driver keycontroller · design, configuration and use guide c/ acceso ademuz, nº 12-1º-pta 1 -...
TRANSCRIPT
DRIVER KEYCONTROLLER
DESIGN, CONFIGURATION AND USE GUIDE
C/ Acceso Ademuz, Nº 12-1º-Pta 1 - 46980 Paterna (Valencia)
www.ivnosys.com - Tel. 960 031 203
COPYRIGHT© The material contained in this document is the property of Ivnosys Soluciones.
No part of this site may be reproduced in any form or by any means, nor may it be used with other organisations for other purposes without our prior written
permission.
1
KEYCONTROLLER DRIVER FOR IVSIGN
PRODUCT: IVSIGN
VERSION:
V9 – V1
www.ivnosys.com 96 003 12 03
Madrid · Barcelona · Valencia
Ivnosys Soluciones, S.L.U. | CIF: B-98333362 | C/ Acceso de Ademuz, 12. 1st floor, Office. 1, Paterna, Valencia (C.P.: 46980)
Registered in the Mercantile Registry of Valencia, Volume: 9306, Book: 6588, Sheet: 60, Section: 8, Page: V143049, Inscription: 1
TABLE OF CONTENTS
TABLE OF CONTENTS __________________________________________________________________________ 1
1. KEYCONTROLLER DRIVER FOR IVSIGN ____________________________________________________ 2
2. STANDARD INSTALLATION AND CONFIGURATION _____________________________________ 3
MANUAL OR STANDARD INSTALLATION _________________________________________________ 3
MANUAL OR STANDARD CONFIGURATION ______________________________________________ 8
3. UNATTENDED INSTALLATION AND CONFIGURATION ________________________________ 11
UNATTENDED INSTALLATION ___________________________________________________________ 11
UNATTENDED CONFIGURATION _________________________________________________________ 13
OPTION 01: CONFIGURATION USING COMMAND LINE PARAMETERS ___________________________ 13
OPTION 02: CONFIGURATION USING THE WINDOWS REGISTRY _________________________________ 15
4. DRIVER INSTALLATION USING GPO _____________________________________________________ 17
STEPS TO FOLLOW ________________________________________________________________________ 17
5. CONFIGURATION ON PKCS#11 ENVIRONMENTS _______________________________________ 25
6. VERSION UPDATE PROCEDURE __________________________________________________________ 29
7. MANAGEMENT AND USE OF KEYCONTROLLER _________________________________________ 30
NOTIFICATION SYSTEM __________________________________________________________________ 30
CONTROL PANEL __________________________________________________________________________ 32
ENABLING/DISABLING CERTIFICATES ___________________________________________________ 33
2
KEYCONTROLLER DRIVER FOR IVSIGN
PRODUCT: IVSIGN
VERSION:
V9 – V1
www.ivnosys.com 96 003 12 03
Madrid · Barcelona · Valencia
Ivnosys Soluciones, S.L.U. | CIF: B-98333362 | C/ Acceso de Ademuz, 12. 1st floor, Office. 1, Paterna, Valencia (C.P.: 46980)
Registered in the Mercantile Registry of Valencia, Volume: 9306, Book: 6588, Sheet: 60, Section: 8, Page: V143049, Inscription: 1
1. KEYCONTROLLER DRIVER FOR IVSIGN
IvSign is the solution for safe e-signatures.
With IvSign it is not necessary to install a certificate on a certain device, as it allows the centralisation of all certificates on the platform.
IvSign allows to store digital certificates safely, and its use can be authorised on different devices, users, processes and websites in a centralised way, with traceability of operations.
It is the only mean to guarantee legally and technically the identity of an individual on the internet, a document’s e-signature and any encrypted communication or content.
For that, the installation and configuration of the KeyController driver.
3
KEYCONTROLLER DRIVER FOR IVSIGN
PRODUCT: IVSIGN
VERSION:
V9 – V1
www.ivnosys.com 96 003 12 03
Madrid · Barcelona · Valencia
Ivnosys Soluciones, S.L.U. | CIF: B-98333362 | C/ Acceso de Ademuz, 12. 1st floor, Office. 1, Paterna, Valencia (C.P.: 46980)
Registered in the Mercantile Registry of Valencia, Volume: 9306, Book: 6588, Sheet: 60, Section: 8, Page: V143049, Inscription: 1
2. STANDARD INSTALLATION AND CONFIGURATION
MANUAL OR STANDARD INSTALLATION
In order to use a certificate with Windows applications -in the same way it is done with a cer-
tificate in SmartCard or Software-, it is necessary to acquire the KeyController Driver. It is pos-
sible to setup the driver following these simple steps.
Firstly, it is necessary to access the following URL: https://ivsdriver.com/. The license agree-
ment must be read and accepted before proceeding to the download by clicking on the option
“I have read and accept the License agreement for this product.”
