public – UPC token User Documentation
Version 1.0 / January 16, 2023
UPC token (ACS) – Installation and Use
Used Token:
- ACS CryptoMate EVO
1 End user installation UPC token on Windows
1.1 Download and unpack UPC token software
Download-Link
- https://service.globaltrust.eu/static/upc-token.zip
- Copy the file to a suitable folder on your computer, e.g. C:\download
- Unpack the file upc-token.zip
1.2 How to install the User Package
run autorun.exe (double click) →
Install ACOS5-EVO PKI Kit User Package →
Note
Depending on your system, the start might take several minutes
Answer yes to question about “Allow installation”
Next →
Tick the box “I accept the terms in the Licence Agreement” ✔
Next →
Choose a folder for the installation
Our recommendation:
Do NOT change the installation directory.
Next →
Install →
Note
The installation process may take a few minutes
Finish →
Note
You should restart your computer as soon as possible
1.3 Important Informationen
After the installation, you will find the following important information that you or your IT administrator will need[1]:
ACS user documentation (English)
– C:\Program Files (x86)\Advanced Card Systems Ltd\ACS ACOS5-EVO PKI Kit – User\Documentation\USR-ACOS5-EVO_PKI_Kit_User_Manual_(Windows)-1.01.pdf
Token management tool
– C:\Program Files (x86)\Advanced Card Systems Ltd\ACS ACOS5-EVO PKI Kit – User\EVO Certificate Manager\EVO-CM.exe
Note
The token management tool EVO-CM.exe should also appear as a link on the desktop.
File names of the Token PKCS#11 interface
- 32bit: C:\Windows\System32\acos5evopkcs11.dll
- 64bit: C:\Windows\SysWOW64\acos5evopkcs11.dll
Note 1
The UPC token supports Windows-CAPI and is therefore automatically recognised by numerous Windows programs.
Note 2
With the help of the PKCS#11 interface of the token, you can integrate the UPC token in many other programs and use the certificate on it for many applications. Depending on the type of program, it may be necessary to use the 32bit or 64bit version. This or third party documentations provide information for the use of it.
Note 3
If you are already using tokens or smart cards from other providers, conflicts may arise in individual cases. In such cases, we recommend that you only connect the token or smart card that you actually need.
1.4 Token Management Tool EVO-CM (“EVO Certificate Manager”)
Note
Normally, you do not need the EVO-CM administration tool. However, it can be useful if you need support from GLOBALTRUST.
Start EVO-CM.exe →
You can log in to the UPC token with the TransportPIN you assigned when you placed your order. If you no longer know the TransportPIN, please contact us.
Caution
You only have 7 tries to type the right PIN, after that your UPC token is locked and you have to send the token to us so we can unlock it. (subject to a charge)
Log-in →
Enter User PIN (== TransportPIN from your order)
Log-in →
After logging in, you can change your PIN (“Change PIN”) you may optionally rename your token (“Rename”).
Recommendation 1
If you choose to change your PIN do not lose it. As mentioned above, after 7 tries your token gets locked and you have to send the token back to us, so we can unlock it. (chargeable)
Recommendation 2
The name of the UPC token is per default our reference number, which internally documents the issuance of the token, You can change the name of the token, but you should keep the reference number for future reference to GLOBALTRUST. This speeds up the support process.
Note 1
If you use different tokens on your pc, you will get this message in the app “Invalid Card” . But you can ignore it because the program can only read its on tokens.
Note 2
Never delete any certificates from the token, otherwise the token will become unusable.
2 Use of the UPC token
These brief instructions is optimised for use as an access key to the UPC. However, the UPC token with a GLOBALTRUST certificate allows you countless other uses, please note:
- The ACS documentation
- Documentation of third-party software that offers certificates with HSM or token support
- For further applications we are happy to advise you
2.1 Use for UPC
The European Patent Court requires authentication by a hardware token certificate for login to its website. The UPC token we provide meets exactly this requirement.
Before you can use the login of the European Patent Court, you therefore need a correctly configured browser:
→ 2 Authentication via UPC token – Browser Chrome
→ 3 Authentication via UPC token – Browser Mozilla-Firefox
After successful browser configuration, you can test the login process via the website of the Patent Court.
Test website UPC
Note
The following sequence is described for the Chrome browser, for other browsers the sequence and appearance may be different.
You will be asked which certificate you want to present for authentication. The UPC token contains only one certificate, but you may be using other certificates for other purposes, so you must select the correct certificate.
The certificate contains the following information:
Issued from: CN=GLOBALTRUST 2020 AATL 1,O=e-commerce monitoring GmbH,C=AT
saved on: [The token name: the serial number of the UPC token (reference number after delivery) or the name you previously chose when renaming the token]
OK →
You will be prompted to enter the UserPIN of the UPC token. If you have not changed it, this is the TransportPIN according to your order.
Login →
If the test is successful, you will receive the following message (with your personal identification data):
Error message if the authentication does not work:
Trouble shooting
In the course of our extensive testing, we found the following issues:
[1] Sometimes the website is not available and shows a 505-error message → try again later
[2] Sometimes the browser does not respond anymore
- → Clear your cache,
- → Close the browser,
- → Open the UPC website only
[3] Sometimes the shown screen differs completely from the above screenshot
- → there is a transmission error, just reload the page
Example test page not displayed correctly
2.2 Authentication via UPC token – Browser Chrome
Requirements
- the UPC token must be plugged in
- the installation (→ 2 Install UPC token User Package) must be completed (restart of the computer required)
Chrome uses Microsoft Windows certificate management directly and does not require any specific configuration of the UPC token.
However, it is advisable to check whether the certificate of the UPC token has actually been correctly recognised before using it for the first time.
Start Chrome → chrome://settings/security →
Alternatively: Start Chrome → → Settings → Privacy and security → Security →
Manage device certificates →
All certificates installed on your computer are shown.
The certificate contains following details:
Issued from: CN=GLOBALTRUST 2020 AATL 1,O=e-commerce monitoring GmbH,C=AT
Select this certificate →
- Below “certificate intended purposes” you can find: Client Authentication
- You can also view more details about the certificate
Anzeigen →
Under → Details you will find the information about yourself that is presented to the “remote computer” in the course of each authentication.
Trouble shooting
If your token is NOT recognised, follow these steps:
[1] Check whether the token is actually plugged into a USB port (the UPC token should light up green).
[2] Check whether your computer recognises the intended USB interface (you can do this easily by plugging in a USB drive as a test).
[3] Sometimes USB interfaces lose the connected devices: simply disconnect and reconnect them (the UPC token should light up green).
[4] Check with your system administrator whether your computer allows USB devices at all (some company networks have disabled the use of USB devices, in which case your administrator must enable the interface).
[5] Remove all USB devices that are not immediately necessary.
[6] Check if you have installed the UPC token User Package → 2 Install UPC token User Package.
[7] Restart your computer
[8] Contact your IT manager regarding other possible incompatibilities.
[9] Try configuring the UPC token on another device.
[10] Use the token management tool EVO-CM.exe to check if the UPC token is displayed.
2.3 Authentication via UPC token – Browser Mozilla-Firefox
Requirements
- the UPC token must be plugged in
- the installation (→ 2 Install UPC token User Package) must be completed (restart of the computer required)
Start Mozilla Firefox → Extras →
Settings →
Privacy & Security → scroll all the way down to the bottom of the page →
Security Devices… →
Depending on earlier installations, already installed cardreader and token will be shown.
Load →
Modul Name: Enter a suitable name for your module, we recommend “UPC token”
Module filename: the file name of the PKCS#11 interface must be specified here. Depending on the installation of your browser 32bit or 64bit version:
- 32bit: C:\Windows\System32\acos5evopkcs11.dll
- 64bit: C:\Windows\SysWOW64\acos5evopkcs11.dll
OK →
If the UPC token is found, you will see an entry similar to the one above. Your personal token is displayed with the assigned token name (by default this is an 18-digit reference number).
Select your personal token →
You can now use the Mozilla Firefox token manager.
Trouble shooting
It may happen that your token is NOT recognised during the Mozilla Firefox installation. Take the following steps:
[1] Check whether the token is actually plugged into a USB port (the UPC token should light up green).
[2] Check whether your computer recognises the intended USB interface (you can do this easily by plugging in a USB drive as a test).
[3] Sometimes USB interfaces lose the connected devices: simply unplug and plug in (the UPC token should light up green).
[4] Check with your system administrator whether your computer allows USB devices at all (some company networks have disabled the use of USB devices, in which case your administrator must enable the interface).
[5] Check whether you have selected the correct interface file.
[6] Remove all USB devices that are not immediately required.
[7] Restart Mozilla Firefox and clear all cache files (History → Clear Recent History → All → OK →).
[8] Check if you have installed the UPC token User Package → 2 Install UPC token User Package.
[9] Restart your computer
[10] Contact your IT manager regarding other possible incompatibilities.
[11] Update your Mozilla Firefox browser.
[12] Try configuring the UPC token on another device.
[1] Use the token management tool EVO-CM.exe to check if the UPC token is displayed.
When contacting GLOBALTRUST support, please have the reference number and the screenshot of the token management tool EVO-CM.exe ready. Furthermore, describe which of the above steps you have taken and with what result.
2.4 Signing via UPC-Token – Adobe Acrobat Reader DC
Der UPC token wird nach Installation des 2 UPC token User Package installieren in Adobe ohne weitere Konfigurationsmaßnahmen erkannt.
Signatur erstellen
gewünschte Datei mit Adobe Acrobat Reader DC öffnen →
Tools →
Certificates →
Digitally sign → place the signing block at the desired position →
Select certificate from UPC token
Note
If you have several certificates, you can find out which certificate is the correct one by clicking on “Show details”.
Continue →
Select desired appearance → Sign → choose destination folder+ choose filename →
type in your token PIN → Login →
Note
This advanced signature is displayed as trustworthy by Adobe readers worldwide. However, it is NOT a qualified signature. In normal business life, this form of signature is sufficient. However, where a qualified signature is mandatory (e.g. for entries at the UPC), please use the second certificate supplied in the UPC bundle. To do this, use the e-Sign Agent (→ separate documentation: https://service.globaltrust.eu/static/trust2go-benutzer-en.pdf).