advertisement
Model 3000MP Bluetooth Smart Card Reader
User Guide
for Windows 7
Version 3.8 30000MP
Date: March 9, 2015
Support
For support relating to bai Mobile ™
Bluetooth Smart Card Readers:
Biometric Associates, Inc
Main Office (410) 252-7210 [email protected]
Field support:
Michael Smith (407) 823-8130 (cell) [email protected]
Contents
Proper Care of your baiMobile® 3000MP Bluetooth Smart Card Reader .......................... 5
iii
Before you get started
This User’s Guide is designed for Windows 7 desktop computers, laptops and tablets. If you are using another operating system, the information herein may be different or may not apply. If you have questions, contact your network administrator or email [email protected]
.
Proper Care of your bai Mobile ® 3000MP Bluetooth Smart Card Reader
Your baiMobile
®
3000MP Bluetooth Smart Card Reader is an electronic product similar to a cell phone or MP3 player that may be damaged by excessive moisture, sand, dirt and impact. Taking proper care of your reader is essential for continued, trouble-free operation.
Welcome
The baiMobile
®
solution for Windows 7 devices includes:
1. baiMobile
®
3000MP Reader
2. baiMobile
®
3000MP Windows 7 driver
This baiMobile 3000MP solution permits you to perform all of the same functions on a
Windows 7 desktop, laptop or mobile device that are available on a desktop PC with a USB reader including:
digitally sign and decrypt emails and documents
log on to web sites and network servers that require smart card (CAC or PIV) authentication
other applications that require smart card authentication.
Hardware and Software Requirements
This section describes the minimum hardware and software requirements necessary to use your Reader with a Windows 7 device.
Hardware Requirements
The reader should operate with all Windows 7 devices that have native or external Bluetooth capability. There are no additional hardware requirements, unless a USB Bluetooth adapter is required.
Bluetooth Stack
Many Windows 7 desktops do not have native Bluetooth capability. Most Windows 7 laptops and tablet devices do have native Bluetooth capability, but some may not have support for
Bluetooth’s Serial Port Profile (SPP). Our reader is designed to pair with any device using
Bluetooth version 2.1 or higher, but will only connect to devices that can support
Bluetooth’s Serial Port Profile (SPP). It is important to verify that your desktop, laptop or tablet 1) have Bluetooth version 2.1 or higher and 2) includes support for Serial Port Profile.
5
If not, check with your computer manufacturer and download the latest Bluetooth driver.
The another option is to use an external USB Bluetooth adapter, such as the Asus USB-
BT211. You can verify your device’s Bluetooth version by checking Control Panel > Device
Manager > Bluetooth radios:
USB Bluetooth Adapter
The Asus USB-BT211 Bluetooth adapter has been tested and verified to support the baiMobile 3000MP Bluetooth Smart Card Reader on Windows 7 devices.
Supported Smart Cards
Each smart card type has its own command language, commonly referred as a PKCS#11 (or middleware). If you want to access a particular smart card, the PKCS#11 middleware for that card type must be installed on your Windows 7 device.
6
Reader Specifications
baiMobile™ Bluetooth Smart Card Reader Specifications
Specifications Description baiMobile 3000MP Bluetooth Smart Card Reader
Hardware Specifications
Dimensions 62 mm (2.44 in) wide x 110 mm (4.33 in) high x 20 mm (4.79 in) thick
Weight 70g (2.46 oz)
Status Indicator
Battery
Power On / Off
Charging Port
Communications Protocol
RF Transmission range
Supported Bluetooth versions
Data Throughput
Bluetooth & AES
Authentication Method
LCD panel provides connection indication, signal strength, battery capacity, device name, version info, aided pairing. Configurable LED indicators (use/don’t use) for connection indication, user attention and LCD backlighting
Removable PolyFlex cell; rated capacity 580 mAh, normal voltage 3.7v; in low power mode - 3.5mA, (~7 days batt life) On but BT connection; 14mA, (~2 days batt life) power on with BT connection.
Power on activated by card insertion and/or front OK button. Power off activated by card removal or application/device security policy.
Mini-B USB (Charger included with Reader)
Wireless Communications
2.4 GHz frequency ISM band. IEEE 802.15.1 (Bluetooth) with full security enabled
10 meters
Devices with Bluetooth ver 2.1
750 kb/s to 1 Mb/s
baiMobile Middleware Libraries / Security
Mode 4: service level security; FIPS 140-2 approved AES-256 encryption overlay
S/MIME, SSL and PKI
Mobile Device Security
Supported Operating Systems
Custom Reader firmware; FIPS 140-2 certified version of the OpenSSL library on reader and device (NIST certification number 1051);
Mobile Operating Systems
iPhone/iPad iOS version 4.0 and higher, Android version 2.3 and higher; BlackBerry 7;
BlackBerry 10, Windows 7 and Windows 8.1
7
Accessories
Included with your Reader is a charging cable, comprised of a plug and a mini-USB cable.