When downloading the driver, two options are available:
✓ Clicking on KeyController Installer: it detects the appropriate architecture according
to the computer’s characteristics and it downloads and installs the latest version availa-
ble.
✓ Clicking on the appropriate version, according to the computer processor’s architecture:
• KeyController 64 bits: for computers with a 64-bit processor.
• KeyController 32 bits: for computers with a 32-bit processor.
After clicking on the corresponding link, run the downloaded file.
Note: Administrator permissions are required in order to install the driver.
4
KEYCONTROLLER DRIVER FOR IVSIGN
PRODUCT: IVSIGN
VERSION:
V9 – V1
www.ivnosys.com 96 003 12 03
Madrid · Barcelona · Valencia
Ivnosys Soluciones, S.L.U. | CIF: B-98333362 | C/ Acceso de Ademuz, 12. 1st floor, Office. 1, Paterna, Valencia (C.P.: 46980)
Registered in the Mercantile Registry of Valencia, Volume: 9306, Book: 6588, Sheet: 60, Section: 8, Page: V143049, Inscription: 1
A window will open for the installation. It is possible to choose which version to install.
Click on the box “I accept the terms in the license agreement”, and the “Next” button will be
activated, which allows you to start the installation.
The following screen allows the user to select the KeyController Driver components to be in-
cluded in the installation process.
5
KEYCONTROLLER DRIVER FOR IVSIGN
PRODUCT: IVSIGN
VERSION:
V9 – V1
www.ivnosys.com 96 003 12 03
Madrid · Barcelona · Valencia
Ivnosys Soluciones, S.L.U. | CIF: B-98333362 | C/ Acceso de Ademuz, 12. 1st floor, Office. 1, Paterna, Valencia (C.P.: 46980)
Registered in the Mercantile Registry of Valencia, Volume: 9306, Book: 6588, Sheet: 60, Section: 8, Page: V143049, Inscription: 1
However, it is recommended to keep the default values and install all the components.
After clicking on each component, a shortcut menu will open showing every option available
for each one.
By default, the components are set to the option “This feature will be installed on your local
hard drive”.
If any component is not to be installed, then click on the option “The complete feature will
not be available”.
After clicking on Next, confirmation will be required in order to start the installation process,
based on the previously selected parameters.
6
KEYCONTROLLER DRIVER FOR IVSIGN
PRODUCT: IVSIGN
VERSION:
V9 – V1
www.ivnosys.com 96 003 12 03
Madrid · Barcelona · Valencia
Ivnosys Soluciones, S.L.U. | CIF: B-98333362 | C/ Acceso de Ademuz, 12. 1st floor, Office. 1, Paterna, Valencia (C.P.: 46980)
Registered in the Mercantile Registry of Valencia, Volume: 9306, Book: 6588, Sheet: 60, Section: 8, Page: V143049, Inscription: 1
When clicking on the Install button, a window will be displayed. It will show the status of the
installation through a progress bar.
Once the installation is finished, click on the Finish button to close the wizard.
7
KEYCONTROLLER DRIVER FOR IVSIGN
PRODUCT: IVSIGN
VERSION:
V9 – V1
www.ivnosys.com 96 003 12 03
Madrid · Barcelona · Valencia
Ivnosys Soluciones, S.L.U. | CIF: B-98333362 | C/ Acceso de Ademuz, 12. 1st floor, Office. 1, Paterna, Valencia (C.P.: 46980)
Registered in the Mercantile Registry of Valencia, Volume: 9306, Book: 6588, Sheet: 60, Section: 8, Page: V143049, Inscription: 1
Lastly, a dialog box will open, requesting that the computer be restarted.
IMPORTANT NOTE: Restarting the system is required in order to ensure correct
system operation. If restarting is not allowed or it is omitted, the driver may not
run correctly, or it may be unstable.
In case immediately restarting the system is not possible, it is necessary to ensure
it is done afterwards, before the final users start working with the driver.
The icon for the KeyController Driver will be displayed on the bottom right-hand side of the
Windows Task Bar, on the Notifications area.
8
KEYCONTROLLER DRIVER FOR IVSIGN
PRODUCT: IVSIGN
VERSION:
V9 – V1
www.ivnosys.com 96 003 12 03
Madrid · Barcelona · Valencia
Ivnosys Soluciones, S.L.U. | CIF: B-98333362 | C/ Acceso de Ademuz, 12. 1st floor, Office. 1, Paterna, Valencia (C.P.: 46980)
Registered in the Mercantile Registry of Valencia, Volume: 9306, Book: 6588, Sheet: 60, Section: 8, Page: V143049, Inscription: 1
MANUAL OR STANDARD CONFIGURATION
The application needs to be configured following the steps below, so as to be able to use cen-
tralised certificates on IvSign.
