| We call all traditional smartcard/javacard or reader-less USB smartcard device "a token" for simplicity. |
|
The User PIN (Personal Identification Number) protects token data from unauthorized access and is required to perform certain Token operations. The minimal and maximal User PIN lenghts differs for different token models. ControlSphere can optionally enforce additional PIN complexity according to its Token security policy.
Most token models support User PIN lockout after a number of consecutive invalid tries as well as PIN unlocking with an Administrator PIN (also known as PUK - Personal Unblocking Code) with third-party utilities usually provided by the token manufacturer. ControlSphere is fully compliant with this function and will recognize locked tokens. |
|
This type of PIN protects ControlSphere token data and settings from third-party modification and re-initialization. Often this PIN is required to authorize modifications of ControlSphere data or allow sensitive data export from the token. It is also known as SO (Security Officer's) PIN as well as PUK (Personal Unblocking Code).
Some token models support Administrator PIN lockout after a number of consecutive invalid tries. ControlSphere is fully compliant with this function and will recognize locked tokens. |
|
| This type of PIN protects smartcard/token device from low-level re-initialization. |
|
A token which has been authorized by providing a valid User PIN or via fingerprint verification method. There can be only one such token at a time.
The authorized token is set automatically when a user provides a valid User PIN or fingerprint and there is no "authorized" token set yet.
ControlSphere monitors for token removal and clears the authorization state of a token on its removal (disconnection) event. A user is visually notified when a new Authorized Token is set or existing one is removed. |
|
| Token Image File is a sort of soft-token image which holds a snapshot of ControlSphere token data. It can hold partial or full data structure of the physical device. The file is protected by a secure password and ControlSphere uses super-strong chained AES256 bit encryption to maximally protect its data. In most cases the Token Image files can be used by ControlSphere alternatively to token devices in case when the physical device is not available. Contents of such files can be restored to original or another token device either completely or selectively with a range of data merging options. Use ControlSphere data Backup Manager to create Token Image files. |
|
