Summary of Contents for Swissbit iShield Key 2
- Page 1 User Manual Swissbit iShield Key 2 iShield Key 2 FIDO2 iShield Key 2 Pro iShield Key 2 MIFARE iShield Key 2 FIPS Date: February 24, 2025 Revision: File: UserManual_iShield-Key-2-Series_v1.0_EN.pdf...
- Page 2 The information or material contained in this document is property of Swissbit AG and any recipient of this document shall not disclose or divulge, directly or indirectly, this document or the information or material contained herein without the prior written consent of Swissbit AG.
-
Page 3: Table Of Contents
Table of Contents TABLE OF CONTENTS ......................... 3 DOCUMENT INFORMATION ....................5 OVERVIEW ISHIELD KEY 2 SERIES ..................... 6 COMPARISON BETWEEN ISHIELD KEY SERIES AND ISHIELD KEY 2 SERIES ..........9 SWISSBIT MANAGEMENT TOOLS ..................... 10 ...................... 10 HIELD ANAGER Installation ............................ - Page 4 ON I HIELD PIV Installation Package ........................73 Installation of the OpenSC Minidriver and iShield PIV Module ........... 74 Preparation of the iShield Key 2 Pro ....................75 Reset the iShield Key 2 Pro ....................... 75 ..................76 OCAL CCOUNT ITLOCKER Setup Process ............................
-
Page 5: Document Information
140-3. The iShield Key 2 Series can be categorized into two product groups: the iShield Key 2 FIDO2 and the iShield Key 2 Pro. The iShield Key 2 FIDO2 supports FIDO2 and U2F standards, enabling secure protection for online accounts. -
Page 6: Overview Ishield Key 2 Series
2 Overview iShield Key 2 Series iShield Key 2 Serie has multiple product variants, to better understand the product name, here is an example: The first field indicates the product family, and the second field specifies the product generation. In this document, only the iShield key 2 Series (second generation of product family “iShield Key”) is discussed. - Page 7 The Swissbit iShield Key 2 FIDO2 comes with only the FIDO2 applet installed, while the iShield Key 2 Pro includes the FIDO2, Passcode, and PIV applets. Additionally, the iShield Key 2 Pro MIFARE supports the MIFARE standard, and the iShield Key 2 Pro FIPS is certified to meet the FIPS 140-3 standard.
- Page 8 Online Authentication User authentication for FIDO2 compatible websites and FIDO2 Section 5.2 services Resident Key Generate resident key on iShield Key 2 FIDO2 Section (FIDO 2.1) 5.2.8 2FA for Online Accounts / VPN Two-factor authentication to websites, services or VPN Passcode Section 6.1...
-
Page 9: Comparison Between Ishield Key Series And Ishield Key 2 Series
FIDO2 PIN management, Force PIN Change, passkey management, and resident key generation, effectively addressing practical user needs. The iShield Key 2 Pro now also supports the storage of static passwords, allowing users to conveniently manage their OTPs and passwords in a single token. Additionally, you can assign two gestures for HOTP and/or password slots, enabling quick output of HOTP codes and passwords directly on your host, without requiring additional drivers or tools. -
Page 10: Swissbit Management Tools
The iShield Key Manager (iKM in short) and iShield Key Manager command line tool (iKMcli in short) support almost all required operations to manage the applets on your iShield Key 2 and assist the use cases presented in this guide. You can download both tools from the Swissbit iShield Key landing page. - Page 11 macOS Installation To install the application, double click the iShieldKeyManagerInstaller.pkg package. The installer will guide you through the necessary steps to install the application. Click Continue to start the installation. Then please accept the license agreement and follow the on-screen instructions.
-
Page 12: Dashboard
Dashboard The iShield Key Manager only supports a single iShield Key 2 connected to the host PC. After starting the app, the data of your iShield Key 2 is loaded and a dashboard with an overview and further cards for managing the applets... -
Page 13: Fido2 Dashboard Card
PIN Rules Unless otherwise specified, the PIN/PUK for each applet on iShield Key 2 must comply with the following rules: • It must be at least 6 characters long. • The new PIN must be different from the current PIN. - Page 14 On macOS, Linux, or when starting the app as administrator on Windows, the FIDO2 dashboard card shows the AAGUID, the version of FIDO2 applet, number of stored passkeys, and allows managing the passkeys on your iShield Key 2. Page 14 of 96...
