コンテンツ

  1. HOME
  2. FAQ
  3. Authentication System
  4. IC-Card Authentication Trouble

IC-Card Authentication Trouble FAQ

Use a Windows terminal with 'Certificate Management Utility' installed on it. With email message exchanges, we can help you to reset your PIN. First, find a Windows PC near you on which 'Certificate Management Utility' has been installed using the introductory support kit.(Mac is not available with this process). You also have to send and receive email with this PC. Please generate the random numbers refering to About the operation for the tool to unlock the PIN.pdf .and attach random numbers to the Details in the inquiry form below to send them.

https://www.iimc.kyoto-u.ac.jp/en/inquiry/?q=ninsho

[Process]

(1) Boot up the PIN lock recovery tool from start>All programs>Certification Management Utirily.

(2) Insert the IC card to the IC card reader/writer and press "OK".

(3) Send the random numbers displayed to the manager(ICT support center) from inquiry form.

(4) The corresponded random numbers from ICT support center will be sent by mail.

(5) Input the random numbers from ICT support center in "管理者から通知された乱数" and set the new PIN(password).

(6) Dialog button,"正常に終了しました" will be displayed. Please check it and press "OK".

※PIN(password)should be set using half-sized alphabet capital letter, small letter and numbers. You should create a PIN in which the number of places is between eight or more and sixteen or fewer.

Please check if the authentication driver was installed.

Windows user can check the above in clicking start>all programs>certificate management utility is there means that the authentication driver is installed.
If not, you are required to download and install the authentication driver from the URL below.

http://www.iimc.kyoto-u.ac.jp/ja/services/cert/support/post.html

Do you insert your IC card to the card reader before activating your browser?

If not, you should close all the browser and insert your IC card to the card reader.
Then activate the browser again.

Please clear a SSL state.

Please click "Tool"> "Internet option"> "Security" in "detail" tag and make sure that "TLS 1.0" is checked. Please uncheck the rest of the other.After that, please restart the Internet Explorer and carry out the IC card authentication.

In case above solutions didn't help you, please inquire ICT support center.

Inquiry Form

  • Isn't your browser Edge? It doesn't support Edge. Please use IE.

Start>All applications>Windows accessory
And choose Internet Explorer to log in the groupware and retry.

  • Is the driver's software for Windows10 installed?

Please access to the following page and install the driver's software for Winsows10 and retry.
【Limited on campus】 About the installation of the driver software of Kyoto University Authentication Infrastructure
http://www.iimc.kyoto-u.ac.jp/en/services/cert/support/post.html

  • Settings of SSL・TLS protocol

There's a limitation for the available transmitting protocol(SSL,TLS) version with IC card authenticaion in Kyoto University.
Please retry after perfomr the setting of the IE browser in the following way.

【Settings】
From the Internet Explorer Menu(Wheel mark), choose [Internet option].

Please activate only TLS 1.0 in the "Security" item from [Detail settings] tab.
*"Use SSL 2.0"-> Uncheck
*"Use SSL 3.0"-> Uncheck
*"Use TLS 1.0"-> Check
*"Use TLS 1.1"-> Check
*"Use TLS 1.2"-> Check
Press [OK] button and close the Internet option.
From the Internet Explorer menu, reload the page from [Display]-[Update to the latest information](or press F5 key).

  • Clear the cache

There might be the case that the browser reload and display the old temporal files(Cache).
We tell how to clear the cache in the following page. please refer to the following page to clear the cache and retry.
How to clear the cache?
http://www.iimc.kyoto-u.ac.jp/en/faq/general/general/post_159.html


If above these don't help you, please contact us from inquiry form.

It's due to the problem in driver. Please recover your card driver refering to the following material.

In case the solution below doesn't help, please inquire IIMC.

The recovery of your card driver(Mac OSX 10.10)

The way to change your PIN is as follows.

【Windows】

1.Please connect your card reader to PC and insert your Authentication IC card.

2.Please click Start>All program>Certificate Management Utility to choose "Certificate Managment Tool."

⇒ The pop-up screen will be displayed saying "Enter your PIN". Then you can enter your current PIN and choose OK.
⇒ The pop-up screen for "Certificate Managemetn Tool" will be displayed and you can choose "change your PIN."
⇒ The pop-up screen for "changing PIN" will be displayed. Then you can enter your current and new PIN and choose OK.
⇒ The message will be displayed saying "PIN is being changed, Please wait for a while."
When this message disappeared, PIN was succesffuly changed.