Reader Basics
Reader Features
Please familiarize yourself with the features of the baiMobile
3000MP Reader.
8
Blue LED indicator The blue LED indicator is located on the front portion of the reader, facing the Smart Card. It will flash when the reader’s Bluetooth radio is on and is transmitting or receiving data.
OK Button with White LED indicator The OK button is located on the front portion of the reader. Certain functions, such as pairing and reconnecting to the
Windows 7 device, require an acknowledgment by the user. A white LED indicator will flash whenever an action or acknowledgment must be performed by the user.
Removable Battery/Battery Cover The reader battery is the only component that will need to be replaced periodically, depending on usage. The battery is rated for
600 charge-discharge cycles, or about two years of normal use. Should the battery need replacing, remove the battery cover and replace the old battery with a new
(baiMobile approved) battery. Note: This reader uses a battery custom built for the reader. Inserting a battery other than a baiMobile approved battery will cause serious damage to the reader and will void its warranty.
LED Display The LED display is located on the rear of the reader and will display various messages and reader status icons when the reader is powered on.
MiniUSB Charging Port The reader’s battery is charged using a charging cable and power supply. The power cable is inserted into the miniUSB port located at the bottom of the reader. Note that the miniUSB port is for charging only and will not
support the transfer of data.
Power consumption
The baiMobile 3000MP smart card reader includes a low-power mode. The operation of the low power modes is complex and based on idle timeouts.
Reader firmware version 2.2.0 and higher o Full power consumption (50-60mA)
During pairing
During each reader or card command execution duration
Each lasts a few seconds, max o Idle Power Mode (25mA)
Lasts 8 seconds after the last command execution is completed o Low Power Mode – connected (3.5mA)
Starts 8 seconds after the last command execution is completed o Low Power Mode – not connected (3.5mA)
Starts immediately after booting is complete (and LCD back light is off)
Starts immediately following a disconnection from Bluetooth. o For any duration that the LCD back light is on, add another 30mA, but the back light only stays on for short durations (6 seconds, or during pairing, or while holding down the button to see version number, etc.)
To calculate the length of time the reader could continue in any one of these modes, use this equation:
Time in hours = 600 / (mA consumption)
For instance, while connected but in Low Power Mode (3.5mA)
600 / 3.5 = 171 hours (or over 7 days)
9
Powering on the Reader
The baiMobile 3000MP Reader does not have an On/Off switch or button. Your reader is powered on by inserting your smart card into your reader. If your smart card is already inserted in your reader, slide it out and then reinsert the card. You will notice the reader’s
Home Screen displayed on the LED panel on the back of the reader.
Power On Screen 1 – displayed for about 1.7 seconds when reader is first powered on
Power On Screen 2 – displayed for about 1.7 seconds
10
Power On Screen 3 – Reader will accept a Bluetooth connection request from an application on your Windows 7 device without requiring the user to press the OK button for
5 minutes
Power On Screen 4 –Reader is now powered on and is “listening” for a Bluetooth connection request from an application on your Windows 7 device. User must first press the
OK button to accept a connection request. The reader will stay in this state for approximately 7 days until the battery is exhausted (firmware version 2.02.00 and higher) or until the Smart Card is removed from the Reader, whichever occurs first. If the reader receives a connection request from the Windows 7 device, you may be prompted to authorize the request by pressing and releasing the 0K button on the front of the reader.
Accepting a Bluetooth connection
NSA security requirements state that the user must accept (acknowledge) all Bluetooth connection requests from his or her desktop, laptop or mobile device.
Examples:
When a client application on the Windows 7 device needs to establish a Bluetooth connection to the reader to access information (certificates) residing on the Smart
Card
When a client application on the mobile device requires that the user acknowledge an action (digital signing) involving the Smart Card
In such cases, the reader will display a message prompt such as “Auth?” and the white LED beneath the OK button will flash repeatedly until the OK button is pressed.
11
Powering off the Reader
Your reader will automatically power off if any of the following occur:
Your smart card is removed from your reader
The reader’s battery runs out
The reader times out (a configurable setting)
When the reader is powered off, nothing will be displayed in the LED panel.
Charging the Reader
Your charging cable separates into a plug end and a mini-USB cable. You may charge your reader using the charging cable plugged into an electrical wall outlet or use just the mini-
USB portion of the charging cable to connect between your reader and a USB port on a computer.
