Jan 08, 2019Multiple companies are deploying or piloting a new Near Field Communication (NFC)- and Bluetooth-based credential-managing solution from HID Global that enables employees to access physical offices, as well as their PCs or laptop computers, via their mobile phones. The system, known as Crescendo Mobile, is now available as an app n Google Play, and will be available on the Apple App Store for iOS devices in early 2019. The solution employs HID's identity platform and credential-management system, including its IdenTrust digital certificate enrollment process, so users can not only access a computer via a smartphone, but also prove the authenticity of their documentation, such as e-mail encryption and document signatures.
Crescendo Mobile includes HID Global's iOS- and Android-based app, as well as the background credential-management system. With the app loaded, a phone generates its own unique key to an Android device's NFC connection when interrogated, or it can connect via Bluetooth Low Energy (BLE) for use with Android and iOS phones that lack open NFC functionality.
HID Global was already working on a solution to bring physical security to the digital environment when it began working with one of its customers last year on a phone-based credentialing system, according to Brad Jarvis, the VP and managing director of HID's Identity and Access Management business. The customer was a global firm with employees and contractors at many locations around the world, and it sought a system that could provide secure computer access or physical office access via smart cards for employees, as well as mobile credentials in smartphones for remote and temporary workers to eliminate the logistical challenge of distributing and managing thousands of physical cards.
"Overall," Jarvis says, "what we see as a continuing trend is the need to increase security beyond just passwords for large corporations that have distributed employees." For companies, the use of physical cards or badges poses several challenges, says Martin Ladstaetter, HID's VP of product management. Not only is it cumbersome for managers to ensure cards are provided to all employees at many sites globally, but they must retrieve the cards from those who no longer have access, or who had a temporary presence as contractors. That's an added expense, he says, as well as an inconvenience. "If I have 10,000 of those out there," Jarvis explains, "the logistics of onboarding new people is a real challenge."
Another logistical challenge companies face is ensuring that personnel are never tempted to try to work without their credentials—for instance, borrowing a coworker's badge or asking security to allow them access to the building without one. For employees, Ladstaetter says, physical badges or ID cards can be inconvenient. He poses a question for companies with many employees: "What would you turn around for if you forgot it on your way to work?" Most people might not go back to retrieve a badge, he maintains, but they would for a cell phone. So for large companies that want to manage the secure access of employees, especially internationally, the best solution is to utilize the one item on which every worker keeps a close eye: his or her phone.
The Crescendo system consists of an app that can be downloaded onto a user's phone that communicates with access-control points and computers. To enroll in the system, an individual would receive an e-mail from his or her employer's human-resources or IT office, containing a link to download the app, along with user-enrollment credentials that allow the user to connect and enroll their phone as a secure credential. At the end of the enrollment process, the user creates a secret personal identification number (PIN) that can be used, along with the phone, for access.
The system then enables that person to set up the device to be accessed, such as a desktop computer or laptop. The user can establish whether the system will use a Bluetooth connection or NFC to authenticate the card. The app generates unique user keys in the form of an encrypted unique ID number, while the device—a computer, for example—can be set up to require that unique ID be transmitted by the mobile phone before the individual can log in.
If the employee steps away from the computer, the system could automatically log out, either based on the break in Bluetooth transmission or (if NFC technology is being used) on a preset inactivity time limit. Once that individual returns, he or she would be automatically logged back in once within Bluetooth range for authentication, or that person could utilize the mobile phone to log back in by tapping his or her phone near the device, in the case of NFC.
Although there are biometric and password tools available for securing an employee's device, Ladstaetter notes, such solutions only use a single authentication factor and do not provide the same level of secure credentialing that the Crescendo solution offers. By employing HID Global's IdenTrust digital certificates, Crescendo allows users to set the system up for specific actions, such as logging into Microsoft Windows, accessing the company's virtual private network (VPN), signing a document, or receiving and sending encrypted e-mails. Therefore, he says, the system "provides unified lifecycle management credentials and digital certifications from multiple certification authorities in a common user credential and integrated management system."
At least one company has been testing the technology for approximately six months, with more set to join it during the pilot stage. Following that firm's feedback, HID Global launched the solution commercially in December 2018. Businesses most likely to employ the solution include insurance companies, other global enterprises and health-care firms that want to authenticate medication prescriptions or other information. What's more, workers at HID's Fremont site are trialing the system in the form of Crescendo cards—as well as, in some cases, Crescendo Mobile services.
