IPhone

From Swivel Knowledgebase Wiki

Contents 1 The PINsafe iPhone App Overview 2 Requirements 3 PINsafe Server Configuration 3.1 Configuring iPhone user access on the PINsafe server 3.2 Configuring the PINsafe Authentication 4 iPhone Installation and Configuration 4.1 Download compatible with PINsafe 3.7 and earlier 4.2 Download compatible with PINsafe 3.8 onwards 4.3 Configuring the app 4.4 Mobile Provision Code 4.5 Downloading Security Strings 4.6 Authenticating with the app 4.7 Using the app with ChangePIN 4.8 Updating Keys 5 Troubleshooting 5.1 Error Messages 6 Tested Mobile Phones 7 Known Issues and Limitations

The PINsafe iPhone App Overview

Swivel Secure now offers a iPhone and iPad client for use with the PINsafe platform. This article explains how to download, configure and use this client. For the Java Applet version see Swivlet How To Guide, for the Windows Mobile version see Windows Mobile How To Guide. For the PINsafe Android Client see Android.

Requirements

iPhone

The PINsafe server must be reachable from the mobile phone to receive security strings

Access device for authentication

Security strings must be entered including the comma and sequence number e.g. nnnn,nn

Appliances using PINsafe 3.8 may require an upgrade on their proxy to provision a mobile device, see How to upgrade the appliance proxy for PINsafe 3.8

PINsafe Server Configuration

Configuring iPhone user access on the PINsafe server

To allow a user to authenticate using a One Time Code from the iPhone Applet, the user must have the Swivlet/Mobile Client authentication enabled. To do this on the PINsafe Administration console ensure that the group they are part of has access to the Swivlet/Mobile Client under Repository Groups.

Configuring the PINsafe Authentication

PINsafe can authenticate users by RADIUS or Agent-XML authentication

• For RADIUS authentication see RADIUS Configuration Note: The access device must be configured to use PAP for authentication.

• For Agent-XML authentication see XML Authentication Configuration

iPhone Installation and Configuration

The PINsafe iPhone iClient is available from the Apple App Store. You can click the icon below to open the App within iTunes, or follow the instructions in this article to navigate to the App within the App Store.

Download compatible with PINsafe 3.7 and earlier

Download compatible with PINsafe 3.8 onwards

To find the application from your Apple iPhone/iPad go the App Store and search for "pinsafe".

You can then install in the standard way, refer to Apple documentation for more information.

Probably the easiest way is directly on the phone.

1. Touch on "FREE>" on the application search result. This opens up the full description of the client
2. Touch on "FREE" on the full description page, the button changes to INSTALL
3. Click on Install. You will then be asked to supply you App Store credentials.

The client will then install and be ready to configure.

Configuring the app

When you launch the iPhone iClient you will see the Configuration option on the main screen.

Select this option and you will see the settings that need to be entered to use the client.

These settings will generally be provided by the PINsafe System administrator.

The settings are

1. User Your username that you use when you authenticate via PINsafe
2. Webservice URL The URL from where the client can download security strings (or keys)
3. Webservice Port The port number used by the webservice. For an appliance this is 8443, for a software install this is 8080
4. Webservice Context The context used by the webservice. For an appliance this is proxy, for a software install this is usually pinsafe

Once you have entered the settings you can select Done.

Mobile Provision Code

PINsafe versions 3.8 and higher require each Mobile device to be Provisioned with a Code sent from the PINsafe server. To provision a phone see Mobile Provision Code. PINsafe versions earlier than PINsafe 3.8 do not need to be provisioned.

Downloading Security Strings

From the main menu where you can test the settings by Selecting the Update Keys option. This will attempt to retrieve Security Strings from the PINsafe server.

You will see a brief message stating Updating Keys and then if all is well the display will return to the main menu.

If there are any problems and error message will be displayed

You can confirm that keys have been downloaded by going to the Enter PIN screen and Entering you PIN. Once you have entered your PIN you will see you extracted one-time code and the number of Security Strings (Keys) you have remaining. The PINsafe server will display the following log message Security strings fetched for user: username

The first time you do this after downloading keys, the Keys Remaining will show as 98.

Authenticating with the app

To use the PINsafe iPhone iClient to authenticate is very simple.

1. Open the application on your iPhone
2. Select the Enter PIN Option
3. Enter your PIN using the iPhone keypad displayed.
4. The client will show the OTC that you need to enter, (as shown above)
5. Enter the OTC into the authentication dialogue, including the ',' and the following 2 digits. eg 0947,00

If you need to authenticate again you can select the refresh option

Using the app with ChangePIN

The client can be used in conjunction with the PINsafe changePIN application to allow a user to change their PIN.

To do this the user first accesses the change pin application in their computer browser then selects the Change PIN option on the iPhone client

On the PINsafe client page you first enter your current PIN, then on the next screen you enter you New PIN.

The next screen then displys the two OTCs you need to enter within the Change PIN dialogue in your browser.

Updating Keys

The client downloads 99 keys at a time and these keys are used one at a time until there are none left. However a new set of 99 keys can be downloaded at any time by using the Update Keys. Downloading keys requires network connectivity so it is recommended that you download a new set of keys before the iPhone is likely to be without network connectivity for any length of time.

Troubleshooting

• Is the PINsafe server accessible on the internet

• Check the connection settings to the PINsafe server

• Check the PINsafe logs for any error messages

• Can the phone access the internet

• If a RADIUS connection is seen from the access device to the PINsafe server but authentication fails, try using PAP

• Download new security strings to the phone and retest

• Is the OTC being entered with the comma and last two digits. E.g. 7329,62

• If the proxy port (8443) on the appliance is being used, ensure that it supports the proxy request of the key retrieval using AgentXML. If this is the case then contact Support for an updated version of the Proxy.

• If you fail to authenticate successfully using the security string provided by the iPhone app please see iPhone authentication fails

Error Messages

Incorrect settings - please check your settings

The settings for downloading the security strings are incorrect. Verify what has been entered, and check what the values should be.

Timed Out

The settings for connecting to the PINsafe server may be incorrect or the port is being blocked.

Tested Mobile Phones

The following phones have been tested

Mobile Phone Compatibility

Manufacturer	Model	Version	Operator	Compatible Y/N	Applet Version
Apple	3GS	4.0	Not Known	Y	1.0
Apple	3G	4.0	Deutche Telekom	Y	1.0
Apple	4	4.3.3	Vodafone	Y	1.1

The iphone applet will also work on the iPad

Known Issues and Limitations

• The current version only supports one device per user.

• Currently only 4 digit PIN numbers are supported within the iPhone iClient (3.7 and earlier). This limitation does not affect the iPhone app PINsafe 1.1 which is compatible with PINsafe 3.8 onwards.

• iPhone Client 1.1 selecting the settings option will cause the iPhone client to be reprovisioned.

• iPhone Client 1.0 and 1.1 only suypport the use of number in the security string.

Keywords: iPhone, iClient, PINsafe, Swivlet, App, AppStore, Apple, iPad