Windows Mobile How To Guide

From Swivel Knowledgebase Wiki

Contents 1 Windows Mobile How To Guide 2 Overview 3 Requirements 4 PINsafe Server Configuration 4.1 Configuring Windows Mobile User Access on the PINsafe server 4.2 Configuring the PINsafe Authentication 5 Windows Mobile Installation 6 Testing 7 Troubleshooting 8 Tested Mobile Phones 9 RADIUS Considerations

Windows Mobile How To Guide

Overview

NOTE: this version is for Windows Mobile versions 6.x and earlier. For Windows Phone 7.x, see Windows Phone 7 How To Guide.

The Windows Mobile PINsafe application, for the Windows Mobile phone allows the storage of 100 security strings or One Time Codes for PINless authentication on a .Net mobile phone. The PIN is not stored on the phone. Requesting a top up from the PINsafe server resets all the security strings on the mobile phone. You can use the device to get one-time codes for PINsafe login and PIN change.

For the Mobile Phone Clients such as the Java based version select Swivlet How To Guide. For the iPhone select IPhone. For the PINsafe Android Client see Android.

Requirements

User must have Mobile Phone Client or Swivlet enabled to use this application

The PINsafe server must be reachable from the mobile phone to receive security strings

Security strings must be entered including the comma and sequence number e.g. nnnn,nn

This application is not compatible with PINsafe 3.8 or later

PINsafe Server Configuration

Configuring Windows Mobile User Access on the PINsafe server

To allow a user to authenticate using a One Time Code from the Windows Mobile Applet, the user must have the Mobile Phone Client or Swivlet authentication enabled. To do this on the PINsafe Administration console ensure that the group they are part of has access to the Mobile Phone Client (PINsafe 3.8 onwards)or Swivlet (pre PINsafe 3.8) under Repository Groups.

Configuring the PINsafe Authentication

PINsafe can authenticate users by RADIUS or Agent-XML authentication

• For RADIUS authentication see RADIUS Configuration Note: The access device must be configured to use PAP for authentication.

• For Agent-XML authentication see XML Authentication Configuration

Windows Mobile Installation

To install it, you need either ActiveSync or Windows Mobile Device Centre installed on your computer (the latter is for Vista and Windows 7). Attach the mobile device to your computer, and copy the attached .cab file to it. Execute the cab file to install the Mobile Phone Client. You can remove the cab file once it is installed.

Running the Mobile Phone Client is very simple. Before you use it the first time, you must choose the Configuration option from the main menu. Set the configuration as appropriate (note that the PINsafe server must be publicly visible for the Mobile Phone Client to work, or else the phone must be able to access the PINsafe server via the internal network). Once the device is configured, select the Top Up option to download 100 security strings to the phone. The phone doesn't need access to the PINsafe server again until it runs out of strings and you need to Top Up again.

The Beta version of the software can be downloaded here: http://www.swivelsecure.com/userfiles/File/software/beta/SwivletDeploy.zip

Testing

You can top up the Mobile Phone Client and you should see a log message saying strings requested for user XXXX.

Troubleshooting

Is the PINsafe server accessible on the internet

Check the connection settings to the PINsafe server

Check the PINsafe logs for any error messages

Can the phone access the internet

Does the PINsafe applet application have authorisation to access the network connection

Can the phone use self signed certificates if a https connection is being used

If a RADIUS connection is seen from the access device to the PINsafe server but authentication fails, try using PAP

Download new security strings to the phone and retest

If the proxy port (8443) on the appliance is being used, ensure that it supports the proxy request of the key retrieval using AgentXML. If this is the case then contact Support for an updated version of the Proxy.

Tested Mobile Phones

As more information is fed back additional phones will be added here.

Mobile Phone Compatibility

Manufacturer	Model	Version	Windows Mobile Version	Operator	Compatible Y/N	.Net Applet Version
Samsung	Omnia	Not Known	6.5	Not Known	Y	Not Known

RADIUS Considerations

One thing to be aware of is that when using RADIUS authentication, except for the PAP protocol, you must use every string from the phone for authentication. If you generate a string and don't use it, authentication will fail until you Top Up again. This is an unavoidable consequence of the way most RADIUS protocols work.