Deployment Mode

The devices come with a default PIN code (00000000) that you can change at any time with the native Microsoft Windows CTRL+ALT+DEL feature.

While there is no “simple” PIN unlock feature, if you know the ADMIN Key (set to a default binary value 00000000000000000000000000000000) and have a tool to generate a response based on the challenge (AES algorithm), you can unlock the card.
The user can then use the Microsoft Windows PIN Unlock user interface. It is recommended that you use credential management software to manage these keys.

Note: For Crescendo C2300 iCLASS cards, if you know the ADMIN Key (set to a default binary value 000000000000000000000000000000000000000000000000) and have a tool to generate a response based on the challenge (3DES algorithm), you can unlock the card.

Note: In a standard deployment with Crescendo Minidriver free middleware, if a customer wants to get rid of the security issue related to the fact that the ADMIN key set at manufacturing is not modified by default by Crescendo Minidriver , it is possible to configure a registry key asking Crescendo Minidriver to randomize the ADMIN Crescendo Minidriver key on first PIN usage/change operation:

Key: HKEY_LOCAL_MACHINE\SOFTWARE\HID Global\C2300MD
Value: RandomizeAdminKey: (DWORD) 1: ADMIN key is randomized, 0 or absent: ADMIN key is not randomized

You can download a certificate onto the card from the Microsoft Certificate Authority (or other CA), by selecting the Microsoft Base Smart Card CSP.
You can use certificates for standard PKI services based on the minidriver, such as Windows logon, authentication to web sites (with an internet browser) and PKI-compatible VPNs, email signature and encryption (with Microsoft Outlook).

For further information, see Managing a Device with the Crescendo Minidriver.