Page 1
KT-2 Token
Reference Guide
CRYPTOCard Token Guide
Page 2
Proprietary Notice
License and Warranty Information
CRYPTOCard Inc. and its affiliates retain all ownership rights to the computer program described in this manual, other computer
programs offered by the company (hereinafter called CRYPTOCard) and any documentation accompanying those programs. Use of
CRYPTOCard software is governed by the license agreement accompanying your original media. CRYPTOCard software source code
is a confidential trade secret of CRYPTOCard. You may not attempt to decipher, de-compile, develop, or otherwise reverse
engineer CRYPTOCard software, or allow others to do so. Information needed to achieve interoperability with products from other
manufacturers may be obtained from CRYPTOCard upon request.
This manual, as well as the software described in it, is furnished under license and may only be used or copied in accordance with
the terms of such license. The material in this manual is furnished for information use only, is subject to change without notice,
and should not be construed as a commitment by CRYPTOCard. CRYPTOCard assumes no liability for any errors or inaccuracies
that may appear in this document. Except as permitted by such license, no part of this publication may be reproduced, stored in a
retrieval system, or transmitted in any form or by any means electronic, mechanical, recording or otherwise, without the prior
written consent of CRYPTOCard.
CRYPTOCard reserves the right to make changes in design or to make changes or improvements to these products without
incurring the obligation to apply such changes or improvements to products previously manufactured. The foregoing is in lieu of all
other warranties expressed or implied by any applicable laws. CRYPTOCard does not assume or authorize, nor has it authorized
any person to assume for it, any other obligation or liability in connection with the sale or service of these products. In no event
shall CRYPTOCard or any of its agents be responsible for special, incidental, or consequential damages arising from the use of
these products or arising from any breach of warranty, breach of contract, negligence, or any other legal theory. Such damages
include, but are not limited to, loss of profits or revenue, loss of use of these products or any associated equipment, cost of
capital, cost of any substitute equipment, facilities or services, downtime costs, or claims of customers of the Purchaser for such
damages. The Purchaser may have other rights under existing federal, state, or provincial laws in the USA, Canada, or other
countries or jurisdictions, and where such laws prohibit any terms of this warranty, they are deemed null and void, but the
remainder of the warranty shall remain in effect.
Customer Obligation
Shipping Damage: The purchaser must examine the goods upon receipt and any visible damage should immediately be reported to
the carrier so that a claim can be made. Purchasers should also notify CRYPTOCard of such damage. The customer should verify
that the goods operate correctly and report any deficiencies to CRYPTOCard within 30 days of delivery. In all cases, the customer
should notify CRYPTOCard prior to returning goods. Goods returned under the terms of this warranty must be carefully packaged
for shipment to avoid physical damage using materials and methods equal to or better than those with which the goods were
originally shipped to the purchaser. Charges for insurance and shipping to the repair facility are the responsibility of the purchaser.
CRYPTOCard will pay return charges for units repaired or replaced under the terms of this warranty.
Copyright
Copyright © 2007, CRYPTOCard Inc. All Rights Reserved. No part of this publication may be reproduced,
transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the
written permission of CRYPTOCard Inc.
Trademarks
CRYPTO-Server 6.4 Administrator’s Manual viii CRYPTOCard, CRYPTO-Server, CRYPTO-Web, CRYPTO-Kit, CRYPTO-Logon, CRYPTO-
VPN, CRYPTO-Shield, CRYPTO-MAS, are either registered trademarks or trademarks of CRYPTOCard Inc. Java is a registered
trademarks of Sun Microsystems, Inc.; Microsoft Windows and Windows XP/2000/2003/NT are registered trademarks of Microsoft
Corporation. SecurID is a registered trademark of RSA Security. All other trademarks, trade names, service marks, service names,
product names, and images mentioned and/or used herein belong to their respective owners.
KT-2 Token User Guide – Quick Reference
2
Page 3
Additional Information, Assistance, or Comments
CRYPTOCard’s technical support specialists can provide assistance when planning and implementing CRYPTOCard in your network.
In addition to aiding in the selection of the appropriate authentication products, CRYPTOCard can suggest deployment procedures
that provide a smooth, simple transition from existing access control systems and a satisfying experience for network users. We
can also help you leverage your existing network equipment and systems to maximize your return on investment. This
complimentary support service is available from your first evaluation system download.
CRYPTOCard works closely with channel partners to offer worldwide Technical Support services. If you purchased this product
through a CRYPTOCard channel partner, please contact your reseller directly for support needs.
