background image

 

6     

 

Section 4 - Operation 

Secure Multi-Domain Tempest Smart Card Reader (MDR) User Manual

 

User Guidance & Precautions 

Please  read  the  following  User  Guidance  &  Precautions  carefully 
before using the product: 

1.

 

As product powers-up it performs a self-test procedure. In 
case of self- test failure for any reason, including jammed 
buttons, the product will be Inoperable. Self-test failure will 
be indicated by the following abnormal LED behavior:  

a.

 

All 

channel-select LEDs will be turned 

ON and 

then OFF; 

b.

 

A specific, predefined LED combination will be 
turned ON;  

c.

 

The predefined LED combination will indicate the 
problem type (jammed buttons, firmware integrity). 

Try to power cycle product. If problem persists please 
contact your system administrator or technical support. 

  

2.

 

Product power-up and RFD behavior: 

 

a.

 

By  default,  after  product  power-up,  the  active 
channel  will  be  computer  #1,  indicated  by  the 
applicable front panel push button LED lit. 

 

b.

 

Product  Restore-to-Factory-Default  (RFD)  function 
is  available  via  a  physical  control  button  on  rear 
panel. Use a sharp object or paper clip to hold RFD 
button  pressed  for  several  seconds  to  initiate  an 
RFD action.

 

c.

 

RFD  action  will  be  indicated  by  front  panel  LEDs 
blinking all together. 

 

d.

 

When  product  boots  after  RFD,  keyboard  and 
mouse will be mapped to the active channel #1 and 
default settings will be restored, erasing all user-set 
definitions.

 

 

3.

 

The appropriate usage of peripherals (e.g. keyboard, mouse, 
display,  authentication  device)  is  described  in  detail  in  this 
User  Manual's  appropriate  sections.  Do  not  connect  any 
authentication  device  with  an  external  power  source  to 
product.  
 

4.

 

For  security  reasons  products  do  not  support  wireless 
keyboards  and  mice.  In  any  case  do  not  connect  wireless 
keyboard/mouse to product. 
 

5.

 

For 

security 

reasons 

products 

do 

not 

support 

microphone/line-in audio input. In any case do not connect 
a  microphone  to  product  audio  output  port,  including 
headsets. 
 

6.

 

Product  is  equipped  with  always-on  active  anti-tampering 
system. Any attempt to open product enclosure will activate 
the anti-tamper system indicated by all channel-select LEDs 
flashing  continuously.  In  this  case,  product  will  be 
inoperable and warranty void. If product enclosure appears 
disrupted  or  if  all  channel-select  LEDs  flash  continuously, 
please  remove  product  from  service  immediately  and 
contact technical support. 
 

7.

 

In  case  a  connected  device  is  rejected  in  the  console  port 
group the user will have the following visual indications: 

a.

 

When  connecting  a  non-qualified  keyboard,  the 
keyboard  will  be  non-functional  with  no  visible 
keyboard  strokes  on  screen  when  using  the 
keyboard. 

b.

 

When  connecting  a  non-qualified  mouse,  the 
mouse  will  be  non-functional  with  mouse  cursor 
frozen on screen.   

Summary of Contents for SC2MDST

Page 1: ...1 Section 1 Introduction Secure MDR SC2MDST 2 Port USB SC4MDST 4 Port USB Rev E Doc No HDC10377 Secure Multi Domain Tempest Smart Card Reader MDR User Manual ...

Page 2: ... 9 Tamper Evident Labels 11 Active Anti Tampering System 11 Product Enclosure Warning Label 11 Panel Features SC2MDST SC4MDST 12 Product Specifications 13 Before Installation 14 Prerequisites 15 PC Modes 15 Active Mode 15 Passive Mode 15 MDR Operational Modes 15 Typical system installation 18 Operation 19 Smart Card Removal Behavior 19 Re associating the MDR after Smart card Removal 19 De associat...

Page 3: ... packaging you will find the following Emerson Secure Product AC Power Cord User Guidance Documentation Revision A Initial Release 23 Feb 2015 B Corrections 19 April 2015 C Corrections 25 May 2015 D User Guidance updates 21 June 2015 E Correction to Features section 13 August 2015 Important Security Note If you are aware of potential security vulnerability while installing or operating this produc...

Page 4: ...ve moisture water or any other liquid o The product is not working well even after carefully following the instructions in this user s manual o The product has been dropped or is physically damaged o The product shows obvious signs of breakage or loose internal parts o In case of external power supply If power supply overheats is broken or damaged or has a damaged cable The product should be store...

