RSA SecurID Software Token 3.0.1 for Windows® Workstations Readme This Readme provides information on using smart card readers with RSA SecurID Software Token 3.0.1, as well as enhancements and known issues. Read this document before installing the application software or smart card reader drivers. ISSUES RESOLVED IN 3.0.1 1. In Software Token 3.0, selecting "Access the smart card through a PKCS #11 module" required selecting both a reader and the PKCS #11 module. Software Token 3.0.1 allows you to select only the PKCS #11 module. 2. In Software Token 3.0, the Nortel VPN, Cisco VPN, and WorldCom PAL Dialer could not access the software directly through STAUTO32.dll. This problem has been resolved in 3.0.1. SOFTWARE TOKEN 3.0.1 INSTALLATION If you installed Software Token 3.0, you must uninstall it before installing Software Token 3.0.1. PRODUCT ENHANCEMENTS 1. The Software Token application contains a simple, new Software Token Administration tool consisting of the utilities described below. See the Administrator's Guide for information on using the Software Token Administration tool. Transfer Tokens Utility ------------------------ Lets an administrator transfer software tokens to a user's smart card or to a database on the administrator's computer. For example, you can point to an SDTID file that contains multiple tokens and quickly populate smart cards with the tokens. Delete Tokens Utility --------------------- Replaces the previous method of deleting tokens during an uninstallation. An administrator can now delete tokens from the user's smart card and from the token database on the user's computer at any time. Smart Card Access Options -------------------------- Lets an administrator set up smart card access for the administrator's computer. Users can set up smart card access through the Software Token program. If necessary, the administrator can use the utility to set up smart card access for a user while at the user's computer. 2. The Create Setup tool for creating end user installation packages has been replaced with an InstallShield procedure. The administrator runs an installation in record mode and saves the output to a response file. The response file and installation files are then deployed silently to end user machines. Instructions are given in the Administrator's Guide. 3. The standalone Administration tool, available with Software Token 2.5 and earlier for managing tokens separately from the ACE/Server database, is no longer necessary. All supported versions of the ACE/Server can now manage hardware and software tokens centrally within the same database. In addition, the diskette containing tokens in the SDB format is longer shipped with the RSA SecurID Software Token seeds. Customers who require the Administration tool and/or SDB files should so stipulate when placing an order for RSA SecurID Software Token seeds. SMART CARD READER INSTALLATION NOTES If you will be using a smart card with the Software Token application, RSA recommends that you install a smart card reader and driver before installing Software Token 3.0. Drivers for the following supported readers are located in the \Reader_Drivers folder of the application directory: SCR111 serial reader SCR201 PC Card (PCMCIA) reader SCR301 USB reader The following smart card reader installation notes are organized by operating system and reader type. Installation Notes for Windows 2000 ------------------------------------ IMPORTANT!: Windows 2000 has built-in support for the Microsoft Smart Card Base Components (PC/SC). Do not install Microsoft Smart Card Base Components. SCR111 Serial Reader: 1. Install the reader driver by clicking setup.exe, located in Reader_Drivers\SCR111. 2. Power down the system, and plug in the reader. 3. Power up the system. After the system powers up, Windows 2000 will match up the driver with the device. SCR301 USB Reader: IMPORTANT! Do not plug the reader into the USB port before the driver has been installed. 1. Install the reader driver by clicking setup.exe, located in Reader_Drivers\SCR301. 2. After the installation successfully completes, plug the reader into the USB port. SCR201 PC Card (PCMCIA) Reader: Windows 2000 provides its own set of SCR201 reader drivers. Plug in the PCMCIA reader. Windows 2000 will guide you through the installation. Installation Notes for Windows XP --------------------------------- IMPORTANT!: Windows XP has built-in support for the Microsoft Smart Card Base Components (PC/SC). Do not install Microsoft Smart Card Base Components. Windows XP contains all necessary drivers for USB, serial, and PC Card (PCMCIA) readers. Windows XP will guide you through the installation. Installation Notes for Windows NT 4.0 -------------------------------------- Note: Regardless of the reader type, you must install the Microsoft Smart Card Base Components (PC/SC) first. SCR111 Serial Reader: 1. Install the Microsoft Smart Card Base Components by clicking scbase.exe, located in Reader_Drivers\SCBase. 2. Install the reader driver by clicking setup.exe, located in Reader_Drivers\SCR111. 3. Power down the system and plug in the reader. 4. Power up the system. After the system powers up, Windows NT will match up the driver with the device. SCR301 USB Reader: USB devices are not supported on Windows NT. SCR201 PC Card (PCMCIA) Reader: 1. Install the Microsoft Smart Card Base Components by clicking scbase.exe, located in Reader_Drivers\SCBase. 