When clicking with the right mouse button on the KeyController Driver icon located on the
Windows task bar, the following menu will appear:
Click on the Settings option and fill out the following fields:
✓ Server: Enter the value corresponding to the URL of the platform (for example,
ivsign.net).
• Authentication: Select Integrated authentication, Federated Authentication or
Username and Password, as appropriate.
• Integrated authentication: With this option, the data of the active session of
Windows is obtained, thus verifying that the user exists in the Active Directory
of the organization. The Active Directory of the organization must be on the
same network as the IvSign server.
• Federated Authentication: In the same way as with the Integrated Authentica-
tion, this type of authentication will work with the information of the active ses-
sion of Windows. However, users will authenticate against a repository that is
not on the same network as the IvSign server, with which a trust relationship is
established thanks to a federation code.
✓ Username and password: Enter the details from the “Welcome to IvSign” e-mail to
access the platform. The information will be verified on IvSign’s own database.
✓ Organisation ID: Indicate the organization's identifier. If you do not have this identifier,
please contact your project manager.
Note: If the password has been changed, enter the new one and not the one on the wel-
come e-mail.
It is possible to click on Test to check if the credentials are correct.
9
KEYCONTROLLER DRIVER FOR IVSIGN
PRODUCT: IVSIGN
VERSION:
V9 – V1
www.ivnosys.com 96 003 12 03
Madrid · Barcelona · Valencia
Ivnosys Soluciones, S.L.U. | CIF: B-98333362 | C/ Acceso de Ademuz, 12. 1st floor, Office. 1, Paterna, Valencia (C.P.: 46980)
Registered in the Mercantile Registry of Valencia, Volume: 9306, Book: 6588, Sheet: 60, Section: 8, Page: V143049, Inscription: 1
Whether the credentials are correct or incorrect, the appropriate message will be displayed on
the bottom section of the window.
Once the configuration is verified, click on Accept.
The certificates that are centralised on IvSign can be viewed from a browser and from applica-
tions that use standard Windows storage protocols.
If certificates are not displayed automatically, it is advisable to restart the system.
NOTE: Centralised certificates can neither be manually removed from the system nor can their
private key be exported, as they are never stored on the computer where they are setup.
10
KEYCONTROLLER DRIVER FOR IVSIGN
PRODUCT: IVSIGN
VERSION:
V9 – V1
www.ivnosys.com 96 003 12 03
Madrid · Barcelona · Valencia
Ivnosys Soluciones, S.L.U. | CIF: B-98333362 | C/ Acceso de Ademuz, 12. 1st floor, Office. 1, Paterna, Valencia (C.P.: 46980)
Registered in the Mercantile Registry of Valencia, Volume: 9306, Book: 6588, Sheet: 60, Section: 8, Page: V143049, Inscription: 1
3. UNATTENDED INSTALLATION AND CONFIGURATION
UNATTENDED INSTALLATION
Since version 5, the KeyController setup incorporates new components and additional installa-
tion options. For instance, the system requires for the computer to be restarted after finishing
the installation process. This requirement aims to ensure correct system operation.
If the installation is unattended, this requirement can be omitted or customised based on the
installation options chosen.
The available options are listed on the following table:
Options Description
Components To exclude all additional components from the installation process, in-
clude the following parameters:
“ADDLOCAL=ALL REMOVE=PluginChrome,PluginIE,Pkcs11”
It is also possible to disable specific components. It can be done in two
different ways; either using the previous command (specifying only one
component) or through the option DISABLE and the name of the com-
ponent, as shown below:
• “DISABLE_PluginChrome=1”
• “DISABLE_PluginIE=1”
• “DISABLE_Pkcs11=1”
Restart /norestart: It prevents the computer from being restarted once the
installation process is finished.
NOTE: If this parameter is not included, the computer will automati-
cally be restarted after the installation. The user will not be able to can-
cel it.
11
KEYCONTROLLER DRIVER FOR IVSIGN
PRODUCT: IVSIGN
VERSION:
V9 – V1
www.ivnosys.com 96 003 12 03
Madrid · Barcelona · Valencia
Ivnosys Soluciones, S.L.U. | CIF: B-98333362 | C/ Acceso de Ademuz, 12. 1st floor, Office. 1, Paterna, Valencia (C.P.: 46980)
Registered in the Mercantile Registry of Valencia, Volume: 9306, Book: 6588, Sheet: 60, Section: 8, Page: V143049, Inscription: 1
Some examples below:
EXAMPLE: Installation of KeyController excluding all components and preventing the system
from being restarted:
msiexec /q /norestart /i KeyController64_9.0.msi ADDLOCAL=ALL REMOVE=Plugin-
Chrome,PluginIE,Pkcs11
EXAMPLE: Installation of KeyController excluding only the Google Chrome component (first
method) and forcing the system to be restarted:
msiexec /q /i KeyController64_9.0.msi ADDLOCAL=ALL REMOVE=PluginChrome
EXAMPLE: Installation of KeyController excluding only the Google Chrome component (second
method) and forcing the system to be restarted:
msiexec /q /i KeyController64_9.0.msi DISABLE_PluginChrome=1
IMPORTANT NOTE: Restarting the system is required in order to ensure correct
system operation. If restarting is not allowed or it is omitted, the driver may not
run correctly, or it may be unstable.
