RSA Security 6.1 Manual de usuario descargar pdf (Pagina 44)

RSA SecurID Software Token 4.1 Administrator’s Guide

44 3: Provisioning Software Tokens

Tokens That Do Not Require a PIN

With tokens that do not require a PIN, the VPN client prompts for a user name and

passcode. (Some VPN clients prompt for a user name, PIN, and tokencode.) Instead of

a PIN, the user enters four zeros (0000). To complete the authentication, the user

enters the current tokencode displayed in the SecurID desktop application

The following figure shows the user authentication experience.

Token Storage Devices and Device Binding

Software tokens support device binding. Before the software token is issued by

RSA Authentication Manager, an additional extension attribute

(<DeviceSerialNumber/>) can be added to the software token record to bind the

software token to a specific device. Binding a token provides the means for verifying

that a token is imported to and stored on the intended storage device. If the user

attempts to import the token to a different device, or if an unauthorized user gains

access to the token in transit, the token import fails.

With the SecurID desktop application, you can bind a token to a device type, a device

serial number, or a Windows user security identifier (user SID), as described in the

following sections.

Device Type

If you want to require users to import tokens only to a specific type of supported

storage device, you can bind their tokens to a device type. The device type can be the

local hard drive, a Trusted Platform Module (TPM), a biometric device, or another

supported storage device plug-in.

1 2 ... 39 40 41 42 43 44 45 46 47 48 49 ... 100 101

Sin comentarios

RSA Security 6.1 Manual de usuario Pagina 44