icalogoneng

DEKART Logon for Citrix ICA Client

Users Guide

Pages 33

2004

DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 2 Copyright © Dekart – 2004

All trademarks are the property of their respective owners

Annotation This document is a general users guide for DEKART Logon for Citrix ICA

Client.



Contents

1 Terminology (glossary)....................................................................................................................5 2 Function of Dekart Logon for Citrix ICA client ............................................................................6 3 General description..........................................................................................................................6

3.1 Security principles of Dekart Logon for Citrix ICA Client ................................................6 3.2 Features of Dekart Logon for Citrix ICA Client .................................................................6 3.3 Product components ...............................................................................................................6 3.4 System requirements ..............................................................................................................7

4 Installation of Dekart Logon for Citrix ICA Client........................................................................9 5 Updating Dekart Logon for Citrix ICA Client..............................................................................12 6 Removing (un-install) Dekart Logon for Citrix ICA Client .........................................................14 7 Working with Dekart Logon for Citrix ICA Client.......................................................................14 8 Working with Dekart Logon for Citrix ICA Client in management mode ..................................15

8.1 Launch the application in management mode ...................................................................15 8.2 Preparing the KSD for use with the application ................................................................18 8.3 Adding BIO ID to KSD ........................................................................................................19 8.4 Servicing the KSD.................................................................................................................21 8.5 Changing the PIN Code........................................................................................................22 8.6 Changing the BIO ID............................................................................................................23 8.7 Changing the label for the KSD...........................................................................................23 8.8 Clearing the KSD..................................................................................................................23 8.9 Unblocking the KSD.............................................................................................................24 8.10 Operations with ICA-connection list..................................................................................25 8.11 Additions/edits to ICA connections .....................................................................................25 8.12 Deleting ICA-connections from the list...............................................................................25 8.13 Storing an ICA-connection to the KSD...............................................................................26 8.14 Transferring the ICA connection from the list to the KSD...............................................26 8.15 Re-instating the ICA connection in the list, from the KSD...............................................26 8.16 Connecting to a Citrix server...............................................................................................26 8.17 Transfer from management mode to monitoring mode ....................................................26 8.18 Viewing information regarding Dekart Logon for Citrix ICA Client..............................27

9 Working with Dekart Logon for Citrix ICA Client in monitoring mode .....................................27 9.1 Launch the application in monitoring mode ......................................................................27 9.2 Setting the automatic connection mode ..............................................................................28 9.3 Connecting with a Citrix Server.........................................................................................28 9.4 Disconnecting from the Citrix-server..................................................................................29 9.5 Switching from monitoring mode to management monde ................................................29 9.6 Changing work mode (temporarily turning off monitoring mode) ..................................29



9.7 Viewing information about Dekart Logon for Citrix ICA Client.....................................30 9.8 Exiting Dekart Logon for Citrix ICA Client ......................................................................30

10 Biometric authentication in Dekart Logon for Citrix ICA Client ............................................30 11 Registering Dekart Logon for Citrix ICA Client ......................................................................31 Attachment.............................................................................................................................................32

Device characteristics of KSD (PIN-codes, memory size) .............................................................32 Error messages..................................................................................................................................33 Appearance of window during KSD operations ............................................................................33



1 Terminology (glossary) Dekart Logon for Citrix ICA Client (DLCIC) – name of the product. ICA-connection (Citrix ICA connection) – personal data required to access a Citrix server (address, domain, password, etc.). KSD (Key Storage Device) – A device where personal information is stored (data necessary to access and work with a Citrix server). A KSD can be either smart card or USB token. The KSD can be secured with a PIN code, or can work without PIN. PIN (Personal Identification Number) – A personal identification number that is used to access information stored on the KSD. The PIN code length can be from 4 to 8 characters, and should always be memorized, or be in the possession of only the KSD holder. Biometric Authentication - user authentication based on verification of specific physical characteristics of the user by means of special biometric equipment. Biomet-ric authentication can be based on verification of fingerprints, iris, voice, and other specific characteristics of human body. Two-Factor Authentication - this is a process controlling the authenticity of the user’s identity on the basis of the two following factors: “Something You Have – for example, the KSD device” and “Something You Know — for example, the user name and password, PIN-code”. Three-factor authentication - is a process controlling the authenticity of the user’s identity on the basis of the three following factors: “Something You Have – for exam-ple, the KSD”, “Something You Know — for example, the PIN code”, “Something You are – for example, the user's BIO ID”.



