The @UpdateSecurityCredentials.CommandPayload structure has four parts:
authorisingRemotePartyControl: which includes details of what kind of credential replacement this Command is, which Remote Parties are authorising it and information to support Protection Against Replay protections;
replacements: which is a list of new Certificates the Device is to store details from, along with which Trust Anchor Cell each set of details is to be stored in on the Device;
certificationPathCertificates: which is a list of Certification Authority Certificates the Device will need to use in checking that the replacement Certificates were properly issued; and
executionDateTime: which, if present, specifies the date-time at which the certificates in the CommandPayload are to be used to replace the credentials currently in use on the Device. If this field is not present, the Command shall be executed immediately. If this field has the value equivalent to ‘never’ (which is '99991231235959Z') the certificate replacement will never happen. This is to allow cancellation of future dated Commands. Note that future dating is not supported where certificates are being replaced in exception conditions.
The @UpdateSecurityCredentials.Response structure contains, for immediate execution commands, a list detailing the success of failure of each of the replacements, including details of the parties affected. For future dated commands, @UpdateSecurityCredentials.AlertPayload structure contains the list detailing the success, or failure, of each of the replacements, including details of the parties affected.
Section 18.104.22.168 contains narrative for each of the parts of these ASN.1 structures.
Section 22.214.171.124 provides an illustrative instantiation of @UpdateSecurityCredentials.CommandPayload and its corresponding DER encoding.