HP OmniBook 7100 User manual
®
HP Encryption Smart Card
Security System
User’s Guide
Copyright and trademark information
This document contains proprietary information which is protected by copyright. All rights reserved. No
part of this document may be photocopied, reproduced or translated into another language without the pri-
or written consent of Hewlett-Packard company.
CCopyright Hewlett-Packard Company, 1998. All rights reserved.
Windows 95 and Windows NT are registered trademarks of the Microsoft Corporation.
Limited warranty
The information contained in this document is subject to change without notice.
Hewlett-Packard Company makes no warranty of any kind with regard to this document, including, but
not limited to, the implied warranties of merchantability and fitness for a particular purpose.
Hewlett-Packard Company shallnot be liablefor errors contained herein or for incidental or consequential
damages in connection with the furnishing, performance, or use of this document.
In addition to the Limited Warranty Statement provided in the Support and Service booklet, and to the
extent permitted by local law, Hewlett-Packard Company expressly disclaims any warranty that this prod-
uct will be error-free. Hewlett-Packard Company makes no warranty that any data stored or encrypted by
this product will be recoverable or accessable, or that access provided by this product will be maintained.
HP Software Product License Agreement
CAREFULLY READ THIS LICENSE AGREEMENT BEFORE PROCEEDING TO OPERATE THIS
EQUIPMENT. RIGHTS IN THE SOFTWARE ARE OFFERED ONLY ON THE CONDITION THAT
THE CUSTOMER AGREES TO ALL TERMS AND CONDITIONS OF THE LICENSE AGREE-
MENT. PROCEEDING TO OPERATE THE EQUIPMENT INDICATES YOUR ACCEPTANCE OF
THESE TERMS AND CONDITIONS. IF YOU DO NOT AGREE WITH THE TERMS OF THE LI-
CENSE AGREEMENT, YOU MUST NOW EITHER REMOVE THE SOFTWARE FROM YOUR
HARD DISK DRIVE AND DESTROY THE MASTER DISKETTES, OR RETURN THE COMPLETE
COMPUTER AND SOFTWARE FOR A FULL REFUND.
PROCEEDING WITH CONFIGURATION SIGNIFIES YOUR ACCEPTANCE OF THE LICENSE
TERMS.
UNLESS OTHERWISE STATED BELOW, THIS HP SOFTWARE PRODUCT LICENSE AGREE-
MENT SHALL GOVERN THE USE OF ALL SOFTWARE THAT IS PROVIDED TO YOU, THE
CUSTOMER, AS PART OF THE HP COMPUTER PRODUCT. IT SHALL SUPERSEDE ANY NON-
HP SOFTWARE LICENSE TERMS THAT MAY BE FOUND ON-LINE, OR IN ANY DOCUMENTA-
TION OR OTHER MATERIALS CONTAINED IN THE COMPUTER PRODUCT PACKAGING.
Note: Operating System Software by Microsoft is licensed to you under the Microsoft End User License
Agreement (EULA) contained in the Microsoft documentation.
The following License Terms govern the use of the software:
USE. Customer may use the software on any one computer. Customer may not network the software or
otherwise use it on more than one computer. Customer may not reverse assemble or decompile the soft-
ware unless authorized by law.
COPIES AND ADAPTATIONS. Customer may make copies or adaptations of the software (a) for ar-
chival purposes or (b) when copying or adaptation is an essential step in the use of the software with a
computer so long as the copies and adaptations are used in no other manner.
OWNERSHIP. Customer agrees that he/she does not have any title or ownership of the software, other
than ownership of the physical media. Customer acknowledges and agrees that the software is copyright-
ed and protected under the copyright laws. Customer acknowledges and agrees that the software may
have been developed by a third party software supplier named in the copyright notices included with the
software, who shall be authorized to hold the Customer responsible for any copyright infringement or vi-
olation of this Agreement.
PRODUCT RECOVERY CD-ROM. If your computer was shipped with a product recovery CD-
ROM: (i) The product recovery CD-ROM and/or support utility software may only be used for restoring
the hard disk of the HP computer with which the product recovery CD-ROM was originally provided.
(ii) The use of any operating system software by Microsoft contained in any such product recovery CD-
ROM shall be governed by the Microsoft End User License Agreement (EULA).
