The BioCert® Intelligent Identity Manager™ is fully compatible with Windows XP, Windows 2000 (SP4) and is fully integrated with Active Directory using the optional Bioscrypt VeriSoft Access Manager enterprise multi-factor authentication software available from Biometrics Direct.
View Cart | Home | Support | News | Policies | Resellers | Contact Us | Sitemap |

Contact Us Toll Free in the USA - 1-800-519-8800
Direct and International Support - +1 360-331-1071
EU Customers - UK Customers
BioCert Home Products iQBioBlog Where to Buy Support
BioCert® Intelligent Identity Manager™ - Biometrics, Password, PIN, SSO, Network & PC Login
iQBio - "Unlock the Power of Your Print"
 
 

Site Navigation
 
 

BioCert IDentity
BioCert PCLokR Pro
How BioCert ID Works
 Compatible Hardware
Product Support & FAQ
Buy BioCert PCLokR
Buy BioCert DataLokR
Buy Software Only

Biometric Solutions
 HIPAA Compliance
SARBOX - SOX
Gramm-Leach-Bliley
US Privacy Laws
VISA/MC Compliance
Time/Attendance
Small Business
Network Management

Biometrics Education
 Biometrics FAQ
Biometric Terms
Biometrics 101
US Biometrics Laws
Mythbusted?
Biometrics Links

Other Products
 Biometrics Direct
BioSâf® GunLokR
BioCert® ClipBio™ Pro
Fingerprint Door Locks
 ACS Smart Cards
Smart Card Supply
Card Five ID Software
PVC ID Card Products
Pebble ID Printer
Quantum PVC Printer
DNP Reverse Printers
IDCardz.com

  
 

 

  

Smart Cards and Tokens

A smart card is a plastic card about the size of a credit card with an embedded microchip that can be loaded with information. Smart cards provide protection of information and authentication for individual users. Logging on to a network with a smart card can provide a strong form of authentication when it uses cryptography-based identification and proof of possession when authenticating a user to a domain.

For example, if a malicious person obtains a user's password, that person can assume the user identity on the network simply through use of the password. Many people choose passwords they can remember easily, which makes passwords inherently weak and open to attack.

In the case of smart cards, that same malicious person would have to obtain both the user's smart card and the personal identification number (PIN) to impersonate the user. This combination makes an attack less likely because an additional layer of information is needed to impersonate a user. An additional benefit is that a smart card is locked after the PIN is entered incorrectly several times in a row, making a dictionary attack against a smart card extremely difficult.

USB token and Virtual token provide functionality similar to smart card. BioCert® Identity can support any of these devices for authentication and as a user identity storage.

The following topic sections provide additional information about BioCert® Identity smart cards and tokens functions:

About Identity Storage

A smart card is a credit card-sized device you can use for storing sign-in passwords, public and private keys, and other personal information. Smart cards provide tamper-resistant and portable security solutions for tasks such as securing e-mail and logging on to a domain when linked to a Public Key Infrastructure (PKI).

Smart cards provide:

  • Tamper-resistant storage for protecting private keys and other forms of personal information
  • Isolation of security-critical computations involving authentication, digital signatures, and key exchange
  • A way to take logon information and other private information with you for use on computers at work, home, or on the road

USB Tokens

A USB token is simply a smart card in a different form factor. Rather than deploying the smart chip on a plastic credit platform, the smart chip is inserted into a plastic token, also known as a key. The major difference between a smart card and a token is in the access interface. A card requires a reader, while a token plugs directly into any USB port. There is no difference in the core functionality of storing and providing credentials.

A USB token is used for strong authentication. It provides enhanced security and ensures safe information access.

Virtual Tokens

A virtual token represents the software emulation of hardware token such as a smart card or USB token. The software token can be stored either in the Windows registry database or in a file and includes the token's location on a hard drive, diskette, USB drive, and so on.

Configuring Smart Cards and Tokens

Configuring Smart Cards and Tokens authentication

Authentication method settings include:

  • Asymmetrical encryption keys length and cryptographic algorithms
  • Permission to register several tokens per user

To configure the authentication method settings:

  1. In BioCert® Identity, select Authentication and Credentials.
  2. Select Credentials tab.
  3. In the list of authentication methods, select the desired authentication method, then click Properties. The Method Authentication Properties dialog box is displayed.
  4. Configure the desired settings, and then click OK to save the changes.

Configuring Smart Cards and Tokens service

The following groups of Smart Cards and Tokens service settings may be specified:

  • General Settings - Allow or deny modifying token parameters during registration, change Master PIN, create new virtual token and so on.
  • System response when smart card or token is inserted
  • System response when smart card or token is removed

To configure Smart Cards and Tokens service settings:

  1. In BioCert® Identity, select Settings.
  2. Select Services and Applications tab.
  3. In Select category drop-down list, select the user category to which the settings to be configured.
  4. In the list of services, select Smart Cards and Tokens Service and then click Properties. The Service Settings dialog box is displayed.
  5. Configure the desired settings, and then click OK to save the changes.