2. Install the reader drivers located in Reader_Drivers\SCR201. 3. If prompted, restart the computer. 4. Plug in the PCMCIA card reader. Installation Notes for Windows 98 SE ------------------------------------- Note: Regardless of the reader type, you must install the Microsoft Smart Card Base Components (PC/SC) first. SCR111 Serial Reader: 1. Install the Microsoft Smart Card Base Components by clicking scbase.exe, located in Reader_Drivers\SCBase. 2. Install the reader driver by clicking setup.exe, located in Reader_Drivers\SCR111. 3. Power down the system and plug in the reader. 4. Power up the system. After the system powers up, Windows 98 SE will match up the driver with the device. SCR301 USB Reader: IMPORTANT! Do not plug in the reader before the driver has been installed. 1. Install the Microsoft Smart Card Base Components by clicking scbase.exe, located in Reader_Drivers\SCBase. 2. Install the reader driver by clicking setup.exe, located in Reader_Drivers\SCR301. 3. After the installation successfully completes, plug the reader into the USB port. SCR201 PC Card (PCMCIA) Reader: 1. Install the Install the Microsoft Smart Card Base Components by clicking scbase.exe, located in Reader_Drivers\SCBase. 2. Install the reader driver located in Reader_Drivers\SCR201. 3. If prompted, restart the computer. 4. Plug in the PCMCIA card reader. KNOWN ISSUES 1. If you are upgrading from Software Token 2.5 to 3.0, and have been using smart cards, the 2.5 smart card software must be uninstalled. --For silent upgrades, uninstall the smart card software before you install Software Token 3.0. To uninstall, select the Uninstall shortcut from the Start menu for RSA SecurID Smart Card and RSA SecurID Smart Card Administration. --For interactive upgrades, you will be prompted to uninstall the smart card software as part of the upgrade. For either type of upgrade, when you accept the choice to uninstall the software, you may see a message asking if you want to remove shared files that the system indicates are no longer in use. Because the Software Token 3.0 program uses these files, click "No to All" if you see this message. If the shared files are removed, the reader will not work with Software Token 3.0. 2. Password-protected tokens cannot be imported from Software Token 2.5 to 3.0 during silent upgrades (EndUserSetup.exe). Before performing a silent upgrade, remove the passwords. You can add passphrases to the tokens again after the upgrade. Non-password tokens are imported automatically with the upgrade. No action is required for these tokens. 3. If you log in as a regular user on Windows 2000 or Windows XP and attempt to install Software Token 3.0, an "Install Program As Other User Screen" prompts you to use the password to an administrative account to install the software. You cannot use this option to install Software Token. Click Cancel, log out, and then log in as an administrator. You can then install Software Token. 4. Uninstalling the Login Automation program does not remove profile information stored in the Registry. You can manually delete these entries. Profiles are stored under HKEY_LOCAL_MACHINE\SOFTWARE \RSA Security\RSA SecurID Software Token\3.0\LoginAutomation \DialUPNetworkingProfiles. 5. If you select "Access the smart card through a PKCS #11 module" in the Smart Card Communication dialog while a card is in the reader, you must remove the card and then reinsert it to view the tokens on the card. 6. If you receive the message "The dynamic link library WinSCard.dll could not be found..." when running any Software Token component, run the Software Token installation executable and select the Repair option. 7. If the RSA ACE/Agent Browser Plug-In is added after initial program installation with the Modify Install option, the Plug-In may not work properly. To get the Plug-In working, see the item "Browser Plug-In page does not appear" in the Troubleshooting section of the User's Guide. 8. Under some circumstances, the Software Token user interface may erroneously display "no token." If this occurs, use the File > Select Token option to select a new token. 9. If you are using a smart card and receive the message "Unable to set passphrase for a card with no tokens," and you believe the card has tokens, verify that you have selected the proper smart card access method. 10. If you install tokens by double-clicking the SDTID file, and a smart card is in the reader, you will be prompted twice for the smart card password. This will not affect token installation. 11. If you receive the message "Error reading token distribution file" while trying to import tokens, you may not have write permission to the SDTID file. Request write permission from the administrator. GETTING SUPPORT AND SERVICE RSA SecurCare Online www.rsasecurity.com/support/securcare Technical Support Information www.rsasecurity.com/support © 2002 RSA Security Inc. All rights reserved. First printing: September 2002 Trademarks ACE/Agent, ACE/Server, Because Knowledge is Security, BSAFE, ClearTrust, JSAFE, Keon, RC2, RC4, RC5, RSA, the RSA logo, RSA Security, SecurCare, SecurID, Smart Rules, The Most Trusted Name in e-Security, Virtual Business Units, and WebID are registered trademarks, and RSA Secured, the RSA Secured logo, SecurWorld, and Transaction Authority are trademarks of RSA Security Inc. in the U.S. and/or other countries. All other trademarks mentioned herein are the property of their respective owners.