3.Please close the "Certificate Management Tool".

【Mac】

1. Please connect your card reader to PC and insert your Authentication IC card.

2. Please click Terminal to choose dnpchpin module storage folder.

⇒Please input "./dnpchpin" and press Return.
⇒Please input your current PIN to Input Current PIN item and your new PIN to Input New PIN item and Input New Pin(Confirmation)item.
⇒When the message appeared saying "PIN is successfully changed", your PIN was changed.

※The number of characters for PIN is between 8 or more and 16 or less.Please mix numbers and Romanized letters for your setting.

You can use Romanized letters, numbers, and symbols. For Romanized letters, you can use capital or small letters. Mix them with numbers, and create a string of characters whose coded meaning cannot easily be discerned. By mixing in symbols, you can create an effective password of a string of characters that will be difficult to crack. Please refrain from using a PIN composed of characters from which your name and ID can be easily inferred, such as dictionary vocabulary entries, the names of famous persons, or proper names.

【Windows】

1.Please connect your card reader to PC and insert your Authentication IC card.

2.Please click Start>All program>Certificate Management Utility to choose "Certificate Managment Tool."

⇒ The pop-up screen will be displayed saying "Enter your PIN". Then you can enter your current PIN and choose OK.

⇒ The pop-up screen for "Certificate Managemetn Tool" will be displayed and you can choose "change your PIN."

⇒ The pop-up screen for "changing PIN" will be displayed. Then you can enter your current and new PIN and choose OK.

⇒ The message will be displayed saying "PIN is being changed, Please wait for a while."

When this message disappeared, PIN was succesffuly changed.

3.Please close the "Certificate Management Tool".

【Mac】

1. Please connect your card reader to PC and insert your Authentication IC card.

2. Please click Terminal to choose dnpchpin module storage folder.

⇒Please input "./dnpchpin" and press Return.

⇒Please input your current PIN to Input Current PIN item and your new PIN to Input New PIN item and Input New Pin(Confirmation)item.

⇒When the message appeared saying "PIN is successfully changed", your PIN was changed.

※The number of characters for PIN is between 8 or more and 16 or less.Please mix numbers and Romanized letters for your setting.

You can use Romanized letters, numbers, and symbols. For Romanized letters, you can use capital or small letters. Mix them with numbers, and create a string of characters whose coded meaning cannot easily be discerned. By mixing in symbols, you can create an effective password of a string of characters that will be difficult to crack. Please refrain from using a PIN composed of characters from which your name and ID can be easily inferred, such as dictionary vocabulary entries, the names of famous persons, or proper names.

Once an authentication error occurs on a browser, the browser saves that condition. Please do the following.

(1) Close the browser that showed an error.

(Precautions)

If you have several tabs and windows open on your PC, please close them all. In Mac, select 'Close Firefox' from the menu, and close it. Even if you close all the windows with the 'x' button, the browser may not close.

(2) Confirm that the card reader is connected and the IC card inserted. Then activate the browser.

In case it won't help, please try clear he cache.

With Firefox, go to 'File' and then press 'Exit,' restart Firefox, and try to authenticate your certificate in the same way as before. If this does not work, then with Firefox, click on the HelpFirefoxHelpFirefox menu, go over to the Help menu and select About Firefox menu, and select 'Check for Updates.' Add on the latest update for Firefox, and try to restart your computer.

If you have several tabs and windows open on your PC, please close them all. In Mac, select 'Close Firefox' from the menu, and close it. Even if you close all the windows with the 'x' button, the browser may not close.

The driver soft at our webpage is for Firefox4.0 for MacOSX ~64bit/32bit, on the other hand, the PKCS#11 device in the introductory support kit, old driver soft, is for 32bit, which causes the trouble. Please refer to the "Users' manual and necessary soft(Limited on-campus)" on our homepage and install the new driversoft, which is for 64bit mode as well.

*In using the old driver soft, the following is the concrete measure.
Start "Macintosh HD" only for the use of Firefox4.0~ with the 64bit activating on Mac

→In the "application" click "Firefox" and start "see the information"
→Please check "start with the 32bit mode"
→Please close the "Information of Firefox" with x button.
→Please activate the Firefox.

