SIMcrypt© - SmartCard Token

SIMcrypt© - SmartCard Token
User Guide
SIMcrypt
©
Secure access protection with mobile
phone card (SmartCard Token v3)
CONTENT
User Guide ------------------------------------------------------------- 1
CONTENTTOCAccess protection with mobile phone card ---- 2
Access protection with mobile phone card ---------------------- 3
Setup -------------------------------------------------------------------- 4
Start --------------------------------------------------------------------- 5
Program window ----------------------------------------------------- 6
Menu ------------------------------------------------------------------- 10
Operation-------------------------------------------------------------- 15
Application strategies ----------------------------------------------- 18
Application Examples ----------------------------------------------- 20
Special Functions ---------------------------------------------------- 25
Error messages ------------------------------------------------------- 30
Technical data -------------------------------------------------------- 31
Appendix -------------------------------------------------------------- 32
page 2 of 36
Access protection with mobile phone card
SIMcrypt© is a Login manager which combines a new
operating concept with a new memory concept. Confidential
data is stored on a commercial SIM (which may no longer be
needed for the telephone service) and is protected by the
approved PIN-/ PUK system. This technology is also known
under the trade designations "eToken" or "smart card token."
Unlike conventional eToken, SIMcrypt© allows a connection
with many different applications.
The confidential data from the table window is transferred
directly from the SIMcrypt© into the target application by
drag and drop. Typing or copying /pasting are now a thing of
the past. The process is also referred to as P2P or E2E
encryption.
Alongside these basic functions SIMcrypt© also offers many
additional functions which greatly simplify password
management.
SIMcrypt© runs under Windows from version 2000, requiring
a USB 2.0 interface at least (possibly not via Hub) and is
suitable for 32 and 64 bit systems. The drivers are WHQL
certified.
page 3 of 36
Setup
Do not connect the chip card reader as yet. Start up
SetupSC.exe and follow the user guide. You can decide
whether SIMcrypt© should be run in future when starting the
computer during installation.
In addition to SIMcrypt© the 3G CardManager also belongs to
the scope of delivery, enabling you to process SIM cards for
use in mobile phones. The serial number (ICCIC) can also be
changed or the AutoSave Keys can subsequently be changed
(more about this later) with some SIM cards.
Please note: The SIM card is protected by the PIN / PUK
system with data stored by SIMCrypt©. In the case of a
commercially available SIM card the network operator can
identify the PUK with the serial number (ICCID) of the SIM
card.
The supplied SIM card is not associated to a mobile phone
operator. Apart from that the serial number can be changed
as desired with the 3G CardManager. It is no longer possible
to allocate a PUK after a change of this serial number. Other
blank SIM cards can be ordered.
SIMcrypt© contents (SIMsafe) can also be protected with
password and / or key file. Access to data is not possible
without the password/code even when the PIN/PUK is
known.
You can connect the SIMcrypt© chip card reader on finishing
the setup. Be patient while Windows® then installs the
required driver.
page 4 of 36
Start
Session and SIMsafe
A "session" with SIMcrypt© describes the running time of the
program after first reading a SIM card. The actual file on a SIM
card is designated as "SIMsafe". The entire session is
encrypted with this on entering a password (code).
The SIM card can be processed, swapped for another SIM card
(which is processed using the same password) or changed for
copying during a session.
A session is ended by
 ending the program
 the safety function "switch off SIM card automatically"
during inactivity
 the command "end session"
The command "reread SIM card" does not end the session.
Start with Session Password
Start the SIMcrypt© software and insert a SIM card. You are
first requested to enter a password ("session password") with
which all of the following SIMsafe operations are encrypted.
SIMsafe content should not be encrypted also with improper
use of the PIN or PUK when using such a (secure) password or
a code. This danger can also be countered by changing the
ICCID. A session password can be activated and deactivated
by "Specials" -> "Protect SIMsafe with password“.