TRANSFER OF RIGHTS IN SOFTWARE. Customer may transfer rights in the software to a third
party only as part of the transferof all rights andonly if Customer obtains the prior agreement ofthe third
party to be bound by the terms of this License Agreement. Upon such a transfer, Customer agrees that
his/her rights in the software are terminated and that he/she will either destroy his/her copies and adapta-
tions or deliver them to the third party.
SUBLICENSING AND DISTRIBUTION. Customer may not lease, sublicense the software or distrib-
ute copies or adaptations ofthe software to the public in physical media or by telecommunication without
the prior written consent of Hewlett-Packard.
TERMINATION. Hewlett-Packard may terminate this software license for failure to comply with any
of these terms provided Hewlett-Packard has requested Customer to cure the failure and Customer has
failed to do so within thirty (30) days of such notice.
UPDATES AND UPGRADES. Customer agrees that the software does not include updates and up-
grades which may be available from Hewlett-Packard under a separate support agreement.
EXPORT CLAUSE. Customer agrees not to export or re-export the software or any copy or adaptation
in violation of the U.S. Export Administration regulations or other applicable regulation.
U.S. GOVERNMENT RESTRICTED RIGHTS. Use, duplication, or disclosure by the U.S. Govern-
ment is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and
Computer Software clause in DFARS 252.227-7013. Hewlett-Packard Company, 3000 Hanover Street,
Palo Alto, CA 94304 U.S.A. Rights for non-DOD U.S. Government Departments and Agencies are as set
forth in FAR 52.227-19(c)(1,2).
i
1. Understanding the HP Encryption Smart Card Security System. . . . . . . . . . . . . . . .1-1
What is the Encryption Smart Card Security System? . . . . . . . . . . . . . . . . . . . . . . . . . . .1-1
What is a smart card?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-1
What is Encryption?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-1
How does the HP Encryption Smart Card Security System work? . . . . . . . . . . . . . . . . . .1-2
2. Setting up your OmniBook to use a smart card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-5
Checking the package contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-5
Checking the requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-5
Installing the Encryption System software and Smart Card Reader . . . . . . . . . . . . . . . . .1-6
Smart card logon with Windows NT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-7
Initializing your smart card and creating a recovery file. . . . . . . . . . . . . . . . . . . . . . . . .1-10
3. Using your HP Encryption Smart Card Security System . . . . . . . . . . . . . . . . . . . . .1-13
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-13
Getting Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-13
Entering the PIN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-14
NT Workstation lock (screen lock) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-15
Using the Secure Folder. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-15
Changing your Smart Card’s PIN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-17
If you forget your PIN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-18
Creating a replacement smart card. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-19
4. Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-23
General Troubleshooting tips and tricks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-23
Troubleshooting questions and answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-26
Contents
ii
Contents
1-1
1
Understanding the HP Encryption Smart Card
Security System
What is the Encryption Smart Card Security System?
The Encryption Smart Card Security System is an accessory for your OmniBook
that uses smart card technology to provide smart card protected logon for Windows
NT and strong file encryption on Windows NT and Windows 95. The Encryption
Smart Card Security System consists of a smart card reader which inserts into a
PCMCIA slot on your OmniBook, and a smart card in which to store information
that ensures that only you can access your OmniBook and read the files you have
chosen to protect.
What is a smart card?
A smart card is a credit-card-sized card which carries a microchip containing
memory and a microprocessor. The card’s microchip lies beneath gold contact pads
and when the card is inserted in a smart card reader, the contents of the microchip
can be read and interpreted in a number of ways, depending on the application. A
Personal Identification Number (PIN) is normally needed to “unlock” the contents
of the microchip, meaning that only the person who knows the PIN can use the card.
What is Encryption?
Encryption is simply taking intelligible data and making it unintelligible by using a
mathematical function and a unique key. To return the data to intelligible form, we
use the same mathematical function and the same key. Therefore only the holder of
the key can take the unintelligible data and make it intelligible.
The type of encryption used in the HP Encryption System provides confidentiality,
as no one but the holder of the key can read the data.
1-2
How does the HP Encryption Smart Card Security System work?
1
How does the HP Encryption Smart Card Security System work?
The Encryption Smart Card Security System provides two security features:
• Data encryption on your OmniBook’s hard drive (Windows 95 and Windows
NT).
• Smart card protected logon for Windows NT to prevent unauthorized access to
your OmniBook.