In case immediately restarting the system is not possible, it is necessary to ensure
it is done afterwards, before the final users start working with the driver.
12
KEYCONTROLLER DRIVER FOR IVSIGN
PRODUCT: IVSIGN
VERSION:
V9 – V1
www.ivnosys.com 96 003 12 03
Madrid · Barcelona · Valencia
Ivnosys Soluciones, S.L.U. | CIF: B-98333362 | C/ Acceso de Ademuz, 12. 1st floor, Office. 1, Paterna, Valencia (C.P.: 46980)
Registered in the Mercantile Registry of Valencia, Volume: 9306, Book: 6588, Sheet: 60, Section: 8, Page: V143049, Inscription: 1
UNATTENDED CONFIGURATION
Option 01: configuration using command line parameters.
The MSI installer allows the driver to be setup with default values at the moment of the instal-
lation.
The allowed parameters are the following:
Parameter Description
Server Sets the default server configuration for new users.
Serverfix Sets a fixed server configuration for all users (users will not be able to
change this).
Auth Sets the default authentication method (Values: pass / win)
✓ pass > Basic authentication
✓ win > Integrated authentication
✓ federated > Federated authentication
Authfix Sets a fixed authentication method (users will not be able to change
this).
Orga Sets IvSign’s organisation code.
Orgafix Sets a fixed organisation code (users will not be able to change this).
Noupdates Disables update checks (using value 1).
Nocertdisable Allows to remove the possibility of enabling/disabling certificates from
the menu (using value 1).
Fedcode Federation code. It is required for the use of federated authentication.
Accesopanel Allows to enable the “Control panel” option on KeyController’s shortcut
menu (using value 1).
13
KEYCONTROLLER DRIVER FOR IVSIGN
PRODUCT: IVSIGN
VERSION:
V9 – V1
www.ivnosys.com 96 003 12 03
Madrid · Barcelona · Valencia
Ivnosys Soluciones, S.L.U. | CIF: B-98333362 | C/ Acceso de Ademuz, 12. 1st floor, Office. 1, Paterna, Valencia (C.P.: 46980)
Registered in the Mercantile Registry of Valencia, Volume: 9306, Book: 6588, Sheet: 60, Section: 8, Page: V143049, Inscription: 1
SSOPanel Specifies whether autologin on CertManager is allowed, through the
option on “Control Panel” or from a notification (using value 1).
If the user is required to enter their password, the value 0 must be set.
Autoregister Establishes whether KeyController must create the user reference on
IvSign when the user logs in on the computer (using value 1).
This option is only enabled in systems with integrated and federated
authentication.
IMPORTANT NOTE: It is important to take into account that in order to perform the unat-
tended installation with the parameter /q, the console must run in the administrator mode.
Some examples below:
EXAMPLE: Basic example of the installation, in which the user is allowed to edit the form fields
and update checks are disabled.
msiexec /q /i KeyController64_9.0.msi server=ivsign.net auth=win orga=XXXX noupdates=1
nocertdisable=1
EXAMPLE: Below is the same example, only the user cannot edit the form fields.
msiexec /q /i KeyController64_9.0.msi serverfix= ivsign.net authfix=win orgafix=XXXX
noupdates=1 nocertdisable=1
EXAMPLE: Below there is another example, only using federated authentication:
msiexec /q /i KeyController64_9.0.msi serverfix= ivsign.net authfix=federated orgafix=XXXX
fedcode=YYYY noupdates=1
14
KEYCONTROLLER DRIVER FOR IVSIGN
PRODUCT: IVSIGN
VERSION:
V9 – V1
www.ivnosys.com 96 003 12 03
Madrid · Barcelona · Valencia
Ivnosys Soluciones, S.L.U. | CIF: B-98333362 | C/ Acceso de Ademuz, 12. 1st floor, Office. 1, Paterna, Valencia (C.P.: 46980)
Registered in the Mercantile Registry of Valencia, Volume: 9306, Book: 6588, Sheet: 60, Section: 8, Page: V143049, Inscription: 1
Option 02: Configuration using the Windows registry
It is possible to modify the default and mandatory configuration of the server and the driver’s
authentication method through some changes in the registry.
