SPHINX LOGON MANAGER
Sphinx Logon Manager
User's Manual
Update: 05.30.07
Information is this document is subject to change without notice.
Product and company names mentioned herein may be the trademarks of their respective owners.
Direct questions and comments regarding the Sphinx Logon Manager and this document to .
CONTENTS
1 OVERVIEW 7
2 GETTING STARTED 9
2.1 Installing Sphinx 9
2.2 Opening the Sphinx Program 11
2.3 Sphinx Self-enrollment 14
2.3.1 Enterprise installations 14
2.3.2 Standalone installations 15
2.3.3 Installations with fingerprint readers 15
2.4 Changing Default Card PIN 16
2.5 Screen Basics 18
2.5.1 Using the Menu Bar 18
2.5.2 Data Categories 18
2.5.3 Changing Sphinx Screen Placement 18
2.6 Card Enabled Windows / Network Logon 19
2.6.1 Setting up Card Enabled Windows / Network Logon 19
2.6.2 Logging onto Windows / Network with Card 23
2.7 Saving Sphinx Data 24
2.8 PKI Usage Notes 25
2.9 Minimizing / Accessing Sphinx in System Tray 26
2.9.1 Minimizing to System Tray 26
2.9.2 Accessing from System Tray 26
2.10 Exiting the Program 27
3 Logon Entries Screen 28
3.1 Enter Logon Information 30
3.1.1 Enter Logon Information with Auto-Recorder 30
3.1.2 Enter Logon Information with Record Option 31
3.1.3 Enter Logon Information Manually 32
3.2 Logon to a Website or Application 41
3.2.1 Logon with Auto-Fill 41
3.2.2 Logon with User-initiated Fill with Button Click 42
3.2.3 Pop-up Option Notes 43
3.3 Change Logon Information 45
3.4 Delete Logon Information 45
4 Address Entries Screen 46
4.1 Enter Address Information 47
4.2 Transfer Address Information into a Website / Application 49
4.3 Change Address Information 49
4.4 Delete Address Information 50
5 Payment Screen 51
5.1 Enter Payment Information 52
5.2 Transfer Payment Information into a Website / Application 54
5.3 Change Payment Information 54
5.4 Delete Payment Information 55
6 File Menu 56
6.1 Save Data 57
6.2 Save to Laptop (contactless card only) 58
6.2.1 Logon to Laptop Mode 58
6.2.2 Loading Laptop Mode Data Back to Secure Server 59
6.3 Minimize to System Tray 59
6.4 Lock with Screen Saver 60
6.5 Exit 60
7 Settings Menu 61
7.1 Logon to Windows 62
7.1.1 Logon to Windows with Card at Startup 66
7.1.2 Unlock Screen Saver with Card 66
7.1.3 Unlock Workstation with Card 67
7.1.4 Lock Workstation with Pull Card Action 67
7.1.5 Logoff Workstation with Pull Card Action 68
7.1.6 Shutdown Workstation with Pull Card Action 68
7.1.7 Start Custom Action with Pull Card Action 68
7.1.8 PKI Notes for Windows Logon 69
7.1.9 Recovering from Sphinx Logon to Windows Boot Failure 69
7.2 General Settings 71
7.2.1 Startup Control 71
7.2.2 Fill Control 71
7.2.3 PIN Control 72
8 Utilities Menu 74
8.1 Record 75
8.2 Edit 'Do Not Record' List 75
8.3 Change PIN 75
8.4 Change PUK 77
8.5 Backup/Restore 78
8.5.1 Manual Backup 79
8.5.2 Auto-Backup 80
8.5.3 Restore Data 81
8.6 Print Backup 82
8.7 Clean Card 82
8.8 Online Update 83
8.9 Online Admin 83
8.10 Mozilla Firefox 83
8.11 Netscape 83
9 Help Menu 84
9.1 Help for Current Screen 84
9.2 Support 85
9.3 Session Info 85
9.4 About 85
TABLE OF FIGURES
Figure 1 Open program from Start menu. 11
Figure 2 Enter PIN: getting started. 12
Figure 3 Self-enroll window. 14
Figure 4 Change PIN: change default PIN. 16
Figure 5 Logon entries screen: using the menu bar. 18
Figure 6 Logon entries screen: Settings selection. 20
Figure 7 Settings: Logon to Windows. 20
Figure 8 Enter Logon to Windows information. 21
Figure 9 Logon to Windows: entry complete. 22
Figure 10 Logon to Windows: getting started. 23
Figure 11 Logon entries screen: saving Sphinx data. 24
Figure 12 Open program from system tray with double-click. 26
Figure 13 Logon entries screen. 28
Figure 14 Logon Information window: manually enter new logon information. 32
Figure 15 Logon window: logon with Fill Form button click. 42
Figure 16 Logon window: logon with Logon Now button click. 43
Figure 17 Logon Information window: change logon information. 45
Figure 18 Address entries screen. 46
Figure 19 Address: Drag and Drop window. 47
Figure 20 Address: Drag and Drop window: change labels. 48
Figure 21 Address: Drag and Drop window: transfer information. 49
Figure 22 Payment entries screen. 51
