Die spanische Supermarktkette Dinosol und der branchenführende Waagenhersteller Bizerba setzen für den sicheren Login der Angestellten an POS-Geräten auf zeitgemäße, kontaktlose RFID Technologie von evolutionID und RFID-Reader von Elatec.

Spanish supermarket chain Dinosol and industry-leading scale manufacturer Bizerba rely on contemporary contactless RFID technology from evolutionID and RFID readers from Elatec for secure employee login at POS devices.

The Corona pandemic has further strengthened the long-standing trend toward home offices and shared desks. Dedicated workstations and compulsory presence will soon be a thing of the past. This saves costs and protects the environment. However, the shared office needs to be well organized and secured. A flexible digital identity can help.

Working from home is booming: For infection control reasons in particular, home offices were even compulsory1 in Germany for a time. However, this regulation was by no means inconvenient for the majority of employees: In a study by IBM, 75 percent of those surveyed said they wanted to work at home at least occasionally, and 54 percent would even like to relocate their office to a home office for the most part.2  In any case, the environment benefits from the new trend, because fewer trips to work also mean fewer CO2 emissions.

Employers also welcome the new trend, as it brings tangible cost benefits when combined with flexible office space concepts. In the shared desk office, there are no longer any permanently assigned workstations and therefore no deserted areas whose users are on vacation, on a business trip, on training, sick or even in the home office. Office chairs and desks are constantly reassigned as needed. Around one in five people already work this way, and no negative effects on motivation or well-being have been observed.

However, the new office concept requires sophisticated building technology and forward-looking, networked resource planning. If the space required is calculated too generously, the cost savings will be reduced; if too little space is calculated, not everyone who wants to work in the company office will be able to find a place there. Access control also needs to be tailored to the shared desk concept. That’s because as workstation assignments keep changing, social control diffuses toward people outside the company. The constantly changing conditions prevent a permanently optimal configuration. The system must constantly adapt. If identity management is distributed over several instances, this can quickly become a burden for personnel, office and security management.

evolutionID offers the appropriate answers to the challenges of the shared desk age. This already starts with the booking of the workstation via an IDfunction process: Those who want to work in the company can conveniently reserve a seat online with their browser and receive a confirmation email. This prevents overcrowding, and the booking figures can be used to calculate exactly how many workstations are really required.

From the information stored in the digital identity, the allocation system can directly deduce whether, for example, a workstation suitable for the disabled is required or whether the employee needs a garage parking space. A locker can also be provided on a temporary or permanent basis, which the employee can conveniently open with his or her company ID card. Of course, access to the office is then also open – and only in the areas that the respective employee really needs and only at the times when he is registered and logged in. These application examples could be continued at will.

Every time the company office is used, a large number of systems are involved. However, there is no need to fear a Babylonian confusion of data and rights in modern systems. This is because the booking system, locker, access control and all other authorization-relevant systems access one and the same digital identity. If an employee loses his or her company ID or leaves the company, all issued authorizations can be revoked with a single mouse click.

Of course, dynamic workstation assignment with its accompanying functions is just one example of the complex uses of digital identities – and the potential of IDfunction. At evolutionID, we always configure and customize our product so that it integrates into the customer’s IT and HR landscape. Because our conviction is: The software has to adapt to the business – not the other way round.

Whoever creates clear conditions saves unnecessary additional work – not only in the shared desk office.

 


1Quelle: Juris.de | 2Quelle: IBM | 3Quelle: Fraunhofer Institut

Access to the company, one’s own locker or access to a network drive: For each employee, a large number of authorizations and accesses have to be assigned – on a wide variety of systems. A central ID management system makes this much quicker and easier.

From a security point of view, the integration of the new employee into the company takes a real all-rounder in many conventional IT environments. He or she must know how to operate the PACS user interface, be familiar with license plate recognition in the parking garage, and of course with the central Active Directory structure of the entire company. But who do I have to notify again so that the new person is handed their notebook on the very first day? We have a list like that somewhere…

Heterogeneous structures

Particularly in large companies, the system landscape is often – let’s say – an evolved infrastructure. There are many different systems, with just as many different user interfaces. And their operation is often reminiscent of the IT days before the introduction of the computer mouse; it was not the document itself that was called up in those days, but first the program responsible for processing it. And in a similar way, HR and security management has to work their way through the entire system landscape each time in order to assign a person the authorizations he or she needs.

