CRYPTOCard BlackBerry Token Implementation Guide

Similar documents
Welcome Guide. SafeNet Authentication Service. MP-1 BlackBerry. SafeNet Authentication Service: Welcome Guide. MP-1 BlackBerry

Citrix Access Gateway Implementation Guide

TeleNav Settings for RIM BlackBerry Enterprise Server

ST-1 Software Token. QUICK Reference

Implementing CRYPTOCard Authentication. for. Whale Communications. e-gap Remote Access SSL VPN

ISA 2006 and OWA 2003 Implementation Guide

Implementation Guide for Funk Steel-Belted RADIUS

TeleNav Settings for BlackBerry Enterprise Server 5.0. Copyright. Customer Support: Page

SC-3 USB Token. QUICK Reference. Copyright 2007 CRYPTOCard Corporation All Rights Reserved

SC-1 Smart Card Token. QUICK Reference. Copyright 2007 CRYPTOCard Corporation All Rights Reserved

PCLaw TE for BlackBerry Handhelds

Oracle 10g. Configuration Guide. Copyright 2005 CRYPTOCard Corporation All Rights Reserved

KT-1 Token. Reference Guide. CRYPTOCard Token Guide

Blackberry Wireless for MailStreet Setup Guide

CRYPTOCard Migration Agent for CRYPTO-MAS

Installation Guide. 3CX CRM Plugin for ConnectWise. Single Tenant Version

Unified Communicator Advanced

Enterprise Vault.cloud CloudLink Google Account Synchronization Guide. CloudLink to 4.0.3

Pulse Secure Client for Chrome OS

Solution Integration Guide for Multimedia Communication Server 5100/WLAN/Blackberry Enterprise Server

Deltek Touch Expense for Ajera. Touch 1.0 Technical Installation Guide

MOVEit Mobile Server. Installation Guide

Cisco 802.1x Wireless using PEAP Quick Reference Guide

Setup Guide-Mobility BlackBerry (BES) Hosted Exchange Setup via Enterprise Activation

RoomWizard Exchange Connector. Complete Implementation/Upgrade Guide Microsoft Exchange On-Premises Microsoft Office 365

Installation Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit

VMware AirWatch Certificate Authentication for Cisco IPSec VPN

Remote Support 19.1 Web Rep Console

Parallels Virtuozzo Containers 4.6 for Windows

Install and upgrade Qlik Sense. Qlik Sense 3.0 Copyright QlikTech International AB. All rights reserved.

Installing and Configuring vcloud Connector

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

USER GUIDE. CTERA Agent for Windows. June 2016 Version 5.5

Token Guide for USB MP. with. BlackShield ID

Mobile Connect for USA Mobility Pagers for BlackBerry

BlackBerry 7100v from Vodafone Installation Guide


Setting Up Your BlackBerry 8703e TM, Powered by Sprint PCS

Guide Installation and User Guide - Linux

Workspace ONE UEM Certificate Authentication for Cisco IPSec VPN. VMware Workspace ONE UEM 1810

Version 6.3 Upgrade Guide

BlackBerry Enterprise Server for Microsoft Office 365. Version: 1.0. Administration Guide

Guide Installation and User Guide - Mac

Remote Support Web Rep Console

Workstation Configuration

VIN Service: Multiple Connections. Mac

Device LinkUP + VIN. Service + Desktop LP Guide RDP

Workstation Configuration

Receiver (Updater) for Mac 2.1

FieldView. Management Suite

ShareSync Get Started Guide for Windows

Workstation Configuration

Evaluation Guide Host Access Management and Security Server 12.4

Amcom Mobile Connect Select for BlackBerry

Top Producer SellPhone Quick Setup

Installation Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit

Implementation Guide for protecting Juniper SSL VPN with BlackShield ID

GETTING STARTED: BlackBerry Enterprise (BES)

Workstation Configuration Guide

Configuring an IMAP4 or POP3 Journal Account for Microsoft Exchange Server 2003

CompTIA Network+ Lab Series Network Concepts. Lab 2: Types of Networks

Installing and Configuring vcloud Connector

KeyNexus Hyper-V Deployment Guide

SurePassID Local Agent Guide SurePassID Authentication Server 2016

Top Producer for BlackBerry Quick Setup

DameWare Server. Administrator Guide

DISCLAIMER COPYRIGHT List of Trademarks

Sophos Enterprise Console

SAML-Based SSO Configuration

Deploying BlackBerry Enterprise Software v4.0. Phillip Lundie Technical Channel Manager Research In Motion

Self-Service Password Reset

Configuring Remote Access using the RDS Gateway

IntelliTrack DMS (Data Management System) v8.1 Quick Start Guide Preliminary Copy (July 2011) Copyright 2011 IntelliTrack, Inc.

