Dell and HID: Convergence?
Convergence typically describes political or process integration. Beyond buzzword, it very seldom takes shape beyond in hardware. In this note, we detail a rare example of 'true' hardware convergence, examining a partnership between credential provider HID and computer manufacturer Dell.
Embedded iClass Reader
For several years, Dell and HID have furnished card readers as an embedded option [link no longer available] in business class laptops (such as Latitude and Precision). The readers are designed to operate with HID Crescendo and iClass cards for contact credentials, and iClass for Contactless operation in the 13.56 MHz formats. The image below is an example of the embedded reader:
HID provides a stand alone credential management application named 'naviGO' to provision credential access on computers. Dual authentication security is possible when this form of credential is configured to be used with fingerprint scanners or PIN entry.
Dell has designed this application to run at a pre-OS level, requiring valid credentials for the computer to completely boot for use (termed 'PBA', or 'Pre Boot Authentication'). This provides an additional measure of security because many methods of data exploit require the computer to be fully booted and resident for success.
The additional cost of embedded readers vary by platform, typically cost less than $50 USD per computer. This is provided when configuring a laptop on Dell's website but may not be able for all configurations, depending on other product options selected.
This functionality is available for other computer manufacturers using an external USB reader. These mutli-format readers must be plugged into a fully booted computer in order to register, but can be purchased online for around $50 per device. The most commonly cited is Omnikey and a picture of it is provided below:
With this, previously issued credentials for Electronic Access Control (EAC) Systems can now be used to provide logical access. This streamlines authentication and results in less passwords to remember and manage. Taking advantage of a previously issued credential lowers the overhead and administration costs of new credentials.
Convergence occurs through reuse of the credential rather than integration of the systems. The physical access and logical access control systems remain separate. However, the same credential used in the existing EAC system can now be used in the logical one. The administrator will need to take the badge number of the credential used in the EAC system and enter in to the logical system.
Unfortuantely, as important as 'convergence' sounds to be, many vendors struggle to adopt any tangible examples. This is a example of convergence beyond concept. Two industry players have collaborated in a smart way, and the end result is an integrated security method useful to end users.