Basic User Password Reset

Infineon Security Platform

Infineon Security Platform Solution

Basic User Password Reset

The Infineon Security Platform Solution allows resetting Basic User Passwords.

This functionality can be used in case a Security Platform User has forgotten his Basic User Password or has problems with his authentication device. Otherwise access to the Security Platform Features would be blocked for the user. In this case confidential data would be lost.

In server mode the Trusted Computing Management Server handles the task of creating a Password Reset Token for all users, preparing and providing the Password Reset Authorization Code for specific users, i.e. you do not have to perform these tasks. Hence all buttons except Reset and Enable are disabled.

Password Reset Token, Password and Archive

The Password Reset concept is similar to Emergency Recovery concerning the usage of token, password and archive.

Resetting a user's Basic User Password requires some information stored in an archive. Password Reset data in this archive can only be used in combination with a Password Reset Token which is protected with a dedicated password.

The archive contains some encrypted data for each user to allow changing a user's Basic User Password without knowing the current password. If Password Reset is not set up, users may not be able to reset their Basic User Passwords. Password Reset is set up once, and the concerned archive is automatically accessed later by Security Platform components. The archive file must be accessible for all users of this Security Platform.

How to enable the Password Reset function

The Basic User Passwords Reset function can only be used, if the Security Platform Administrator has configured this functionality for all users.

A specific Security Platform User can only reset his password, after he has enabled this function for his user account. Enabling requires the current Basic User Password or Enhanced Authentication. Therefore a user cannot enable and perform Basic User Password Reset, when the current password is already lost.

How to reset a user's password

For security reasons, resetting the password consists of two tasks - an administrative task and user task. In case your user account is both used as Security Platform Administrator and Security Platform User, you can reset your password in one step.

Password Reset Step by Step

How to enable Password Reset	Software Component to use
1. Administrative Task: Configure Password Reset data for all users. This step can be enforced with the policy Enforce configuration of Password Reset.	If Security Platform is not yet initialized: Configuration via Quick Initialization Wizard Here the Password Reset is automatically configured with default settings. Configuration via Security Platform Initialization Wizard To configure Password Reset follow the steps mentioned: Launch Infineon Security Platform Settings Tool. In the Welcome page of Quick Initialization Wizard, select Advanced Initialization. During the Initialization Wizard, check the checkbox Password Reset and click Next. Select the option Create a new token. Browse to a location of your choice for saving the Password Reset Token file (default file name: SPPwdResetToken.xml). Acceptable storage media: Removable media or mapped network drive. Set a new token password and click Next. Confirm the settings and click Next. On the Completion screen, click Finish. If Security Platform is already initialized: Settings Tool - Password Reset - Configure... To configure Password Reset follow the steps mentioned: Launch Infineon Security Platform Settings Tool and select Password Reset. Click Configure... Select the option Create a new token. Browse to a location of your choice for saving the Password Reset Token file (default file name: SPPwdResetToken.xml). Acceptable storage media: Removable media or mapped network drive. Set a new token password and click Next. Confirm the settings and click Next. On the Completion screen, click Finish.
2. User Task: Enable the reset functionality for the current user. This step can be enforced with the policy Enforce enabling of Password Reset.	If user is not yet initialized: User Initialization Wizard To enable the Password Reset and create a Personal Secret for the user, follow the steps mentioned: Launch Infineon Security Platform Settings Tool. In the Welcome page of Quick Initialization Wizard, select Advanced Initialization. During the User Initialization Wizard, check the checkbox Enable the resetting of my Basic User Password in case of an emergency. Browse to a location on the hard drive for saving the Personal Secret file (default file name: SPPwdResetSecret.xml). Click Next. Confirm the settings and click Next. The Security Platform Features can be configured later. Uncheck all the options and click Next. On the Completion screen, click Finish. If user is already initialized: Settings Tool - Password Reset - Enable... To create a new Personal Secret for the current user, follow the steps mentioned: Launch Infineon Security Platform Settings Tool and select Password Reset. Click Enable.... An information message appears. Please read the message carefully and click OK. Browse to a location on the hard drive for saving the Personal Secret file (default file name: SPPwdResetSecret.xml). When prompted Do you want to replace it, click Yes. Authenticate yourself and click Next. Confirm the settings and click Next. On the Completion screen, click Finish.
How to reset a user's password	Software Component to use
3. Administrative Task: Prepare the Password Reset for a specific user, or prepare and reset for the current administrator account in one step.	Settings Tool - Password Reset - Prepare... (starts the Password Reset Wizard) To create the Password Reset Authorization Code for a specific user, follow the steps mentioned: Launch Infineon Security Platform Settings Tool and select Password Reset. Click Prepare.... From the list, select a specific user whose password is to be reset and click Next. Navigate to the location of the Password Reset Token file (default file name: SPPwdResetToken.xml), and enter the password protecting that file. Click Next. Browse to a location (e.g. mapped network drive or shared folder on the hard drive) for saving the Password Reset Authorization Code (default file name: SPPwdResetCode.xml), so that the user can access it. Click Next. On the Completion screen, click Finish. To prepare and reset the Basic User Password for the current administrator, follow the steps mentioned: Launch Infineon Security Platform Settings Tool and select Password Reset. Click Prepare.... Select the administrator whose password is to be reset, and click Next. Navigate to the location of the Password Reset Token file (default file name: SPPwdResetToken.xml), and enter the password protecting that file. Click Next. Navigate to the location of the Personal Secret file (default file name: SPPwdResetSecret.xml) and click Next. Type and confirm a new Basic User Password and click Next. Confirm the settings and click Next. On the Completion screen, click Finish.
4. User Task: Reset password for the current user (only possible if Password Reset is already prepared for this user).	Settings Tool - Password Reset - Reset... (starts the Password Reset Wizard) To reset the Basic User Password for the current user, follow the steps mentioned: Launch Infineon Security Platform Settings Tool and select Password Reset. Click Reset.... Navigate to the location of the Personal Secret file (default file name: SPPwdResetSecret.xml). Navigate to the location of the Password Reset Authorization Code file (default file name: SPPwdResetCode.xml) and click Next. Type and confirm a new Basic User Password and click Next. Confirm the settings and click Next. On the Completion screen, click Finish.

previous page start next page