| 2 |
- |
1 |
.TH SECURENET 8
|
|
|
2 |
.SH NAME
|
|
|
3 |
securenet \- Digital Pathways SecureNet Key remote authentication box
|
|
|
4 |
.SH DESCRIPTION
|
|
|
5 |
The
|
|
|
6 |
.I SecureNet
|
|
|
7 |
box is used to authenticate connections to Plan 9 from a foreign system
|
|
|
8 |
such as a
|
|
|
9 |
Unix
|
|
|
10 |
machine or plain terminal.
|
|
|
11 |
The box, which looks like a calculator,
|
|
|
12 |
performs DES encryption with a key held in its memory.
|
|
|
13 |
Another copy of the key is kept on the authentication server.
|
|
|
14 |
Each box is protected from unauthorized use by a four digit PIN.
|
|
|
15 |
.PP
|
|
|
16 |
When the system requires SecureNet authentication,
|
|
|
17 |
it prompts with a numerical challenge.
|
|
|
18 |
The response is compared to one
|
|
|
19 |
generated with the key stored on the authentication server.
|
|
|
20 |
Respond as follows:
|
|
|
21 |
.PP
|
|
|
22 |
Turn on the box and enter your PIN at the
|
|
|
23 |
.B EP
|
|
|
24 |
prompt,
|
|
|
25 |
followed by the
|
|
|
26 |
.B ENT
|
|
|
27 |
button.
|
|
|
28 |
Enter the challenge at
|
|
|
29 |
.B Ed
|
|
|
30 |
prompt,
|
|
|
31 |
again followed
|
|
|
32 |
.BR ENT .
|
|
|
33 |
Then type to Plan 9 the response generated by the box.
|
|
|
34 |
If you make a mistake at any time, reset the box
|
|
|
35 |
by pressing
|
|
|
36 |
.BR ON .
|
|
|
37 |
The authentication server compares the response generated by the box
|
|
|
38 |
to one computed internally. If they match, the user is accepted.
|
|
|
39 |
.PP
|
|
|
40 |
The box will lose its memory if given the wrong PIN
|
|
|
41 |
five times in succession or if its batteries are removed.
|
|
|
42 |
.PP
|
|
|
43 |
To reprogram it, type a
|
|
|
44 |
.B 4
|
|
|
45 |
at the
|
|
|
46 |
.B E0
|
|
|
47 |
prompt.
|
|
|
48 |
.PP
|
|
|
49 |
At the
|
|
|
50 |
.B E1
|
|
|
51 |
prompt, enter your key, which consists of eight three-digit octal numbers.
|
|
|
52 |
While you are entering these digits,
|
|
|
53 |
the box displays a number ranging from 1 to 8 on the left side of the display.
|
|
|
54 |
This number corresponds to the octal number you are entering,
|
|
|
55 |
and changes when you enter the first digit of the next number.
|
|
|
56 |
.PP
|
|
|
57 |
When you are done entering your key, press
|
|
|
58 |
.B ENT
|
|
|
59 |
twice.
|
|
|
60 |
.PP
|
|
|
61 |
At the
|
|
|
62 |
.B E2
|
|
|
63 |
prompt, enter a PIN for the box.
|
|
|
64 |
.PP
|
|
|
65 |
After you confirm by retyping the PIN at the
|
|
|
66 |
.B E3
|
|
|
67 |
prompt, you can use the box as normal.
|
|
|
68 |
.PP
|
|
|
69 |
You can change the PIN using the following procedure.
|
|
|
70 |
First, turn on the box and enter your current PIN at the
|
|
|
71 |
.B EP
|
|
|
72 |
prompt.
|
|
|
73 |
Press
|
|
|
74 |
.B ENT
|
|
|
75 |
three times;
|
|
|
76 |
this will return you to the
|
|
|
77 |
.B EP
|
|
|
78 |
prompt.
|
|
|
79 |
Enter your PIN again, followed by
|
|
|
80 |
.BR ENT ;
|
|
|
81 |
you should see a
|
|
|
82 |
.B Ed
|
|
|
83 |
prompt with a
|
|
|
84 |
.B -
|
|
|
85 |
on the right side of the display.
|
|
|
86 |
Enter a
|
|
|
87 |
.B 0
|
|
|
88 |
and press
|
|
|
89 |
.BR ENT .
|
|
|
90 |
You should see the
|
|
|
91 |
.B E2
|
|
|
92 |
prompt; follow the instructions above for entering a PIN.
|
|
|
93 |
.PP
|
|
|
94 |
The
|
|
|
95 |
.I SecureNet
|
|
|
96 |
box
|
|
|
97 |
performs the same encryption as the
|
|
|
98 |
.B netcrypt
|
|
|
99 |
routine
|
|
|
100 |
(see
|
|
|
101 |
.IR encrypt (2)).
|
|
|
102 |
The entered challenge, a decimal number between 0 and 100000,
|
|
|
103 |
is treated as a text string with trailing binary zero fill to 8 bytes.
|
|
|
104 |
These 8 bytes are encrypted with the DES algorithm.
|
|
|
105 |
The first four bytes are printed on the display as hexadecimal numbers.
|
|
|
106 |
However, when set up as described,
|
|
|
107 |
the box does not print hexadecimal digits greater than 9.
|
|
|
108 |
Instead, it prints a 2 for an A, B, or C, and a 3 for a D, E, or F.
|
|
|
109 |
If a
|
|
|
110 |
.B 5
|
|
|
111 |
rather than a
|
|
|
112 |
.B 4
|
|
|
113 |
is entered at the
|
|
|
114 |
.B E0
|
|
|
115 |
print, the hexadecimal digits are printed.
|
|
|
116 |
This is not recommended, as letters are
|
|
|
117 |
too easily confused with digits on the
|
|
|
118 |
.I SecureNet
|
|
|
119 |
display.
|
|
|
120 |
.SH "SEE ALSO"
|
|
|
121 |
.IR encrypt (2),
|
|
|
122 |
.IR auth (2)
|
|
|
123 |
.br
|
|
|
124 |
Digital Pathways, Mountain View, California
|
|
|
125 |
.SH BUGS
|
|
|
126 |
The box is clumsy to use and too delicate.
|
|
|
127 |
If carried in a pocket,
|
|
|
128 |
it can turn itself on and wear out the batteries.
|