An info window appears on starting SIMcrypt© with password
request, which you can leave by pressing OK if you do not
want to use the password/code. Otherwise activate the
Checkbox and follow the user guidance (e.g. also “Additional
protection with a code”).
page 5 of 36
After a click on the QR Code button you may read your
password which has been encrypted as QR code. Please find
more information in the “Specials” menu chapter.
Enter the pin of the SIM card (via the computer keys or screen
keys) on the next request. The PIN should be between four
and eight digits in length. You can later change the PIN in
SIMcrypt© however, we advise you to at least assign six digits.
page 6 of 36
Program window
The program window consists of at least five function areas:
 Menu bar above with menu entries on the left and function
buttons on the right
 Data table for intended use (multiple function) and
password entries
 Info window with details for chip card reader and SIM card
 Button field for frequently used functions as well as
 Status bars for current messages and timer displays for
automatic switch off
The menu options in the menu bar offer access to the central
functions of SIMcrypt©.
The functions buttons
The functions buttons are also available with reduced
program view. The left button switches between larger and
smaller program view, the middle one between constant
display of the window on the upper level or standard view
and the right one starts rereading the inserted SIM card.
The Data table
The data table is the control centre of SIMcrypt©. Here the
usages are entered on the left hand side and the passwords on
the right hand side. You can directly edit marked entries
under "Application" by operating the F2 key or open an editor
window with Strg-M.
page 7 of 36
The usage entry can accept several tasks at the same time:
The range of possibilities is easily controllable if the
application examples are referred to in the appendix.
Options in the overview:
 Representation of a "corresponding" designation for the
password entry
 a valid link (on a local programme of web address) in
addition to possible selection parameters
 recording a text for transmission by drag and drop (e.g. a
user name or an email address)
 recording smaller files, e.g. PGP keys or smaller executable
file (bat or cmd)
At the same time the “@” symbol (the first with several “@”
symbols in a line) separates both tasks "Information” and
"Link Selection" on the one hand and drag and drop contents
on the other.
The right column of the table only takes on one function: it
stores the passwords. The passwords can be displayed by
selecting "Specials". The display is only available for a few
seconds in the interests of security.
You can select from different self-explanatory organization
options by simply right clicking in a table row. You can
include small files with PGP keys with “include files content”
or batch files in the table (attention: SIM cards have small
memory capacity). These files can be dragged into Windows
Explorer by drag and drop. Executable files (*.bat or *.cmd)
can also be directly executed by double clicking the table
entry.
The editor mode is activated by holding down Strg-M. In this
mode the password generator is available in the password
page 8 of 36
field with a right click. The quality of the passwords is
displayed by a coloured line under the table. Experiment with
the data table and consult the application examples in the
appendix.
The info window
The info window on the right contains all the details about the
chip card reader and the SIM card inserted. A right click on
individual entries provides the respective copying function – a
useful function e.g. with support queries via email.
The information in the status bars depends on the context.
You should keep the capacity instructions for inserted SIM
cards in mind when using SIMcrypt© intensively.
page 9 of 36
Menu
File
After starting the program SIMcrypt© searches for a
connected chip card reader in the interfaces: this search for
the current session can be switched off under “File” -> “Offline
Mode enabling the operation of SIMcrypt© in portable mode.
Likewise “SIM safe save/load” relates to the portable mode.
When using these functions you will be prompted to
determine the password/code for SIMsafe in order to protect
SIMsafe from unauthorized access. You should select an
appropriately complicated variant when specifying a
password/code according to the importance of the data since
the central feature of SIMcrypt©, protection through the
PIN/PUK system is not available with exported file. More
precise instructions about the portable mode are found in the
application examples.
The use of “SIM card formatting” is only required with SIM
cards which were already used for SIMcrypt© but should still
be deleted.
„Store SIMsafe on SIM “ is only active for operation as soon as
the content of the data table is changed. The option is also
displayed as security query when ending SIMcrypt© (also with
automatic switch off). At the same time the saving process
triggers the creation of AutoSave file with corresponding presetting's in "Specials" (also see “special functions” below).
page 10 of 36
Tools
The PIN Management functions are found under “Tools”.
