Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
User’s Guide
Version 2.0
ii Datakey CIP Desktop User’s Guide
Copyright notice
© 2002 - 2003 Datakey, Inc. All rights reserved.
No part of this document may be reproduced or retransmitted in any form or by any means
electronic, mechanical, or otherwise, including photocopying and recording for any pur-
pose other than the purchaser’s personal use without written permission of Datakey, Inc.
Trademarks
Datakey is a registered trademark and Datakey CIP is a trademark of Datakey, Inc.
Microsoft is a registered trademark of Microsoft Corporation. Windows and Windows NT
are registered trademarks of Microsoft Corporation. Netscape, Netscape Communica-
tions, and Netscape product names are trademarks of Netscape Communications Corpora-
tion. All other brand names and product names used in this manual are trademarks,
registered trademarks, or trade names of their respective holders.
Print history
Datakey CIP Desktop is a suite of complementary applications and utilities that work in
concert with Datakey CIP client software. Datakey CIP Desktop makes your personal
Datakey token more flexible and powerful for everyday use.
This chapter describes the process for installing Datakey CIP Desktop. The individual
applications and utilities that comprise Datakey CIP Desktop include:
SmartMonitor
SmartLogon
SmartNotes
PassPhrase Utility
Auto Cert Registration Utility
CIP/Token Utilities
Each of these applications and utilities is described in detail in the remaining chapters.
Requirements
Before installing Datakey CIP Desktop, be sure your computer meets the following
software and hardware requirements:
Datakey CIP 4.6 or above
Windows 95 (OSR 2.5), Windows 98, Windows NT with service pack 4, Windows
2000, or Windows XP
RAM, CPU: Equal to the minimum specifications required by Microsoft® for your
particular Windows® operating system
Installation procedure
There are two ways to install Datakey CIP Desktop:
From the Datakey CIP CD-ROM during installation of Datakey CIP 4.7 or above
From the Datakey CIP Desktop CD-ROM
3. Select the Datakey CIP Desktop components you want to install, then click Next.
See page 4 for a description of the CIP Desktop components.
Note: If you have not purchased the Datakey CIP Desktop option, the CIP Desktop com-
ponents will be grayed out and unselectable. If this occurs, please contact your
Datakey salesperson for information on purchasing Datakey CIP Desktop.
4. Complete the Datakey CIP installation as described in the Datakey CIP Quick Start
Guide.
Installing Datakey CIP Desktop from the Datakey CIP Desktop CD-ROM
1. Exit all open Windows programs and applications.
2. Insert the Datakey CIP Desktop CD-ROM.
The installation program should start automatically. If it does not, select Start -> Run,
then use the Browse button to locate and open the file named Setup.exe.
4. Select all the Datakey CIP Desktop components you wish to install, then click Next.
By default, all components are selected for installation. The PassPhrase Utility and
the Token Utilities may not appear in the list if they are already installed on your com-
puter. The SmartMonitor component is required and cannot be cleared. Here is a brief
description of each of the available components.
Auto Cert Register: A utility that automatically registers token-based digital cer-
tificates with Windows and all desktop applications.
SmartNotes: An application that enables you to store personal notes and data on
your Datakey token.
SmartLogon: An application that gives you the ability to store user names and
passwords on a Datakey token. SmartLogon recognizes and remembers the appli-
cation or Web site associated with each user name/password and automatically
fills in this logon information when needed.
PassPhrase Utility: An application that provides the ability to update and change
the password that activates a Datakey token.
Token Utilities: An application that provides the ability to view and manage the
contents of a Datakey token.
SmartMonitor: Provides an easy method for launching and controlling your
Datakey CIP Desktop components.
After clicking Next, the Setup Complete window appears.
The Datakey CIP Desktop applications will not become available until you re-boot your
computer. Information on each of the Datakey CIP Desktop applications is provided in
the following chapters.
