Version 4.
©2011 Xerox Corporation. All Rights Reserved. Unpublished rights reserved under the copyright laws of the United States. Contents of this publication may not be reproduced in any form without permission of Xerox Corporation. XEROX® and XEROX and Design® are trademarks of Xerox Corporation in the United States and/or other countries. Changes are periodically made to this document. Changes, technical inaccuracies, and typographic errors will be corrected in subsequent editions. Document version 4.
Table of Contents 1 Introduction Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6 Card Readers and Card Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7 Supported Card Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Xerox® Smart Card Installation Guide
1 Introduction The Xerox Smart Card solution brings an advanced level of security to sensitive information. Organizations can restrict access to the walk-up features of a Xerox device. This ensures only authorized users are able to copy, scan, e-mail and fax information. The key benefit of this solution is its two-factor identification requirement. Users must insert their access card and enter a unique Personal Identification Number (PIN) at the device.
Introduction Compatibility This solution is compatible with the following product and configurations: • • 6 Configuration Software Level Xerox WorkCentre 7525/7530/7535/7545/7556 06x.120.xxx.xxxxx To identify the software level on your machine, press the Machine Status button on the control panel. The System Software Version number is displayed.
Introduction Card Readers and Card Types Supported Card Types The customer is responsible for purchasing and configuring the access cards. The following card types are recommended: • Gemalto TOP DL GX4 144K V2.6.2b Applets • Oberthur ID-One Cosmo v5.2 128K V2.6.2 Applets • Oberthur ID-One Cosmo v5.2 72K V2.6.1 Applets • Oberthur ID-One Cosmo v5.2D 72K V2.6.1 Applets • Oberthur ID-One Cosmo v5.2 72K V2.6.2 Applets • Gemalto GemCombiXpresso R4 dual interface 72K V2.6.
Introduction Documentation and Support For information specifically about your Xerox product, the following resources are available: • System Administrator Guide provides detailed instructions and information about connecting your device to the network and installing optional features. This guide is intended for System/Machine Administrators. • User Guide provides detailed information about all the features and functions on the device. This guide is intended for general users.
2 Preparation This section explains the preparation and resources required to install the Smart Card. The installation will take approximately one hour for each device.
Preparation The first method requires installation of the DC certificate as part of this procedure and is the more accepted method for validation. The second method retrieves the DC certificate automatically for each authentication and doesn't require installation of the DC certificate onto the Xerox device. An additional option is to combine the first and second options and compare the retrieved DC certificate to the one stored at installation.
3 Installation This section provides instructions for installing and configuring the Smart Card solution. There are 4 main installation procedures to follow in sequence. • Enabling and Configuring Smart Card Use the Feature Enable Key to enable the Smart Card to be configured. • Configuring Smart Card Enabling the Smart Card function and customizing the settings. • Hardware Installation Unpacking the Smart Card Enablement kit and installing the card reader device.
Installation Software Enablement Prior to installing the Xerox Smart Card solution, the software requires enabling on your Xerox device using the Internet Services. The Feature Enable Key is printed on the inside cover of the Enablement guide provided within the Xerox Smart Card kit. Follow the instructions below to enable the device software. Note: Some of the steps shown may require the System Administration password for your device to be entered. 1. 2. 3. Access Internet Services a.
Installation g. h. Enter the unique Feature Enable Key provided on the inside cover of the Smart Card Enablement Guide. Select Next. A confirmation message is displayed. i. Select Next. The Smart Card settings are now ready for configuring. Note: No services will be restricted until Smart Card has been fully configured using Internet Services.
Installation Configuring Smart Card Once the Xerox Smart Card feature has been enabled on the device it can be configured using Internet Services. Follow the instructions below to enable and configure the Smart Card: 1. Access Internet Services and select Properties. Refer to Access Internet Services on page 12 for instructions. 2. Configure the Date & Time to update automatically a. Select the General Setup link, then Date & Time. b. Select Automatic Using NTP. c.
Installation 4. Enter the Domain Controller details for the authentication server. a. Select Domain Controller(s) from the Authentication Configuration window. Note: Initially the Domain Controller(s) will be empty and the NTP server will not be set. b. Select Add Domain Controller. Ensure the Domain Controller Type is configured correctly for your authentication environment. d. Enter the IP Address or enter the Domain Controller Host Name (this must be the fully qualified Host Name). e.
Installation 6. If you wish to validate the DC certificate retrieved as part of the user authentication process against the one stored during installation, check the box for Validate domain controller certificate returned by the domain controller server matches the domain controller certificate stored on the device. Note: To change the Domain Controller search order, select the controller and use the up and down arrows on the right side of the screen to promote or demote the controller order. 7. 8.
Installation Hardware Installation Install the card reader device using the following instructions. 1. Unpack the Smart Card Enablement Kit The kit contains the following items: • Xerox Smart Card Enablement Guide (1) • Four Dual Lock Fastener pads (Velcro) (2) • Three Cable Ties (3) • One Ferrite Bead (4) Ensure you have read the licence agreement and agree to the terms and conditions specified prior to installation.
Installation 2. Locate the card reader device being installed • There are four types of card reader available, one upright model or three slimline models. • Locate the device being installed and ensure it has been configured. Note: The System Administrator should configure the cards prior to the card reader being installed on the machine.
Installation 3. Attach the ferrite bead to the reader cable. Note: The ferrite bead should be clipped onto the cable directly behind the connector.