Options for PIN2 and PUK2 are only of interest provided they
operate the SIM parallel to activated FDNs (whoever does not
know this will [and should] not know).
page 11 of 36
Specials
The “Terminal Selection” enables the decisive selection of a
particular chip card reader from several connected devices
(e.g. with production of a security copy from SIMcrypt© On
Board to an external SIMcrypt© reader).
“Terminal interface” enables the selection between new
SIMcrypt© chip card readers (PL2303) and Chipy™ models
(vii and v2).
The “Cards Access Mode” recognizes the card type inserted
with “Automatic Selection”. It is recommended selecting
“GSM” when encountering problems with older cards.
“QR Code Reader” allows you to select an installed
application to read QR codes. If the password request has
been activated you may, instead of entering a password with
your keyboard, start the selected application to read the
encrypted password.
page 12 of 36
The following applications have successfully been tested with
SIMcrypt:
QuickMark (http://www.quickmark.cn/En/basic/index.asp) and
bcWebCam (http://www.qualitysoft.de/de/produkte/bcwebcam.html).
QuickMark also allows you to create QR codes in offline mode.
Another QR code application is the Portable QR-Code
Generator (https://sites.google.com/site/qrcodeforwn/home). When you
have created your QR password please don’t forget to destroy
all paper editions and delete all files relative to it!
“Window transparency” hinders the catching of confidential
information by shoulder surfers. It also hinders so called
“Screen Loggers” who secretly photograph or film screen
contents.
"Protect SIMsafe with password“ activates or deactivates
the request to enter a session password with which the
SIMsafe is encrypted when starting the program.
In the active state “Switch off SIM card automatically”
ensures that the session is switched off after two inactive
minutes (also see “special functions” below).
The password functions are self-explanatory.
“Automatic backup” and “re-establish security data” refer
to a special administrator function. A security copy is saved
with each change to the content of a SIM card (SIMsafe) if this
function is activated. This copy is encrypted with respect to a
128 bit code which is stored on the SIM card. The blank SIM
cards delivered already contain this code (see PIN letter). This
code can be changed as desired with the 3G CardManager
(also see "Special Functions"). SIMcrypt© recognises if a
commercial SIM card is used without this code and generates
such a code itself. The recovery key, regardless of whether it
is delivered, changed or regenerated, can be displayed with
the function "Display Recovery Key“ and written on a piece
of paper or transmitted by copying / pasting to a secure
destination e.g. an encrypted USB stick for safekeeping.
page 13 of 36
Likewise “Reread SIM card” and “end session” are selfexplanatory.
“SIMsafe duplicating” allows the equal duplication to
another SIM card in the same reader as well as to another SIM
card in an additional inserted reader. This can be selected
under “Terminal” on inserting an additional reader (if
necessary operating the update button).
Info
These instructions are found under “Info” -> „Manual“. This is
reached after a standard installation via the programme
selection ChipySuite -> „SIMcrypt“-> „Instructions“.
page 14 of 36
Operation
drag-and-drop
The special drag and drop function is unique to SIMcrypt©
enabling the transmission of a SIMcrypt© table entry into a
target field in nearly all cases. For testing, open “ChipySuite” > “SIMcrypt“ -> “Instructions “HTML-file „Text input (Test)“.
The upper input field displays entries in clear text.
The lower input field (a typical password window) shows
place holders instead of symbols. Create a few sample entries
in SIMcrypt© and pull these into the free field or the password
field.
page 15 of 36
You can use two combined entries at once in the usage
column. If you would like to dedicate a line to your GMX
account you can enter : My [email protected]@gmx.net.
The leading entry “My GMX [email protected]” is ignored when
transferring with drag and drop and only the useful symbol
chain "[email protected]" is transferred. Instead of the
description “My GMX account” you may enter a link to the
website „http://www.gmx.net/“. A double click in the Usage
column will directly open this website in your browser. This
will be similar with local applications. The entry
“C:/Windows/Notepad.exe“ in the Usage field will open your
Windows editor. This feature does not apply in the
“Password” column.
