Secure Transport Mode (STM)

The email with the verification codes is required.

The Next Generation Hardware Appliance with Luna S790 HSM and the HSM Backup Device are delivered in STM. The purpose of the STM is to allow verification of the HSM firmware and critical security parameters so that the authorized recipient can determine if changes have been made during transport.

Two separate emails with 16-character control validation information are sent prior to shipment.

• Physical security control validation - an email containing the
  serial number of the HSM and the
  serial number of the corresponding tamper-proof envelope that encloses the HSM.

• Logical control validation - an email containing the
  serial number of each HSM in the shipment, along with the
  STM Random User String: XXXX-XXXX-XXXX-XXXX and
  STM Verification String: XXXX-XXXX-XXXX-XXXX.

Remove the STM from the HSM

The device must be connected.

1. Log in to your Next Generation Hardware Appliance.

2. Open the Overview page.

3. In the section HSM Overview the Status shows: Secure Transport Mode.

4. Click Exit Secure Transport Mode to to bring the HSM out of STM mode.

5. The Exit Secure Transport Mode for the HSM window opens.

6. Enter the Random User String which was sent via email.

7. Click Next Step to continue.

8. A summary appears. Click Start Setup to continue.
   The Exit Secure Transport Mode process starts.

9. Compare the Verification String shown in Webconf with the one that was sent via email.

10. If both are identical click Accept Verification String to confirm.

11. Click Finalize to finish the process.

12. After exiting the STM the internal HSM Status displays Zeroized and the Initialize HSM button appears. For further information refer to Initialization of the HSM.

Remove the STM from the Backup Device

The device must be connected.

1. Log in to your Next Generation Hardware Appliance.

2. On the Security page.

3. In the HSM Backup Management section select the attached Backup Device.

4. In the Actions column click on Exit Secure Transport Mode.
   A new pop-up window opens.

5. Enter the Random User String which was sent via email.

6. Click Start Setup to continue.
   The Exit Secure Transport Mode process starts.

7. Compare the Verification String shown in Webconf with the one that was sent via email.

8. Click Finalize to finish the process.

9. After exiting the STM Status of the backup device displays Zeroized and the Initialize button appears. For further information refer to HSM Backup Device.

10. Otherwise, the backup device is displayed as Ready in the HSM Backup Management section after exiting the STM.