Novell. NetWare 6. NETWARE WEBACCESS OVERVIEW AND INSTALLATION

SecurEnvoy Microsoft Server Agent

HP Roam - Business Deployment Guide

User Guide. BlackBerry Workspaces for Windows. Version 5.5

Product Documentation

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.

HySecure Quick Start Guide. HySecure 5.0

Avalanche Remote Control User Guide. Version 4.1

ActivIdentity 4TRESS AAA Web Tokens and F5 BIG-IP Access Policy Manager. Integration Handbook

AccuRoute Web Client v2.0 installation and configuration guide

Architect User s Guide

Cloud Services. Mobile . BlackBerry (BES) Set Up Guide

Accops HyWorks v3.0. Quick Start Guide. Last Update: 4/25/2017

RB-1 PIN Pad Token. QUICK Reference

ANIXIS Password Reset

JIRA Integration Guide

Configuration Guide for Microsoft Internet Connection Sharing

Deploying Windows Mobile 6 with Windows Small Business Server 2008

Copyright ATRIL Language Engineering, S.L. All rights reserved.

Transport Gateway Installation / Registration / Configuration

Zimbra Connector for Microsoft Outlook User Guide. Zimbra Collaboration

Yubico with Centrify for Mac - Deployment Guide

Mitel MiContact Center Enterprise WEB APPLICATIONS CONFIGURATION GUIDE. Release 9.2

BlackBerry Wireless Handheld Getting Started Guide

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.

NotifySync 4.7. Notify Technology Corporation

VMware AirWatch Chrome OS Platform Guide Managing Chrome OS Devices with AirWatch

Transcription:

CRYPTOCard BlackBerry Token Implementation Guide Copyright Copyright 2007 CRYPTOCard Corp. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of CRYPTOCard.

Solution Overview Summary Product Name Vendor Site BlackBerry Server Software BlackBerry http://www.rim.net/ BlackBerry Enterprise Server 4.1 or higher BlackBerry Client Side Software BlackBerry Desktop Software version 4.2 or higher Support BlackBerry Operating System 4.0 and higher CRYPTOCard Product Requirements CRYPTOCard Server software 6.4.69 or higher Supported software token type AES based software tokens (67x series) Note: DES tokens (7x series) are not supported Trademarks CRYPTOCard, CRYPTO-Server, CRYPTO-Web, CRYPTO-Kit, CRYPTO-Logon, CRYPTO-VPN, CRYPTO-MAS are either registered trademarks or trademarks of CRYPTOCard. Microsoft Windows and Windows XP/2000/2003/NT are registered trademarks of Microsoft Corporation. All other trademarks, trade names, service marks, service names, product names, and images mentioned and/or used herein belong to their respective owners. Publication History Date January 24, 2007 February 12, 2007 May 11, 2007 Changes Initial Draft Global Draft Minor revision BlackBerry Token Implementation Guide

Table of Contents BLACKBERRY TOKEN DEPLOYMENT OVERVIEW... 1 BLACKBERRY ENTERPRISE SERVER DEPLOYMENT... 3 Initial BlackBerry Enterprise Server Configuration... 3 Adding CRYPTOCard Applications to the BlackBerry Enterprise Software Configuration... 4 Creating an IT Policy... 6 Assigning and Deploying a Software Configuration and IT Policy... 7 Deploying the CRYPTOCard token... 8 BLACKBERRY DESKTOP MANAGER (USB) DEPLOYMENT... 9 Deploying the CRYPTOCard token... 11 CRYPTO-SERVER DEPLOYMENT OF THE CRYPTOCARD TOKEN AUTHENTICATOR... 12 Accepting CRYPTOCard BlackBerry Token Authenticator download requests... 12 Deploying the CRYPTOCard Token Authenticator and CRYPTOCard token... 12 CUSTOMIZING THE BLACKBERRY DEPLOYMENT E-MAILS... 14 BLACKBERRY TOKEN FUNCTIONALITY... 16 Generate a CRYPTOCard One-time Password... 16 Change PIN... 17 Token Resync... 17 Load New Tokens... 17 Exiting the Authenticator... 17 BlackBerry Token Implementation Guide