It is recommended that the reader be charged whenever the battery status icon on the reader indicates that the reader battery level is less than 20%. The reader should be charged from an AC power source using the supplied charger and cable. A red LED on the bottom of the reader will illuminate indicating that the reader is charging. Once the red LED is no longer illuminated, the battery is fully charged and the charging source should then be removed from the reader.
During charging, a red LED on the bottom of your reader will indicate that the battery is being charged. When the red LED turns off, your reader battery is fully charged.
12
NOTE: Most smartphone charging cables with a mini-USB-a connector will also charge your reader.
Upgrading the Reader Firmware
The baiMobile 3000MP Bluetooth Smart Card reader contains upgradeable firmware. The feature extends the functionality of your Reader in the following areas:
Security Policies: Changes in security policies may require a firmware update.
OS Releases: New versions of the Windows 7 device/ operating system may require a firmware update.
Smart Card Types: Support for new smart card types may require a firmware update.
Power Modes: Improvements in the reader’s power consumption may require a firmware update.
Device Support: New devices may require a firmware update.
Bluetooth Stack Support: Support for additional Bluetooth stacks may require a firmware update.
Additional OS Support: Support for additional operating systems (such as Windows
7) may require a firmware update.
Application Support: Certain applications may require a firmware update.
BAL will have a firmware upgrade app available on our web site, in the iTunes® App Store, the Google Play store and the Microsoft Store some time in Q4 2013.
LED Panel Icons
Home Screen
The Home Screen is displayed on the reader’s LED panel when the reader is first powered on. The display indicates the following:
Reader’s Bluetooth transmission status: (On / Transmitting)
Reader’s Authentication Timeout status
Reader’s battery power status: (see Battery Status Icons)
13
Data Transfer Screen
The Data Transfer Screen is displayed on the reader’s LED panel when there is data being transferred between the Windows 7 device and the reader over a secure Bluetooth connection.
Battery Status Icons
The reader’s Battery Status Icon will display the remaining charge remaining in the reader’s battery, as shown below:
When the battery reaches 5% charge, the Low Battery warning will be displayed. You should charge your reader when the battery reaches about 20% - 40%, depending on your anticipated activities what will require connectivity to your reader, such as accessing email or another application that requires smart card authentication.
14
Inserting a Smart Card
As noted above, the reader does not have a power on or off button. Inserting a smart card into your reader will power on the reader. Removing the smart card will power off the reader.
NOTE: When used in the Bluetooth mode, the reader’s radio functions are only enabled when your smart card is firmly inserted into the reader as shown below.
Battery
Your reader contains a removable, rechargeable battery. This battery is a custom battery, built specifically for the baiMobile 3000MPReader. In the event that your reader’s battery no longer holds a charge, please contact [email protected]
for a replacement battery.
Reader Error Massages
"NO CARD!"
This is displayed when the reader is powered-on without any card inserted. This can happen if the user uses the 'OK' button to cause power-on without a card inserted or if they plug-in
15
the charger to the reader without the card inserted. This indication is displayed for a few seconds before the reader will turn itself off.
"BAD CARD"
It is displayed while the reader is powering-on with a card inserted but the reader was unable to get the card to return an ATR (Answer To Reset) after causing card Reset. This indication is displayed for a few seconds before the reader will turn itself off.
"LOW BATT"
It is displayed during power-on if the battery is detected as having very little power remaining. Once the reader is finished powering-on (booting), this indication is replaced with normal LCD indicators. This indication can only be displayed as a result of the booting self checks. We don't quantify this threshold value in any way since it may be adjusted in the future.
Pairing your Reader to a Windows 7 Device
Pairing Basics
Before you can use your baiMobile 3000MP Reader, it must be securely paired with your
Windows 7 desktop, laptop or mobile device. The Bluetooth pairing process involves exchanging a randomly generated number used by both your Windows 7 device and your reader for secure Bluetooth communications. This and other security measures insure that
Bluetooth communications between your reader and your phone cannot be intercepted by a third party.
The baiMobile 3000MP Reader utilizes the Secure Simple Pairing Numerical Comparison model, which is standard in most devices that have Bluetooth version 2.1 and higher.
During pairing, a six digit number will be displayed on your Windows 7 device screen and on the reader’s LED display. You must compare both numbers and confirm that they match.
Before You Begin
Verify that your Win 7 device has Bluetooth version 2.1 or higher and that the Bluetooth radio is On.
Verify that your Win 7 device supports Bluetooth Serial Port Profile (SPP). You may need to check with the device manufacturer (or download the latest Bluetooth driver).
