Corporations are increasingly recognizing the benefits of consolidating physical and network (logical) security functions to centralize access control, increase security of their IT systems and physical assets and manage the costs of administering systems. This consolidation or convergence to a single smart card-based access system can increase overall security for the company.
ActivCard has seen this convergence taking place and is positioning itself as a provider of an end-to-end system for deploying and managing the life cycle of smart cards for both logical and physical security systems.
Explains Dan Monahan, ActivCard’s director of business development: “Our software can manage one-time password tokens, and multi-application smart cards or USB keys with a smart chip embedded. It’s a system that will extend to dual interface technology (contact/contactless cards), so there’s a bunch of different pieces, and we provide the end-to-end solution.”
The company’s roots …
ActivCard was founded in 1988. It has pioneered technology for some of the largest global smart card identity badging projects, including the U.S. Department of Defense’s Common Access Card program. ActivCard supports its six million users from its headquarters in Fremont, California, and its additional locations worldwide, including Australia, France, Canada, Germany, India, Japan, Singapore, South Africa, Sweden, and the United Kingdom.
“We’re a software and solutions provider,” says Mr. Monahan. The company does not produce chips or smart cards, but rather the software, or applets, that run on them.
ActivCard applications are designed to link with physical access and digital identity functions, such as secure remote access, secure sign-on, secure desktop, the Corporate Access Card, Enterprise IDs and Card Management Systems, and access cards such as those used by the U.S. government.
“We’ve been growing; we’ve got a number of large deployments both in financial, enterprise, and government markets,” he added.
How they got where they are today …
The company raised $306 million through through a secondary offering on NASDAQ (ACTI) in 2000. “We have $235 million in the bank and no long-term debt, so we’re sound financially,” Mr. Monahan said. Strategic investors include Sun Microsystems, Schlumberger, and SCM Microsystems.
Events that helped ActivCard slingshot ahead were its acquisitions in 2001 of three companies: Ankari (American Biometric Co.) Ottawa, Ontario; SafeData Systems, France; and Authentic8, Melbourne, Australia.
“With Ankari, we gained a single sign-on product that combined single sign-on with strong authentication, not just password management, allowing us to leverage smart cards with biometrics,” said Mr. Monahan.
“SafeData provided us with a complete authentication server for one-time passwords that used our patented algorithm for generating the one-time passwords and directory-based authentication and digital identity management,” he said.
Added to these, “Authentic8 was a provider of card management systems closely tied to outsourcing of security and authentication, such as Verisign.”
The company’s solutions allow organizations to issue, use, and manage digital identities that ensure users are who they say they are. By consolidating user credentials on a single, multi-function smart card, the company eliminates the security risks associated with internal and external threats by unauthorized access and ID theft.
“Companies are realizing that security is something they have to look at in a holistic way, from the physical access to the company’s properties as well as the logical access to protect the intellectual properties and operational systems,” explained Mr. Monahan. “What information security managers are looking at is the whole security of the company, which is leading to a lot of convergence with credentials being managed on a corporate ID.”
The company’s customer base …
ActivCard’s customers are focused mainly in corporate, health care, financial and government markets.
“We have a number of corporations which have deployed hybrid cards. Microsoft, for example, uses a combination building and computer access card. Every Microsoft employee has a card with network access credentials as well as building access credentials, and they need that card in order to access the facility or the network. They use a Microsoft digital certificate for the local area network and for enabling telecommuting. They want to make their employees productive, but it is a highly-targeted hack site, so they needed strong authentication–and passwords alone weren’t going to cut it.”
Another ActivCard corporate deployment is with an energy company in the Midwestern U.S. “They’re using the card for logical and physical access and a one-time password for their dial-in services. They’ve deployed this to comply with some of the government infrastructure security recommendations,” said Mr. Monahan.
“We’re in pilots with a number of health care organizations concerned about compliance with HIPAA (Health Insurance Portability and Accountability Act). We do see a number of different usage scenarios where RFID will be a key requirement.” As an example, he said, doctors and nurses could use their RFID card to access a kiosk to check a patient’s record, but when they walk way, they’re automatically logged out.
The future …
Today, he said, you have hybrid cards managed by separate systems. “There’s a logical security system managing network access and there’s a physical access control system managing building access. We see a lot of that merging.” Convergence, then, one card for both physical and logical access, seems to be where the market is heading. And that is just the situation on which ActivCard is banking.