RB-1 PIN Pad Token QUICK Reference Overview The RB-1 PIN Pad token generates a new, random one-time password each time the token is activated. An RB-1 PIN is a numeric string of 3 to 8 characters that is used to guard against the unauthorized use of the token. If PIN protection is enabled, the user must provide a PIN to activate the token. Key Pad Summary Key Function 0 9 Used to enter PIN. PASSWORD DIGSIG MENU ENT CLR CHGPIN Turns token on/off in Password mode. Turns token on in Digital Signature mode. To adjust LCD Contract or to ReSync token. Used to confirm or complete any keypad inputs. Used to clear a keypad input error (e.g. PIN, challenge). Used to change the PIN used to activate the token. Copyright 2008 CRYPTOCard All Rights Reserved Page 1
Using the RB-1 You must key a PIN into the token before a one-time password is generated. The displayed passcode is then used during logon. The numeric keypad is used to enter the PIN. First Use On first use, you will enter the PIN 1234, and the token may require the PIN to be changed to a new value chosen by you. Thereafter, the token will generate a passcode after your PIN has been correctly entered. 1. Press the PASSWORD button. The token will display the PIN? prompt. 2. Use the numeric keypad to enter the initial PIN. If an incorrect digit is accidentally entered, press CLR to erase the PIN to restart the process. Press the ENT once the PIN has been entered. 3. The token may display the New PIN? prompt. Enter a new PIN value using the numeric keypad. Press ENT to complete input. 4. If you were required to change your PIN, the token will display the Verify prompt. Reenter the new PIN value and press ENT to complete input. 5. The token will display the Card OK confirmation. Press PASSWORD to turn the token off. Generating a One-Time Password 1. Press the PASSWORD button. The token will display the PIN? prompt. 2. Use the numeric keypad to enter the PIN. If an incorrect digit is accidentally entered, press CLR to erase the PIN to restart the process. Press the ENT once the PIN has been entered. The token displays the one-time password. The token display will clear and the token will automatically shut-off at a preset automatic shut-off interval of 30, 60, or 90 seconds. The token can be manually turned off by pressing PASSWORD. User-changeable PIN Depending on how your token was programmed, you may be able to change your PIN: 1. Press CHG PIN and enter the current PIN at the PIN? prompt. 2. At the NEWPIN? prompt, enter the digits of the new PIN and press ENT. 3. At the VERIFY prompt, re-enter the new PIN and press ENT to confirm. 4. The token displays a CARD OK message to indicate that the new PIN has been accepted. Copyright 2008 CRYPTOCard All Rights Reserved Page 2
LCD Contrast Adjustment The LCD display contrast can be adjusted to lighten or darken the displayed passcode and prompts. To adjust the contrast: 1. Press MENU. If you have a token that begins with 20226, you will see STATS (CRYPTOCard s internal use for extracting statistics). Press the Menu button again and you will be required to enter a PIN. Enter your PIN and press ENT. The Contrast prompt will be displayed. 2. Press ENT to select this option. The token will display the current LCD contrast level (e.g. -xx07xx-) 3. Press MENU repeatedly to lighten the display (-xx00xx- is the lightest value). Press DIGSIG repeatedly to darken the display (-xx15xx- is the darkest value). 4. Press PASSWORD to accept the contrast selection. Copyright 2008 CRYPTOCard All Rights Reserved Page 3
Token Resync The purpose of this section is to instruct end-users and administrators how to resynchronize tokens using the on-line CRYPTO-MAS resynchronization tool. If too many One-time password Codes (OTP s) have been generated by a token since the last time the server received a correct OTP, the server will not recognize the OTP and the token and server are said to be out of sync. For CRYPTO-MAS, the number of OTPs that needs to be generated by the token to cause the server and the token to become out-of-sync is defaulted to 25. Instructions IMPORTANT: Please ensure that the user has only one token assigned to them. An Access Denied message will appear if the user has multiple tokens. Step 1: Open up a browser (IE6, IE7, Mozilla Firefox 1.5+) and go to http://resync.cryptocard.com/. The following dialog box will appear: Step 2: Enter the User ID and Authentication ID (Auth ID) and click OK. Contact your MAS Administrator if you don t know the Authentication ID. Copyright 2008 CRYPTOCard All Rights Reserved Page 4
Step 3: You will be presented with a challenge to be entered into your token, along with a field to enter your next OTP (after the resync process has been completed). Entering a Challenge into an RB-1 Token: a) Press MENU. If you have a token that begins with 20226, you will see STATS (CRYPTOCard s internal use for extracting statistics). Press the MENU button again and you will be required to enter a PIN. Enter your PIN and press ENT. The Contrast prompt will be displayed. Press the MENU button again. ReSync will be displayed. b) Press ENT to select this option. Use the keypad to enter the challenge number into the RB Token. c) When the challenge number has been correctly entered, click the ENT button and a new One Time Password (or response ) will be automatically generated by the token. Enter your response displayed on your token into the dialog box and Click OK. Your token should now be synchronized with the server. Copyright 2008 CRYPTOCard All Rights Reserved Page 5
MAS Token Template The following table identifies the RB-1 token configuration: CRYPTO-MAS Part No. Display Display Type Telephone Mode Response Length Automatic Shut-off PIN PIN Type RB-1 42110 Decimal No 8 characters 60 seconds User-changeable PIN Initial PIN 1234 Random PIN Length 4 Min PIN Length 3 Characters allowed Digit Only Try Attempts 7 Allow Trivial PINs Yes Force immediate PIN change Yes Operation Mode Passwords per power cycle User can turn token off QuickLog Single Yes Copyright 2008 CRYPTOCard All Rights Reserved Page 6