Transcription
KT-1 TokenReference GuideCRYPTOCard Token Guide
Proprietary NoticeLicense and Warranty InformationCRYPTOCard Inc. and its affiliates retain all ownership rights to the computer program described in this manual, other computerprograms offered by the company (hereinafter called CRYPTOCard) and any documentation accompanying those programs. Use ofCRYPTOCard software is governed by the license agreement accompanying your original media. CRYPTOCard software source codeis a confidential trade secret of CRYPTOCard. You may not attempt to decipher, de-compile, develop, or otherwise reverseengineer CRYPTOCard software, or allow others to do so. Information needed to achieve interoperability with products from othermanufacturers may be obtained from CRYPTOCard upon request.This manual, as well as the software described in it, is furnished under license and may only be used or copied in accordance withthe terms of such license. The material in this manual is furnished for information use only, is subject to change without notice,and should not be construed as a commitment by CRYPTOCard. CRYPTOCard assumes no liability for any errors or inaccuraciesthat may appear in this document. Except as permitted by such license, no part of this publication may be reproduced, stored in aretrieval system, or transmitted in any form or by any means electronic, mechanical, recording or otherwise, without the priorwritten consent of CRYPTOCard.CRYPTOCard reserves the right to make changes in design or to make changes or improvements to these products withoutincurring the obligation to apply such changes or improvements to products previously manufactured. The foregoing is in lieu of allother warranties expressed or implied by any applicable laws. CRYPTOCard does not assume or authorize, nor has it authorizedany person to assume for it, any other obligation or liability in connection with the sale or service of these products. In no eventshall CRYPTOCard or any of its agents be responsible for special, incidental, or consequential damages arising from the use ofthese products or arising from any breach of warranty, breach of contract, negligence, or any other legal theory. Such damagesinclude, but are not limited to, loss of profits or revenue, loss of use of these products or any associated equipment, cost ofcapital, cost of any substitute equipment, facilities or services, downtime costs, or claims of customers of the Purchaser for suchdamages. The Purchaser may have other rights under existing federal, state, or provincial laws in the USA, Canada, or othercountries or jurisdictions, and where such laws prohibit any terms of this warranty, they are deemed null and void, but theremainder of the warranty shall remain in effect.Customer ObligationShipping Damage: The purchaser must examine the goods upon receipt and any visible damage should immediately be reported tothe carrier so that a claim can be made. Purchasers should also notify CRYPTOCard of such damage. The customer should verifythat the goods operate correctly and report any deficiencies to CRYPTOCard within 30 days of delivery. In all cases, the customershould notify CRYPTOCard prior to returning goods. Goods returned under the terms of this warranty must be carefully packagedfor shipment to avoid physical damage using materials and methods equal to or better than those with which the goods wereoriginally shipped to the purchaser. Charges for insurance and shipping to the repair facility are the responsibility of the purchaser.CRYPTOCard will pay return charges for units repaired or replaced under the terms of this warranty.CopyrightCopyright 2007, CRYPTOCard Inc. All Rights Reserved. No part of this publication may be reproduced,transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without thewritten permission of CRYPTOCard Inc.TrademarksCRYPTO-Server 6.4 Administrator’s Manual viii CRYPTOCard, CRYPTO-Server, CRYPTO-Web, CRYPTO-Kit, CRYPTO-Logon, CRYPTOVPN, CRYPTO-Shield, CRYPTO-MAS, are either registered trademarks or trademarks of CRYPTOCard Inc. Java is a registeredtrademarks of Sun Microsystems, Inc.; Microsoft Windows and Windows XP/2000/2003/NT are registered trademarks of MicrosoftCorporation. SecurID is a registered trademark of RSA Security. All other trademarks, trade names, service marks, service names,product names, and images mentioned and/or used herein belong to their respective owners.KT-1 Token User Guide – Quick Reference2
Additional Information, Assistance, or CommentsCRYPTOCard’s technical support specialists can provide assistance when planning and implementing CRYPTOCard in your network.In addition to aiding in the selection of the appropriate authentication products, CRYPTOCard can suggest deployment proceduresthat provide a smooth, simple transition from existing access control systems and a satisfying experience for network users. Wecan also help you leverage your existing network equipment and systems to maximize your return on investment. Thiscomplimentary support service is available from your first evaluation system download.CRYPTOCard works closely with channel partners to offer worldwide Technical Support services. If you purchased this productthrough a CRYPTOCard channel partner, please contact your reseller directly for support needs.Contact CRYPTOCard directly:International Voice: 1-613-599-2441North America Toll Free: 1-800-307-7042Email: support@cryptocard.comFor information about obtaining a support contract, see our Support Web page ualsupportandmaintenance/Related DocumentationRefer to the Technical Documentation section of the CRYPTOCard website for additional documentation and interoperability documentation/KT-1 Token User Guide – Quick Reference3
Solution OverviewSummaryProduct NameKT1 Token GuideVendor SiteCRYPTOCardPre-RequisitesSee the “Using your KT1 the First Time” section.CRYPTOCard Product RequirementsCRYPTOCard ServiceCRYPTO-MAS (Managed Authentication Service)KT-1 Token User Guide – Quick Reference4
