Entrust Datacard - Experts & Thought Leaders

ISONAS Inc., a Pure IP access control manufacturer, announced that the company will be unveiling its new IP-Bridge 2.0 at booth #11121 at the ISC West trade show, the largest security event in the world. The ISC West show will take place on April 11th – 13th at the Sands Expo Center in Las Vegas, NV. At the show, ISONAS will be featuring its Pure IP family of hardware and software products along with the launch of the next generation of the access control encoder; the new IP-Bridge 2.0. ISONAS has continued to expand their integrated community and will introduce additional partners at ISC West; further expanding the power of choice for customers. Paired with the ISONAS R-1 Wiegand readers, the IP-Bridge 2.0 provides access to Bluetooth Low Energy capabilities giving legacy system takeovers access to mobile credentials ISONAS R-1 Wiegand readers As IP technologies and IoT devices proliferate the security market, the IP-bridge has been the tool to migrate old legacy systems into the IP era. Just like the video encoder transitioned the analogue video surveillance market to IP, the new IP-Bridge 2.0 delivers this same simple path for the access control market. With more processing power and additional functionality local to the device, the IP-Bridge 2.0 expands on the core benefits of its predecessor allowing users to avoid a rip and replace scenario. Paired with the ISONAS R-1 Wiegand readers, the IP-Bridge 2.0 provides access to Bluetooth Low Energy capabilities giving legacy system takeovers access to mobile credentials along with a straightforward road to IP technology. Flexible badge printing solution In addition, ISONAS plans to reveal two new integration partners at ISC West, expanding the functionality of its software and hardware platforms. The newest integration with Entrust Datacard’s software, TruCredential, brings a flexible badge printing solution to Pure Access and delivers an easy-to-use card design, issuance and management system. The second integration is with a leading, global access control software company that will utilise the ISONAS hardware SDK to drive the benefits of Pure IP hardware with their enterprise level access control software platform. Our business is committed to the continued growth of our integrated partners and becoming the defacto standard for IP Access Control hardware" Educating customers on IP access control solution This new partner will be revealed at the ISONAS media event taking place on Wednesday, April 11th at 4 p.m. “We are extremely excited to launch our new IP-Bridge 2.0 at the ISC West show this year as well as our latest integration partners,” states Rob Mossman, CEO at ISONAS. “Our business is committed to the continued growth of our integrated partners and becoming the defacto standard for IP Access Control hardware. We look forward to educating our customers on the benefits of our IP solution at our annual media event and keeping the Pure IP revolution moving forward.” For live product demonstrations at the ISC West show and to see first-hand these new ISONAS integrations, visit booth #11121. Attendees can also stop by the ISONAS media event on April 11th at 4 p.m. for a review of the entire product line.

INTERPOL World provides a unique opportunity to mobilise countries, international and regional organisations Fostering innovation to meet global security challenges is the focus of the first INTERPOL World forum which opened recently in Singapore. Comprising an Expo and a Congress, the three-day (14-16 April) INTERPOL World 2015 aims to create a platform for the security industry, law enforcement and government agencies to develop closer partnerships and innovative security initiatives. Singapore’s Second Minister for Home Affairs, S. Iswaran, opened the Congress by highlighting the role of continuous innovation and close partnerships against crime. “Criminals and terrorists are taking advantage of advancements in technology, globalisation and rapid urbanisation. This has ushered in a new wave of threats that can destabilise both global and local security,” said Mr Iswaran. “There is thus an urgent need for law enforcement agencies to leverage latest technologies and adopt innovation as a key enabler of policing work. Innovation in policing methods and tools is the key to ensuring that law enforcement agencies stay ahead of criminals and ultimately triumph,” added the minister. INTERPOL President Mireille Ballestrazzi said a collective response was necessary to counter terrorism and the illicit activities of increasingly well-structured criminal networks threatening individuals, businesses, administrations, law enforcement and governments. “INTERPOL World provides a unique opportunity to mobilise countries, international and regional organisations, and public and private partners, by sharing expertise and experiences, and thereby identify and develop innovative initiatives against global security challenges,” said President Ballestrazzi. Describing INTERPOL World as a unique forum shaping innovative, multi-stakeholder partnerships between law enforcement and industry, INTERPOL Secretary General Jürgen Stock underlined the need for law enforcement to “INTERPOL World is the extra step that physically brings together in one place the innovation of industry and the experience of law enforcement" keep pace with technological developments. “Technology will continue to create security challenges going forward, despite making our lives easier, safer, and industries more profitable. At the same time, criminals will continue to find and exploit loopholes for their benefit, and innovate to achieve their goals,” said Secretary General Stock. “INTERPOL World is the extra step that physically brings together in one place the innovation of industry and the experience of law enforcement. By drawing on this synergy, this event will help to identify risks and vulnerabilities in new and emerging technology before they become tangible threats,” added Mr Stock. With INTERPOL World 2015 bringing together more than 8,000 participants, 200 companies from 30 countries and law enforcement from across the globe, its Congress focuses on four emerging security challenges: border management, cybercrime, safe cities and supply chain management. The event is also attended by INTERPOL World strategic partners from the private sector, including: Microsoft, RSA and Symantec on cybersecurity; 3M, Entrust Datacard and Securiport on border management; Motorola Solutions and Thales on safe cities; and DCTA and SICPA on supply chain security. With Singapore marking its 50th anniversary since independence, the inaugural INTERPOL World 2015, which is set to become a biennial event, is being held alongside the opening of the INTERPOL Global Complex for Innovation and the 22nd INTERPOL Asian Regional Conference.

