PIN will be changed.
NOTE: If incorrect PINs are entered three times consecutively, the smart card will trigger a security protocol and become permanently disabled. |