- Page 15 FIDO2 applet and set a new PIN or change it later. If you forget your PIN, you can reset the FIDO2 applet of your iShield Key 2 to factory settings, which will erase all passkeys.
-
Page 16: Passcode Dashboard Card
Passcode Dashboard Card iShield Key 2 Pro has the Passcode applet installed, you will find a dashboard card to manage the applet. This applet allows users to store HOTP and TOTP codes for second-factor authentication (2FA) or to securely store passwords. - Page 17 The Passcode dashboard card displays the version of the Passcode applet, and the dropdown allows you to quickly select different types of slots by recognizing the corresponding icons. Page 17 of 96...
- Page 18 represents the HOTP slot, represents the TOTP slot, represents the Password slot, represents that the slot is assigned for short touch gesture, represents that the slot is assigned for long touch gesture, represents that the slot is PIN protected. Page 18 of 96...
- Page 19 Before you can use the TOTP or HOTP function of your iShield Key 2 Pro as a second factor authentication, you need to pair your iShield Key 2 Pro with a service and configure a new TOTP or HOTP slot. In the dropdown, you can either select an already configured slot or configure a new one.
- Page 20 If you are configuring a HOTP slot using “Scan & Configure,” clicking this button will display information about the account name and issuer. You can then enable the PIN protection feature or assign a short/long touch gesture. However, if PIN protection is enabled, touch gesture assignment will not be available. Page 20 of 96...
- Page 21 Alternatively, you can manually configure a new slot. Define an issuer and an account name for your new HOTP/TOTP slot and enter the configuration values, i.e. secret key, algorithm, OTP length and time interval, provided by your service. The secret key in hex format must be of a length between 16 and 64 bytes, and the length of OTP could be from 6 to 9.
- Page 22 Optionally, you can protect the HOTP & TOTP slots with your PIN. If you choose this option, you need to provide your PIN in order to generate an OTP code. You must first set a PIN, before you enable the PIN protection. Note: PIN-protected option can only be enabled during the initial slot configuration.
- Page 23 PIN-protected slots and removes the PIN. Successful authentication of the PIN resets the retry counter. A complete factory reset restores the Passcode applet of your iShield Key 2 to factory settings. All Passcode data and credentials are deleted.
- Page 24 If a password slot is assigned to a touch gesture, the stored password can be automatically entered on the connected host by simply touching the end of the iShield Key 2 Pro. For more details about the touch gesture, please refer to Section “Touch”...
- Page 25 The slot assigned with short touch is activated if the end of iShield Key 2 pro is touched for around 1 second, and the slot assigned with long touch is activated if the end of iShield Key 2 pro is touched for around 3 seconds.
-
Page 26: Piv Dashboard Card
PIV Dashboard Card Your iShield Key 2 Pro comes with the PIV applet installed. You will also find a card to manage the PIV applet on the dashboard. The card shows the version of the installed PIV applet and the number of installed certificates. - Page 27 You can generate certificate signing requests (CSR) for PIV slots, let the resulting certificate be signed by your CA and import it into your iShield Key 2 Pro. Page 27 of 96...
- Page 28 In this view, you can also inspect the details of installed certificates, export or delete them. Page 28 of 96...
-
Page 29: Ishield Key Manager Command Line Tool
Key 2: iKMcli fido --info command uses the first detected iShield Key 2 but you can also specify an iShield Key 2 device. In order fido to execute an operation for a specific device, pass its path with the option . -
Page 30: Passcode Command
To erase all credentials and the PIN, you can reset the FIDO2 applet by iKMcli fido --reset You will be asked to touch the iShield Key 2 to reset. The touch point is located at the end of the device. Passcode Command The option for managing the Passcode applet. - Page 31 Configure new passcode slot You can configure a new passcode slot by iKMcli password --conf-slot --key <key> --acccount <account> [--type <TOTP|HOTP|STATIC>] [--slot-index <index>] [--key-format <base32|hex|raw>] [--issuer <issuer>] [--hmac <SHA1|SHA256|SHA512>] [--otp-length <6|7|8|9>] [--period <time period / interval>] [--pin-protected] [--touch-gesture <SHORTTAP|LONGPRESS>] You need to provide: the secret key for HOTP and TOTP, or the password (max.
- Page 32 Mass Enrollment Mass enrollment is one of the new features on iShield Key 2 Pro. You could deploy HOTP slot on multiple iShield Key 2 Pro’s efficiently. The HOTP function of each iShield Key is seeded with a random secret/key, which is recorded in a CSV file alongside the iShield Key's serial number, the initial counter value and the length of the HOTP.
