This site requires JavaScript to be enabled
NIH Public Knowledge Base > Application > NIH Login > HHS ID Badge: Frequently Asked Questions
HHS ID Badge: Frequently Asked Questions
Article: KB0011532 Published: 2013-06-25 Last modified: 2024-02-26


Questions


General Questions

Troubleshooting


Certificate Questions


Email Questions

 

General


What are smart cards?
Smart Cards (PIV cards, HHS ID Badge) are required by Homeland Security Presidential Directive 12 (HSPD-12) for logical access to federally controlled IT systems and physical access to federally controlled facilities.


What type of information is stored on/in HHS ID Badges?
On the HHS ID Badge you will find your printed picture, full name, agency, organization, card expiration date, card serial number, and federal agency credential number. The card's microchip stores a personal identification number (PIN), a unique identifier, an authentication key, and two electronic fingerprints.


What if a member of my staff does not have a HHS ID Badge?
Some applications are not available without an HHS ID Badge. See your CIO for information on what alternatives exist for staff who do not use PIV cards.


Can I use my smart card to login when my computer is not connected to the network (i.e., NIHnet)?
Yes, but only if you had previously used your smart card to login to your computer when it was attached to the network. When you login to Active Directory, Microsoft stores (caches) your validated credentials on your computer; when you log in without a network connection your credentials (smart card or password) are compared to what is stored in your computer.

Note: If you renew your certificates or PIV smart card badge, you must login to Active Directory (the network) to make sure the cache is updated with your new certificates. This is also true if you change your password (i.e., you must login with your new password to make sure it is cached).


Where can I get more information about HHS ID Badges?
Back to top

 

Troubleshooting


"Your smart card is blocked"
A smart card becomes blocked after 10 consecutive incorrect PIN entries. The count of incorrect tries is not reset by time and is only reset when the correct PIN is entered. Once the card is blocked the PIN must be reset at a Lifecycle Workstation (LWS). Some systems may instead refer to this as the card being "locked."

To find a LWS near you, view the following website: https://ors.od.nih.gov/ser/dpsac/Pages/lifecycle-workstation.aspx.


Why is my PIV card not working as expected?
For ActivClient, please see the following KB: ActivClient: General Information

Detailed instructions from IDEMIA on configuring drivers required: https://na.idemia.com/technology-resources/drivers/

For MacOS, please refer to the below KBs:

Back to top

 

Certificate Questions


How can I tell which certificate is used for what?
New certificates have a certificate type code that appears after your name:

-A indicates that the certificate is used for authentication.
-E indicates that the certificate is used for email encryption.
-S indicates that the certificate is used for digital signatures.

Back to top

 

Email Questions


I got new certificates (or a new badge), how do I read my old, encrypted email?
Old certificates will still be on your PIV card after you renew your certificates; however, for troubleshooting, follow these key recovery instructions to obtain copies of your prior certificates, which you can then use to read old, encrypted emails. When you get new certificates, you will also need to reconfigure your applications to use them.


When I send an encrypted email, why do I see the message Microsoft Outlook had problems encrypting this message because the following recipients had missing or invalid certificates, or conflicting or unsupported encryption capabilities?
You will see this message if either you don't have the recipient's email encryption digital certificate or the certificate you have is out-of-date (usually because the recipient's certificate has not replicated to the GAL yet). 

For additional information, please see the below KBs:


When I read an encrypted e-mail, why does Outlook say Your Digital ID name cannot be found by the underlying security system?
This error message is displayed when Outlook cannot find the private key associated with the digital certificate used to encrypt the e-mail. First, make sure your smart card is in your smart card reader when you try to read the message.

If this is a brand-new e-mail message, make sure that your current smart card certificate is published to the GAL (see the NIH Smart Card Outlook Configuration and User Guide. It is also possible that the sender used an old certificate from their contacts list to send it to you. Have the     sender get your new certificate from the GAL or send them a digitally signed email so that they can capture your new certificate to their contacts list. Then have the sender resend the encrypted e-mail to you.

Additional information can be found in KB0011596.


Email Knowledge Base Articles
For more information on Outlook PIV-related questions, please see the below KBs:


Back to top

 

NIH IT Service Desk Contact Information


Local: 301-496-4357
Toll-Free: 1-866-319-4357
TTY: 711
NIH IT Service Desk Portal: http://itservicedesk.nih.gov/


 


Expand/Collapse Comments
:     
Was this helpful?
YesYesNoNo
Rate this article