BlackBerry Token Deployment Overview This document presents an overview and necessary steps in deploying the CRYPTOCard BlackBerry Token Authenticator and CRYPTOCard token to a BlackBerry user. The BlackBerry is a wireless handheld which supports e-mail, mobile telephone, text messaging, internet faxing, web browsing and other wireless information services. While including the usual PDA applications (address book, calendar, to-do lists, etc.) as well as telephone capabilities on newer models, the BlackBerry is primarily known for its ability to send and receive e-mail wherever it can access a wireless network of certain cellular phone carriers. Armed with a CRYPTOCard token the BlackBerry can be used to logon to any CRYPTOCard protected network. CRYPTOCard supports 3 deployment methods: BlackBerry Enterprise Server Deployment, BlackBerry Desktop Manager (USB) Deployment and CRYPTO-Server Deployment. A brief description of each method can be found below. BlackBerry Enterprise Server Deployment 1. A CRYPTOCard BlackBerry Token Authenticator Software Configuration and IT policy is created on the BlackBerry Enterprise Server and pushed to the BlackBerry device. 2. A CRYPTOCard token is emailed to the BlackBerry user for installation. BlackBerry Token Implementation Guide 1

BlackBerry Desktop Manager (USB) Deployment 1. The CRYPTOCard software is installation using BlackBerry Desktop Manager. 2. A CRYPTOCard token is emailed to the BlackBerry user for installation. CRYPTO-Server Deployment 1. CRYPTO-Server Administrator assigns token to a BlackBerry user. 2. BlackBerry users receives email containing link to CRYPTOCard software and PIN. 3. BlackBerry users receives a second email which contains their token. BlackBerry Token Implementation Guide 2

BlackBerry Enterprise Server Deployment Initial BlackBerry Enterprise Server Configuration The following instructions provide the necessary steps in creating policies to push the BlackBerry Token Authenticator to a Blackberry device via a Blackberry Enterprise Server. On the Blackberry Enterprise Server, navigate to the \Program Files\Common Files\Research in Motion directory. Create the following folder structure: Create a folder called Shared. Create a folder called Applications under Shared. Create a folder called TokenAuthenticator under Applications. On the CRYPTOCard server browse to the \CRYPTOCard\CRYPTO-Server\bin\wwwroot\blackberry, /etc/cryptocard/wwwroot/blackberry or Applications CRYPTOCard CRYPTO-Server bin wwwroot blackberry directory. Copy the following files into the \Program Files\Common Files\Research in Motion\Shared\ Applications\ TokenAuthenticator directory on the BlackBerry Enterprise Server: BBAutorun.cod BBAutorun.jad BBAutorun.jar TokenAuthenticator.alx TokenAuthenticator.cod TokenAuthenticator.jad TokenAuthenticator.jar On the BlackBerry Enterprise Server, open up command prompt and navigate to:\program Files\Common Files\Research In Motion\Apploader. Type in the command: loader.exe /index This will a file called PkgDBCache.xml and specification.pkg in the \Program Files\Common Files\Research in Motion\Shared\Applications\TokenAuthenticator directory. BlackBerry Token Implementation Guide 3

Share the Research in Motion folder so the Blackberry Enterprise Server can access the files, and leave the permissions to default. Adding CRYPTOCard Applications to the BlackBerry Enterprise Software Configuration Log into your Blackberry Enterprise Server. Highlight the Blackberry Domain (root level), then select Software Configurations. Choose Add New Configuration then select Change. In the Device Software Share Location enter \\hostname\research in Motion Select OK. Create a Policy to allow the installation of the Token Authenticator. Click New. Enter a description in the name field. BlackBerry Token Implementation Guide 4