The available registry entries are:
Registry entries Description
[HKEY_CURRENT_USER\Soft-
ware\Ivnosys\KeyController]
Sets a specific configuration for a user
[HKEY_LOCAL_MACHINE\SOFTWARE\Cli-
ent\KeyController\fixed]
Sets mandatory values for all users, with no possibility
of modification.
[HKEY_LOCAL_MACHINE\SOFTWARE\Cli-
ent\KeyController\default]
Contains the default configuration values.
KeyController uses these values if it cannot find con-
figuration data on the two paths mentioned above.
EXAMPLE: This is an example of configuration in which ivsign.net and integrated authentication
are forcibly used. The reg file to be used is the following:
------------------------------------------------------------
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\KeyController\fixed]
"server"=" ivsign.net"
"auth"="win"
------------------------------------------------------------
EXAMPLE: This is an additional example using federated authentication in a predetermined
way.
------------------------------------------------------------
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\KeyController\default]
"server"=" ivsign.net"
"auth"="federated"
"fedcode"="XXXXXXXXXXX"
------------------------------------------------------------
15
KEYCONTROLLER DRIVER FOR IVSIGN
PRODUCT: IVSIGN
VERSION:
V9 – V1
www.ivnosys.com 96 003 12 03
Madrid · Barcelona · Valencia
Ivnosys Soluciones, S.L.U. | CIF: B-98333362 | C/ Acceso de Ademuz, 12. 1st floor, Office. 1, Paterna, Valencia (C.P.: 46980)
Registered in the Mercantile Registry of Valencia, Volume: 9306, Book: 6588, Sheet: 60, Section: 8, Page: V143049, Inscription: 1
4. DRIVER INSTALLATION USING GPO
In order to use the KeyController driver on all the necessary computers, it is necessary to per-
form an installation using the policies of the domain.
The first step is to locate the installation files (both for 32-bit and 64-bit architectures) on a
shared resource, accessible by all positions, with permissions for all users.
NOTE: It is important for the installer to be MSI.
STEPS TO FOLLOW
To generate the guideline that carries out the unintended installation, it is necessary to access
the Group Policy Administrator. In order to access this panel from the domain controller, the
command “gpmc” needs to be executed.
Once on this panel, unfold the domain in use and create a new one from the Group Policy
Objects.
Edit the new policy.
16
KEYCONTROLLER DRIVER FOR IVSIGN
PRODUCT: IVSIGN
VERSION:
V9 – V1
www.ivnosys.com 96 003 12 03
Madrid · Barcelona · Valencia
Ivnosys Soluciones, S.L.U. | CIF: B-98333362 | C/ Acceso de Ademuz, 12. 1st floor, Office. 1, Paterna, Valencia (C.P.: 46980)
Registered in the Mercantile Registry of Valencia, Volume: 9306, Book: 6588, Sheet: 60, Section: 8, Page: V143049, Inscription: 1
Once on the new window, follow the route: System configuration > Guidelines > Software
configuration > Software installation. On this last section, a new data packet will be created
for each MSI.
Once the 32 and 64-bit packets have been created, the next step is to configure the variables
of the driver in order to access the following route:
System configuration > Preferences > Windows configuration > Registry
17
KEYCONTROLLER DRIVER FOR IVSIGN
PRODUCT: IVSIGN
VERSION:
V9 – V1
www.ivnosys.com 96 003 12 03
Madrid · Barcelona · Valencia
Ivnosys Soluciones, S.L.U. | CIF: B-98333362 | C/ Acceso de Ademuz, 12. 1st floor, Office. 1, Paterna, Valencia (C.P.: 46980)
Registered in the Mercantile Registry of Valencia, Volume: 9306, Book: 6588, Sheet: 60, Section: 8, Page: V143049, Inscription: 1
The new variables are configured by clicking on the right button on the Registry window > New
> Registry Element
NOTE: The variables depend on the configuration. For more information, consult with your
project manager.
On the KeyController setting options there are certain fields that can be locked so the user
cannot modify them.
Check the section Configuration with command line parameters to see how to do it.
Check the following images to see an example of fixed or editable variables:
1. Fixed field -users cannot modify it- (fixed).
18
KEYCONTROLLER DRIVER FOR IVSIGN
PRODUCT: IVSIGN
VERSION:
V9 – V1
www.ivnosys.com 96 003 12 03
Madrid · Barcelona · Valencia
Ivnosys Soluciones, S.L.U. | CIF: B-98333362 | C/ Acceso de Ademuz, 12. 1st floor, Office. 1, Paterna, Valencia (C.P.: 46980)
Registered in the Mercantile Registry of Valencia, Volume: 9306, Book: 6588, Sheet: 60, Section: 8, Page: V143049, Inscription: 1
2. Users can modify the field (default).
NOTE: It is important for the field “Action” to be set on “Replace” to avoid configuration prob-
lems.
