SCB Access
runs on Windows 2000, Windows XP and Windows Vista.
↑ return to top
No. SCB
Access is a turn key solution which contains all the required components
to manage the users and the secure smart cards. No third party
card management system is required.
↑ return to top
No. The
single sign-on does not require any agent on any servers. SCB Access is
a client based solution. In addition to the advantage of being low
impact on the enterprise infrastructure, this approach also allows
management of external applications.
↑ return to top
The answer
obviously depends on many parameters, including the size of your
organization, the number of sites and the qualification of the people.
However, 15 minutes per user is generally a safe figure to consider.
↑ return to top
No. SCB
Access can be configured to have smart card login and regular Microsoft
login active on any given PC during the deployment phase - allowing a
smooth transition. Depending on your needs, requirements and
constraints, you can decide when and how to upgrade the PCs and when and
how to issue the cards. When all the PC are installed with SCB access,
when all users have been issued a card and when your policies to manage
lost and stolen cards are established, then all the PCs may be switched
over to require smartcards.
↑ return to top
No, SCB
Access does not need a LDAP directory to work. However the SCB Access
LDAP option provides some functions that can be useful in large
organizations.
↑ return to top
Thanks to
years of experience, SCB Access has been designed to facilitate
deployment in large organizations.
Here are some of those
functions:
-
The administrator
does not have to manage the smart card PIN codes. On issuance, every
card can have an identical default PIN. The users will then enter
their PIN of choice on first use.
-
Login passwords can
also be recorded automatically by SCB Access during the first login.
The administrator does not need to know or reset the existing
passwords.
-
The LDAP option
facilitates the deployment for large organizations.
↑ return to top
With the
LDAP option you have a central database with the cards and user
information. The LDAP directory contains a mirror copy of every card. An
administrator can re-issue a lost card using the LDAP mirror copy. An
administrator can also change the credentials of the cards without
having the card in hand. The cards’ credentials are then resynchronized
with the LDAP mirror copy after the next logon. An administrator can
also put the card on a hot-list forbidding any future use of a card.
↑ return to top
SCB Access
supports the widest range of cards. SCB Access can also use existing
cards previously issued for physical access control (such MIFARE or
PROX) without having to re-issue new cards. SCB Access supports cards
from Keycorp, Axalto, Gemplus, Aladdin, Philips, HID and others.
↑ return to top
An
administrator can have an account on every station and access it with
the administrator’s own card.
↑ return to top
The
safe-mode can be de-activated with a special function.
↑ return to top
No. The original
Microsoft GINA is still active. SCB Access is using it as a sub-service.
SCB Access does not introduce proprietary code into the standard
Microsoft logon process.
↑ return to top
Yes. The
same card can be used for other applications in your organization such
as physical access control, or to pay at the vending machine. Ultimately
the card can be your organization ID.
↑ return to top
Yes. The
user is only required to enter a smart card PIN code once to get access
to his or her PC and to his or her secured applications.
↑ return to top
The card
without the PIN code is useless and cannot be used by someone else. The
administrator can re-issue a new card to the user. A card can also be
hot-listed and all the passwords can be reset.
↑ return to top
Most of the
tokens used by SCB Access allow only a finite number of bad PIN
submissions. When this number is reached, the card is blocked.
Each token can have an unblocking code. The management of this
unblocking code is under the management of the administrator or a
security officer who may choose whether to re-issue a blocked card.
↑ return to top
A user
should be trained not to leave his or her card in the reader and to
carry the card at all times on company premises. If the card is also the
company corporate ID and used for physical access or for other services
on the corporate campus (such as copy machines, vending machines, etc.)
employees will be less likely to leave the cards unattended in the
readers. However, if a card is left in a reader for a certain period of
time, SCB Access will lock the workstation after the expiration of that
duration of inactivity on the PC. The PIN code is then required to
resume the current session.
↑ return to top
SCB Access
can be configured for 3 different behaviors:
-
Lock the PC.
SCB Access will lock the PC, and the same card and the PIN are then
required to unlock the PC and resume the current session. This is
the standard configuration.
-
Log-off the
user. SCB Access will close all existing applications and terminate
the current session. This is a typical setting when a PC is shared
by multiple users.
-
Do nothing
and continue the current session. This can be useful with
contactless technology allowing the user to continue to work even if
the badge is not in the field of the reader anymore.
↑ return to
top
The use of
a smart card to store the credentials or a locally encrypted cache (if
the cards do not have storage capacity) allows SCB Access to maintain
single sign on integrity for all mobile and remote users regardless of
network connectivity.
↑ return to top
Typically
the smart card contains the credentials and the user is therefore
carrying his credentials with him and can logon to any PC in the
organization configured with SCB Access. If the smart card does not
have storage capability, a locally encrypted cache will then be created
and synchronized with the mirror copy stored in the LDAP directory.
↑ return to top
Yes, SCB
Access provides an advanced ActiveX that can be called from a script
with your terminal emulator. Most terminal emulators have
scripting capabilities. SCB access can therefore provide two
factor authentication to a legacy application with no development.
↑ return to top
Yes,
the standard version of SCB
Access will allow you to open securely a Citrix session. In the
case that you also need to manage applications through the Citrix
session, a special version SCB Access has been designed to run on the
Citrix server.
↑ return to top
|
