CryptoCard KT-2 Token User manual
CRYPTOCard Token Guide
KT-2 Token
Reference Guide
KT-2 Token User Guide – Quick Reference
2
Proprietary Notice
License and Warranty Information
CRYPTOCard Inc. and its affiliates retain all owners ip rig ts to t e computer program described in t is manual, ot er computer
programs offered by t e company ( ereinafter called CRYPTOCard) and any documentation accompanying t ose programs. Use of
CRYPTOCard software is governed by t e license agreement accompanying your original media. CRYPTOCard software source code
is a confidential trade secret of CRYPTOCard. You may not attempt to decip er, de-compile, develop, or ot erwise reverse
engineer CRYPTOCard software, or allow ot ers to do so. Information needed to ac ieve interoperability wit products from ot er
manufacturers may be obtained from CRYPTOCard upon request.
T is manual, as well as t e software described in it, is furnis ed under license and may only be used or copied in accordance wit
t e terms of suc license. T e material in t is manual is furnis ed for information use only, is subject to c ange wit out notice,
and s ould not be construed as a commitment by CRYPTOCard. CRYPTOCard assumes no liability for any errors or inaccuracies
t at may appear in t is document. Except as permitted by suc license, no part of t is publication may be reproduced, stored in a
retrieval system, or transmitted in any form or by any means electronic, mec anical, recording or ot erwise, wit out t e prior
written consent of CRYPTOCard.
CRYPTOCard reserves t e rig t to make c anges in design or to make c anges or improvements to t ese products wit out
incurring t e obligation to apply suc c anges or improvements to products previously manufactured. T e foregoing is in lieu of all
ot er warranties expressed or implied by any applicable laws. CRYPTOCard does not assume or aut orize, nor as it aut orized
any person to assume for it, any ot er obligation or liability in connection wit t e sale or service of t ese products. In no event
s all CRYPTOCard or any of its agents be responsible for special, incidental, or consequential damages arising from t e use of
t ese products or arising from any breac of warranty, breac of contract, negligence, or any ot er legal t eory. Suc damages
include, but are not limited to, loss of profits or revenue, loss of use of t ese products or any associated equipment, cost of
capital, cost of any substitute equipment, facilities or services, downtime costs, or claims of customers of t e Purc aser for suc
damages. T e Purc aser may ave ot er rig ts under existing federal, state, or provincial laws in t e USA, Canada, or ot er
countries or jurisdictions, and w ere suc laws pro ibit any terms of t is warranty, t ey are deemed null and void, but t e
remainder of t e warranty s all remain in effect.
Customer Ob igation
S ipping Damage: T e purc aser must examine t e goods upon receipt and any visible damage s ould immediately be reported to
t e carrier so t at a claim can be made. Purc asers s ould also notify CRYPTOCard of suc damage. T e customer s ould verify
t at t e goods operate correctly and report any deficiencies to CRYPTOCard wit in 30 days of delivery. In all cases, t e customer
s ould notify CRYPTOCard prior to returning goods. Goods returned under t e terms of t is warranty must be carefully packaged
for s ipment to avoid p ysical damage using materials and met ods equal to or better t an t ose wit w ic t e goods were
originally s ipped to t e purc aser. C arges for insurance and s ipping to t e repair facility are t e responsibility of t e purc aser.
CRYPTOCard will pay return c arges for units repaired or replaced under t e terms of t is warranty.
Copyright
Copyrig t © 2007, CRYPTOCard Inc. All Rig ts Reserved. No part of t is publication may be reproduced,
transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means wit out t e
written permission of CRYPTOCard Inc.
Trademarks
CRYPTO-Server 6.4 Administrator’s Manual viii CRYPTOCard, CRYPTO-Server, CRYPTO-Web, CRYPTO-Kit, CRYPTO-Logon, CRYPTO-
VPN, CRYPTO-S ield, CRYPTO-MAS, are eit er registered trademarks or trademarks of CRYPTOCard Inc. Java is a registered
trademarks of Sun Microsystems, Inc.; Microsoft Windows and Windows XP/2000/2003/NT are registered trademarks of Microsoft
Corporation. SecurID is a registered trademark of RSA Security. All ot er trademarks, trade names, service marks, service names,
product names, and images mentioned and/or used erein belong to t eir respective owners.
KT-2 Token User Guide – Quick Reference
3
Additiona Information, Assistance, or Comments
CRYPTOCard’s tec nical support specialists can provide assistance w en planning and implementing CRYPTOCard in your network.
In addition to aiding in t e selection of t e appropriate aut entication products, CRYPTOCard can suggest deployment procedures
t at provide a smoot , simple transition from existing access control systems and a satisfying experience for network users. We
can also elp you leverage your existing network equipment and systems to maximize your return on investment. T is
complimentary support service is available from your first evaluation system download.
CRYPTOCard works closely wit c annel partners to offer worldwide Tec nical Support services. If you purc ased t is product
t roug a CRYPTOCard c annel partner, please contact your reseller directly for support needs.