Below there are several recommended configurations (depending on the authentication
method) for definitive installations on the client’s work station (in production).
19
KEYCONTROLLER DRIVER FOR IVSIGN
PRODUCT: IVSIGN
VERSION:
V9 – V1
www.ivnosys.com 96 003 12 03
Madrid · Barcelona · Valencia
Ivnosys Soluciones, S.L.U. | CIF: B-98333362 | C/ Acceso de Ademuz, 12. 1st floor, Office. 1, Paterna, Valencia (C.P.: 46980)
Registered in the Mercantile Registry of Valencia, Volume: 9306, Book: 6588, Sheet: 60, Section: 8, Page: V143049, Inscription: 1
1. BASIC AUTHENTICATION
The following table indicates the recommended configuration with basic authentication, in
which the fields noupdates and nocertdisable are locked.
*server: Contains IvSign’s URL.
**orga: Sets IvSign’s organisation code.
[If this information is not available to you, request it from your Project Manager]
As a result of the previous configuration, the driver will be configured as follows:
Parameter Config (editable o locked) Value
server fixed *
auth fixed pass
orga fixed **
noupdates default 1
nocertdisable default 1
20
KEYCONTROLLER DRIVER FOR IVSIGN
PRODUCT: IVSIGN
VERSION:
V9 – V1
www.ivnosys.com 96 003 12 03
Madrid · Barcelona · Valencia
Ivnosys Soluciones, S.L.U. | CIF: B-98333362 | C/ Acceso de Ademuz, 12. 1st floor, Office. 1, Paterna, Valencia (C.P.: 46980)
Registered in the Mercantile Registry of Valencia, Volume: 9306, Book: 6588, Sheet: 60, Section: 8, Page: V143049, Inscription: 1
2. FEDERATED AUTHENTICATION
This configuration sets the recommended configuration with federated authentication, in which
the fields noupdates and nocertdisable are locked.
*server: Contains IvSign’s URL.
**fedcode: Federation code. It is required for the use of federated authentication and it is pro-
vided at the beginning of the project.
***orga: Sets IvSign’s organisation code
[If this information is not available to you, request it from your Project Manager]
As a result of the previous configuration, the driver will be configured as follows:
Parameter Config (editable o locked) Value
server fixed *
auth fixed federated
fedcode fixed **
orga fixed ***
noupdates default 1
nocertdisable default 1
21
KEYCONTROLLER DRIVER FOR IVSIGN
PRODUCT: IVSIGN
VERSION:
V9 – V1
www.ivnosys.com 96 003 12 03
Madrid · Barcelona · Valencia
Ivnosys Soluciones, S.L.U. | CIF: B-98333362 | C/ Acceso de Ademuz, 12. 1st floor, Office. 1, Paterna, Valencia (C.P.: 46980)
Registered in the Mercantile Registry of Valencia, Volume: 9306, Book: 6588, Sheet: 60, Section: 8, Page: V143049, Inscription: 1
Lastly, on the Group Policy Administrator, select the organisational unit that contains the com-
puters where the driver installation will take place. The configured GPO (following the previous
steps) will be applied by selecting “Associate with existing GPO”.
22
KEYCONTROLLER DRIVER FOR IVSIGN
PRODUCT: IVSIGN
VERSION:
V9 – V1
www.ivnosys.com 96 003 12 03
Madrid · Barcelona · Valencia
Ivnosys Soluciones, S.L.U. | CIF: B-98333362 | C/ Acceso de Ademuz, 12. 1st floor, Office. 1, Paterna, Valencia (C.P.: 46980)
Registered in the Mercantile Registry of Valencia, Volume: 9306, Book: 6588, Sheet: 60, Section: 8, Page: V143049, Inscription: 1
For the installation to be successful, it is possible to either wait for the computers to be restarted
or to force the update of the group policies by using the command “gpupdate /force” (this
command needs to be used on each client computer).
