IDGo 800 User Tool For Windows An
IDGo 800 User Tool For Windows An
IDGo 800 User Tool for Windows & Mac: User Guide 2
Document PN: 007-013397-001, Revision B, © Gemalto 2016. All rights reserved.
Gemalto and the Gemalto logo are trademarks and service marks of Gemalto and are registered in certain countries.
Contents
Contents
Preface .................................................................................................................................. 4
Audience ......................................................................................................................................................... 4
IDGo 800 User Tool for Windows & Mac: User Guide 3
Document PN: 007-013397-001, Revision B, © Gemalto 2016. All rights reserved.
Gemalto and the Gemalto logo are trademarks and service marks of Gemalto and are registered in certain countries.
Preface
Preface
The IDGo 800 User Tool for Windows and Mac is another component that makes up Gemalto’s IDGo 800
Middleware.
It is used to manage the contents of your IDPrime MD and IDPrime .NET smart cards.
Administrators use IDGo 800 User Tool to set smart card policies. Users use IDGo 800 User Tool to perform
basic smart card management functions, such as changing passwords and viewing certificates on the smart
card. In addition, IDGo 800 User Tool provides users and administrators with a quick and easy way to import
digital certificates and keys between a computer and a smart card.
The User Tool also provides information about the smart card, including its identification and capabilities. It has
access to information stored on the card such as keys and certificates, and enables management of content,
such as password profiles.
NOTE: Do not remove the card from the reader during operation. This may cause
corruption of data on the card.
Audience
This document is targeted to system integrators who want to integrate the software with other applications and
for end-users.
It is assumed that users are familiar with IDPrime smart cards and smart card reader technology, as well as
computer hardware and software.
It is assumed that the user of the IDGo 800 User Tool has administrative privileges for the computer on which
the IDGo 800 Minidriver will be installed.
IDGo 800 User Tool for Windows & Mac: User Guide 4
Document PN: 007-013397-001, Revision B, © Gemalto 2016. All rights reserved.
Gemalto and the Gemalto logo are trademarks and service marks of Gemalto and are registered in certain countries.
1 – Prerequisites and System Requirements
1
Prerequisites and System Requirements
This chapter provides information on what’s required before installing the IDGo 800 User Tool, and which
Operating Systems and Smart Cards are supported.
Prerequisites
IDGo 800 Minidriver must be installed first.
NOTE: The screen captures in this document were taken on a Windows OS. The
IDGo 800 User Tool for Mac (screens and functionality) is identical to the Windows
version.
IDGo 800 User Tool for Windows & Mac: User Guide 5
Document PN: 007-013397-001, Revision B, © Gemalto 2016. All rights reserved.
Gemalto and the Gemalto logo are trademarks and service marks of Gemalto and are registered in certain countries.
1 – Prerequisites and System Requirements
NOTE: PIN Pad capabilities are not supported on IDBridge CT700 and CT710
readers.
Localizations
IDGo 800 User Tool for Windows and Mac support English and Brazilian Portuguese.
IDGo 800 User Tool for Windows & Mac: User Guide 6
Document PN: 007-013397-001, Revision B, © Gemalto 2016. All rights reserved.
Gemalto and the Gemalto logo are trademarks and service marks of Gemalto and are registered in certain countries.
2 – Launching IDGo 800 User Tool
2
Launching IDGo 800 User Tool
IDGo 800 User Tool is a standalone application. It can be downloaded, copied and launched by users without
administrator privileges.
IDGo 800 User Tool for Windows & Mac: User Guide 7
Document PN: 007-013397-001, Revision B, © Gemalto 2016. All rights reserved.
Gemalto and the Gemalto logo are trademarks and service marks of Gemalto and are registered in certain countries.
3 – Working with the IDGo 800 User Tool
3
Working with the IDGo 800 User Tool
The IDGo 800 User Tool for Windows and Mac is compatible with IDPrime MD & IDPrime .NET smart cards. The tool
allows users and administrators to change a PIN, unblock a PIN, as well as to access and manage information stored
on a connected smart card, such as keys and certificates.
Certificates Tab
If the smart card contains certificates, a list of the appropriate certificates on the card is displayed in the Certificates
Tab.
The following can be viewed in the Certificates Tab:
• Card Type
• Card Unique Identifier (GUID)
• Card Serial Number (CSN)
• CA/Root Certificates
• User Certificates with Private Keys
IDGo 800 User Tool for Windows & Mac: User Guide 8
Document PN: 007-013397-001, Revision B, © Gemalto 2016. All rights reserved.
Gemalto and the Gemalto logo are trademarks and service marks of Gemalto and are registered in certain countries.