Change Disposition to Disallowed. Expand Application Software. In the Delivery Column select Wireless for BBAutorun and Token Authenticator. In the Policy column allow the installation of the BBAutorun and Token Authenticator. Click OK. BlackBerry Token Implementation Guide 5

Creating an IT Policy Select the Blackberry Domain (root level), and then click on Global. Select Edit Properties, IT Policy, IT Policies. Create a new IT Policy, this will allow the installation of the CRYPTOCard applications onto the BlackBerry device(s). Select Security Policy Group. Set Disallow Third Party Application Download to False. Set Allow Third Party Apps to Use Persistent Store to True. Slect OK until all the dialogs are closed. BlackBerry Token Implementation Guide 6

Assigning and Deploying a Software Configuration and IT Policy Launch the BlackBerry Manager and select the BlackBerry server. Select a BlackBerry user. Expand the Device Management pane. Select Assign Software Configuration. Choose the CRYPTOCard software configuration then select OK. Expand the IT Admin pane. Select Assign IT Policy. Choose the IT Policy that allows the download of third party applications then select OK. In the IT Admin pane select Resend IT Policy. Note: The IT Policy may take several minutes to take effect. BlackBerry Token Implementation Guide 7

Deploying the CRYPTOCard token CRYPTOCard BlackBerry tokens are deployed to users via email. BlackBerry users will receive two email messages; the first email contains the initial PIN to activate their token and the second email contains the CRYPTOCard token. The content of each email is customizable. Refer to the Customizing the BlackBerry deployment email section for more information. The following steps to deploy the CRYPTOCard token: Highlight the user in the CRYPTO-Console then select Assign Token. In the Assign Token To User dialog highlight an ST-A (67x series) token then click Next. In the Method dropdown select Email PIN and token file for BlackBerry Deployment. In the first email make note of the intial PIN used to load the CRYPTOCard Token into the BlackBerry Token Authenticator. In the second email select the token. This will launch the installation wizard. Enter the username and PIN to install the token. The BlackBerry device may now be used to logon to a CRYPTOCard protected resource. BlackBerry Token Implementation Guide 8

BlackBerry Desktop Manager (USB) Deployment The following instructions provide the necessary steps to install the CRYPTOCard BlackBerry Token Authenticator using the BlackBerry Desktop Manager. The end user must be provided with the following files: TokenAuthenticator.alx TokenAuthenticator.cod TokenAuthenticator.jad BBAutorun.jar TokenAuthenticator.jar BBAutorun.cod BBAutorun.jad On Windows these files can be found in the \CRYPTOCard\CRYPTO-Server\bin\wwwroot\blackberry, on Linux /etc/cryptocard/wwwroot/blackberry and on Mac OSX Applications CRYPTOCard CRYPTO- Server bin wwwroot blackberry. On the end user system perform the following: Launch the BlackBerry Desktop Manager, and open the Application Loader. Click on the Add button to install CRYPTOCard software. BlackBerry Token Implementation Guide 9

Browse to TokenAuthenticator.alx file. The Application Loader Wizard will display BBAutorun and TokenAuthenticator. Note: The Token Authenticator is dependant on BBAutorun and should not be deselected. Select Next then Finish to complete the installation of BBAutorun and TokenAuthenticator onto the BlackBerry device. BlackBerry Token Implementation Guide 10

Deploying the CRYPTOCard token CRYPTOCard BlackBerry tokens are deployed to users via email. BlackBerry users will receive two email messages; the first email contains the initial PIN to activate their token and the second email contains the CRYPTOCard token. The content of each email is customizable. Refer to the Customizing the BlackBerry deployment email section for more information. The following steps to deploy the CRYPTOCard token: Highlight the user in the CRYPTO-Console then select Assign Token. In the Assign Token To User dialog highlight an ST-A (67x series) token then click Next. In the Method dropdown select Email PIN and token file for BlackBerry Deployment. In the first email make note of the intial PIN used to load the CRYPTOCard Token into the BlackBerry Token Authenticator. In the second email select the token. This will launch the installation wizard. Enter the username and PIN to install the token. The BlackBerry device may now be used to logon to a CRYPTOCard protected resource. BlackBerry Token Implementation Guide 11

