Personal Cryptographic Data Security Tool
SHIPKA PCDST INSTALLATION AND CONFIGURATION
The SHIPKA CDSS is installed and configured in several steps:
1. Special software installation to the hard drive.
ATTENTION! If the previous version of software for the SHIPKA PCDST is installed, you MUST uninstall it!
2. Connection of the SHIPKA device using the USB slot in the system unit of your PC.
3. Installation of the system driver for the device.
4. Initialization and formatting of the SHIPKA device
5. PIN code change.
A detailed description of all steps is given below.
1. Software Installation
To install special software to the hard drive of your personal computer (PC), you need to run the AcSetup.exe program from the CD. The Language Selection window will be displayed. At present, there is an option for installation (and further operation of all software components) in two languages - Russian and English. After you have selected the language, the startup procedure for installation will begin and the Startup window with general information will be displayed (Fig. 1).
Fig. 1. Startup window for the installation procedure.
Using the left mouse button click the Next button to proceed. To cancel the installation, you need to click the Cancel button.
The text of the license agreement will be displayed in the next window. If the user agrees to its terms and conditions, it is necessary to click the "I accept the terms of the License Agreement" and "Next" buttons. If you do not agree to the terms and conditions of the license agreement for some reason, you must cancel the installation by clicking the Cancel button.
In the next window, you can select installation options. In the Complete option, all software components and libraries are installed in \Program Files\OKB SAPR Ltd.\ACShipka directory. The following components are installed to the hard drive: driver for the device, library providing an access to the SHIPKA functions from the application software level, driver for the virtual smart card reader, program for file encryption/signature, program for local user identification, certificate viewer, cryptoprovider of the Microsoft CryptoAPI standard, library supporting the PKCS#11 standard.
Fig. 2. Installation option selection
The Custom installation option enables the user to select the components to be installed and directory for the files on his/her own (Fig. 3). By clicking the Browse button, you can choose any folder. If there is no folder with this name in the hard drive, it will be created; if there is such a folder, the folder selection window will be displayed for the backup of previously installed files (if the user needs this procedure).
Fig. 3. Window of individual component selection
After you have checked the components you wish to install to your computer, you need to click the Next button. The Ready for Installation window will be displayed. By clicking the Next button, you will confirm the installation and the process of copying files to the hard drive will begin. When the driver for the virtual smart card reader is installed, a message about the absence of any test for compatibility with the PC will be displayed (Fig. 4).
Fig. 4. Warning message
Do not hesitate to check the Continue button. The driver will be successfully installed, and the new class of Smart card readers as well as new device (Accord Virtual Smart Card Reader for SHIPKA) will appear in the list of devices. This driver is required for the SHIPKA PCDST to be used as a smart card.
When the file copying process is over, the message saying that the installation is complete will be displayed.
To complete the installation procedure, you will need to reboot your computer.
2. Hardware connection - connection of the SHIPKA device
The SHIPKA device is connected in a standard way, i.e. by insertion into a vacant USB slot in the system unit of your PC.
3. Installation of the system driver for the SHIPKA device
ATTENTION! For the correct installation of the driver, it is necessary to log in as a user with the administrator's rights.
Thus, you have installed software to the hard drive and rebooted your computer. After the first connection of the SHIPKA PCDST to the USB port, the operating system will find a new device. If the automatic update option is on in the settings of your operating system, you will be suggested to search for an appropriate driver in the Internet. You need to select the "No, later" option and click the Next button. The New Hardware Wizard will be launched. You need to select the Automatic Installation option and click the Next button.
Installation of the driver for the SHIPKA device will begin. After the driver is installed on the system (it will be installed to the \WINDOWS\System32\Drivers\ directory), the Finish window of the New Hardware Wizard will be displayed. Click the Finish button.
The driver for the device has been installed.
4. Initialization (formatting) of the SHIPKA device
Before using the new SHIPKA device for the first time, you need to perform an initialization (formatting) procedure.
ATTENTION! If you do not perform this procedure, no internal functions of the SHIPKA device will be available.
Before the initialization procedure, you need to set up the parameters for this procedure.
Parameters for the authorization are to be set by the administrator of SHIPKA PCDST (and this is the only function of the administrator, he can do nothing else, and he doesn't know the user's PIN-code. If SHIPKA PCDST is used personaly, the owner of SHIPKA is its administrator as well.
To launch the Settings program, you should select <Start>-<Programs>-<AcShipka>-<Utilities>-<Authorization parameters>. The Settings window will be displayed (Fig. 9).
