BaroPAM installation Guide (Windows)

Installation guide for BaroPAM solution for 3-step authentication to enhance the security of information assets(Windows)

 

Index

1. Install BaroPAM
1.1 Preparation before installing BaroPAM
1.2 Install BaroPAM
1.3 Install vcredist
1.4 BaroPAM environment settings

2. BaroPAM application
2.1 BaroPAM application process
2.2 BaroPAM application screen
2.3 How to logon to Windows
2.4 BaroPAM updating

3. BaroPAM resetting
3.1 BaroPAM environment resettings
3.2 How to disable BaroPAM
3.3 How to reuse BaroPAM

4. BaroPAM delete
4.1 BaroPAM delete

5. BaroPAM FAQ

6. About BaroPAM

 

 

 

1. Install BaroPAM

 

1.1 Preparation before installing BaroPAM

 

To use BaroPAM, you must set a password for your Windows user account or temporarily disable the password (reset the password after installing BaroPAM).

 

Make sure that your Windows user account and password are correct, and that you have the latest updates for Windows.

 

To install BaroPAM, you need to know "Version of Windows, system type, computer name". To do so, "Explorer -> This PC -> Right-click" and the following screen appears.

 

 

If you click "Properties(R)" on the screen above, a screen that provides system information such as "Windows version, system type, workgroup, computer name" appears.

 

 

Important) In order to prevent malfunction of BaroPAM, "Computer name" or "PC name" must be "used in combination of English letters, hyphens, and numbers" after checking whether Korean characters are included.

 

Check the "Version of Windows, system type, work group, computer name" on the screen above, and download the appropriate BaroPAM installation module.

 

The URL to download the BaroPAM installation module is as follows.

 

http://nuriapp.com/download/baropam_setup_x32.zip ==> Windows 7, 8, 10, 11 32bit http://nuriapp.com/download/baropam_setup_x64.zip ==> Windows 7, 8, 10, 11 64bit

 

 

1.2 Install BaroPAM

 

Move to the directory where you downloaded the BaroPAM installation module and proceed with the installation of BaroPAM in the following order.

 

First, if you unzip the compressed BaroPAM installation file (baropam_setup_x64.zip), the following "baropam_setup_x64" directory is created, and the following files exist.

 

 

- BaroPAM logo image(size 354 X 354): BaroPAM.bmp - BaroPAM User Guide(Chinese): BaroPAM_Guide_Windows_cn.pdf - BaroPAM User Guide(English): BaroPAM_Guide_Windows_en.pdf - BaroPAM User Guide(Japanese): BaroPAM_Guide_Windows_jp.pdf - BaroPAM User Guide(Korean): BaroPAM_Guide_Windows_kr.pdf - BaroPAM Installer(Chinese): baropam_setup_x64_cn.exe - BaroPAM Installer(English): baropam_setup_x64_en.exe - BaroPAM Installer(Japanese): baropam_setup_x64_jp.exe - BaroPAM Installer(Korean): baropam_setup_x64_kr.exe - Face recognition configuration file: KF3_API.ini - Local Group Policy Editor installation file: gpedit.bat - NTP Client Settings: ntpclient_setup.bat(time.windows.com is set) - Update URL configuration file: pam_baro_update.ini(http://nuriapp.com/update is set) - Registry registration file: register_x64.reg - Registry removal file: Unregister_x64.reg

 

Second, To run the BaroPAM installation file, if you select the "baropam_setup_x64_en.exe" file and click the right mouse button, the screen to install BaroPAM does not appear and the "Windows PC protection" screen may appear as follows.

 

 

Clicking the "Do Not Run" button cancels the installation of BaroPAM.

 

After confirming the contents of the screen above, click "Additional Information" and the following screen will appear.

 

 

If you click the "Do run" button, the screen to install BaroPAM appears, and if you click the "Do not run" button, the installation of BaroPAM is canceled.

 

Third, if you click the "Do run" button, the screen to select the installation mode of BaroPAM appears. Select "Install for all users (recommended)" if you are installing for the first time or you are an administrator, and "Install for me only" if you need to configure the BaroPAM environment for each user after installing the administrator version.

 

 

Fourth, if you want to create an additional shortcut on the desktop as an additional action to be performed in the settings during BaroPAM installation, select an additional action and click the "Next" button.

 

 

Fifth, after checking the directory and shortcut folder to install BaroPAM on the computer, click the "Next" button. The progress of BaroPAM installation on the computer appears as follows.

 

 

Sixth, if the BaroPAM module installation is normally completed, the "Completing the BaroPAM Setup Wizard" screen appears as follows.

 

 

In the screen above, select "Microsoft Runtime Library" to install the package (vcredist) for the Windows process and "Launch BaroPAM Manager" to set the environment for BaroPAM, then click the "Finish" button at the bottom.

 

 

1.3 Install vcredist

 

First. When trying to run Microsoft Visual C++ down-configured programs in Windows 32bit and Windows 64bit environments, the necessary vcredist programs appear as follows: "Microsoft Visual C++ 2015-2019 Redistributable (x64) - …" installation screen.

 

 

If it is already installed, the following "Microsoft Visual C++ 2015-2019 Redistributable (x64) - …" installation modification screen appears.

 

 

In this case, since it is already installed, do not click the "Repair(R) or Uninstall(U)" button, but click the "Close(C)" button.

 

C++ programs developed with versions after Visual Studio 2005 must have Redistributable installed. If not installed, the following error message occurs when logging on to Windows, and BaroPAM is not applied.

 

 

Second, on the "Microsoft Visual C++ 2015-2019 Redistributable (x64) - …" installation screen, after checking the "MICROSOFT Software License Terms", select "Agree(A)" and click the "Install(I)" button to see the following The same "Installation Progress" screen appears.

