Public Key Infrastructure (PKI) for Rigorous User Identity Control
NEED (The Customer problem/need resolved with this solution)
In important applications (e.g. an access to financial or personal data), the User needs to establish a rigorous control over the identity of persons accessing these applications. It commonly implies a User Name (the User identifies him/herself as a person X) and a Password (I am really a person X because I know the password). This control system is simple and apparently very cost-effective. The Password might cause a variety of problems:
- It is possible to guess or find User Name and Password,
- End Users share User Names and Passwords,
- End Users write User Names and Passwords down,
- End Users forget User Names and Passwords,
- End Users rarely change Passwords.
Completely identical Password problem also occurs in other applications that require a rigorous identity control, such as e.g. the internal network access of an Employee or a business Partner over the VPN, that is, over the wireless network and Windows computer sign-in process. The Customer is recommended to use a completely identical solution for a variety of access controls without having to remember a few different passwords.
SOLUTION (What does the solution offer?)
This solution uses PKI Certificates to identify Users. The Certificates are stored onto smart cards. The User needs to have a smart card and a PIN to sign in the system. The Certificates stored onto smart cards can be accessed only after the card has been unlocked with a PIN. The Certificates are generated with the Public Key Infrastructure and stored onto cards with the use of the smart card management system. The recommended solution utilizes the Public Key Infrastructure, which can also be used for other purposes.
BENEFIT (What benefits does the Customer obtain from this solution?)<
Cost reduction, as the Users do not need to contact the Customer Support Service if they forget the password. Simpler utilization, as the Users need to remember only one PIN. Compliance with the Regulator’s requirements for rigorous identification, as the Users use two things for their identification (something that is in their sole possession: a smart card, and something that only they have any knowledge of: PIN). Unequivocal User identification, as the Users cannot share their User account. The system can be extended with the use of biometric User identification. In addition to their use for User identification, the Certificates can also be used for document signing and coding, computer data coding, coding of data passing through the network between routers, and integrated into the business process as a whole. It is possible to put all smart cards together with the Physical Access Control System and work time log.
OUR ADVANTAGES (Why to use our solution?)
If there are a larger number of smart cards, the biggest problem is the User Support during the entire smart card life cycle (issuance, replacement, unlocking, PIN change). Our solution has a very good card management system – the Users can carry out a large number of activities on their own without any need for technical support. The strategy of the PKI software support producer we use in this solution is to provide the Users with the original software code. The Users can thus extend the software with additional functions or check any undesired software activities. The licensing system in our solution is very User-friendly, and includes only a single fee, whereas other producers charge an annual license fee or a fee for each Certificate they issue. The system is very User adaptable and scalable.
REQUIREMENTS (What requirements should the Customer fulfill?)
The requirement the Customer should fulfill is that applications, computers and network equipment support User identification with the use of PKI Certificate, which is not possible at all times. For instance, network equipment access control cannot be carried out in this way. All Customers’ computers need to have smart card readers or smart tokens.
PRODUCTS AND SERVICES (What products and services does the solution require and contain?)
- Public Key Infrastructure (OpenTrust),
- Smart Card Management system (OpenTrust),
- Solution installation,
- Solution integration into the current Customers’ system,
- Training for Administrators,
- Training for Users,
- Documentation Development.