SmartMonitor provides an easy method for launching and controlling your Datakey CIP
Desktop components. The CIP Desktop installation process places a SmartMonitor icon
into your computer’s system tray. When active, you can left-click this icon to use the
SmartLogon Auto Fill feature, or you can right-click the icon to quickly access
CIP Utilities, the SmartLogon application, the SmartNotes application, or the PassPhrase
utility.
Starting SmartMonitor
SmartMonitor should activate automatically following successful installation of CIP
Desktop and a re-boot of your computer. When active, the SmartMonitor icon will appear
in your computer’s system tray. The SmartMonitor icon looks similar to a small computer
chip.
SmartMonitor
If SmartMonitor is not already active, you can start SmartMonitor by selecting Start ->
Programs -> Datakey CIP -> SmartMonitor.
Using SmartMonitor
You can use the SmartMonitor icon to:
Launch the Datakey CIP Desktop components
Exit SmartMonitor
To quickly launch CIP Utilities, SmartNotes, or the PassPhrase Utility, right-click the
SmartMonitor icon, then select the desired CIP Desktop component.
CIP Utilities: Select this option to launch the utility program. This menu item is titled
Token Utilities if you are using Datakey CIP 4.6.
SmartNotes: Select this option to launch the SmartNotes application.
PassPhrase Utility: Select this option to launch the PassPhrase Utility.
Exit: Select this option to exit the SmartMonitor application.
SmartLogon enables you to store user name and/or password entries on your Datakey
smart card. The program recognizes and remembers the application or Web site associ-
ated with each entry. This simplifies the logon process because you no longer need to
remember which unique logon combination applies to which application or Web site—
SmartLogon automatically fills in the correct user name and/or password for you.
For example, you might have unique user name/password entries for:
Your bank’s Web site
Your favorite airline Web site
Your email service
Your network applications
Your desktop applications
A Microsoft Word file that requires password authentication
Other Web sites and applications that require a unique user name and/or password
Using SmartLogon you only need to remember one password—your smart card pass-
word—to access any of these applications or Web sites. Your user names and passwords
are secure, and you can access your favorite applications and Web sites worry-free.
2. Left-click the Datakey Axis Policy Client icon located in your computer’s sys-
tem tray.
If you are not currently logged on to your smart card, the Smartcard Logon window
appears.
3. (Conditional) If you are not logged on to your smart card, simply type your smart card
password and then click OK.
The SmartLogon Enrollment dialog box appears:
4. On your Windows desktop, position the application’s logon dialog box next to the
SmartLogon Enrollment dialog box so that both are visible.
For example:
5. Click and drag the Datakey Axis target icon to the application’s logon dialog box.
The Username and Password fields appear on the SmartLogon Enrollment dialog box.
6. In the SmartLogon Enrollment dialog box, type your logon information in the appro-
priate fields.
Note that asterisks appear in the Password field when you type the password. If you
want to view the password, left-click the magnifying glass icon
that is located to the right of the Password field. The password is displayed as long as
the left mouse button remains depressed.
7. Click Save.
8. Click Test and verify that the fields on the application’s logon dialog box are correctly
populated.
1. Start SmartLogon by left-clicking the Datakey Axis Policy Client icon located
in your computer’s system tray.
The SmartLogon screen appears.
2. Select the desired entry in the Application field.
3. Click Delete.
4. A prompt will appear asking you to confirm your decision.
5. To permanently delete the entry, click Yes. If you do not want to delete the entry, click
No.
Using wildcards
There is often more than one window title and URL that can be used to access the logon
dialog box of a Web application. SmartLogon enables you to link multiple window titles
and multiple URLs to one SmartLogon entry through the use of wildcards.
2. In each of the Wildcard Pattern fields, define the desired wildcard entries.
For example, assume the following two URLs can both be used to access the same
logon dialog box:
http://login.fakewebsite.com
http://mail.fakewebsite.com/yourname
Your URL Wildcard Pattern entry would be: http://*.fakewebsite.com/*.
You can use an asterisk (*) and a question mark (?) as your wildcard characters.
2. Choose the Auto Submit this entry using the Enter key check box.
A check mark appears when the option is enabled.
