Challenge/Response workflow

The Challenge/Response procedure is based on two components:

  • The endpoint on which the Challenge code is generated.

  • The SafeGuard Management Center where, as a helpdesk officer with sufficient rights, you create a response code that authorizes the user to perform the requested action on their computer.

    Note: For a Challenge/Response process, you need Full access rights for the computers/users involved.
  1. On the endpoint, the user requests the challenge code. Depending on the recovery type, this is either requested in the SafeGuard Power-on Authentication or in the KeyRecovery Tool.

    A challenge code in form of an ASCII character string is generated and displayed.

  2. The user contacts the helpdesk and provides them with the necessary identification and the challenge code.
  3. The helpdesk launches the Recovery Wizard in the SafeGuard Management Center.
  4. The helpdesk selects the appropriate recovery type, confirms the identification information and the challenge code and selects the required recovery action.

    A response code in form of an ASCII character string is generated and displayed.

  5. The helpdesk provides the user with the response code, for example by phone or text message.
  6. The user enters the response code. Depending on the recovery type, this is either done in the SafeGuard POA or in the KeyRecovery Tool.

    The user is then permitted to perform the authorized action, for example resetting the password, and can resume working.