Keyless-Go Data Protection
BY ROBERT KORHERR
Nov. 3, 2020 / MUNICH, GERMANY — Secure authentication is one of the basic requirements of IT grand strategy. “Name” and “password” are no longer sufficient in many environments. The two-factor authentication with a one-time additional password or passcode (OTP) offers a hurdle that is extremely helpful against many attack scenarios such as phishing, pharming, man-in-the-middle attacks, etc. This is also a shared opinion of Microsoft (see also ProSoft’s article “99.9% security through multi-factor authentication”).
In the automotive sector, the term “keyless go” describes a process with which owners can open their vehicle without actively pressing the key. The transmitter in the key continuously sends radio signals. If the signal is strong enough when the vehicle is approached, this is recognized by the receiver in the vehicle and the doors are unlocked. With the help of simple devices, the key signal, to which the vehicle may be hundreds of meters away, can be “extended” and stolen. So, security and keyless go do not go together, at least when it comes to theft protection of the beloved SUV.
Keyless-Go for data protection however, may work. This function is then no longer a pure convenience function. Because there are some situations in which registrations have to be carried out safely and quickly. As an example, here is a doctor’s practice in which the treating doctor rushes from consulting room to consulting room and cannot additionally log on to the respective PC with name and password. As a result, the health data of the current patient remains openly visible on the screen until the doctor enters the findings of the next patient there. The waiting patient can then spend the entire waiting time reading the health data and findings of their predecessor. Another application is computer-aided production systems (CAM) in which the administrator only briefly wants to change configurations or read out machine states. After each departure, it must be ensured that the administrator level is locked again so that the actual machine operator cannot make any changes outside of their authorizations.
Keyless-Go data protection through proximity authentication
When it comes to secure authentication and, as a result, authorizations, it would be fatal if the login process itself created security gaps. The manufacturer of GateKeeper shows how Keyless-Go data protection can work securely. With the GateKeeper token as a keyless-go key, it is enough to approach a system in order to log in successfully and securely. It works the other way around, of course: leaving the PC locks the computer or logs the user off immediately, depending on the configuration. For this purpose, Halberd Token is required. This is based on Bluetooth Smart (BLE) technology. Accordingly, a Bluetooth interface must be installed on the receiver (PC, notebook or CAM) or a GateKeeper Bluetooth proximity sensor must be connected. The latter has the advantage that the defined close range from touch authentication up to a distance of several meters can be set very granularly. The «Touch» variant is recommended when several systems are close together or several token users work very closely together. In the latter case, two-factor authentication can be added as an option. In addition to the “Have” factor, the associated PIN must be entered here, with which the user is uniquely authenticated.
In the background, the Gatekeeper Enterprise software controls all logins and logouts centrally and logs the relevant processes. Access lists and access permissions are assigned via policies. Starting with the Gatekeeper Enterprise Ultimate version, the solution is also integrated into the respective Active Directory (also Azure Active Directory) and therefore allows privileged access control based on individual users and groups centrally in AD using policies. Without AD, users including tokens can also be uploaded and managed via CSV file.
Password management included
The password management system , which is also integrated, generates complex passwords on request and synchronizes them with the browser add-ons available for Google Chrome, Firefox, Opera, Edge, and Safari. This means that secure logins can also be made “passwordless” on websites. The one-time passcodes (OTP) required for two-factor authentication are also provided on-demand by the password management.
All reports and logs can be integrated and evaluated in any log management and SIEM solutions.
Conclusion: Keyless-Go data protection can offer added value in terms of convenience and security. The password-free login in combination with the “have” factor in the form of a token ensures more security and data protection through proximity authentication. There are enough corresponding use cases: If personal data is visible to third parties during or after entry, the protection of this information in accordance with the GDPR is essential. If you forget to log out, the extended authorization can quickly become a security risk if several users use one PC.
We would like to point out that in this case we are also VAD for Gatekeeper’s solutions.