Steven Gelfound, director of information technology for NCMEC, is leading the charge to provide access with a smart card-based two-factor authentication.
The pressure from enterprises for better ways to identify people and allow them secure but convenient access to a diversity of services and networks has generated business-centric applications emphasizing multiple technologies and even “out-of-the-box” solutions. It some cases, the designs save time and money; in other cases, it can make money.
At Clemson University, for example, the Tiger 1 Card is the institution’s official ID card. In addition to being the student’s personal identification card, many departments use the Tiger 1 Card as a means to grant access to their information and services.
Clemson University’s Tiger 1 Card provides identification, physical and logical access as well as dining and university services.
ID and debit card
Tiger 1 Cards serve as debit cards to access funds deposited into “TigerStripe” accounts, enabling students to obtain university dining services, check out library books and access residential halls, campus recreation centers and athletic ticket privileges. From an instructor requiring to see a student’s Tiger 1 Card to take a test to needing it to purchase discounted software, the Tiger 1 Card is a necessity of every day campus life, according to Andy Bulkley, GE Security, engineered systems manager of hardware solutions.Another organization is pioneering a thumbnail-sized “cardlet.”
While best known for helping to find missing children, the National Center for Missing & Exploited Children’s (NCMEC) mission includes helping prevent the sexual exploitation of children, and assisting victims, their families and the professionals who serve them. One important element of this mission is the CyberTipline -- a system used by law enforcement officials to track cases and evidence, investigate offenders and bring them to justice.
And smart card technology just joined NCMEC in this effort by providing strong, two-factor security to ensure that their ultra-sensitive and private information remains secure.
“Ten years ago our recovery rate for missing children was 62%. Last year it was more than 96%, and technology played a significant role in the increase,” said Steven Gelfound, director of information technology for NCMEC.
CyberTipline is a Congressionally mandated system used by NCMEC to handle leads from individuals reporting the sexual exploitation of children. CyberTipline, nationally available, assists all levels of law enforcement by providing enhanced information sharing and collaborative efforts to combat these crimes, tracking all cases and evidence.
Instead of a full sized plastic card, the NCMEC smart card is a thumbnail-sized “cardlet.” It contains a full microprocessor and Cyberflex Access software capability, but it is small enough to fit in a USB token.
IT driven solution
While access to CyberTipline was secured with a virtual private net (VPN) system from Cisco, individual access from authorized organizations was still password based, which created a problem. Despite NCMEC’s strong password policies, case officers tended to write them down, introducing risk. Also, since these law enforcement officials change assignments frequently and everyone is busy, it often becomes expedient just to pass along the login information. Finally, important parts of the password policy like regularly changing passwords were just unrealistic to enforce.Said Gelfound, “We decided the best way to ensure security was to implement two-factor authentication.”
After extensive testing and enhancement of the system to meet ease of use and installation goals, NCMEC is rolling out a new two-factor online security solution. It replaces the username and password with Cyberflex Access smart card technology from Gemalto of Austin, Tex. But instead of a full sized plastic card, the smart card is a thumbnail-sized “cardlet.” It still contains the full microprocessor and Cyberflex Access software capability, but it is small enough to fit in a USB compatible reader token from Omnikey. The token is about the size of a small jump drive. Software in the smart card works with a single sign-on application from MetaPass to provide secure, strong authentication to NCMEC’s Web-based VPN and CyberTipline system.
Built-in security features like data encryption and login security updates are all automatic and invisible to the user.
For users, the system couldn’t be simpler to use. Login starts by inserting the Gemalto smart card token into a USB port and clicking on a single icon. The user enters a PIN code to authenticate him to the smart card, and then the smart card initiates the secure connection to the NCMEC system over the Internet, automatically signing in to both the VPN front end and the CyberTipline system.
Gelfound and his IT team are so impressed with the convenience and security of the new solution they decided to implement smart cards for internal system security too.