Figure 23 Payment: Drag and Drop window. 52
Figure 24 Payment: Drag and Drop window: change labels. 53
Figure 25 Payment: Drag and Drop window: transfer information. 54
Figure 26 File selections. 56
Figure 27 Sphinx Settings. 61
Figure 28 Settings: Logon to Windows. 63
Figure 29 Enter Logon to Windows Information. 63
Figure 30 Logon to Windows: new entry. 64
Figure 31 Logon to Windows: card enabled logon. 66
Figure 32 Settings: General. 71
Figure 33 Sphinx Utilities. 74
Figure 34 Change PIN. 75
Figure 35 Backup / Restore User Data. 78
Figure 36 Backup / Restore User Data: Manual Backup. 80
Figure 37 Backup / Restore User Data: Auto-Backup. 80
Figure 38 Backup / Restore User Data window: Restore tab. 81
Figure 39 Backup / Restore User Data window: Restore tab. 82
Figure 40 Help: Sample Help screen. 84
Figure 41 Help: Sphinx Help icon for windows. 84
Open Domain Sphinx Solutions, Inc. 2007. All Rights Reserved. 2
USER'S MANUALSPHINX LOGON MANAGER /
OVERVIEW
1 OVERVIEW
The Sphinx Logon Manager software stores user names and passwords and facilitates logon to Windows, networks, websites, and applications.
Sphinx can be used with the following types of ID tokens:
token type / description / Sphinx data storageContact chip card, or USB token / Visible chip on card comes in contact with reader, or USB token with built-in chip plugs directly into USB slot. / Sphinx stores cardholder data in encrypted form on the chip, providing a high level of security and portability.
Contactless card
or token
(less than 4 kByte data storage)
/ Hidden chip is detected via radio frequency / proximity. / Sphinx stores cardholder data on a local computer or a secure server. Data is always transferred in encrypted form, and communication with the server is additionally protected via SSL.
Contactless card
or token
(4+ kByte data storage)
/ Hidden chip is detected via radio frequency / proximity. / Sphinx stores cardholder data in encrypted form on the chip, providing a high level of security and portability.
Logon data which is stored in the Sphinx program can only be accessed when cardholder inserts contact card into contact card reader (or passes contactless card over reader) and enters Sphinx card PIN. When Sphinx is used with a fingerprint reader containing a SIM sized contact chip card, the fingerprint authentication replaces, or is used in addition to, PIN entry.
Note: For the purposes of this manual, all ID tokens will be referred to as "cards" and Sphinx users will be referred to as "cardholders".
* * *
Cardholders use the Sphinx program to assist with logon processes:
To logon to Windows or networks
§ Cardholder enters Windows/network user name, password, and domain name into Sphinx Logon Manager program.
§ The next time the cardholder reboots and logs on to Windows/network, cardholder inserts contact card into contact card reader (or passes contactless card over reader) and enters card PIN. Sphinx transparently transfers user name, password, and domain to logon process and user is logged on.
To logon to websites or applications
§ Cardholder uses Sphinx to "record" logon information for a website or application, and stores the information in the Sphinx program.
§ The next time the cardholder goes to the logon location, Sphinx automatically fills in the logon information and completes logon. Or, cardholder can change the Sphinx logon settings, to assert more control over the logon process.
Installations with the Sphinx Enterprise PKI version can additionally perform certificate-based logon to Windows, email encryption, and digital signature for document signing.
Sphinx also stores personal information, such as addresses, email, and credit card information. This information can be easily "dragged" from the Sphinx program and "dropped" into a website / application entry field.
Open Domain Sphinx Solutions, Inc. 2007. All Rights Reserved. 2
USER'S MANUALSPHINX LOGON MANAGER /
GETTING STARTED
2 GETTING STARTED
This section provides basic information to get cardholders started with the Sphinx Logon Manager, including installing and opening the Sphinx program, accomplishing initial Sphinx settings, saving Sphinx data, and exiting the program.