3 – Working with the IDGo 800 User Tool
User Description
Function
Delete specific certificates from the card, without removing all deletable objects from the card using
the Recycle feature. See Deleting Certificates on page 10.
Connect to the smart card using the Minidriver to read the data stored on the card. This process runs
in the background. Nothing is displayed on the screen.
Clicking this button will activate the PIN Management Tab fields. See
PIN Management Tab on page 12 for more details.
IDGo 800 User Tool for Windows & Mac: User Guide 9
Document PN: 007-013397-001, Revision B, © Gemalto 2016. All rights reserved.
Gemalto and the Gemalto logo are trademarks and service marks of Gemalto and are registered in certain countries.
3 – Working with the IDGo 800 User Tool
3. Use Certificate window to see details about your certificates, modify them, delete them, or request new ones.
4. Click OK to close the Certificate window.
Deleting Certificates
To delete a certificate:
1. Open the IDGo 800 User Tool application.
2. Select the Certificates Tab, and then click the certificate you want to delete.
3. Click Delete.
The Enter User PIN window opens.
Exporting Certificates
To export a certificate:
1. Open the IDGo 800 User Tool application.
2. Select the Certificates Tab, and then click the certificate you want to export.
3. Click Export.
The Save As window opens.
4. Select the location to store the certificate, enter a file name, and click OK.
Importing Certificates
When importing a certificate, the private key and corresponding certificate are imported to the smart card. The user is
asked to enter a password that protects the certificate file.
The following certificates are supported:
• User Certificates (.pfx/.p12 files) – Both the private key and certificate are loaded into the card.
• CA/Root Certificates (crt/pem files) – These certificates are loaded into the ‘Root Certificates’ folder on the
card.
To Import a Certificate from a file:
1. Open the IDGo 800 User Tool application.
2. Select the Certificates Tab, and click Import.
IDGo 800 User Tool for Windows & Mac: User Guide 10
Document PN: 007-013397-001, Revision B, © Gemalto 2016. All rights reserved.
Gemalto and the Gemalto logo are trademarks and service marks of Gemalto and are registered in certain countries.
3 – Working with the IDGo 800 User Tool
NOTE: If an incorrect PIN is entered more than a pre-defined number of times, the
smart card becomes blocked.
IDGo 800 User Tool for Windows & Mac: User Guide 11
Document PN: 007-013397-001, Revision B, © Gemalto 2016. All rights reserved.
Gemalto and the Gemalto logo are trademarks and service marks of Gemalto and are registered in certain countries.
3 – Working with the IDGo 800 User Tool
NOTE: Administrators can define several PIN quality parameters. Contact your
Gemalto sales representative for more details.
If no CMS was used to define the initial PIN, ensure strong, two-factor security by changing the initial PIN to a private
one as soon as the new card is received.
It is the user’s responsibility to remember the PIN. Without it, the card cannot be used.
If the card is set with an Administrator PIN, then only an administrator can configure or delete the contents of the
card.
NOTE: Users may change the Admin key in cases where the IDPrime card is not
managed by an administrator.
IDGo 800 User Tool for Windows & Mac: User Guide 12
Document PN: 007-013397-001, Revision B, © Gemalto 2016. All rights reserved.
Gemalto and the Gemalto logo are trademarks and service marks of Gemalto and are registered in certain countries.
3 – Working with the IDGo 800 User Tool
The following functions are available from the PIN Management Tab:
Table 2: PIN Management tab functions
User Description
Function
Saves the changes made to the User PIN, Admin PIN, and Signature PUK.
Connects to the smart card using the Minidriver and reads/updates the card’s contents.
Clicking this activates the PIN Management Tab fields.
The User Tool analyzes the contents of the card and updates the list of PIN roles that can be
changed/unblocked dynamically. If your card has a simple profile with a User PIN and an Admin Key,
the Signature PIN and Signature PUK profiles will not appear in the list of PIN roles.
Old PIN/Old Admin Key Enter the current User PIN/Admin Key.
IDGo 800 User Tool for Windows & Mac: User Guide 13
Document PN: 007-013397-001, Revision B, © Gemalto 2016. All rights reserved.
Gemalto and the Gemalto logo are trademarks and service marks of Gemalto and are registered in certain countries.
3 – Working with the IDGo 800 User Tool
5. Click Change.
A message confirms that the PIN was changed successfully.
NOTE: Users may unblock their PIN in cases where the IDPrime card is not
managed by an administrator.
PIN Role User PIN – Select this option to unblock the User PIN.
4. Click Unblock.
A message confirms that the PIN was unblocked successfully.
IDGo 800 User Tool for Windows & Mac: User Guide 14
Document PN: 007-013397-001, Revision B, © Gemalto 2016. All rights reserved.
