HP OB7100-ESCS Service Manual

HP Encryption Smart Card Security System

User’s Guide

This document contains pro prietary infor matio n which is prot ected by copyright . All ri ghts res erved. No part of this docu ment may be ph otocopied, repro duced or transl ated into an other language wi thout the pri or written consent of Hewlett-Packard company.

Windows 95 and Windows NT are registered trademarks of the Microsoft Corporation.

Limited warranty

The information contained in this document is subject to change without notice.

Hewlett-Packard Company makes no warranty of any kind with regard to this document, including, but not limited to, the implied warranties of merchantabili ty and fitness for a particular purpose.

Hewlett-Packard Company shall not be liable for errors contain ed herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this document.

In addition to the Limited Warranty Statement provided in the Support and Service booklet, and to the extent permitted by local law, Hewlett-Packard Company expressly disclaims any warranty that this product will be error-free. Hewlett-Packard Company makes no warranty that any data stored or encrypted by this product will be recoverable or accessable, or that access provided by this product will be maintained.

HP Software Product License Agreement

CAREFULLY READ THIS LICENSE AGREEMENT BEFORE PROCEEDING TO OPERATE THIS EQUIPMENT. RIGHTS IN THE SOFTWARE ARE OFFERED ONLY ON THE CONDITION THAT THE CUSTOMER AGREES TO ALL TERMS AND CONDITIONS OF THE LICENSE AGREEMENT. PROCEEDING TO OPERATE THE EQUIPMENT INDICATES YOUR ACCEPTANCE OF THESE TERMS AND CONDITIONS. IF YOU DO NOT AGREE WITH THE TERMS OF THE LICENSE AGREEMENT, YOU MUST NOW EITHER REMOVE THE SOFTWARE FROM YOUR HARD DISK DRIVE AND DESTROY THE MASTER DISKETTES, OR RETURN THE COMPLETE COMPUTER AND SOFTWARE FOR A FULL REFUND.

PROCEEDING WITH CONFIGURATION SIGNIFIES YOUR ACCEPTANCE OF THE LICENSE TERMS.

UNLESS OTHERWISE STATED BELOW, THIS HP SOFTWARE PRODUCT LICENSE AGREEMENT SHALL GOVERN THE USE OF ALL SOFTWARE THAT IS PROVIDED TO YOU, THE CUSTOMER, AS PART OF THE HP COMPUTER PRODUCT. IT SHALL SUPERSEDE ANY NONHP SOFTWARE LICENSE TERMS THAT MAY BE FOUND ON-LINE, OR IN ANY DOCUMENTATION OR OTHER MATERIALS CONTAINED IN THE COMPUTER PRODUCT PACKAGING.

Note: Operating System Software by Microsoft is licensed to you un der the Microsoft End User License Agreement (EULA) contained in the Microsoft documentation.

The following License Terms govern the use of the software:

USE. Customer may use the software on any one computer. Customer may not network the software or otherwise use it on more than one computer. Customer may not reverse assemble or decompile the software unless authorized by law.

COPIES AND ADAPTATIONS. Customer may make copies or adaptations of the software (a) for archival purposes or (b) when copying or adaptation is an essential step in the use of the software with a computer so long as the copies and adaptations are used in no other manner.

OWNERSHIP. Customer agrees that he/she does not have any title or ownership of the software, other than ownership of the physical media. Customer acknowledges and agrees that the software is copyrighted and protected under the copyright laws. Customer acknowledges and agrees that the software may have been developed by a third party s oft ware s up pli er named in the copyright n oti ces incl u ded wi th t he software, who shall be authorized t o ho ld the C us tomer responsible for any copyri g ht i nfr ingement or violation of this Agreement.

PRODUCT RECOVERY CD-ROM. If your computer was shipped with a product recovery CDROM: (i) The product recovery CD-ROM and/or support utility software may only be used for restoring the hard disk of the HP computer with which the product recovery CD-ROM was originally provided. (ii) The use of any operating system software by Microsoft contained in any such product recovery CDROM shall be governed by the Microsoft End User License Agreement (EULA).

TRANSFER OF RIGHTS IN SOFTWARE. Customer may transfer rights in the software to a third party only as part of the transfer of all rights and only if Customer obtains the prior ag reement of the third party to be bound by the terms of this License Agreement. Upon such a transfer, Customer agrees that his/her rights in the software are terminated and that he/she will either destroy his/her copies and adaptations or deliver them to the third party.

