Combine Physical and Logical Access with Passive Proximity Cards and Readers
Passive proximity cards have long been used for physical access into buildings and high security rooms. With XyLoc® Passive Proximity Card Support, you can now use the same passive proximity cards for access to a PC workstation.
User authentication is performed by XyLoc Security Server (XSS), which authenticates credentials against Microsoft Active Directory or a SQL Server credential database. XyLoc allows access to the workstation once the user is fully authenticated.
And with the XyLoc Single Sign-On (SSO) software option, users can then quickly and easily access their applications without having to retype their user names and passwords, saving time, money and calls to the help desk. XyLoc SSO further increases PC and data security, since users are no longer tempted to carry a password “cheat sheet” that can be easily misplaced.
XyLoc Passive Proximity Features
- Tap-In Authentication, including options for two-factor authentication (e.g., password entry)
- Tap-Out Authentication, requiring the user to actively tap out when leaving a station
- Inactivity Timers to provide a backup log-off mechanism when users forget to tap out
- Tap-Back In, which simplifies session restoration in some user access situations
- Tap-Over, which allows a new authorized user to ‘override’ a previous user’s active session
- One Session Support, allowing users access to only one PC at a time
- 2nd-Factor Authentication Timer, which adds flexible options for how often users are challenged for 2nd-factor authentication credentials
Passive Proximity Access: Pros and Cons
- Less expensive than Active RF cards
- Combined usage – passive prox cards typically also used for physical door access
- Simple to use
- No automatic walk-away security; users must actively remember to tap out of a workstation each time
- Adds window of vulnerability when relying on inactivity timers as a backup when users forget to tap out
- Often allows other nearby users to access PC and application sessions that they are not authorized to access