User Centric Processing: An example of the interaction of physical safety and IT safety from the field
Novell identity Manager and standard-connectors from Peak Solution control the continuous synchronization of user and ID data between card based system at Verbundnetz Gas AG
Verbundnetz Gas AG (VNG) imports, stores and transports natural gas to major companies. Some 1,600 employees work for the company and its subsidiaries. The majority of employees work at the headquarters in Leipzig.
Due to the wide variety of its national and international business relationships, VGN places great emphasis on uniform safety standards. This applies in particular to the safeguarding of buildings against unauthorized access and the protection of the company’s critical IT systems and data from abuse.
At the end of 2009, when it became clear that the old ID system was technologically somewhat outdated, VNG decided to introduce a modern SmartCard management system. The aim of the project was to make the personalization and administration of company ID cards more efficient and to replace the outdated infrared barcode and magnetic strip technology for electronic time recording, access control and cashless payment. In addition, it was decided to merge the two areas of “Public Key Infrastructure (PKI)“ and “Employee ID cards“, which are anyways technologically and organizationally related.
As the specialists at Peak Solution have been concerned with the interaction of physical security and IT security for years and can provide extensive project experience and best practices in this field, they were commissioned by VNG with the planning and implementation of the project.
The first task of Peak Solution consisted of determining and structuring the numerous requirements of VNG during a 2-day workshop and several coordination meetings. In accordance with the quality guidelines of the Peak procedure model for identity management – in short, PIA (Peak Identity Management Approach) – special emphasis was placed on a traceable documentation of the requirements, binding for all parties. Thus, all those involved in the project had the same ideas in terms of the contents and extent of the project right from the beginning.
With uniform process sequences and optimized data flows in mind, the specialists at Peak Solution recommended a user architecture that deploys the SmartCard management system IDExpert® from the company vps ID Systeme at its core. Among other things, a complex set of rules is set out, which controls the automatic generation of the various VNG ID types (employee ID cards, ID cards for external staff, day cards or permanent cards for visitors, replacement cards for employees, money cards for guest hospitality, etc.). Apart from various print layouts and processing workflows, this set of rules contains all the necessary coding descriptions for the ID cards.
The new multifunctional SmartCards, introduced in the context of the project, contain a Legic Prime transponder, a Legic Advant transponder and a Java crypto chip. The two Legic transponders are intended for the application areas of access control, time recording and cafeteria payment. In future, the functions for the certificate-based authentication of users on the IT systems and the digital signature and encryption of documents will be provided by the Java chip. Apart from this, external ID cards will also be managed in IDExpert®, e.g. for qualified signatures in emissions trading.
The continuous synchronization of user and ID data between the SmartCard management system IDExpert®, the access control system IDICS from the company INCA, the locking system elogic from the company KABA and the CashControl payment system from the company Paycult is taken over by the Novell Identity Manager. IDExpert® is linked to this system via a web service based on SOAP, and developed specifically for this purpose. Communication with the other target systems is controlled by a standard connector from Peak Solution, which can be individually configured for connection to different card-based systems.
“The extensive experience of Peak Solution from comparable projects and the professional cooperation of all those involved were the basis of the great success of our project.“, explains Dietmar Hebenstreit (head of plant security), summing up the cooperation with Peak Solution.
Today, just 6 month after the start of the project, VNG has a solution to uniformly manage all functions and applications of the new company ID card. The necessary data are fully automatically provided to the systems involved. It requires just a single step to print the cards and to configure the various chips they contain. This solution ensures that all specified security guidelines are maintained in the personalization process of the ID cards. At a glance, plant security can see what cards are assigned to a particular person and, respectively, what this person is authorized to do. And with just one click, all functions of a card are blocked for that person.
The advantages are obvious: Less time and effort in the administration of company ID cards and higher security for material and immaterial company values at the same time.
P +49 911 800927-70