2 Scope of Dekart Logon for Citrix ICA client Dekart Logon for Citrix ICA Client is intended to provide secure access to Citrix server resources.

3 General description Dekart Logon for Citrix ICA Client is a combined software and hardware solution that provides secure user access to a Citrix server, and its resources, by means of strong (2 and 3 factor) authentication. 3.1 Security principles of Dekart Logon for Citrix ICA Client 1. Security for Dekart Logon for Citrix ICA Client is provided by a KSD (PIN code

protected) that contains the ICA-connection details and user's BIO ID. The user no longer needs to store the connection data on a hard drive, and three-factor authentication reduces the risk of information losses in the event that the KSD is lost or stolen.

2. In order to access a Citrix server and its resources, it is enough to connect the KSD to the computer, enter the correct PIN Code and pass biometric verification procedure (voice, fingerprint etc.). When the KSD is removed, the connection to the Citrix server is terminated.

3. KSD will block upon multiple wrong PIN code entries. Note. Different KSDs have different error counters, allowing from 3 to 10 attempts to enter the wrong PIN code before blocking the KSD (see appendix).

3.2 Features of Dekart Logon for Citrix ICA Client 1. Ease of use – it is no longer necessary to remember or enter the access codes to

the Citrix server. 2. Mobility – the ICA-connection is stored on the KSD, and therefore access to the

Citrix server can be gained from any computer. It is enough to connect the KSD and enter the correct PIN code.

3. Interoperability – the KSD can be used not only for DLCIC, but also for a variety of additional applications: Dekart Logon and/or Dekart Private Disk, as well as others.

3.3 Product components Product components include the application, documentation and the KSD. The KSD acts as the unique means of access to a Citrix server. The KSD can be any of the devices below (depends on customer prefer-ences/requirements)

• Aladdin eToken PRO; • Aladdin eToken R2; • Datakey Model 310; • Datakey Model 330;



• Eutron CryptoIdentity ITSEC; • Eutron CryptoIdentity 4; • Eutron CryptoIdentity 5; • GemPlus GPK; • Rainbow iKey 1000; • Rainbow iKey 2000; • Rainbow iKey 2032; • Rainbow iKey 3000; • Schlumberger Multiflex; • Schlumberger Cryptoflex; • Schlumberger Payflex.

Attention! Before you purchase a USB token or smart card, please make sure that it has enough memory to store the ICA-connection. Take into account that the part of KSD memory may be allocated to other data, e.g. BIO ID. You can determine the memory usage of the card and read the USB token or smart card using the Dekart Key Manager Utility, as well as delete all unnecessary information using Dekart Key Man-ager or format the token or smart card using a Key Formatting utility or Corporate Key formatting utility. Note1. Certain user characteristics are described in the appendix. Note2. Dekart delivers all KSDs without a predefined PIN code. 3.4 System requirements Hardware requirements • Personal computer, with at least a single port (COM, or USB) for KSD connec-

tion. • In the event a smart card is utilized, the card reader must be PC/SC compatible. • If the user prefers to use three-factor authentication, a biometric device should be

used, e.g. BioLink U-Match Mouse. Software requirements • Operating System: Windows 98, NT4.0, 2000, ME, XP. • Citrix ICA Client for Windows 32 bit (Full Program Neighborhood Version 7.00

and higher). • KSD drivers (usually provided with the product, or can be downloaded from the

KSD manufacturers’ web site. • Drivers of biometric device.

Note: The Citrix ICA Client must have at least one ICA-connection. During ICA-connection setup, it is necessary to specify: User name, Password, Domain, and set flag: Save password.