Gemalto and the Gemalto logo are trademarks and service marks of Gemalto and are registered in certain countries.
3 – Working with the IDGo 800 User Tool
To unblock a User PIN on Windows using the Admin Key Challenge Response Method:
The scenario below describes how a user can unblock the User PIN on Windows using the Admin Key Challenge
Response method, while speaking to IT Help Desk personnel over the phone.
1. Open the IDGo 800 User Tool application.
2. Select the PIN Management Tab.
3. In the Operation Type field, select Unblock.
4. In the PIN Role field, select User PIN.
5. Leave the Admin Key field empty and enter a New PIN.
6. Click Unblock.
The Please enter the cryptogram window opens.
7. The Card Challenge value displayed must be communicated to the help desk personnel over the phone.
8. The help desk personnel generate a Cryptogram value, which is communicated back to the user over the phone.
IDGo 800 User Tool for Windows & Mac: User Guide 15
Document PN: 007-013397-001, Revision B, © Gemalto 2016. All rights reserved.
Gemalto and the Gemalto logo are trademarks and service marks of Gemalto and are registered in certain countries.
3 – Working with the IDGo 800 User Tool
As soon as the unblocking process completes, a User PIN unblocked successfully message appears.
PIN Role User PIN – Select this option to unblock the User PIN.
IDGo 800 User Tool for Windows & Mac: User Guide 16
Document PN: 007-013397-001, Revision B, © Gemalto 2016. All rights reserved.
Gemalto and the Gemalto logo are trademarks and service marks of Gemalto and are registered in certain countries.
3 – Working with the IDGo 800 User Tool
4. Click Unblock.
A message confirms that the PIN was unblocked successfully.
To unblock a Signature PIN:
IDGo 800 User Tool for Windows & Mac: User Guide 17
Document PN: 007-013397-001, Revision B, © Gemalto 2016. All rights reserved.
Gemalto and the Gemalto logo are trademarks and service marks of Gemalto and are registered in certain countries.
3 – Working with the IDGo 800 User Tool
PIN Role Signature PIN – Select this option to unblock the Signature PIN.
4. Click Unblock.
A message confirms that the Signature PIN was unblocked successfully.
Recycling a Card
Objects stored on your MD/.NET cards include data objects (profiles), keys, CA certificates, User certificates, and
custom data files including PKCS#11 related files.
The recycle card function removes all deletable objects from the card. Non-deletable objects such as Minidriver base
system files (cardid, cardcf, and cardapps) are not removed from the card.
Only non-Common Criteria smart cards may be recycled.
NOTES:
- If your IDPrime MD card is configured with the Re-init token install parameter
is set to Yes, the card is recycled even if the Admin Key is blocked.
- The recycle feature is not available for IDPrime MD 840/3840/3841/8840
smart cards (Common Criteria).
IDGo 800 User Tool for Windows & Mac: User Guide 18
Document PN: 007-013397-001, Revision B, © Gemalto 2016. All rights reserved.
Gemalto and the Gemalto logo are trademarks and service marks of Gemalto and are registered in certain countries.
3 – Working with the IDGo 800 User Tool
New PIN Enter a new User PIN. The new PIN is saved on the clean card.
NOTES:
On a Mac OSX, the recycling feature is supported only if the card profile has a
User PIN and Admin Key.
IDGo 800 User Tool for Windows & Mac: User Guide 19
Document PN: 007-013397-001, Revision B, © Gemalto 2016. All rights reserved.
Gemalto and the Gemalto logo are trademarks and service marks of Gemalto and are registered in certain countries.
3 – Working with the IDGo 800 User Tool
If more than one Gemalto USB Smart Card Reader is connected, you can select which
reader to work with:
• Choose Reader Automatically – The application will select a reader.
• Select any other Smart Card Reader – Manually select a connected reader.
Support Contacts
If you encounter a problem while installing, registering or operating this product, please make sure that you have read
the documentation. If you cannot resolve the issue, contact your supplier or Gemalto Customer Support. Gemalto
Customer Support operates 24 hours a day, 7 days a week. Your level of access to this service is governed by the
support plan arrangements made between Gemalto and your organization. Please consult this support plan for
further information about your entitlements, including the hours when telephone support is available to you.
Address Gemalto
4690 Millennium Drive
Belcamp, Maryland 21017, USA
Phone US 1-800-545-6608
International 1-410-931-7520
IDGo 800 User Tool for Windows & Mac: User Guide 20
Document PN: 007-013397-001, Revision B, © Gemalto 2016. All rights reserved.
Gemalto and the Gemalto logo are trademarks and service marks of Gemalto and are registered in certain countries.