That’s why we’ve designed IDfunction, the results-oriented solution.  Specific authorizations can be assigned to each person simply by clicking the mouse. This works consistently in a web interface on a wide variety of end devices. For example, if you want to grant access to the second floor between 9:00 and 18:00, you don’t need to know which system is in use there. All necessary parameters are stored in IDfunction so that the user doesn’t need to worry about it anymore. The same applies to the assignment of objects, notebooks or cars. Even if individual security systems are changed or replaced, the HR employee always sees only the familiar and functional user interface. In this case, only the integration is updated.

Automatic notifications

Just like the assignment of authorizations, the notification system is largely automated and freely configurable. When an access authorization is reassigned or revoked, an automatic notification is sent to the user. If the parking space is assigned to him, IDfunction automatically prompts him to provide his license plate number so that the license plate recognition system will let him into the company garage on the very first day. If he receives a company notebook, IDfunction instantly informs support when and where to provide the device.

Such an automated system can also react much faster to security threats: If a badge is lost, all authorizations can be blocked with just one click. IDfunction ensures that not a single unauthorized access remains even in the furthest corner of the company EDP.

Last but not least, this enables targeted hygiene and pandemic management: if incidences increase, for example, access authorizations can be reconfigured so that employees encounter each other as little as possible. The notification system then informs everyone affected that from Monday, for example, they will only be allowed to enter the plant premises via Gate 2 between 9:00 and 9:30. In this way, hygiene concepts can be implemented quickly and reliably – without anyone standing unexpectedly in front of a locked door.

Individual customization

An identity management system provides a central solution for managing authorizations in a wide variety of systems.

We have consistently implemented this principle in IDfunction: intuitive in operation, functional in the application. We achieve maximum efficiency through cross-system integration. As a service provider, we customize IDfunction according to your individual requirements – across all system boundaries.

 

 

Would you like to analyse RFID cards, present your customers with a migration concept or add an access application to the employee ID? Then the RFID TAG analyzer is your perfect companion!

The tag analyzer can be used to analyze all RFID media and create corresponding PDF reports.

You can find all further details about the reader and software package in our flyer:

Establish a central digital identity, organize and automate recurring administrative processes in HR and security in a decentralized manner, independent of time and location: IDfunction makes ID management in the company a good deal easier and more secure. Our system not only saves resources and costs, but also increases acceptance.

When it comes to digital identities, evolutionID has been the right partner for over 20 years:  We develop and distribute professional and AI-based ID management systems for public authorities, large companies and SMEs, for clinics and student unions. The focus is always on increasing efficiency and automating processes: Recurring administrative processes, such as personnel or visitor handling, must be mapped and executed as efficiently as possible in the ID management system.

This is more complex than it first appears: In modern companies, every employee needs a variety of credentials: They have to authenticate themselves for access control, time recording, PC log-on, and the payment system in the cafeteria. They have to identify themselves when they use certain machines or when they pick up or return work clothes. To disentangle this complexity, to implement the administration intuitively and user-friendly, that is the goal of our ID management system IDfunction, which we developed ourselves from scratch.

For authentication, each employee needs a personalized ID card, printed on both sides with a photo, personal details and, of course, an RFID chip according to common standards such as Legic or DESFire. This chip must be activated for the various security-critical areas. Today, this is often done by registering the card with each individual system. This can be done, but in practice it is quite error-prone and cost-intensive, and above all risky!

If you have to register every newly hired employee with numerous island systems, from access control to machine use to laundry output, this initially costs unnecessary time and money. But real security risks arise when a lost or stolen badge has access authorizations for sensitive areas and cannot be blocked quickly enough from all relevant security systems in a fragmented system.

A central digital identity, which is accessed by all security-relevant systems, forms the basis for optimizing processes such as the hiring or termination of an employee, but also the blocking management of badges that are no longer valid, in such a way that not only many unnecessary entries but also security gaps are avoided. The efficiency of the implemented processes therefore reflects the security level 1:1.

We are firmly convinced: The security of a company is the result of individual efficiently implemented processes. Following the KISS principle – Keep It Save and Simple – we have developed our own intuitive, innovative and AI-based ID management system: IDfunction. Via this central ID management system, important processes are organized decentrally, independent of time and location. In this way, we save resources, increase efficiency, raise the level of security – and drastically reduce costs.

The selfie for the employee ID card

What does this look like in practice? Imagine acompany with 30,000 employees that introduces an ID management system. HR data is provided automatically via interfaces, and individual authorizations are configured. But to produce an employee ID card, it still needs a photo that uniquely assigns the card to the employee. The optical identity is part of the digital identity.