Attention! In order to receive complete information about the Citrix ICA Client (setup, proce-dures, and other specifics), you should contact Citrix Systems, Inc., or visit their web site www.citrix.com.Detailed information about biometric devices, used for authentication (features, soft-ware etc.) can be obtained from BioAPI Consortium at www.bioapi.org.

http://www.bioapi.org/

http://www.citrix.com/



4 Installation of Dekart Logon for Citrix ICA Client 1. Before beginning installation of the software, you must close all open applica-

tions. 2. In order to enable three-factor authentication, the biometric device should be con-

nected and its drivers should be installed. Note: If the user hasn't previously installed the software working with biometric devices, then BioAPI Framework should be installed on the computer before in-stalling device drivers (the BioAPI Framework can be downloaded from www.bioapi.org, Implementation section).

3. In order to install Dekart Logon for Citrix ICA Client you must launch the pro-gram: ICALogon.exe.

4. In the appearing window select Next.

Figure 1

5. The licensing agreement window appears. You must accept the license agreement before you can proceed with installation.

http://www.bioapi.org/



Figure 2

6. The next step requires that you enter your personal information, and the serial number of the product.

Figure 3

7. You must then select the folder where the Dekart Logon for Citrix ICA Client software is to be installed.



Figure 4

8. You must then select the folder in the Start Menu, where the Dekart Logon for Citrix ICA Client software is to be added.

Figure 5

9. The final step in the installation process requires that you press Finish.



Figure 6

After this process is completed, the program will copy the necessary files, and the in-stallation procedure will be complete.

Figure 7

The following icon will appear on your desktop, as shown in Figure 8

Figure 8

5 Updating Dekart Logon for Citrix ICA Client 1. The next time you launch the setup program, the installation program will auto-

matically check for the presence of an earlier version, and will display all neces-sary information in the icon below.



Figure 9

2. In order to continue the process, you must press Next. You must accept the license agreement before you can proceed to upgrade.

3. Click the Finish button to terminate the update process.

Figure 10

Upon completion of the above steps, the program will copy the installation files. In the event that you are updating the application, all updated files will then be copied.



Figure 11

Note: After updating Dekart Logon for Citrix ICA Client, it is necessary to restart your computer.

6 Removing (un-installing) Dekart Logon for Citrix ICA Client In order to remove the software follow these steps: 1. Select Programs menu in Start Menu, locate the folder you have entered in step

7 when installing the program (see par. 4), select Uninstall (alternatively, you can go to Control Panel, select Add or Remove Programs, select the program name in the list and press the Uninstall button). The following message will appear:

Figure 12 In order to confirm your intention to remove Dekart Logon for Citrix ICA Client press Yes.2. After successful completion of the de-installation process the following message

will appear:

Figure 13

7 Working with Dekart Logon for Citrix ICA Client

The DLCIC application can function in two modes – management mode and monitor-ing mode. The first mode (management) allows you to setup the KSD for user access



to a Citrix server, and to manage the KSD. The second mode (monitoring) enables the user to easily connect to a Citrix server.

Management mode capabilities:Change PIN Change the PIN code Change Label Change KSD label Change BIO ID Change biometric identifier Unblock PIN Unblock the PIN code Clear KSD Clear KSD Add/Edit Add or edit the ICA-connection parameters Remove Remove the ICA-connection from the list Store to KSD Store the ICA-connection on the KSD (without removing

from the list) Move to KSD Store the ICA-connection on the KSD with simultaneous

removal from the list. Restore from KSD

Restore the ICA-connection from the KSD to the list.

Connect to… Connect to the Citrix-server in compliance with the ICA-

connection stored on the KSD Minimize Close the window and transfer from management mode to

monitoring mode. Exit Close the application Operations available in Management Mode:Connect Connection to Citrix server, according to ICA connection

stored on the KSD Auto Connect Set automatic connection mode on KSD insertion Restore Change from monitoring mode to management mode Enable/Disable Enable/disable monitoring mode Exit Close application About Information about the application

8 Working with Dekart Logon for Citrix ICA Client in manage-ment mode 8.1 Launch the application in management mode 1. Attach the KSD to the computer. 2. Launching the application can be accomplished by the following means:

• In the Start Menu select Programs, and then select the folder where the ap-plication is stored (see step 7 in par.4).