We call the drag and drop function a combined function since
it links the “normal” drag and drop with the inject process.
Some target fields reject the receipt of a drag and drop string
and show this through a type of parking prohibition sign.
Nevertheless still carry out the operation. SIMcrypt© will
recognize this rejection and try another transfer technology
(inject). You will see that SIMcrypt© succeeds in the majority
of cases. This combined procedure has the advantage of
functioning without clipboard and keyboard buffer thus
significantly preventing viruses and Trojans.
Of course there is an exception to every rule. Some input
rights or system configurations can disrupt SIMcrypt©. The
start of SIMcrypt© as administrator almost always helps here
with the right mouse key. If this is not possible the pros and
cons are weighed up. If drag and drop fails SIMcrypt© offers to
accept the table data in the clip board. If the offer is used five
seconds remain to place the cursor in the target field and be
able to trigger the insertion with STRG-V (also see “Special
Functions”). This function can also be used when you pull
over the password or the user name with the pressed Strg
key. This is occasionally required with special internet pages
(Java) of host guest systems (VMs, RDP).
page 16 of 36
Passwords
A double click in a table field starts the editor mode. Start the
line editor with F2 or Strg-M if it concerns an executable link
to a programme or website with the entry. The password
generator is available with a right click in the password field.
You can read the security quality on the colour bars under the
table. A clear processing of the table lines is possible in the
editor window which can be selected with the key
combination Strg-M. Additional instructions for operation are
found in the following application examples.
Automatic Switch off
The task of this function is clear. The ending of the timer
shows a growing hairline above the status lines.
page 17 of 36
Application strategies
SIMcrypt© should never be the sole safeguard of the PC and
data but always be the building block of an entire concept.
Carrying out a categorization of passwords and PIN and
subsequently drafting a personal structure. Example:
Data for which the SIM card is the right place
Internet (access from PC to website with name/password),
high risk (banking and money institutions (Paypal etc.)
Amazon, eBay, ...
shop administration, CMS ...
social networks, Twitter, Webmail ...
messengers, chat, Skype ...
content communities (YouTube) ...
blogs, forums, online portals ...
Intranet and/or LAN
access management for networks and files ...
accounting systems
CRM, ERP systems
online banking applications (StarMoney, ProfiCash etc.)
entries in virtual machines
encrypted containers (TrueCrypt)
decryption of synchronously encrypted files (for example
with AxCrypt)
storage of high sensitive data
PGP private key
PIN for signature cards or electronic identity cards
access to password databases (for example KeePass, see
below)
access to encrypted containers (for example TrueCrypt, see
below)
page 18 of 36
Data for on the way – consultation data (for example
secured in a KeePass database with a difficult password)
PIN numbers for credit cards (ATMs)
PIN numbers for smart card terminals (HBCI)
authorisation codes for mobile phones,,
car radio codes, …
also one time entries or rare entries
serial numbers for installations,
codes for DSL modems,
gift codes (iTunes, Amazon) ...
encryption od PC data partitions (for example with
TrueCrypt or SafeHouse, secured with a difficult
password)
separation of system- and data partition
encryption of data partitions
accessories for SIMcrypt©
generation of QR codes (text of secure passwords)
offline with Laser printer
reading with scan software for integrated cameras
SIMcrypt© MobileMode with notebook
password database (KeePass) with notebook
password database (KeePass) with tablet and / or
smart phone
(don’t forget to delete History and Clipboard !)
Never save access data in any browser!
page 19 of 36
Application Examples
Mark a line in the data table and press the key combination
Strg-M. You reach the editor window. Note: “Prefix” is an
additional text field to help you to better distinguish your data
entries.
Only use password
Leave the first two lines free and only enter:
Do not make an entry in the column "Application" but only
under password on confirmation with OK.
Password with Application Description
As before, but additional entry for a description which eases
the location of the password in the table view:
page 20 of 36
User name and password
You want to register with SIMcrypt© at your GMX email
account. You will need your email address and password for
this. Please enter:
When you are requested to enter your email address on the
website of the mailer, drag the entry from "application" into
the target field. Only the email address is transmitted.
