HID Global HID on the Desktop
Strengths: Enterprise capable, good management capabilities.
Weaknesses: Ability to store other certificates on card.
Verdict: Very nice two-factor authentication solution, easy to use, strong management.
SummaryHID on the Desktop provides on-card data storage for secure credentials for both iCLASS and Crescendo cards. Crescendo is a series of highly secure smart cards designed to enable thousands of standards-compliant physical and logical access applications.
The HID iCLASS 13.56 MHz read/write contactless smart card technology can be used for diverse applications, such as access control, biometrics, cashless vending, public transportation, airline ticketing and customer loyalty programs. We were provided with the iCLASS cards for our review, while naviGO is the management software that enables centralized security policy and simple credential management.
We evaluated the workstation version of the management application, the HID USB OMNIKEY Reader and iCLASS smart cards. We were provided the naviGO server application, but were unable to test it due to an outage on the vendor's licensing server during the timeframe we conducted our test. We did review the documentation and will discuss the applications capabilities later.
The installation requirements for the workstation software included .NET Framework 2.0 or higher. The application loaded easily. Once deployed, we set up our smart card access to provide two-factor authentication for our domain login. There was a nice wizard for enrolling the card and setting up the user credentials. When we rebooted, the Windows GINA was replaced with the HID access request to present our card for access. Since we were provided contactless cards, we did not have to insert a card into the reader. Rather, we could touch the card to the reader. We entered our PIN that we set up earlier and were granted access to our test system.
The server application can provide the enterprise reporting, logging and management. It supports AD integration, centralized reporting and event logging. It can be used to create workflows, as well as enabling, resetting, revoking, disabling and replacing credentials.
The documentation was excellent. Basic support includes eight hours a day/five days a week email and outbound call back.