23
KEYCONTROLLER DRIVER FOR IVSIGN
PRODUCT: IVSIGN
VERSION:
V9 – V1
www.ivnosys.com 96 003 12 03
Madrid · Barcelona · Valencia
Ivnosys Soluciones, S.L.U. | CIF: B-98333362 | C/ Acceso de Ademuz, 12. 1st floor, Office. 1, Paterna, Valencia (C.P.: 46980)
Registered in the Mercantile Registry of Valencia, Volume: 9306, Book: 6588, Sheet: 60, Section: 8, Page: V143049, Inscription: 1
5. CONFIGURATION ON PKCS#11 ENVIRONMENTS
On browsers such as Firefox or other systems that need standard PKCS#11, it will be necessary
to set KeyController Driver as a specific encryption key provider, as if it were a SmartCard. The
procedure is as follows:
1. Open the Settings menu
24
KEYCONTROLLER DRIVER FOR IVSIGN
PRODUCT: IVSIGN
VERSION:
V9 – V1
www.ivnosys.com 96 003 12 03
Madrid · Barcelona · Valencia
Ivnosys Soluciones, S.L.U. | CIF: B-98333362 | C/ Acceso de Ademuz, 12. 1st floor, Office. 1, Paterna, Valencia (C.P.: 46980)
Registered in the Mercantile Registry of Valencia, Volume: 9306, Book: 6588, Sheet: 60, Section: 8, Page: V143049, Inscription: 1
2. On the Privacy and Security sections, search for Certificates
3. Then, click on Safety Devices
The following screen will appear:
4. Click on Load and select the module PKCS#11:
25
KEYCONTROLLER DRIVER FOR IVSIGN
PRODUCT: IVSIGN
VERSION:
V9 – V1
www.ivnosys.com 96 003 12 03
Madrid · Barcelona · Valencia
Ivnosys Soluciones, S.L.U. | CIF: B-98333362 | C/ Acceso de Ademuz, 12. 1st floor, Office. 1, Paterna, Valencia (C.P.: 46980)
Registered in the Mercantile Registry of Valencia, Volume: 9306, Book: 6588, Sheet: 60, Section: 8, Page: V143049, Inscription: 1
The default driver path is:
C:/Program Files/Ivnosys/KeyController/pkcs11
Depending on the browser, it will be the x86 or x64 folder.
It will most likely be the x86 folder.
If everything is operating correctly, the configuration should look as follows:
If the path is not correct or if the driver version does not correspond to the browser’s build
version, the following error message will be displayed and the driver will not be configured
correctly:
26
KEYCONTROLLER DRIVER FOR IVSIGN
PRODUCT: IVSIGN
VERSION:
V9 – V1
www.ivnosys.com 96 003 12 03
Madrid · Barcelona · Valencia
Ivnosys Soluciones, S.L.U. | CIF: B-98333362 | C/ Acceso de Ademuz, 12. 1st floor, Office. 1, Paterna, Valencia (C.P.: 46980)
Registered in the Mercantile Registry of Valencia, Volume: 9306, Book: 6588, Sheet: 60, Section: 8, Page: V143049, Inscription: 1
Subsequently, certificates will appear on Firefox just like any certificates imported from a .p12
file or SmartCard:
27
KEYCONTROLLER DRIVER FOR IVSIGN
PRODUCT: IVSIGN
VERSION:
V9 – V1
www.ivnosys.com 96 003 12 03
Madrid · Barcelona · Valencia
Ivnosys Soluciones, S.L.U. | CIF: B-98333362 | C/ Acceso de Ademuz, 12. 1st floor, Office. 1, Paterna, Valencia (C.P.: 46980)
Registered in the Mercantile Registry of Valencia, Volume: 9306, Book: 6588, Sheet: 60, Section: 8, Page: V143049, Inscription: 1
6. VERSION UPDATE PROCEDURE
KeyController Driver will periodically inform the user about the latest version available through
a message on the Windows task bar.
Click on the pop-up message to download the file. Then, run the file to apply the updates.
Note: It is essential to have administrator permissions on the computer in order for the
file to run correctly.
In case of wanting to check whether there is a new version without waiting for the message to
appear, right-click on the icon located on the task bar, then click on the option Check for up-
dates.
28
KEYCONTROLLER DRIVER FOR IVSIGN
PRODUCT: IVSIGN
VERSION:
V9 – V1
www.ivnosys.com 96 003 12 03
Madrid · Barcelona · Valencia
Ivnosys Soluciones, S.L.U. | CIF: B-98333362 | C/ Acceso de Ademuz, 12. 1st floor, Office. 1, Paterna, Valencia (C.P.: 46980)
Registered in the Mercantile Registry of Valencia, Volume: 9306, Book: 6588, Sheet: 60, Section: 8, Page: V143049, Inscription: 1
7. KEYCONTROLLER MANAGEMENT AND USE
NOTIFICATION SYSTEM
Informative messages regarding the platform’s management are sent to users from IvSign.
In order to read those notifications, it is necessary to access IvSign.
KeyController Driver lets the user know there are unread notifications by displaying the fol-
lowing message:
The option Notifications becomes available on the KeyController Driver when it detects un-
read notifications. By clicking on the Notifications menu, the browser will open a window to the
IvSign platform so the user can read them.
