Powerful access protection – smart card PKI logon solutions

The SEFIROT smart card PKI logon solutions belong to the so-called powerful authentication solutions.

If authentication solutions are integrated in a public key infrastructure and the users log on with smart card and their PIN, possessions and knowledge, this is known as a “powerful dual or multiple factor authentication solution”.

The RSA key pair used for authentication is generated solely on the smart card. The private key is held in the store of the secure smart card and never leaves it.

Primary authentication security

Access protection security is of particular importance for the primary authentication for a computer system. The responsible IT personnel rely upon the high security standard of the dual or multiple factor authentication.

However password solutions are designed, and these include the OTP solutions – which not without reason have fallen into disrepute, they are not to be recommended at this critical interface.

Highly practical access protection solutions for Citrix scenarios

Our smart card PKI logon products – excellent and well thought out access protection solutions – are very much in demand for complex application scenarios, when solutions designed for simple applications are no longer adequate.

With our solutions we support a mixture of Windows and Linux Client Systems, Citrix Receiver and ICA Clients, Citrix StoreFront and Citrix Web interface together with delivery controller sites, all variations of the logon with series connected PKI, Kerberos and PIN pass-through scenarios, from simple domain logons to complex terminal logon scenarios in Citrix XenDesktop / XenApp environments.

If the simple PIN entry at the keyboard doesn’t seem secure enough to you, we shall switch your system over to the secure PIN entry at the PIN pad of a card terminal. In this case the PIN is transferred from the PIN pad directly to the smart card and not via the insecure USB connection between the card terminal and the PC. In this way the PIN cannot be tapped by viruses, Trojans or USB sniffers.

In some application scenarios a secure PIN entry cannot be taken for granted but it is a unique feature of our solutions.

All-round service for the implementation and operation of our logon solutions guaranteed

We address all supplementary questions and meet all requirements arising in connection with the implementation of an authentication solution. The questions and requirements are no strangers to us. That’s why, in addition to suitable concepts, we have a range of products that round off the implementation and operation of such a secure logon solution.

Structure of the PKI infrastructure

We devise and realise the structure of suitable public key infrastructures which match customer requirements. We define the CA structure, certification templates, validity intervals, etc., and install for you everything that is required.

Extending the card life by means of fully integrated and automatic certification renewal

Automated certification renewal services are a valuable protection for your investments, which increase the lifetime and security of the smart cards used. For almost every scenario we have a suitable certification renewal service and are happy to install whichever one is needed.

Smart card support for entry of restricted areas, time recording, canteen payments, etc.

If you already have a card for entry of restricted areas, time recording, canteen payments and similar uses, these functions can be transferred to the new smart card. We can devise and supply you with the multifunctional smart card with RFID components and contact chips, which in addition to the smart card PKI logon provides you with the aforementioned functions.

Card management for the total card life-cycle

With the SEFIROT smart card life-cycle management you control all processes from the initial rollout of the smart card, its operation until the card finally expires.

For your company we devise the relevant personalising workflows for the optical contact-based and contactless personalisation of the smart cards.

You can choose whether, at the initial rollout, the smart cards and PIN letters should be distributed or whether you can save the logistics effort for PIN letter production and distribution. In this case the solution will be switched over for each domain policy in such a way, at the first logon, the workers can issue the card PINs themselves. The flexibility of this solution has the advantage that for every customer the most suitable process can be defined and implemented.

Smart card helpdesk for optimised operations

The smart card helpdesk functions are a guarantee for the trouble-free and smooth operation of the smart card logon solution in day-to-day operations. Locked cards can be unlocked conveniently at the user´s workplace. Replacement cards can at all times be issued for temporary use.