I mentioned in the last post that we recently reviewed hardware and software that could work well for solutions that converged authentication, building access and (potentially) entitlements. Two stood out from the rest: HID Crescendo cards and Aladdin’s USB eTokens.
Building access cards are ubiquitous in companies that have secured buildings and offices. HID Corp. are the defacto building access solution (at least around here) and many large companies have a significant investment in HID products. The Crescendo card has two proximity anttenae and a smart chip for storing digital certificates or other data. In our project, we were able to (quite easily) prove that the card would gain access to our building, and provide strong authentication during network login. Other potential uses include:
- Preboot authentication
- Storage of entitlements, e-cash or other pre-payment data
- Employee picture ID card
- Disk encryption
Aladdin’s USB eToken has similar capabilities, albeit in a different form factor. We proved that it can provide strong authentication to Windows using Aladdin’s replacement login utility. It can support all the same features as the HID solution — yes, even a proximity component for building access is possible — except, obviously, the picture ID.
The point of this post isn’t to promote these products — there are others that can produce the same results — but rather to illustrate how technology can support convergence use cases. Users don’t want a card for building access, another for picture ID, a fob for network access and a USB for pre-boot authentication.
Convergence of these capabilities into a single form-factor should be the goal for the simple reason that it increases acceptance of the IT security solution being implemented. Greater acceptance = higher usage and better security.