If you invite every employee to the photo session, you can multiply the number of employees by several minutes of walking plus the time for the photo. In this way calculate what an employee  could have done better with this working time – and what the whole action will cost the company.

With IDfunction,every employee or visitor can take their own picture using different end devices, for example, via smartphone, tablet or PC client, or upload an existing picture. A platform-neutral, browser-based user interface makes it possible. AI-based face recognition accompanies the user during the capture, and the result is a perfect and valid photo. The image background can be automatically extraacted via AI and replaced according to CI specifications. Optionally, the image can even be subjected to further automated verification to determine if it meets the requirements of a true biometric image.This feature is a must for any government agency. The image is then available in the system, and the person responsible for further processing is automatically notified, for example by e-mail or SMS. She now knows that the photo is available for the production of an ID card.

Streamlined photo capture is just one of countless examples of professional and efficient workflows that a contemporary identity management system like IDfunction offers today: Processes are decentralized, workloads are reduced. 

We see our task not least in identifying the relevant processes at the customer and implementing them automatically in IDfunction. These processes are just as complex and diverse as our numerous customers. So our system will never be completely finished – and we think that’s a good thing, so we would be happy if you continued to follow us.

Even this article will never be finished – because we will inform you step by step about further functions and application areas of IDfunction.

Stay excited…

Dear friends and business partners,

A very special year is coming to an end! A year with many new challenges, but also positive experiences and impressions. A year that has taught us that many things in our everyday life cannot be taken for granted.

We are grateful for all the moments and experiences that we were able to share within the framework of our relationship and cooperation.

In this sense, our warmest wishes for a Merry Christmas and a good, HEALTHY and HAPPY year 2021.
Your evolutionID GmbH

What the pandemic app and Alexa have to do with digital identities

Used correctly, digital identities can make our lives much easier and more secure. However, there is a great deal of distrust of data collections of all kinds, which often results in our not taking advantage of modern technology. Practice has shown, and not just since Corona, that you have to create trust if you want to use centralized data sets effectively.

It is a well-known fact that China can point to successes in combating the pandemic. In the People’s Republic, modern digital technology is used consistently to collect, concentrate, and analyse personal data: Digital identities are linked electronically with tracking data, making it much easier to trace chains of infection.

Infection protection – not at any price

Nevertheless, nobody in this country may take the Far Eastern strategy as a model. The “Chinese model” is a little too strict for us. True to the motto: data that is unavailable in digital form cannot be digitally abused, our health authorities prefer to rely on handwritten contact lists and telephone tracking – a procedure that quickly reaches its limits, however, as the number of infections increases. And the Corona app, complains columnist Patrick Bernau in the FAZ, is “permeated by an almost paranoid data protection”. “The Corona functions do everything possible to ensure that nobody can somehow find out who met whom. The fear that data could fall into the wrong hands seems far greater than the fear of an uncontrolled spread of Covid-19. The “transparent citizen” must be avoided, even at the risk of making life more difficult for us in many areas than it already is in times of pandemic.

However, many contemporaries seem to have far less resentment against getting a little helper called Alexa into their living room – a microphone that transmits voice recordings to an unspecified server in the USA. And when looking for a restaurant, people also willingly entrust Google with their current location and general preferences. After all, our digital identities at Google, Facebook and other companies are practical: server capacity, digital maps, guidance systems and assistants are provided free of charge. At best, we have to pay by looking at advertising that is personalized precisely to our needs.

The benefit-risk principle

The ultimate level of acceptance of digital identities is therefore obviously crucially dependent on the immediate benefits they offer and, above all, how much trust users place in the person who collects, manages and secures them. This applies to democratic states as well as to companies.

It remains to be seen to what extent the almost boundless trust that many of us place in search engines, e-commerce and social networks is justified. Equally justified is the question of why some of us mistrust one of the world’s most stable democracies to such an extent that they do not even want to cooperate with the German government in overcoming the most serious crisis since World War II.

It remains to be noted, however: Google, Facebook and Co. are not exactly the guardians of data protection – but they do at least tell us in advance exactly what they want to use our data for: We should be encouraged to consume. Whether do we do this then remains our final decision. The police, on the other hand, often decide in our favor: personal data that we have actually stored for contact tracing and pandemic control are, once they are there, also used to pursue petty criminals.