Contact CRYPTOCard directly:
International Voice: +1-613-599-2441
North America Toll Free: 1-800-307-7042
Email: support@cryptocard.com
For information about obtaining a support contract, see our Support Web page at:
http://www.cryptocard.com/support/cryptocardannualsupportandmaintenance/
Related Documentation
Refer to the Technical Documentation section of the CRYPTOCard website for additional documentation and interoperability guides:
http://www.cryptocard.com/support/technicaldocumentation/
KT-2 Token User Guide – Quick Reference
3
Page 4
Solution Overview
Summary
Product Name KT2 Token Guide
Vendor Site CRYPTOCard
CRYPTOCard Product Requirements
CRYPTOCard Service
CRYPTO-Server
KT-2 Token User Guide – Quick Reference
4
Page 5
Table of Contents
SOLUTION OVERVIEW ............................................................................................................. 4
OVERVIEW............................................................................................................................... 6
TOKEN CONTROL ..................................................................................................................... 6
USING THE KT-2, PIN STORED ON SERVER .............................................................................. 7
Generating a Passcode ..........................................................................................................7
Changing PIN .......................................................................................................................7
TOKEN RESYNCHRONIZATION ................................................................................................. 8
TOKEN INITIALIZATION .......................................................................................................... 8
KT-2 Token User Guide – Quick Reference
5
Page 6
Overview
The KT-2 Key Chain token generates a new, random
“one-time password” each time the token is activated.
Pressing the button located to the right and below the
LCD display activates the token.
A PIN is an alphanumeric string of 3 to 8 characters that is used to guard against the unauthorized use of the token.
If PIN protection is enabled, the user must provide a PIN with the one-time password to authenticate.
Token control
Depending upon the options enabled in the token, the user may be required to enter a PIN, adjust the LCD contrast,
change their PIN, or resynchronize the token. These actions require the use of the button to accept options
presented to the user through the LCD display. The token will provide prompts and allow the user to input the digits
0
through 9, the letter E, and the symbol ┤Where input is required, the token will cycle through the input options.
When the correct digit, letter, or symbol is displayed, the user pushes the button to accept the input. For example,
to input the PIN
displayed.
Pressing the button when the letter E is displayed indicates to the token that the user will provide no additional
input.
Pressing the button when the ┤symbol is displayed erases the input immediately to the left of the symbol. This is
used to correct input errors.
123
, the user will press the button 3 times, once after each of the numbers 1, 2, and 3 is
KT-2 Token User Guide – Quick Reference
6
Page 7
Using the KT-2, PIN Stored on Server
In this mode (assuming QUICKLog
time passcode, but the user must prepend his PIN to the passcode displayed by the token in order to generate an
acceptable password.
Generating a Passcode
Press the button to activate the token. A one-time passcode is automatically generated. Enter the PIN (e.g.
and passcode (e.g.
12345678
Changing PIN
If enabled, this feature permits the PIN to be changed according to the established security policy. The CRYPTOServer will enforce a PIN change at regular intervals. Depending on the options selected, the user will be prompted
to enter a new PIN or will be provided with a new PIN generated by the CRYPTO-Server. In both cases, the PIN will
meet the minimum PIN policy requirements (complexity, length, non-trivial, etc.) as configured on the Server. A
CRYPTO-Server Operator may also force a PIN change for individual users, as required.
When a PIN change is required, the user will be prompted through the process. Once complete, the user must reauthenticate to gain access to protected resources.
TM
mode is being used), the token requires no input data to generate a new, one-
) at the password prompt (
ABCD12345678
).
ABCD
)
KT-2 Token User Guide – Quick Reference
7
Page 8
Token Resynchronization
Token resynchronization requires the user to enter a “challenge” into the token. The challenge must be provided by
the Help Desk or via a Web-based resynchronization page. In the unlikely event that the token requires
resynchronization with the authentication server:
1. Press and hold the button (approximately 3-4 seconds) on the token until the Init prompt appears. Then release
the button.
2. The token will cycle through a series of prompts:
and sequence will vary depending on the options enabled for the token. Press the button while the
prompt is displayed.
3. The digits 0 through 9 will be displayed sequentially to the right of the
resynchronization challenge, press the button to accept the displayed digit.
Note: After the last digit of the “challenge” is entered, double-press the button.
For example, if the resynchronization challenge is
Token Displays Action
rESYNC 1
16
162
1627
16278
162783
1627837
16278371
16278371
Ini┤, Lcd, Chg PIn, and rESYNC
16278371
Press Button
Press Button
Press Button
Press Button
Press Button
Press Button
Press Button
Press Button
Press Button
rESYNC
:
prompt. For every digit of the
. The prompts
rESYNC
Token Initialization
The KT-2 can be reprogrammed as often as required to enable new options,
encryption modes, and keys. CRYPTO-Console, and a serial or USB token
initializer are required. To initialize a token:
1. To prepare a KT token for initialization, start with the KT-2 token off, press
and hold the KT-2 token button until the display shows
(approximately 3-4 seconds).
2. Release and quickly press the button again. The display will show the
prompt
token cannot be initialized while in any other state.
3. Insert the token into the initializer with the LCD display facing the front of the initializer.
4. Follow the instructions on the CRYPTO-Console. The token will display the
initialization. The token will shut off automatically 10-15 seconds after initialization.
rdY 4 Ir
. The KT-2 token will remain in the
Ini┤
rdY 4 Ir
KT-2 Token User Guide – Quick Reference
state for approximately 1 minute. The
PASS
message on successful
8
Loading...