IDPrime .NET & MD card
The smart card unblock feature requires the use of an Administrative key that the regular end user should not have direct access to. The user will require support from a Security Officer, IT Administrator or Helpdesk Service to complete this operation. To protect the confidentiality of the Admin Key, the Unblock procedure does not require the end user to present the Admin key directly. Instead, a challenge-response procedure is used.
If you ordered the IDPrime .NET or MD card from Gemalto webstore, the card comes with the default admin key value. (0000..0000 (24 bytes, 48 digits long)). If your card has this value, then you can calculate the response using the “Response Calculator” tool. Be aware that on IDPrime MD CC certified card there is a second PIN (Signature PIN) that is protected by a Signature PUK (which is different from the Admin Key) so in that card the challenge/response mechanism is applicable for the User PIN only.
The Unblock PIN operation can be performed via ‘pintool’ (Start / Run / PINtool) on Windows XP and 2003. On Windows Vista and Seven, this feature is a part of the secure desktop(Ctrl-Alt-Del).
You can also use the “Minidriver manager” tool to perform the same operation.
All the tools are available for download in the following webpage: www.gemalto.com/products/dotnet_card/resources/development.html.
For IDPrime .NET card only a web-based tool is also available here: www.netsolutions.gemalto.com/netutils/Default.aspx
In the production environment (i.e. Gemalto IDAdmin or Microsoft FIM or most of the Card Management System of the market) where the admin key is diversified, you have no access to the admin key. In this case, please refer to the vendor manual for the guidance.
More information can be found here : www.gemalto.com/products/dotnet_card/evalkit.html