29
KEYCONTROLLER DRIVER FOR IVSIGN
PRODUCT: IVSIGN
VERSION:
V9 – V1
www.ivnosys.com 96 003 12 03
Madrid · Barcelona · Valencia
Ivnosys Soluciones, S.L.U. | CIF: B-98333362 | C/ Acceso de Ademuz, 12. 1st floor, Office. 1, Paterna, Valencia (C.P.: 46980)
Registered in the Mercantile Registry of Valencia, Volume: 9306, Book: 6588, Sheet: 60, Section: 8, Page: V143049, Inscription: 1
CONTROL PANEL
The option Control Panel on the menu is a direct access from the KeyController Driver to the
IvSign platform.
Click on this menu to open the IvSign platform through the web browser, in order to log in and
access all of the platform’s options.
30
KEYCONTROLLER DRIVER FOR IVSIGN
PRODUCT: IVSIGN
VERSION:
V9 – V1
www.ivnosys.com 96 003 12 03
Madrid · Barcelona · Valencia
Ivnosys Soluciones, S.L.U. | CIF: B-98333362 | C/ Acceso de Ademuz, 12. 1st floor, Office. 1, Paterna, Valencia (C.P.: 46980)
Registered in the Mercantile Registry of Valencia, Volume: 9306, Book: 6588, Sheet: 60, Section: 8, Page: V143049, Inscription: 1
ENABLING/DISABLING CERTIFICATES
In case of having many certificates, the option of enabling or disabling certificates is available,
so as to prevent all the certificates from being displayed all at once when there is a need of
performing an action with them (e-signing, accessing a URL…).
Right-click on the KeyController Driver icon located on the taskbar.
This option allows to work only with the certificates that are enabled on IvSign.
Certificates that show the icon on the Settings column will be displayed.
31
KEYCONTROLLER DRIVER FOR IVSIGN
PRODUCT: IVSIGN
VERSION:
V9 – V1
www.ivnosys.com 96 003 12 03
Madrid · Barcelona · Valencia
Ivnosys Soluciones, S.L.U. | CIF: B-98333362 | C/ Acceso de Ademuz, 12. 1st floor, Office. 1, Paterna, Valencia (C.P.: 46980)
Registered in the Mercantile Registry of Valencia, Volume: 9306, Book: 6588, Sheet: 60, Section: 8, Page: V143049, Inscription: 1
Certificates that are disabled on IvSign for any reason (having forgotten the PIN several times,
having been manually disabled…) will not become available on the driver. Certificates that show
the icon on the Settings column will not be displayed.
The enable/disable options will only affect the computer being used in that moment. That
is, if there is a certificate delegated to another user, the enable/disable changes will only work
on the computer that is making the changes. The person to which the certificate is delegated
will need to enable or disable the certificate on their own computer.
To show a hidden certificate, click on the HIDDEN box of that certificate.
32
KEYCONTROLLER DRIVER FOR IVSIGN
PRODUCT: IVSIGN
VERSION:
V9 – V1
www.ivnosys.com 96 003 12 03
Madrid · Barcelona · Valencia
Ivnosys Soluciones, S.L.U. | CIF: B-98333362 | C/ Acceso de Ademuz, 12. 1st floor, Office. 1, Paterna, Valencia (C.P.: 46980)
Registered in the Mercantile Registry of Valencia, Volume: 9306, Book: 6588, Sheet: 60, Section: 8, Page: V143049, Inscription: 1
To hide a visible certificate click on the VISIBLE box of the certificate.
In both cases, visibility will automatically change.
33
KEYCONTROLLER DRIVER FOR IVSIGN
PRODUCT: IVSIGN
VERSION:
V9 – V1
www.ivnosys.com 96 003 12 03
Madrid · Barcelona · Valencia
Ivnosys Soluciones, S.L.U. | CIF: B-98333362 | C/ Acceso de Ademuz, 12. 1st floor, Office. 1, Paterna, Valencia (C.P.: 46980)
Registered in the Mercantile Registry of Valencia, Volume: 9306, Book: 6588, Sheet: 60, Section: 8, Page: V143049, Inscription: 1
These actions can be carried out individually or all at once by clicking on Select all or Unselect
all.
Certificates can be filtered by the content of any column (visibility, name, common name, issuer
or expiration date) by entering the text on the Search box and clicking on Search or by pressing
Enter. All coincidences will be listed.
34
KEYCONTROLLER DRIVER FOR IVSIGN
PRODUCT: IVSIGN
VERSION:
V9 – V1
www.ivnosys.com 96 003 12 03
Madrid · Barcelona · Valencia
Ivnosys Soluciones, S.L.U. | CIF: B-98333362 | C/ Acceso de Ademuz, 12. 1st floor, Office. 1, Paterna, Valencia (C.P.: 46980)
Registered in the Mercantile Registry of Valencia, Volume: 9306, Book: 6588, Sheet: 60, Section: 8, Page: V143049, Inscription: 1
To show all the certificates again and filter them once more, click on Show all.