1 Sphinx List Summary Version Order # Included software components Sphinx Enterprise S-30 Install Sphinx Logon Manager software and desktop card readers on end-user computers. Pre-configured Sphinx CardMaker management software runs "out-of-the-box" on administrator server computer. Administrators who want more control can change the default settings of this full-featured software to specify PIN and password policies, manage logon entries, and much more. End-users present their IDs card to card readers to self-enroll with Sphinx, and start protecting their logon data. Sphinx Logon Manager, for end-user computers Sphinx CardMaker, for administrator computer Windows Logon s Card-secured logon to Windows End-user managed Windows logon data Administrator managed Windows logon data Sychronized Active Directory enrollment for Windows logon Logon Entries Wizard End-user presents card to card reader and enters card PIN to logon to Windows. Sphinx transfers logon data to Windows logon process transparently so that keystrokes cannot be observed or recorded. Standard Sphinx installations use Microsoft GINA-based logon to Windows. Sphinx Logon Manager software reads user name, password, domain from card (or card server for proximity cards) and passes this data to the Windows logon process on the end-user's computer, via the Microsoft GINA API. Does not replace or change Microsoft GINA; only interacts with relevant functions. By default, upon first use, cardholder is prompted to enter his existing Windows logon data into Sphinx Logon Manager. With next system reboot, cardholder is prompted to present card and enter PIN to logon to Windows. Note: Logon data which end-user saves with Sphinx cannot be accessed by Administrator. Administrator may choose to preset Windows logon entry data for individuals or groups of cards. Administrator can also continue to manage Windows logon data for cardholders if desired, by updating Windows logon data in cardholder account. For entries created by Administrator, Administrator can specify if end-user will be allowed to view or change the logon data. See also Managed Entry s. In order to use this feature, card data must be stored on the CardMaker server. This feature is not available for smart cards that store data on the card, but smart card installations can opt to load preset Wizard entries to cards at issuance. See also Logon Entries Wizard, below. When this option is activated, Sphinx automatically enrolls new end-users in Active Directory and updates the accounts of existing users upon card issuance. Once the end-users have the cards in their hands, all cards can immediately be used to logon to network computers. Sphinx works with Active Directory to use the Cardholder ID that Administrator enters into Sphinx as the Windows "user logon name". For users who are already known to Active Directory, Sphinx simply resets the Windows password in Active Directory before loading the logon data to the card account. For new users, Sphinx causes a new Active Directory account to be created for the user before generating a new Windows password and loading the data to the card account. Administrator can specify if end-user will be allowed to view or change the logon data. In order to use this feature, card data must be stored on the CardMaker server. This feature is not available for smart cards that store data on the card. Administrator can pre-enter logon entries for additional Windows logons into cards or card accounts, and the Sphinx Logon Entries Wizard will prompt the cardholder to personalize the entry with their user name and/or password when they open the Sphinx Logon Manager software. For smart cards that store data on the card, Wizard entries can be automatically loaded to All logos and trademarks are the property of the originating company. Page 1 of 9
2 Sphinx List the cards of all members of a user group upon card issuance. For card data that is stored on the CardMaker server (ie, RFID cards), Wizard entries can be loaded to card accounts at any time. Storage of multiple Windows logons Pull card to lock, logoff, or shutdown computer Pull card to lock, logoff, disconnect, from Terminal Services session Tap in / tap out behavior Control Windows "secure screen saver" and "lock workstation" functions from Sphinx Windows password change synchronization Windows password policy control Generate random Windows password Password change reminder Password repetition control System logging of cardholder logon and logoff For end-users with multiple Windows logon identities or domains, Sphinx allows entry and selection of multiple logons. End-user can remove card from reader to lock, logoff, or shutdown workstation. Removal of card invokes the appropriate Windows process. Setting can be established by end-user in Sphinx Logon Manager software or by Administrator in Sphinx CardMaker software, as required. Administrator can specify if enduser will be allowed to change this setting. In addition to card-removal behavior, workstation can also be locked using an optional sonar device that detects when end-user steps away from workstation. Sphinx is also compatible with this device. End-user can remove card from reader to lock, logoff, disconnect, or shutdown from a Terminal Services session. Removal of card invokes the appropriate Windows process. Setting is established by Administrator in Sphinx CardMaker software. Administrator can specify if end-user will be allowed to change this setting. Administrator also has the option to specify that a custom script will be launched upon card removal, also triggering a disconnect of the remote session if desired. Typically used for contactless cards. When this option is activated, the "pull card" action that was specified (as described above) will be triggered upon tapping the card on the card reader. End-user can "lock" Windows session before stepping away from their desk using Sphinx short-cut button. End-user can "unlock" a Windows session that has been locked by Windows "secure screen saver" or lock computer" functions by presenting card and entering card PIN. When end-user changes Windows password in the Sphinx program, password change will be synchronized with Windows so that end-user does not need to enter the change twice. Likewise, if Windows informs end-user at start-up that their password has expired and enduser changes password as prompted, password change will be synchronized with Sphinx program. Administrator can specify required Windows password length and character type (numeric, upper case, lower case...) in Sphinx CardMaker software, and end-user must conform to these requirements when entering or changing Windows password. When end-user changes Windows password, he can generate a random password that conforms to the installation's Windows Password Policy, if applicable. If