Fig. 9. Settings window for the authorization parameters for the SHIPKA PCDST
In the left side of the window, you can select any particular device by its serial number or check the All option. In this case, the authorization parameters will be defined for all SHIPKA devices connected to the USB ports of your computer at this moment.
In the middle part of the window, you can select the formatting mode to be "With PUK formatting" or "Without PUK formatting".
The PUK code is a sequence of digits and letters created in a random way in the formatting process. To enable the PUK code generation, you must turn on this option at the time of initialization and set up parameters for the PUK code.
- PUK length - number of symbols in the PUK code;
- wrong attempts - number of allowed errors when the PIN code is entered. After the allowed number of attempts to enter the PUK code is used, any access to the SHIPKA PCDST will be completely blocked.
In the right side of the window, parameters for the PIN code are set up.
- minimum and maximum length - these parameters define the lower and upper limits for the number of characters in the PIN code.
NOTE: After the initialization (formatting) of the SHIPKA device has been completed, the PIN code will not be set up automatically, and the user will need to enter his/her own PIN code (see clause 2.5).
- The Alphabet parameter defines the set of characters to be used when the PIN code is entered for the first time or changed later. It is possible to select either one or several sets of characters by checking the necessary option. The set of special characters comprises characters to be entered by pushing a combination of buttons: Shift-(0-9).
NOTE: When selecting the alphabet, you should take into account that the PIN code must comprise at least one character from each of the selected sets. It is possible to set up a PIN code comprising other characters in addition to the "compulsory" sets, e.g. it is possible to use letters in the PIN code when the Digits option is checked, but it will be impossible to enter a PIN code comprising only letters.
- The "number of wrong attempts" defines the number of allowed errors when the PIN code is entered. After this number of attempts is exceeded, the SHIPKA PCDST will be blocked.
ATTENTION! The following parameter is very important for all further work with the SHIPKA device. If you check the Default option and click the Install button, the selected authorization parameters for the SHIPKA PCDST will be set up as default once and for all, i.e. it will be impossible to change them even by using this program. You should select this parameter only if you are sure the selected settings are fully compliant with the safety policy and you will not need to set up any other parameters in future. If you are not sure about this, you should not use this option.
If the Default option is not checked, you will be asked to enter the administrator password when you click the Install button.
The next step you need to take is the direct initialization (formatting) of the SHIPKA device. As already mentioned above, the Settings program for the authorization parameters only defines the rules for formatting PIN and PUK codes, and the very initialization is done by a separate utility. The initialization utility is launched as follows: <Start>-<Programs>-<AcShipka>-<Utilities>-<Initialization>. In the main window of the program (Fig. 10), there are three tabs: "Change the PIN", "Format" and "Unblock".
Fig. 10. Formatting the SHIPKA device
All operations to be performed in this program do not require any administrator password to be entered but are strictly regulated by the policy specified in the Settings program for the authorization parameters. The user cannot change these parameters on his/her own.
The first operation to be performed with the new SHIPKA device is formatting.
You need to check the Format tab and click the OK button. If the administrator set up the formatting mode with the formation of a PUK code (it is urgently recommended to set up this very mode because this will help avoid problems in case the device is blocked), the first formatting must be done with the PUK formation, and this rule cannot be bypassed. When the operation is performed, a window suggesting to save the generated PUK code to a file will be displayed (Fig. 11). Any further formatting procedures can be performed without the formation of any PUK code, and the PUK code that was formed as the latest one will be valid.
The user can choose to save it or refuse to save it but the backup copy of the unblocking code will help in case the user forgot it. This file can be saved to any removable carrier and stored in a safe place.
Fig. 11. Request to save the PUK code to a file
After the formatting has been completed and the PUK code is saved successfully, the following message will be displayed
5. SHIPKA PIN code change
The next step of the SHIPKA PCDST operation involves the PIN code activation. After the formatting operation your PIN code is deleted, and the user must enter a new PIN code. To do this, select the Change PIN Code tab in the initialization program. This procedure is used both for entering a new code in the formatted device and for changing the PIN code if desired by the user. You do not need to enter the old PIN code to enter a new PIN code in the formatted device (the Old PIN Code field is inactive). You just need to enter a new code and then repeat it, and click the OK button (Fig. 14).
Fig. 14. New PIN code entry procedure
If the right code has been entered, a message about the successful PIN code change will be displayed. If the code you have entered again does not match the first string of symbols, a respective message will be displayed.
SHIPKA PCDST is ready for use now. But nevertheless we do strongle recommend not to rely on the friendly inerface of the programms, but read the appropriate section in the Operation Manual carefully prior to using the software!
The life is to be easier!