-
Page 33: Piv Command
PIV applet installed on your iShield Key 2 Pro and your key’s serial number: iKMcli piv --info operations use the first detected iShield Key 2 Pro or you specify the smartcard reader to be used by the option . You can use the command to show the connected smartcard readers. - Page 34 iKMcli piv --list-certificates iKMcli piv --read-certificate <slot> [--output <output file>] You can generate a new key pair in a slot by iKMcli piv --generate-key-pair <slot> --management-key <key> [--output <output file>] The public key is printed to an output file or the command line. Then, you can use the public key to create a certificate signing request: iKMcli piv --request-certificate <slot>...
-
Page 35: Fido2 Applications (Standard)
Using the iShield Key 2 for FIDO2 registration, the user needs to authenticate with the user PIN and touch the security key. The public key and private key are generated on the iShield Key 2 hardware authenticator and assigned with the user account. -
Page 36: Fido2 Login
After successful FIDO2 registration, the online service has the public key for the user account and the corresponding private key is stored securely on the iShield Key 2. The online service challenges the user to sign with the private key. If the online server can verify the signature using the public key, the authentication is successful and the user is granted access to their account. - Page 37 USB port. Please insert the Swissbit iShield Key 2. In case the Swissbit iShield Key 2 is recognized, then you can either choose to create or change the PIN for the Swissbit iShield Key 2, which depends on whether there was a PIN stored previously. Meanwhile, the PIN of the Swissbit iShield Key 2 can be reset if it was lost or forgotten.
-
Page 38: Test Registration
If you reset the Swissbit iShield Key, please note that the credentials are lost after reset. Test Registration Please visit the test website https://webauthn.io, which supports WebAuthn, to test your Swissbit iShield Key 2. The website looks like this: To register the Swissbit iShield Key, enter any name for credential ID, and click “Register”... -
Page 39: Test Login
After the security PIN is accepted, you must touch the end of the iShield Key 2, to make sure that a human is now operating it and not a machine. You will be prompted to touch your security key. -
Page 40: Register Swissbit Ishield Key 2 On An Online Microsoft Account
You can easily sign into your Microsoft account with the Swissbit iShield Key 2 without giving your e-mail address and password. In this section, we will guide you how to register the Swissbit iShield Key 2 on an “online” Microsoft account. To log into an offline Microsoft account e.g. a local Windows PC account is not covered in this section. - Page 41 ”. On this page, you can manage your activated sign-in and verification options. Click “ Add a new way to sign in or verify ” to add the Swissbit iShield Key 2 as a security key. Page 41 of 96...
- Page 42 USB port, or to keep it close to your NFC reader. Follow the pop-up to setup your Swissbit iShield Key 2. Please note that Microsoft requires the user to create a PIN for the Swissbit iShield Key 2.
- Page 43 After you finish your setup, you will be forwarded to verification options page automatically. Your Swissbit iShield Key should already be listed and you can manage it anytime (in the screenshot it is named “iShield FIDO2”). Meanwhile, you will receive an e-mail from Microsoft.
-
Page 44: Passwordless Sign-In On An Online Microsoft Account
Passwordless Sign-in on an online Microsoft account As the Swissbit iShield Key 2 is already registered on Microsoft, you can now sign in without an e-mail address and password. Visit https://login.live.com/ to login and click “Sign-in Options” at the bottom and choose “Face, fingerprint, PIN or security key”. - Page 45 A user, who has already enabled the passwordless login by registering his Swissbit iShield Key 2 with Keycloak as an identifier could log into Dracoon with his username and Swissbit iShield Key 2 without a new registration. As a user is authenticated, Keycloak will then inform Dracoon that a user was successfully authenticated and provides the identity information of this user.
- Page 46 For other configurations of OIDC client, please visit https://www.keycloak.org/docs/11.0/server_admin/#oidc- clients for more information. Please enable “WebAuthn Register Passwordless” in the tab “Required Actions”, and then setup a passwordless browser login flow. You can add it by following this guide https://www.keycloak.org/docs/latest/server_admin/#creating-a-password-less-browser-login-flow. After this flow has been created, click on Authentication and switch to the Tab “Flows”.
- Page 47 Click “System settings --- Authentication”, switch to the tab “OpenID Connect” Click “add” to add a new profile. This means Keycloak is applied as the Identity provider. (In the screenshot above, “Swissbit” is the profile name). The configuration value of Identity Provider can be fetched from <Keycloak- URL>/auth/realms/{realm-name}/.well-known/openid-configuration .