installation has no Windows Password Policy, end-user can specify password length and character type (numeric, upper case, lower case...) for random password. Sphinx can prompt cardholder to change Windows password every specified number of days. Setting can be established by end-user in Sphinx Logon Manager software or by Administrator in Sphinx CardMaker software, as required. Administrator can specify if enduser will be allowed to change this setting. Sphinx can prohibit the entry of up to four previously used Windows passwords, when cardholder changes Windows password. Administrator can establish setting in Sphinx CardMaker software. When the CardMaker server is active, the system will log when end-users logon to Windows and logoff of Windows with their card. This record can be viewed as a CardMaker transaction report. Website and Application Logon s Card-secured logon End-user presents card to card reader and enters card PIN to logon to websites and All logos and trademarks are the property of the originating company. Page 2 of 9
3 Sphinx List to websites and applications End-user managed logon entries Administrator managed logon entries Logon Entries Wizard Auto-record and auto-fill of logon data Initiate recording of logon data Manual entry and button-click fill of logon data Sphinx pop-up Browse to logon location from Sphinx Submit control "Drag and drop" transferal of logon data Password policy control Generate random password applications. Sphinx transfers logon data to logon process transparently so that keystrokes cannot be observed or recorded. By default, cardholder is prompted to auto-record their logon data for websites and save it to their Sphinx account. Application logon data is easily recorded using the Record button. The next time cardholder goes to a website or application that Sphinx knows, cardholder is prompted to present card and enter PIN to logon to website or application. Note: Logon data which end-user saves with Sphinx cannot be accessed by Administrator. Administrator may choose to preset logon entry data and load it to end-user Sphinx accounts. Administrator can also continue to manage logon data for cardholders if desired, by updating logon data in cardholder account. For entries created by Administrator, Administrator can specify if end-user will be allowed to view or change the logon data. See also Managed Entry s. In order to use this feature, card data must be stored on the CardMaker server. This feature is not available for smart cards that store data on the card, but smart card installations can opt to load preset Wizard entries to cards at issuance. See also Logon Entries Wizard below. Administrator can pre-enter logon entries into cards or card accounts, and the Sphinx Logon Entries Wizard will prompt the cardholder to personalize the entry with their user name and/or password when they open the Sphinx Logon Manager software. For smart cards that store data on the card, Wizard entries can be automatically loaded to the cards of all members of a user group upon card issuance. For card data that is stored on the CardMaker server (ie, RFID cards), Wizard entries can be loaded to card accounts at any time. Whenever cardholder enters logon information into a website that Sphinx recognizes as being recordable, Sphinx asks cardholder if he wants to record the logon data. Whenever cardholder goes to a website or application logon location which Sphinx has recorded, Sphinx prompts cardholder to present card and enter PIN, then automatically enters logon data and cardholder is logged on. It's easy to record application logon data using the Record button. Or, end-users who don't want to use the auto-record feature for website logons can switch off this default setting, and click on the Record button to initiate the recording of logon data. The Record button is also useful for websites that don't adhere to typical logon procedures, that Sphinx doesn't recognize as being recordable. In any case, whenever cardholder goes to a logon location which Sphinx has recorded, Sphinx prompts cardholder to present card and enter PIN, then automatically enters logon data and cardholder is logged on. For website or application logon locations that don't have a unique address, it's simple for cardholders to create a new logon entry in Sphinx and manually enter logon data. Then to fill logon data, simply open the logon entry in Sphinx and click on the Sphinx "Logon Now" button to transfer logon data to location. Whenever cardholder goes to a website or application logon location that Sphinx has stored but which is not designated as auto-fill, Sphinx automatically pops-up with the logon data so that cardholder can complete logon. End-user can double-click on a website or application entry in Sphinx to browse to that location or start application, and auto-fill or transfer logon data. Cardholder can choose to submit logon data to logon processes automatically, or can choose to manually control the submission of logon data. With the latter option, cardholder must click on the website or application "Submit" or "Enter" button, to submit logon data. Manually controlled submission of logon data is the default for auto-filled entries. Logon data fields can be "dragged and dropped" into logon entry fields as desired. Administrator can specify required password length and character type (numeric, upper case, lower case...) for websites/applications in Sphinx CardMaker software, and end-user must conform to these requirements when entering or changing passwords. When end-user creates or changes a website or application password, he can generate a random password which conforms to the installation's Password Policy, if applicable. If All logos and trademarks are the property of the originating company. Page 3 of 9
4 Sphinx List installation has no Password Policy, end-user can specify password length and character type (numeric, upper case, lower case...) for random password. Password change reminder Password change verification Password repetition control Sphinx can prompt cardholder to change website or application password every specified number of days. Setting can be established by end-user in Sphinx Logon Manager software or Administrator in Sphinx CardMaker software, as required. Administrator can specify if end-user will be allowed to change this setting. Sphinx can prompt cardholder to verify that password has been changed in website or application. This ensures that passwords remain synchronized (since it would not be possible for Sphinx to automatically change a password in a third party website/application logon location that is not linked to Sphinx via an API). Until cardholder verifies that password has been changed in website/application, Sphinx will not accept password change. Setting can be established by