RSA SecurID Ready Implementation Guide
SecurID Ready Implementation Guide
Rainbow iKey 2000
Last Modified 06/18/01
1. Partner Information
Partner Name Rainbow Technologies
Web Site http://www.rainbow.com/ikey2000/index.html
Product Name iKey 2000 Series
Version & Platform iKey 2000, iKey 2032
Product Description Rainbow’s iKey 2000 is an inexpensive identity token that can be used
on any universal serial bus (USB) equipped workstation. The iKey
provides the reliability, simplicity, and security of smartcards and
cryptographic tokens without the complication and cost of a reader.
iKeys are small and lightweight, making them easy to carry on a
keychain or in an appointment book. Like smartcards, iKeys have
thousands of applications, many of which were previously solved with
passwords. iKeys contain memory for personal information and
credentials, as well as an independent processor for authentication
and network security applications.
Product Category Authentication, Smart Cards, Tokens
2. Contact Information
Pre-Sales Post-Sales
E-mail sales@rainbow.com techsupport@rainbow.com
Phone 1-800-852-8569 1-800-959-9954
Web www.rainbow.com
www.rainbow.com
1
RSA SecurID Ready Implementation Guide
3. Solution Summary
Feature Details
Authentication methods supported Native SecurID
New PIN support All
Next tokencode support Yes
Secondary server support Slave ACE/Server
Location of node secret on client %SystemRoot%\System32 or system
registry
ACE/Server client definition type Net OS
SecurID user specification Designated users
SecurID protection of administrators Yes
4. Product Requirements
The computer on which you install the Rainbow iKey software must be running one of
the following Microsoft operating systems:
· Microsoft Windows 95
· Microsoft Windows 98
· Microsoft Windows NT 4.0
· Microsoft Windows2000
Your computer must have a 486 or later processor and a minimum of 8 Mbytes of RAM
(16 Mbytes is recommended).
Your computer must also have an available USB port for the token reader.
2
RSA SecurID Ready Implementation Guide
5. Partner ACE/Agent configuration
Before attempting to use the Rainbow iKey 2000 and CIP (Cryptographic Interface
Provider) Software with the RSA SecurID Software Token v2.5, make sure that your
USB reader is installed and operating properly. Also ensure you have installed the CIP
software according to the specifications outlined in the iKey 2000 Series User’s Guide.
You can verify that the token and reader have been installed properly by starting the
Token Manager utility:
Figure 1 – Token Manager Utility
Use the Display Reader Status button in the Token Manager utility to ensure that the
components are working properly. Refer to the iKey 2000 Series User’s Guide for
more information on using the Token Manager utility.
3
RSA SecurID Ready Implementation Guide
In order to enable the SecurID Software Token to use the Rainbow iKey 2000, you must
install the RSA SecurID Smart Card Components. Run
RSA_SecurID_smart_card_installation.exe and follow the installation prompts. When
you reach the screen entitled Select Components choose RSA SecurID Smart Card
software without drivers.
Figure 2 – SecurID Smart Card Components Install Screen
When the install has completed, you can launch the reader selection utility by going to
Start…Programs…RSA SecurID Smart Card…Reader Selection where you will see
the following screen:
Figure 3 – Reader Selection startup screen
4
RSA SecurID Ready Implementation Guide
Choose the Add Module button:
Figure 4 – Adding the PKCS11 Module
The dkck201.dll module is Rainbow's implementation of the Cryptoki Version 2.01
API. By default this is installed in %SystemRoot%\System32 when you install the CIP
software. Browse to the file and select Open. You will be returned to the Reader Setup
screen where you should receive the message Selected reader successfully verified:
Figure 5 – Successful installation of module
5
RSA SecurID Ready Implementation Guide
Next, start The RSA SecurID Software Token from the Start Menu:
Figure 6 – Software Token main screen
Choose Options…Smart Card Options. The Smart Card Reader will read
PKCS11_card, and the Smart Card Status should read Smart Card Present:
Figure 7 – Smart Card Options screen
6
RSA SecurID Ready Implementation Guide
Select Transfer Current Token to Smart Card and follow the dialog for transferring the
token seed record to the smart card:
Figure 8 – Transferring the seed record
You should see the following message indicating that the transfer has succeeded:
Figure 9 – Successful transfer message
7
RSA SecurID Ready Implementation Guide
You can verify that the token seed record has been successfully transferred by selecting
Options… Token Information:
Figure 10 – Token Information
The Rainbow iKey 2000 is now ready for use with all applications that support the RSA
SecurID Software Token. For more information on working with the SecurID Software
Tokens and smart cards, consult the RSA SecurID Software Token Administrator’s
Guide.
8
RSA SecurID Ready Implementation Guide
6. Certification Checklist
Indicate here the tests that were run to ensure the product is SecurID Ready:
Test
1st time auth. (node secret creation)
New PIN mode:
System-generated
SecurID Software Token
User-defined (4-8 alphanumeric)
SecurID Software Token
User-defined (5-7 numeric)
SecurID Software Token
User-selectable
SecurID Software Token
Next Tokencode mode
SecurID Software Token
Slave ACE/Server
No ACE/Server
Pass
P
P
P
P
P
P
P
P
Fail
7. Known Issues
If you receive a Dr. Watson error when attempting to select dkck201.dll in the card reader selection utility, then contact RSA Security Customer Support for a patch to reader.exe that resolves this issue
When using the reader selection utility, upon adding the dkck201.dll PKCS#11
module, the utility may hang. If this occurs, stop the application (reader.exe) from
the task manager and restart the program. You will then be able to select the
Datakey reader and module from the drop-down menu.
9
Loading...