Security experts have discussed the demise of the passwords for years. As early as 2004, Bill Gates told the RSA Security Conference that passwords “just don’t meet the challenge for anything you really want to secure.” Change has been slow, but the sudden increase in remote working and the need for enterprises to become touchless as they try to encourage teams back to the office is increasing traction. Here we look at the future of passwordless authentication - using the example of trusted digital identities - and share tips on choosing a solution that works for your organisation. The move away from passwords was beginning to gain momentum pre-pandemic. Gartner reported an increase in clients asking for information on ‘passwordless’ solutions in 2019. Now Gartner predicts that 60% of large and global enterprises, and 90% of midsize enterprises, will put in place passwordless methods by 2022. This is up from 5% in 2018. The many limitations of passwords are well-documented, but the cost of data breaches may be the reason behind this sharp upswing. Stolen credentials – usually passwords – and phishing are the top two causes of data breaches according to the 2019 Verizon Data Breach Incident Report. Each breach costs businesses an average of anywhere between £4M to £8M depending on which studies you read. A catalyst for change As in so many other areas, the pandemic has been a catalyst for change. Newly remote workers using BYOD devices and home networks, sharing devices with other family members, and writing down passwords at home all make breaches more likely. And seasoned home workers represent a risk too.  It also means that enterprises are developing new procedures to mitigate the spread of disease. This includes a thorough examination of any activity that requires workers to touch surfaces. Entering passwords on shared keyboards or touchscreens falls squarely in this area of risk. As does handling physical smart cards or key fobs. Enterprises are expanding their searches from “passwordless” to “passwordless and touchless,” looking to replace physical authenticators. In the quest to go touchless these are items that can be easily eliminated. The future of passwordless authentication Using fingerprint or facial recognition often only provides a new front-end way to activate passwords Common alternatives to passwords are biometrics. But, using fingerprint or facial recognition often only provides a new front-end way to activate passwords. Passwords are still required for authentication after the biometric scan and these live in a central repository vulnerable to hackers. With one successful hack of the central repository, cyber-criminals can swipe thousands of details. In other words, biometrics on their own are not an improvement in security, only a better user experience. They need to be combined with a different approach that adds another layer of security. A more secure option is to move away from the centralised credential repository to a decentralised model. For example, one based on trusted digital identities. This is where digital certificates are stored on users’ phones. Think of encrypted digital certificates as virtual passports or ID cards that live on a worker’s device. Because they are stored on many separate phones, you are able to build a highly secure decentralised credential infrastructure. A solution that uses people’s phones is also compatible with touchless authentication systems. You can replace smart cards and key fobs with a phone-based security model and reduce the number of surfaces and items that people touch. This is especially beneficial for workplaces where people have to visit different sites, or for example in healthcare facilities. Replacing smartcards with a phone in a pocket reduces the number of items that clinicians need to take out and use a smartcard between and in different areas, which may have different contamination levels or disease control procedures. How do trusted digital identities work?   Workers unlock their mobile devices and access their trusted identity using fingerprint or facial recognition Here’s an example installation. You install a unique digital certificate on each user’s mobile device — this is their personal virtual ID card. Authorised users register themselves on their phones using automated onboarding tools. Workers unlock their mobile devices and access their trusted identity using fingerprint or facial recognition. Once they are authenticated, their device connects to their work computer via Bluetooth and automatically gives them access to the network and their applications with single sign on (SSO). This continues while their phone is in Bluetooth range of their workstation, a distance set by IT. When they leave their desk with their phone, they go out of range and they are automatically logged out of everything. Five tips on choosing a passwordless solution More automation means less disruption Consider how you can predict and eliminate unnecessary changeover disruptions. The task of onboarding large or widely dispersed employee populations can be a serious roadblock for many enterprises. Look for a solution that automates this process as much as possible. Scalability and your digital roadmap Will you maintain remote working? Having a high proportion of your team working remotely means that passwordless solutions will become more of a necessity. Are you expecting to grow or to add new cloud apps and broader connectivity with outside ecosystems? If so, you need password authentication that will scale easily. Encryption needs and regulatory requirements If your workers are accessing or sharing highly sensitive information or conducting high-value transactions, check that a solution meets all necessary regulatory requirements. The most secure passwordless platforms are from vendors whose solutions are approved for use by government authorities and are FIDO2-compliant. Prioritise decentralisation Common hacker strategies like credential stuffing and exploitation of re-used credentials rely on stealing centralised repositories of password and log-in data. If you decentralise your credentials, then these strategies aren’t viable. Make sure that your passwordless solution goes beyond the front-end, or the initial user log-in and gets rid of your central password repository entirely. Make it about productivity too Look for a solution that offers single sign on to streamline login processes and simplify omnichannel workflows. For workers, this means less friction, for the enterprise, it means optimal productivity. Security improvements, productivity gains and user goodwill all combine to form a compelling case for going passwordless. The additional consideration of mitigating disease transmission and bringing peace of mind to employees only strengthens the passwordless argument. The new end goal is to do more than simply replace the passwords with another authenticator. Ideally, enterprises should aspire to touchless workplace experiences that create a safer, more secure and productive workforce.