Figure 14

• Or, in Windows Explorer, open the folder indicated in par. 6 in the installation procedure (see par.4).

Figure 15

If the KSD is PIN code protected, you will see a window requesting for the PIN code before allowing you to access the system.



Figure 16

3. The user must enter the PIN code and press OK.

Attention! KSD will block upon multiple wrong PIN code entries. Please, be care-ful. The number of allowable incorrect entries varies according to the KSD manufac-turer, and the application.

Note: If the BIO ID is stored on the KSD, the software will automatically detect it and will attempt to conduct biometric authentication.

After successful authentication you will see the main application window.

Figure 17

If the application is launched without the KSD, then the main application window will appear as shown in Figure 18:

Figure 18



In this case, the user must connect the KSD to the computer, and enter the PIN code, if necessary. 8.2 Preparing the KSD for use with the application After launching the software, and connecting a new KSD, and if required, the PIN code verification (see par 8.1) the following window will appear:

Figure 19

In the left hand side of the table Citrix ICA Connections, all settings for ICA Connec-tions (from the file appsrv.ini), will be visible. In the right hand portion of the table, you will see data pertaining to the KSD(s) connect to the computer. In the first col-umn (Key Storage Device reader) you will see the reader(s) for the KSD (reader(s) for smart cards or USB tokens). In the second column (KSD Label or ID) – label or ID of the KSD, in the third column (Custom ICA Connection) – ICA-connection. Note: if the KSD is new, then in the filed KSD Label or ID, you will see the serial number of the device. The user can change this parameter later.

1. The user should left-click the KSD name to select the KSD (key storage device)

being used.

Figure 20



After this, the Change PIN, Change Label, Change BIO ID, Clear KSD buttons are activated.

2. Select the ICA-connection in the Citrix ICA Connection field. At this point the Store to KSD, Move to KSD, Remove buttons are activated.

Figure 21

3. In order to store the ICA-connection on the KSD, the user must press either the Store to KSD, or Move to KSD. In the first case the ICA-connection will be listed as an active ICA-connection (see Figure 22), in the second case, the ICA connection will be deleted from the list. After this procedure, the Restore from KSD button is activated.

Figure 22

At this point, all preliminary procedures to make the KSD ready for work are com-pleted. Note. In order to increase security, it is highly recommended that you assign a PIN code with the assistance of the “Change PIN” feature. 8.3 Adding BIO ID to KSD In order to enable three-factor authentication, the KSD should store user's biometric identifiers. Note: The choice of biometric device is determined by the physiological characteris-tics of user and the location of his computer.



In order to add BIO ID do the following: 1. Click the "Change BIO ID" button in program window. The window with the

list of installed drivers for biometric devices will appear.

Figure 23 2. Check the "Enable Biometric ID verification" checkbox and choose the biomet-

ric device from the list. 3. If the fingerprint scanner is used, e.g. BioLink U-Match, the user will be required

to provide his fingerprints for scanning for several times. As soon as the scanning procedure is complete, the user's BIO ID is stored on the KSD.

Figure 23 If the voice recognition device is used, e.g. SAFLINK Scansoft Voice Verification, the user will be required to speak the key phrase into a microphone to create his voice



template (Figure 24). After the voice template is created, the information is stored on the KSD.

Figure 24

8.4 Managing the KSD In order to change parameters for the KSD and the information stored therein, it is necessary to do the following: 1. Launch the application, and connect the KSD, then enter the PIN code (see

par.8.1). 2. Using the mouse select the currently used KSD in Key Storage Device (KSD).Afterwards, the application window will appear as shown in Figure 22. At this point the user can perform the following functions with the KSD:

• Change the PIN code (see par.8.5); • Change the label for the KSD (see par.8.7); • Change BIO ID (see par.8.6); • Clear the KSD (see par. 8.8); • Un-block the PIN-code (see par.8.9); • Change the ICA-connection in the KSD (see par.8.10).