Data encryption
When you set up the Encryption Smart Card Security System on your OmniBook, as
part of the process you define a Secure folder on your OmniBook, and generate an
encryption key that is stored on your smart card. You will also define a PIN which
allows only someone with the PIN to use the smart card. When you place a file in
the Secure folder with the smart card inserted in the smart card reader, the file is
encrypted using a key stored on your smart card. The files in the Secure folder can
be accessed only when your smart card is present in the smart card reader and the
correct PIN has been provided. This means that for anyone to decrypt and read the
files placed in your Secure folder, that person must be in possession of your smart
card and also know your card’s PIN.
1-3
How does the HP Encryption Smart Card Security System work? 1
Smart card logon with Windows NT
Windows NT offers password-protected logon where you must enter a user name
and a password to access your Windows NT account. The Encryption Smart Card
Security System increases the security of Windows NT logon by using a smart card
in addition to your password. The smart card is registered with your Windows NT
logon the first time you log on after the Encryption System software is installed on
your OmniBook. Anytime you log on after this, the smart card must be present in a
smart card reader inserted in the PCMCIA slot of your OmniBook. When you enter
your user name and password, the system reads the smart card in the smart card
reader and verifies that the correct smart card is present. If not, then admission to
your Windows NT account is denied. Therefore for someone to log on to your
Windows NT account, that person must not only know your user name and
password, but must also be in possession of your smart card.
Ridebis, et licet rideas. Ego ille quem nosti
apros et quidem pulcherrimos cepi. Ipse?
inquis. Ipse; non tamen ut omnino ab iner-
tia mea et quete discederem. Ad retia sede-
bam: erat in proximo non venabulum aut
lancea, sed stilus et pugilares: meditabar
aliquid enotabamque, ut, si manus vacuas,
plenas tamen ceras reportarem.
Non est quod contemnas hoc studendi
genus. Mirum est ut animus agitatione
motuque corporis excitetut. Iam undique
silvae et solitudo ipsumque illud silentium
quod venationi datur magna cogitationis
incitamenta sunt. Proinde cum venabere,
licebit, auctore me, ut panarium et
lagunculam sic etiam pugillares feras.
Smart card containing
an encryption key
An encryption key on the smart card
is used for encrypting the file as it is
placed in the private folder
Plain file Encrypted file
@*¿bΤηε βρο@*¿bων φοξ
ϕυ@*¿bµπεδ οϖερ τηε λαζψ δογ. The
brown fox jumped over the lazy dog.
Τη@*¿bt&%?hροµπεδ Tæhe bhe
rodogw&%?@*¿bn fto encrypt
ownbροων φοξ ϕυµπεd @*¿b@*¿boδ
@er3^)**&^@]}\\ @@*¿&x öTæhe r
δογ@jumped over τηε λαζ@*¿bψ δου
χαν νοω υöõ%σε &%?ψου@*¿bρ
σµα@*¿bρτ χαρδ το ενχ¿dhρψπτ
je¿δατα ¿dhβψ πλα@*¿bχινηγ ιτ ιν
τηε*¿ ιν τ ιν τ ενχρje¿ψπτιον
φολδερΦο@*¿bρ δεταιλσ ον
ενχρψπτογßιν τ &%öõ%je¿¿dhr @*¿@
&F&%?#tæ öTæhe r δογ@jumped over
τηε λαhροωνϕυµoægbΤηε
βρο@*¿b)**&
1-4
How does the HP Encryption Smart Card Security System work?
1
1-5
2
Setting up your OmniBook to use a smart card
Checking the package contents
Your Encryption Smart Card Security System package contains:
• 1 PCMCIA smart card reader
• 2 GPK4000 smart cards (one spare card for backup/recovery purposes)
• 1 CD-ROM containing the Encryption Smart Card Security System software
• 1 User’s Guide (this manual)
Note that an optional pack of five smart cards is also available as a separate
OmniBook accessory (order no. F1613A).