end-user in Sphinx Logon Manager software or Administrator in Sphinx CardMaker software, as required. Administrator can specify if end-user will be allowed to change this setting. Sphinx can prohibit the entry of up to four previously used passwords, when cardholder changes a website or application password. Administrator can establish setting in Sphinx CardMaker software. Other End-user s Storage of address and payment information "Drag and drop" transferal of address and payment information Backup and restore data Auto-backup reminder Save Sphinx data to laptop Access Sphinx data on CardMaker server remotely End-user stores address and payment information in Sphinx, for use in website and application entry fields. The labels of all address and payment entry fields can be customized by the end-user. Cardholder can "drag" address and payment information and "drop" it into website and application entry fields, so that this basic information does not have to be continually retyped. Cardholder can back up all of his Sphinx data to his computer s hard drive, the network, or a removable data carrier such as a memory stick or floppy disk. Sphinx prompts cardholder to enter a backup password. Then, if he loses his contact chip card or forgets the authentication data for his contactless card, he can restore his Sphinx data to a new card as long as he knows his backup password. Setting of backup location can be established by end-user in Sphinx Logon Manager software or Administrator in Sphinx CardMaker software, as required. Administrator can specify if end-user will be allowed to change this setting. Sphinx can prompt cardholder to backup his Sphinx data every specified number of days at a certain time of day, or after data has been saved to Sphinx a specified number of times. Setting can be established by end-user in Sphinx Logon Manager software or Administrator in Sphinx CardMaker software, as required. Administrator can specify if end-user will be allowed to change this setting. For card installations that use the Sphinx CardMaker server to store Sphinx entries, cardholders have the option to save their Sphinx data to Laptop Mode, so that they can use Sphinx to access this data without a card, card reader or network connection while they travel with their laptop. Administrator also has the option to disable Laptop Mode, or require that a card and card reader is also required in Laptop Mode, and can specify this setting in the Sphinx CardMaker software. For card installations that use the Sphinx CardMaker server to store Sphinx data, the remote access mode feature enables user to access Sphinx data on server without a card or card reader, when traveling. For security reasons, this option is typically only made available upon user request - for example, if user forgot to load Sphinx data to laptop before leaving headquarters. Administrator can activate this capability on an individual basis for a defined period of time in the Sphinx CardMaker software. All logos and trademarks are the property of the originating company. Page 4 of 9
5 Sphinx List One time password No training required Auto-start and minimize The remote access mode can be configured to send a One Time Password to the user via or text message (SMS). The RA-OTP configuration ensures that the user s Sphinx data is still protected via a two-factor authentication mechanism even when a card/reader is not available. Administrator can activate this capability on an individual basis for a defined period of time in the Sphinx CardMaker software. End-user interface is intuitive and easy to use. Software prompts guide end-user through program. Sphinx Logon Manager software automatically starts at system startup, so that it is available for logons throughout the session. After auto-start, software automatically minimizes to the system tray. Thereafter, Sphinx auto-fills logon data or end-user double-clicks on Sphinx icon to access software, as required. These default setting can also be switched off according to user preference. Administrator can control auto-start capability as desired in the Sphinx CardMaker software. Setup s Easy installation of end-user software Easy installation of administrator software Easy import of license keys No change to network or Windows setup No change to RFID card setup Pre-configured Sphinx Logon Manager software self-installs at end-user computers and is ready for immediate use, with no additional configuration required. Sphinx Logon Manager setup is based on Microsoft Installer, which is compatible with numerous network installation tools. Pre-configured Sphinx CardMaker software self-installs at administrator server computer. Administrator specifies only three server settings, imports license keys, and software is ready for immediate use, with no additional configuration required. Use the Sphinx CardMaker software to load the license keys to your Sphinx installation, with a couple of mouse clicks. Sphinx license keys are based on the number of cardholders, with a unique license key for each cardholder. Requires no change to existing network setup or user accounts on domain server. Requires no change to existing Windows setup. Logon to Windows performs according to standard Windows protocols for Standalone as well as networked computers (NT Domain Servers, Active Directory). Requires no change to existing configuration of RFID cards that are compatible with Sphinx. Cardholders can self-enroll with Sphinx using the cards they already have, with no administrator involvement. The added logical access functionality with Sphinx does not impact on any other RFID card functions (such as facility access control, time & attendance or e-purse functions). When a Sphinx installation is setup to store data on the card, Sphinx can be pre-configured to only use the available free sectors on the card. Auto-enrollment s No configuration required End-user self-enrollment End-user self re-enrollment Software is pre-configured with standard default settings and ready for end-user selfenrollment immediately after installation. By default upon first use, cardholder presents card to card reader and is prompted to enter Windows user name and password to register with Sphinx server. Administrator can change the default settings, to also require entry of name and employee ID#, as desired. This information (except for Windows password) will populate the CardMaker cardholder database. Cardholders with Sphinx Standalone version will instead be prompted to enter their Sphinx license key. Sphinx software is then ready for immediate use. By default, if end-user loses his card and is given a new card, he can self re-enroll with Sphinx and access his previous Sphinx data if he knows his personal security code. Note: All logos and trademarks are the property of the originating company. Page 5 of 9
