Token Guide for RB-1. with. BlackShield ID. Copyright 2009 CRYPTOCard Inc.

Similar documents
Welcome Guide. SafeNet Authentication Service. RB-1 Tokens. SafeNet Authentication Service: Welcome Guide. RB-1 Tokens

Configuring Database & SQL Query Monitoring With Sentry-go Quick & Plus! monitors

RISKMAN REFERENCE GUIDE TO USER MANAGEMENT (Non-Network Logins)

Introduction to Mindjet on-premise

Wave IP 4.5. CRMLink Desktop User Guide

VMware AirWatch Certificate Authentication for Cisco IPSec VPN

Password Management Guidelines

RSA SecurID (Token): Passcode & PIN Initialization / Setup Guide

Click Studios. Passwordstate. RSA SecurID Configuration

Your New Service Request Process: Technical Support Reference Guide for Cisco Customer Journey Platform

APPLY PAGE: LOGON PAGE:

Xerox Phaser 3635 MFP User Instructions

SMART Room System for Microsoft Lync. Software configuration guide

SAS Viya 3.2 Administration: Mobile Devices

Managing User Accounts

RB-1 PIN Pad Token. QUICK Reference

AvePoint Perimeter Pro 1.9

DIVAR IP 3000 Field Installation Guide

ROCK-POND REPORTING 2.1

MySabre API RELEASE NOTES MYSABRE API VERSION 2.0 (PART OF MYSABRE RELEASE 7.0) OCTOBER 28, 2006 PRODUCTION

September 24, Release Notes

Adverse Action Letters

Release Notes Version: - v18.13 For ClickSoftware StreetSmart September 22, 2018

Token Guide for KT-4 for

DocAve Governance Automation 2

Virtual Office

AvePoint Timeline Enterprise for Microsoft Dynamics CRM

Procurement Contract Portal. User Guide

Please contact technical support if you have questions about the directory that your organization uses for user management.

OATS Registration and User Entitlement Guide

INSTALLING CCRQINVOICE

AvePoint Pipeline Pro 2.0 for Microsoft Dynamics CRM

Xerox WorkCentre 7120/7125 Series User Instructions

Avigilon Control Center Server User Guide. Version 6.4

Single File Upload Guide

Reference Guide. Service Pack 3 Cumulative Update 2. Revision J Issued October DocAve 6: Control Panel

MySabre API RELEASE NOTES MYSABRE API VERSION 2.1 (PART OF MYSABRE RELEASE 7.1) DECEMBER 02, 2006 PRODUCTION

Avigilon Control Center Server User Guide. Version 6.8

ClassFlow Administrator User Guide

VMware EVO:RAIL Customer Release Notes

User Guide. Avigilon Control Center Mobile Version 2.2 for Android

AT&T Corporate Voice Mail Unified Messaging (CVM-UM) Quick Start

First Aid and Choking, Fire Safety, Medication Administration, and Standard Precautions Roster Submission:

Verifone MX850 All-In-One Device: Before connecting the MX850 to your PC, the MX850 Driver CD will need to be installed.

Firmware Upgrade Wizard v A Technical Guide

Employee Self Service (ESS) Quick Reference Guide ESS User

Backup your Data files before you begin your cleanup! Delete General Ledger Account History. Page 1

Delete General Ledger Account History

SmartPass User Guide Page 1 of 50

Dolby Conference Phone Support Frequently Asked Questions

Using the Turnpike Materials ProjectSolveSP System (Materials & ProjectSolveSP Admin)

DocAve Governance Automation

Avigilon Control Center Virtual Matrix User Guide. Version 6.8

Planning, installing, and configuring IBM CMIS for Content Manager OnDemand

Evidence.com 1.30 Release Notes

FTP Imports Playbook. Version 0.91

Date: October User guide. Integration through ONVIF driver. Partner Self-test. Prepared By: Devices & Integrations Team, Milestone Systems

Access the site directly by navigating to in your web browser.