Checking the requirements
To use the Encryption Smart Card Security System, you need:
• An HP OmniBook Model 800, 2000, 3000, 5000, 4100, 7100, Sojourn or later
with Microsoft Windows 95 OSR2 or later installed
or
An HP OmniBook Model 2100, 3000, 4100, 7100, Sojourn or later with
Microsoft Windows NT 4.0 SP3 or later installed (you will need at least 2 NT
accounts; one for the NT Administrator and at least one User account for
everyday use)
• A CD-ROM drive installed in your OmniBook (note that on certain models of
OmniBook, the CD-ROM drive is an option you need to purchase separately)
• 1 free PCMCIA slot on your OmniBook
• At least 5 Mbytes of free space on your hard disk
It is also recommended that you have a formatted diskette to hand, to use as a safe
place to store the recovery file generated during the smart card initialization process.
1-6
Installing the Encryption System software and Smart Card Reader
2
Installing the Encryption System software and Smart Card Reader
Note Before you begin installation, make sure your OmniBook’s CD-ROM drive is
correctly installed.
1 Start your OmniBook (log on as Administrator for Windows NT). You should
have the Windows desktop displayed
2 Insert the HP Encryption System Software CD-ROM into the CD-ROM drive of
your OmniBook.
3 Start your Windows program installation utility (Start, Settings, Control panel,
Add/Remove Programs) and install the Encryption Smart Card Security System
software from the CD-ROM.
During the installation process you will be asked to install the smart card reader
in an available PCMCIA slot in your OmniBook (the smart card reader is
installed with the label facing upwards).
The software will be installed in the C:\Program Files\Hewlett-
Packard\HP Encryption System\ directory by default, but you can
specify a different one if you wish.
Your Secure folder will be C:\Private by default, and again, you may
change this if you wish.
Your OmniBook will be restarted when the installation is complete.
If you are using Windows 95, you have now finished the installation. Proceed to
“Initializing your smart card and creating a recovery file” on page 10.
For Windows NT users, you are now ready to register the Administrator and User
smart cards for use with NT Logon.
1-7
Smart card logon with Windows NT 2
Smart card logon with Windows NT
With Windows NT, the Encryption Smart Card Security System provides the
additional security feature of smart card logon. This makes the logon procedure
more secure as you need both your NT password and your smart card during logon.
You must register your smart card with your user name and password during the NT
logon process. After registration only your smart card can be used with your NT
password.
It is recommended to register a smart card for at least 2 different Users; one for your
normal User (everyday use) and one for the NT Administrator.
Registering your Administrator smart card for Windows NT logon
With Windows NT, it is highly recommended to register an Administrator smart
card for your OmniBook to allow access to the system Administrator account.
In cases where all NT accounts are centrally managed (for example in a corporate
environment), registering the Administrator smart card would typically be done by
your system Administrator. If you are not part of such an environment, you will
need to register an Administrator smart card for yourself.
Your Windows NT documentation will contain additional details on the system
Administrator account.
To register an Administrator smart card
Caution With Windows NT, if you lose your original smart card or it gets damaged or stolen,
you will be unable to access your OmniBook unless you have a registered
Administrator card.
1 Insert a new smart card in the smart card reader.
2Log on to your OmniBook using the system Administrator’s user name and
password.
When you have entered your Administrator’s user name and password, a message
appears telling you that the card in the reader is now registered for your
Administrator’s account. You must now use this smart card every time you log on to
your Windows NT Administrator’s account.
1-8
Smart card logon with Windows NT
2
Note The Administrator smart card allows access to the Windows NT Administrator
account and should be used only for administration and recovery purposes (should
your original User smart card get lost or damaged). Naturally, the Administrator
smart card should be kept in a safe place.
Registering your User smart card for Windows NT logon
To register your User smart card
1 Insert a new smart card in the smart card reader.
Note This smart card will be the card that you will use for subsequent NT logons. After
this card is successfully registered for your NT account, you will be unable to log on
to your OmniBook without the card inserted in the smart card reader.
2 Log on to your OmniBook following the normal Windows NT logon procedure.
When you have entered your user name and password, a message appears
telling you that the card in the reader is now registered for your User account.
You now must use this smart card every time you log on to your Windows NT
User account.
This completes the steps necessary to register your smart cards for Windows NT
logon.
The first time you log on after installation, you will be in Verification mode.
Verification Mode
When you first set up your HP Encryption System to work with NT, it is put into an
insecure “Verification” mode, which allows you to continue to access your
OmniBook even if there are problems with accessing your smart card reader or
smart card.
This “Verification” mode is only available following first installation, and is only
destined to be used until you feel confident that everything is working as it should
(especially following a reboot). Once you are confident in the installation and
configuration, click on “Secure” in the Verification mode dialog box and the NT
Logon installation will be secured.
