Adding IT applications to the existing physical security badges paves the way
Using contactless technology on the desktop to lock down computers is starting to find more proponents as companies begin to ratchet up their portfolios to include more logical access devices that make it easier, and potentially less expensive, to migrate to the systems.
Logical access can involve either contact or contactless ID cards as well as key fobs but it goes beyond simple passwords. The majority of logical access smart card systems up until now have involved contact cards. But as contactless smart cards become more prevalent for physical access, vendors have introduced products so the same card can be used for logical access.
It all comes down to using the same badge to get in the front door and to logon to a computer. This has been problematic in the past because of cost and technology issues, says Dan DeBlasio, director of business development of identity and access management at HID Global. “Many organizations have not yet moved beyond password-only security because traditional alternative log-in solutions have been too involved or too costly,” he says.
HID has released two products that aim to make using contactless on the desktop simple: HID on the Desktop and naviGO.
NaviGO is a software credential management system that is used for setting up cards and managing access, says DeBlasio. The product works with either HID’s prox or iClass smart cards.
“The same software is used regardless of the type of card or the approach a company has to access computers,” DeBlasio says. “Organizations do not need to re-badge as prox and iClass cards can be user provisioned in the field in a self service manner.”
The naviGO product helps establish the second factor and links the card to the company’s IT system via a self service portal. “This naviGO capability removes what has been a significant impediment to the adoption of logical access control: the deployment and ongoing management of the IT credential,” says DeBlasio.
More user control
It also gives the user more authority in managing access to the computer, enabling the setup and reset of PINS, says DeBlasio, this saves the company money since users have fewer calls to a help desk when he forget a PIN or needs it reset.
HID on the Desktop, enables a user to enact two-factor strong authentication to a company’s IT network. Computer maker Dell has rolled out versions of its Latitude E-Family laptop series that contain contactless smart card reader technology and software with the capability to read HID’s iCLASS cards, says DeBlasio.
After turning on the Dell laptop, a user must present his iCLASS card to the contactless smart card reader located in the palm rest of the laptop. If the card is determined valid, the laptop will continue to boot to the Windows operating system.
It’s all about convergence
Urs A. Lampe, vice president of product marketing and new business at LEGIC Identsystems, looks at logical access from a convergence perspective, using the same card for multiple purposes. This can be anything from a credit card or employee ID badge that can also be used for logical access. “You can use one card to do many things,” Lampe says.
For example, says Lampe, a Visa contactless payment card could be used as a multifunction credential for campus cards or for entry into a work place or computer. “You can use the same card to manage your student account at the bank or to gain access to buildings. It becomes a device that can help a student manage his life,” he adds.
LEGIC has one system it calls card-in-card. It’s designed to simplify adding applications to a customer’s existing smart card, for example, handling logical access in addition to the card’s other duties that may include physical access, an e-purse, etc. “You have to move your applications into the customer device, which may be a credit card, a logon token or a mobile phone,” Lampe says.
The applications are stored in the LEGIC virtual multi-application transponder on the micro-controller of the credit card. This allows the integration of applications for personal identification with contactless or dual interface smart cards provided by third parties, says Lampe. “You want them on the same chip but they don’t necessarily have to talk to each other.”
Lampe says contactless for physical access is popular in Europe. “It’s one of the best alternatives because contact doesn’t work. It’s not suitable for opening doors thousands of times.” Still, logical contactless access has a ways to go, at least in Europe, “It’s elegant, but is it practical?” Lampe asks.
Dell think it is, says Craig Durr, senior product planner for security and software in business client marketing at Dell. Especially during tough economic times when corporations want to use what they have. “IT administrators and chief security officers want to leverage existing infrastructures,” Durr says. “Here’s another opportunity for someone to leverage integrated contactless smart card technology into the system they already have to login to the desktop and to the network.”