- Page 48 The configuration value that you got from above should be entered in Dracoon as shown below. Page 48 of 96...
- Page 49 You can visit https://cloud.support.dracoon.com/hc/en-us/articles/360001372679-OpenID-Connect-Keycloak more Information about OpenID connect client configuration. Swissbit iShield Key 2 Registration When the user authenticates on the account site of Keycloak, the user may choose multiple ways to sign in. You <Keycloak-URL>/auth/realms/{realm-name}/account/ can find the account site at : Expand "Account Security"...
- Page 50 Please follow the instructions to finish setting up your Swissbit iShield Key 2. The registered Swissbit iShield Key 2 is listed below. In the screenshot above, the user has configured one passwordless security key (in the screenshot it is named “iShield FIDO2”) Single Sign-On Test Now it is time to test the Single Sign-On functionality.
- Page 51 You will automatically be redirected to Keycloaks login interface. Then enter your username and choose the option “Use your security key for passwordless sign in” under the Sign in button instead of entering a password. Choose “Sign In with Security Key” Follow the pop-up instruction to log in.
-
Page 52: Generate Resident Key For Secure Ssh Authentication
Swissbit iShield Key 2 on various services In this section, we would like to guide you how to register Swissbit iShield Key 2 as a security key to enable 2- factor authentication on various services. Auth0 Auth0 (https://www.auth0.com/) is an identity provider like KeyCloak and it supports WebAuthn for multi factor authentication. - Page 53 Toggle the switch (1.) to enable the “WebAuthn with FIDO Security Keys” For 2. Setting is shown below, you could change the verification condition when the Swissbit iShield Key 2 is being registered as a security key. If you choose “If supported” or “Required”, a PIN is required when the Swissbit iShield Key is being used as a second factor authentication.
- Page 54 Authentication that you just enabled is always required. Click “Save” to save your setting. In the screenshot below, “Always” means user is always required to use the Swissbit iShield Key for authentication. After this settings, as the security key is not registered, the user is asked to add one.
- Page 55 Following the pop up to register your Swissbit iShield Key 2 (in the screenshot it is named “iShield FIDO2”), then you could give an alias for it. Finally, you have successfully registered your Swissbit iShield Key. Now you could use it to login.
-
Page 56: Bitbucket
Bitbucket After Login, go to the Personal settings and click “Two-step verification” under the security group. Then you can see you must setup SSH on your account before you are able to enable the two-step verification. You can visit https://support.atlassian.com/bitbucket-cloud/docs/set-up-an-ssh-key/ for more information about SSH configuration at Bitbucket. - Page 57 After the SSH setup, visit “Two-step verification” site again, you are now able to enable the two-step verification with an app. Please follow the guide to complete the setup. Page 57 of 96...
- Page 58 Now you could register your Swissbit iShield Key 2 as a security key at Bitbucket. Give the device name and klick “Add security key” on the right side (in the screenshot it is named “iShield FIDO2”).
-
Page 59: Github
Github Go to settings, click “Password and authentication” under the tab “Access”, then choose “Security keys” from Two-factor methods. Now you should confirm your account recovery settings. Please note that you must finish setting up an Authenticator app and Recovery code before the next step. Page 59 of 96... - Page 60 Now you can define a name for your Swissbit iShield Key 2 (in the screenshot it named “iShield FIDO2”). Page 60 of 96...
-
Page 61: Amazon Web Service (Aws)
Follow the pop-up instruction and finally you have successfully registered your Swissbit iShield Key. Now you could use it to login. Amazon Web Service (AWS) After you log into the AWS Management console, click your ID at top-right side, and choose “Security credentials”... - Page 62 Insert your Swissbit iShield Key and touch the end side of your Swissbit iShield Key 2. Your Swissbit iShield Key 2 will be automatically detected. Finally, you have successfully registered your Swissbit iShield Key 2. Now you could use it to login.
-
Page 63: Totp Applications
6 TOTP Applications Overview The iShield Key 2 Pro supports the generation of Time-based One Time Passwords. You can use the TOTP function of the Passcode applet on iShield Key 2 Pro for two-factor authentication with services that support the implemented TOTP algorithm. -
Page 64: Password Generation And Authentication
Password Generation and Authentication After successful pairing of your iShield Key 2 Pro and service, your security key and service will compute the same series of passwords for the configured slot accordingly. The iShield Key 2 Pro generates a new password on request for the provided current time. - Page 65 To finish the setup, generate a new OTP with the iShield Key tools; enter it on the Github website and click “Save”. Now you can login with the TOTP function of your iShield Key 2 Pro as a second factor.