Proceed analogously with the password entry.
Select Website, Username and Password
You want register with SIMcrypt© at your GMX webmail
account and also start the GMX webpage from SIMcrypt©:
A double click on "Application" starts the standard browser
and opens the specified web pages with the existing internet
connection. The rest is known: Include username and
password with drag and drop and complete.
page 21 of 36
Select Program and Password
The access data to your bank is stored in the password
protected PDF file bank.pdf in the directory D:\Temp. The file
should be selected and the password entered as easily as
possible:
You guessed it: double clicking the application entry opens
the PDF file until password display. Transmit password by
drag and drop and open file.
Open program and file, password as parameter
You have installed KeePass in the directory F:\KP. You can
also find your password protected data container with the
name Mobile.kdbx there. The password again reads 123456.
Please enter:
Please place password in quotation marks for KeesPass. The
following happens after double clicking the usage entry:
KeePass is started. Keepass searches the Mobile.kdbx file,
transmits the password from the protected password field
and opens the file. The transmission of the password is
permitted by the parameter <PASS>. It does the same with
TrueCrypt and numerous other programs. The documentation
for these programs gives information on how the syntax of
the commands must be laid out.
page 22 of 36
Run batch file with external parameters
Compile batch file on your PC in accordance with the
following sample an save it under the name e.g. TC.bat Please
ensure that you take over all rem entries including "Header.."
and "Par ..." since SIMcrypt© searches for these entries and
processes them. Place your own passwords in inverted
commas when aligning the scripts. The first parameter
(password) is later selected with %1 in the file, the second
with 2% etc.
The batch file proceeds from the following starting position:
You have an F drive: (e.g. a USB stick) and have installed the
TrueCrypt.exe program there in the TC directory. Apart from
that a TrueCrypt Container is stored directly in the main
directory of this drive with the name Secret.tc, which is
encrypted with the password 123456.
Click an empty line of the data table with the right mouse key
and select "include file content". Include the file TC.bat It can
only be displayed (Strg-M) after the command "show
password"(Strg-P) since the file contains confidential data.
The batch file is run after double clicking the data line and the
external parameters (rem par="...") are transmitted.
Remember to delete the output file on the PC since the
password is visible in plain text.
page 23 of 36
Portable Mode
You can also use SIMcrypt© en route without a connected chip
card reader. Select the option "store SIMsafe in file "under
"file" in a card session. You will now be requested to select a
password (code) for the file, provided you are only working
with PIN and without password. Please ensure the quality of
the password which is appropriate to the meaning of the data.
SIMcrypt© searches for a connected chip card reader on
starting the program. Interrupt this search for the portable
mode under “File" by selecting the "Offline Mode".
Subsequently you can input the previously produced copy
with "SIMsafe from a file". When selecting
you can proceed directly up to entry of the password. For
instance this is very helpful if you want to transfer the start of
SIMcrypt© in a batch file.
Select SIMcrypt© with the offline key for manual selection of
the SIMsafe in portable mode:
SIMcrypt© starts with the entry request for the password and
then opens the explorer for file selection.
page 24 of 36
Special Functions
The configuration file tm3G.adm
Some special functions are controlled via configuration file
(tm3G.adm) which is stored in the subdirectory “BIN” in the
program directory. You are solely responsible for changes to
SIMcrypt© Configuration.
This code is regenerated after each change of file and
restart of SIMcrypt©. Don't change it!
AutoSave can be switched off (0) or switched on (1|2).
With value = 2 the selection option for AutoSave is inserted
in the menu „Specials“.
AutoSave file is located in the specified directory provided
an AutoSave Key is available on the active SIM card,
Variables (environment) or constants are set for the path
specification. Likewise network paths are possible.
page 25 of 36
The selection option for the two minute timer is displayed
in the menu “Specials” with value <= 0. With the value > 0
the value in the tm3G,ini under [OPTIONS], MaxIdleTime=
is accepted as timer value in milliseconds.
