Page 1
RS20N-3 (MDR102) • RS40N-3 (MDR104) | QUICK CONFIGURATION GUIDE
Secure Multi-Domain Smart Card Reader
Models:
RS20N-3 (MDR102) – Secure 2-Port Multi-Domain Smart Card Reader
RS40N-3 (MDR104) – Secure 4-Port Multi-Domain Smart Card Reader
Intended Audience
This document is targeted at the following professionals:
• System Administrators.
• IT Managers with adequate knowledge of PKI architecture.
Objectives
This document describes the fundamental configuration procedures that
are required to install the HSL Multi-Domain Smart Card Reader.
Prerequisites
• Obtain and install the applications, drivers and files of the cryptographic
software (CSP) which corresponds to your selected smart card vendor.
• Obtain a smartcard from your selected smart card vendor.
• Verify that your smart card setup works correctly on each PC using a
standard smart card reader prior to connecting the MDR.
Initial MDR Configuration Steps
Table 01 describes the initial MDR configuration steps
Hardware Terms
The following terms are used to describe
hardware elements in this document:
1. Numbered USB Cables: USB Cables with numbered connectors.
2. Card Reader Slot
3. PC Association Led
4. PC Number Button
5. PC Number Led
6. DIP Switch
2
3
4
5
1
1
2
3
4
6
# Action Action Description Expected Behavior
Verify that the applications, drivers and files of the cryptographic
Install Smart Card
1
Applications
2 Turn PC ON Make sure that all the PCs are turned ON.
Test Smart Card using a
3
Standard Reader
4 Connect MDR to Power Connect the MDR to Power
Connect USB Cables
5
to PCs
Insert Smart Card into
6
the MDR
Initial Association with
7
PC#1
Initial Association with
8
PC#2
software (CSP) that corresponds to your selected smart card vendor are
installed on all the computers that you plan to connect to the MDR.
Note: Perform a computer restart in case needed to complete the smart
card application installation.
Verify that your smart card setup works correctly on each PC using a
standard smart card reader prior to connecting the MDR.
Connect the MDR USB cables to the computers. Cable numbers
correspond to the numbered MDR buttons.
Insert your smart card into the MDR reader socket.
Note: Make sure the smart card chip is facing towards you.
Press PC Number Button#1 to initialize the MDR on PC#1.
Press PC Number Button#2 to initialize the MDR on PC#2.
Notes: Repeat the process on the remaining PCs.
1 second beep sound.
All LED lights blink once.
All PC Number LED lights blink constantly.
1 second beep sound.
All lights are OFF.
PC Number Button#1 light turns ON.
The MDR appears as a smart card reader
under PC#1 device manager.
PC Number Button#1 light turns OFF.
PC Number Button#2 light turns ON.
The MDR appears as a smart card reader
under PC#2 device manager.
Page 2
Working with the MDR
One completing the initial MDR configuration steps the MDR
is ready for use allowing simultaneous usage of a single smartcard
with multiple PCs.
RS20N-3 (MDR102) • RS40N-3 (MDR104) | QUICK CONFIGURATION GUIDE
Smartcard Removal Behavior
Removing the smartcard from the MDR immediately de-associates the MDR
from all coupled PCs. As a result, smartcard-aware applications will notice the
smartcard absence and respond accordingly.
For example, a Windows PC that is configured to require smartcards for
user logon may be set to lock the user’s desktop once the smartcard is
removed.
Re-associating the MDR after Smartcard Removal
In order to continue using the smartcard (after it’s been removed from the
MDR), the user has to insert the smartcard into the MDR and complete steps
6-8 in order to re-associated the MDR with all the corresponding PCs.
MDR Operational Modes
Operational Mode settings determines how Active/Passive PC Modes are
set. For example, when the MDR Operational Mode is set to Manual, the
user has to manually press the PC Number Button corresponding to the PC
that requires access to the smartcard.
When the MDR Operational Mode is set to dynamic, auto-association
methods are used to determine which PC will be set as Active.
For example, when the MDR operational mode is set to Activity-Detection
Auto Association, the MDR will automatically actively associate itself to the
computer which requires smart card access based on an activity detection
algorithm.
To preset which MDR Operational Mode is in use (Manual / Auto...etc), there is
a hardware dual in-line package (DIP) switch situated in the underside of the
base. See the switch configuration settings in Table 02, column DIP Switch.
