Cross-platform, multi-workstation and multi-account authentication solutions for control centres

We now introduce the special case of a highly efficient security solution used in the ground control centres of the European space lab Columbus.

In the situations where off-the-shelf products reveal limits regarding security technology, and practicability cannot keep up with the requirements, we devise and develop, as required, also highly-specialised security solutions for our customers.

The access protection solution and what you can expect from it.

The access protection scenarios are determined by the typical workplace environment for control centres, i.e. in the same workspace a number of multiple displays and computer systems with several platforms.

With our multi-workstation, multi-account smart card PKI logon solution it is possible for a system operator on duty, e.g. a flight operations director, with a smart card linked to a single PKI and the corresponding PIN, at one and the same time to login to all computer systems of the workspace and also to be responsible for a variety of roles and functions.

All card actions are matched in detail to each other. When a smart card is removed, the solution makes it possible to determine, specific to the computer, for the total workspace whether a system is logged off or only disabled temporarily until the next system operator takes over.

Platform support and security

Linux, Solaris und Windows systems are integrated in the multi-display, multi-account authentication and are part of the same workspace.

Suitable processes of security technology ensure the reliability of the modules forming the solution. All communication connections are authentic and are secure against tapping.

Solution components

This impressive authentication solution consists of a well matched collection of security components:

These components include SEFIROT PAM smart card logon with a pluggable authentication module and the authentication client agents and ACA servers, SEFIROT PKCS#11 modules and Crypto Service Provider, a logon manager like the SEFIROT display manager, a screen lock program like the SDM workspace locker and the SDM screen lock, a monitoring component like the SEFIROT smart card event tracking component, with the smart card insertion and removal actions being recognised and followed by other actions.

PKI components, a central component of the multi-workstation, multi-account authentication solution:

A correspondingly designed public key structure and also logon modules and protocols which construct, check and analyse certificate chains and certificate extensions (subject directory attributes – SDA, distinguished name – DN and alternative name attributes – SAN, and others), are required in order for the operator to be able to authenticate him/herself with a PKI for multiple roles.

The solution is CA – designed to be independent of the trust centre. For the control centres of the European space lab Columbus the authentication each solution is linked with the UniCERT CA.