DocAve 6 Control Panel

SmartLink for Albridge Web Services

Web Application Security Version 13.0 Training Course

Online Banking for Business USER GUIDE

DocAve 6 Service Pack 2 Control Panel

Moving your MedicalDirector Clinical / PracSoft Data to a New Server

List Notification Feature

Reviewer Information Sheet for Committee Members

Proper Document Usage and Document Distribution. TIP! How to Use the Guide. Managing the News Page

FollowMe. FollowMe. Q-Server Quick Integration Guide. Revision: 5.4 Date: 11 th June Page 1 of 26

Getting Started with DocuSign

HW4 Software Version 3.4.1

Custodial Integrator. Release Notes. Version 3.11 (TLM)

Welcome to Remote Access Services (RAS) Virtual Desktop vs Extended Network. General

Create your Applicant Area

Managing Your Access To The Open Banking Directory How To Guide

TDR and Avast Business Antivirus. Integration Guide

WorldShip PRE-INSTALLATION INSTRUCTIONS: INSTALLATION INSTRUCTIONS: Window (if available) Install on a Single or Workgroup Workstation

Integrating QuickBooks with TimePro

Enterprise Installation

TDR and Trend Micro. Integration Guide

E-Lock Policy Manager White Paper

Click Sign In button. Click Register Employer. Click Forgot Username and/or Password to Create a unique user ID and password.

Kaltura Video Extension for SharePoint 2013 Deployment Guide for Microsoft Office 365. Version: 1.0

USER MANUAL. RoomWizard Administrative Console

These tasks can now be performed by a special program called FTP clients.

HW4 Software version 3. Device Manager and Data Logging LOG-RC Series Data Loggers

Create your Applicant Area

Kaltura MediaSpace User Manual. Version: 3.0

Model WM100. Product Manual

Kaltura Video Extension for IBM Connections User Guide. Version: 1.0

Upgrade Guide. Medtech Evolution General Practice. Version 1.9 Build (March 2018)

Password Reset for Remote Users

CaseWare Working Papers. Data Store user guide

VMware AirWatch SDK Plugin for Apache Cordova Instructions Add AirWatch Functionality to Enterprise Applicataions with SDK Plugins

Kaltura MediaSpace User Manual. Version: 4.6

Kaltura MediaSpace User Manual. Version: 4.0

TIBCO Statistica Options Configuration

Maintenance Release Notes Release Version: 9.5.5

Cisco Tetration Analytics, Release , Release Notes

Campuses that access the SFS nvision Windows-based client need to allow outbound traffic to:

High Security SaaS Concept Software as a Service (SaaS) for Life Science

Transcription:

Tken Guide fr RB-1 with BlackShield ID Cpyright 2009 CRYPTOCard Inc. www.cryptcard.cm http://

Cpyright Cpyright 2008, CRYPTOCard All Rights Reserved. N part f this publicatin may be reprduced, transmitted, transcribed, stred in a retrieval system, r translated int any language in any frm r by any means withut the written permissin f CRYPTOCard. Trademarks BlackShield ID, BlackShield ID SBE and BlackShield ID Pr are either registered trademarks r trademarks f CRYPTOCard Inc. All ther trademarks and registered trademarks are the prperty f their wners. Additinal Infrmatin, Assistance, r Cmments CRYPTOCard s technical supprt specialists can prvide assistance when planning and implementing CRYPTOCard in yur netwrk. In additin t aiding in the selectin f the apprpriate authenticatin prducts, CRYPTOCard can suggest deplyment prcedures that prvide a smth, simple transitin frm existing access cntrl systems and a satisfying experience fr netwrk users. We can als help yu leverage yur existing netwrk equipment and systems t maximize yur return n investment. CRYPTOCard wrks clsely with channel partners t ffer wrldwide Technical Supprt services. If yu purchased this prduct thrugh a CRYPTOCard channel partner, please cntact yur partner directly fr supprt needs. T cntact CRYPTOCard directly: Internatinal Vice: +1-613-599-2441 Nrth America Tll Free: 1-800-307-7042 supprt@cryptcard.cm Fr infrmatin abut btaining a supprt cntract, see ur Supprt Web page at http://www.cryptcard.cm. Related Dcumentatin Refer t the Supprt & Dwnlads sectin f the CRYPTOCard website fr additinal dcumentatin and interperability guides: http://www.cryptcard.cm. BlackShield ID tken guide fr RB-1 1