 

 

Thirdly, when the installation of "Microsoft Visual C++ 2015-2019 Redistributable (x64) - …" is completed normally, the following "Setup Successful" screen appears.

 

 

After proceeding with the vcredist program installation, call "Launch BaroPAM Manager" to set the BaroPAM environment.

 

 

1.4 BaroPAM environment settings

 

If the BaroPAM module is installed normally, proceed with the BaroPAM environment setting in the following order to use BaroPAM.

 

First, the "BaroPAM Manager" screen appears, where you can configure BaroPAM for Windows.

 

 

▣Secure key

 

The secure key assigned to each information asset is a required input item, and you must enter the secure key granted upon request from the vendor.

 

If you enter an arbitrary "Secure key" not given by the vendor, you may be unable to log on to the information asset because an incorrect OTA key is given.

 

If the secure key set in the information asset and the secure key registered in the BaroPAM app, which is a OTA key generator, are different, the OTA key is different, so you may not be able to log on to Windows.

 

If you do not enter the secure key or it is out of range, the following message appears on the screen.

 

 

▣Cycle time(3~60 sec)

 

The Cycle time of the OTA key is a required input item and can be specified from a minimum of 3 seconds to a maximum of 60 seconds. If you do not enter the Cycle time or it is out of range, the following message appears on the screen.

 

 

If the cycle time of the OTA key and the cycle time of the OTA key specified in the BaroPAM app, which is a OTA key generator, are different, it may be impossible to log in because the OTA keys are different.

 

▣Emergency OTA key

 

The emergency OTA key can be set up to 5 8-digit numbers in case the OTA key generator BaroPAM app is unavailable or lost, and the emergency OTA key used when logging on to Windows is automatically deleted.

 

① Enter the emergency OTA key to be added as an 8-digit number.

② Click the "Add" button to add the emergency OTA key entered in ① to ③. If you want to delete the added emergency OTA key, double-click the emergency OTA key in ③ and it will be deleted in ③.

 

If you add more than 5 emergency OTA keys, the following message appears on the screen.

 

 

▣Server name

 

You must enter the same computer name as the "server name" registered in the BaroPAM app, a OTA key generator.

 

If BLE(Bluetooth Low Energy) is used, if the set server name and the server name registered in the BaroPAM app, which is a OTA key generator, are different, automatic logon of Windows and screen saver lock prevention/automatic lock/automatic unlock The function does not work normally

 

▣Username

 

Specifies the Username used to log on to Windows.

 

When using "Local user", "Workgroup\Username", when using "Microsoft Account", "MicrosoftAccount\MS Registration Account", and when using "Windows server", "Domain Name" must be specified to log on to Windows.

 

In the case of a local user, if the work group is "WORKGROUP" and the user name is "baropam", "WORKGROUP\baropam", in the case of a Microsoft account, if the MS registration account is "mc529@nurit.co.kr", "MicrosoftAccount\mc529@nurit.co kr", if the domain name is "nurit.co.kr" for Windows server, enter "nurit.co.kr".

 

Note) To check the workgroup, right-click the "Windows Start" image -> click "System" -> click "Advanced system settings" -> check "Workgroup" on the "System Properties" screen.

 

 

Note) Check Username, which is the Windows user account, in "Search Windows -> Enter 'netplwiz' -> Open".

 

 

▣Applying BLE

 

In order to minimize user's inconvenience, select "Applying BLE" when using the automatic log-in of the computer with a single touch in conjunction with the BaroPAM app and the function of preventing/auto-locking/auto-unlocking the screen saver.

 

If "Auto Login" is selected, it works with the BaroPAM app to automatically log in to the computer with a single touch and to prevent/auto-lock/auto-unlock the screen saver.

 

If you select "Screen Saver", you can use the function to prevent/auto-lock/auto-disable the computer's screen saver with a single touch in conjunction with the BaroPAM app.

 

▣Biometric Interconection

 

In order to minimize user's inconvenience, when using the automatic logon function of Windows by face recognition using the computer's camera, after selecting "Biometric Interconnection", facial feature information is extracted and registered in the following order.

 

 

Second, if you click the "Save" button to save the BaroPAM environment setting information, the following message appears.

 

 

If you select the "Yes" button, the settings in the "BaroPAM Manager" screen are saved, the "BaroPAM Manager" screen is closed, and the BaroPAM installation process proceeds.

 

If the "No" button is selected, the settings made on the "BaroPAM Manager" screen are not saved, the "BaroPAM Manager" screen is closed, and the BaroPAM installation process ends.

 

Third. If you click the "Yes" button on the above screen, the following "Registry Editor" screen appears to register BaroPAM in the Windows registry.

 

 

Fourth, after checking the contents of the "Registry Editor" screen, click the "Yes" button to register the BaroPAM registry, and the following "Registry Editor" screen appears.

 

 

Click the "OK" button on the screen above to complete BaroPAM's registry registration.

 

Fifth, after copying the module to the BaroPAM installation directory, the following message appears.

 

 

Click the "OK" button on the screen above to complete the installation of BaroPAM.

 

Note) After installing BaroPAM, do not reboot Windows, but use "Winkey+L" to test.

 

The details and format of the authentication log (pam_baro_auth.log) logged during Windows logon are as follows.