CRYPTO-Server Deployment of the CRYPTOCard Token Authenticator The following instructions provide the necessary steps to install the CRYPTOCard BlackBerry Token Authenticator using the CRYPTOCard server s CRYPTO-Protocol server\daemon. CRYPTO-Server deployment of the CRYPTOCard BlackBerry Token Authenticator can be used if an organization does not have a BlackBerry Enterprise Server or the ability to deploy via USB. The CRYPTO-Server deployment method is limited by the restrictions imposed by the BlackBerry Service Provider. Various providers do not allow the installation of third party products. Please consult your BlackBerry Service Provider for more information. Accepting CRYPTOCard BlackBerry Token Authenticator download requests The CRYPTO-Protocol server, a built-in component of the CRYPTO-Server, must be modified to accept incoming HTTP requests from a BlackBerry device. Perform the following steps: 1. In the CRYPTO-Console select Server, System Configuration. 1. In the Entity column highlight HTTPProtocol. In the Key column double click Host, change the default value of 127.0.0.1, CC_HTTP_PROTOCOL, 8081, 8082 to 127.0.0.1, CC_HTTP_PROTOCOL, 80, 8082 Click Apply. This will allow the CRYPTO-Protocol server do bind to TCP port 80 so it can accept regular HTTP requests. 2. In the Entity column highlight PtclServer. In the Key column double click Protocol.HTTP.Status, change Off to On. Click Apply. 3. In the Entity column highlight CRYPTODeploy.AutoDeployment. In the key column double click BlackBerry.Host.Name. The default entry must be modifed to reflect the Public IP Address configured in Step 6. This entry cannot be a reserved IP address. 4. Restart the CRYPTO-Protocol service\daemon for the settings to take effect. 5. Modify your Firewall to direct TCP port 80 (HTTP) traffic to the CRYPTOCard server. User will now be able to download the CRYPTOCard BlackBerry Token Authenticator for a CRYPTOCard Server. Deploying the CRYPTOCard Token Authenticator and CRYPTOCard token BlackBerry users will receive two email messages. The initial email contains a URL to the CRYPTOCard BlackBerry software and the PIN for their token, the second email contains their CRYPTOCard token. The content of each email is customizable. Refer to the Customizing the BlackBerry deployment email BlackBerry Token Implementation Guide 12

section for more information. The following steps must be performed: Highlight the user in the CRYPTO-Console then select Assign Token. In the Assign Token To User dialog highlight an ST-A (67x series) token then click Next. In the Method dropdown select Email PIN and token file for BlackBerry Deployment. In the first email select the Blackberry URL. Download Token Authenticator and BBAutorun. Make note of the PIN as it will need to be used once the CRYPTOCard software is installed and you have received the CRYPTOCard token. In the second email select the token. This will launch the installation wizard. Enter the username and PIN to install the token. The BlackBerry device may now be used to logon to a CRYPTOCard protected resource. BlackBerry Token Implementation Guide 13

Customizing the BlackBerry deployment e-mails The email templates provided to end users are found in the BlackBerry.msg and BBNewToken.msg file on the CRYPTO-Server. On Windows these files can be found in \CRYPTOCard\CRYPTO-Server\bin, on Linux /etc/cryptocard and on Mac OS X Applications CRYPTO-Server bin. The BlackBerry.msg file contains information on where to download the CRYPTOCard BlackBerry Token Authenticator and BBAutorun. It will also include the initial PIN used during the installation of the token. The BBNewToken.msg file contains CRYPTOCard BlackBerry token installation instructions. The end user will receive two emails when a BlackBerry token is deployed to their BlackBerry The first email will include the following information: 1. A link to download the CRYPTOCard BlackBerry Token authenticator and BBAutorun 2. Their initial PIN. The link to the CRYPTOCard BlackBerry software (http://$cd.ip.address$ /blackberry) is only needed for CRYPTO-Server Deployment. It is not needed for For BlackBerry Enterprise Server and BlackBerry Desktop Manager (USB) Deployment. The $CD.IP.ADDRESS$ argument will be replaced with the information found in the CRYPTODeploy.AutoDeployment, BlackBerry.Host.Name in System Configuration. BlackBerry.msg This e-mail will assist you in the installation and activation of your new CRYPTOCard token into your Blackberry. Step one is to install the Token Authenticator application on your BlackBerry, step two is the installation and activation of the actual token. Please make note of the PIN below, as it is required to activate your token. To install the Token Authenticator "Over the Air", browse to the URL below with your BlackBerry. If the application is installed via Desktop Manager (USB) or Blackberry Enterprise Server, this step is not necessary. Again, please make note of your token activation PIN. Your token will be issued to you shortly. http://$cd.ip.address$ /blackberry Your token activation PIN is: $PIN$ This e-mail is the default, token deployment message set in your CRYPTOCard server. It can be modified by editing the Blackberry.msg file on the CRYPTO-Server system. The IP address or hostname can be modified by setting the Blackberry.Host.Name within the CRYPTODeploy.AutoDeployment settings. This e-mail should be modifed to reflect the policies and procedures of your organization. BlackBerry Token Implementation Guide 14