Refer to the individual sections for detailed information on individual Sphinx Logon Manager program functions.
2.1 Installing Sphinx
Install the Sphinx Logon Manager software, using the following instructions:
1. Verify Browser
Internet Explorer 5.5+ (or Netscape 7.0+) is required for Sphinx operation. You can download Internet Explorer 5.5 at www.microsoft.com.
2. Verify Card Reader
A PC/SC compatible card reader is required for Sphinx operation. Attach your card reader to an available USB plug on your computer, and install the card reader driver from the Sphinx CD, or as directed by the manufacturer. Or, contact your Sphinx program administrator to verify installation.
3. Install Sphinx
Install the Sphinx Logon Manager software from the installation options menu on the Sphinx CD.
Or, go online to www.odsphinx.com/sphinx/support to download the Sphinx Logon Manager software:
At logon area enter User ID: "sphinxuser" and Password: "support".
(If your installation is using a customized version of Sphinx, contact your Sphinx program administrator for download information.)
Click on Download option to download Sphinx to your computer. SphinxLogonManager_Setup.exe will be saved under C:\tmp, unless you specify another location.
If you are using the Sphinx Enterprise PKI version:
You must install the Sphinx PKI Middleware from the Sphinx Logon Manager CD at end-user computers first, before installing the Sphinx Logon Manager software at end-user computers.
Double-click on SphinxLogonManager_Setup.exe, to begin installation. The install wizard will guide you through the installation process.
4. Configure Card Reader
After the card reader driver and the Sphinx software have been successfully installed, choose your card and card reader from the list of available readers:
Select Sphinx Logon Manager from “Start” menu at bottom left of screen (“Programs” option). Click on “Sphinx Card and Reader Configuration” and select card and reader type.
Note that if at any time you change your card reader type, you must change your selection in the Sphinx Card and Reader Configuration window. Ensure that Sphinx is not currently running when changing this configuration.
If you are not sure which card and reader to select, please contact your Sphinx program administrator.
5. Configure Security Settings (2003 server only)
Windows 2003 Server SP1 comes pre-configured with the "Internet Explorer Enhanced Security Configuration" activated. This setting is not compatible with the Auto-record and Auto-fill functions of Sphinx Logon Manager and must be disabled prior to running Sphinx Logon Manager. Make sure that turning off the "Internet Explorer Enhanced Security Configuration" setting does not compromise any applicable security policy.
To disable "Internet Explorer Enhanced Security Configuration", perform the following steps:
§ In "Control Panel", double-click on "Add/Remove Programs".
§ Click on "Add/Remove Windows Components".
§ Unselect "Internet Explorer Enhanced Security Configuration".
Open Domain Sphinx Solutions, Inc. 2007. All Rights Reserved. 2
USER'S MANUALSPHINX LOGON MANAGER /
GETTING STARTED
2.2 Opening the Sphinx Program
After the Sphinx Logon Manager software has been installed on your computer, use the instructions provided below to open the Sphinx program for the first time.
1. Select Sphinx from the "Start" menu at the bottom left of your screen ("Programs" option).
If the Sphinx program has been preset to automatically start when your computer is powered up (see "Settings" menu), the program will start automatically.
Figure 1 Open program from Start menu.
2. At the "Select data source" window, select the option that corresponds to the card you are using (contact, contactless), the mode that you want to use (Standalone, Server…), and the corresponding card reader. You only need to make this selection the first time that you use Sphinx; the next time you open Sphinx the program will default to the selection that you specified.
If the card reader which you want to use is not displayed in the “Select data source” list, verify that the desired card reader has been installed, as described on the previous page.
Insert your contact card into the contact card reader (or pass contactless card over reader) as prompted by the Sphinx window. (If you did not receive a card, contact your program administrator.)
A “Select data source” table is provided below, for additional information about the different options.
Contact Card Warning: Do not remove the contact card from the contact card reader, until you are prompted by the program that it is safe to remove your card. Removing the card when the program is reading from or writing to the card can result in the loss of the data which is stored on the card.
3. Type in your Sphinx card PIN, and click on the OK button.
Type in the initial default PIN (Personal Identification Number), "12345", if you have not been assigned a PIN.
Figure 2 Enter PIN: getting started.
Data Source Selection:
At program start, cardholder can select data source as described below.