 

1) Logon success    ① Using an emergency OTA key       2018.10.14 11:46:02-0537 : BAROPAM-PC : emergency authentication key : session opened for user root by (local ip=1.234.83.169,Remote ip=0.0.0.0)       2018.10.14 11:46:02-0537 : BAROPAM-PC : BaroPAM Setup : emergency authentication key : session opened for user root by (local ip=1.234.83.169,Remote ip=0.0.0.0)    ② Use a OTA key       2018.10.14 11:46:02-0537 : BAROPAM-PC : authentication key : session opened for user root by (local ip=1.234.83.169,Remote ip=0.0.0.0)       2018.10.14 11:46:02-0537 : BAROPAM-PC : BaroPAM Setup : authentication key : session opened for user root by (local ip=1.234.83.169,Remote ip=0.0.0.0)    ③ Using BaroBLE       2018.10.14 11:46:02-0537 : BAROPAM-PC : BaroBLE Logon : authentication key : session opened for user root by (local ip=1.234.83.169,Remote ip=0.0.0.0)       2018.10.14 11:46:02-0537 : BAROPAM-PC : BaroBLE Manager : BLE session opened for user root by (local ip=1.234.83.169,Remote ip=0.0.0.0)       2018.10.14 11:46:02-0537 : BAROPAM-PC : BaroBLE Manager : ERP Application auto-login for user root by (local ip=1.234.83.169,Remote ip=0.0.0.0)    ④ Use biometric authentication       2018.10.14 11:46:02-0537 : BAROPAM-PC : biometrics authentication : User root facial recognition Success (local ip=1.234.83.169,Remote ip=0.0.0.0)       2018.10.14 11:46:02-0537 : BAROPAM-PC : BaroPAM Setup : User root facial recognition Success (local ip=1.234.83.169,Remote ip=0.0.0.0)   2) Logon failure    ① Verification failed       2018.10.14 11:46:02-0537 : BAROPAM-PC : emergency authentication key : User root authentication failed (local ip=1.234.83.169,Remote ip=0.0.0.0)       2018.10.14 11:46:02-0537 : BAROPAM-PC : authentication key : User root authentication failed (local ip=1.234.83.169,Remote ip=0.0.0.0)       2018.10.14 11:46:02-0537 : BAROPAM-PC : BaroPAM Setup : User root authentication failed (local ip=1.234.83.169,Remote ip=0.0.0.0)       2018.10.14 11:46:02-0537 : BAROPAM-PC : BaroBLE Manager : User root authentication failed (local ip=1.234.83.169,Remote ip=0.0.0.0)       2018.10.14 11:46:02-0537 : BAROPAM-PC : BaroBLE Logon : User root authentication failed (local ip=1.234.83.169,Remote ip=0.0.0.0)       2018.10.14 11:46:02-0537 : BAROPAM-PC : biometrics authentication : User root facial recognition failed (local ip=1.234.83.169,Remote ip=0.0.0.0)       2018.10.14 11:46:02-0537 : BAROPAM-PC : BaroPAM Setup : User root facial recognition failed (local ip=1.234.83.169,Remote ip=0.0.0.0)      ② There is no authentication key cycle time       2018.10.14 11:46:02-0537 : BAROPAM-PC : authentication key : There is no cycle time for user root (local ip=1.234.83.169,Remote ip=0.0.0.0)       2018.10.14 11:46:02-0537 : BAROPAM-PC : BaroPAM Setup : There is no cycle time for user root (local ip=1.234.83.169,Remote ip=0.0.0.0)       2018.10.14 11:46:02-0537 : BAROPAM-PC : BaroBLE Manager : There is no cycle time for user root (local ip=1.234.83.169,Remote ip=0.0.0.0)       2018.10.14 11:46:02-0537 : BAROPAM-PC : BaroBLE Logon : There is no cycle time for user root (local ip=1.234.83.169,Remote ip=0.0.0.0)      ③ No verification code entered       2018.10.14 11:46:02-0537 : BAROPAM-PC : authentication key : There is no verification code for user root (local ip=1.234.83.169,Remote ip=0.0.0.0)       2018.10.14 11:46:02-0537 : BAROPAM-PC : BaroPAM Setup : There is no verification code for user root (local ip=1.234.83.169,Remote ip=0.0.0.0)       2018.10.14 11:46:02-0537 : BAROPAM-PC : BaroBLE Manager : There is no verification code for user root (local ip=1.234.83.169,Remote ip=0.0.0.0)       2018.10.14 11:46:02-0537 : BAROPAM-PC : BaroBLE Logon : There is no verification code for user root (local ip=1.234.83.169,Remote ip=0.0.0.0)      ④ No verification key       2018.10.14 11:46:02-0537 : BAROPAM-PC : authentication key : There is no secure key for user root (local ip=1.234.83.169,Remote ip=0.0.0.0)       2018.10.14 11:46:02-0537 : BAROPAM-PC : BaroPAM Setup : There is no secure key for user root (local ip=1.234.83.169,Remote ip=0.0.0.0)       2018.10.14 11:46:02-0537 : BAROPAM-PC : BaroBLE Manager : There is no secure key for user root (local ip=1.234.83.169,Remote ip=0.0.0.0)       2018.10.14 11:46:02-0537 : BAROPAM-PC : BaroBLE Logon : There is no secure key for user root (local ip=1.234.83.169,Remote ip=0.0.0.0)   3) Etc    ① BLE session closed       2018.10.14 11:46:02-0537 : BAROPAM-PC : BaroBLE Manager : BLE session closed for user root (local ip=1.234.83.169,Remote ip=0.0.0.0)

 

If the Windows time is different from the current time, the OTA key does not match because the OTA key does not match.

 

Recently, as a method of time synchronization (time server time synchronization) for servers/network equipment, the system time can be set to the current time in the administrator account using NTP (Network Time Protocol).

 

If you cannot log on to Windows, boot into safe mode as follows, move to the installation module directory, and click the "Unregister_x64.reg" file to release the BaroPAM information added to the Windows registry.

 

Windows safe mode, which is used when unable to log on to Windows, is a mode for diagnosing the operating system and has many functional limitations, such as using the minimum number of files and drivers. But thanks to this, it can help to solve the problem. (Refer to the Windows manual)

 

 

2. BaroPAM application

 

2.1 BaroPAM application process

 

 

 

2.2 BaroPAM application screen

 

 

 

2.3 How to logon to Windows

 

If Windows is currently logged on, press "Winkey+L" or turn on Windows to display the BaroPAM logon screen where you enter the following BaroPAM OTA key and Windows Username/Password.

 

When using "Local user", "Workgroup\Username", when using "Microsoft Account", "MicrosoftAccount\MS Registration Account", and when using "Windows server", "Domain Name" must be specified to log on to Windows.

 

In the case of a local user, if the work group is "WORKGROUP" and the user name is "baropam", "WORKGROUP\baropam", in the case of a Microsoft account, if the MS registration account is "mc529@nurit.co.kr", "MicrosoftAccount\mc529@nurit.co kr", if the domain name is "nurit.co.kr" for Windows server, enter "nurit.co.kr".

 

The "server name, secure key, cycle time" entered on the "BaroPAM Manager" screen must be entered identically on the "Register server information" screen of the "BaroPAM" app.

 

 

Download the BaroPAM App)

 

 

BaroPAM app can be used on Android 6.0 (Marshmalliw) API 23, iOS 13.0 or higher, and does not support landscape mode.

 

After installing the BaroPAM app, launch the BaroPAM app, click the "Verification Code" button on the menu selection screen, and enter the "Server name, Secure Key, Cycle time" entered in the "BaroPAM Manager" screen into the "Register server information" of the BaroPAM App. You must enter the same on the screen.

 

Message: The "OTA key" is incorrect because the date and time of the Android phone or iPhone are different from the current time.

Cause: This is caused by not using the time provided by the network for the Android or iPhone's date and time.

Action: For Android phones, go to "Settings" -> "General management" -> "Date and time" -> "Automatic date and time" and "Automatic time zone" -> "Allow"

 For iPhone, go to "Settings" -> "Date & Time" -> "Set Automatically" -> "Allow"

 

Message: If you cannot log in because the one-time authentication key does not match.

Cause: BaroPAM is a time synchronization method, so the phone and Windows time must be the same.

Action: Make sure the time on your phone and Windows are correct.

 

Enter the Windows user account (Username), generate a OTA key in the "BaroPAM" app on the smartphone, enter the OTA key generated in "Verification code" and "Password" in Windows, then click "->" Alternatively, clicking the "Enter" button requests authentication to the BaroPAM module, and if verification is successful, the logon authentication policy of the Windows OS is activated.

 

Ex) If biometric authentication is not used

 

Ex) When using biometric authentication

 

If it is confirmed by comparing it with the already registered face feature information, it logs on to Windows.

 

If face recognition fails or if you press the "Esc" key to cancel face recognition, the following Windows logon screen appears.

 

 

In the screen above, enter the Windows user account (Username) and "Password" and click the "->" or "Enter" button to request authentication from Windows. If authentication is successful, log on to Windows.

 

In Windows, if the BaroPAM verification module fails to authenticate the entered OTA key, the following "Error" message appears on the BaroPAM logon screen.

 

 

 

2.4 BaroPAM updating

 

First, click the "Start" button at the bottom right of Windows and click "BaroPAM Manager" as follows.

 

 

Second, if you click "BaroPAM Manager", the following "BaroPAM intro" screen appears.

 

 

Thirdly, after the "BaroPAM intro" screen lasts for 3 seconds, the "BaroPAM Certification" screen that authenticates to change the environment settings of BaroPAM for Windows appears as follows.

 

 

Enter the OTA key generated by the BaroPAM app in "Verification code:" and click the "Login" button. If the OTA key entered is incorrect, a message box at the bottom displays "Certification failed. Please re-enter your verification code." It is displayed, and the OTA key must be regenerated and entered in the BaroPAM app.

 

 

When using biometric authentication, the following biometric authentication screen appears instead of the "BaroPAM Certification" screen.

 

 

Fourth, when authentication of the OTA key is completed on the biometric authentication or "BaroPAM Certification" screen, the "BaroPAM Manager" screen appears where you can change the environment settings of BaroPAM for Windows as follows.

 

 

Fifth, if you click the "Update" button at the bottom of the "BaroPAM Manager" screen, the following message will appear if it is the latest version.

 

 

Sixth, if there are contents to be updated in BaroPAM, the update process proceeds as follows.

 

 

Seventh, after the update of BaroPAM has proceeded normally, in order to apply the update, you need to reboot Windows manually by pressing "Winkey+L" or if you need to reboot Windows.

 

 

 

3. BaroPAM resetting

  

3.1 BaroPAM environment resettings

 

If you need to reset the environment after installing BaroPAM, reset the BaroPAM environment in the following order.

 

First, click the "Start" button at the bottom right of Windows and click "BaroPAM Manager" as follows.

 

 

Second, if you click "BaroPAM Manager", the following "BaroPAM intro" screen appears.

 

 

Thirdly, after the "BaroPAM intro" screen lasts for 3 seconds, the "BaroPAM Certification" screen that authenticates to change the environment settings of BaroPAM for Windows appears as follows.

 

 

Enter the OTA key generated by the BaroPAM app in "Verification code:" and click the "Login" button. If the OTA key entered is incorrect, a message box at the bottom displays "Certification failed. Please re-enter your verification code." It is displayed, and the OTA key must be regenerated and entered in the BaroPAM app.

