cryptovision solution manages 70,000 smart tokens at E.ON
The challenge for E.ON
When a large company switches from passwords to smartcards, even seemingly unimportant things are important. Even the smallest mistake can have unpleasant consequences if it occurs to tens of thousands of users. A smartcard solution must therefore not only be secure, but also and above all function smoothly.
How important the details of a smartcard solution can be is shown by a project cryptovision carried out for the German energy supplier E.ON. The Essen energy giant wanted to replace the passwords used practically everywhere in the company with a more secure authentication. E.ON equipped 70,000 IT users with smart tokens that work like smart cards but have a different form.
The smart tokens that E.ON chose were considered secure. However, security was by no means the only requirement E.ON made. The company paid particular attention to ease of use. They knew that even if only one percent of the 70,000 smartcard users had problems with their cards, this would lead to chaos and a loss of user acceptance. In addition, such an incident would have meant that 700 employees would no longer be able to do their jobs while the helpdesk was flooded with 700 support calls. In addition, verification time was an important issue for E.ON. If a registration process takes only five seconds longer than necessary and each employee logs in twice a day, 70,000 employees waste a combined 700,000 seconds (or 24 working days) a day. That adds up to over 5000 working days per year.
To avoid such problems from the outset, many customers are willing to invest in a high-quality smart card solution, even if there are usually cheaper alternatives. In addition, software adaptations that facilitate the use of a smartcard solution often make sense. In view of the high number of users, they usually pay for themselves quickly.
When E.ON analyzed the use of its smart token system after several years, it became clear that the token middleware (i.e. the software that connects the tokens to the program) had a number of errors that caused unnecessary helpdesk traffic. In addition, it was found that a cheaper token solution with better quality (including shorter verification time) was available on the market. Therefore, E.ON decided to abolish the existing smart card solution and migrate to a new one.
Our solution for E.ON
E.ON chose sc/interface from cryptovision as the new token middleware. sc/interface has proven to be a robust and user-friendly solution for numerous customers in more than a decade and supports over 80 token types and profiles on all common platforms. All tokens used at E.ON are delivered by cryptovision (via T-Systems).
E.ON had already developed several software components for the old token solution which simplified its use in the E.ON environment (this investment was worthwhile due to the large number of users). In order for sc/interface to support these programs, cryptovision had to make some adjustments.
Since E.ON enables its employees to use their own devices (“Bring your own device”), the tokens used must be available on different platforms – especially on Windows, Linux and Mac OS. This requirement was easy to meet as sc/interface runs on all these platforms. cryptovision even provided a solution that automatically installs a certified MiniDriver in a user’s Windows environment.
In addition, E.ON set up a self-service registration process. A person who wants to apply for an E.ON token first receives an empty token and then logs on online. A colleague must then confirm the identity of this person with his or her own token.
Since the certification authority (CA) originally used ceased operations, E.ON had to find a new one. D-Trust, Bundesdruckerei’s CA, proved to be the best choice. Further adjustments were required for various E.ON-specific processes.
Now that the new solution has been running smoothly for years, the migration can be described as sensible and successful with a clear conscience. In addition to the lower costs, the higher user-friendliness (including a shorter verification time) is a particular advantage. In addition, there have been no security problems worth mentioning so far. However, E.ON had assumed this anyway.
Weitere Informationen über das E.ON-Smarttoken-Projekt gibt es in der Ausgabe 1-2017 des Bundesdruckerei-Magazins Dig:ID.