6 Sphinx List Standalone users must have a backup of their previous Sphinx data and know their backup code, if they want to use previous data with their new card. Administrator can change the default, to disallow self re-enrollment, as desired. Managed Enrollment s Customizable settings Database importing User groups One step issuance ID card printing Lost or stolen card "hotlist" One step card re-issuance Recycle card Reports Installation can use manufacturer's software default settings. Or, Administrator can change software settings in Sphinx CardMaker software before issuing cards, to reflect corporate security policies and control how the end-user uses Sphinx. Employee data can be imported from HR database into Sphinx CardMaker software before card issuance, if required. Built-in data import functions support ODBC and LDAP compatible databases. Sphinx CardMaker can also be linked with facility access control card management system if desired. Administrator can specify different default card settings and managed entries for different user groups, for example, "Sales Department" or "Management". Administrator clicks "Issue Card" in Sphinx CardMaker software and chooses end-user from database, or enters end-user data, to issue card. Administrator has the option to print ID cards as a part of the issuance step, using a TWAIN compatible webcam and an ID card printer. Allows for full color printing on one side, with photo, name, ID#, and additional fields as desired. When a card is lost or stolen, it can be reported to the Sphinx CardMaker software so that it will no longer be accepted within the Sphinx system. After a card has been hotlisted, a new card can be re-issued to the cardholder by selecting the cardholder's name from the cardholder list. All Sphinx card data can be erased using the Sphinx CardMaker software, so that the card can be re-used and issued to another user. Complete cardholder reports and transaction logs are available in the Sphinx CardMaker software. Managed Entries s Easy creation of managed entries Easy assignment of managed entries to user groups or individuals Simple managed entry screen End-user edit control Storage control No additional programming required Administrator simply creates a logon entry using the Sphinx Logon Manager software and saves it. When the adminstrator "auto-records" the logon entry, Sphinx "learns" the logon location of the entry, and the formats for user name, password and other entry fields. Administrator assigns managed entries to user groups or individuals, and edits user name and password information as required for the group or individual. Managed entries are easy to edit using the Managed Entries screen in the Sphinx CardMaker software, where Administrator has an overview of all managed entries and can easily select, edit, and assign managed entries. Administrator can specify if user group or individual end-user will be allowed to view, edit all, edit password, or delete the managed entry. Administrator can specify if the managed entry will be stored on the end-user card and on the server, or stored only on the Sphinx server. Many other logon management systems require that the administrator program links to the applications for which logon entries will be managed. No programming is required with Sphinx. The managed entries functionality works as easily as all of the other Sphinx features. All logos and trademarks are the property of the originating company. Page 6 of 9
7 Sphinx List API for identity management systems All managed entries are available via an API for 3rd party identity management and provisioning systems. Interfaces are based on ODBC, LDAP and XMP-RPC standards. Other Administrator s Administrator program protection Administrator assignment Activity log Administrators logon to Sphinx CardMaker using Administrator password, or based on the administrator rights granted to their card. Primary Administrator grants or revokes Sphinx CardMaker rights for other Administrators. When Administrators logon to Sphinx CardMaker with their card, the activity log automatically records which administrator performed each activity. Security s User designated PIN User designated PUK Randomly generated PIN/PUK option Administrator managed PUK Require PIN/PUK change upon first use option PIN policy control PIN verification timeout Biometric authentication By default upon first use, cardholder is prompted to choose a unique Personal Identification Number (PIN). This PIN, along with presentation of the card, will be required for all access to the Sphinx Logon Manager software. By default upon first use, cardholder is prompted to choose a unique Personal Unlock Key (PUK). The PUK is a second card PIN, which the cardholder can use to unlock their card. A card will be locked and no longer accepted within the Sphinx system if the cardholder enters the wrong PIN multiple times. Once a card has been locked, Sphinx will prompt the cardholder to enter the PUK to unlock the card. Most Sphinx installations use the standard default initial PIN of "12345", which the end-user is prompted to change upon first use. This is typically appropriate for self enrollment, or when a card that was issued from the CardMaker software does not yet contain any personalized data. Installations which want to specify a different initial PIN/PUK for each card that is issued from the CardMaker software - for example, installations that pre-load information to the card or card account - have the option to generate a random PIN/PUK for each card. A PIN letter is automatically generated in the Sphinx CardMaker software that can then be ed or delivered to the end-user. Cardholders with randomly generated PIN/PUKs will not be prompted to change their PIN and PUK upon first use, but this is recommended, since the initial PIN and PUK will be the same. Not available for cards that self enroll. Organizations that issue cards from the CardMaker software can choose to keep responsibility for the PIN in the cardholder's hands, but keep the PUK accessible for the administrator, so that administrators can always unlock end-user cards. All Sphinx installations prompt end-user to change the initial default PIN and PUK upon first use. Installations that require an additional level of control can select the Sphinx CardMaker option which will require that the end-user change the initial default PIN/PUK upon first use. In this case, if the PIN/PUK is not changed, the program will not continue. Administrator can specify required PIN length and character type (numeric, upper case, lower case...) in Sphinx CardMaker software, and end-user must conform to these requirements. PIN Policy established also applies to PUK. Specifies the length of time that a PIN will be stored in memory. After this time, end-user will be prompted to re-enter PIN. Setting can be established by end-user in Sphinx Logon Manager software or Administrator in Sphinx CardMaker software, as required. Administrator can specify if end-user will be allowed to change this setting. A biometric device such as a fingerprint or iris reader can be used for end-user All logos and trademarks are the property of the originating company. Page 7 of 9