8.5 Changing the PIN Code In order to change the PIN code, you must perform the following steps: 1. Launch the application (perform all steps in par.8.1). 2. Using the mouse, select the KSD that is currently being used in Key Storage De-

vice (KSD).3. Then press Change PIN. The following dialog box will appear: (Figure 25).

Figure 25

4. In the field new PIN code, enter the new PIN cod, or leave it blank (in order to work without a PIN code) then press ОК.

Note: The PIN code length varies from 4 to 8 symbols. 5. You will then be prompted to confirm the new PIN code, press ОК.

Figure 26 After successful completion of the operation, you will see the following message.

Figure 27



8.6 Changing the BIO ID In order to change BIO ID (if it has been previously stored on the KSD) do the fol-lowing: 1. Launch the program. 2. Click the "Change BIO ID" button in the program window. The Change Bio-

metric ID window with the list of installed drivers of biometric devices will ap-pear, as shown in Figure 23.

3. Select the biometric device from the list. 4. Depending on the type of the selected device enter the required biometric informa-

tion (fingerprint, voice). After the succession of biometric scans, the template will be stored on the KSD. Note: In order to stop using biometric authentication, the user should uncheck the Enable Biometric ID verification checkbox in the Change Biometric ID win-dow.

8.7 Changing the label for the KSD The label for the KSD contains the information about the owner of the device. The field can contain the name of the user, or any other pertinent information you wish to enter into the field. In order to change the label of the KSD, it is necessary to: 1. Launch the application (complete all steps outlined in par8.1). 2. Using your mouse, select the appropriate KSD in Key Storage Device (KSD).3. Then press the Change Label button. The following dialog box will appear:

(Figure 28).

Figure 28

3. In the field new Label, you must select the new label for the KSD and press ОК.In order to clear the label new Label, you should leave the field blank and then press ОК (in this case, in the field KSD Label or ID, the serial number will be stored – see Figure 22).

Note: The KSD label cannot be more than 32 characters long.

8.8 Clearing the KSD Attention! Performing this operation will erase all data from the device, including all ICA connections!

In order to perform this operation it is necessary to take the following steps: 1. Launch the application (perform all steps in par. 8.1).



2. Using your mouse, select the KSD being used in Key Storage Device (KSD).3. Then select Clear KSD. The application will ask you to confirm the operation

(Figure 29).

Figure 29

3. In order to perform the operation, you should pressОК. After performing the op-eration, the window will appear below (Figure 30)

Figure 30

8.9 Unblocking the KSD After several incorrect PIN code entries, the KSD will be blocked. In order to unblock the KSD, you should launch the application, and in the main window select Unblock PIN.

Figure 31

You will then be prompted to enter the PIN code.



Figure 32

If the PIN code is incorrectly entered, the KSD will be permanently blocked!

Note: The number of allowable attempts for de-blocking the KSD will vary accord-ing to the application, and type of KSD. 8.10 Operations with ICA-connection list After launching the application (see par.8.1), the user may edit the ICA connection list: • Add or edit the parameters for a specific ICA connection within the list (see

par.8.11); • Delete an ICA connection from the list (see par.8.12); • Store an ICA connection on the KSD (see par. 8.13); • Transfer an ICA connection to the KSD (see par. 8.14); • Reinstate an ICA connection from the KSD to the list (see par.8.15). 8.11 Additions/edits to ICA connections In order to add or edit the parameters for a specific ICA connection in a list (Add/Edit button is active after launching the application, even if the KSD is not at-tached). In order to perform this operation it is necessary to: 1. Launch the application (perform all steps in par 8.1). 2. Press Add/Edit. At this time the Citrix ICA Client application will be launched

(Citrix Program Neighborhood – Custom ICA Connections), which will allow the user to make the desired changes. After the application Citrix Program Neighbor-hood – Custom ICA Connections is closed, the DLCIC window will appear.

