Using a token and smart card with Authentication Agent

A token or smart card can be used for authentication when accessing encrypted hard drives. To do so, you must add the electronic certificate file of a token or smart card to the Manage Authentication Agent accounts task.

Use of a token or smart card is available only if the computer hard drives were encrypted using the AES256 encryption algorithm. If the computer hard drives were encrypted using the AES56 encryption algorithm, addition of the electronic certificate file to the command will be denied.

Kaspersky Endpoint Security supports the following tokens, smart card readers, and smart cards:

To add the file of a token or smart card electronic certificate to the command for creating an Authentication Agent account, you must first save the file using third-party software for managing certificates.

The token or smart-card certificate must have the following properties:

If the electronic certificate of the token or smart card does not meet these requirements, you cannot load the certificate file into the command for creating an Authentication Agent account.

The KeyUsage parameter of the certificate must have the value keyEncipherment or dataEncipherment. The KeyUsage parameter determines the purpose of the certificate. If the parameter has a different value, Kaspersky Security Center will download the certificate file but will display a warning.

If a user has lost a token or smart card, the administrator must add the file of a token or smart card electronic certificate to the command for creating an Authentication Agent account. Then the user must complete the procedure for receiving access to encrypted devices or restoring data on encrypted devices.

Page top