8 Sphinx List authentication, either in combination with a card and/or PIN or by itself. Full biometric capabilities are completely integrated into the Sphinx software and work out-ofthe-box with selected BIO-API compatible devices, including biometric enrollment and authentication. Encryption Each issued Sphinx card or Sphinx account is secured by its own unique set of AES 256 encryption keys. If an installation requires a specific encryption method, the modular Sphinx encryption engine can be exchanged for special customized versions. Secured data exchange with card Card security features For card installations that store Sphinx data on the card, all security sensitive Sphinx data is first encrypted before being exchanged with the card. Sphinx takes full advantage of the card security features already offered by the powerful compatible card technologies to provide an additional layer of security. Sphinx is compatible with 50+ different card types, and can be configured to optimally utilize a card s available security features. Configuration options determine how the card is authenticated, where the credential data is stored, where and how the PIN is managed, and whether the cards can be centrally managed in real time. There are four principle configuration options available: On-Card mode: Credential and configuration data stored on card, PIN controlled by card. Recommended for: single user and offline applications. Available for: Secure memory, Java, and Multos cards. Server mode with UID based card authentication: Credential data stored on server in encrypted form, PIN controlled by server. Full real time, central management of card life cycle and content. Client / server communication secured by FIPS compatible encryption algorithms and methods. Recommended for: corporate and institutional applications with networked computers. Available for: wide range of contact and contactless cards. Server mode with symmetric key card authentication: same features as above, with additional card authentication security. Recommended for: critical security environments, government. Available for: Desfire EV1 and Java cards. Cards must be pre-initialized. Server mode with certificate-based card authentication: same features as above, with additional card authentication security. Recommended for: critical security environments, government. Available for: PKI cards and tokens with encryption certificate. Certificates managed outside of Sphinx. Secure web server Connection to secure server protected by SSL Communication between the Sphinx Logon Manager client and the Sphinx CardMaker server is secured by encryption methods and key handling protocols that adhere to the Federal Information Processing Standard (FIPS) U.S. issued by the National Institute of Standards and Technology (NIST). The applied cryptographic security is based on military strength AES 256 encryption and SHA 256 hashing algorithms. Only FIPS validated cryptographic modules are used to protect the credential data in transit and at rest. The Sphinx client / server security protocol includes mutual cryptographic authentication based on random-number challenge / response handshakes, key diversification, and use of temporary session keys. Installations can choose to additionally secure the data exchange between client and server via SSL. Other Software s Wide compatibility The Sphinx software can be used out-of-the-box with all of the major card and reader technologies on the market such as contactless cards (125kHz and MHz including Prox, Mifare, DesFire, HID iclass, Legic), contact cards (including Java, MULTOS, CardOS, Secure Memory), and MAG stripe cards. Likewise, Sphinx is compatible with PC/SC compatible desktop card readers and tokens, of which there is a wide availability on the All logos and trademarks are the property of the originating company. Page 8 of 9
9 Sphinx List market. See for Compatible Products list and out-of-the-box Solution Packages. Built for interoperability SQL Server ready Customized logo option Multi-language Sphinx Logon Manager API for OEMs Sphinx CardMaker API for thirdparty applications on server computer The Sphinx software is built around open API standards to provide interoperability between platforms, card readers, cards, and third-party software solutions. Sphinx is either out-of-thebox compatible or can easily be integrated with many third-party software and hardware products. By leveraging interoperability standards, Sphinx reduces the total cost of ownership for the end customer. PC/SC: can be used with all PC/SC conforming smart card readers. ISO 7816: has built-in interfaces for a number of ISO 7816 compatible cards. ISO 7816 compatible cards that are currently not supported can easily be integrated with Sphinx. ISO A/B: supports ISO compatible RF cards through a number of contactless readers. ODBC: compatible with major database systems such as MS Access, MS SQL, Oracle, mysql. LDAP: interfaces with LDAP-based directories such as Active Directory. COM: includes COM API for server and client-based software. XML: includes API based on XML-RPC function calls over IP. Sphinx CardMaker can optionally utilize a customer's own SQL Server database instance or a dedicated SQL Server Express. Upon request Sphinx can be delivered with a customized logo provided by customer. Sphinx multi-language tool enables convenient translation and maintenance of the Sphinx program text files, including Asian languages with double-byte characters. Also enables easy branding of software for OEMs. OEMs who want to bundle Sphinx with other client applications have the option to use the built-in API to integrate further. Data elements of the Sphinx CardMaker database are accessible through standard ODBC API. CardMaker features a flexible, built-in import function for LDAP and ODBC based data soruces. This means that, for example, cardholder identification data can be imported from an HR or access control database without requiring any programming. All managed entries are available via an API for third party identity management and provisioning systems. Interfaces are based on ODBC, LDAP and XMP-RPC standards. All logos and trademarks are the property of the originating company. Page 9 of 9
DFARS 252.204-7012 Requirements for Defense Contractors Must Be Satisfied by DECEMBER 31, 2017 As with most government documents, one often leads to another. And that s the case with DFARS 252.204-7012.
