4.6. Managing Smart Cards

4.6. Managing Smart Cards

The Manage Smart Cards page contains many of the operations that can be applied to one of the keys. This page allows users to format the token, set and reset the card's password, and show the card information. Two other operations, enrolling tokens and viewing the diagnostic logging, are also accessed through the Manage Smart Cards page. These are addressed in other sections.

Manage Smart Cards Page
Figure 4.6. Manage Smart Cards Page


4.6.1. Formatting the Smart Card

Formatting the card brings the smart card to the uninitialized state, which removes all the user keypairs previously generated and erases the password set on the smart card during enrollment.

The TPS server can be configured to load newer versions of the applet and symmetric keys onto the card. Do the following to format the smart card:

  1. Place a supported smart card into the USB slot of the computer. Make sure the card shows up in the Active Smart Cards table.

  2. Select Format from the Smart Card Functions section in the Manage Smart Cards screen.

  3. The TPS can be configured to authenticate smart card operations using credentials such as an LDAP user ID and password. If the TPS has been configured for user authentication, fill in the user credentials in the authentication prompt, and click OK.

  4. Wait for the token to finish being formatted. A success message will be displayed when the formatting operation is complete.

  5. When the formatting is complete, the Active Smart Cards table shows the key as uninitialized.

4.6.2. Reset Smart Card Password

If a user forgets the password for a smart card after the card is enrolled, it is possible to reset the password by doing the following:

  1. Place a supported smart card into the USB slot of the computer. Make sure the smart card shows up in the Active Smart Cards table.

  2. Click the Reset Password button in the Smart Card Functions window. A dialog for resetting the password on the card then opens.

  3. Enter a new smart card password value in the Enter new password field.

  4. Confirm the new smart card password value in the Re-Enter password field.

    Changing Password Dialog
    Figure 4.7. Changing Password Dialog

  5. The TPS can be configured to authenticate smart card operations using credentials such as an LDAP user ID and password. If the TPS has been configured for user authentication, fill in the user credentials in the authentication prompt.

  6. Wait for the token password to finish being reset.

4.6.3. Viewing Certificates

The View Certificates button shows basic information about the selected smart card, including the keys and certificates stored on it.

  1. Place a supported smart card into the USB slot of the computer. Make sure the card shows up in the Active Smart Cards table.

  2. Select the card from the list.

  3. Press the View Certificates button.

  4. Basic information about the certificates stored on the card is shown, including the serial number, certificate nickname, and validity dates. More detailed information about the certificate can be viewed by selecting a certificate from the list, and clicking View.

    Viewing Certificates
    Figure 4.8. Viewing Certificates

4.6.4. Enrolling Smart Cards

Although most smart cards will be enrolled using the automated enrollment, described in Section 4.4, “Smart Card Auto Enrollment”, there is an alternative way of enrolling smart cards through the Manage Smart Cards page.

Manual Enrollment Form
Figure 4.9. Manual Enrollment Form

Enrolling a token with the user key pairs means the token can be used for certificate-based operations such as SSL client authentication and S/MIME.

NOTE

The TPS server can be configured to generate the user key pairs on the server and then archived in the DRM subsystem for recovery if the token is lost.

  1. Place a supported, unenrolled, smart card into the USB slot of the computer. Make sure the card shows up in the Active Smart Cards table at the top.

  2. Press the Enroll button. This button is active only if the inserted card is unenrolled.

  3. A dialog opens which is used to set the password on the smart card. Enter a new key password value in the Enter a password field.

    Confirm the new card password value in the Re-Enter a password field.

  4. Click OK to begin the enrollment.

  5. The TPS server can be configured to authenticate the enrollment operation. If the TPS has been configured for authentication, enter the user credentials when the dialog box appears, and click OK.

    LDAP Authentication Prompt
    Figure 4.10. LDAP Authentication Prompt

  6. The enrollment process will begin generating and archiving keys, if the TPS is configured to archive keys to the DRM.

  7. When the enrollment is complete, the smart card will be listed as enrolled.