Symbian Mobile Token

Java/Symbian Mobile Token Reference Guide CRYPTOCard Token Guide Proprietary Notice License and Warranty Information CRYPTOCard Inc. and its affili...
Author: Gabriel Wright
11 downloads 0 Views 415KB Size
Java/Symbian Mobile Token Reference Guide

CRYPTOCard Token Guide

Proprietary Notice License and Warranty Information CRYPTOCard Inc. and its affiliates retain all ownership rights to the computer program described in this manual, other computer programs offered by the company (hereinafter called CRYPTOCard) and any documentation accompanying those programs. Use of CRYPTOCard software is governed by the license agreement accompanying your original media. CRYPTOCard software source code is a confidential trade secret of CRYPTOCard. You may not attempt to decipher, de-compile, develop, or otherwise reverse engineer CRYPTOCard software, or allow others to do so. Information needed to achieve interoperability with products from other manufacturers may be obtained from CRYPTOCard upon request. This manual, as well as the software described in it, is furnished under license and may only be used or copied in accordance with the terms of such license. The material in this manual is furnished for information use only, is subject to change without notice, and should not be construed as a commitment by CRYPTOCard. CRYPTOCard assumes no liability for any errors or inaccuracies that may appear in this document. Except as permitted by such license, no part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means electronic, mechanical, recording or otherwise, without the prior written consent of CRYPTOCard. CRYPTOCard reserves the right to make changes in design or to make changes or improvements to these products without incurring the obligation to apply such changes or improvements to products previously manufactured. The foregoing is in lieu of all other warranties expressed or implied by any applicable laws. CRYPTOCard does not assume or authorize, nor has it authorized any person to assume for it, any other obligation or liability in connection with the sale or service of these products. In no event shall CRYPTOCard or any of its agents be responsible for special, incidental, or consequential damages arising from the use of these products or arising from any breach of warranty, breach of contract, negligence, or any other legal theory. Such damages include, but are not limited to, loss of profits or revenue, loss of use of these products or any associated equipment, cost of capital, cost of any substitute equipment, facilities or services, downtime costs, or claims of customers of the Purchaser for such damages. The Purchaser may have other rights under existing federal, state, or provincial laws in the USA, Canada, or other countries or jurisdictions, and where such laws prohibit any terms of this warranty, they are deemed null and void, but the remainder of the warranty shall remain in effect.

Customer Obligation Shipping Damage: The purchaser must examine the goods upon receipt and any visible damage should immediately be reported to the carrier so that a claim can be made. Purchasers should also notify CRYPTOCard of such damage. The customer should verify that the goods operate correctly and report any deficiencies to CRYPTOCard within 30 days of delivery. In all cases, the customer should notify CRYPTOCard prior to returning goods. Goods returned under the terms of this warranty must be carefully packaged for shipment to avoid physical damage using materials and methods equal to or better than those with which the goods were originally shipped to the purchaser. Charges for insurance and shipping to the repair facility are the responsibility of the purchaser. CRYPTOCard will pay return charges for units repaired or replaced under the terms of this warranty.

Copyright Copyright © 2010, CRYPTOCard Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of CRYPTOCard Inc.

Trademarks CRYPTOCard, CRYPTO-Server, CRYPTO-Web, CRYPTO-Kit, CRYPTO-Logon, CRYPTO-VPN, CRYPTO-Shield, CRYPTO-MAS, are either registered trademarks or trademarks of CRYPTOCard Inc. Java is a registered trademarks of Sun Microsystems, Inc.; Microsoft Windows and Windows XP/2000/2003/NT are registered trademarks of Microsoft Corporation. SecurID is a registered trademark of RSA Security. All other trademarks, trade names, service marks, service names, product names, and images mentioned and/or used herein belong to their respective owners.

Java/Symbian Mobile Token Reference Guide

2

Additional Information, Assistance, or Comments CRYPTOCard’s technical support specialists can provide assistance when planning and implementing CRYPTOCard in your network. In addition to aiding in the selection of the appropriate authentication products, CRYPTOCard can suggest deployment procedures that provide a smooth, simple transition from existing access control systems and a satisfying experience for network users. We can also help you leverage your existing network equipment and systems to maximize your return on investment. This complimentary support service is available from your first evaluation system download. CRYPTOCard works closely with channel partners to offer worldwide Technical Support services. If you purchased this product through a CRYPTOCard channel partner, please contact your reseller directly for support needs. Contact CRYPTOCard directly: International Voice: +1-613-599-2441 North America Toll Free: 1-800-307-7042 Email: [email protected] For information about obtaining a support contract, see our Support Web page at: http://www.cryptocard.com/support/cryptocardannualsupportandmaintenance/ Related Documentation Refer to the Technical Documentation section of the CRYPTOCard website for additional documentation and interoperability guides: http://www.cryptocard.com/support/technicaldocumentation/

Java/Symbian Mobile Token Reference Guide

3

Table of Contents APPLICABILITY ....................................................................................................................... 5 OVERVIEW............................................................................................................................... 6 PREPARATION AND PREREQUISITES ....................................................................................... 6 JAVA/SYMBIAN TOKEN DEPLOYMENT METHODS ..................................................................... 6 CONFIGURATION ..................................................................................................................... 7 CUSTOMIZING DEPLOYMENT MESSAGES ............................................................................... 10 USING THE SOFTWARE TOKEN ON A JAVA/SYMBIAN MOBILE PHONE ................................... 11

Java/Symbian Mobile Token Reference Guide

4

Applicability Summary Product Name

Java and Symbian Mobile Phone Token Guide

Vendor Site

CRYPTOCard

CRYPTOCard Product Requirements CRYPTOCard Service

CRYPTO-MAS (Managed Authentication Service)

Supported Java Phones

CLDC 1.1 or higher MICP 2.0 or higher

Supported Symbian Phones

Symbian OS 9.x or later (S60 3rd edition)

Supported Token PIN Mode

Client Side Fixed PIN Client Side User Selected PIN

Default Minimum PIN Complexity

PIN must contain one numeric and one non-numeric character.

Supported Token Code Complexity

Decimal Hexadecimal

Third Party Mobile Phone Specifications Website

http://www.gsmarena.com/

Base32 Base64

Note: Multiple software tokens cannot be installed on the same Java/Symbian mobile phone.

Java/Symbian Mobile Token Reference Guide

5

Overview Security Administrators can transform Java and Symbian mobile phones into tokens that will generate PIN protected one-time passwords valid for strong authentication at VPNs, Web applications, Citrix and any other CRYPTOCard protected on-line resources. The software token provides the advantages of AES-256 bit encryption-based hardware tokens without the associated cost and distribution issues. As an application installed on the mobile device it provides a viable alternative for organizations that do not want to rely on the availability of an SMS network for secure delivery of one-time token codes.

Preparation and Prerequisites 1. The organization must be licensed for software tokens. 2. Users receiving a software token for their Java/Symbian phone must have a valid email address and cell phone number defined within the CRYPTO-MAP portal. 3. Depending on the deployment method, the CRYPTO-MAS deployment site (https://mobile.cryptocard.com) must be accessible to the Java/Symbian phones.

Java/Symbian Token Deployment Methods CRYPTO-MAS supports three software token deployment methods for Java/Symbian mobile phones: •

Send SMS for Over-The-Air (OTA) installation: The end user will receive an SMS message, which includes their initial PIN and a single download URL. Selecting the download URL will load the CRYPTOCard mobile phone authenticator and the token onto their mobile phone.



Email Over-The-Air (OTA) installation: The end user will receive an email message, which includes their initial PIN and a single download URL. Selecting the download URL will load the CRYPTOCard mobile phone authenticator and the token onto their mobile phone.

Java/Symbian Mobile Token Reference Guide

6



Email Desktop installation: The end user will receive an email message, which includes their initial PIN and 2 files (SAuthenticator.jad and SAuthenticator.jar). These files can be used to install the CRYPTOCard mobile phone authenticator (and the embedded token file) using the third party mobile phone installation software.

Configuration Send SMS for Over-The-Air (OTA) method 1. In CRYPTO-MAP select the User tab, find the Java/Symbian mobile phone user then select “Edit”.

2. If required, assign the user a software token. Select the “Deploy” button.

3. In the Token Deployment dialog select “Java ME/Symbian OS” from the Target Platform dropdown menu. 4. In Deploy method select “Send SMS for Over-The-Air (OTA) installation”. 5. If required, place a checkmark in “Use this platform/method as default” otherwise select the “Deploy” button. 6. User receives an SMS message on their mobile phone, which contains their Initial PIN and a Download URL. 7. User browses to the URL from their mobile phone (by selecting the link in the SMS message) and is prompted to download and install the CRYPTOCard mobile phone authenticator. 8. User launches the CRYPTOCard SAuthenticator application, enters their Initial PIN then prompted to change their PIN.

Java/Symbian Mobile Token Reference Guide

7

9. User logs on to the CRYPTOCard protected resource using the Token Code generated by their mobile phone. Email for Over-The-Air (OTA) method 1. In CRYPTO-MAP select the User tab, find the Java/Symbian mobile phone user then select “Edit”.

2. If required, assign the user a software token. Select the “Deploy” button.

3. In the Token Deployment dialog select “Java ME/Symbian OS” from the Target Platform dropdown menu. 4. In Deploy method select “Email for Over-The-Air (OTA) installation”. 5. If required, place a checkmark in “Use this platform/method as default” otherwise select the “Deploy” button. 6. User receives an email message on their mobile phone, which contains their Initial PIN and a Download URL. 7. User browses to the URL from their mobile phone (by selecting the link in the email message) and is prompted to download and install the CRYPTOCard mobile phone authenticator. 8. User launches the CRYPTOCard SAuthenticator application, enters their Initial PIN then prompted to change their PIN. 9. User logs on to the CRYPTOCard protected resource using the Token Code generated by their mobile phone.

Java/Symbian Mobile Token Reference Guide

8

Email Desktop Installation method 1. In CRYPTO-MAP select the User tab, find the Java/Symbian mobile phone user then select “Edit”.

2. If required, assign the user a software token. Select the “Deploy” button.

3. In the Token Deployment dialog select “Java ME/Symbian OS” from the Target Platform dropdown menu. 4. In Deploy method select “Email desktop installation”. 5. If required, place a checkmark in “Use this platform/method as default” otherwise select the “Deploy” button. 6. User receives an email, which contains their Initial PIN, CRYPTOCard mobile phone authenticator application files (SAuthenticator.jad and SAuthenticator.jar) and various links to third party mobile phone installation tools. Note: Links to third party mobile phone installation tools can be added into the Desktop deployment message customization section within the CRYPTO-MAP Company tab. 7. User installs the CRYPTOCard mobile phone authenticator using the third party mobile phone installation tool. 8. User launches the CRYPTOCard SAuthenticator application, enters their Initial PIN then prompted to change their PIN. 9. User logs on to the CRYPTOCard protected resource using the Token Code generated by their mobile phone.

Java/Symbian Mobile Token Reference Guide

9

Customizing Deployment Messages CRYPTO-MAP allows all Java/Symbian deployment messages to be customized. To modify the “Send SMS for Over-The-Air (OTA) installation” method message, select the Company Tab, SMS Message button, “Use Custom Configuration”. The deployment message consists of a single section: i.

Over-The-Air (OTA) deployment SMS: This is the initial email sent to Java ME/Symbian token users if OTA via SMS was selected. It provides the download URL for the CRYPTOCard Authenticator software and the token activation PIN. The arguments (ex. $URL$) cannot be modified as this is essential information the user will require.

To modify the “Email for Over-The-Air (OTA) installation” method message, select the Company Tab, Email Message button, “Use Custom Configuration”. The deployment message consists of a single section: i.

Over-The-Air (OTA) deployment message: This is the initial email sent to Java ME/Symbian token users if OTA via email was selected. It provides the download URL for the CRYPTOCard Authenticator software and the token activation PIN. The arguments (ex. $URL$) cannot be modified as this is essential information the user will require.

To modify the “Email Desktop installation” method message, select the Company Tab, Email Message button, “Use Custom Configuration”. The deployment message consists of a single section: i.

Desktop deployment message: This is the initial email sent to Java ME/Symbian token users if email desktop installation was selected. It provides the token activation PIN. The argument (ex. $PIN$) cannot be modified as this is essential information the user will require. Third party vendor mobile phone installation instructions should be provided to the user

Java/Symbian Mobile Token Reference Guide

10

Using the Software Token on a Java/Symbian Mobile Phone Generating a Token Code (QuickLog mode) Software tokens enable the user to generate a one-time Token Code that can then be entered manually when the user is prompted for a password by a CRYPTOCard protected resource. 1. On the Java/Symbian mobile phone, launch the SAuthenticator application. 2. Enter the PIN. 3. Enter the one-time Token Code into the logon/password dialog of the CRYPTOCard protected resource you are authenticating against. Generating a Token Code (Challenge-response mode) QuickLog TM is the recommended mode for all CRYPTOCard tokens. Challenge-response mode should only be used if required. 1. On the Java/Symbian mobile phone, launch the SAuthenticator application. 2. When you attempt to log in to the CRYPTOCard protected resource, you will receive an 8-digit challenge. 3. Click Generate Token Code on the SAuthenticator dialog window. 4. Enter the PIN and 8-digit challenge. A Token Code will be displayed. 5. Enter the one-time Token Code into the logon/password dialog of the CRYPTOCard protected resource you are authenticating against. User-changeable PIN If the software token was configured with a PIN Style of User Select PIN, the user will be forced to change the initial deployment PIN on first use. Thereafter, the user can change the PIN at any time, within the established security policy parameters. 1. On the Java/Symbian mobile phone, launch the SAuthenticator application. 2. Select Tools|Change PIN. 3. Enter the Current PIN, New PIN, and Verify new PIN. Token Code Resynchronization Token resynchronization may be required if the user has generated a large number of token codes without logging on (authenticating). Token resynchronization requires the user to enter a “challenge” into the token. The challenge must be provided by the Help Desk or via a Web-based resynchronization page. In the unlikely event that the token requires resynchronization with the authentication server: 1. 2. 3. 4.

On the Java/Symbian mobile phone, launch the SAuthenticator application. Select Tools|Resync Token. Enter your PIN and the resynchronization Challenge. Enter the one-time Token Code into the logon/password dialog of the CRYPTOCard protected resource you are authenticating against.

Java/Symbian Mobile Token Reference Guide

11