1-9
Smart card logon with Windows NT 2
Note For security reasons, there is no way to return to this verification mode once you have
selected to remove it.
You will now need to initialize each card that you wish to use for file encryption.
1-10
Initializing your smart card and creating a recovery file
2
Initializing your smart card and creating a recovery file
Purpose of initializing your smart card
Before you can use a smart card to encrypt files, you will need to initialize it. During
initialization, an encryption key is generated that is used to encrypt and decrypt your
data. This key is stored on your smart card, which means that the encrypted data can
be decrypted only when the smart card is inserted in the smart card reader connected
to your OmniBook.
The recovery file
As a safety measure, the encryption key generated and stored on your smart card is
also copied to a recovery file. If you subsequently lose your smart card, or it gets
damaged, this recovery file allows you to load the encryption key that was on your
original smart card to a new card, thus enabling you to access and decrypt the files
on your OmniBook.
To initialize your smart card
1 Make sure your smart card is inserted in the smart card reader.
2 Open the HP Encryption Smart Card Security System Manager, and select the
Smart Card tab.
1-11
Initializing your smart card and creating a recovery file 2
3IntheSmartCardpage, clickonInitializeto start the initialization process, and
generate your encryption key.
You will now be asked to enter a PIN number for the smart card.
4 Enter an 8-character PIN and confirm the PIN by retyping it exactly in the
Confirm PIN field.
Note Your PIN must be exactly 8 characters long. It is not case sensitive.
5 During the initialization process, you are prompted to define a recovery file
and an associated password.
The default directory for the recovery file is on a floppy disk ( a:\ ).
1-12
Initializing your smart card and creating a recovery file
2
If you wish to define another location for the recovery file, click on ... to select
another directory.
Then enter the name of the recovery file and the password to prevent
unauthorized access to the file.
Caution The recovery file allows you to create a duplicate smart card to access and decrypt
the files in your Secure folder should you lose your original smart card or it gets
damaged. For security reasons it is not recommended that you store this file on your
OmniBook hard disk. A safe place would be on a floppy disk.
It is also important that you do not forget the password for the recovery file. If this
happens, you will be unable to use your recovery file.
6ClickOK when you are done.
The encryption key is now generated and stored on your smart card and in the
recovery file. You can now use your smart card to encrypt files.
1-13
3
Using your HP Encryption Smart Card Security
System
Introduction
When using your HP Encryption Smart Card Security System with the Windows 95
operating system, a smart card must be present to encrypt and decrypt files in your
Secure folder. When the card is introduced in the reader a message box will open
asking for the PIN. Only when the correct PIN is entered will you be able to access
your Secure folder and encrypt and decrypt your files.
With the Windows NT operating system, in addition to the above, the smart card is
required to log on. The PIN is requested, but is not necessary to log on (you can
cancel, without stopping the logon). However, only when the correct PIN has been
entered will you be able to access your Secure folder and encrypt and decrypt your
files.
Getting Information
In the Information page of the HP Encryption System manager, you can easily see
where the Secure folder is located. This location was specified during the product
installation and cannot be changed. Other information available includes the status
of the smart card and smart card reader and the status of the products software
components.
1-14
Entering the PIN
3
Entering the PIN
Each time you insert a new smart card, or remove and insert the same smart card,
you will be asked to enter its PIN. When the Encryption System detects the card, it
opens a PIN dialog box. Enter the smart card’s PIN. Once the PIN has been
correctly entered, you will have access to your Secure folder. If a wrong PIN is
entered or the smart card is not present, you will not be allowed to access your
Secure folder.
Caution If you type the PIN wrong seven times in a row, the card is locked from further use.
This is a security feature to prevent someone from trying to guess your PIN.
See “If you forget your PIN” on page 18.
Other manuals for OmniBook 7100
4
This manual suits for next models
1
Table of contents
Other HP Security System manuals
Popular Security System manuals by other brands
Teletek electronics
Teletek electronics SF 120 installation manual
ADEMCO
ADEMCO Counterforce CFV15P Programming guide
ADEMCO
ADEMCO Vista-50 user guide
Fike
Fike TWINFLEX 313-0021 Installation and maintenance instructions
aquilar
aquilar AquiTron AT-RAP-230 Installation & operation instructions
DSC
DSC PC560 instruction manual