Publicatin Histry Date Nvember 24, 2008 January 9, 2009 Changes Initial draft created. Hetergeneus frmatting cmpleted - Versin 1.0 created. BlackShield ID tken guide fr RB-1 2

Table f Cntents Overview 4 Key Pad Summary 4 Operating Mdes & Optins 5 Using the RB-1, PIN Stred n Server 8 Generating a Passcde 8 Changing PIN 8 Using the RB-1, Tken Activated by PIN 8 First Use 9 Generating a Passcde 9 User-changeable PIN 9 Generating Digital Signatures 10 Tken Resynchrnizatin 10 LCD Cntrast Adjustment 10 Tken Initializatin 11 Battery Replacement 11 BlackShield ID tken guide fr RB-1 3

Overview The RB-1 Key PIN Pad tken generates a new, pseud-randm passcde each time the tken is activated. An RB-1 PIN is a numeric string f 3 t 8 characters that is used t guard against the unauthrized use f the tken. If PIN prtectin is enabled, the user must prvide a PIN t activate the tken. Key Pad Summary Key 0 9 PASSWORD Functin Used t enter PIN. Turns tken n/ff in Passwrd mde. DIGSIG Turns tken n in Digital Signature mde. MENU Prvides access t the LCD cntrast cntrl and tken resynchrnizatin mde. The PIN may be required t access the Menu items. ENT Used t cnfirm r cmplete any keypad inputs. CLR Used t clear a keypad input errr (e.g. PIN, challenge). CHGPIN Used t change the PIN used t activate the tken. BlackShield ID tken guide fr RB-1 4

Operating Mdes & Optins The RB-1 supprts a wide range f perating mdes that can be mdified using the BlackShield ID Manager and a serial r USB tken initializer, accrding t rganizatinal and security plicy requirements. The PIN length, cmplexity, and maximum number f incrrect cnsecutive PIN attempts must be cnfigured during tken initializatin. If the PIN attempts threshld is exceeded, the tken will nt generate a passcde and will, depending n the cnfiguratin, either require reinitializatin r a PIN reset befre it can be used again. A brief list f the mre cmmn perating mdes fllws. Refer t the BlackShield ID Administratr Guide fr a cmplete list f mdes and ptins. Mde: Quick Lg: passwrd is displayed immediately by tken (r after Display Name, if this ptin is enabled n the Display tab). Challenge-respnse: requires the user t key a numeric challenge int the tken befre a respnse is generated. Quick Lg is the recmmended mde fr all CRYPTOCard tken types because it greatly simplifies the User lgn experience and strengthens security by eliminating the requirement t have the user key a challenge int a tken t get an OTP. In additin, Quick Lg mde is supprted by all systems that require a lgn passwrd. Cmplexity: Hexadecimal: tken generates passcdes cmprised f digits and letters frm 0 9 and A-F. Decimal: tken generates passcdes cmprised f digits frm 0-9. Base32: tken generates passcdes cmprised f digits and letters frm 0-9 and A- Z. Base64: tken generates passcdes cmprised f digits and letters frm 0-9 and Aa-Zz, as well as ther printable characters available via Shift + 0-9. Length: Determines the passcde length. Optins are 5, 6, 7, r 8 characters. The default value is 8. Display Mask: Telephne Mde: replaces the furth character f a passcde with a dash (-). This is generally used in cmbinatin with Respnse length: 8 characters and Display type: Decimal t resemble the Nrth American telephne number frmat. Nne: passcde is displayed as set by Respnse length and Display type. Passwrds per pwer cycle: Single: nly ne passcde is prvided after the tken is activated. The tken must be pwered ff and re-activated t generate anther passcde. BlackShield ID tken guide fr RB-1 5

