KT-1 Token

Reference Guide

CRYPTOCard Token Guide

Proprietary Notice

License and Warranty Information

CRYPTOCard Inc. and its affiliates retain all ownership rights to the computer program described in this manual, other computer
programs offered by the company (hereinafter called CRYPTOCard) and any documentation accompanying those programs. Use of
CRYPTOCard software is governed by the license agreement accompanying your original media. CRYPTOCard software source code
is a confidential trade secret of CRYPTOCard. You may not attempt to decipher, de-compile, develop, or otherwise reverse
engineer CRYPTOCard software, or allow others to do so. Information needed to achieve interoperability with products from other
manufacturers may be obtained from CRYPTOCard upon request.

This manual, as well as the software described in it, is furnished under license and may only be used or copied in accordance with
the terms of such license. The material in this manual is furnished for information use only, is subject to change without notice,
and should not be construed as a commitment by CRYPTOCard. CRYPTOCard assumes no liability for any errors or inaccuracies
that may appear in this document. Except as permitted by such license, no part of this publication may be reproduced, stored in a
retrieval system, or transmitted in any form or by any means electronic, mechanical, recording or otherwise, without the prior
written consent of CRYPTOCard.

CRYPTOCard reserves the right to make changes in design or to make changes or improvements to these products without
incurring the obligation to apply such changes or improvements to products previously manufactured. The foregoing is in lieu of all
other warranties expressed or implied by any applicable laws. CRYPTOCard does not assume or authorize, nor has it authorized
any person to assume for it, any other obligation or liability in connection with the sale or service of these products. In no event
shall CRYPTOCard or any of its agents be responsible for special, incidental, or consequential damages arising from the use of
these products or arising from any breach of warranty, breach of contract, negligence, or any other legal theory. Such damages
include, but are not limited to, loss of profits or revenue, loss of use of these products or any associated equipment, cost of
capital, cost of any substitute equipment, facilities or services, downtime costs, or claims of customers of the Purchaser for such
damages. The Purchaser may have other rights under existing federal, state, or provincial laws in the USA, Canada, or other
countries or jurisdictions, and where such laws prohibit any terms of this warranty, they are deemed null and void, but the
remainder of the warranty shall remain in effect.

Customer Obligation
Shipping Damage: The purchaser must examine the goods upon receipt and any visible damage should immediately be reported to
the carrier so that a claim can be made. Purchasers should also notify CRYPTOCard of such damage. The customer should verify
that the goods operate correctly and report any deficiencies to CRYPTOCard within 30 days of delivery. In all cases, the customer
should notify CRYPTOCard prior to returning goods. Goods returned under the terms of this warranty must be carefully packaged
for shipment to avoid physical damage using materials and methods equal to or better than those with which the goods were
originally shipped to the purchaser. Charges for insurance and shipping to the repair facility are the responsibility of the purchaser.
CRYPTOCard will pay return charges for units repaired or replaced under the terms of this warranty.

Copyright
Copyright © 2007, CRYPTOCard Inc. All Rights Reserved. No part of this publication may be reproduced,
transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the
written permission of CRYPTOCard Inc.

Trademarks
CRYPTO-Server 6.4 Administrator’s Manual viii CRYPTOCard, CRYPTO-Server, CRYPTO-Web, CRYPTO-Kit, CRYPTO-Logon, CRYPTO-
VPN, CRYPTO-Shield, CRYPTO-MAS, are either registered trademarks or trademarks of CRYPTOCard Inc. Java is a registered
trademarks of Sun Microsystems, Inc.; Microsoft Windows and Windows XP/2000/2003/NT are registered trademarks of Microsoft
Corporation. SecurID is a registered trademark of RSA Security. All other trademarks, trade names, service marks, service names,
product names, and images mentioned and/or used herein belong to their respective owners.

KT-1 Token User Guide – Quick Reference 2

Additional Information, Assistance, or Comments
CRYPTOCard’s technical support specialists can provide assistance when planning and implementing CRYPTOCard in your network.
In addition to aiding in the selection of the appropriate authentication products, CRYPTOCard can suggest deployment procedures
that provide a smooth, simple transition from existing access control systems and a satisfying experience for network users. We
can also help you leverage your existing network equipment and systems to maximize your return on investment. This
complimentary support service is available from your first evaluation system download.

CRYPTOCard works closely with channel partners to offer worldwide Technical Support services. If you purchased this product
through a CRYPTOCard channel partner, please contact your reseller directly for support needs.

Contact CRYPTOCard directly:

International Voice: +1-613-599-2441
North America Toll Free: 1-800-307-7042
Email: support@cryptocard.com

For information about obtaining a support contract, see our Support Web page at:
http://www.cryptocard.com/support/cryptocardannualsupportandmaintenance/

Related Documentation
Refer to the Technical Documentation section of the CRYPTOCard website for additional documentation and interoperability guides:
http://www.cryptocard.com/support/technicaldocumentation/

KT-1 Token User Guide – Quick Reference 3

Solution Overview
Summary

Product Name KT1 Token Guide

Vendor Site CRYPTOCard
Pre-Requisites See the “Using your KT1 the First Time” section.

CRYPTOCard Product Requirements

CRYPTOCard Service CRYPTO-MAS (Managed Authentication Service)

KT-1 Token User Guide – Quick Reference 4

 Table of Contents
SOLUTION OVERVIEW ............................................................................................................. 4 
OVERVIEW ............................................................................................................................... 6 
TOKEN RESYNC INSTRUCTIONS ....................................................................................................... 7 
ENTERING A CHALLENGE INTO A KT TOKEN ......................................................................................... 8 
TOKEN PIN CHANGE ................................................................................................................ 9 
TOKEN PIN CHANGE INSTRUCTIONS ................................................................................................. 9 
MAS TOKEN TEMPLATE .......................................................................................................... 11 

KT-1 Token User Guide – Quick Reference 5

Overview
The KT-1 Key Chain token generates a new, random
“one-time password” each time the token is activated.
Pressing the button located to the right and below the
LCD display activates the token.

