Unlocking the PIN Code Using Microsoft Windows

The supported devices will lock if the user presents a certain number of consecutive incorrect PINs. When the PIN is locked, you cannot use the card until you unlock the PIN.

Important:

  • For Crescendo 4000 Cards, the XAuth admin key is 3DES. For Crescendo 4000 FIPS, it is AES.

  • For Standalone Cards, based on the Challenge length (8 bytes for 3DES and 16 bytes for AES) during unblock operation, respective Encryption Algorithm (3DES/AES) should be used with ECB mode to calculate the response.

    If XAuth Admin keys (3DES/AES) have not been modified, then the default XAuth Admin key will be all zeroes (24 bytes for 3DES and 16 bytes for AES).

  • For HID CMS Managed Cards, to unlock them, the HID CMS Administrator should be contacted to obtain the response.

Other deployment modes with a central credential management system are recommended for a simplified unlock process.

Note: In order to get access to the build-in Windows UI unlock feature, you need to enable Allow Integrated Unblock screen to be displayed at the time of logon in the Windows Group Policy, which is located in: Computer Configuration > Administrative Templates > Windows Components > Smart Card.

If you try to log on with a blocked smart card, or if you exceed the number of incorrect PIN entries, you are prompted to unlock the smart card.

Note: The Microsoft Windows refers to the smart card being “blocked”; this is similar to the smart card PIN being “locked”.
  1. Click OK to start the procedure.
    Alternatively, you can use the Change Password option from the CTRL+ALT+DEL menu. In coordination with your administrator, you obtain an unlock code based on the generated challenge.

  2. Select Unblock smart card.

  3. Provide the Challenge to your administrator, who will generate the unlock code.
  4. Enter the unlock code in the Response field.
  5. Enter and confirm a new PIN code.

  6. Click OK to return to your Windows session.