 

 

When using biometric authentication, the following biometric authentication screen appears instead of the "BaroPAM Certification" screen.

 

  

Fourth, when authentication of the OTA key is completed on the biometric authentication or "BaroPAM Certification" screen, the "BaroPAM Manager" screen appears where you can change the environment settings of BaroPAM for Windows as follows.

 

 

▣Limit number(1~10 times)

 

Set the limited number of times (1~10) for the OTA key. If you do not enter the limit number or it is out of range, the following message appears on the screen.

 

 

▣Limit time(15~600 sec)

 

Set the time limit (15~600 sec) for the OTA key. If you do not enter the time limit or go out of range, the following message will appear on the screen.

 

 

The time limit is forcibly closing the logon screen of the remote visitor who tried to log on if the logon fails as many times as the limited number of times during the time limit when attempting to log on to Windows by connecting remotely.

 

▣Key method

 

The authentication method of the OTA key is selected from app1, app256, app384, app512 when using the BaroPAM app, which is a one-time generator, and card1, card256, card384, or card512 when using BaroCARD, an authentication card.

 

▣Cycle time(3~60 sec)

 

The authentication cycle time of the OTA key is a required input item and can be specified from a minimum of 3 seconds to a maximum of 60 seconds. If you do not enter the authentication cycle time or it is out of range, the following message appears on the screen.

 

 

If the OTA key authentication cycle time and the OTA key generation cycle time specified in the BaroPAM app, which is a OTA key generator, are different, login may not be possible because the OTA keys are different.

 

▣Secure key

 

The secure key assigned to each information asset is a required input item, and you must enter the secure key granted upon request from the vendor.

 

If you enter an arbitrary "Secure key" not given by the vendor, you may be unable to log on to the information asset because an incorrect OTA key is given.

 

If the secure key set in the information asset and the secure key registered in the BaroPAM app, which is a OTA key generator, are different, the OTA key is different, so you may not be able to log on to Windows.

 

If you do not enter the secure key or it is out of range, the following message appears on the screen.

 

 

▣Access control list

 

Select whether to allow (Allow) or exclude (Deny) 2nd authentication (additional authentication) during Windows logon.

 

If "Deny" is selected, only user accounts set in ACL (pam_baro_acl.ini) are allowed except for 2nd authentication (additional authentication), and user accounts that are not set are allowed.

 

When "Allow" is selected, only user accounts set in ACL (pam_baro_acl.ini) allow 2nd authentication (additional authentication), and user accounts that are not set are excluded.

 

▣Will it prevent main-in-the-middle attacks?

 

If "Yes" is selected to prevent a man-in-the-middle attack, other users cannot log on to Windows during the authentication cycle time of the OTA key. If "No" is selected, the OTA key Regardless of the authentication cycle time, all users are allowed to log on to Windows.

 

▣Emergency OTA key

 

The emergency OTA key can be set up to 5 8-digit numbers in case the OTA key generator BaroPAM 앱 app is unavailable or lost, and the emergency OTA key used when logging on to Windows is automatically deleted.

 

① Enter the emergency OTA key to be added as an 8-digit number.

② Click the "Add" button to add the emergency OTA key entered in ① to ③. If you want to delete the added emergency OTA key, double-click the emergency OTA key in ③ and it will be deleted in ③.

 

If you add more than 5 emergency OTA keys, the following message appears on the screen.

 

 

▣ACL Username

 

Registers a user account that needs to allow (Allow) or exclude (Deny) 2nd authentication (additional authentication) when logging on to Windows.

 

④ Enter the user account to be added.

⑤ Click the "Add" button to add the user account entered in ④ to ⑥. If you want to delete the added user account, double-click the user account in ⑥ and it will be deleted in ⑥.

 

▣Server name

 

You must enter the same computer name as the "server name" registered in the BaroPAM app, a OTA key generator.

 

If BLE(Bluetooth Low Energy) is used, if the set server name and the server name registered in the BaroPAM app, which is a OTA key generator, are different, automatic logon of Windows and screen saver lock prevention/automatic lock/automatic unlock The function does not work normally

 

▣Username

 

Specifies the Username used to log on to Windows.

 

When using "Local user", "Workgroup\Username", when using "Microsoft Account", "MicrosoftAccount\MS Registration Account", and when using "Windows server", "Domain Name" must be specified to log on to Windows.

 

In the case of a local user, if the work group is "WORKGROUP" and the user name is "baropam", "WORKGROUP\baropam", in the case of a Microsoft account, if the MS registration account is "mc529@nurit.co.kr", "MicrosoftAccount\mc529@nurit.co kr", if the domain name is "nurit.co.kr" for Windows server, enter "nurit.co.kr".

 

Note) To check the workgroup, right-click the "Windows Start" image -> click "System(Y)" -> click "Advanced system settings" -> check "Workgroup" on the "System Properties" screen.

 

 

Note) Check Username, which is the Windows user account, in "Search Windows -> Enter 'netplwiz' -> Open".

 

 

▣Environment settings

 

Select whether to share and use BaroPAM environment settings without classifying them by user or by user (Username).

 

If "Share" is selected, BaroPAM's configuration file (pam_baro_auth.ini) is shared and used without classifying BaroPAM's environment settings by user.

 

If "Username" is selected, BaroPAM's environment settings are classified for each user, and the BaroPAM environment configuration file (pam_baro_auth.ini) is set for each user and used.

 

▣Applying BLE

 

In order to minimize user's inconvenience, select "Applying BLE" when using the automatic log-in of the computer with a single touch in conjunction with the BaroPAM app and the function of preventing/auto-locking/auto-unlocking the screen saver.

 

If "Auto Login" is selected, it works with the BaroPAM app to automatically log in to the computer with a single touch and to prevent/auto-lock/auto-unlock the screen saver.

 

If you select "Screen Saver", you can use the function to prevent/auto-lock/auto-disable the computer's screen saver with a single touch in conjunction with the BaroPAM app.

 

▣DB Interconnection

 

When using user authentication by linking a database when logging on to Windows, click "DB Interconnection" at the bottom to display the following screen for setting information to connection to a database.

 

 

In the screen above, enter the database name, user ID, password, and user information SQL statement, which are information to be connected to the database, and click the "Save" button to save.

 

SELECT <PHONE_NO> AS PHONE_NO, <CYCLE_TIME> AS CYCLE_TIME FROM <TB_USER_INFO> WHERE <USER_ID> = :USER_ID   <PHONE_NO> : Column name with phone number <CYCLE_TIME> : Column name with OTA key generation cycle time <TB_USER_INFO> : table name with login-id <USER_ID> : The user-ID for which user information is to be queried. It must be the same as the Windows Logon-ID.   No other parts should be modified.

 

After entering the information to be connected to the database, be sure to click the "DB Test" button to test whether the database connection and user information are retrieved.

 

If the database connection is successful, a message containing the following user information (user-ID, phone number, cycle time) appears.

 

 

If the database connection fails, the following message appears, you must check the information to be connected to the database and change the information to be connected.

 

 

▣Application BLE Interconnection

 

In order to minimize the user's inconvenience, when using the application's automatic login function with a single touch in conjunction with the BaroPAM app, click "Application BLE Interconnection" at the bottom. Then, a screen for setting information to connected with the following application appears.

 

 

On the screen above, enter the system name, ID, and password (you do not need to enter it if you are not using it), which are information to be linked to the application.

 

▣Biometric Interconnection

 

In order to minimize user's inconvenience, when using the automatic logon function of Windows by face recognition using the computer's camera, after selecting "Biometric Interconnection", facial feature information is extracted and registered in the following order.

 

  

▣HTTP Interconnection

  

BaroPAM requests authentication from a server that comprehensively manages authentication rather than directly authenticating from Windows. BaroPAM requests authentication via http/https using cURL (Client URL). Enter the URL to be called.

 

The URL to be called (e.g. http://1.23.456.789/baropam/web/result_curl.jsp) internally includes server name (hostname), user account (username), authentication cycle (cycle_time), one-time authentication key (auth_key), etc. The parameters are included and are called when logging in to Windows to perform authentication.

 

 

The functions of the buttons at the bottom of the "BaroPAM Manager" screen are as follows.

 

1. Save button

 

When the "Save" button is clicked, the validity of the input items is first checked and then saved in the BaroPAM configuration files (pam_baro_auth.ini, pam_baro_acl.ini, pam_baro_db.ini).

 

 

Click the "OK" button to close the "BaroPAM Manager" screen.

 

Note) After resetting the BaroPAM environment, do not reboot Windows, but use the shortcut "Winkey+L" to test.

 

2. Update button

 

When you click the "Update" button, if there are contents to be updated in BaroPAM, the update process proceeds as follows. (Refer to "2.4 BaroPAM updating")

 

3. Copy button

 

If you click the "Copy" button, a screen for setting the BaroPAM environment setting file (pam_baro_auth.ini) for each user is displayed by dividing the environment settings of BaroPAM by user. (Refer to "1.4 BaroPAM environment settings")

 

 

Note) Username related error message when clicking "Save" button

 

1. If you want to register (save) by entering the same Username as the administrator ID     "You cannot save with the administrator's user ID."   2. If you do not have a user account in the Users\ directory, but you want to register (save)     "There is no registered user account. Please register a user account first in the Windows settings"   3. If you misspell your username     "This is an incorrectly entered 'Username' field. Must be entered as <Group>\<Username>."   4. If you have already registered a general user account and are trying to register again    "I already have settings in my user account. Saving will delete any existing settings. Do you want to continue?"   5. When registration is complete    "The setting information has been saved."

 

4. Log View button

 

If you click the "Log View" button, a copy of the authentication log logged during Windows logon is displayed on the "Windows Notepad" screen as follows.

 

 

5. Remove button

 

When you click the "Remove" button, the first step is to remove the information registered in the registry about BaroPAM as follows. (Refer to "3.2 How to Disable BaroPAM")

 

6. Help button

 

Click the "Help" button and the BaroPAM User's Guide for Windows displays the following on the screen.

 

 

7. Close button

 

Click the "Close" button to close the "BaroPAM Manager" screen.

 

 

3.2 How to disable BaroPAM

 

If you do not use the BaroPAM module while BaroPAM is installed, proceed with the removal of BaroPAM in the following order.

 

1. How to use BaroPAM Manager

 

If you click the "Remove" button at the bottom of the "BaroPAM Manager" screen, the information registered in the registry about BaroPAM is removed as follows.

 

 

First, since you need to allow the registry editor to change the device, click the "Yes" button and the following "Registry Editor" screen appears.

 

 

Second, after checking the contents of the "Registry Editor" screen, click the "Yes" button to remove the BaroPAM registry, and the following "Registry Editor" screen appears.

 

 

Click the "OK" button on the screen above to complete BaroPAM's registry removal.

 

Thirdly, the following message appears after removing the module that exists in the BaroPAM installation directory.

 

 

Click the "OK" button on the screen above to complete the removal of BaroPAM.

 

 

2. How to use "Unregister_x64.reg" file

 

First, execute the "Unregister_x64.reg" file, which is the following BaroPAM removal registry file, in the BaroPAM installation module directory.

 

 

Unregister_x64.reg file)

Windows Registry Editor Version 5.00   [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{325D6690-E5AC-4570-B15A-19A622571036}]   [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters\{325D6690-E5AC-4570-B15A-19A622571036}]   [-HKEY_CLASSES_ROOT\CLSID\{325D6690-E5AC-4570-B15A-19A622571036}\InprocServer32]   [-HKEY_CLASSES_ROOT\CLSID\{325D6690-E5AC-4570-B15A-19A622571036}]

 

Second, if you run the "Unregister_x64.reg" file, which is the registry file for removing BaroPAM, the following "User Account Control" screen appears.

 

 

Thirdly, since you need to allow the registry editor to change the device, click the "Yes" button and the following "Registry Editor" screen will appear.

 

 

Fourth, after checking the contents of the "Registry Editor" screen, click the "Yes" button to remove the BaroPAM registry, and the following "Registry Editor" screen appears.

 

 

Click the "OK" button on the screen above to complete BaroPAM's registry removal.

 

Note) After removing BaroPAM, do not reboot Windows, but use "Winkey+L" to test.

 

 

3.3 How to reuse BaroPAM

 

If the BaroPAM module is reused while BaroPAM is installed, proceed with the reuse of BaroPAM in the following order.

 

1. How to use BaroPAM Manager

 

If you click the "Save" button at the bottom of the "BaroPAM Manager" screen, the first step is to remove the information registered in the BaroPAM registry as follows.

 

 

First, if you click the "Save" button at the bottom of the "BaroPAM Manager" screen, the following "Registry Editor" screen appears to register BaroPAM in the Windows registry.

 

 

Second, after checking the contents of the "Registry Editor" screen, click the "Yes" button to register the BaroPAM registry, and the following "Registry Editor" screen appears.

 

 

If you click the "OK" button on the screen above, the following message appears after BaroPAM's registration in the registry is completed.

 

 

Note) After registering the BaroPAM registry, do not reboot Windows, but use "Winkey+L" to test.

 

2. How to use "register_x64.reg" file

 

First, execute the "register_x64.reg" file, which is the registry registration file of BaroPAM, as follows in the BaroPAM installation module directory.

 

 

register_x64.reg file)

 

Windows Registry Editor Version 5.00   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{325D6690-E5AC-4570-B15A-19A622571036}] @="BaroPAMLogon"   [HKEY_CLASSES_ROOT\CLSID\{325D6690-E5AC-4570-B15A-19A622571036}] @="BaroPAMLogon"   [HKEY_CLASSES_ROOT\CLSID\{325D6690-E5AC-4570-B15A-19A622571036}\InprocServer32] @="C:\\Program Files (x86)\\baropam\\baropam_x64.dll" "ThreadingModel"="Apartment"   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters\{325D6690-E5AC-4570-B15A-19A622571036}] @="BaroPAMLogon"

 

Second, if you execute the "register_x64.reg" file, which is a BaroPAM registry registration file, the following "User Account Control" screen appears.

 

 

Thirdly, since you need to allow the registry editor to change the device, click the "Yes" button and the following "Registry Editor" screen will appear.

 

 

Fourth, after checking the contents of the "Registry Editor" screen, click the "Yes" button to register the BaroPAM registry, and the following "Registry Editor" screen appears.

 

 

Click the "OK" button on the screen above to complete BaroPAM's registry registration.

 

Note) After reusing BaroPAM, do not reboot Windows, but use "Winkey+L" to test.

 

 

4. BaroPAM delete

 

In order to delete BaroPAM, you must first remove the information registered in the registry about BaroPAM, and then delete BaroPAM. (Refer to "3.2 How to Disable BaroPAM")

 

4.1 BaroPAM delete

 

First, if you register "Add or remove programs" in the search input item at the bottom left of Windows, the following screen appears.

 

 

Second, if you click "Add or remove programs" on the screen above, the following "Apps & features" screen appears.

 

 

Third, on the "App & features" screen, select "BaroPAM Manager" to delete as follows and click the "Uninstall" button to delete "BaroPAM".

 

 

  

5. BaroPAM FAQ

 

Message: After installing BaroPAM for Windows, the logon screen does not appear and malfunction occurs when logging on.

Cause: "Computer name" or "PC name" occurs because it contains Korean characters.

Action: Click "Explorer -> This PC -> Right-click -> Properties", check if "Computer Name" or "PC Name" contains Korean characters, and make sure to "use a combination of English letters, hyphens, and numbers" do.

 

Message: If you cannot log in because the OTA key does not match.

Cause: BaroPAM is a time synchronization method, so the time of the phone and Windows or Server must be the same.

Action: Check if the phone and Windows or Server time are correct.

 

Message: The "OTA key" is incorrect because the date and time of the Android phone or iPhone are different from the current time.

Cause: This is caused by not using the time provided by the network for the Android or iPhone's date and time.

Action: For Android phones, go to "Settings" -> "General management" -> "Date and time" -> "Automatic date and time" and "Automatic time zone" -> "Allow"

         For iPhone, go to "Settings" -> "Date & Time" -> "Set Automatically" -> "Allow"

 

Message: A 30 second delay for the logon script process to complete

          If you log on after deploying the Windows OS through a specific master image, the logon speed continues to take a long time.

Cause: On computers running Windows OS, the "Run logon scripts synchronously" group policy is enabled, so when trying to log on, the splash screen is displayed for 30 seconds. This is because the logon script then works with the user before the logon script process completes.

Action: As a workaround, changing the Timeout interval to less than 30 seconds improved logon speed.

