Achieve enhanced security at ideal cost by utilizing the existing infrastructure
In Toyo-Tec, password management had an important position for the management of internal control. The background was that users were required to update passwords every six months in accordance with an internal provision, and the company spent a great deal of time and effort to manage the change of ID/password.
It is currently not necessary to store IDs/passwords after introduction of the IC card authentication by utilizing the conventional infrastructure. And therefore the risk of information leakage and the time for changing them are also reduced and the convenience of management is improved as well. We consider that the authentication function will be expanded to support tablets in future.
IC card authentication has been adopted by leveraging existing infrastructure.
We propose various security systems as a security company. However, we have some experience in security, and we were interested in the field. We had an issue of internal control and learned about the fingerprint authentication of DDS. We were aware of the possibility of authentication with IC card, and then started to study for the adoptation of a system for internal control.
We had an impression that fingerprint authentication of DDS had very high performance with few errors. However, the difficulty for us was in terms of cost if we purchased a number of units. Then the possibility to introduce the system for IC card authentication that had already been employed for entry/exit was highly expected. The decisive factor was that IC card authentication could utilize the existing infrastructure. Furthermore, another important decisive factor for us was the fact that the system from DDS was capable of supporting various special systems, such as office computers and dedicated software.
User’s burden is reduce and superior usability can be experienced
Before introducing IC card authentication, we adopted manual ID/password authentication. In this case, the user needs to remember multiple IDs/passwords for the respective systems. Therefore, many users use the same ID/password for multiple systems and there was risk of security. On a single PC shared by multiple personnel, the same IDs/passwords are used and there was a problem that it was impossible to identify who did what and when on the terminal. Furthermore, it was required to update IDs/passwords every six months in accordance with the internal provision and a great deal of effort was required for updating and managing them.
In the meanwhile, after introducing IC card authentication, the concept of ID/password had disappeared, storage and update of IDs/passwords have not been required, and then risk of information leakage has been reduced. The system is highly appreciated by the user, and its superior usability is experienced, and then we consider proposing the system to our customers as our merchandise. We have already sold the security system for entry/exit management, and we think we can propose attractive merchandise by adding some plus alpha functions to the existing system.
There is a lot of work such as reloading data etc.
On the other hand, there is a concern about the loss or theft of IC cards. Since the manual password authentication is not permitted currently, a staff member who forgets the card must receive a guest card from the Administrative Department and then be registered in the Information System Department for authentication. In our company, the cards are reused. If there is a retiree, the registered data on the retiree’s card will be deleted by the Administrative Department and new data will be registered when the card is handed to a new employee. It is required to update card information at the time of personnel change in our company. Since personnel changes will take place largely in spring and autumn, the current situation is that a certain amount of time and effort will be spent processing card information. In order to mitigate this work, we look forward to the development of a system capable of reloading the registered information at once.
In case of troubles, support considering individual needs is comfortable.
We had a hard time supporting office computers at the time of introduction. There were two types, one using dedicated software and the other using processing on the Web. It was impossible to support them in the ordinary way, so we requested that DDS dispatch their SE for an investigation. It was comfortable for us that the same SE comprehending all trouble cases in the past supports these kinds of troubles. We could be familiar with the SE who supported our problem. Unlike perfunctory telephone support from major companies, DDE provides individual supports corresponding to our respective needs. This is also the advantage that we felt after introducing the system.
And it was good for us that the trial period for introducing and operating the system on our server was provided for several months for study. Since we could learn about problems during the trial period, we could support actual emergency problems appropriately after evolving the system.
We will expand our IC card authentication and study for introducing the biometric authentication partially.
In our company, IC card authentication is not 100% yet, and the manual ID/password authentication is partially used. We intend to expand IC card authentication in these field in future. Furthermore, if tablets of which introduction is currently studied becomes utilized in earnest, enhancement of security must be considered and the necessity of IC card authentication will increase. We feel that biometric authentication, such as fingerprint authentication will shortly be introduced partially in future on some security levels.
- Company name: Toyo-Tec Co., Ltd.
- Address: 1-7-18, Sakuragawa, Naniwa-Ku, Osaka City, Osaka
- Overview: Toyo-Tech Group set their core business to electronic security business and building maintenance business, and makes a wide range of businesses including transport security services, facility security services, contract management business, insurance agency services, call center operations, construction and equipment sales. The company constructs systems supporting all security needs.
- Website: http://www.toyo-tec.co.jp/