Single Secure Credential to Access Facilities and IT Resources HID PIV Solutions Securing access to premises, applications and networks Organizational Challenges Organizations that want to secure access
White Paper Intelligent Public Key Credential Distribution and Workstation Access Control TFS Technology www.tfstech.com Table of Contents Overview 3 Introduction 3 Important Concepts 4 Logon Modes 4 Password
2 Wave Systems Corp. Client User Guide Table of Contents Overview... 3 What is the Trusted Drive Manager?... 3 Key Features of Trusted Drive Manager... 3 Getting Started... 4 Required Components... 4 Configure
Expert Reference Series of White Papers BitLocker: Is It Really Secure? 1-800-COURSES www.globalknowledge.com BitLocker: Is It Really Secure? Mark Mizrahi, Global Knowledge Instructor, MCSE, MCT, CEH Introduction:
AXIAD IDS CLOUD SOLUTION Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure Logical Access Use Cases ONE BADGE FOR CONVERGED PHYSICAL AND IT ACCESS Corporate ID badge for physical
DigitalPersona Premium Data Sheet Overview DigitalPersona s Composite Authentication transforms the way IT executives protect the integrity of the digital organization by going beyond traditional two-factor
Check Point GO R75 User Guide 14 November 2011 Classification: [Public] 2011 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by copyright
Oracle Enterprise Single Sign-on Logon Manager User s Guide Release 10.1.4.0.4 E10562-01 November 2007 Oracle Enterprise Single Sign-on Logon Manager User s Guide, Release 10.1.4.0.4 E10562-01 Copyright
DigitalPersona Pro Enterprise Quick Start Guide Version 5 DATA PROTECTION REMOTE ACCESS SECURE COMMUNICATION STRONG AUTHENTICATION ACCESS RECOVERY SINGLE SIGN-ON DigitalPersona Pro Enterprise DigitalPersona
DigitalPersona Product Brief Endpoint Protection with DigitalPersona Pro An introductory technical overview to DigitalPersona s suite for Access Management, Data Protection and Secure Communication. April
IDCore Flexible, Trusted Open Platform financial services & retail enterprise > SOLUTION Government telecommunications transport Trusted Open Platform Java Card Alexandra Miller >network identity >smart
SafeNet Authentication Manager Version 8.0 Rev A User s Guide Copyright 2010 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete and accurate.
Still Going Strong SECURITY TOKENS FROM HID GLOBAL Contents Protecting Identities and sensitive data 03 Defining the Right Approach 05 HID Global Authentication Devices 06 HID Global Authentication Ecosystem
SecureDoc Disk Encryption Cryptographic Engine Security Policy Abstract: This document specifies Security Policy enforced by the SecureDoc Cryptographic Engine compliant with the requirements of FIPS 140-2
Zodiac iclass OPERATOR GUIDE June 2008 Page 2 of 19 Table of Contents Introduction... 4 PC Requirements... 4 Installing the USB Fingerprint Scanner (Hamster)... 5 Installing the USB Smartcard Programmer...
One Identity Authentication Manager for Windows 9.0.2 User's Guide Copyright 2017 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software
35020808-02 2015.11 ModeChanger ModeChanger is a software utility that can switch the drive between normal mode and encrypted mode. Operating in encrypted mode will help protect your data. While the drive
Asure ID 7 C a rd Pers o n aliz at io n S o f twa re Asure ID 7 Card Personalization Software 1 2 TOOLS AT YOUR FINGERTIPS HID Global software engineers collaborated with usability experts to give Asure
BUSINESS SOFTWARE Reference manual Integrated database authentication Installation and configuration ii This document is intended for Agresso Business World Consultants and customer Super Users, and thus
NetIQ SecureLogin 8.5 Release Notes October 2016 NetIQ SecureLogin 8.5 enhances the product capability and resolves several previous issues. Many of these improvements were made in direct response to suggestions
Oracle Enterprise Single Sign-on Authentication Manager Installation and Setup Guide Release 10.1.4.0.4 E10559-01 November 2007 , Release 10.1.4.0.4 E10559-01 Copyright 2006-2007, Oracle. All rights reserved.
