SafeGuard Cerbalon

Logging onto the operating system with smartcards - a convenient and secure way to log on to Windows

Every day computers users have access to a number of systems using a variety of logon methods: these range from using their employee pass at the company's front entrance to the passwords needed to log onto the various PC applications they use. There is no single method of authentication that can be used across all these different systems.

The increasing use of smartcards in companies, and national initiatives for the comprehensive introduction of electronic identity cards (eID) to all citizens, now provide the very first opportunity for creating a uniform authentication solution to meet all these differing needs.

Secure PC logon is one of the core requirements of every company and every organization. SafeGuard Cerbalon provides smartcard users with this essential security application. It ensures they can log on to the Microsoft Windows operating system quickly and conveniently. To do this, SafeGuard Cerbalon replaces the Windows logon password with a value generated in the smartcard itself, which means the user no longer needs a separate Windows password. Previously a user had to remember two passwords (one for the smartcard and one to log on to Windows), but now they don't need their Windows password at all.

SafeGuard Cerbalon's two-factor authentication for smartcards and passwords significantly increases a company's level of security. There is no way a user can pass on their Windows password to anyone else. At the same time, helpdesk costs are greatly reduced because forgotten passwords - due to overly-complex password rules and obligatory, regular password changes - are now a thing of the past.

SafeGuard Cerbalon supports all standard smartcards, in the formats issued by Trust Centers or as part of national eID projects, where they are used as forms of ID. Alongside smartcards, the tried and trusted USB token can also be used to log onto operating systems conveniently and easily.

Features

Security

  • Significant increase in security during logon via 2-factor authentication with smartcard or USB token
  • SafeGuard Cerbalon replaces the usual Windows passwords with certificate-based values and therefore protects users from compromising their operating system passwords
    • the generated password is not saved anywhere
    • no-one knows the Windows password so no-one else can find it out
    • protects against dictionary attacks and other interventions
  • Validity check of the certificates used with CRLs

Compatibility

  • Support for all chip cards with standard certificates (X.509v3; no certificate extensions required)
  • Examples of national card formats that are supported:
    • Belgian eID card
    • Estonian ID carte
    • Finnish FINEID card
    • Austrian citizens card
    • Swedish SEIS card
    • and many others
  • Examples of Trust Center cards that are supported:
    • Information Services (Bulgaria)
    • TIKS, Netkey (Germany)
    • TC-Trust (Germany)
    • s-Trust (Germany)
    • datev (Germany)
    • A-Trust (Austria)
    • MAV Informatica (Hungary)
    • and many others

System Administration

  • Windows Installer (MSI) -based installation
  • Configuration via Microsoft Management Console (MMC)
  • Auto Enrolment allows users to use their smartcard without prior central registration for logging onto the operating system
  • Requires no special, additional server components

User-friendliness

  • Automated Windows password change
  • Simple desktop block by simply removing the card

System requirements

Hardware

  • PC with Intel Pentium or compatible processor
  • At least 5 Mb free memory capacity

Operating system

  • Microsoft Windows XP/2000
  • Microsoft Windows 2003 Server Standard Edition

Network

  • All Windows-supported networks

Supplementary SafeGuard products

  • SafeGuard Easy for base encryption of entire hard disks or removable media
  • SafeGuard Advanced Security for central auditing, Plug & Play Management, Application Specific Access Rights etc.
  • SafeGuard PDA for securing Pocket PCs/smartphones
  • SafeGuard LAN Crypt for certificate-based file/folder encryption

Third-party suppliers

  • Smartcards or USB tokens are integrated using PKCS#11 or CSP interfaces. (PKCS#11 and CSP are not supplied. They are provided by the smartcard issuer.)

Interfaces

  • Microsoft GINA Client Interface
  • PKCS#11
  • Cryptographic Service Providers (CSP)

Standards/protocols

  • PC/SC
  • X.509v3 certificates
  • Certificate Revocation Lists (CRL)
  • PKCS#11

Available in these languages

  • English, German, French

Whitepaper

SafeGuard Cerbalon (PDF)

 
 
Copyright © 2004-2020 SafeSoft Kft. All Rights Reserved.