********************************************************* RELEASE NOTE for iVEST™ Client 3.0 for Windows ********************************************************* Date: 7-Feb-2006 iVEST™ Client 3.0 is for Windows 98/ME/NT/2000/XP Contents 1.0. Components in iVEST™ Client 3.0. 2.0. Smart Cards and Smart Card Readers supported. 3.0. Browsers and Operating System supported. 4.0. New Features in iVEST™ Client 3.0. 5.0. Features in iVEST™ Client. 6.0. Additional Information for iVEST™ Client 3.0. 7.0. Known problems in iVEST™ Client 3.0. --------------------------------------------------------- 1.0. Components in iVEST™ Client 3.0. 1.1. iVEST™ Gate 3.0.2.0 1.2. iSign Plugins (Netscape) 2.2.1.0 ActiveX (Internet Explorer) 1.0.3.0 1.3. iProxy 3.2.3.0 1.4. iVEST™ Gate Admin 3.0.4.0 1.5. iVEST™ CSP 3.3.0.0 1.6. iVEST™ PKCS#11 1.0.0.0 --------------------------------------------------------- 2.0. Smart Cards and Smart Card Readers supported 2.1. Smart Card 2.1.1. MyKad 64K, Setec 8K, Setec 16K. 2.2. Smart Card Readers 2.2.1. All PC/SC compatible smart card readers that certified and supplied by iVEST. 2.3. No smart card reader driver is installed during iVEST™ Client 3.0 installation. In iVEST™ Client 3.0, users are advisable to plug-in smart card reader first, then install the smart card reader driver manually before installing iVEST™ Client 3.0. 2.4. Tested on 2.4.1. ACR30U, CST10U (USB) 2.4.2. ACR20S, ACR30S, ACR30SP (Serial) --------------------------------------------------------- 3.0. Browsers and Operating System supported 3.1. Browsers 3.1.1. Netscape Navigator 4.5x, 4.6x, 4.7x and 4.8x EXCEPT 6.0 and 7.0. 3.1.2. Internet Explorer (IE) 5.0, 5.0 SP2, 5.5, 5.5 SP2, 6.0 and 6.0 SP1. 3.2. Email Clients: 3.2.1. Outlook Express 5.0, 5.5 and 6.0. 3.2.2. Microsoft Outlook 2000 and 2002 (also known as XP Edition). 3.2.3. Netscape Messenger 4.5x, 4.6x, 4.7x and 4.8x. 3.2. Operating System 3.2.1. Windows 98 3.2.2. Windows ME 3.2.3. Windows NT 4.0 Server 3.2.4. Windows NT 4.0 Workstation 3.2.5. Windows 2000 Professional 3.2.6. Windows 2000 Server 3.2.7. Windows XP Professional 3.2.8. Windows XP Home Edition Note: Windows 95 and NT 3.5 are not supported. --------------------------------------------------------- 4.0. New Features in iVEST™ Client 3.0 4.1. Installation 4.1.1. This will automatically remove all iVEST application. (iVEST™ CSP, iVEST™ Client, iVEST™ File). It will prompt a user click YES/NO for uninstallation. Clicking Yes, will uninstall the previous program and no to abort installation. 4.1.2. Add Malaysia Premier CA 1024 and MyKad Online CA as a root and intermediate certificate in Internet Explorer and Netscape browser. 4.1.3. Add Root Agency in Trusted Root CA and MyKad in Intermediate CA as a Trusted Publisher in Internet Explorer. 4.1.4. Updated the iProxy CA Cert (31/12/2010) 4.2. iVEST™ Gate 4.2.1. Auto Start is enable by default and only enable for administrator. 4.3. iVEST™ Gate Admin 4.3.1. User has an option to view authentication or non-repudiation certificate. 4.3.2. User is allowed to change smart card PIN between 6 to 8 characters only. 4.4. iProxy 4.4.1. Provide an option to cache PIN. The system default is not to cache the PIN. Cache PIN can be changed instantaneously. It will have an immediate effect of caching the PIN. 4.4.2. Auto Start is enable by default and only enable for administrator. 4.5. iVEST™ CSP 4.5.1. Support digital signature/verification of email in Outlook Express. 4.5.2. Support encryption/decryption of email in Outlook Express. 4.5.3. Able to generate public key and insert certificate into smart card. 4.6. iSign 4.6.1. All digital signature will be created using a non-repudiation certificate. 4.6.2. iSign is able for Internet Explorer 5 and above by using ActiveX. 4.6.3. iSign dialog PIN has vertical and horizontal scroll to receive data to sign. 4.7. iVEST™ PKCS#11 4.7.1. Enhancement of iVEST™ Crypto Library (mkrip.dll). --------------------------------------------------------- 5.0. Features in iVEST™ Client 5.1. iVEST™ Gate 5.1.1. iVEST™ Gate is an application software used to configure your computer so that the components of iVEST™ Client can communicate with the Smart Card Reader. 5.2. iVEST™ Gate Admin 5.2.1. Using iVEST™ Gate Admin, you can change your PIN, change your smart card reader setting, and view your certificate as well. 5.3. iProxy 5.3.1. iProxy is the local secure proxy on the client side which authenticates client and server sides via a Secure Socket Layer (SSL) connection. iProxy is a local proxy. When you try to connect to secure web sites (normally via https at the URL), the request will be routed to this proxy. iProxy will present the Authentication certificate to the server during log on process. iProxy initiates all SSL handshake with web server. 5.4. iSign 5.4.1. A web browser plug-in. 5.4.2. Support LiveConnect for Netscape browser therefore can call iSign directly from an HTML form without having to post the data to sign to the server first. 5.4.3. Complies with S/MIME 2.0 standard. 5.4.4. Able to generate digital signatures in PKCS#7 singlepart or multipart signing format. In singlepart signing, the data to be signed (message) plus signed data are sent in a package to the server. In multipart signing, only the signed data is sent as a package to the server. 5.4.5. Supports both Server and Client Side Signing. Client Side Signing is only available in Netscape browser (using LiveConnect). 5.4.6. Support both Internet Explorer (version 4.0 and higher) and Netscape browser (version 4.0 and above). 5.5. iVEST™ PKCS#11 5.5.1. Able to sign and encrypt using Netscape application. --------------------------------------------------------- 6.0. Additional Information for iVEST™ Client 3.0 6.1. In Netscape and IE, after installation completed, the software will maintain previous internet server types settings (ftp;gopher;http;sock) and overwrite the https security proxy server (localhost:5003) for all Netscape profiles and for all users. 6.2. In Netscape, after uninstallation completed, the software will maintain previous internet server types settings (ftp;gopher;http;sock) and also maintaining the https security proxy server (localhost:5003) for all Netscape profiles. 6.3. In IE, after uninstallation completed, the software will maintain previous internet server types settings (ftp;gopher;http;sock) and delete the https security proxy server (localhost:5003). 6.5. Normal users should set their Proxy Server setting manually. To switch to other user (eg. from admin user to normal user), need to log off or restart PC first. All administrator and users should set their Proxy Server setting manually if use with dial up. 6.6. If users change PIN and then want to access the same https site (the site before changing the PIN), users should relaunch iProxy (either by pulling and reinserting the smart card from its reader or by exiting anf relaunch via Start->Program menu). 6.7. If the user select Cache PIN and External Proxy options at one time, PIN box ONLY pop up once for the first https site accessed. Subsequent access to any https sites does not require any PIN. 6.8. For PKCS#11 usage in Netscape, user needs to key in PIN once only. This PIN is cached by Netscape until the user close the browser or reinsert card. 6.9. Users must use at least the same or more cipher strength with the sender in order to open the encrypted messages/emails, otherwise they are not able to open (decrypt) the messages/emails. 6.10. Netscape will only accept 20KB of data to be signed. Data exceeded that limit will be truncated. 6.11. For Windows 98 (First Edition) machine, user is required to upgrade to at least Internet Explorer 5.0 and above and also install DCom98.exe which are obtainable from Microsoft. Download link for Internet Explorer: http://www.microsoft.com/windows/ie/downloads/default.asp Download link for DCom98.exe: http://www.microsoft.com/com/dcom/dcom98/download.asp 6.12. If you are using Cross S&T CST10U smart card reader and find out the Windows XP's Device Manager could not detect the CST10U reader after your PC restart or start up, then you are recommended to unplug the smart card reader and plug it in again. The Device Manager should be able to detect it, therefore iVEST Gate can be loaded. This will happen in Compaq Evo N610c and Windows XP Professional due to the NEC USB hardware controller. 6.13. If you get the "Smart Card General Access Error" error message when using iVEST CSP, please restart the iVEST Gate and reinsert the smart card. --------------------------------------------------------- 7.0. Known problems in iVEST™ Client 3.0 7.1. iProxy PIN request box is not active everytime pop up. 7.2. Enter wrong PIN in iVEST PKCS#11, then reenter correct PIN, an error message from Netscape will pop up. 7.3. PC/SC resource manager warning prompted after restart/first logon on Windows XP © Copyright 1999-2006, MIMOS Berhad. ALL RIGHTS RESERVED. iVEST™ is the trademark of MIMOS Berhad, Malaysia.