SUBLICENSING AND DISTRIBUTION. Customer may not lease, sublicense the software or distribute copies or adaptati ons of the software to t he public in ph ysical media or by t elecommunication wi thout the prior written consent of Hewlett-Packard.

TERMINATION. Hewlett-Packard may terminate this software license for failure to comply with any of these terms provided Hewlett-Packard has requested Customer to cure the failure and Customer has failed to do so within thirty (30) days of such notice.

UPDATES AND UPGRADES. Customer agrees that the software does not include updates and upgrades which may be available from Hewlett-Packard under a separate support agreement.

EXPORT CLAUSE. Customer agrees not to export or re-export the sof tware or any copy or adaptation in violation of the U.S. Export Administration regulations or other applicable regulation.

U.S. GOVERNMENT RESTRICTED RIGHTS. Use, duplication, or disclosure by the U.S. Government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause in DF ARS 252.2 27-701 3. Hewl ett- Packard Company, 3000 Hanover St reet, Palo Alto, CA 94304 U.S.A. Rights for non-DOD U.S. Government Departments and Agen cies are as set forth in FAR 52.227-19(c)(1,2).

Contents

1. Understanding the HP Encryption Smart Card Security System. . . . . . . . . . . . . . . .1-1

What is the Encryption Smart Card Security System? . . . . . . . . . . . . . . . . . . . . . . . . . . .1-1

What is a smart card?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-1

What is Encryption?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-1

How does the HP Encryption Smart Card Security System work? . . . . . . . . . . . . . . . . . .1-2

2. Setting up your OmniBook to use a smart card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-5

Checking the package contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-5

Checking the requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-5

Installing the Encryption System software and Smart Card Reader . . . . . . . . . . . . . . . . .1-6

Smart card logon with Windows NT. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-7

Initializing your smart card and creating a recovery file. . . . . . . . . . . . . . . . . . . . . . . . .1-10

3. Using your HP Encryption Smart Card Security System . . . . . . . . . . . . . . . . . . . . .1-13

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-13

Getting Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-13

Entering the PIN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-14

NT Workstation lock (screen lock) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-15

Using the Secure Folder. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-15

Changing your Smart Card’s PIN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-17

If you forget your PIN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-18

Creating a replacement smart card. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-19

4. Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-23

General Troubleshooting tips and tricks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-23

Troubleshooting questions and answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-26

Contents

Understanding the HP Encryption Smart Card Security System

What is the Encryption Smart Card Security System?

The Encryption Smart Card Security System is an accessory for your OmniBook that uses smart card technology to provide smart card protected logon for Windows NT and strong fi le encryption on Windows NT and Windows 95. The E ncryption Smart Card Security System consists of a smart card reader which inserts into a PCMCIA slot on your OmniBook, and a smart card in which to store information that ensures that only you can access your OmniBook and read the files you have chosen to protect.

What is a smart card?

A smart card is a credit-card-sized card which carries a microchip containing

memory and a microprocessor. The card’s microchip lies beneath gold contact pads and when the card is inserted in a smart card reader, the contents of the microchip can be read and interpreted in a number of ways, depending on the application. A Personal Identification Number (PIN) is normally needed to “unlock” the contents of the microchip, meaning that only the p erson wh o kn ows the PIN can use the card.

What is Encryption?

Encryption is simply taking in telligible data and making it unintelligible by using a mathematical function and a unique key. To return the data to intelligible form, we use the same mathematical function and the same key. Therefore only the holder of the key can take the unintelligible data and make it intelligible.

The type of encryption used in the HP Encryption System provides confidentiality, as no one but the holder of the key can read the data.

1-1

How does the HP Encryption Smart Card Security System work?

The Encryption Smart Card Security System provides two security features:

• Data encryption on your OmniBook’s hard drive (Windows 95 and Windows NT).

• Smart card protected logon for Windows NT to prevent unauthorized access to your OmniBook.

Data encryption

When you set up the Encryption Smart Card Security System on your OmniBook, as part of the process you define a Secure folder on your OmniBook, and generate an encryption key that is stored on your smart card. You will also define a PIN which allows only someone with the PIN to use the smart card. When you place a file in the Secure folder with the smart card inserted in the smart card reader, the file is encrypted using a key stored on your smart card. The files in the Secure folder can be accessed only when your smart card is present in the smart card reader and the correct PIN has been provided. This means that for anyone to decrypt and read the files placed in your Secure folder, that person must be in possession of your smart card and also know your card’s PIN.

