Smart cards provide greater security. Shown is a card that meets FIPS 201 requirements.

The business had to meet certain regulatory requirements. Security had to follow through. It’s not the easiest business assignment but the security operation at pharmaceutical giant Pfizer met the need.

When Pfizer wanted to implement a secure electronic system for digital signatures and employee network access, they turned to a smart card-based solution from international card provider Gemplus of Luxembourg.

The company’s initial incentive to deploy smart card technology was to create a platform for digital signatures. Given that the pharmaceutical industry is highly regulated, there was a need to provide a consistent and industry-wide method for managing and utilizing digital signatures as an alternative to wet ones. In order to drive this initiative, Pfizer and several other pharmaceutical companies joined forces to promote the development of an industry standard for performing secure and non-repudiate transaction on the web. This project was referred to by the acronym “SAFE” (Secure Access For Everyone).

Paperless platform

The main goal of the SAFE coalition was to create a technology platform for the pharmaceutical industry that would enable electronic, paperless and legally binding business transactions with regulators and business partners around the world. Aside from the benefits of streamlining business transactions and operations, the decision point that influenced the company to become involved with the project was to replace their multiple ID architectures with a common internal identity management framework. To achieve this, the company chose a unified identity model that links multiple credentials onto one cryptographic hardware device – the smart card.

Influenced by the ongoing trend of convergence of physical and logical identities, the company launched its Global Identity Services (GIS) program, designed to build a globally aligned, company-wide electronic identity infrastructure provisioned via an integrated smart badge. This smart badge was to be used not only as a digital signature creation device, but also for employee access control to buildings and IT networks.

Pfizer uses robots to guard its facilities, in addition to smart card badging. MobileEyes is the first standard robot command screen for robotic applications from remote surveillance to visitor guidance, materials handling, remote sensing and asset tracking. MobileEyes runs on all service robots and automated guided vehicles. (PRNewsFoto)

How does it work?

The card provider embedded 64Kb smart chips pre-loaded with a secure authentication applet onto the company’s existing employee proximity (HID iClass) badges. The badge was now equipped with both a contactless antenna and a contact microprocessor chip.

The contactless antenna is used for access to restricted locations by swiping the card in front of a contactless reader, while the contact chip is accessed by inserting the card into a reader connected to the desktop. With the smart chip, employees were able to perform a broad range of logical security functions, such as:
  • Secure PC logon
  • Strong PKI-based network authentication
  • Non-repudiate digital signatures
  • Remote employee access to VPNs
  • Single sign-on to Web and desktop applications

One single badge could now be used by employees to gain access to buildings and offices in the company’s facilities, as well as for securely logging onto corporate networks and applications.

Another advantage of implementing smart cards was that the company was able to leverage its existing physical access infrastructure. Through the card provider’s capacity to embed microprocessor chips on existing proximity badges, the pharmaceutical company was able preserve previous security investments by fully utilizing current legacy systems without disruption.

As a result of digital signing capabilities, the company was able to drastically cut down the costs associated with wet ones. Roughly estimated, every digital signature utilized for regulatory and non-regulatory transactions eliminated the costs of approximately $125 required per wet signature – a significant saving for any organization. The introduction of smart card-based identity management also allowed the company to improve productivity through reduced support work associated with password and other access control issues. Moreover, the company was able to capitalize on the productivity advantages of a less paper-heavy work environment, as the ability to sign contracts and orders electronically sped time-to-market for new products.