Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
Offline unlocking is performed by system operator according to the principle of challenge-response authentication mechanism.
When the number of PIN
...
input attempts is exceeded, the user receives a message that his/her card is locked. Along with that, the user receives a unique 16-character request code. The user has to communicate with the system administrator (by phone, for instance), authenticate his/her identity by answering the security questions and tell the received request code.
...
The
...
figure shows an example of smart card offline unlocking window in Windows 10 interface.
...
Image Added
The system administrator opens the user card and selects Unlock item from the list of actions. Before generating the response code for card unlocking, the administrator has to ask security question (or several questions, depending on the policy settings) and enter the user response to the form.
Image Removed
Warning |
---|
...
can be disabled in |
...
the Workflow section of smart card usage policy. In this case the Unlock button is inactive in the user card. |
Note |
---|
The need to answer to security questions during offline unlocking is defined by Validate answers to security questions option of Workflow section of smart card usage policy. |
Image Added
If the answers to all the questions are correct, the operator enters the code obtained from the user and the system generates the response code, which the operator tells to the user.
...
Image Added
The user enters the code and defines the new PIN
...
for the smart card. If unlocking was successful, the corresponding message is displayed.