Unisys headed for token-based logical/physical access

Unisys has begun implementing a combined physical/logical access-control system based on a single smart card to gain computer and building entry for 28,000 employees.

According to Dave Frymier, director of information security there, the Unisys deployment is based on chip-based smart cards using the Aladdin Knowledge Systems eToken software. The eToken card allows Windows-based logon as well as building access via the Lenel Systems International physical-electronic access system that Unisys has in place.

“We’ve started with 50 pilot cards for our government group,” said Frymier, noting this seemed like the natural first step, since federal agencies have started using federally mandated dual-access Personal Identification Verification cards en masse for authentication.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Unisys has begun implementing a combined physical/logical access-control system based on a single smart card to gain computer and building entry for 28,000 employees.

According to Dave Frymier, director of information security there, the Unisys deployment is based on chip-based smart cards using the Aladdin Knowledge Systems eToken software. The eToken card allows Windows-based logon as well as building access via the Lenel Systems International physical-electronic access system that Unisys has in place.

“We’ve started with 50 pilot cards for our government group,” said Frymier, noting this seemed like the natural first step, since federal agencies have started using federally mandated dual-access Personal Identification Verification cards en masse for authentication.

Unisys, headquartered in Blue Bell, Pa., is acquiring the iClass card from the manufacturer HID and arranging for Aladdin to load its public-key infrastructure-based eToken software onto the card chip. “The Aladdin software both protects the card and talks to middleware on the Windows workstation that allow the login,” explains Frymier.

Other components in the Unisys dual-access for physical and logical systems includes Microsoft’s Identity Lifecycle Manager, which facilitates interaction between Microsoft Active Directory and the Unisys certificate authority.

While Unisys wants to roll out the dual-access cards as quickly as possible to 28,000 employees, it’s not clear how much time it will actually take given the complexity and the scale of the global Unisys operations. “It’s a little like wiring the house with the power on,” says Frymier.

Read more about software in Network World's Software section.