-
Page 66: Hotp Applications
The HOTP functionality of the iShield Key 2 Pro can be used without any installation effort. It is as simple as plug and play. Up to 42 HOTP Slots could be applied on a iShield Key 2 Pro. -
Page 67: Password Generation And Authentication
Password Generation and Authentication After you registered your iShield Key 2 Pro with a service that uses HOTP, no connection is required to generate coinciding series of passwords. This is due to the deterministic nature of the HOTP algorithm and the shared secret key and counter between token and server. -
Page 68: Mass Enrollment
Since version 1.7.4, the iKMCli tool supports deploying HOTP slots across multiple iShield Key 2 Pros. Each iShield Key 2 Pro's HOTP functionality is initialized with a unique random secret/key. This information, along with the device's serial number, initial counter value, and HOTP length, is recorded in a CSV file for streamlined tracking and administration. -
Page 69: Piv Applications
8 PIV Applications In this part of the guide, you will learn how to use your Swissbit iShield Key 2 Pro as a personal identification and verification (PIV) device on Windows. The iShield Key 2 Pro key with PIV applet provides different slots to store and provide various certificates for different use-cases. -
Page 70: Logon
Your windows user account is configured to trust the certificate on your smartcard. Moreover, you only need to plug in your iShield Key 2 Pro and provide a short PIN, which not only is more secure than passwords but also more convenient. -
Page 71: Bitlocker
For exact instructions on how to setup and use the iShield Key 2 Pro for Bitlocker within a domain, have a look at section 8.6. If you want to use it on a local account, continue in section 8.5. -
Page 72: Underlying Components
PIV data to the card. Note: Due to FIPS compliance, iShield Key 2 Pro FIPS does not support the TDES algorithm, the PIN and PUK must comply with rules. -
Page 73: Certificate Slots
9A, the next one in slot 9D, followed by the retired slots in order. Requirements For now, Swissbit has tested the following systems and applications with Swissbit iShield Key 2 Pro for PIV. • PC Operating System: Windows 10 Pro; Home editions do not ship with Bitlocker or Domain Account support. -
Page 74: Installation Of The Opensc Minidriver And Ishield Piv Module
• └── vcruntime140.dll, msvcp140.dll, etc. Required system runtime libraries │ │ • └── minidriver/windows32 • ├── openSC.msi PIV Installer │ • │ ├── ishield-piv-module • │ │ ├── PIV-II.profile OpenSC PIV profile • │ │ └── vcruntime140.dll, msvcp140.dll, etc. Required system runtime libraries Installation of the OpenSC Minidriver and iShield PIV Module The OpenSC minidriver installer and all other PIV configurations are bundled within the PIV installer. -
Page 75: Preparation Of The Ishield Key 2 Pro
--set-ccc --management-key <key> Reset the iShield Key 2 Pro If you want to reset the PIV applet on your iShield Key 2 Pro, erase all PIV data and restore the default settings, use the iShield Key Manager or follow these steps: Block your PIN and PUK by authenticating with wrong passwords, e.g. -
Page 76: Use Case: Local Account Bitlocker
Setup Process To setup Bitlocker with iShield Key 2 Pro you will need to write a certificate to the iShield Key 2 Pro. We will use the Microsoft in-built EFS certificate utility, which handles certificate generation and storage on the smartcard automatically. - Page 77 • Manage file encryption certificates Search for "certificates" and click • Next Next Click through the wizard: > "☑Create a new certificate" > Page 77 of 96...
- Page 78 • Next "☑ Make a new self-signed certificate and store it on my smart card" > • Provide the PIN for your iShield Key 2 Pro • Cancel Click (You do not need to finish the procedure, since by now, the utility has already written the certificate to the smartcard).
- Page 79 In the Windows Home Menu search for gpedit and open the "Group policy editor": • Local Computer Policy Computer Configuration Administrative Templates Windows Navigate to > > > Components Bitlocker Drive Encryption > • Edit the setting "Validate smart card certificate usage rule compliance" ☑...