1-2

How does the HP Encryption Smart Card Security System work?

Τηε βρο

Ridebis, et licet rideas. Ego i lle quem nosti apros et quidem pulcherrimos cepi. Ipse? inquis. Ipse; non tamen ut omnino ab inertia mea et quete discederem. Ad retia sedebam: erat in proximo non venabulum aut lancea, sed stilus et pugilares: meditab ar aliquid enotabamque, ut, si manus vacuas, plenas tamen ceras reportarem.

Non est quod contemnas hoc studendi genus. Mirum est ut animus agitatione motuque corporis excit etut. Iam undique silvae et solitudo ipsumque illud si le ntiu m quod venationi datur magna cogitationis incitamenta sunt. Pr oinde cum venabere, licebit, auctore me, ut panarium et lagunculam sic etiam pugillare s fera s.

ων φοξ

@*¿b

ϕυ

µπεδ οϖερ τηε λαζψ δογ.

@*¿b

brown fox jumped over the lazy dog.

Τη

ροµπεδ

@*¿bt&%?h

Tæhe bhe

rodogw&%?@*¿bn fto encrypt

ροων φοξ ϕυµπε

ownb

d @*¿b@*¿boδ

@er3^)**&^@]}\\ @@*¿& x öTæhe r

δογ

τηε λαζ

@jumped over

@*¿b

χαν νοω υ

σε

ψου

öõ%

&%?

@*¿b

δατα

@*¿b)**&

ρτ χαρδ το ενχ

βψ πλα

¿dh

ρ δεταιλσ ον

@*¿b

&%öõ%je¿¿dhr @*¿@

@*¿b je¿

oægb

ψπτιον

δογ

@jumped over

Τηε

@*¿b

ρψπτ

¿dh

χινηγ ιτ ιν

σµα

je¿

τηε*¿ ιν τ ιν τ ενχρ φολδερΦο ενχρψπτ ογß ιν τ

&F&%?#tæ öTæhe r

τηε λαhροωνϕυµ βρο

The

ψ δου

Plain file Encrypted file

An encryption key on the smart card is used for encrypting the file as it is

placed in the private folder

Smart card containing an encryption key

Smart card logon with Windows NT

Windows NT offers password-protected logon where you must enter a user name and a password to access your Windows NT account. The Encryption Smart Card Security System increases the security of Windows NT logon by using a smart card in addition to your password. The smart card is registered with your Wind ows NT logon the first time you log on after the Encryption System software is installed on your OmniBook. Anytime you log on after this, the smart card must be present in a smart card reader inserted in the PCMCIA slot of your OmniBook. When you enter your user name and password, the system reads the smart card in the smart card reader and verifies that the correct smart card is present. If not, then admission to your Windows NT account is denied. Therefore for someone to log on to your Windows NT account, that person must not only know your user name and password, but must also be in possession of your smart card.

1-3

How does the HP Encryption Smart Card Security System work?

1-4

Setting up your OmniBook to use a smart card

Checking the package contents

Your Encryption Smart Card Security System package contains:

• 1 PCMCIA smart card reader

• 2 GPK4000 smart cards (one spare card for backup/recovery purposes)

• 1 CD-ROM containing the Encryption Smart Card Security System software

• 1 User’s Guide (this manual)

Note that an optional pack of five smart cards is also available as a separate OmniBook accessory (order no. F1613A).

Checking the requirements

To use the Encryption Smart Card Security System, you need:

• An HP OmniBook Model 800, 2000, 3000, 5000, 4100, 7100, Sojourn or later with Microsoft Windows 95 OSR2 or later installed

An HP OmniBook Model 2100, 3000, 4100, 7100, Sojourn or later with Microsoft Windows NT 4.0 SP3 or later installed (you will need at least 2 NT accounts; one for the NT Administrator and at least one User account for everyday use)

• A CD-ROM drive installed in your OmniBook (no te that on certain models of OmniBook, the CD-ROM drive is an option you need to purchase separately)

• 1 free PCMCIA slot on your OmniBook

• At least 5 Mbytes of free space on your hard disk

It is also recommended that you have a formatted diskette to hand, to use as a safe place to store the recovery file generated during the smart card initialization process.

1-5

+ 23 hidden pages