IBM Client Security Solutions Client Security Software Version 1.0 Administrator's Guide December 1999 1 Before using this information and the product it supports, be sure to read Appendix A - U.S. export
Novell SecureLogin 7.0 Readme September 18, 2009 Novell 1 Documentation The following sources provide information about Novell SecureLogin 7.0: Online documentation: Novell Documentation Web site. (http://www.novell.com/
DigitalPersona Logon for Windows Data Sheet Overview DigitalPersona s Composite Authentication transforms the way IT executives protect the integrity of the digital organization by going beyond two-factor
Oracle Enterprise Single Sign-on Kiosk Manager User s Guide Release 10.1.4.0.3 E10338-01 June 2007 Oracle Enterprise Single Sign-on Kiosk Manager User s Guide, Release 10.1.4.0.3 E10338-01 Copyright 2006-2007,
Overview 1. What is Samsung Pay? Samsung Pay is a secure and easy-to-use mobile payment service which can be used to make purchases almost anywhere. Leveraging a new proprietary technology called Magnetic
Tivoli Access Manager for Enterprise Single Sign-On Version 5.0 User Guide Tivoli Access Manager for Enterprise Single Sign-On Version 5.0 User Guide Note: Before using this information and the product
Ekran System v.6.0 Privileged User Accounts and Sessions (PASM) Table of Contents About... 3 Using Privileged User Accounts... 4 Password Vault Configuration... 5 Defining Domain Administrator Credentials...
Integrating Password Management with Enterprise Single Sign-On 2016 Hitachi ID Systems, Inc. All rights reserved. Contents 1 Introduction 1 2 Background: one problem, two solutions 2 2.1 The Problem.............................................
iclass SE Platform Solutions The New Standard in Access Control iclass SE Platform iclass SE SOLUTIONS Next generation access control solutions for increased security, adaptability, and enhanced performance.
Logical Access How to Order Guide D00538, Release E.5 September 2018 The most current version of this document is available for download at: https://www.hidglobal.com/document-library Register and check
Meeting the requirements of PCI DSS 3.2 standard to user authentication Using the Indeed Identity products for authentication In April 2016, the new PCI DSS 3.2 version was adopted. Some of this version
Authentication Manager Self Service Password Request 9.0.2 Copyright 2017 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described
CRESCENDO SERIES Smart Cards Smart Card Solutions Crescendo offers the lowest total cost of ownership (TCO) for a combined logical and physical access control solution. Crescendo smart cards allow me to
2010 Product Line Catalog emerge Embedded Software Systems w Part of Access SySTEM From enterprise-wide security management to small and mid-size access control, Linear s IEI brand has a choice of, giving
Tivoli Access Manager for Enterprise Single Sign-On Version 6.0 Kiosk Adapter Installation and Setup Guide GC23-6353-00 Tivoli Access Manager for Enterprise Single Sign-On Version 6.0 Kiosk Adapter Installation
Desktop Application Reference Guide For Windows and Mac UNTETHERED LABS, INC. email@example.com Contents 1. GateKeeper Feature Description... 2 1.1 What is the GateKeeper Desktop Application?... 2 1.2
RSA Ready Implementation Guide for RSA SecurID Last Modified: March 13, 2015 Partner Information Product Information Partner Name Intel Security formerly McAfee Web Site www.mcafee.com Product Name for
1 (5) Getting started with ActiveSecurity MyLogin 1 Introduction This document contains instructions for starting to use Aventra s ActiveSecurity MyLogin software and explanations of the basic settings.
Microsoft Office Groove Server 2007 Groove Manager Domain Administrator s Guide Copyright Information in this document, including URL and other Internet Web site references, is subject to change without
Connection Broker Advanced Connections Management for Multi-Cloud Environments Leostream Connect Administrator s Guide and End User s Manual Version 3.8 / 3.4 December 2017 Contacting Leostream Leostream
SecuRemote for Windows 32-bit/64-bit E75.20 User Guide 13 September 2011 2011 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by copyright
CP600 Card Programmer Quick Start Guide Software Version 0.10.0 3134-910, Rev A.0 The CP600 Card Programmer is designed for on-site programming of access control and user data onto MIFARE DESFire EV1 credentials
INFORMATION TECHNOLOGY COMMITTEE ESCB-PKI PROJECT SUBSCRIBER S GUIDE VERSION 1.3 ECB-PUBLIC 15-April-2014 ESCB-PKI - Subscriber's Procedures v.1.3.docx Page 2 of 26 TABLE OF CONTENTS GLOSSARY AND ACRONYMS...