The second email will include the following information: Token file to load into the BlackBerry BBNewToken.msg Your new CRYPTOCard BlackBerry token is attached. To install the token, move the cursor to the attached file. Click the trackwheel or trackball and then select the 'Load Token' option on the menu. It will pop up the CRYPTOCard BlackBerry token installation wizard and prompt for the user name and activation PIN. Use the activation PIN received in the previous e-mail. If you have not received an activation PIN, contact your HELP Desk. This e-mail is the default, token deployment message set in your CRYPTOCard authentcation server. It can be modified by editing the "BBNewToken.msg" file. Please refer to the CRYPTO-Server documentation to insure substitution tags are maintained. This e-mail should be modified to reflect the policies and procedures of your organization. Caveat: Users MUST have BBAutorun installed on the BlackBerry BEFORE receiving their token. If the user does not have this installed prior to receiving the token, when they click on the Token Attachement, it will not give them the option to Load Token. To work around this, please re-issue the token after the user has installed the Authenticator. BlackBerry Token Implementation Guide 15

BlackBerry Token Functionality The BlackBerry token functions include: Generate a CRYPTOCard One-time Password Challenge Response Mode Change PIN Token Resync Load a new token onto the BlackBerry device Exit the application. Generate a CRYPTOCard One-time Password To generate a token password 1. Highlight the Token Password button, and click with the track wheel. The application displays 1 of 4 options: PIN Dialog: This is the standard. The PIN dialog allows the user to enter in their token PIN. With the correct PIN, the token password is displayed in the white space below the CRYPTOCard logo. With multiple un-successful PIN attempts, the token locks. Tokens cannot be unlocked. The next time the user starts the Token Authenticator; they will be prompted to load a new token. Change PIN Dialog: This is displayed if the token is in Change PIN Mode.. Challenge Dialog: This is displayed if the token is in Challenge-Response Mode. Nothing is displayed: This is because no tokens are loaded into the device yet. Challenge Response Mode In challenge response mode, the challenge/ PIN dialog is displayed: With the correct PIN/challenge, the token displays the correct password in the white space below the CRYPTOCard logo. With an incorrect PIN / correct (or incorrect) challenge, the token displays an error dialog box. With a correct PIN and the incorrect challenge the token displays the token password, but the token is out of sync. As a result you need to re-synchronize the token to get a correct token password. BlackBerry Token Implementation Guide 16

Change PIN To change the token PIN 1. Highlight the Options button and click with the track wheel. 2. Select the Change PIN option. The Change Token PIN dialog box. Enter the current PIN. Enter the new PIN and enter it a second time to provide confirmation. The new PIN is saved. Token Resync To re-synchronize the token response 1. Highlight the Options button and click with the track wheel. 2. Select the Token Resync option. The Token Resync dialog box is displayed 3. Enter the current PIN and the current challenge provided by the CRYPTO-Server. The new token password is displayed. An error is displayed if the challenge is invalid. Load New Tokens To load new tokens 1. Select the token from the email provided by your CRYPTOCard Administrator. Enter the username and initial PIN to activate the token. Exiting the Authenticator To exit the Token Authenticator 1. Do one of the following: Highlight the Options button and select Close. At the main screen, click on the escape: button BlackBerry Token Implementation Guide 17

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback