01:31 PM
Vicki Gerson
Vicki Gerson
Connect Directly

Who Goes There?

Excel Bank Minnesota picks Datakey smart card solution to authenticate network users.

Excel Bank Minnesota (Minneapolis; $430 million in assets) needed to provide employees with an intuitive, secure method to access the bank's six to seven network applications. Excel's 70 employees had so many complex passwords to connect to the bank's network that it was "a nightmare for them to remember them and keep them synchronized," says Craig Boivin, the bank's CIO. "It was a challenge for both employees and IT."

The authentication system Excel Bank had used required employees to provide a password to access the network and another to access its Open Solutions (Newmarket, Ontario) core banking system. And some employees needed more passwords to access credit analysis modules.

"Every time someone would return from vacation, we would have to reset their passwords," Boivin says. "In addition, a few times a week, people were forgetting their passwords and we'd need to reset them."

Determined to solve the problem, the bank sought a solution that would be easy for employees to use but still provide adequate security. This drove Boivin to find a solution with single sign-on and two-factor authentication. "We wanted employees to have a physical card, plus a PIN number in order to gain access to the system, with the system managing all the passwords," he relates.

In the second quarter of 2003, Boivin started looking for a solution to the bank's security issues. He tried various products in the third and fourth quarter of that year. "We'd call in a vendor and say we wanted to test their system. Of the two vendors we tested, one would have required us to have a device that would randomly generate a nine-character number that the employee would type into the password field, plus a PIN. This was too complicated. Another vendor didn't have single sign-on capability." Boivin declines to name the vendors.

In the fourth quarter of 2003, however, Boivin met a representative from Minneapolis-based Datakey who gave Boivin the software and card readers to try. While testing the software in the first quarter of 2004, however, Boivin discovered an issue with the core banking system passing on user names and passwords. "Datakey modified their software for us quite quickly," Boivin notes.

Smart Solution

Early this year, Excel signed a contract with Datakey for its Datakey Axis software and smart card network security solution. The product, which required just 2 percent of Boivin's capital expenditure budget, was easy to implement, and it interfaced with the bank's Citrix application servers, he says, adding that no infrastructure changes were necessary for the deployment.

A consultant from Datakey provided training in just one day to Boivin and his two support people. Excel Bank rolled out the solution in September to all of its employees. A card reader sits on each employee's desk, and the employee places the smart card in the reader to access the system.

The software works with Open Solutions by recognizing its log-in screens and maintaining a single sign-on experience. All passwords are stored on the smart card, so employees are unable to give anyone else their passwords. In fact, passwords are changed periodically and even the employee doesn't know what they are. (Employees do have their own PINs.)

According to Boivin, the system forces people to behave in a responsible manner. "People can't enter or leave the building without their card, so they can't leave it in the system or forget it at home," he says. "Another additional advantage is that our business bankers can access the system from their homes and about 30 percent of them are using the remote access capability."

In 2005, Boivin would like to roll out this capability to some of Excel's customers.



- Institution: Excel Bank Minnesota (Minneapolis).

- Assets: $430 million.

- Business Challenge: Provide employees with an easy-to-use and secure method for accessing applications.

- Solution: Datakey's (Minneapolis) Datakey Axis software and smart card network security solution.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This is a secure windows pc.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.