Physical Authentication Token

Geotech is a Geological Survey company to carry out the ground investigation and provides services to partner construction companies regarding the safety of "housing" and "soil". 

Background

Geotech has developed land survey and reinforcement project in Japan as a franchise. In addition to franchise, they established a system that can provide ground research and reinforcement work in a unified manner in cooperation with many cooperative companies nationwide. In order to share information with these partner companies, they provide multiple services based on WebGIS called the residential geotechnical information system (GeoDAS) and the partner companies used ID and password to access the information system.

When the service started, problems would occur only with user ID and password authentication. Because of the personnel changes in the company, user ID and password management is very difficult. Geotech found that only user ID and password authentication is very dangerous because user ID or password leaking could hardly be noticed.

In order to eliminate the risks associated with this "ID and password authentication", they considered that "physical authentication" is necessary.

Solution

With 20 years' experiences for PKI technology, FEITIAN has rich products, including variety of authentication tokens, and we have been helping many companies and institutions with their secure access requirements, like login web/software, and online banking project etc.

Based on Geotech’s request, FEITIAN provided ePass1000ND as the authenticator together with SecureVisit to avoid unauthorized access for Geotech. Only the computer with this USB token available, user can login to Geotech website and get access to Geotech’s services.

With FEITIAN ePass1000ND PKI token, SecureVisit pre-write encrypted data into ePass1000ND, and user wants to access the system, the token must be inserted and SecureVisit will read and verify encrypted data from token, after verify successfully, it will allow user to continue, otherwise, it will deny the access. This solution will not only provide easy way to access but also enhance the security to protect both user and server side.

This solution used PKI technology, PKCS#11 and MS CAPI, and private APIs defined by FEITIAN.

Result

With ePass1000ND USB tokens, unauthorized access and information leakage to the database is successfully avoided. Securevisit plays a role as a management server for identifying whether an authorized USB token is inserted into the computer when access.

Easy to adopt. It is very easy to introduce either the head office server or the partner company, and no drivers needed, only an instruction manual about USB tokens and Internet Explorer setting is enough. It's been running very stable, since the implementation from October 2008, there is little consultation from partner companies.

―Nakazawa, GeoDAS Business Department Manager.