![background image](http://html.mh-extra.com/html/xerox/workcentre-5335-series/workcentre-5335-series_service-manual_8843081453.webp)
BUS Updated 12/2011
07/2011
6-58
WorkCentre 5335 Family Service Documentation
GP 21
Initial Issue
General Procedures & Information
GP 21 Common Access Card Servicing
Description
The Xerox Common Access Card & Personal Identity Verification ID System is an embedded
authentication solution. It supports Common Access Cards (CAC) cards issued to Department
of Defense (DoD) personnel. These types of smart cards store identity information in the form
of Personal Identification Numbers and of digitally encrypted certificates. These are used for id
authentication and authorization in order to gain access to work areas, computers, networks,
and peripheral devices.
The Xerox CAC Enablement software supports a number of card readers and allows users to
authenticate at the device. The card reader is connected to a USB port on the WorkCentre.
Supported Card Types
The CAC solution is compatible with most common CAC card types listed below. Other card
types may function with the CAC/PIV ID system but they have not been validated.
•
Axalto Pegasus 64K / V2
•
Axalto Cyberflex 32K / V1
•
Axalto Cyberflex 64K / V2
•
Gemplus GemXpresso 64K / V2
•
Oberthur 72K / V2
•
Oberthur CosmopoIIC 32K / V1
•
Oberthur D1 72K / V2 (contact-less and PIV)
Supported Card Readers
The following card readers are compatible with the CAC ID system:
•
Gemplus GemPC USB SL
•
Gemplus GemPC Twin
•
SCM Micro SCR3310
•
Panasonic ZU 9PS
Other USB CCID compliant readers may function with the CAC ID system, but have not been
validated.
Prerequisites
USB Enablement Kit (software option).
The customer has the option of either supplying a compatible card reader for each MFP, or pur-
chasing the Card Reader from Xerox.
Installation
The customer is responsible for installation of the hardware and the enablement kit software
(unless they have purchased Analyst services).
Service
NOTE: Xerox does not provide any on-site or remote repair or replacement of CAC compatible
Cards or Card readers unless Xerox Service supplies the Card Reader. The card reader is
manufactured by SCM Microsystems, model SCR3310, and can be identified by the Xerox p/n
(960K59280) on the underside of the device.
Only readers with the Xerox part number affixed are to be replaced by Xerox Service.
Service for CAC hardware is limited to verifying correct operation:
•
CSE should check the following NVM values:
–
Location 850-009 should be set to 0
–
Location 700-379 should be set to 0101.
•
Check out the machine in the service mode to insure no faults are displayed and that the
WorkCentre is functioning correctly in diagnostic mode.
•
If working properly, return the machine to customer user mode and have a user attempt to
use their card to gain access to the machine features.
If the card functions properly, the CSE’s responsibilities have been met.
If the CAC System Fails
Check for any UI displayed messages that might indicate a card failure or card reader failure.
Other messages might indicate authorization issues with the customer’s card.
Suggest that the user try their card in another device. If the card works in another device, sug-
gest that they alert their on-site supervisor to try another card reader on the failed device or
check for network connectivity to the failed device. For Xerox-supplied Card Readers, the CSE
will replace the faulty Card Reader..
Suggest that another user try their card on the device where the original card failed. If the sec-
ond card works, suggest that the user’s card has failed.
Servicing non-CAC problems.
Diagnostic Tools
Diagnostics can be accessed as usual when the Common Access Card & Personal Identity
Verification ID System is installed.
Customer Tools
If the Machine Status pathway has been locked, the Tools will only be available to the user who
has either logged in as a System Admin or has logged in and Authenticated to the machine
using their Common Access Card and the correct password for that card.
CAC Feature Principles of Operation
The following steps represent an authentication process.
1.
The WorkCentre’s control panel will prompt the user to insert their card in the attached
reader.
2.
Once a card is inserted the user will be prompted to enter their PIN.
3.
The PIN is validated against the card, and if they match, this will unlock the card so the
Private Certificate Key may be used.