El Canal de Isabel II, the water company of Madrid, has implemented an integral and unified solution for the identification and access control of their employees using the Safelayer KeyOne family products.
El Canal de Isabel II is a state-owned company dependent on the Autonomous Region of Madrid. It manages the complete water cycle of the region. Water is supplied to a population of over six million people. They have a 10.000 people staff where over 2.000 perform administrative tasks requiring the regular use of a computer.
"Through the use of an ID card printer and in only one step, KeyOne allows to save necessary information in the RFID chip, the cryptographic chip, the magnetic band and even print the photograph or other human readable data."
"Thanks to Safelayer digital certificates contained in the new ID card, the personnel of the water company will enjoy the streamlined and more secure administrative processes eliminating completely, or in part, the use of paper."
The water company had some access control services they wanted to preserve, some they wanted to modernize, and some new ones they wanted to introduce. Specifically, they intended to improve access control to the premises and extend it to computer systems.
Before the project deployment, employees held an ID card with their picture and basic data, as well as a magnetic band storing their identification code in the company.
The project wanted:
- To manage clock in/out and access control to the facilities.
- To include Single Sign On (SSO) in applications by using the “Smart-Card Logon” provided by the Microsoft Windows operating system.
- To protect e-mail messages by using the S/MIME protocol that offers security services concerning integrity, authenticity, confidentiality and non-repudiation in origin.
- To enable the possibility of electronic signature of documents to speed up internal processes.
- To manage the authentication in virtual private networks (VPN) and secure Web servers.
El Canal de Isabel II bid the project for bringing up to date their staff access system. Telefónica Soluciones,who obtained the project, proposed a unique ID card including data previously available:
- Visual information, such as a photograph or name.
- Information in the magnetic band with employee identifier for legacy applications, such as parking lot access control.
as well as new elements to fulfill modern functionalities:
- RFID Chip with MIFARE technology storing the identifier used for access control to the premises, in newly created applications and modernization of already existing ones.
- Cryptographic chip with employee information including a digital certificate with a pair of keys.
Telefónica Soluciones, added-value integrator of Safelayer products, developed this project on the basis of the KeyOne family products for developing the integrated issuing of unified ID cards required for this plan.
The KeyOne family offers a set of versatile and scalable products allowing, in a short period of time, to issue ID cards manually or by batches, according to the requirements of the client. Using an ID card printer and in only one step, KeyOne allows storing necessary information in the RFID chip, the cryptographic chip, the magnetic band, and even print a photograph or other human readable data.
Likewise, the KeyOne family offers the maximum guarantee of security and reliability, as certified by the Common Criteria with level EAL4+ under the CIMC Protection level of security 3 profile.
The water company of Madrid held LDAP and Active Directory directory systems, as well as Adabas database. Thanks to Scryptor a high level programming language, developed by Safelayer and available in all KeyOne family products, data was quickly integrated in the information management flow necessary for issuing ID cards.
Additionally to client requirements, Safelayer KeyOne Desktop was used for automatic digital certificate renewal, streamlining the management of a staff the size of the one at El Canal de Isabel II.
The use of a digital certificate grants higher security and convenience in the access control procedures. Users are univocally recognized within the company making unnecessary the use of passwords.
However, it is the use of the electronic signature that will allow simplifying processes and saving costs, by eliminating paper. Thanks to the ID card of the water company business processes will progressively benefit from the advantages of the electronic signature.
Finally, it is possible to electronically exchange critical information since the confidentiality and authenticity of data sent through e-mail or a private network is guaranteed.