For a Mac, the Safari browser cannot handle the electronic certificates. So, please use Mozilla Firefox on Mac.

By trying to change your password (PIN) , you can confirm whether your PIN is locked or not.

Changing PIN: http://www.iimc.kyoto-u.ac.jp/en/faq/cert/ic/pin.html

When it is locked, on Windows a message that your PIN is blocked will appear. With Mac and Linux, the message, 'PIN is blocked' will be displayed. First confirm whether the above situation is what is happening with your computer.

Then contact the ICT support center. When you contact us, we will let you know how to remotely recover the IC card lock. In addition, since a Windows environment is required, Mac or Linux users should borrow a computer with a Windows environment from someone nearby.

This type of incident has been confirmed in other cases of people using Mac OSX_10.5.x. First, do the following to confirm that you are faced with this kind of problem.

(1) Press the 'Security device' button that is displayed to the right of the certificate.

(2) With the card reader connected, confirm that the condition is in accordance with '1. The IC card reader is connected, and an IC card is not inserted into it,' as can be seen in this diagram.

(3) With the IC card inserted, click 'PKCS#11 Library for DNP...' and confirm that the condition is in accordance with either of these diagrams, 2-1 or 2-2.

The key point to look for is whether the right box says '2-1 Does not exist' or '2-2 Not yet logged in.'

(4) If the condition is '2-1 Does not exist,' then a problem with 10.5 x and the driver can be suspected.

To respond to this situation, you should upgrade to 10.5.8 from 10.5.x, for example. After carrying out this minor upgrade, confirm your certificate with the same method you used before.

Please carry out the VPN connection setting to your PC at home refering to the URL below. You can log in to the groupware from your PC after the operation.

After the environment setting to use IC card on your PC at home, you can operate the office system for accounting as well, however, please don't carry out the setting above to the PC which lots of people use.

URL of VPN setting:http://www.iimc.kyoto-u.ac.jp/en/services/kuins/vpn/

The written explanation in the introductory kit was insufficient. It has been revised in the new guide. When Firefox does not work well, respond as follows. After installing the PKCS#11 module, close Firefox, confirm that your IC card reader and IC card are connected, and then start Firefox again. After that, carry out installation of electronic certificate according to the instruction manual.

The drivers and the installation methods differ according to a personal computer's OS. Regardless of the OS, the following installs are required for your PC.

(1) Installation of card reader/writer driver software

(※ Please do this before connecting the devices.)

(2) Setting both 'Root Certificate (KyotoURootCA)' and 'Intermediate Certificate(KyotoUIntermediateFacultyCA),' on the browser you use.

(3) Installation of software that reads certificates and PIN password changes in your electronic certificate.

(※This software is called PKI and it is almost the same as J-PKI of Japanese Government.)

You should create a PIN in which the number of places is between eight or more and sixteen or fewer.

Your PIN may be too short or too long. Please change it so that it has between six or more and sixteen or less places, consisting of numbers, Romanized letters, etc. If an error message continues to be displayed, contact the ICT Support Center from the inquiry form.

An initial PIN is only something provisional until the user changes it and establishes his or her own PIN. Since the PIN is generated randomly, it is difficult to remember. To protect yourselves against security risks, we hope that all of you users will change your initial PIN.

You can use Romanized letters, numbers, and symbols. For Romanized letters, you can use capital or small letters. Mix them with numbers, and create a string of characters whose coded meaning cannot easily be discerned. By mixing in symbols, you can create an effective password of a string of characters that will be difficult to crack. Please refrain from using a PIN composed of characters from which your name and ID can be easily inferred, such as dictionary vocabulary entries, the names of famous persons, or proper names.

The contact chip is square and gold-colored. Put this side up and insert it completely into the back of the card reader/writer. When the blinking green LED light above the slot where you inserted the card stops blinking and stays on, then you can proceed.

Please buy the card reader/writer from the Co-op. For drivers, software, and manuals, please download the latest versions from the URL below.

http://www.iimc.kyoto-u.ac.jp/en/services/cert/support/post.html

 

Copyright © Institute for Information Management and Communication, Kyoto University, all rights reserved.