You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Current »

Offline unlocking is performed by system operator according to the principle of challenge-response authentication mechanism.

When the number of PIN code input attempts is exceeded, the user receives a message that his/her card is locked. Along with that, the user receives a unique 16-character request code. The user has to communicate with the system administrator (by phone, for instance), authenticate his/her identity by answering the security questions and tell the received request code.

The need to answer to security questions during offline unlocking is defined by Validate answers to security questions option of Workflow section of smart card usage policy.

The figure shows an example of smart card offline unlocking window in Windows 10 interface.

The system administrator opens the user card and selects Unlock item from the list of actions. Before generating the response code for card unlocking, the administrator has to ask security question (or several questions, depending on the policy settings) and enter the user response to the form.

Offline unlocking and Requirement for answers to security questions can be disabled in the smart card usage policy. In this case the Unlock button is inactive in the user card.

If the answers to all the questions are correct, the operator enters the code obtained from the user and the system generates the response code, which the operator tells to the user.

The user enters the code and defines the new PIN code for the smart card. If unlocking was successful, the corresponding message is displayed.


  • No labels