Note: During ICA-connection addition or editing, it is necessary to specify: User name, Password, Domain, and set flag: Save password.

8.12 Deleting ICA-connections from the list In order to delete a specific ICA-connection from the list it is necessary to: 1. Launch the application (perform all steps in par.8.1).



2. Using the mouse, select the ICA-connection from the list: Custom ICA Connec-tions and press Remove.

3. In order to continue working with the ICA-connection list, you must click on an empty field in the Key Storage Device (KSD) table, and then once again using the mouse select the KSD.

8.13 Storing an ICA-connection on the KSD In order to store a specific ICA-connection from the list on the KSD it is necessary to: 1. Launch the application (perform all of the steps in par.8.1). 2. Using the mouse, select the active KSD in Key Storage Device (KSD).3. In the Custom ICA Connections list select the required ICA-connection and press

Store to KSD. The selected ICA-connection will appear in the Custom ICA Con-nection field of the Key Storage Device (KSD) table.

8.14 Transferring the ICA connection from the list to the KSD In order to transfer a specific ICA connection from the list to the KSD, it is necessary to: 1. Launch the application (follow all steps in par. 8.1). 2. Using your mouse, select the active KSD in Key Storage Device (KSD).In the list Custom ICA Connections, using the mouse, select the required ICA connec-tion, and press Move to KSD. The selected ICA-connection will appear in the Custom ICA Connection field of the Key Storage Device (KSD) table, and will disappear from the list of Custom ICA Connections.

8.15 Re-instating the ICA connection in the list, from the KSD In order to retrieve the ICA connection from the KSD it is necessary to: 1. Launch the application (follow all steps in par. 8.1). 2. Using your mouse, select the active KSD in Key Storage Device (KSD).3. Press Restore from KSD.

8.16 Connecting to a Citrix server In order to connect to a Citrix server, it is necessary to follow all of the steps in par.8.1, select the active KSD in Key Storage Device (KSD), press Connect to…. The connection process to the Citrix server will now begin, corresponding to the pa-rameters of the ICA connection stored on the KSD. Note: After successful connection to the Citrix server, the connection stored on the KSD will be deleted from the list of ICA connections (Custom ICA Connections), if this has not already been previously done. 8.17 Transfer from management mode to monitoring mode In order for the application to transfer from the management mode to monitoring mode, it is necessary to press Minimize, in the main window. Upon completion of this operation, on the right side of the program status line, the application icon will appear.



Figure 33

8.18 Viewing information about Dekart Logon for Citrix ICA Client In order to view information about the application, it is necessary to press F1 or to right-click the mouse in the active window heading

Figure 34 A menu will appear (see Figure 34), in which you should select About, About Dekart Logon for Citrix ICA Client will appear on your screen (see Figure 38). If the user is using an un-registered version of the application then the window About Dekart Logon for Citrix ICA Client will appear as it does in Figure 39.

9 Working with Dekart Logon for Citrix ICA Client in monitoring mode 9.1 Launch the application in monitoring mode • After installation of DLCIC the application appears in the Startup Menu. There-

fore, upon starting your computer, the application will automatically launch in monitoring mode.

• The user may also launch the application in monitoring mode by double-clicking the mouse button on the desktop icon (see Figure 8).

Upon successfully launching the application in monitoring mode, the user will be prompted to enter the PIN code (if required), after successful verification of the PIN code, the program icon will appear in the system tray (see Figure 33). If you right-click the mouse button on the icon, you will then see a list of allowed actions.



Figure 35 9.2 Setting the automatic connection mode The software can be set up to provide automatic connection with Citrix server once it detects the insertion of the KSD: 1. Right click the program icon in the system tray on your taskbar. 2. Left-click the Auto Connect field in the appearing pop-up window. The Connect

field will now be deactivated.