Multiple: the tken will generate passcdes as required until it is pwered ff. The Single passwrd (passcde) per pwer cycle ptin is recmmended. Fr applicatins requiring dual authenticatin r where multiple cnsecutive lgns are required, select Multiple mde. Nte that the Autmatic shut-ff ptin will pwer the tken ff autmatically after the specified time interval elapses. Manual Shut-Off: Yes: user can frce tken ff at any time. N: user cannt frce tken ff. The tken will autmatically turn ff (based n Autmatic shut-ff cnfiguratin). The N setting is recmmended when using the RB-1 tken. Aut shut-ff: Determines the length f time a passcde is displayed n the tken, after which the tken display is cleared and the tken turned ff. Optins are 30, 60, and 90 secnds. Als used t prevent the tken frm being reactivated befre expiratin f the shut-ff perid. PIN Plicy Grup: PIN styles are separated int tw general grups: Stred n Server r Tken Activated by PIN. The RB-1 als supprts a N PIN ptin, althugh this is nt recmmended. Stred n Server requires the user t prepend the PIN t the passcde displayed n the tken. The cmbinatin f the PIN and passcde frm the passwrd that is used t authenticate the user (the passcde cannt be used t authenticate unless the PIN is prepended). The PIN is nt input int the tken (i.e. it is nt required t activate the tken and generate a passcde). When perating in this mde, the PIN can cnsist f alphanumeric characters. N PIN: means that the user will nt use a PIN. The tken generated passwrd will be sufficient fr authenticatin. Fixed PIN: the PIN created fr the tken at the time f initializatin is permanent and cannt be mdified by the user r peratr. Fixed PIN can nly be changed by re-initializing the tken after selecting a new PIN value thrugh this tab. This PIN must be entered int the tken befre a passcde is displayed. BlackShield ID tken guide fr RB-1 6

User selected PIN: the user may change the PIN at any time. The initial PIN set during initializatin must be changed by the user n first use f the tken. This PIN must be entered int the tken befre a passcde is displayed. The PIN value selected by the user must be within the limits set under the Min PIN Length, Characters allwed, Try Attempts, and Allw Trivial PINs ptins. Server-side Fixed: this PIN must be prepended t the passcde. An Operatr can change the PIN. This mde emulates SecurID PIN mde. Server-side User Select: peridic PIN change is frced by the Server accrding t the PIN Change Perid ptin. The user will determine the new PIN value within the limits set under the Min PIN Length, Characters allwed, Try Attempts, and Allw Trivial PINs ptins. This PIN must be prepended t the passcde. This mde emulates the SecurID PIN mde. Server-side Server Select: peridic PIN change is frced by the Server accrding t the PIN Change Perid ptin. The Server will determine the new PIN value within the limits set under the Min PIN Length, Characters allwed, Try Attempts, and Allw Trivial PINs ptins. This PIN must be prepended t the passcde. This mde emulates the SecurID PIN mde. Initial PIN mdificatins fr a Stred n Server PIN nly becme active when Reset Server-side PIN is selected. Tken Activated by PIN requires the user t key the PIN int the tken befre a passcde is generated. In this mde, nly the passcde displayed by the tken is sent t the authenticatin server; the PIN is nt transmitted acrss the netwrk. When perating in this mde the PIN can nly cnsist f numeric characters. Initial PIN: The initial PIN value required fr the tken. The value is permanent if Fixed PIN is selected as the PIN Style. This value must be changed n first use f the tken fr User-changeable PIN. Use the Randmize buttn t change the initial value t a randm number within the limits set under the Randm PIN Length, Min PIN Length, and Characters allwed ptins. Randm PIN Length: The minimum PIN length generated when clicking the Randmize buttn. The valid range is 3 8 characters. Minimum PIN Length: The minimum PIN length required t authenticate. The valid range is 1-8 characters. Allw Trivial PINs: N: prevents the use f sequences r cnsecutive digits/characters lnger than 2. Fr example, 124 r ABD are permitted; 123 r ABC are nt permitted. Yes: n sequence checking. Fr example, 123 is permitted. Max PIN Attempts: BlackShield ID tken guide fr RB-1 7