CoSign Hardware version 7.0 Firmware version 5.2 FIPS 140-2 Non-Proprietary Security Policy Level 3 Validation July 2010 Copyright 2009 AR This document may be freely reproduced and distributed whole and
Zodiac iclass II OPERATOR GUIDE July 2013 Page 2 of 24 Table of Contents INTRODUCTION... 4 PC REQUIREMENTS... 5 INSTALLING THE USB FINGERPRINT SCANNER (HAMSTER)... 5 INSTALLING THE USB SMARTCARD PROGRAMMER
Strategies for the Implementation of PIV I Secure Identity Credentials A Smart Card Alliance Educational Institute Workshop PIV Technology and Policy Requirements Steve Rogers President & CEO 9 th Annual
The Future of Smart Cards: Bigger, Faster and More Secure Joerg Borchert, Vice President, Secure Mobile Solutions July 16, 2003 Page 1 N e v e r s t o p t h i n k i n g. Infineon Technologies: Overview
Smart Cards and Authentication Jose Diaz Director, Technical and Strategic Business Development Thales Information Systems Security Payment Landscape Contactless payment technology being deployed Speeds
CREDENTSYS CARD FAMILY Credentsys is a secure smart card family that is designed for national ID systems, passports, and multi-use enterprise security environments. The family is certified to FIPS 140-2
Verifi ENTERPRISE Start Here IMPORTANT. Always install the Software prior to Hardware Installation Quick Installation Guide Windows XP Fast User Switching Compatible QAS 097 022505 PG1 RA About the Reader
Oracle Enterprise Single Sign-on Authentication Manager Installation and Setup Guide Release 10.1.4.1.0 E12621-01 October 2008 Oracle Enterprise Single Sign-on Authentication Manager Installation and Setup
Why is the Maxxess/Salto integration different from all other SALTO integrations? SALTO, one of the fastest growing wireless access control companies, and Maxxess, the leader in open, integrated systems
Tivoli Access Manager for Enterprise Single Sign-On Version 6.0 Kiosk Adapter User's Guide SC23-6342-00 Tivoli Access Manager for Enterprise Single Sign-On Version 6.0 Kiosk Adapter User's Guide SC23-6342-00
Logical Access How to Order Guide D00538, Release E.3 July 2017 The most current version of this document is available for download at: https://www.hidglobal.com/document-library Register and check your
Code42 CrashPlan Security Code42 CrashPlan provides continuous, automatic desktop and laptop backup. Our layered approach to security exceeds industry best practices and fulfills the enterprise need for
IBM Lotus Extended Search Extended Search Administration Version 4 Release 0.1 SC27-1404-02 IBM Lotus Extended Search Extended Search Administration Version 4 Release 0.1 SC27-1404-02 Note! Before using
Empower your phone to open new doors Introducing Lenel BlueDiamond Unmatched experience in mobile credentialing BlueDiamond leverages United Technologies Corporation s 17 years of experience developing
February 2018 TruCredential Software with ISONAS Pure Access Integration Frequently Asked Questions General 1. What is TruCredential software? Datacard TruCredential software suite is a solution for creating,
VMware Horizon Client for Windows 10 UWP User Guide Modified on 21 SEP 2017 VMware Horizon Client for Windows 10 UWP 4.6 You can find the most up-to-date technical documentation on the VMware website at:
System Administrator s Guide Login Updated: May 2018 Version: 2.4 Contents CONTENTS... 2 WHAT S NEW IN THIS VERSION 2018R1 RELEASE... 4 Password Retrieval via Email (GDPR Alignment)... 4 Self-Registration
BioPassport TM Enterprise Server The BioPassport Enterprise AD Server is the intelligence behind all of IdentAlink s biometric modules. Password management for a network or application can cost hundreds
MANAGING LOCAL AUTHENTICATION IN WINDOWS Credentials Manager Windows OS has a set of tools that help remedy some of the authentication challenges. For example, the Credential Manager in Windows 7 and newer
Smart Access Control System Software User Manual Version 1.0 Copyright MaCaPS International Ltd. 2002 This manual was produced by MaCaPS International Ltd. MaCaPS International Ltd. http://www.macaps.com.hk
DHS ID & CREDENTIALING INITIATIVE IPT MEETING October 14, 2004 Part 02 of 02 IMS/CMS Functional Specification General Issuance Requirements Issue a GSC-IS 2.1 compliant dual chip hybrid ICC/DESFire v0.5
STONELOCK NETWORK USER MANUAL Version 17.2.1 Table of Contents About StoneLock Pro...4 1.0 Overview 1.01...System Introduction...4 1.02...System Components...4 1.03...Installation...5-6 1.04...Uninstall...6
SELF SERVICE RESET PASSWORD MANAGEMENT ARCHITECTURE GUIDE Copyright 1998-2017 Tools4ever B.V. All rights reserved. No part of the contents of this user guide may be reproduced or transmitted in any form
First Access Express OPERATOR GUIDE October 2016 Cutting edge simplicity Table of Contents Introduction... 4 PC Requirements... 5 Step 1. Software Installation... 5 Complete Installation Server and Client...
User Guide SecureLogin 8.1 November, 2015 www.netiq.com/documentation Legal Notice For information about NetIQ legal notices, disclaimers, warranties, export and other use restrictions, U.S. Government
1-16 Chapter 1 Introduction to Windows XP Professional Lesson 3: Identifying Key Characteristics of Workgroups and Domains Windows XP Professional supports two types of network environments in which users
Embedded for Xerox EPA-EIP Setup Guide 2016 XRX-EPA-EIP-20160315 Equitrac Embedded for Xerox EPA-EIP Setup Guide Document History Date Description of Revision Changes March 15, 2016 Updated for Equitrac
HOSPICE ABSTRACTION REPORTING TOOL (HART) USER GUIDE IN SUPPORT OF VERSION 1.5.0 (APRIL 2019) Page 1 of 60 TABLE OF CONTENT TABLE OF CONTENT... 2 INTRODUCTION... 4 INSTALLATION... 4 Installers Access Rights...
A C O S 5 - C T M C r y p t o M a t e U S B T o k e n Version 1.5 03-2007, Email: firstname.lastname@example.org Website: www.acs.com.hk CryptoMate USB Token 1.0 Introduction Frustrated by network breaches like Trojan