Figure 36 9.3 Connecting with a Citrix Server After launching the application in monitoring mode, connection to a Citrix server can be accomplished by one of the following means: First methodThe user must press the left mouse button one time, while positioned on the applica-tion icon in the right part of the taskbar (see Figure 33). Second method• The user must press the right mouse button one time, while positioned on the ap-

plication icon in the right part of the taskbar (see Figure 33). • In the menu that appears, select Connect. Third methodThe user must press the left mouse button, two times, while positioned on the applica-tion icon in the right part of the status bar (see Figure 8). Fourth method



If the user has set up the automatic connection mode (see par. 9.2), then the connec-tion is established only after the KSD is inserted and the user is successfully authenti-cated (two-factor or three-factor authentication).

After performing the above procedures, the Citrix connection progress window will appear (see Figure 37).

Figure 37

9.4 Disconnecting from the Citrix-server In order to disconnect from the Citrix-server, the user needs only to disconnect the KSD from the computer. 9.5 Switching from monitoring mode to management mode When DLCIC runs in monitoring mode, the user may require to change the parame-ters of the ICA-connection, which requires that he switches the application to man-agement mode. In order to accomplish this, it is necessary to do the following: • Right click the mouse button on the application icon in status bar (see Figure 33). • In the menu that appears, select Restore. After successful completion of the operation, the application window will appear (see Figure 17). 9.6 Changing work mode (temporarily turning off monitoring mode) If the user requires that DLCIC should temporarily cease to react to disconnect-ing/connecting of the KSD to the computer, that is, to temporarily stop the application from being removed from memory when the KSD is either connected or disconnected, then the following steps should be performed: • Right-click on the mouse button, while positioned over the application icon in the

right part of the status bar (see Figure 33). • In the appearing window, select Disable. After performing this operation, the

menu will display and the Enable menu will become active (the Disable function in the menu will now be de-activated).

In order to return to the monitoring mode, it is necessary to select Enable, from the pop-up icon. After completion of this operation, the Disable function will then be ac-tivated (the Enable function will be de-activated at this point.) - see Figure 35.



9.7 Viewing information about Dekart Logon for Citrix ICA Client In order to view information about the application, it is necessary to select About. The screen will then display the About Dekart Logon for Citrix ICA Client window.Note: If the user is using an unregistered copy of the application then the window About Dekart Logon for Citrix ICA Client will appear as shown in Figure 39.

Figure 38

9.8 Exiting Dekart Logon for Citrix ICA Client In order to exit from DLCIC and to remove the application from memory it is neces-sary to: • Right-click the mouse button while positioned over the application icon in the

right portion of the status bar (see Figure 33). • In the menu that appears, select Exit.

10 Biometric authentication in Dekart Logon for Citrix ICA Client If the three-factor authentication is enabled (the Enable Biometric ID verification checkbox checked in the Change Biometric ID window), the biometric authentica-tion will be required after the user launches DLCIC, and the PIN for the KSD is suc-cessfully verified (if the user has set the PIN protection for the KSD). The software will automatically read the biometric templates stored on the KSD and will offer the user to provide his biometric data (scan the fingerprints, speak the authentication



phrase etc.). In case the BIO ID provided by the user is not identical with the tem-plates stored on the KSD, the user will be required to repeat the biometric authentica-tion. Authentication routine will be finished only when the data provided by the user will be identical to the biometric templates stored on the KSD. The biometric ap-proach ensures that only authorized user can get access to Citrix-server.

11 Registering Dekart Logon for Citrix ICA Client In order to register the application, if this has not been done during the installation procedure, it is necessary to go to the window About Dekart Logon for Citrix ICA Cli-ent, and enter the registration information in the proper fields.