Clear concepts instead of retained data

Who collects and bunkers data according to the squirrel principle – freely after the foreign exchange: In the future we will certainly think of great second and third utilization possibilities – that should not be surprised about lacking acceptance. Away from the black box, towards transparent data protection, that is the advice we give our customers when it comes to digital identity.

Of course, first of all the data stock, the data centre must be secured against external attacks. This includes firewalls, encryption, multi-factor authentication and employee training to prevent spear-phishing.

What we experience again and again in our daily work: Protection from hackers is important – but at least as important for the acceptance of digital identities in the company is a clear data collection and evaluation concept that is communicated seamlessly from the outset. What personal information is collected? What will the collected data be used for? Who receives which access rights? These three simple questions must be clarified in advance, together with the works council and the workforce. Compliance with legal data protection regulations as well as internal company rules must be enforced according to the role principle and it must be possible to verify them at any time. Secondary evaluations without prior consultation are taboo. However, it is important to make clear what advantages the system brings – for the company as well as for the employees. Greater security, simpler processes and more efficient administration are arguments that everyone is open to – if they know that their data is being used responsibly.

Trust is based on information and reliability, and this is especially true for digital identities.

Identities can be managed in very different ways, as a glance into one’s own wallet proves – or into one’s own company, into one’s own organization: A jumble of identification systems does not make identity management any easier or more secure. If you want to know how to do it more efficiently, also and especially in the implementation, you should not miss our company blog posts.

I get into my car, want to sit down – and there it is again, the pressure from behind. Not only does my wallet now look extremely unattractive, it also causes me a lot of trouble. The thick, tattered leather case holds a multitude of bills, coins, cards, slips of paper, and identity cards, all of which serve the same purpose: To certify who I am and what I have. However, I have to guard this unsightly piece like gold, a loss would result in considerable financial losses and numerous administrative procedures.

In my head, things don’t look much better when it comes to identity management: I have to remember a heap of PINs, passwords and login procedures, otherwise I won’t be able to access my money or my PC, or even the Internet store that won’t give up its socks unless you open an account with it. None of this is practical, and some doubts about data security in the digital sock-store may be allowed.

We may want to do so…

Unfortunately, in many German companies and public authorities things are similar to what happens in my wallet and my head: There are “grown structures”. In addition to electronic access control, the good old key box still needs to be managed, a password is needed for WiFi, in the canteen people pay with a separate cash card – and when it comes to who is allowed to use which machine and which vehicle, they rely on a secretary who was summarily promoted to identity manager. When it comes to digitization, German public authorities are often far better than their reputation – but that’s not to say that there isn’t still room for improvement in identity management.

Now we all know that lost keys often result in very costly replacement procedures. We know that static passwords are insecure and machines are dangerous in the hands of untrained employees. We know that distributed and unnecessarily duplicated personal data does not make administration any easier.

It is probably not a new insight, that it would actually be more efficient, convenient and secure to finally centralize all identity management. The idea of an integrated digital identity is probably almost as old as digital technology itself. But many people are asking themselves, not without good reason, whether such a radical change in critical processes would not unnecessarily throw a spanner in the works. Many also fear new data protection problems as well as trouble with the workforce and citizens, who always see digital identity as nothing more than “Big Brother”.

… but it’s the implementation that counts

These concerns are absolutely justified. For example, anyone who calculates the enormous effort it would take just to have all the employees of a large company quoted to a photographer for a new company ID card knows what corporate leaders fear. Anyone who knows the GDPR/DSGVO-regulations knows how quickly one becomes liable to prosecution, if one accumulates too extensive personal data.

The devil is – you guessed it – in the details: Identity Provisioning, as we call it, is all about re-connecting what is tried and tested in the right places, replacing what is outdated and replacing what is cumbersome with something more practical. It is important to develop individual solutions without constantly reinventing the wheel.

In our new company blog, we would like to show you step by step how this works, what the benefits are and how to proceed. We will show, for example, how data acquisition can be achieved cost-effectively, how the changeover can be made without interrupting operations, how you can avoid trouble with the DSGVO and the works council, what role AI plays in this – in short: How you can make your company and your processes more secure, more efficient, more competitive and more user-friendly with modern Identity Provisioning.

Here you will find success stories as well as basic opinion and hands-on articles. But of course, a blog also lives from the contributions of our community. Tell us what you’d like to read, what problems you see in terms of identity management, what experiences you’ve had, what solutions you’d like to see.