vSEC:CMS® U2.3 Default Mode - Help

The vSEC:CMS® U2.3 is a software tool that allows a user to work with minidriver enabled smart cards. Actions that can be performed using this tool include:

The vSEC:CMS® U2.3 is available both as a web application and as a standalone application.


Table of Contents

Overview
Smart Card Interface
Change Smart Card User PIN
Unblock Smart Card User PIN
View, Import, Export and Delete Smart Card Certificate(s)
General Information about vSEC:CMS® U2.3


Smart Card Interface

From the Smart Card Interface panel, it is possible to select what smart card reader to use. This is useful if more than one smart card reader with valid smart cards inserted is connected to the computer. Selecting the reader is done using the drop down list.

The list of supported smart cards can be found from the Information tab.

Default Screen

[Back]


Change Smart Card User PIN

To change the smart card user PIN the Change PIN tab is used. Enter the current PIN, the new PIN and confirm the new PIN. If the smart card is a new smart card the Current PIN is often 0000. From the Change PIN for Key Container drop down list it is possible to change the PIN for a specific key container PIN type. This functionality depends on the supported smart card type used. This feature will only be enabled for smart cards that support multiple PIN types, therefore by default this functionality is disabled and with the PIN type set as the primary card PIN unless the attached smart card supports this feature. Please consult your smart card vendor documentation to determine whether the smart card used supports this feature. The PIN Policy panel will display the PIN policy set on the smart card that needs to be met in order for the change of PIN to succeed. When the Current and the New PINs have been provided and the smart card is connected, click the Write To Card button to change the user PIN.

Change PIN Screen

[Back]


Unblock Smart Card User PIN

If the smart card user PIN has been blocked (for example by entering the wrong PIN in excess of the allowed number of PIN entries), the PIN can be unblocked by using the functionality available in the Unblock PIN tab. The vSEC:CMS® U2.3 uses a challenge-response protocol which allows a user to securely unblock their smart card when it becomes blocked. The smart card user needs to generate a challenge (a random value) and provide this to the administrator of the smart card. The administrator of the smart card knows the administration key value (also known as Personal Unblock Key - PUK) for the smart card that is to be unblocked. The administrator then performs a transformation on the challenge using the administration key value and returns this as the response (often referred to as a cryptogram) to the user of the smart card.


In order to unblock the user smart card click the 1. Start button to begin the process. Ensure that a smart card is attached, and on clicking the button the vSEC:CMS® U2.3 will automatically get the CSN (smart card serial number) and generate the challenge. Click the 2. Copy button to copy the CSN and challenge to the system clipboard. These values can then be pasted, for example, to an email and should be sent to the smart card administrator in order for the administrator to find the corresponding administration key value for the smart card that is to be unblocked and which is used to generate the response unblock code. Next to the field there is a checksum of the challenge value that is automatically calculated and which should be used to validate that the correct values of the generated challenge are sent to the smart card administrator. If the user knows the administration key value the user can click the 3. Proceed button which will present the screen (see the Calculate Response Screen below) where the user can enter the administration key value to generate the response code. Otherwise, the user will need to enter the response as sent by the administrator of the smart card into the Response field. Next to the field there is a checksum of the response value that is automatically calculated and which should be used to validate that the correct values of the generated response are received from the administrator. Click the Write To Card button to unblock the smart card and set the PIN. This will present the unblock PIN screen (see the Unblock PIN Screen below) where the user can enter their new PIN. From the Change PIN for Key Container drop down list it is possible to unblock the PIN for a specific key container PIN type. This functionality depends on the supported smart card type used. This feature will only be enabled for smart cards that support multiple PIN types, therefore by default this functionality is disabled and with the PIN type set as the primary card PIN unless the attached smart card supports this feature. In the dialog example below the smart card type supports multiple PIN types with the smart card provisioned with two PIN types set on the smart card. In this example the smart card has a Primary Card PIN and Encryption PIN set on the smart card. Select the PIN type that is to be unblocked. Please consult your smart card vendor documentation to determine whether the smart card used supports this feature. The unblock screen PIN Policy panel will display the PIN policy set on the smart card that needs to be met in order for the unblock of PIN to succeed.

Important: the smart card should not be removed and the tab should remain open during the process as there is a one to one relationship between the challenge and response.

Unblock Screen
Calculate Response Screen
Unblock PIN Screen

[Back]


Certificate(s)

Using the Certificate tab it is possible to manage the digital certificates stored on the smart card. If there are any certificates stored on the smart card the details will be presented in a table. The vSEC:CMS® U2.3 supports certificates in the following formats:

  • .cer or .der format
  • .pfx or .p12 format
From this tab it is possible to perform several operations which are described below.
View: To view all the details about a certificate, select the certificate and click the View button. This will present detailed information regarding the selected certificate. From this screen it is possible to Export the certificate to the local system. The exported certificate should be saved with a .cer or .der extension.
Default: Certificates with a corresponding private key stored on the smart card can be set as the default certificate on the card. This means that the certificate set as default will be automatically used when performing an operation with the certificates on the card. For example, if the smart card has two certificates with associated private keys stored on the smart card and the smart card is used to perform Windows logon, then the certificate set as default will be used to perform the Windows smart card logon. Select the certificate you wish to set as default and click the default button. You will be prompted to enter the smart card PIN to complete the operation. The default certificate is indicated with an asterisk '*' character in the certificate table.
Import: In order to import a certificate from the local system to the smart card click the Import button. Browse to the location where the certificate is stored and if the certificate has a password enabled for the certificate private key enter the private key PIN value into the field provided. You will be prompted to enter the smart card PIN to complete the operation.
Delete: In order to delete a certificate from the smart card, select a certificate and click the Delete button. You will be prompted to enter the smart card PIN to complete the operation.

Note: the PIN column provide the information on what PIN type is set for the key container that stores the certificate.

Certificate Screen

[Back]

Information

From the Information tab, general information about the vSEC:CMS® U2.3 is displayed. The supported smart card types are listed along with a legal notice regarding the usage of vSEC:CMS® U2.3.

Information Screen

[Back]