Number f cnsecutive incrrect PIN attempts permitted. The valid range is 1 7 and Unlimited attempts. The Unlimited ptin is available in cases where the PIN is entered int the tken. If this value is exceeded fr Stred n Server PINs, authenticatin will nt be permitted until the peratr has reset the PIN value. If this value is exceeded fr Tken Activated by PIN ptins, the tken will be lcked and will nt generate passcdes until it is physically reinitialized. Using the RB-1, PIN Stred n Server In this mde (assuming Quick Lg mde is being used), the tken requires n input data t generate a new, ne-time passcde, but the user must prepend his PIN t the passcde displayed by the tken in rder t generate an acceptable passwrd. Generating a Passcde 1. Press the PASSWORD buttn t activate the tken. A ne-time passcde is autmatically generated. 2. Enter the PIN (e.g. ABCD) and passcde (e.g. 12345678) at the passwrd prmpt (ABCD12345678). Changing PIN If enabled, this feature permits the PIN t be changed accrding t the established security plicy. The BlackShield ID Server will enfrce a PIN change at regular intervals. Depending n the ptins selected, the user will be prmpted t enter a new PIN r will be prvided with a new PIN generated by the BlackShield ID Server. In bth cases, the PIN will meet the minimum PIN plicy requirements (cmplexity, length, nn-trivial, etc.) as cnfigured n the Server. A BlackShield ID Server Operatr may als frce a PIN change fr individual users, as required. When a PIN change is required, the user will be prmpted thrugh the prcess. Once cmplete, the user must re-authenticate t gain access t prtected resurces. Using the RB-1, Tken Activated by PIN In this mde, the user must key a PIN int the tken befre a passcde is generated. The displayed passcde is then used during lgn. Nte that the PIN is nt prepended t the passcde and is never sent acrss the netwrk. The numeric keypad is used t enter the PIN. BlackShield ID tken guide fr RB-1 8

First Use On first use, the user must key a PIN prvided by the System Administratr int the tken, whereupn the tken will require the PIN t be changed t a new value knwn nly t the user, within the PIN parameters selected during initializatin. Thereafter, the tken will generate a passcde after the PIN has been crrectly entered. 3. Press the PASSWORD buttn. The tken will display the PIN? prmpt. 4. Use the numeric keypad t enter the PIN. If an incrrect digit is accidentally entered, press CLR t erase all digits and restart the prcess. Press the ENT nce all f the PIN digits have been entered. 5. The tken will display the New PIN? prmpt. Enter a new PIN value using the numeric keypad. Press ENT t cmplete input. 6. The tken will display the Verify prmpt. Re-enter the new PIN value and press ENT t cmplete input. 7. The tken will display the Card OK cnfirmatin. Press PASSWORD t turn the tken ff. Generating a Passcde 8. Press the PASSWORD buttn. The tken will display the PIN? prmpt. 9. Use the numeric keypad t enter the PIN. If an incrrect digit is accidentally entered, press CLR t erase all digits and restart the prcess. Press ENT nce all f the PIN digits have been entered. 10. In Quick Lg mde: The tken displays the ne-time passcde. 11. In Challenge-respnse mde: Enter the 8 digits f the challenge using the numeric keypad. Press ENT t cmplete the input. The tken displays the ne-time passcde. The tken display will clear and the tken will autmatically shut-ff at the preset Autmatic shut-ff interval f 30, 60, r 90 secnds. The tken can be manually turned ff by pressing PASSWORD, if enabled. User-changeable PIN If cnfigured, the RB-1 permits the user t change the PIN required t activate the tken. When the user keys in the initial PIN (smetimes referred t as the deplyment PIN), he will be prmpted t immediately change the PIN t a new value, within the parameters f the security plicy established during initializatin. Thereafter, the user can change their PIN as ften as desired: 1. Press CHGPIN and enter the current PIN at the PIN? prmpt. 2. At the NEWPIN? prmpt, enter the digits f the new PIN and press ENT. BlackShield ID tken guide fr RB-1 9