- Page 80 Note: For this step, you do not need to install the OpenSC Minidriver and iShield PIV module anymore. As soon as there is a valid certificate on the iShield Key 2 Pro, the pre-installed Windows tools work by themselves. Insert the device you want to encrypt in your PC and open it in the Windows Explorer.
- Page 81 Check Use my smart card to unlock the drive and click Next • Store your recovery key in some secure place. In case you were to lose your iShield Key 2 Pro in the Next future, you can still recover your encrypted drive. Click •...
-
Page 82: Use It To Encrypt A Drive
Use it to encrypt a Drive As soon as the iShield Key 2 Pro and external drive are prepared, the default Windows PIV driver is sufficient for usage with Bitlocker. You will not need to install the OpenSC Minidriver or iShield PIV module in this case. -
Page 83: Use Case: Active Directory Bitlocker
Use Case: Active Directory Bitlocker In this scenario, the PC, on which Bitlocker is used, is a workstation within an active directory domain. The domain server will manage all the domain information. Upon request, the certificate authority on the domain server will issue and sign the used certificate. - Page 84 General: Rename template Request Handling: Select purpose Encryption Page 84 of 96...
- Page 85 Cryptography: Requests must use one of the following providers: Microsoft Base Smart Card Crypto Provider Extensions: ▪ Application Policies: Edit... -> - Remove all; Page 85 of 96...
- Page 86 Add... -> New... -> Name: your choice (e.g. “Bitlocker network unlock”), Object identifier: 1.3.6.1.4.1.311.67.1.1 (default in Bitlocker policies, must correspond to settings on client); ▪ Key Usages: Edit… > ☑ Allow key exchange only with key extension ☑ Make this extension critical extension. Page 86 of 96...
- Page 87 ☑Read, ☑ Enroll Security: Authenticated Users > Subject Name: Supply in request -> Accept warning Page 87 of 96...
-
Page 88: Self-Enroll Certificate On Client Pc
Enable the created Template: 5. Click OK to save the template. 6. In certsrv: go to your current domain > right click Certificate Templates > New > Certificate Template to Issue and select the template you have just created. Self-enroll Certificate on Client PC This requires you to install the OpenSC Minidriver and the iShield PIV Module. - Page 89 Go to Start-Menu and search for "Manage User Certificates" Certificates - Current User Personal Certificates 2. Open > > and right-click in the blank space 3. Navigate to All Tasks > Request New Certificate . The Certificate Enrollment wizard should open Active Directory Enrollment Policy Next 4.
-
Page 90: Use It On Client
Check Use my smart card to unlock the drive and click • Store your recovery key in some secure place. In case you were to lose your iShield Key 2 Pro in the Next future, you can still recover your encrypted drive. Click •... -
Page 91: Use Case: Active Directory Pc Logon
Use Case: Active Directory PC logon In this scenario, the Windows PC utilizing Smartcard Logon operates as a workstation within an Active Directory (AD) domain. The domain server handles all domain-related information. Upon request, the certificate authority (CA) on the domain server issues and signs the required certificate. This setup is particularly suited for companies with an existing AD infrastructure. -
Page 92: Self-Enroll Certificate On Client Pc
We recommend restarting your PC after certificate enrollment. Use it on Client From now on, whenever you lock your PC or log out of your account, you will be able to use your Swissbit iShield Key 2 Pro to logon to your account. -
Page 93: Troubleshooting
Troubleshooting “The smart card is read-only / cannot perform the requested operation” If your iShield Key 2 Pro is displayed to be read-only or to not support the requested operation, the OpenSC minidriver is not properly installed. For provisioning your key you need to use the OpenSC minidriver, see Section 8.2.1. -
Page 94: Glossary
9 Glossary Abbreviation Description Two-Factor Authentication Active Directory Certificate Authority Certificate Enrollment Policy Service Certificate Enrollment Service Cryptographic Service Provider Certificate Signing Request Domain Controller Encrypting File System FIDO Fast Identity Online HMAC Hashed Message Authentication Code HOTP HMAC-based One-Time Password IETF Internet Engineering Task Force iShield Key Manager... -
Page 95: Document History
10 Document History Date Revision Details 02.24.2025 Initial release Page 95 of 96... - Page 96 SWISSBIT makes no commitments to update or to keep current information contained in this document. The products listed in this document are not suitable for use in applications such as, but not limited to, aircraft control systems, aerospace equipment, submarine cables, nuclear reactor control systems and life support systems.
Need help?
Do you have a question about the iShield Key 2 and is the answer not in the manual?
Questions and answers