Access around the world

Access & Identity Management Handbook 2005 Access Control & Identity Management

"At Sun Microsystems we created a new smartcard solution for network security and physical access control called JavaBadge," said Chris Saleh, marketing manager and programme manager for JavaBadge. "We have rebadged every Sun employee worldwide, with over 31 000 JavaBadges issued. We are using Java Card technology manufactured by Axalto and readers from SCM Microsystems as well as our own embedded ones. The cards have a magnetic stripe and MIFARE contactless chip for access control, with most of Sun's entry doors converted to contactless smartcard technology now. We chose Java Card technology because it offers the important advantage of being able to dynamically add applications in the field in realtime."

Sun's implementation of JavaBadge had several objectives:

* Securely enable the virtual enterprise by rebadging employees with a multi-application Java powered digital ID card for authentication throughout the enterprise and convenient access to enterprise services.

* Improve security and increase productivity.

* Reduce costs and complexity.

* Provide a single federated source for all credentials.

* Deliver best practices and expertise for use in customer enterprise deployments.

Sun's implementation is an excellent example of how smartcards can help enterprises move to a single multi-application ID card or badge that cost-effectively replaces multiple credentials. Sun launched the JavaBadge programme to unify a number of Sun credential-based applications on one centrally issued and managed platform. The initial JavaBadge was designed to replace multiple cards:

* Suns corporate badge/identity card.

* The Sun Ray appliance session mobility card.

* An authentication token card used by employees to authenticate themselves to systems, applications and the network from remote locations (eg, home, hotel), and to digitally sign and encrypt documents and transactions for non-repudiation and improved security.

* A remote access challenge/response token.

* An e-purse/payment card.

One application of the card is building access, but the main reason Sun adopted smartcards was to implement logical access to the company's network using Sun Ray appliances, the thin clients deployed at Sun. "We have flexible offices for 25 000 employees, meaning you do not always work at the same office," said Saleh. "Sun Ray delivers IT services in a very cost effective manner, because all sessions reside on servers. The smartcard is the key to the system, because it lets people bring up their own sessions and user environment."

"For example, say you want to leave for the gym. You pull out your JavaBadge from the Sun Ray appliance, which powers down to save energy. When you return from the gym you go to another office and use your card to get your session back up again. Once you insert the JavaBadge into the appliance it powers up, gets your personal session from the Sun Ray appliance and takes you right back to your personal session where you left off. Sun calls it 'session mobility,' which is being able to carry your user environment from one area to another," explained Saleh.

"We are entering a new phase with Java Card technology to issue certificates on smartcards," said Saleh. "We will have three applications secured by a public key infrastructure: authentication/single sign-on, signature, and encryption for secure e-mail transmissions. For higher levels of security we want dual-factor authentication - what you have and what you know. The card is what you have and the personal identification number is what you know in order to log in to services. Down the road, maybe we will use three-factor authentication with the addition of biometrics."

There were many reasons for Sun to go to smartcards in addition to the ability to use the Sun Ray appliances. "It is technically safer to store PIN and key information on smartcard hardware tokens than on a computer hard drive in some server room. It eliminates the inefficient use and inherently weak security of passwords. We were motivated to go to smartcards for legal reasons too. To move commerce to the Internet, we needed a robust system that offers non-repudiation, and Europe dictates smartcards and PKI to achieve this. Finally, the smartcards enabled us to consolidate four or five credentials into one card," stated Saleh.

References

"Securing the Enterprise" Albert Leung, group marketing manager, Java Card Technology, Sun Microsystems, Smart Card Alliance Annual Conference presentation, 16 October 2003.

"One Card Fits All' Boardroom Minutes: Technology Intelligence for Business Executives, http://wwws.sun.com/software/sunone/boardroom/newsletter/0603solutions.html.

These profiles were developed by the Smart Card Alliance Secure Personal ID Task Force and as part of the report, "Logical Access Security: The Role of Smart Cards in Strong Authentication," available at http://www.smartcardalliance.org/alliance_activities/logical_access_report.cfm. For more information about how smartcards are used for secure identification applications, visit the Alliance web site at http://www.smartcardalliance.org.





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Integrated, mobile access control
SA Technologies Entry Pro Technews Publishing Access Control & Identity Management
SMART Security Solutions spoke to SA Technologies to learn more about what is happening in the estate access world and what the company offers the residential estate market.

Read more...
Bespoke access for prime office space
Paxton Access Control & Identity Management Residential Estate (Industry)
Nicol Corner is home to a six-star fitness club, prime office space, and an award-winning rooftop restaurant. It is also the first building in South Africa to have its glass façade fully incorporate fritted glazing, saving 35% on energy consumption.

Read more...
Next-generation facial recognition access control system
Enkulu Technologies Products & Solutions Access Control & Identity Management Residential Estate (Industry)
With a modern and innovative design, iDFace is the ideal device for monitoring and controlling people entering and exiting a building using facial recognition technology, including liveness detection, for enhanced security.

Read more...
Long-distance vehicle identification
Products & Solutions Access Control & Identity Management Residential Estate (Industry)
The STid SPECTRE reader can identify vehicles up to 14 metres away, across four traffic lanes, ensuring secure access to an estate without disrupting the traffic flow.

Read more...
Multi-modal access control solutions
Suprema neaMetrics Products & Solutions Access Control & Identity Management Residential Estate (Industry)
Suprema’s latest multi-modal access terminals are top-of-the-range, highly secure, easy to install, and easy to use. They feature biometrics, mobile access, and RFID and are both PoPIA and GDPR compliant.

Read more...
Battery-powered video doorbells
Ring Products & Solutions Access Control & Identity Management Residential Estate (Industry)
Ring has announced the latest addition to its line of video doorbells. The Battery Video Doorbell Pro builds on the capabilities of its predecessor, providing greater value and convenience for homeowners.

Read more...
Tackling estate entrance challenges
Turnstar Systems Products & Solutions Access Control & Identity Management Residential Estate (Industry)
The Velocity Raptor’s retractable spikes deter criminals from entering estate premises; equipped with LED lights, it provides visibility during the day and night, and in adverse conditions.

Read more...
HELLO visitor access management
Products & Solutions Access Control & Identity Management Integrated Solutions Residential Estate (Industry)
HELLO is an on-premises visitor and contractor access management solution designed to be fully integrated and complementary with smart, on-trend technologies, securing estates and businesses alike.

Read more...
Digital transformation in estate environments
Regal Distributors SA Products & Solutions Access Control & Identity Management Residential Estate (Industry)
Digital transformation has brought all users into digital processes across every industry and activity, interlinking activities and crossing industry boundaries. This complexity leads to significant changes in previously established workflows, especially in visitor management.

Read more...
Same old cables, new intercom
Hikvision South Africa Products & Solutions Access Control & Identity Management Residential Estate (Industry) Smart Home Automation
Retrofitting old residential complexes with a modern two-wire HD video intercom system is more than an upgrade. For many homeowners and renters, these systems represent a leap into the future.

Read more...