A HOTP token is obtained by activating the reader, authenticating with a 5 digit PIN, and picking a numerically indexed host. Interactive menu and two digit shortcut methods are provided for host selection. Additional functionality includes Smart Card PIN change, overriding default increment-on-generate per-host HOTP count behavior, and firmware management.
With the HOTP displayed, press Enter to repeat the host selection process for additional token generation or Down Arrow to generate a token for the next host.
The HOTP token is displayed as 40 bit hexadecimal or 6-10 digit decimal based on the format bit field provided by the Smart Card.
Use the host selection shortcut to extend battery life.
Card/ON Power up reader.
Calc/OFF Power down reader, firmware menu. The reader should be powered down after utilizing the HOTP to extend battery life. A timeout will turn off the reader off without intervention.
Enter Select host. A single digit + Enter will select host 0..9. Minus other digits, Enter will select index 0.
0123456789 2 digit host index.
Clear Clear host digit.
* Change PIN.
# Toggle Challenge/Count input. The per-host count, incremented by 1 and stored on the SC after each HOTP generation can be overridden with this option. A count value of 0 indicates the HOTP value is to be calculated with the current stored count.
DOWN Enable host menu.
The PAR II is factory loaded with the HI-TECH Software Bootloaders for Microchip 16F87x version 1.
Firmware Download Procedure:
The download will progress and end in an error resetting the PIC. This is a bug in the PAR II downloader and can be safely ignored.
connect the Spyrus download cable to a workstation with htsoft-downloader or pic-downloader.
start htsoft-downloader or pic-downloader.
press CALC/OFF then down arrow 3 times to select DownloadApp.
press Enter to initiate the download.
press CARD/ON to verify new firmware is loaded.
The Spyrus PAR II HOTP application utilizes the onboard EEPROM for string storage allowing customization without re-compiling. A fixed memory map is as follows:
Offset Length Default Description ------------------------------------------------------------------------- 0 3 "maf" EEPROM Signature. Reset if no match. 3 5 "00000" Reader Key 8 12 "OARnet:2009 " Calculator message 20 12 " OARnet " Line 1 initial 32 12 "PIN: " Line 2 initial 44 12 " OARnet " Line 1 after PIN success 56 12 " Verified " Line 2 after PIN success 68 12 "Challenge: " Message to indicate count entry 80 12 "10 Failures " Line 1 card locked / excessive PIN fail 92 12 "Card Locked " Line 2 card locked / excessive PIN fail 104 12 " Access " Line 1 incorrect PIN 116 12 " Denied " Line 2 incorrect PIN 128 12 " No Hosts " Line 1, SC with no host entries 140 12 "Set New PIN " Line 1 reset PIN 152 12 "NewPIN: " Line 2 reset PIN 164 12 "Again: " Line 3 reset PIN 176 12 "PIN Changed " PIN Change notification 188 12 "No Card " No SC at powerup 200 12 "Try Harder " all PIN digits equal
EEPROM Load Procedure:
The EEPROM is customized with a Smart Card loaded with the Spyrus Personalization software SPYRUSP.IMG. Blocks of 16 bytes are loaded sequentially until the 8 bit block id has the high bit set. Use bcload to load a SC with SPYRUSP.IMG then the command spyrus-ee-set with otp-sca to store the EEPROM image on the SC. A default EEPROM configuration is supplied in the file oar.str which is converted to oar.ee with the str2ee utility. oar.ee is suitable for otp-sca.
Insert the SC loaded with SPYRUSP.IMG and configured using spyrus-ee-set with otp-sca>.
Press Card/ON. Enter the magic PIN 3#. The Spyrus reader will reset after the last block is loaded.