st-1 quick reference - safenet · kt-1 key chain token quick reference overview the kt-1 key chain...
TRANSCRIPT
Copyright © 2008 CRYPTOCard All Rights Reserved Page 1
KT-1 Key Chain Token
QUICK Reference
Overview
The KT-1 Key Chain token generates a new, random
“one-time password” each time the token is activated.
Pressing the button located to the right and below the
LCD display activates the token.
Using Your KT-1 the First Time
A PIN is an alphanumeric string of 3 to 8 characters that is used to guard against the
unauthorized use of the token. If PIN protection is enabled, the user must provide a PIN
with the one-time password to authenticate. Your initial PIN is “1234”, and this must be
changed to a PIN of your choosing on first use.
Using Your KT-1 to Log In
When prompted for a password, you must append the one-time password displayed by the
token to your PIN. For example, if the the PIN is 4321 and the displayed one-time password
is 12345678, the user must enter 432112345678 at the password prompt.
Adjusting LCD Contrast
1. Press and hold the button (approximately 5 seconds) on the token until the prompt “Init”
appears. Then release the button.
2. The token will cycle through a series of prompts: “Init”, “LCD Test”, “Contrast”, “Chg
PIN”, “ReSync?”. The prompts and sequence will vary depending on the options enabled
for the token. Press the button while the “Contrast” prompt is displayed.
3. The token will cycle through a series of prompts in the form of –XX##XX- where ## are
digits from 00 to 15 corresponding with lowest to highest contrast. The contrast will
change as the digits change providing a visual indication of the selection. When the
desired contrast is displayed, press the button two times to set.
Copyright © 2008 CRYPTOCard All Rights Reserved Page 2
Token Resync
The purpose of this section is to instruct end-users and administrators how to resynchronize
tokens using the on-line CRYPTO-MAS resynchronization tool.
If too many One-time password Codes (OTP’s) have been generated by a token since the
last time the server received a correct OTP, the server will not recognize the OTP and the
token and server are said to be “out of sync”.
For CRYPTO-MAS, the number of OTPs that needs to be generated by the token to cause the
server and the token to become out-of-sync is defaulted to 25.
Instructions
IMPORTANT: Please ensure that the user has only one token assigned to them. An
‘Access Denied’ message will appear if the user has multiple tokens.
Step 1:
Open up a browser (IE6, IE7, Mozilla Firefox 1.5+) and go to http://resync.cryptocard.com/.
The following dialog box will appear:
Step 2:
Enter the “User ID” and “Authentication ID” (Auth ID) and click OK.
Contact your MAS Administrator if you don’t know the “Authentication ID’.
Copyright © 2008 CRYPTOCard All Rights Reserved Page 3
Step 3:
You will be presented with a challenge to be entered into your token, along with a field to
enter your next OTP (after the resync process has been completed).
Entering a Challenge into a KT Token:
a) Hold down the button on the KT Token until "Init" appears in the display then let go of the
button.
b) The token will automatically start scrolling through a menu, and when "Resync" appears,
immediately click the button to stop the menu from scrolling.
c) “Resync” plus a scrolling digit 0-9 will appear in the display. Press the button to stop the scrolling
when the digit displayed is the first digit (from the left) in the “challenge” (step 3 above).
d) The “Resync” will be replaced by the first digit selected, and scrolling for the next digit in the
“challenge” will begin. Follow the same steps to stop the scolling at the correct digits until the
complete 8-digit “challenge” appears.
e) When the challenge number is correctly entered/displayed, click the button again and a new One
Time Password (or ‘response’) will be automatically generated by the token.
Enter your PIN (if normally required) followed by the OTP displayed on your token into the
dialog box and Click “OK”.
Your token should now be synchronized with the server.
Copyright © 2008 CRYPTOCard All Rights Reserved Page 4
Token PIN Change
A KT Token user can change their Server Side, User Changeable PIN at any time.
To change the PIN, browse to the User Self-service web page at
http://auth.cryptocard.com/hardware. You must first authenticate before being presented with the PIN
Change page.
Instructions
IMPORTANT: Please ensure that the user has only one token assigned to them. An
‘Access Denied’ message will appear if the user has multiple tokens.
Step 1:
Open up a browser (IE6, IE7, Mozilla Firefox 1.5+) and go to
http://auth.cryptocard.com/hardware. The following dialog box will appear:
Step 2:
Enter the “User ID”, “Authentication ID” (Auth ID) and your OPT (PIN+Passcode) and click
OK.
Contact your MAS Administrator if you don’t know the “Authentication ID’.
Copyright © 2008 CRYPTOCard All Rights Reserved Page 5
Step 3:
After successful authentication you are redirected to the PIN Change page where you are
required to enter your current PIN and the new PIN to complete PIN change process. The
PIN length and complexity reflects the minimum requirements for this specific token.
If the correct Current PIN is entered and the New PIN meets the complexity requirements of
the token a PIN Change Success message is displayed and the New PIN is now in effect and
must be used to Authenticate with.
Copyright © 2008 CRYPTOCard All Rights Reserved Page 6
MAS Token Template
The following table identifies the KT-1 token configuration:
MAS Token Attributes - KT-1
Display
Display Type Base 32
Telephone Mode No
Response Length 8 characters
Automatic Shut-off 30 seconds
PIN
PIN Style Stored on server, User-changeable PIN
Initial PIN 1234
Random PIN Length 4
Min PIN Length 3
Characters allowed Digit Only
Try Attempts 7
Allow Trivial PINs Yes
Operation
Mode QuickLog
Passwords per power cycle Single
User can turn token off Yes
Usage
Operational Flags Force PIN change on next use