As a PROXESS supervisor, a user logs into PROXESS with a supervisor smartcard and PIN. The supervisor is authorized to manage users and groups, grant and revoke access and management rights and activate PROXESS security options such as field encryption.
The preset standard user and admin PIN of a supervisor smartcard is “1234”. Smartcards and PINs are managed via the program Gemalto Classic Client Toolbox.
Warning information
|
|
For security reasons, PROXESS GmbH strongly recommends changing the two standard PINs into individual PINs.
In order to prevent the uncontrolled or unauthorized activation of the security options in PROXESS, we urgently recommend against sharing the smartcard with third parties. |
Each PROXESS supervisor smartcard has an admin PIN and a user PIN. The user PIN is used by supervisors to log into the PROXESS system with their smartcard. The admin PIN is used exclusively for the internal management of the smartcard. Logging into the program Gemalto Classic Client Toolbox with the admin PIN makes it possible not only to change the user PIN and admin PIN but also to unblock a user PIN that has been blocked due to multiple incorrect entries. In that sense, the admin PIN of a smartcard can be compared to the PUK code of a cell phone SIM card.
Recommendation: To ensure that the smartcard can be unlocked at a later time, a smartcard administrator should be responsible for changing admin PINs before issuing supervisor smartcards.
Insert the smartcard in the smartcard reader and connect the smartcard reader to your computer.
Start the Gemalto/Classic Client Toolbox program and select PIN management in the “card administration” menu.
Mark the connected smartcard reader and select the Change PIN command.
Fig.: Dialog box to change a smartcard user PIN
Select the User option for the PIN selection.
Now enter the current and new user PIN via the computer keyboard. In the course of entering the new PIN, the PIN security guideline is checked. This means that your new PIN is reviewed to ensure that it follows the security requirements regarding length, character contents and repeated characters. The result is indicated with red crosses or green check marks. All criteria have to be met for a PIN to be changed.
The Change PIN command applies the change. You will get a confirmation that your change was completed successfully.
Proceed as under “Changing the smartcard user PIN”, but select the Admin option in the “PIN” selection field.
Proceed as under “Changing the smartcard user PIN”, but select the Unblock PIN command.
In contrast to the PIN change, only the User option is possible in the PIN field of the dialog box. In the Admin PIN field here, enter the corresponding admin PIN of the inserted smartcard. Compliance with the PIN security guidelines is reviewed here as well (see above). The Unblock PIN command applies the change. You will get a confirmation that your change was completed successfully.
Warning information
|
|
A supervisor smartcard with an admin PIN that has been blocked due to multiple incorrect entries can no longer be unblocked. It should be changed to the “Withdrawn” status in the PROXESS Administrator Console and replaced with a new supervisor smartcard. |