Installation 4. 20 Attach the fasteners to the card reader device • Fasteners have been provided to secure the card reader to the Xerox device. • Peel back the fastener backing strip. • Position the fastener on the under-side of the card reader, as shown. • Repeat for each of the fasteners supplied.
Installation 5. Remove the fastener backing strips When all the fasteners have been attached to the card reader, remove the backing strips on each of the fasteners.
Installation 6. 22 Place the card reader on the Xerox device • Gently place the card reader on the device (do not fix in place at this point). • Position the card reader in a suitable location, ensure it does not obstruct the opening of the document handler side cover. • Check the cable has sufficient length to connect to the rear of the network controller. • Once it is in a suitable location, press firmly on the card reader to fix it in place.
Installation 7. Connect the card reader to the Xerox device • Remove the Device Connector Cover. • Insert the USB connection into the slot provided on the rear of the network controller. • Replace the Device Connector Cover ensuring the USB cable passes through the slot at the base of the cover. • Use the cable ties provided to ensure the cabling is neat and tidy. The hardware installation is now complete.
Installation 8. Confirm the installation • When the card reader and the software has been installed and configured, the Card Reader Detected screen displays on the Xerox device local user interface. • Select OK. Smart Card is now ready for use. Note: If the card reader is not detected, refer to Troubleshooting Tips on page 29 for information.
Installation Using the Smart Card Once the Smart Card has been enabled, each user must insert a valid card and enter their Personal Identification Number (PIN) on the touch screen. When a user has finished using the Xerox device, they are then required to remove their card from the card reader to end the session. For instances where a user forgets to remove their card, the machine will end the session automatically after a specified period of inactivity.
Installation 26 Xerox® Smart Card Installation Guide
Troubleshooting 4 For optimal performance from your card reader, ensure the following guidelines are followed: • The Card Reader is only compatible with network connected products. • Ensure the Card Reader is plugged into the Network Controller. Refer to Connect the card reader to the Xerox device on page 22 for instructions. • Do not position the Card Reader in direct sunlight or near a heat source such as a radiator. • Ensure the Card Reader does not get contaminated with dust and debris.
Troubleshooting Fault Clearance When a fault occurs, a message displays on the User Interface which provides information relating to the fault. If a fault cannot be resolved by following the instructions provided, refer to Troubleshooting Tips on page 29. If the problem persists, identify whether it is related to the card reader device or the Xerox device. • For problems with the card reader device, contact the manufacturer for further assistance.
Troubleshooting Troubleshooting Tips The table below provides a list of problems and the possible cause and a recommended solution. If you experience a problem during the installation process please refer to the During Installation problem solving table below. If you have successfully installed the Smart Card solution but are now experiencing problems, refer to After Installation on page 30.
Troubleshooting After Installation Problem Authentication failures Possible Cause Solution Incorrect PIN has been entered. • Retry entering the correct PIN. If problem persists, contact the System Administrator for advice. Card is locked due to too many failed PIN attempts. • Contact Registration Authority to reload or to get a new card. Unable to find identity certificate. Identity certificate has been revoked. Authentication with Domain Controller Failed. Unable to validate server certificate.
Troubleshooting Problem Possible Cause Solution Time for date mismatch error There is a mismatch between the time and date setting on the Xerox device and the authentication server time or date setting. • Verify that Network Time Protocol is properly set up. • Verify that the date and time and GMT Offset (Time Zone) is correct, refer to Configure the Date & Time to update automatically on page 14 for instructions. • Verify that GMT offset is correct for Daylight Savings Time.
Troubleshooting 32 Xerox® Smart Card Installation Guide
Retrieving the Certificate from a Domain Controller or OCSP Server 1. 2. A Access the Domain Controller using a web browser using the following syntax: https://IP Address of the Domain Controller:636 For example: https://111.222.33.44:636 where 111.222.33.44 is the IP address of the appropriate server. A Security Alert warning window is displayed, similar to the one shown. Click on View Certificate to proceed.
Retrieving the Certificate from a Domain Controller or OCSP Server 4. Select the Details tab. Record the name of the Certificate Authority (CA) that issued this certificate, the "Issuer". A certificate from this CA will be required during Smart Card setup. Select the Copy to File button. 5. The Certification Export Wizard is displayed. Select Next. 6. 7. Select Base-64 encoded X.509 (.CER). Select Next. 3.
Retrieving the Certificate from a Domain Controller or OCSP Server Select Browse. Browse to a directory to save the Certificate. 9. Enter a filename for the Certificate and select Save. 10. Select Next. 8. 11. Select Finish. The Certificate is retrieved from the server and saved in the selected directory. A pop-up message will confirm that the Certificate has been successfully saved. Once saved the Certificate can be loaded onto the device.
Retrieving the Certificate from a Domain Controller or OCSP Server 36 Xerox® Smart Card Installation Guide
Determining the Domain in which your Card is Registered 1. 2. 3. 4. B From your PC, click the Start menu and right click on My Computer. From the drop down list, select Properties. When the System Properties window opens, click on the Computer Name tab. Beneath the Full Computer name is the Domain Name. Copy and paste the Domain Name directly into the CAC setup page on the Internet Services user interface. Refer to Configuring Common Access Card on page 14 for instructions.
Determining the Domain in which your Card is Registered 38 Xerox® Smart Card Installation Guide
