Cross-platform, multi-workstation and multi-account authentication solutions for the control centres of ESA / DLR

ESA: European Space Agency, DLR: German National Aeronautics and Space Research Centre

In order to guarantee the safe operation of ISS (International Space Station) and the safety of the astronauts, the ground control centres are fitted among other things with highly efficient security systems. With our multi-workstation, multi-account smart card PKI logon solution we are playing an important part.

Anybody who´s ever had the chance to look inside one of the ESA/DLR control centres would notice that system operators on duty are logged on to several computer systems, are responsible for a variety of roles and functions, and carry out highly sensitive work there.

The operators control and monitor laboratory systems, power supply and cooling equipment for experimental units, co-ordinate European and transatlantic loads and monitor from a distance the life preservation systems of the astronauts on the international space station “ISS”, to mention only the most important areas of operations.

The workspace of a system operator, e.g. a flight operations director, consists of several computer systems, with a variety of operating systems. As described above, the logon at these workplaces is for a range of roles and functions.

For this secure logon to the systems a flight operations director would normally have to lug around a whole arsenal of equipment smart cards linked to PKI.

But this is where the cross-platform authentication solution for control centres, the SEFIROT “multi-workstation, multi-account smart card PKI logon” helps.

The ground control centres of the European space laboratory Columbus are fitted with this highly efficient security solution. With this solution it is possible for a systems operator to logon to all computer systems of the workspace and for a variety of roles all in one go, using a single smart card and the matching PIN.

Changing shifts takes place also in an optimal way – for 24 hour operation with experiments lasting weeks of great importance. The solution makes it possible whenever a smart card is removed to determine, specific to the computer, for the total workspace whether a system is logged off or only disabled temporarily until the next system operator takes over.