Page 5: ...utorisé Si une des situations suivantes survenait faites vérifier l appareil par un technicien de maintenance qualifié o En cas d alimentation externe L alimentation de l appareil surchauffe est endommagée cassée ou dégage de la fumée o ou provoque des court circuits de la prise du secteur o Un liquide a pénétré dans le boîtier de l appareil o L appareil est exposé à de l humidité excessive ou à l...

Page 6: ... mouse will be mapped to the active channel 1 and default settings will be restored erasing all user set definitions 3 The appropriate usage of peripherals e g keyboard mouse display authentication device is described in detail in this User Manual s appropriate sections Do not connect any authentication device with an external power source to product 4 For security reasons products do not support ...

Page 7: ... inoperable and for future use 10 Important Before re allocating computers to channels it is mandatory to power cycle product keeping it powered OFF for more than 1 minute 11 Product log access and administrator configuration options are described in product Administrator Guide 12 Authentication session will be terminated once product power is down or user intentionally terminates session 13 If yo...

Page 8: ...n the TCO and administrative effort required to support such environments is extremely high For example an employee that has to access 3 computers simultaneously would need to have 3 smart cards one for every computer environment domain plus 3 smart card readers each reader connected to a separate computer EMERSON MDR Solution EMERSON developed the Secure Multi Domain Smart Card Reader MDR technol...

Page 9: ... filtration of AUX channel exists to reject unauthorized transactions Isolation of power domains Complete isolation of power domains prevents signaling attacks Secure administrator access log functions Product incorporates secure administrator access and log functions to provide auditable trail for all product security events including battery backup life for anti tampering and log functions Non r...

Page 10: ... reader Product supported by most OS in use today All firmware is in ROM Read Only Memory Cost effective This product was designed to provide an affordable solution for agencies and organizations Product cost can be easily justifiable once compared with issuing and maintaining multiple cards for each user Ease of use The MDR automatically switches between channels The user needs minimal training i...

Page 11: ... different than the example shown here please call Technical Support and avoid using that product Active Anti Tampering System Product is equipped with always on active anti tampering system If mechanical intrusion is detected by this system the Product will be permanently disabled and all LEDs will blink continuously If product indicates tampered state all LEDs blinking please call Technical Supp...

Page 12: ...tion 4 Operation Secure Multi Domain Tempest Smart Card Reader MDR User Manual Panel Features SC2MDST SC4MDST Note the model described in above image is SC4MDST SC2MDST is identical except for having 2 ports ...

Page 13: ...ser warnings 65dB maximum Smart Card Reader Supports ISO7816 Class A and AB Smartcards T 1 T 0 protocol support Communication speed up to 344 105 bps PPS FI parameter Frequency up to 12 MHz PPS DI parameter Connector with sliding 8 contacts designed for 150 000 insertions Driver and OS Compatibility CCID compliant PC SC Compatible Reader Supports All Operating Systems Windows OS XP version and abo...

Page 14: ...ciding where to place product Product front panel must be visible to the user at all times The location of the computers in relation to the product and the length of available cables typically 1 8 m Warning Avoid placing cables near fluorescent lights air conditioning equipment RF equipment or machines that create electrical noise e g vacuum cleaners Important 1 If the unit s enclosure appears dis...

Page 15: ...s operating system device manager as a smart card reader The computer s OS and applications have full read write access to the smart card Passive Mode The smart card is inserted into the MDR The PC Association LED is ON The PC Number LED is OFF The MDR appears under the computer s operating system device manager as a smart card reader The computer s OS and applications have NO access to the smart ...

Page 16: ...16 Section 4 Operation Secure Multi Domain Tempest Smart Card Reader MDR User Manual ...

Page 17: ...17 Section 4 Operation Secure Multi Domain Tempest Smart Card Reader MDR User Manual ...

Page 18: ...18 Secure Multi Domain Tempest Smart Card Reader MDR User Manual Section 4 Operation Typical system installation SC2MDST SC4MDST ...

Page 19: ...To re associate that PC with the MDR press the PC Number Button to initialize the MDR as described in step 7 The de association option is useful in any case a user wants to de associate the MDR from a specific PC without interfering with other PCs which are associated with the MDR For example when a user has to lock PC 1 by removing the smart card yet remain logged on to PC 2 or when a certain PC ...

Page 20: ...rvice marks of Avocent Corporation This document may contain confidential and or proprietary information of Avocent Corporation and its receipt or possession does not convey any right to reproduce disclose its contents or to manufacture or sell anything that it may describe Reproduction disclosure or use without specific authorization from Avocent Corporation is strictly prohibited 2015 Avocent Co...

Reviews: