Versions Compared

Old Version 1

changes.mady.by.user Unknown User (tbe)

Saved on

compared with

New Version Current

changes.mady.by.user Serg Black

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Smart Card Logon - Use Case Description

This demo use case will demonstrate a WINDOWS 2-factor Log-On authentication using a Java Card and the wireless card reader AirID.

Additionally AirID will automatically lock the computer if a preset distance between your computer and AirID will be exceeded.

For this smart card demo use case we are using a third-party secure Log-On software, the Secure Logon 2.0 from Digitronic. This software simplifies WINDOWS smart card logon and does not require to be connected to a WINDOWS domain or to set up a Public Key Infrastructure (PKI). The smart card, provided by the AirID Evaluation-Kit, has been already initialised and personalized with a demo certificate.


1. Please check before you start:

For this use case of WINDOWS Smart Card Logon you will require:

  1. A smart card, JCOP 2.4.1 with an applet (provided with the AirID Evaluation-Kit)
  2. An AirID Version 1, wireless smart card reader (provided with the AirID Evaluation-Kit)
  3. A computer running Windows 10 operating system with Bluetooth LE 4.0 enabled (if BLE is not available onboard, a separate USB Bluetooth LE Adapter will be required). Please use a complete fresh system (clean Windows 10 installation) for this demo use case. 
  4. Administrative rights for installing new software on the computer



Tip

Please use one of these smart cards and PIN for SECURE LOGON demo use case:

  • User PIN: 123456

Image Removed Image Added


2. Initial Installation on Windows 10

This section describes the initial setup and basic configurations on Windows 10 which are required for the Windows based demo use case, provided that no other prior installation has taken place.These steps are not necessary if there is a previous configuration for the document signing use case.

  • AirID Driver and AirID Central Installation
  • Bluetooth Pairing
  • Smart Card Middleware Installation

2.1 AirID Driver and AirID Central Installation

Follow the steps below to install the AirID Windows Driver and the AirID Central App.

The AirID Central is a management App for your AirID. The App provides you with information and settings options for your AirID when your AirID is connected to your Windows device.

    1. Download the AirID Windows Setup AirIdSetup_x64_1.0.16.0 .msi for a 64- bit system or  AirIdSetup_x86_1.0.16.0.msi for a 32-bit system.
    2. Double click on the .msi installer file. 
    3. Follow the instructions in the installation wizard.

The AirID Windows Driver and the AirID Central App have been installed and the next step will be Bluetooth Pairing of the AirID with your computer. 

2.2 Bluetooth Pairing

To pair your Windows device with the AirID reader follow these steps:

    1. Insert your smart card to power on the AirID reader and activate Bluetooth at the AirID reader by navigating to the connection menu and pressing the jog dial control element. The AirID should display:Image RemovedImage Added

    2. Open Windows "Settings→ Devices→ BluetoothAdd new device". Your AirID should be listed with its serial number. Press "Pair"


    3. Enter the 6 digit pairing key shown on AirID display Image Removed Image Added
    4. After succesful pairing "Pairing success" will be displayed on the AirIDImage RemovedImage Added

The AirID has been paired with your computer and the next step will be the middleware installation.





Note

If you already paired AirID with another device, please navigate to "Prefered Device" in the AirID menu press the Jog-Dial and choose "new". Then press the Jog-Dial again to confirm. 


2.3 Middleware Installation 

To install the middleware follow the steps below:

    1. Download the middleware.msi
    2. Start the .msi file as a user with administrator rights and
    3. Follow the on screen installation instructions as guided by the setup wizard. Select the Smart Card Minidriver option 
      Image RemovedImage Added

All the components needed for the AirID reader and for the smartcard have been installed and the next step will be the installation and configuration of Secure Logon 2.0.

3. Installation and Configuration of Secure Logon 2.0

Follow the steps below to install and configure Secure Logon 2.0:

  • Secure Logon 2.0 Installation
  • Secure Logon 2.0 Configuration
  • Setup Smart Card for Secure Logon 2.0

3.1 Secure Logon 2.0 Installation

Please note, the Secure Logon 2.0 installer is currently only available in German language. The Secure Logon 2.0 software itself is available in English.

Please download the software Secure Logon 2.0 Installer.exe and double click on the .exe file to install. Please follow the instructions of the installer:

  1. Click Weiter (Next) to start the installer

Image RemovedImage Added


2. Accept the End User License Agreement and continue the installation with Weiter (Next)

Image RemovedImage Added


3. Accept the location for installing the software with Weiter (Next)

Image RemovedImage Added


4. Select "Desktop Verknüpfung erstellen" (Add SecureLogon 2.0 icon on your desktop)

Image RemovedImage Added


5. Click Installieren (Install) to start the installation

Image RemovedImage Added


6. Click Lizenz jetzt einrichten (Activate License) and Fertigstellen (Finish) to complete the installation wizard.

Image AddedImage Removed


7. Secure Logon 2.0 Settings window opens. Please change the language to English on Settings > General > choose English

 Image RemovedImage Added


8. Go to License and click "For 30 days without any commitments" and continue with Confirm

9. The evalutaion key must be verified by a software activation. Choose the online activation and click Confirm. The evaluation key will be activated. The 30-day trial demo period can only be activated once per computer.

10. Please wait before installation is finished. 

11. The Secure Logon 2.0 Installer message appears. Image RemovedImage Added Please note: You do not need to restart your computer! 

Now, Secure Logon 2.0 software has been installed. Next step will be configuring Secure Logon 2.0 to be used with the AirID. 

3.2 Secure Logon 2.0 Configuration

Please start the Token Manager program, which has been installed with the Secure Logon 2.0. The Token Manager configures a security token - like the smart card in the AirID reader.

To use AirID with the inserted smart card, please proceed the following settings:

    1. Open Token Manager (from the START menu or type "token manager" in the search field) and go to Settings
    2. Change the used Modules from Desfire to SafeSign 
    3. And click on Apply Settings 
    4. Please print or make a note of the steps in chapter "3.3 Link the smart card with the user account credentials". This steps must be performed on the Windows Login site, so that you don't have the possibility to read this user guide.
    5. Restart your computer

Secure Logon 2.0 has been configured and the next step will be the setup of the smart card for Secure Logon 2.0.

3.3 Setup Smart Card for Secure Logon 2.0

To use the smart card (in the AirID reader) for Secure Logon 2.0 please follow the next steps:

  1. After the restart click Sign-in options on your desktop and click on the SecureLogon 2 icon (padlock form)
    Image AddedImage Removed


Anchor
Step2_3.3
Step2_3.3
2. A message "There are no credentials on this token. Store first credential on token " appears. Please click on "Store first credential on token".

Image RemovedImage Added


Tip

In case you see the message "The selected user is not linked to the token. Please select another user or token." please follow the steps at 3.4 "Use Secure Logon Manager to add new credentials"

FYI, in this case there are already some other user credentials stored on the smart card, i.e. because the card has been used before on another computer.


3. Now, you will be requested to enter the password of your Windows user account and the PIN (= 123456) of the smart card in the AirID reader.

Image RemovedImage Added

4. Press "Enter" and your Windows account has been linked to the smart card in the AirID. Now, you are logged in and from now on you will be able to log in using the smart card and the PIN.

Anchor
3.4
3.4
3.4 Use Secure Logon 2.0 Manager to Add New Credentials

If the message "The selected user is not linked to the token. Please select another user or token." appears at the setup of the smart card (step 2, chapter 3.3), it will be neccessary to login as usual with username and password and to use the Secure Logon Manager to store new credentials on the smart card.

Please follow the steps below:

  1. Click Sign-in options on your desktop and click on the "Key"-Icon
  2. Enter your Windows user account password to sign-in
  3. Start Secure Logon 2.0 Manager from the Icon added on your desktop (or type "Secure Logon 2.0 Manager" in the search field)
  4. The smart card label (e.g. AirID Evaluation-Kit) will be displayed. Please click on the icon or on the name (label)
  5. In the new window please click on the icon (silhouette) with the "+" plus sign to add new credentials
  6. Select the "Local Account" as account type which will be stored on the smart card. 
  7. Now, you will be requested to enter the username and password of your user account
  8. The credentials will be verified, encrypted and stored on the smart card. Please enter the smart card PIN (=123456).

Your credentials have been stored on the smart card and from now on you will be able to log in using the smart card and the PIN.


4. Setup & Using automated "Distance Log-Out"

4.1 Setup automated "Distance Log-Out" on Secure Logon 2.0

You have the possibility to configure what action should be taken when the smartcard is removed or the Bluetooth reader is out-of-range. Go to Secure Logon 2.0 Settings and at "Token removed" you can choose the action.

Image RemovedImage Added

If "Perform lock" is set and you remove the smart card from the AirID reader, your computer will be locked immediately. The access to your computer is automatically locked once the AirID exceeds a certain distance from the computer. 

4.2 Using automated "Distance Log-Out" with AirID

The AirId reader can log you out and locks WINDOWS automatically, if a (preset) distance between your computer and your AirID has been exceeded.

The "Distance Log-Out" is managed in AirID settings using "Coverage". 

Please set the "Coverage" value so that the access to the device is automatically locked when the predefined distance from AirID is exceeded.

    1. Make sure, AirID is connected via BLE with your working device
    2. Take your AirID and navigate to Settings > Coverage
    3. Select On
      Image RemovedImage Added
    4. Select Presetting and Near
      Image RemovedImage RemovedImage AddedImage Added

Optionally, you can select any other presetting value or do a manual setting.







Note

Settings can only be changed with an active Bluetooth connection between your computer and AirID reader.


Tip

To avoid unintended disconnects, keep in mind that the minimum distance for the automated log-out is about three meters between your computer and AirID reader.


Tip

The distance value for the coverage feature represents a relative value. It depends on the signal strength of the AirID, on the environment and on other interferencing signals.