Note: The following two fields are used to prevent inadvertentally entering into an infinite
loop. For example, if you enable the Auto Submit option on an entry for which you
have accidentally entered incorrect logon information, you could find yourself in an
infinite loop when you navigate to the associated Web page. Specifying values for
3. In the Maximum Auto Submits field, define the maximum number of times SmartL-
ogon will attempt to submit the logon information.
4. In the Auto Submits threshold (secs) field, specify the maximum number of seconds
SmartLogon will attempt to submit the logon information.
5. Click OK.
During the SmartLogon enrollment process, when you drag the Datakey Axis target icon
to a Web page that is already defined in the SmartLogon database, a dialog box similar to
the following appears:
Simply click Yes and define another SmartLogon entry for this Web page. When you go to
this Web page in the future, SmartLogon will prompt you for the user ID you want to use.
For example:
2. In the File field, type the full path name and file name of the file that will serve as the
backup file.
The file name must end with a .dkp extension. Click the Browse button if you wish to
view the available folders in which to store the file.
3. In the Password field, type a password that will be used to protect the backup file.
The password must contain at least four characters.
4. Click Save.
5. When prompted, verify your password by typing it a second time.
2. In the File field, type the full path name and file name of the SmartLogon backup file.
The file name must end with a .dkp extension. If you have forgotten the location of the
backup file, click the Browse button to view the available folders.
3. In the Password field, type the password used to protect the SmartLogon backup file.
4. Click Load.
The user name/password entries are written to the smart card.
SmartNotes enables you to securely store personal notes and data on your Datakey token.
With SmartNotes your token becomes a portable electronic notebook, allowing you to
store account information, favorite URLs, personal reminder notes, and other often-used
data. And this information is safe, protected by the passphrase needed to activate the
token.
Starting SmartNotes
There are two methods for starting the SmartNotes application:
Using the Windows Start button
Using SmartMonitor
SmartMonitor
Deleting a note
To delete a note from the token, perform the following steps:
1. Select the desired note in the Note Titles field.
2. Click Delete.
3. A prompt will appear asking you to confirm your decision.
4. To permanently delete the entry, click Yes. If you do not want to delete the entry, click
No.
2. In the File field, type the full path name and file name of the file that will serve as the
SmartNotes backup file.
The file name must end with a .dkn extension. Click the Browse button if you wish to
view the available folders in which to store the file.
3. In the Password field, type a password that will be used to protect the backup file.
The password must contain at least four characters.
4. Click Save.
5. When prompted, verify your password by typing it a second time.
2. In the File field, type the full path name and file name of the SmartNotes backup file.
The file name must end with a .dkn extension. If you have forgotten the location of the
backup file, click the Browse button to view the available folders.
3. In the Password field, type the password used to protect the SmartNotes backup file.
4. Click Load.
The SmartNote entries are written to the token.
2. In the Inactivity Logout Timer field, type the number of minutes the application can
remain idle before it times out.
Valid values are from 1 - 240.
3. Click OK.
2. To disable this option, simply select File -> Always On Top again and the check mark
will disappear.
The PassPhrase Utility allows you to update and change the passphrase that protects and
activates your token. You can also use this utility to issue unblocking codes—passphrases
that unlock a token should it become blocked by too many incorrect log-in attempts.
Unblocking codes are available on Datakey Model 330U tokens. Finally, the PassPhrase
Utility can be used to initiate the Identity PIN on a Datakey Model 330i Identrus token and
to change both the Identity PIN and the Utility PIN on an Identrus token.
Token Serial #: This field displays the serial number of the token currently
inserted in the reader.
Token Label: This field displays the user-friendly label used to identify the
token. If no label has been assigned to the token, this field defaults to the token
serial #.
Update Pass Phrase: Click this button to begin the process of updating the pass-
phrase.
Close: Click this button to exit the PassPhrase Utility.
About: Click this button to display version information about the PassPhrase
Utility.
4. Type your old (current) passphrase in the Old Pass Phrase field.
Asterisks appear in the display instead of the passphrase characters in order to keep
your passphrase safe. Be careful when typing your old passphrase, because typing the
wrong passphrase too many times will result in your token becoming permanently
blocked.