    Registering Smart Cards or Tokens

    To register a smart card or USB token:

    1. In BioCert® Identity, select My Identity.
    2. Select Register Smart Card or Token. The Token Registration Wizard is displayed.
    3. On the Device Type dialog box, select the desired type of device, and then click Next. Select Token dialog box is displayed.
    4. If a smart card or USB token was selected as the device type, make sure that smart card is inserted or the token is connected to a USB port.

      Note
      If the smart card is not inserted or the USB token is not connected, the Next button is disabled in Select Token dialog box.

      On the Device Type dialog box, click Next. Token Properties dialog box is displayed.

    5. Type the User PIN, and then click Finish to complete the operation.

    To register a virtual token:
    1. In BioCert® Identity, select My Identity.
    2. Select Register Smart Card or Token. The Token Registration Wizard is displayed.
    3. On the Device Type dialog box, select Virtual Token as device type, and then click Next. Virtual Token Name and Location dialog box is displayed.
    4. Specify the token name and location. A new virtual token can be stored either in a file or in the Windows registry database. Click Next to continue.
    5. On the Token Properties dialog box, specify the Master PIN and User PIN for the newly created virtual token, and then click Finish to complete the operation.

    Note
    The system allows to register several different tokens for every supported device type.

Using Smart Cards and Tokens

Logging on to BioCert® Identity using smart card or token

To log on to BioCert® Identity using a smart cart or token:

  1. Launch the BioCert® Logon Wizard.
  2. On the Introduce Yourself screen, type the user name, and then click Next.
  3. On the Logon Policy screen, select the Smart Card authentication method, and then click Next.

    Note
    In accordance with the authentication device type, you may select Smart Card, USB Token, or Virtual Token on this screen.

    If a smart card or USB token was selected as the device type, make sure that smart card is inserted or the token is connected to a USB port.

  4. On the Select a Smart Card (or Select a USB Token) screen, type your User PIN, and then click Finish. After the User PIN is validated, you will be logged on to BioCert® Identity.

    Note
    On the Select a Virtual Token screen, you should select the desired token from the list prior to typing a User PIN.

    Note
    If the user PIN is entered correctly, the system completes the logon process. If the PIN is entered incorrectly several times in sequence, logon will be denied using that authentication device (i.e. smart card or token). The number of allowable invalid logon attempts that may be entered before lockout occurs varies with the device manufacturer. Contact the administrator for assistance in case of locked out User PIN.

Using identity operations with smart card or token

A user can backup User Identity for migration to another system or for protection against the system failure. Smart card, USB token or virtual token can be used as devices for identity storage. The following topic sections provide additional information about Identity Backup/Restore operations:

Changing the Token PIN

A personal identification number (PIN) is any personal number required to secure your data on a smart card or token against unauthorized use. It is a good practice to change the PIN from time to time to ensure maximum confidentiality.

To change the Token PIN, perform the following steps:

  1. In BioCert® Identity, select My Identity.
  2. Select Change Token PIN. The Change PIN Wizard is displayed.
  3. On the Device Type dialog box, select the desired type of device, and then click Next.
  4. On the Select Token dialog box, select the token for which you want to change the PIN, and then click Next.
  5. On the User PIN dialog box, type the old PIN and the new PIN twice to confirm, and then click Finish to complete the operation.

Note
If you enter the incorrect PIN for the token several times in sequence, the token gets locked out. You will be unable to use this token until you unlock it.

Unlocking Smart Cards and Tokens

Multiple incorrect presentation of the User PIN may cause a smart card or token to become locked, after which the user cannot use it for any authentication or data storage purposes until the secure device is unlocked.

To unlock a smart card or token:

  1. In BioCert® Identity, select Settings.
  2. Select Smart Cards and Tokens tab.
  3. Expand the appropriate group of local tokens (smart cards, USB tokens, and so on), and then right-click the token to be unlocked.
  4. From the pop-up menu, select Unlock User PIN. The Unlock User PIN dialog is displayed.
  5. Type the Master PIN and User PIN, and then click OK to complete the operation.

Note
You must know the Master PIN to perform the unlocking operation. The User PIN can be changed during the unlocking process.

Smart Cards and Tokens Troubleshooting

Smart cards and USB tokens are not available in BioCert® Identity if installed after the BioCert® Identity installation

In order to use smart cards or USB tokens in BioCert® Identity, the supporting software (drivers, PKCS#11 providers, etc.) must be installed prior to BioCert® Identity installation. If you already have the BioCert® Identity installed do the following steps after installing smart card or token supporting software:

  1. In BioCert® Identity, select Settings, and then select Smart Cards and Tokens. A list of available tokens is displayed under Local Tokens.
  2. Right-click Local Tokens, on context menu select Scan for New Smart Cards and Tokens.
  3. Restart your computer if prompted.
 
 
Copyright © 2002-2006 Artemis Solutions Group, Use of this site or purchase subject to these Terms and Conditions of use.
Some images used on this website are Copyright (c) Comstock and used under license.