Contact CRYPTOCard direct y:
International Voice: +1-613-599-2441
Nort America Toll Free: 1-800-307-7042
Email: support@cryptocard.com
For information about obtaining a support contract, see our Support Web page at:
ttp://www.cryptocard.com/support/cryptocardannualsupportandmaintenance/
Re ated Documentation
Refer to t e Tec nical Documentation section of t e CRYPTOCard website for additional documentation and interoperability guides:
ttp://www.cryptocard.com/support/tec nicaldocumentation/
KT-2 Token User Guide – Quick Reference
4
Solution Overview
Summary
Product Name KT2 Token Guide
Vendor Site CRYPTOCard
CRYPTOCard Product Requirements
CRYPTOCard Service
CRYPTO-Server
KT-2 Token User Guide – Quick Reference
5
Tab e of Contents
SOLUTION OVERVIEW ............................................................................................................. 4
OVERVIEW............................................................................................................................... 6
TOKEN CONTROL ..................................................................................................................... 6
USING THE KT-2, PIN STORED ON SERVER .............................................................................. 7
Generating a Passcode ..........................................................................................................7
Changing PIN .......................................................................................................................7
TOKEN RESYNCHRONIZATION ................................................................................................. 8
TOKEN INITIALIZATION .......................................................................................................... 8
KT-2 Token User Guide – Quick Reference
6
Overview
T e KT-2 Key C ain token generates a new, random
“one-time password” eac time t e token is activated.
Pressing t e button located to t e rig t and below t e
LCD display activates t e token.
A PIN is an alp anumeric string of 3 to 8 c aracters t at is used to guard against t e unaut orized use of t e token.
If PIN protection is enabled, t e user must provide a PIN wit t e one-time password to aut enticate.
Token control
Depending upon t e options enabled in t e token, t e user may be required to enter a PIN, adjust t e LCD contrast,
c ange t eir PIN, or resync ronize t e token. T ese actions require t e use of t e button to accept options
presented to t e user t roug t e LCD display. T e token will provide prompts and allow t e user to input t e digits
0
t roug
9
, t e letter
E
, and t e symbol
┤
W ere input is required, t e token will cycle t roug t e input options.
W en t e correct digit, letter, or symbol is displayed, t e user pus es t e button to accept t e input. For example,
to input t e PIN
123
, t e user will press t e button 3 times, once after eac of t e numbers 1, 2, and 3 is
displayed.
Pressing t e button w en t e letter
E
is displayed indicates to t e token t at t e user will provide no additional
input.
Pressing t e button w en t e
┤
symbol is displayed erases t e input immediately to t e left of t e symbol. T is is
used to correct input errors.
KT-2 Token User Guide – Quick Reference
7
Using the KT-2, P N Stored on Server
In t is mode (assuming QUICKLog
TM
mode is being used), t e token requires no input data to generate a new, one-
time passcode, but t e user must prepend is PIN to t e passcode displayed by t e token in order to generate an
acceptable password.
Generating a Passcode
Press t e button to activate t e token. A one-time passcode is automatically generated. Enter t e PIN (e.g.
ABCD
)
and passcode (e.g.
12345678
) at t e password prompt (
ABCD12345678
).
Changing PIN
If enabled, t is feature permits t e PIN to be c anged according to t e establis ed security policy. T e CRYPTO-
Server will enforce a PIN c ange at regular intervals. Depending on t e options selected, t e user will be prompted
to enter a new PIN or will be provided wit a new PIN generated by t e CRYPTO-Server. In bot cases, t e PIN will
meet t e minimum PIN policy requirements (complexity, lengt , non-trivial, etc.) as configured on t e Server. A
CRYPTO-Server Operator may also force a PIN c ange for individual users, as required.
W en a PIN c ange is required, t e user will be prompted t roug t e process. Once complete, t e user must re-
aut enticate to gain access to protected resources.
KT-2 Token User Guide – Quick Reference
8
Token Resynchronization
Token resync ronization requires t e user to enter a “c allenge” into t e token. T e c allenge must be provided by
t e Help Desk or via a Web-based resync ronization page. In t e unlikely event t at t e token requires
resync ronization wit t e aut entication server:
1. Press and old t e button (approximately 3-4 seconds) on t e token until t e Init prompt appears. T en release
t e button.
2. T e token will cycle t roug a series of prompts:
Ini┤, Lcd, Chg PIn, and rESY C
. T e prompts
and sequence will vary depending on t e options enabled for t e token. Press t e button w ile t e
rESY C
prompt is displayed.
3. T e digits
0
t roug
9
will be displayed sequentially to t e rig t of t e
rESY C
prompt. For every digit of t e
resync ronization c allenge, press t e button to accept t e displayed digit.
Note: After t e last digit of t e “c allenge” is entered, double-press t e button.
For example, if t e resync ronization c allenge is
16278371
:
Token Displays Action
rESY C 1
Press Button
16
Press Button
162
Press Button
1627
Press Button
16278
Press Button
162783
Press Button
1627837
Press Button
16278371
Press Button
16278371
Press Button
Token nitialization
T e KT-2 can be reprogrammed as often as required to enable new options,
encryption modes, and keys. CRYPTO-Console, and a serial or USB token
initializer are required. To initialize a token:
1. To prepare a KT token for initialization, start wit t e KT-2 token off, press
and old t e KT-2 token button until t e display s ows
Ini┤
(approximately 3-4 seconds).
2. Release and quickly press t e button again. T e display will s ow t e
prompt
rdY 4 Ir
. T e KT-2 token will remain in t e
rdY 4 Ir
state for approximately 1 minute. T e
token cannot be initialized w ile in any ot er state.
3. Insert t e token into t e initializer wit t e LCD display facing t e front of t e initializer.
4. Follow t e instructions on t e CRYPTO-Console. T e token will display t e
PASS
message on successful
initialization. T e token will s ut off automatically 10-15 seconds after initialization.
Table of contents