The „Five Second Clipboard“ is offered after a failed drag
and drop operation with value = 1.
The menu option PIN activate/deactivate is displayed
under “Tools” with the value = 1.
page 26 of 36
AutoSave Key
The Blanko SIM cards delivered with SIMcrypt© already
contain an Auto Save Key (compare PIN letter). You can
change this 128 bit key yourself or generate it on another
mobile phone card with the 3G CardManager. The code is
saved – technically described – in the DF gsm, EF BCCH
(BroadcastControlChannels) area.
You start the “Experts Tool” in the “Specials” menu of the 3G
CardManager by holding down the key combination STRGSHIFT to generate or process the key.
Select the entry EF BCCH (6F74) on the last page under DF
gsm (7F20) and afterwards the registration card “Edit” on the
right side in Explorer.
The standard entry in this data field reads as “F” 32 times and
means that no key is assigned. Place the cursor before the first
character (“F”) and click in the window bar over the small cog
wheel icon (Random number generator).
page 27 of 36
A random code is generated which must still be changed if
necessary (not lengthened or shortened) and afterwards
stored on the SIM card:
The upper most line is saved and acknowledged with result:
9000 when successful („Normal ending of the command“.
Delete the current display (right next to the cog wheel icon)
for control and reread the storage position by clicking on the
explorer entry EF BCCH.
Make a note of the code and keep it safe. You will be asked for
this code if you have to generate a card double.
page 28 of 36
AutoSave File
SIMcrypt© is set as standard so that the AutoSave file is
deposited or updated in the directory
%ALLUSERSPROFILE%\SIMcrypt after each change in the
SIMsafe. You reach the directory when you open an explorer
window (windows key and “E”) and enter
%ALLUSERSPROFILE%\SIMcrypt in the address line.
The file name of autosave file consists of the ICCD (serial
number of the SIM card) and the ending “SIMcrypt”. No
safeguarding takes place if no AutoSave Key exists on the SIM
card since the contents of the file would be visible to
everyone.
You can generate a card double at any time from the valid
Autosave file. Select the entry “recreate Security data “via the
menu “Specials” with newly inserted (or old over written
cards) cards and the SIMcrypt file in the following Explorer.
The “retrieval code” now required is the AutoSave Key
described before. In certain circumstances the target card
must first be prepared under "File" with "format SIM card"
before use.
page 29 of 36
Error messages
If possible do not operate the SIMcrypt© on a USB hub.
Do not pull the card or the reader without first correctly
ending the SIMcrypt© session.
If Windows do not accept your smart card reader, please
update the driver (see appendix).
page 30 of 36
Technical data
Reader
SecuStick
SL-Reader
On-Board
Weight
16g
69g
7g
Measurement
s
Cable length
90 x 27 x 11 mm
62 x 44 x 15 mm
79 x 21 x 8 mm
-
2m
-
Colour
black
black
-
Delivery
Scope
 Chip card reader
type USB-Stick
(form factor
UMTS-Stick)
 SIM card without
network
allocation
 11 cm USB cable
for unloading to
notebook amongst
other things.
 SIMcrypt©Software
 3G CardManager
 Type SL chip card
reader
 SIM card without
network allocation
 Twin-Adapter for
microSIM/
miniUICC/ 3FF/
PlugIn
 SIMcrypt©Software
 3G CardManager
 Chip card reader
PCB type (without
housing for on
board direct
connection)
 SIM card without
network allocation
 USB2 adapter for
direct connection
to the mother
board. Allocates 2
USB2 ports.
 SIMcrypt©Software
 3G CardManager
Operating
systems
Windows from
Version 2000
Windows from
Version 2000
Windows from
Version 2000
page 31 of 36
Appendix
Incorrect recognition of the chip card reader
Update drivers
Terminate SIMcrypt©
STRG-R -> devmgmt.msc -> Enter
Right mouse button
page 32 of 36
Select
Select
page 33 of 36
"Search" -> Search Directory
page 34 of 36
page 35 of 36
Restart Computer
page 36 of 36
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement