Single sign-on authentication solutions with RFID and mobile technologies
The pandemic has permanently changed the way we work. But regardless of whether it's in the office or at home, data and networks must be always protected against unauthorized access.
One approach to improve security is to use single sign-on (SSO)/PC logon systems that combine middleware with RFID (radio frequency identification) or smartphone-enabled technologies for user authentication.
Single sign-on (SSO)/PC logon systems are proven to be effective at simplifying processes and reducing complexity for employees giving them secure access to all services, networks and files.
While a single sign-on saves employees time helping to increase, authentication via SSO/PC logon systems is often still performed using passwords. But using passwords isn’t always ideal.
For instance, employees often use easy-to-remember passwords that can be guessed or compromised.
Although the use of "non-compromisable" passwords is clearly defined in ISO standard 270001 for information security management systems, these are so comprehensive and complex that users can quickly develop "password fatigue".
With so many passwords to remember, people often write them down or share them with colleagues. However, the consequences of compromised or shared passwords can be severe, ranging from intellectual property theft and damage to an employer's image, to fines for data privacy violations.
Reliable and convenient authentication with SSO in combination with RFID and mobile technologies
There are plenty of password authentication solutions on the market. One approach is to use an SSO solution that combines PC logon middleware with RFID or smartphone-based Bluetooth Low Energy (BLE) or Near Field Communication (NFC) systems.
A reader is connected to -- or integrated with -- a computer or workstation and connected to the PC-Logon middleware. Instead of entering a password to log on, users simply hold their ID card or smartphone with their digital ID against the reader to gain access to networks, services and files.
Easy to use, RFID cards are already widely used for employee identification and building access control. The same cards could also be used for secure authentication as part of SSO/PC logon systems.
Smartphones are also ideal for accessing corporate networks and resources.
Whichever approach is favored, SSO/PC logon solutions work just as reliably in the office as they do when working on a laptop while out of the office. This simple authentication saves time during logon and reduces user password fatigue increasing security.
Another positive outcome is that it is always possible to track who has accessed data and when.
However, it is not only users who benefit from switching to such an SSO/PC logon system. Companies also gain considerable advantages because:
- The time spent on IT support due to forgotten passwords is reduced
- The system contributes to the implementation of ISO 270001
- It centralizes and simplifies the management of authentication systems
- It provides the ability to secure all levels of access to systems without the need for multiple requests from the user
- It centralizes access control information for compliance testing with various standards
- Under certain conditions, it can be used to apply for government subsidies for the conversion to digital processes or digital transformation.
How RFID, NFC and BLE work
RFID cards have an embedded chip (or tag) that consists of two main components:
- an integrated unit that can store and process information
- an antenna to transmit or receive a signal.
Each RFID card stores a unique set of data - for example, a number - that is used to identify the card and, therefore, the person carrying it. When a card with an embedded RFID tag is in the vicinity of an RFID reader, the reader sends out a radio signal to interrogate the tag. The radio signal activates the tag, which then uses the energy from the radio signal to communicate its unique ID to the reader.
Both BLE and NFC are technologies for contactless data exchange. Their main difference from RFID is that the information carriers (e.g., smartphones) are active radio transmitters and require a power source.
- NFC is based on high-frequency RFID technology (13.56 MHz) and enables contactless data exchange in near-field communication (<10 cm)
- BLE is a short-range radio technology for distances up to ten meters in the 2.4 GHz frequency range.
When smartphones are used for user authentication and access control, they act as card emulators and send a unique user ID to the reader.
Criteria for successful implementation
When implementing an SSO/PC logon system that uses RFID, NFC or BLE for authentication, there are three aspects that require special attention to make the solution a sustainable success.
Flexibility through universal readers
A variety of card technologies are available on the international market, each with its own data formats, communication frequencies and security functions. For companies and organizations, this means they can employ ID cards with different technologies. This is useful if employees visit offices in different countries.
However, most readers are only capable of reading a few card technologies. One solution revolves around multi-frequency readers that are compatible with up to 60 common transponder technologies worldwide and certified for use in up to 110 countries. These universal devices use RFID for authentication and access as well as NFC or BLE. This means that mobile devices can also be integrated into the system, providing the greatest possible flexibility for users.
A modern authentication solution that uses multi-frequency readers allows seamless integration of different applications into an organization's existing systems. Multiple applications such as SSO, access control, or time and attendance can also be integrated as part of the system. This helps to ensure unified and time-saving management and maximum usability.
Reliable protection of networks and data
Readers must also be secure against both physical tampering and hacker attacks. They also need to support advanced encryption for high-security applications. Only then can a secure authentication process be ensured. To secure an authentication solution, however, it is not enough to consider the reading device alone. It is necessary to include the entire system in the company's security concepts.
Focus on future security -- thanks to remote updates and upgrades
Requirements and IT infrastructures change over time. To ensure their systems are future-proof, organizations are encouraged to adopt a flexible system that allows for future upgrades. Readers should, therefore, have a robust open programming interface that makes them adaptable and future-proof.
This makes it possible to program readers in such a way that they offer important functions for sophisticated PC logon middleware and to meet new requirements in the future. A central remote configuration option is also essential for SSO/PC logon applications.
This allows all installed readers to be updated centrally and cost-effectively -- regardless of their number and location. This means that the same level of security can always be guaranteed when working in the office, at home, or on the move.
Image credit: rclassenlayouts/ depositphotos
Burhan Gündüz is Vice President Secure Printing EMEA & Japan, Elatec