vSEC:CMS U2.4 - Help

The vSEC:CMS U2.4 is a software tool that allows a user to work with minidriver enabled smart cards. Actions that can be performed using this tool include:

The vSEC:CMS U2.4 is available both as a web application and as a standalone application.


Table of Contents

Overview
Smart Card Interface
Change Smart Card User PIN
Unblock Smart Card User PIN
View Smart Card Certificate(s)
General Information about vSEC:CMS U2.4


Smart Card Interface

From the Smart Card Interface panel, it is possible to select what smart card reader to use. This is useful if more than one smart card reader with valid smart cards inserted is connected to the computer. Selecting the reader is done using the drop down list.

The list of supported smart cards can be found from the Information tab.

Default Screen

[Back]


Change Smart Card User PIN

To change the smart card user PIN the Change PIN tab is used. Enter the current PIN, the new PIN and confirm the new PIN. If the smart card is a new smart card the Current PIN is often 0000. From the Change PIN for Key Container drop down list it is possible to change the PIN for a specific key container PIN type. This functionality depends on the supported smart card type used. This feature will only be enabled for smart cards that support multiple PIN types, therefore by default this functionality is disabled and with the PIN type set as the primary card PIN unless the attached smart card supports this feature. Please consult your smart card vendor documentation to determine whether the smart card used supports this feature. The PIN Policy panel will display the PIN policy set on the smart card that needs to be met in order for the change of PIN to succeed. When the Current and the New PINs have been provided and the smart card is connected, click the Write To Card button to change the user PIN.

Change PIN Screen

[Back]


Unblock Smart Card User PIN

If the smart card user PIN has been blocked (for example by entering the wrong PIN in excess of the allowed number of PIN entries), the PIN can be unblocked by using the functionality available in the Unblock PIN tab. There are two methods available for unblocking a user PIN: use a challenge-response protocol or a Personal Unlock Code (PUC), also known as a PIN Unlocked Key (PUK).

Challenge-response:
Using the challenge-response method, the smart card user needs to generate a challenge (a random value) and provide this to the administrator of the smart card. The administrator of the smart card knows the administration key value for the smart card that is to be unblocked. The administrator then performs a transformation on the challenge using the administration key value and returns this as the response (often referred to as a cryptogram) to the user of the smart card. The user then enters the response into the response field and provides a new PIN and confirms the new PIN value. To complete the unblock flow the user clicks the Write to Card button. In order to unblock the user smart card, select the PIN from the drop down list as indicted by the finger. On selecting the PIN, the vSEC:CMS U2.4 will automatically generate a challenge. This challenge will be saved to the system clipboard. This value can then be pasted, for example, to an email and should be sent to the smart card administrator in order for the administrator to find the corresponding administration key value for the smart card that is to be unblocked and which is used to generate the response unblock code. Next to the field there is a checksum of the challenge value that is automatically calculated and which should be used to validate that the correct values of the generated challenge are sent to the smart card administrator. The user should enter the response as sent by the administrator of the smart card into the Response field, as indicated by the finger. Next to the field there is a checksum of the response value that is automatically calculated and which should be used to validate that the correct values of the generated response are received from the administrator. When the response code is entered the New PIN and Confirm PIN fields will appear. Enter a new PIN and confirm the PIN. The PIN Policy panel will display the PIN policy set on the smart card that needs to be met in order for the unblock of PIN to succeed. Click the Write to Card button to complete the unblock flow.

Note: If the smart card is configured with a PUC PIN (see section below for more details) it will be possible to perform an unblock of the PUC PIN should it become blocked. The PUC PIN should be seen as just another PIN on the smart card. For example, if the Primary Card PIN is configured with a PUC PIN for unblock operations then this entry will appear in the Select PIN drop down list as PUC (Primary Card PIN).

PIN Unblock


PUC:
If the user smart card is configured with a PUC code it will be possible to unblock the user PIN using the PUC code. In order to unblock the user smart card using PUC, select the PUC PIN from the drop down list as indicted by the finger. For example, if the Primary Card PIN is configured to be unblocked using a PUC, the entry in the drop down list will be Primary Card PIN (using PUC). On selecting the entry the PUC PIN, New PIN and Confirm PIN fields will appear. Enter the PUC PIN (the user will need to have knowledge of this PIN) and provide a new PIN and confirm. The PIN Policy panel will display the PIN policy set on the smart card that needs to be met in order for the unblock of PIN to succeed. Click the Write to Card button to complete the unblock flow.

Important: the smart card should not be removed and the tab should remain open during the process as there is a one to one relationship between the challenge and response.

PUC Unblock

[Back]


Certificate(s)

Using the Certificate tab it is possible to view the digital certificates stored on the smart card. If there are any certificates stored on the smart card the details will be presented in a table. To view details about a certificate, select the certificate and click the View button. This will present detailed information regarding the selected certificate.


Note: the PIN column provide the information on what PIN type is set for the key container that stores the certificate.


Note: For more advanced certificate management please see the vSEC:CMS K-Series application.

Certificate Screen

[Back]

Information

From the Information tab, general information about the vSEC:CMS U2.4 is displayed. The supported smart card types are listed along with a legal notice regarding the usage of vSEC:CMS U2.4.

Information Screen

[Back]