Smart Card plus PIN as a secure alternative to username/password.

The security of organisational data has taken on a new priority worldwide with the increasing sophistication and ease of computer and network compromise.

RedCrater’s Smart Card Computer Login is a forward-looking security solution which provides organisations not only highly secure computer login but also the flexibility to add other applications onto the same Smart Card.

Smart Cards are credit card–sized plastic cards that contain embedded integrated circuits. They can be used for identification and data storage as well as to facilitate electronic business transactions in a flexible yet secure way. Because Smart Cards provide strong user authentication they offer real benefit for secure login to computers, network resources, remote access, single sign-on to multiple applications, secure email and web communication.

Logging on with a Smart Card provides much stronger security than other logon methods, especially those which depend on traditional username and password systems because Smart Cards use true two-factor authentication (Smart Card plus PIN). To use the Smart Card the user inserts the card in a Smart Card reader that is attached to a computer and enters the PIN, which once validated logs the user onto the computer. Then when the user removes the Smart Card from the reader (i.e. they leave their desk) Windows can be configured to either logoff automatically or lock the workstation, thereby leaving the computer in a secure state.

RedCrater makes the implementation of Smart Cards for computer login easy by supplying an all inclusive per workstation package which includes the following components:

• A Crescendo C200 or C700 PKI Smart Card. Red Crater can program the proximity component of the Smart Card so that it can to be used with an organisation's physical access control system.
• An OMNIKEY Reader - We recommend the 3121 model for its ease of use.
• The configuration of Microsoft Certificate Services and Enrolment Workstations to support the issuing of Smart Cards to users.
• The setup of the Domain Controller and Group Policy to support computer login via Smart Cards.
• Installation of drivers on workstations or the configuration of a network wide installation using Group Policy.
• Two years of phone support.

Omnikey readers are designed to support any Smart Card for any application on any computer. OMNIKEY devices support all relevant operating systems from all Windows platforms to Linux and Mac OS. Certifications to all relevant industry standards including PC/SC, WHQL, USB CCID, EMV 2000, and Common Criteria ensure world-wide compliance and easy integration in any system.

Case Studies:

Microsoft

At Microsoft an employee uses the one (smart) card for identity, physical access and for computer login. The driver for the shift to Smart Cards was to address rapidly evolving threats to network security which Microsoft were particularly susceptible to due to their size - more than 120,000 computer users in over 400 locations worldwide most of which have remote access. After considering several alternative technology solutions, Microsoft determined that Smart Cards provided the most secure solution in combination with reliability, performance, cost, features, mobility benefits, ease of support, and integration with Microsoft Windows.

Microsoft found that not only did the change to employee Smart Cards substantially increase the overall security of network assets and data at Microsoft, they also offered other benefits:

• Increased flexibility. Smart Cards presented Microsoft with an extensible platform for future internal application development. The ability of Smart Cards to support other applications (such as e-mail and document signing, encryption of sensitive files, personal data storage, and cashless payment systems) was viewed as a key benefit.
• Easy to use. Microsoft employees had already been using an RFID style photo ID cardkey for building access. It was therefore an easy transition to using the combination smart chip and RFID capable cards.
• Leverage of existing infrastructure. Smart Cards use the PKI capabilities native to Windows Server operating systems so there was no requirement to install or maintain additional software.

Rabobank

Banks are being placed under increasing customer demands for trust and security, and as customers become more technology-savvy they expect greater ease of secure electronic banking. To build trust in its systems and communications Rabobank moved all applications to their intranet to make them available on all distribution channels and to enable centralised security. To ensure controlled and secure access to these applications by authentic employees, Rabobank deployed 33,000 Smart Cards combined with PKI technology. All employees use their Smart Cards for network access, Windows login and document signing. Smart Cards with magnetic stripes and proximity technology are also used for building access.

Rabobank have been proactive in introducing Smart Cards externally by providing them to large customers that require highly secure special transactions such as dealing room currency transactions. Using Smart Cards for ordering currency transactions avoids cost fluctuations inherent in delayed confirmation by phone. Rather, Smart Cards make the transaction almost real-time. Smart Cards are benefiting Rabobank customers with speed, cost-efficiency and transactional security.

Shell

With over 100,000 Smart Cards issued worldwide the Shell Group’s shift to this technology has been complex yet rewarding. With password management estimated to be US$100 per user per year and continuously escalating, Shell’s aim was to reduce the cost of managing their desktop/IT environment by 50% whilst also improving security with a simple yet extensible solution. Smart Cards offered the most secure and cost-effective solution to reduce support costs and to address the problem Shell had of never really knowing who was on the network. Shell adopted Smart Cards for user authentication, computer login, document signing and encryption, secure email and for physical access. Subsequently their functionality was extended to incorporate occupational safety and health information, with all uses integrated on a single employee Smart Card.