3. At the VERIFY prmpt, re-enter the new PIN and press ENT t cnfirm. 4. The tken displays a CARD OK message t indicate that the new PIN has been accepted. Generating Digital Signatures RB-1 tkens are able t generate digital signatures: 1. Press DIGSIG and enter yur PIN, if required. Press ENT t cmplete the PIN entry prcess. 2. At the Ready prmpt, enter the input data (i.e. the 8-digit frm hash/challenge) generated by the dcument t be signed. Press ENT t cmplete input. The digital signature is displayed fr entry int the applicatin/dcument. Press ENT and repeat step 2 if multiple signatures are required. Press PASSWORD t end digital signature mde. Tken Resynchrnizatin Tken resynchrnizatin may be required if the user has generated a large number f passcdes withut lgging n (authenticating). Tken resynchrnizatin requires the user t enter a challenge int the tken. The challenge must be prvided by the Help Desk r via a Web-based resynchrnizatin page. In the unlikely event that the tken requires resynchrnizatin with the authenticatin server: Press MENU and enter yur PIN, if required. The Cntrast prmpt will be displayed. Press MENU again t display the ReSync ptin. Press ENT t selectin this ptin. Enter the resynchrnizatin challenge using the numeric keypad. Press ENT t cmplete the input. LCD Cntrast Adjustment The LCD display cntrast can be adjusted t lighten r darken the displayed passcde and prmpts. T adjust the cntrast: Press MENU and enter yur PIN, if required. The Cntrast prmpt will be displayed. Press ENT t select this ptin. The tken will display the current LCD cntrast level (e.g. -xx07xx-) Press MENU repeatedly t lighten the display (-xx00xx- is the lightest value). Press DIGSIG repeatedly t darken the display (-xx15xx- is the darkest value). BlackShield ID tken guide fr RB-1 10

Press PASSWORD t accept the cntrast selectin. Tken Initializatin 12. The RB-1 can be reprgrammed as ften as required t enable new ptins, encryptin mdes, and keys. BlackShield ID Manager and a USB tken initializer are required. T initialize a tken: 13. T prepare an RB-1 tken fr initializatin, place the RB-1 tken in the initializer with the LCD display facing the frnt f the initializer. The LCD end f the tken shuld be tward the bttm f the initializer. 14. Fllw the BlackShield ID Manager directins fr tken initializatins. Click Next t initialize. The tken will display the CARD OK message n successful initializatin. Battery Replacement CRYPTOCard tkens perate fr apprximately 5-6 years befre battery replacement is required. Depending n the mdel, the tken display will indicate a lw battery cnditin abut tw mnths befre failing (by displaying BATTERY!) r will grw nticeably dim. Each RB-1 tken hlds tw cin-cell batteries. Replacement f ne battery at a time permits the tken t cntinue functining. As lng as nly ne battery at a time is remved and replaced, the tken will nt need t be returned t the Administratr fr reprgramming. 15. Remve the battery cmpartment cver. 16. Remve ne battery and replace it with a new battery (CR2016). 17. Remve the ther battery and replace it. BlackShield ID tken guide fr RB-1 11

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback