Advanced search
Knowledge Base
-- All --
NIH Public Knowledge Base
Search
Home
NIH Public Knowledge Base >
Application
>
NIH Login
> HHS ID Badge: Frequently Asked Questions
HHS ID Badge: Frequently Asked Questions
Article:
KB0011532
Published:
2013-06-25
Last modified:
2024-02-26
Questions
General Questions
What are smart cards?
What type of information is stored on/in HHS ID Badges?
What if a member of my staff does not have a HHS ID Badge?
Can I use my smart card to login when my computer is not connected to the network (i.e., NIHnet)?
Where can I get more information about HHS ID Badges?
Troubleshooting
"Your smart card is blocked"
Why is my PIV card not working as expected?
Certificate Questions
How can I tell which certificate is used for what?
Email Questions
I got new certificates (or a new badge), how do I read my old, encrypted email?
When I send an encrypted email, why do I see the message Microsoft Outlook had problems encrypting this message because the following recipients had missing or invalid certificates, or conflicting or unsupported encryption capabilities?
When I read an encrypted e-mail, why does Outlook say Your Digital ID name cannot be found by the underlying security system?
Email Knowledge Base Articles
General
What are smart cards?
Smart Cards (PIV cards, HHS ID Badge) are required by Homeland Security Presidential Directive 12 (HSPD-12) for logical access to federally controlled IT systems and physical access to federally controlled facilities.
What type of information is stored on/in HHS ID Badges?
On the HHS ID Badge you will find your printed picture, full name, agency, organization, card expiration date, card serial number, and federal agency credential number. The card's microchip stores a personal identification number (PIN), a unique identifier, an authentication key, and two electronic fingerprints.
What if a member of my staff does not have a HHS ID Badge?
Some applications are not available without an HHS ID Badge. See your CIO for information on what alternatives exist for staff who do not use PIV cards.
Can I use my smart card to login when my computer is not connected to the network (i.e., NIHnet)?
Yes, but only if you had previously used your smart card to login to your computer when it was attached to the network. When you login to Active Directory, Microsoft stores (caches) your validated credentials on your computer; when you log in without a network connection your credentials (smart card or password) are compared to what is stored in your computer.
Note:
If you renew your certificates or PIV smart card badge, you must login to Active Directory (the network) to make sure the cache is updated with your new certificates. This is also true if you change your password (i.e., you must login with your new password to make sure it is cached).
Where can I get more information about HHS ID Badges?
ORS Division of Personal Security and Access Control badge website:
https://www.ors.od.nih.gov/ser/dpsac/Pages/Home.aspx
DPSAC Contact Information:
Main Campus:
https://ors.od.nih.gov/ser/dpsac/contact/Pages/NIH-Bethesda-Main-Campus.aspx
Off Campus Locations:
https://ors.od.nih.gov/ser/dpsac/contact/Pages/other-DPSAC-locations.aspx
Search the NIH
Knowledge Base
.
Back to top
Troubleshooting
"Your smart card is blocked"
A smart card becomes blocked after 10 consecutive incorrect PIN entries. The count of incorrect tries is not reset by time and is only reset when the correct PIN is entered. Once the card is blocked the PIN must be reset at a Lifecycle Workstation (LWS). Some systems may instead refer to this as the card being "locked."
To find a LWS near you, view the following website:
https://ors.od.nih.gov/ser/dpsac/Pages/lifecycle-workstation.aspx
.
Why is my PIV card not working as expected?
For ActivClient, please see the following KB:
ActivClient: General Information
Detailed instructions from IDEMIA on configuring drivers required:
https://na.idemia.com/technology-resources/drivers/
For MacOS, please refer to the below KBs:
HHS ID Badge: Log into your computer (Mac OS)
Cisco AnyConnect VPN Client: How to connect (PIV card on a Mac)
ITAS: Unable to access with PIV card (Mac OS)
Back to top
Certificate Questions
How can I tell which certificate is used for what?
New certificates have a certificate type code that appears after your name:
-A indicates that the certificate is used for authentication.
-E indicates that the certificate is used for email encryption.
-S indicates that the certificate is used for digital signatures.
Back to top
Email Questions
I got new certificates (or a new badge), how do I read my old, encrypted email?
Old certificates will still be on your PIV card after you renew your certificates; however, for troubleshooting, follow
these key recovery instructions
to obtain copies of your prior certificates, which you can then use to read old, encrypted emails. When you get new certificates, you will also need to reconfigure your applications to use them.
When I send an encrypted email, why do I see the message Microsoft Outlook had problems encrypting this message because the following recipients had missing or invalid certificates, or conflicting or unsupported encryption capabilities?
You will see this message if either you don't have the recipient's email encryption digital certificate or the certificate you have is out-of-date (usually because the recipient's certificate has not replicated to the GAL yet).
For additional information, please see the below KBs:
Microsoft Office: Outlook - Encrypted certificates with security problems error
Microsoft Office: Outlook - Digitally sign and encrypt email (Windows)
When I read an encrypted e-mail, why does Outlook say Your Digital ID name cannot be found by the underlying security system?
This error message is displayed when Outlook cannot find the private key associated with the digital certificate used to encrypt the e-mail. First, make sure your smart card is in your smart card reader when you try to read the message.
If this is a brand-new e-mail message, make sure that your current smart card certificate is published to the GAL (see the NIH Smart Card Outlook Configuration and User Guide. It is also possible that the sender used an old certificate from their contacts list to send it to you. Have the sender get your new certificate from the GAL or send them a digitally signed email so that they can capture your new certificate to their contacts list. Then have the sender resend the encrypted e-mail to you.
Additional information
can be found in KB0011596
.
Email Knowledge Base Articles
For more information on Outlook PIV-related questions, please see the below KBs:
Outlook on the Web: Access using your HHS ID Badge
Microsoft Office: Outlook - Digitally sign and encrypt email (MacOS)
Microsoft Office: Outlook - Digitally sign and encrypt email (Windows)
Microsoft Office: Outlook - Email encryption methods used at NIH
Microsoft Office: Outlook - Encrypted certificates with security problems error
Office 365: Frequently Asked Questions (FAQs)
Back to top
NIH IT Service Desk Contact Information
Local:
301-496-4357
Toll-Free:
1-866-319-4357
TTY:
711
NIH IT Service Desk Portal:
http://itservicedesk.nih.gov/
Feedback
Please type feedback before submitting
Your feedback has been submitted, thank you
Please submit descriptive feedback after flagging an article, or it will not be modified
Submit
Permalink
:
Was this helpful?
Thank you
Yes
No
Create Incident
Rate this article