5. Type your new passphrase in the New Pass Phrase field.
The minimum length of a passphrase is four alphanumeric characters, and the maxi-
mum length is 20 alphanumeric characters. Select a passphrase that is difficult to
guess. Avoid using the obvious types of passphrases such as your first, middle, or last
name, birth date, employee number, social security number, etc. Passphrases are case
sensitive, so verify the position of the Caps Lock button.
6. Re-type the same new passphrase in the Reenter new Pass Phrase field.
7. Click OK.
Note: Datakey 330 tokens cannot be unblocked. If they become blocked they must be
reinitialized.
3. The utility will detect the Identrus token and display the following window:
4. Type the initial Identity PIN in the Initial Identity Key PIN field.
You can get the initial Identity PIN from your administrator.
5. Type the new Identify PIN in the New Identity Key PIN and in the Reenter new Identity
Key PIN fields.
The PIN must be from 6 - 20 characters, it must not contain spaces, and it must be dif-
ferent from the previous PIN
6. Click OK.
The procedures for performing these tasks on an Identrus token are virtually identical to
the procedures used to update and unblock a Datakey 330u token. The only difference
you will see are the Identrus-specific buttons on the main Pass Phrase Utility window:
Simply click the appropriate button and type the necessary information, using the proce-
dures described on page 28 and on page 29 as your guideline.
The Auto Cert Registration Utility automatically registers digital credentials contained on
a Datakey token with Microsoft Windows and all desktop applications. This provides a
quick and easy deployment of your personal digital credentials, enabling instant and trans-
parent use of all Windows applications that require digital credentials.
The Auto Cert Registration Utility does not need to be started. It runs automatically,
requiring no user intervention. The utility checks the token for unregistered credentials
each time the computer is started and each time a new token is inserted into the token
reader. If unregistered credentials are discovered on the token, the utility automatically
registers the credentials with Windows and any other application that requires the use of
digital credentials. It does this by placing copies of any certificates contained on your
token into the Windows certificate store.
If you wish to view information about the certificates contained in the Windows certificate
store, do the following:
1. Select Start -> Settings -> Control Panel.
2. Double-click the Internet Options icon.
3. On the Content tab, click Certificates.
4. Click the Personal tab.
This tab displays a list of your certificates that are currently registered on your com-
puter.
Restrictions
New certificates loaded on the token while the token is inserted in the reader are not
immediately detected. The token must be removed and reinserted before the new cer-
tificates are detected.
The utility will register a maximum of 16 certificates per token.
Certificates that are stored as private objects on a token are not registered with Win-
dows.
The Datakey CIP Utilities is an intuitive, easy-to-use program that is used to view and
manage Datakey tokens and the objects contained on the tokens. The program reports
token and reader status and can be used for base-level diagnostics. Administrators can
configure the functionality and features available for enterprise deployment through an
administrative wizard included with CIP Utilities.
Although it is treated as a Datakey CIP Desktop component, the CIP Utilities program is
originally provided with your Datakey CIP software. In addition, prior to Datakey CIP
4.7, CIP Utilities is known as Token Utilities. The utility program used on your system is
dependent on the version of Datakey CIP you are using.
Datakey CIP 4.6 users will use Token Utilities
Datakey CIP 4.7 (or above) users will use CIP Utilities
Reminder: Prior to Datakey CIP 4.7, CIP Utilities is called Token Utilities.
If you install Datakey CIP Desktop onto a system using Datakey CIP 4.6, Token Utilities
will remain your utility program; CIP Utilities will not be installed. If you install Datakey
CIP 4.7 onto a system that contains a copy of the Token Utilities program (the predecessor
to CIP Utilities), the Token Utilities program is uninstalled and the CIP Utilities program
is installed.
To start the Utilities program, select Start -> Programs -> Datakey CIP -> CIP Utilities.
For detailed information on using the CIP Utilities program, please refer to your Datakey
CIP User’s Guide.