...\" $Header: /usr/src/docbook-to-man/cmd/RCS/docbook-to-man.sh,v 1.3 1996/06/17 03:36:49 fld Exp $ ...\" ...\" transcript compatibility for postscript use. ...\" ...\" synopsis: .P! ...\" .de P! \\&. .fl \" force out current output buffer \\!%PB \\!/showpage{}def ...\" the following is from Ken Flowers -- it prevents dictionary overflows \\!/tempdict 200 dict def tempdict begin .fl \" prolog .sy cat \\$1\" bring in postscript file ...\" the following line matches the tempdict above \\!end % tempdict % \\!PE \\!. .sp \\$2u \" move below the image .. .de pF .ie \\*(f1 .ds f1 \\n(.f .el .ie \\*(f2 .ds f2 \\n(.f .el .ie \\*(f3 .ds f3 \\n(.f .el .ie \\*(f4 .ds f4 \\n(.f .el .tm ? font overflow .ft \\$1 .. .de fP .ie !\\*(f4 \{\ . ft \\*(f4 . ds f4\" ' br \} .el .ie !\\*(f3 \{\ . ft \\*(f3 . ds f3\" ' br \} .el .ie !\\*(f2 \{\ . ft \\*(f2 . ds f2\" ' br \} .el .ie !\\*(f1 \{\ . ft \\*(f1 . ds f1\" ' br \} .el .tm ? font underflow .. .ds f1\" .ds f2\" .ds f3\" .ds f4\" .ta 8n 16n 24n 32n 40n 48n 56n 64n 72n .TH "Spyrus PAR II" "7" .SH "NAME" Spyrus PAR II \(em Spyrus PAR II reader with HOTP firmware .SH "SETUP" .PP .SH "KEY SEQUENCES" .PP .PP A HOTP token is obtained by activating the reader, authenticating with a 5 digit PIN, and picking a numerically indexed host\&. Interactive menu and two digit shortcut methods are provided for host selection\&. Additional functionality includes Smart Card PIN change, overriding default increment-on-generate per-host HOTP count behavior, and firmware management\&. .PP With the HOTP displayed, press Enter to repeat the host selection process for additional token generation or Down Arrow to generate a token for the next host\&. .PP The HOTP token is displayed as 40 bit hexadecimal or 6-10 digit decimal based on the format bit field provided by the Smart Card\&. .PP Use the host selection shortcut to extend battery life\&. .SS "Basic Functions:" .PP \fB\fP Power up reader\&. .PP \fB\fP Power down reader, firmware menu\&. The reader should be powered down after utilizing the HOTP to extend battery life\&. A timeout will turn off the reader off without intervention\&. .SS "PIN Entry:" .PP \fB<0123456789>\fP 5 digit PIN\&. Default is 28165\&. .PP \fB\fP Clear input\&. .PP \fB\fP Accept PIN sequence\&. .SS "Host Selection:" .PP \fB\fP Select host\&. A single digit + \fB\fP will select host 0\&.\&.9\&. Minus other digits, \fB\fP will select index 0\&. .PP \fB<0123456789>\fP 2 digit host index\&. .PP \fB\fP Clear host digit\&. .PP \fB<*>\fP Change PIN\&. .PP \fB<#>\fP Toggle Challenge/Count input\&. The per-host count, incremented by 1 and stored on the SC after each HOTP generation can be overridden with this option\&. A count value of 0 indicates the HOTP value is to be calculated with the current stored count\&. .PP \fB\fP Enable host menu\&. .SS "Host Selection With Menu:" .PP .PP \fB\fP Select host\&. .PP \fB\fP Cursor up one line\&. .PP \fB\fP Cursor down one line\&. .SS "HOTP Display" .PP .PP \fB\fP Jump back to host selection\&. .PP \fB\fP Generate token for next host\&. .SH "LOADING FIRMWARE" .PP The PAR II is factory loaded with the \fBHI-TECH Software Bootloaders for Microchip 16F87x version 1\fP\&. .PP \fBFirmware Download Procedure:\fR .PP The download will progress and end in an error resetting the PIC\&. This is a bug in the PAR II downloader and can be safely ignored\&. .PP \fIStep 1. connect the Spyrus download cable to a workstation with \fBhtsoft-downloader\fP or \fBpic-downloader\fP\&. .PP \fIStep 2. start \fBhtsoft-downloader\fP or \fBpic-downloader\fP\&. .PP \fIStep 3. press CALC/OFF then down arrow 3 times to select DownloadApp\&. .PP \fIStep 4. press Enter to initiate the download\&. .PP \fIStep 5. press CARD/ON to verify new firmware is loaded\&. .SH "EEPROM CUSTOMIZATION" .PP The Spyrus PAR II HOTP application utilizes the onboard EEPROM for string storage allowing customization without re-compiling\&. A fixed memory map is as follows: .PP .nf Offset Length Default Description ------------------------------------------------------------------------- 0 3 "maf" EEPROM Signature\&. Reset if no match\&. 3 5 "00000" Reader Key 8 12 "OARnet:2009 " Calculator message 20 12 " OARnet " Line 1 initial 32 12 "PIN: " Line 2 initial 44 12 " OARnet " Line 1 after PIN success 56 12 " Verified " Line 2 after PIN success 68 12 "Challenge: " Message to indicate count entry 80 12 "10 Failures " Line 1 card locked / excessive PIN fail 92 12 "Card Locked " Line 2 card locked / excessive PIN fail 104 12 " Access " Line 1 incorrect PIN 116 12 " Denied " Line 2 incorrect PIN 128 12 " No Hosts " Line 1, SC with no host entries 140 12 "Set New PIN " Line 1 reset PIN 152 12 "NewPIN: " Line 2 reset PIN 164 12 "Again: " Line 3 reset PIN 176 12 "PIN Changed " PIN Change notification 188 12 "No Card " No SC at powerup 200 12 "Try Harder " all PIN digits equal .fi .PP \fBEEPROM Load Procedure:\fR .PP The EEPROM is customized with a Smart Card loaded with the Spyrus Personalization software \fBSPYRUSP\&.IMG\fP\&. Blocks of 16 bytes are loaded sequentially until the 8 bit block id has the high bit set\&. Use \fBbcload\fP to load a SC with \fBSPYRUSP\&.IMG\fP then the command \fBspyrus-ee-set\fP with \fBotp-sca\fP to store the EEPROM image on the SC\&. A default EEPROM configuration is supplied in the file \fBoar\&.str\fP which is converted to \fBoar\&.ee\fP with the \fBstr2ee\fP utility\&. \fBoar\&.ee\fP is suitable for \fBotp-sca\fP\&. .PP \fIStep 1. Insert the SC loaded with \fBSPYRUSP\&.IMG\fP and configured using \fBspyrus-ee-set\fP with \fBotp-sca>\fP\&. .PP \fIStep 2. Press Card/ON\&. Enter the magic PIN 3#\&. The Spyrus reader will reset after the last block is loaded\&. .SH "AUTHOR" .PP Mark Fullmer maf@splintered\&.net .SH "BUGS" .PP The Spyrus reader is not waterproof and will not survive a permanent-press cycle\&. The Smart Card will survive your back pocket when seated, the reader may not\&. .SH "SEE ALSO" .PP \fBotp-sca\fP(1) \fBotp-sct\fP(1) \fBotp-control\fP(1) \fBpam_otp\fP(1) \fBhtsoft-downloader\fP(1) \fBurd\fP(1) \fBbcload\fP(1) \fBOpenVPN\fP(8) ...\" created by instant / docbook-to-man, Sun 12 Jun 2011, 15:01