Figure 39

Please, obtain a registration number at Software Registration (Register) page at www.dekart.com. In case you use licensed Dekart software, please, submit your li-cense key to receive your registration number via email. If you use shareware pro-grams, please, use Dekart Buy on-line page to purchase your registration number. Af-ter your transaction is processed, you will receive an email with the registration num-ber.

http://www.dekart.com/



Attachment Device characteristics of KSD (PIN-codes, memory size)

Table 1

KSD name PIN-code for

applications/ de-vice

Allowed wrong PIN code entries

Allowed attempts to

unblock KSD

Memory size (kB)

Aladdin eToken PRO

PIN-code for applications 3 3 16, 32, 64

Aladdin eToken R2

PIN-code for device ∞ - 16, 32, 64

Schlumberger Multiflex

PIN-code for applications 3 3 4, 8

Schlumberger Cryptoflex


Schlumberger Payflex

PIN-code for applications 3 3 4

Rainbow iKey 1000

PIN-code for device 3 3 8, 32

Rainbow iKey 2000


Rainbow iKey 2032


Rainbow iKey 3000


Eutron CryptoIdentity

ITSEC


Eutron CryptoIdentity 4


Eutron CryptoIdentity 5


Datakey Model 310


Datakey Model 330


GemPlus GPK PIN-code for applications 3 3 2, 4, 8, 16

ruToken PIN-code for device 3 12 8, 16, 128

Note 1. Key storage device can have one PIN-code for all Dekart applications, and another PIN code for other applications, or a single PIN code for the device



Note2. Most KSD’s have a maximum number of allowed attempts for entering a PIN code. When the maximum number of attempts has been achieved, the KSD is then blocked. If the correct PIN code is entered during the un-blocking operation, then the KSD will once again be operational. If during the un-blocking operation, the incorrect PIN code is entered, the KSD will be permanently blocked. Error messages

Table 2 Error message Possible reason User action

Key Storage Device is not formatted for Citrix ICA Client Logon

KSD (smart-card or USB To-ken) not formatted for DLCIC.

It is necessary to use a KSD formatted for DLCIC.

ATTENTION! Bad PIN code was entered!

Wrong PIN code was entered. It is necessary to repeat the operation, and enter the correct PIN code. Attention! Multiple in-correct PIN code entries will result in blocking of the KSD! The number of allowable entries for the specific KSD is specified in Table 1.

Key Storage Device is blocked

The KSD is blocked after the maximum of allowed at-tempts has been exceeded.

In order to un-block the KSD it is necessary to fol-low un-blocking instruc-tions. «Un-blocking the KSD» (key Unblock PIN)or contact your administra-tor. Attention! If during the un-blocking operation, the incorrect PIN code is entered, the KSD will be permanently blocked!

KSD is not blocked yet User presses Unblock PIN button but KSD is not blocked yet.

No actions are required. «Un-block KSD» (key Un-block PIN) since KSD is not blocked.

Confirm PIN does not match

During PIN code change, the entries did not match.

It is necessary to repeat the operation, and ensure that both PIN code entries match.

PIN length must be at least 4 symbols

The entered PIN code is less than four characters.

It is necessary to repeat the operation, and enter the proper length PIN code.

Citrix ICA Client is not The computer does not have It is necessary to install Ci-



installed. Citrix ICA client installed. trix ICA Client Error working with Key Storage Device

An error has occurred while working with the KSD

It is necessary to repeat the operation. In the event the problem persists, please contact the administrator.

Error writing data to the KSD (Not enough free space on KSD)

An error has occurred while writing data KSD. Most likely cause is not enough free space on the KSD.

The user should use Dekart Key Manager (or similar utility) to free space on the KSD.

ICA Connection is not selected

The operation cannot be com-pleted because not ICA connection has been selected.

Using the mouse, select a valid ICA connection, and repeat the process.

Biometric verification failed!

The BIO ID provided by the user is not identical with the one stored on the KSD.

Repeat biometric verifica-tion procedure.

Note: If you receive any other error messages other than those listed above, please contact your administrator. Appearance of window during KSD operations During any operations with the KSD, you will see a message appear on the screen as follows: “Key Storage Device Operations. Please wait…” When the biometric information is read or written from the KSD, the following mes-sage appears:

Figure 40

icalogoneng

Documents

ica connections

exiting dekart logon

function of dekart logon

principles of dekart

features of dekart logon

installation of dekart

citrix server

icaconnection list