Security functions
SmartCard as system protection (SystemLock)
With SystemLock, the notebook can only be started with an initialised SmartCard (SICRYPT or CardOS) and personal identification number (PIN). SmartCard and PIN are already checked during system booting in the BIOS Setup, i.e. before the operating system is booted. To use SystemLock, the following conditions must be met:
●You must configure a SmartCard reader (see "Configuring and using SmartCard reader") section.
●You must install SystemLock on your notebook.
●You must initialise two SmartCards (one Supervisor SmartCard and one User SmartCard).
i | All new SmartCards have a preset PIN (Personal Identification Number) and a preset PUK |
(Personal Unblocking Key). |
On SICRYPT and CardOS SmartCards PIN and PUK are preset to 12345678. For reasons of security, we recommend that you change both PIN and PUK.
Access rights of the SmartCards
New SmartCards have only a preset PIN and a preset PUK. The initialisation is carried out after entering the PUK. Access rights and an individual PIN are not assigned until the SmartCard is initialised. Depending on which access rights the SmartCard is assigned, this is referred to as a User SmartCard or a Supervisor SmartCard.
The following table shows an overview of the rights associated with each SmartCard type when a PIN or PUK is entered:
| Rights |
|
| User SmartCard |
|
| Supervisor SmartCard |
| ||||||
|
|
| PIN |
|
| PUK |
|
| PIN |
|
| PUK |
| |
|
|
|
|
|
|
|
|
|
|
| ||||
| System |
| X |
|
|
|
|
| X |
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
| Calling BIOS Setup |
| X |
|
|
|
|
| X |
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
| ||||
| Changing own PIN | X |
|
|
|
| X |
| X |
| ||||
|
|
|
|
|
|
|
|
|
|
|
|
| ||
| Unblocking all blocked SmartCards |
|
|
|
|
|
|
|
|
| X |
| ||
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
| Creating user SmartCard |
|
|
|
|
|
|
|
|
|
| X |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
| Deactivating SystemLock |
|
|
|
|
|
|
|
|
|
| X |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
63 |