Using Your KT-1 the First Time

A PIN is an alphanumeric string of 3 to 8 characters that is used to guard against the unauthorized use of the token.
If PIN protection is enabled, the user must provide a PIN with the one-time password to authenticate. Your initial
PIN is “1234”, and this must be changed to a PIN of your choosing on first use.

Using Your KT-1 to Log In

When prompted for a password, you must append the one-time password displayed by the token to your PIN. For
example, if the the PIN is 4321 and the displayed one-time password is 12345678, the user must enter
432112345678 at the password prompt.

Adjusting LCD Contrast

1. Press and hold the button (approximately 5 seconds) on the token until the prompt “Init” appears. Then release
the button.

2. The token will cycle through a series of prompts: “Init”, “LCD Test”, “Contrast”, “Chg PIN”, “ReSync?”. The
prompts and sequence will vary depending on the options enabled for the token. Press the button while the
“Contrast” prompt is displayed.

3. The token will cycle through a series of prompts in the form of –XX##XX- where ## are digits from 00 to 15
corresponding with lowest to highest contrast. The contrast will change as the digits change providing a visual
indication of the selection. When the desired contrast is displayed, press the button two times to set.

KT-1 Token User Guide – Quick Reference 6

Token Resync
The purpose of this section is to instruct end-users and administrators how to resynchronize tokens using the on-
line CRYPTO-MAS resynchronization tool.

If too many One-time password Codes (OTP’s) have been generated by a token since the last time the server
received a correct OTP, the server will not recognize the OTP and the token and server are said to be “out of sync”.

For CRYPTO-MAS, the number of OTPs that needs to be generated by the token to cause the server and the token to
become out-of-sync is defaulted to 25.

Token Resync Instructions

Step 1:
Open up a browser (IE6, IE7, Mozilla Firefox 1.5+) and
go to: http://resync.cryptocard.com/

The following dialog box will appear (Figure 1.0)

Figure 1.0

Step 2:
Enter the “User ID” and “Authentication ID” (Auth ID) and
click OK.

Contact your MAS Administrator if you don’t know the

“Authentication ID”.

Step 3:
You will be presented with a challenge to be entered into
your token, along with a field to enter your next OTP
(after the resync process has been completed) (Figure
1.1).

Figure 1.1

KT-1 Token User Guide – Quick Reference 7

Entering a Challenge into a KT Token

a) Hold down the button on the KT Token until "Init"

appears in the display then let go of the button.

b) The token will automatically start scrolling through a

menu, and when "Resync" appears, immediately
click the button to stop the menu from scrolling.

c) “Resync” plus a scrolling digit 0-9 will appear in the

display. Press the button to stop the scrolling when
the digit displayed is the first digit (from the left) in
the “challenge” (Figure 1.2).

d) The “Resync” will be replaced by the first digit Figure 1.2

selected, and scrolling for the next digit in the
“challenge” will begin. Follow the same steps to stop
the scolling at the correct digits until the complete 8-
digit “challenge” appears.

e) When the challenge number is correctly

entered/displayed, click the button again and a new
One Time Password (or ‘response’) will be
automatically generated by the token.

Enter your PIN (if normally required) followed by the OTP

displayed on your token into the dialog box and Click
“OK”.

Your token should now be synchronized with the server.

KT-1 Token User Guide – Quick Reference 8

Token PIN Change
A KT Token user can change their Server Side, User
Changeable PIN at any time.

To change the PIN, browse to the User Self-service web

page at: http://auth.cryptocard.com/hardware

You must first authenticate before being presented with

the PIN Change page.

Token PIN Change Instructions

Step 1:
Open up a browser (IE6, IE7, Mozilla Firefox 1.5+) and
go to http://auth.cryptocard.com/hardware. The
following dialog box will appear. (Figure 2.0)

Figure 2.0

Step 2:
Enter the “User ID”, “Authentication ID” (Auth ID) and
your OPT (PIN+Passcode) and click OK.

Contact your MAS Administrator if you don’t know the

“Authentication ID’.

Step 3:
After successful authentication you are redirected to the
PIN Change page where you are required to enter your
current PIN and the new PIN to complete PIN change
process.

The PIN length and complexity reflects the minimum

requirements for this specific token. (Figure 2.1)

Figure 2.1

KT-1 Token User Guide – Quick Reference 9

If the correct Current PIN is entered and the new PIN
meets the complexity requirements of the token a PIN
“Change Success” message is displayed and the new PIN
is now in effect and must be used to authenticate with.

Figure 2.2

KT-1 Token User Guide – Quick Reference 10

MAS Token Template
The following table identifies the KT-1 token
configuration: MAS Token Attributes - KT-1
Display
Display Type Base 32
Telephone Mode No
Response Length 8 characters
Automatic Shut-off 30 seconds
PIN
PIN Style Stored on server, User-changeable PIN
Initial PIN 1234
Random PIN Length 4
Min PIN Length 3
Characters allowed Digit Only
Try Attempts 7
Allow Trivial PINs Yes
Operation
Mode QuickLog
Passwords per power cycle Single
User can turn token off Yes
Usage
Operational Flags Force PIN change on next use

KT-1 Token User Guide – Quick Reference 11