De-associating the MDR from a Specific PC
Long pressing a PC Number Button is the equivalent of removing the
smartcard only from the PC which corresponds to that button without
effecting other associated PCs. To re-associate that PC with the MDR, press
the PC Number Button to initialize the MDR (as described in step 7).
The de-association option is useful in any case a user wants to de-associate
the MDR from a specific PC, without interfering with other PCs which are
associated with the MDR.
For example, when a user has to lock PC#1 by removing the smartcard
yet remain logged-on to PC#2, or when a certain PC is not successfully
associated with the MDR and the user wants to re-associate it.
DIP Switch Configuration
1. To change the DIP switch settings, hold the
MDR with the underside facing you. In this
position, the DIP switch should be at the
upper right corner.
2. Gently remove the DIP switch cover.
3. The switch includes 8 slides numbered
from 1 to 8, ordered from left to right.
4. When pulled down, slide status is OFF.
When pulled up, slide status is ON.
5. To activate an operation mode, pull down its
corresponding slide.
6. Multiple slides can be turned OFF (pulled down)
at the same time.
7. Refer to Table 02 to adjust DIP switch settings with your work scenario.
Table 02 Operational Modes:
# Mode Description DIP Switch
The user has to manually press the PC Number Button correspondin g to the PC that requires access to the smart card.
1 Manual
Activit y-Detection Auto
2
Association
Power-Detec tion Auto
3
Association
4 Device Manager Mode
Auto-Association Safe
5
Mode
Activit y & Power Auto
Association with Device
6
Manager Mo de and Safe
Mode
(This is th e default mode)
For example: Once the MDR is simultaneously connected to two computers (PC#1 and PC#2) and a user needs to
authenticate securely v ia smart card in front of PC#1, by pressing PC Number But ton #1 the MDR becomes actively
associated w ith PC#1 and the user can authenticate successfully.
Then when the user wants to digitally sign an email on PC#2, pressing PC Number Button #2 will actively associate the
MDR to PC#2 making the smart card available to the email application on that computer.
MDR will automatically associate itself to the computer which requires smart c ard access based on its ac tivitydetection algorithm. Once an application attempts to interact with the smar t card the MDR automatically associates
itself to the computer that hosts it.
MDR will automatically associate itself to the computer which requires smart c ard access based on its powerdetection algorithm. Once the MDR detects an increase in power it automatically associates it self to the computer
that initiated it.
Determines whether th e MDR remains mapped to the computer’s device manager, or not , upon smart card removal.
Once enable d, the MDR remains mapped to the computer ’s device manager upon smartcard removal, just as a
standard smart card reader would.
When not in use, the MDR is disconnected f rom the computer’s device manager upon smart card removal. This
equals to disconnecting the USB cables b etween the MDR and the associated PCs but might cause computability
issues with so me smart card applications.
Application errors and usabilit y issues may occur due to the smar t card being switched to another computer in the
middle of a smart card op eration running on the active computer.
When enabled, automatic switching of the smart card between computers will only o ccur when the smart card is idle
(not in use). Auto-Association Safe Mode prevents the Auto -Association algorithm from switching the smart card in
case it is busy – hence being used.
When disabled, upon the detection of a smar t card request the MDR immediately s witches the smart card to the
requesting computer, regardless of whether the smar t card is in use by the currently active computer or not.
MDR will automatically associate itself to the computer which requires smart c ard access based on either activit y or
power detection (depending on the smart card type). Automatic switching of the smar t card between computers will
only occur wh en the smart card is idle (not in use).
Upon smar t card removal the MDR remains mapped to the computer’s device manager, just as a standard smart card
reader would.
This option is only applicable
when used in conjunction with
other modes, for example 2+4.
This option is only applicable
when used in conjunction with
other modes, for example 2+4+5
1
2
3
4
5
2 + 3 + 4 + 5
Power Requirements: External, wall-mounted power supply 12VDC, 5W maximum
©2016 All rights reserv ed. HSL logo and produc t names are tradema rks or service t rademarks of Hig hSecLabs Ltd (HSL).
All other mar ks are the proper ty of their respe ctive owners. Ima ges for demonstr ation purposes onl y.
HDC10200 Rev. 4.1
Loading...