Unlocking a Token by the Challenge-Response Method

If an incorrect Token Password is entered more than a pre-defined number of times, the token will be locked. Tokens, including SafeNet eToken Virtual tokens, can be unlocked if, and only if, an Administrator Password was set during initialization.

SafeNet eToken Rescue tokens cannot be unlocked.

CAUTION

The number of times that a token can be unlocked can be limited to a specific amount. If this number is exceeded and the token is locked, the token becomes unusable. If the token is a physical token, it must be initialized. If it is not a physical token, it must be replaced.

When the administrator has access to the user’s token, the administrator can unlock the token using the Set Token Password feature. (See Unlocking a Token by an Administrator)

Another way to unlock the token and set a new Token Password is to use the Challenge – Response authentication method. The user sends the administrator the Challenge Code supplied by SafeNet Authentication Client Tools, and then enters the Response Code provided by the administrator. The new Token Password set by the user replaces the previous password, and the token is unlocked.

This method requires a management system, such as SafeNet Authentication Manager, that can generate Response Codes.

NOTE

As of SAC 8.2 (standard mode), iKey devices are supported using the challenge response unlock method that is used for eTokens.

To unlock a token using the Challenge – Response method:

1         To use the Simple View to unlock a token, do the following:

a         Open SafeNet Authentication Client Tools Simple View.
See Opening the Simple View

b         In the left pane, select the required token.

c         In the right pane, select Unlock Token.

d         Continue with step 3.

2         To use the Advanced View to unlock a token, do the following:

a         Open SafeNet Authentication Client Tools Advanced View.
See Opening the Advanced View

b         Do one of the following:

l           In the left pane, select the node of the required token.
In the right pane, click the Unlock icon:
Unlock_Token_icon.png

l           In the left pane, right-click the node of the required token, and select Unlock from the shortcut menu.

c         Continue with step 3.

3         The Unlock Token window opens, displaying a value in the Challenge Code field.

 

eToken_Management00016.jpg

 

 

4         Contact your administrator, and provide the administrator with the Challenge Code value displayed.

NOTE

To copy the Challenge Code to the clipboard, click the Copy Challenge Code to clipboard icon:

Copy_challenge_data_icon.png 

 

CAUTION

After providing the Challenge Code to the administrator, do not undertake any activities that use the token until receiving the Response Code and completing the unlocking procedure.

If any other token activity occurs during this process, it will affect the context of the Challenge – Response process and invalidate the procedure.

5         The administrator provides you with the Response Code to be entered.

NOTE

Response Code creation depends on the back end application being used by the organization. Administrators should refer to the relevant documentation for information on how to generate the Response Code.

6         Enter a new Token Password in the New Token Password and Confirm Password fields.

7         If the new password is known to others and must be changed, select Token Password must be changed on first logon.

8         Click OK. A message confirms that the token was unlocked successfully.

9         Click OK.

 

 

SafeNet Authentication Client

© Copyright 2013 SafeNet Inc. All rights reserved.