Led by European nations, there is a global shift to e-passports, with over 100 countries using these technologies With the number of global international tourist arrivals standing at over 1 billion and increasing migration in Europe, good border and passport security means having a layered approach and plenty of co-ordination among countries, says David Belchick, VP of Government Solutions at Entrust Datacard. Ever-growing border security challenges “More than one billion people travel internationally for business and pleasure each year,” according to David Belchick, “These record high numbers are straining existing human and digital border security resources at a time when most travellers expect the most expeditious border crossing process possible. Methods of forging passports and other identity documents, like birth certificates, are growing more sophisticated, and the market for authentic but stolen identity documents is expanding rapidly. There is a global repository run by Interpol listing lost or stolen documents, but only a few governments currently use it to authenticate passports at border control points.” “We are experiencing a border security crisis,” says Belchick, in light of the continuing migration and border security issues in Europe, involving the so-called Schengen countries, the attacks in Paris and the movement of Syrian refugees, of whom he says between 1%-5% are using fake passports. “Part of a government’s job is to make citizen’s feel secure. It’s a bilateral thing really, with demand coming from both governments and citizens.” Passport control officials at borders have around one to two minutes to decide whether or not to let someone into a country, so authentication methods need to be robust. “Methods of forging and altering passports have become more sophisticated with the growth in demand for stolen identities, and Interpol’s stolen and lost travel documents database stands at over 40 million documents,” Belchick says. Many countries using e-passport technologies Led by European nations, there is a global shift to e-passports, with over 100 countries using these technologies. “Certain countries have deployed technologies giving border control agents the ability to validate e-passports. But the problem is that although some of this technology has been implemented, it’s not everywhere, so border agents have to check and authenticate manually. For example, one of the Paris attackers crossed into France on a false passport. If there were better adoption of technology and more uniformity, it might have prevented or at least reduced the consequences.” One challenge is knowing where to start in updating or overhauling existing border security systems and protocols, as there are so many components that contribute to overall security, says Belchick. “Making borders more secure is not simply about installing new passport scanners or better training of field officers for body language cues – although those are important components. Building a trusted infrastructure combines physical, electronic and digital security features that also consistently and accurately detect criminal activity.” It’s a complicated and challenging task. France, Canada and Ireland are seen as leading implementers of layered security technologies “To truly implement an identity solution that would make borders more secure internationally, governments must change how they think about and protect the entire lifecycle of each individual’s identity – from the physical credential/document issued to the database that securely binds the physical identity to a cyber/online identity; from incorporating the latest resources in technology, such as biometrics, to authentication systems that detect fraudulent credentials. This requires a true shift in the way governments are thinking about, and legislating on, the ecosystem of identity management.” E-passports can be first, second or third generation, with second generation technology offering what is known as extended access control, and which incorporates a fingerprint or iris biometric of the person E-passports can be first, second or third generation, with second generation technology offering what is known as extended access control, and which incorporates a fingerprint or iris biometric of the person, explains Belchick. This confirms to whom the passport belongs and the fact that it was issued by a government. Around 30-40 countries have deployed this second generation technology, while a total of around 120-130 have issued e-passports. “We think having a layered approach to security is the right way to go. Some are fairly low-tech solutions such as UV scanning, but you should always have digital and physical security together.” Greater Implementation of standards needed Entrust Datacard believes in greater adoption of existing security standards. “The key is having knowledge of the standards and then going through the steps of security, according to what the country can afford. It’s about greater adoption of standards and then implementing them,” says Belchick. France, Canada and Ireland are seen as leading implementers of layered security technologies. “Some have deployed next generation security features; others haven’t. Technology is the relatively easy part. Sometimes it’s the political and institutional will to do things that is key, and incidents can give a nudge to move things along. Funding can be a problem for less wealthy countries, and some technologies are still not fully bedded down, such as e-Visas, which have a standard in development.” Belchick says it’s also about balancing security with convenience. If a country puts in more security, queues can get longer, so then more border agents, who are properly trained on the security features of each country’s passport, are needed. Mobile authentication and technology will also help secure borders. There are two areas that need development – having a standard on how you issue a mobile passport, and having portable devices to validate passports other than at the border. But standards for these mobile solutions are not yet well enough defined. Belchick concludes: “It’s reasonable to think that the travel industry could be impacted if the proper steps are not taken to secure borders. The technology is available to safely secure borders, and many countries are already taking steps toward a more secure border system. If the adoption of new technologies and policies continue, we could see restrictions and complexity of global tourism ease, spurring growth in that sector.”