Table of ContentsSOLUTION OVERVIEW . 4OVERVIEW . 6TOKEN RESYNC INSTRUCTIONS . 7ENTERING A CHALLENGE INTO A KT TOKEN . 8TOKEN PIN CHANGE . 9TOKEN PIN CHANGE INSTRUCTIONS . 9MAS TOKEN TEMPLATE . 11KT-1 Token User Guide – Quick Reference5
OverviewThe KT-1 Key Chain token generates a new, random“one-time password” each time the token is activated.Pressing the button located to the right and below theLCD display activates the token.Using Your KT-1 the First TimeA PIN is an alphanumeric string of 3 to 8 characters that is used to guard against the unauthorized use of the token.If PIN protection is enabled, the user must provide a PIN with the one-time password to authenticate. Your initialPIN is “1234”, and this must be changed to a PIN of your choosing on first use.Using Your KT-1 to Log InWhen prompted for a password, you must append the one-time password displayed by the token to your PIN. Forexample, if the the PIN is 4321 and the displayed one-time password is 12345678, the user must enter432112345678 at the password prompt.Adjusting LCD Contrast1.Press and hold the button (approximately 5 seconds) on the token until the prompt “Init” appears. Then releasethe button.2.The token will cycle through a series of prompts: “Init”, “LCD Test”, “Contrast”, “Chg PIN”, “ReSync?”. Theprompts and sequence will vary depending on the options enabled for the token. Press the button while the“Contrast” prompt is displayed.3.The token will cycle through a series of prompts in the form of –XX##XX- where ## are digits from 00 to 15corresponding with lowest to highest contrast. The contrast will change as the digits change providing a visualindication of the selection. When the desired contrast is displayed, press the button two times to set.KT-1 Token User Guide – Quick Reference6
Token ResyncThe purpose of this section is to instruct end-users and administrators how to resynchronize tokens using the online CRYPTO-MAS resynchronization tool.If too many One-time password Codes (OTP’s) have been generated by a token since the last time the serverreceived a correct OTP, the server will not recognize the OTP and the token and server are said to be “out of sync”.For CRYPTO-MAS, the number of OTPs that needs to be generated by the token to cause the server and the token tobecome out-of-sync is defaulted to 25.Token Resync InstructionsStep 1:Open up a browser (IE6, IE7, Mozilla Firefox 1.5 ) andgo to: http://resync.cryptocard.com/The following dialog box will appear (Figure 1.0)Figure 1.0Step 2:Enter the “User ID” and “Authentication ID” (Auth ID) andclick OK.Contact your MAS Administrator if you don’t know the“Authentication ID”.Step 3:You will be presented with a challenge to be entered intoyour token, along with a field to enter your next OTP(after the resync process has been completed) (Figure1.1).Figure 1.1KT-1 Token User Guide – Quick Reference7
Entering a Challenge into a KT Tokena) Hold down the button on the KT Token until "Init"appears in the display then let go of the button.b) The token will automatically start scrolling through amenu, and when "Resync" appears, immediatelyclick the button to stop the menu from scrolling.c)“Resync” plus a scrolling digit 0-9 will appear in thedisplay. Press the button to stop the scrolling whenthe digit displayed is the first digit (from the left) inthe “challenge” (Figure 1.2).d) The “Resync” will be replaced by the first digitselected, and scrolling for the next digit in the“challenge” will begin. Follow the same steps to stopthe scolling at the correct digits until the complete 8digit “challenge” appears.Figure 1.2e) , click the button again and a newOne Time Password (or ‘response’) will beautomatically generated by the token.Enter your PIN (if normally required) followed by the OTPdisplayed on your token into the dialog box and Click“OK”.Your token should now be synchronized with the server.KT-1 Token User Guide – Quick Reference8
Token PIN ChangeA KT Token user can change their Server Side, UserChangeable PIN at any time.To change the PIN, browse to the User Self-service webpage at: http://auth.cryptocard.com/hardwareYou must first authenticate before being presented withthe PIN Change page.Token PIN Change InstructionsStep 1:Open up a browser (IE6, IE7, Mozilla Firefox 1.5 ) andgo to http://auth.cryptocard.com/hardware. Thefollowing dialog box will appear. (Figure 2.0)Figure 2.0Step 2:Enter the “User ID”, “Authentication ID” (Auth ID) andyour OPT (PIN Passcode) and click OK.Contact your MAS Administrator if you don’t know the“Authentication ID’.Step 3:After successful authentication you are redirected to thePIN Change page where you are required to enter yourcurrent PIN and the new PIN to complete PIN changeprocess.The PIN length and complexity reflects the minimumrequirements for this specific token. (Figure 2.1)Figure 2.1KT-1 Token User Guide – Quick Reference9
If the correct Current PIN is entered and the new PINmeets the complexity requirements of the token a PIN“Change Success” message is displayed and the new PINis now in effect and must be used to authenticate with.Figure 2.2KT-1 Token User Guide – Quick Reference10
MAS Token TemplateThe following table identifies the KT-1 tokenconfiguration:MAS Token Attributes - KT-1DisplayDisplay TypeTelephone ModeResponse LengthAutomatic Shut-offPINPIN StyleInitial PINRandom PIN LengthMin PIN LengthCharacters allowedTry AttemptsAllow Trivial PINsOperationModePasswords per power cycleUser can turn token offUsageOperational FlagsBase 32No8 characters30 secondsStored on server, User-changeable PIN123443Digit Only7YesQuickLogSingleYesForce PIN change on next useKT-1 Token User Guide – Quick Reference11
KT-1 Token User Guide - Quick Reference 8 Entering a Challenge into a KT Token a) Hold down the button on the KT Token until "Init" appears in the display then let go of the button. b) The token will automatically start scrolling through a menu, and when "Resync" appears, immediately click the button to stop the menu from scrolling.