The reader may only be paired with one
Windows 7 device at any one time. Current reader firmware will not support multiple or simultaneous pairings.
Be sure that you have fully charged the Windows 7 device and reader before starting pairing
Have both your smart card (CAC/PIV) handy.
16
Your Windows 7 device
1. On your Win 7 device, go to the Control Panel,
Devices and Printers. Select Add a device. Both your reader and Windows 7 device should be in close proximity to each other. Pairing should be done in a secure environment and not in a public area.
Your Reader
2. Insert your Smart Card into the reader as shown.
17
Your Windows 7 device Your Reader
3. The reader’s LED panel displays
Booting for about 1.7 seconds, then displays AuthTime for about 1.7 seconds.
4. Next, reader’s LED panel displays the reader Home Screen.
5. On your reader, press and hold the
OK Button as shown (below). The LED display now shows the reader firmware version for about five (5) seconds, then displays Lift Btn. Now release the OK
Button.
18
Your Windows 7 device Your Reader
6. The reader’s LED panel will now display New Pair? for about six (6) seconds.
7. Now press and release the OK Button while the NewPair? prompt is displayed on the LED panel.
8. The reader is now discoverable by the
Windows 7 device and will remain in this state for about ninety (90) seconds. The
LED panel now displays the last four numbers of the reader’s unique Bluetooth address.
19
Your Windows 7 device
9.
Your Windows 7 device will now display a list of compatible Bluetooth devices that it has discovered. Select the reader’s Bluetooth
“friendly” name bai2ndGen.
Your Reader
20
10. Next, the Windows 7 device will display the randomly generated pairing code. Look at the code now displayed on the reader’s LED display.
Your Windows 7 device
11. Compare the pairing codes displayed on the
Windows 7 devices with the first number displayed on the Reader’s LED.
Your Reader
12. Compare the first number (in this example
“6”) with the number displayed on the reader’s
LED panel. If they match, press the OK button on the front of the reader.
13. Repeat these steps until you have accepted all six numbers on the Reader.
21
Your Windows 7 device
14. Now, press Next on the Windows 7 device
Your Reader
15. You will now see the confirmation messages below on your Windows 7 device and your reader.
22
Making a Bluetooth Connection
1. After you have successfully paired your Reader to your Windows 7 device, you must now establish a Bluetooth connection between the two. First, confirm that bai icon is displayed in the lower right hand corner of the display. (see below).
2. If you do not see the bai icon, then the baiMobile Reader Driver is not running. Go to File
> Computer > Local Disk > Program Files > Biometric Associates > baiMobile3000MP.
Select both baiMobile3000MPMonitorApp and baiMobile3000MPMonitorService.
3. The bai icon should now be displayed. Make sure that a smart card is inserted in the reader and that the reader is powered on. Then right click on the bai icon and select Connect to Reader.
23
4.
You should see the following Connection message. You may be prompted to press the OK button on the front of the reader to accept the connection request. If the the connection fails, repeat the process a couple of times
.
5.
If you the connection continues to fail, then open Task Manager and select
Services. Look for the baiMobile3000MPMonitor. If the service is stopped (as shown), select the Services box in the lower right hand corner.
6.
If you the connection attempt continues to fail, then open Task Manager and select Services. Look for the baiMobile3000MPMonitor. If the service is stopped (as shown), select the Services box in the lower right hand corner.
Right click on baiMobile3000MPMonitor, and select Start and Automatic (see below).
24
7. Now try connecting to the reader again. You should be successful this time. Note: if the connection attempt is still unsuccessful, the most likely cause is that your Windows 7 desktop, laptop or tablet does not support Serial Port Profile. If possible, download and install the most current Bluetooth drivers from the manufacturer’s web site.
8. To verify the connection status, go to Device Manager. You should see both the baiMobile 3000MP reader listed under Smart card readers and whatever smart card is inserted under Smart cards.
25
Accessing a Secure Web Site
To authenticate to a web site or server that requires smart card authentication, make sure that there is a Bluetooth connection established between the Reader and your Windows 7 device. The transmission icon on the Reader’s LCD panel should looks as shown below:
26
1. Next, type in the url of the secure site that you are attempting to connect to.
2. The Identity or Authentication certificate displayed on your smart card will be displayed.
Make sure that the correct certificate is highlighted, then select OK.
3. You will next be prompted to enter your smart card PIN.
27
4. Assuming that your smart card credentials are properly verified, you should now be connected to your site.
Troubleshooting - Pairing
First, make sure that both your Windows 7 device (if tablet) and reader are fully charged.
Both the Windows 7 device and the reader have defined periods of discoverability. These
“windows” of discoverability are as follows:
Reader: Time the reader stays discoverable (waiting for pairing to start): 1 minute and 30 seconds.
Reader: Once the reader is selected from the list on the phone, the 6 digits are displayed on the phone and the 1 st
digit is displayed on the reader. the user must confirm each digit within 10 seconds (by pressing the OK button).
Windows 7 device: about 30 seconds
If either of the discovery windows time out before the devices discover each other, pairing will fail and the process must be restarted.
Other tips:
1. Windows 7 device does not discover the baiMobile 3000MP reader.
- Verify that you are following the pairing instructions completely.
- Verify that your Win 7 device has a native Bluetooth radio and that it is turned on.
- Verify that the native Bluetooth is version 2.1 or above.
28
- Download the latest Bluetooth driver from the Win 7 manufacturer’s web site.
- If all of the above fails, use a USB Bluetooth adapter such as the Asus USB-BT211.
Troubleshooting – Establishing a Bluetooth Connection
Assuming that your reader is paired and that you have followed steps 5, 6 and 7 in the
Making a Bluetooth Connection section above, trouble connecting can be related to the following:
2. The baiMobile icon is not displayed in the icon tray. a. Verify that the latest baiMobile reader driver is installed (check https://www.biometricassociates.com/support/ . b. Verify that the baiMobile 3000MP Monitor Service is running. c. Open the icon tray, select Customize and change the baiMobile 3000MPConnection
Monitor behavior to “Show icon and Notifications”. d. Restart your Win 7 device.
3. The baiMobile icon will not connect to the reader. a. Verify that the reader is On (there is a smart card inserted in the reader. b. Verify that the baiMobile 3000MP Monitor Service is running. c. Verify that the native Bluetooth radio (or USB BT adapter) supports Serial Port Profile
(SPP). d. Restart your Win 7 device.
Troubleshooting - Other
On rare occasions, the reader will remain on even when the smart card is removed. The reader’s LED screen will display as shown below. To reset the reader, remove the battery and then reinsert the battery. If the condition is not remedied, please contact BALP Support at [email protected]
29
FAQ
Can I use my Windows 7 device’s internal Bluetooth radio for connections to other devices, such as a headset or a keyboard?
Check with your network administrator or security officer. The US Department of Defense policy, for example, recommends that the native Bluetooth radio be turned off when not in use with an approved Bluetooth device. Currently, only the BLUEARMOR 100 Secure
Bluetooth Headset and the baiMobile 3000MP Bluetooth Smart Card reader are approved for
Windows 7. Also note that the baiMobile Bluetooth Security Monitor for Windows, if installed, will prevent pairing with unapproved Bluetooth devices.
Index
B
Bluetooth® pairing, 16
P
Pairing
Reader, 16
R
Reader accessories, 8 battery, 15 charging battery, 12, 13 software requirements, 5 specifications, 7
30
baiMobile™ Bluetooth Smart Card Reader
Second Edition
Copyright © 2007, 2008 Biometric Associates L.P. All rights reserved.
The software described in this document is furnished under a license agreement and may be used only in accordance with the terms of the agreement.
This document may not, in whole or in part, be copied, photocopied, reproduced, translated, or reduced into an electronic medium or machine-readable form without the prior written consent from
Biometric Associates, LP All examples with names, company names, or companies that appear in this manual are imaginary and do not refer to, or portray, in name or substance, any actual names, companies, entities, or institutions. Any resemblances to any real person, company, entity, or institution are purely coincidental.
Every effort has been made to ensure the accuracy of this manual. However, Biometric Associates, LP makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Biometric Associates, LP shall not be liable for any errors or for incidental or consequential damages with the furnishing, performance, or use of this manual or the examples herein. The information in this document is subject to change without notice.
Windows Mobile® and Microsoft Exchange ActiveSync® are registered trademarks of Microsoft®.
Other brand and product names mentioned in this manual may be trademarks or registered trademarks of their respective manufacturers. The information contained herein is subject to change without notice. Revisions may be issued to advise of such changes and/or additions.
Trademarks
BAL and baiMobile are registered trademarks of Biometric Associates, L.P.
Biometric Associates, LP
Washington Area Office
9475 Deereco Road, Suite 304
Timonium, MD 21093
Maine Office
21 Main Street – Suite 102
Bangor, ME 04401
The BAL Technical Support team understands the importance of prompt responses to customers. That is why Biometric Associates, LP is committed to delivering top quality, high-level support to all of its customers in a timely and effective manner. Current BAL Technical Support is available at: [email protected]
.
31
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project