         1. Start -> Run -> Run regedit.msc Registry Editor

         2. Go to the next path

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

         3. Create or modify the following values

            Name : DelayedDesktopSwitchTimeout

            Type : REG_DWORD

            Value :  5

         4. Check logon speed improvement after system restart.

 

Message: Even after deleting a Windows program, it is automatically reinstalled when the system is restarted.

Cause: This is because the image at the time of the last backup was loaded when Windows was restarted due to management programs such as PC automatic backup.

 Presumed to be installed through user consent when a user downloads and executes a specific file on the Internet or through an update method after installing a program.

 In reality, these installations are done by tricking or misleading users so that they don't see them properly.

When registered in the startup program folder, the file is repeatedly executed every time the system starts unless the file is removed.

Action: Find and remove files registered in the Startup folder (C:\Documents and Settings\(User Account)\Start Menu\Programs\Start program).

 

Message: Failed to open file "Filename"[error message]"

Cause: Occurs when Filename, an environment setting file, cannot be opened.

Action: After checking the error message, check if the configuration file exists and then reset it on the BaroPAM Setup screen.

 

Message: Invalid RATE_LIMIT option. Check pam_baro_auth.ini

Cause: Occurs when the RATE_LIMIT setting value among the contents of the pam_baro_auth.ini file, which is an environment setting file, is incorrectly set.

Action: Check the setting values ??of the limit count (1 < RATE_LIMIT < 100) and the limit time (1 < interval < 3600).

Reset after confirmation on the BaroPAM Setup screen.

 

Message: Invalid list of timestamps in RATE_LIMIT. Check pam_baro_auth.ini

Cause: Occurs when updated timestamps in the RATE_LIMIT option among the contents of the pam_baro_auth.ini file, an environment setting file, are incorrect.

Action: Check the updated timestamps in the RATE_LIMIT option of the pam_baro_auth.ini file, which is an environment setting file.

 

Message: Try to update RATE_LIMIT line.

Cause: The message displayed when you log in normally.

Action: No action

 

Message: Too many concurrent login attempts. Please try again.

Cause: Occurs when the DISALLOW_REUSE option (only one login is allowed within the OTA key generation cycle time) of the configuration file pam_baro_auth.ini file is set and login is retried within the OTA key generation cycle time after successful login.

Action: Login retry after one-time authentication key generation cycle time.

 

Message: Can't find ACL_TYPE[error message]

Cause: Occurs when there is no ACL_TYPE option or set value in pam_baro_auth.ini, an environment setting file.

Action: Check the ACL_TYPE option or setting value of the pam_baro_auth.ini file, which is an environment setting file.

 Reset after confirmation on the BaroPAM Setup screen.

 

Message: Can't find ACL_FILE[error message]

Cause: Occurs when there is no ACL_FILE option or set value in pam_baro_auth.ini, an environment setting file.

Action: Check the ACL_FILE option or setting value of the pam_baro_auth.ini file, which is an environment setting file.

 Reset after confirmation on the BaroPAM Setup screen.

 

Message: Invalid WINDOW_SIZE option in pam_baro_auth.ini

Cause: Occurs when the WINDOW_SIZE setting value (calibration time based on the current time) of the contents of the pam_baro_auth.ini file, which is an environment setting file, is incorrectly set.

Action: Based on the current time, check the set value of the one-time authentication key calibration time (1 < WINDOW_SIZE < 100).

 

Message: Trying to reuse a previously used time-based code.

          Retry again in 30 seconds.

          Warning! This might mean, you are currently subject to a man-in-the-middle attack.

Cause: The DISALLOW_REUSE option in the pam_baro_auth.ini file, an environment setting file, is an option in preparation for man-in-the-middle attacks.

        A man-in-the-middle attack occurs when an unauthorized entity places itself between two communication systems and intercepts the passing of information that is currently in progress. In a nutshell, what could be called a modern wiretapping system.

Action: No action

 

Message: Failed to allocate memory when updating pam_baro_auth.ini

Cause: Occurs when memory allocation fails when updating the configuration file pam_baro_auth.ini.

Action: Technical support

 

Message: Can't find HOSTNAME[error message]

Cause: Occurs when there is no HOSTNAME option or set value in pam_baro_auth.ini, which is an environment setting file.

Action: Check the HOSTNAME option or setting value of the pam_baro_auth.ini file, which is an environment setting file.

 Reset after confirmation on the BaroPAM Setup screen.

 

Message: Can't find SECURE_KEY[error message]

Cause: Occurs when there is no SECURE_KEY option or set value in pam_baro_auth.ini, an environment setting file.

Action: Check the SECURE_KEY option or setting value of the pam_baro_auth.ini file, which is an environment setting file.

         Reset after confirmation on the BaroPAM Setup screen.

 

Message: Can't link DB [error message]

Cause: Occurs when there are no DB link options or setting values in the DB file, pam_baro_db.ini file.

Action: Check the DB link option or setting value of the pam_baro_db.ini file, which is a DB file.

 Reset after confirmation on the BaroPAM Setup screen.

 

Message: Invalid verification code

Cause: Occurs when verification of the OTA key fails.

Action: Login retry.

 

 

6. About BaroPAM

 

 

Version 1.0 - Official Release - 2016.12.1

Copyright ⓒ Nurit corp. All rights reserved.

http://www.nurit.co.kr

 

Company: Nurit Co., Ltd.

Registration Number: 258-87-00901

CEO: Jongil Lee

Tel: +8210-2771-4076(Technical support, sales inquiry)

email: mc529@nurit.co.kr

Address: #913, 15, Magokjungang 2-ro, Gangseo-gu, Seoul (Magok-dong, Magok Techno Tower 2)