Since its formation back in 2005, security and authentication specialist Winfrasoft has been offering its technologies into a number of vertical markets, most notably the National Health Service, and ITSP caught up this week with Steven Hope, the firm’s IT director, for a catch-up session on how the use of authentication within the NHS is shaping up.
Winfrasoft’s Health Access System (HAS) is billed as a secure access solution enabling NHS Trusts to gain greater value from the NHS CRS smartcard – in active use as a employee identifier across the public healthcare sector – by using the card to provide secure and easy access to all resources.
Built on the Microsoft Forefront Edge Gateway server platform – and tapping the Versatile Security vSEC:ID Client – Winfrasoft claims that HAS is the first solution to enable the use of the NHS CRS smartcard for true SSO (single sign on) authentication, providing access to all applications, as well as the NHS Trust networks, while significantly reducing IT costs and helpdesk calls.
Back in December of 2009, Microsoft announced the release of Unified Access Gateway 2010 (UAG) – the successor to Intelligent Application Gateway (IAG) in the Forefront Edge Gateway server range.
Hope told ITSP that his firm supplies three main offerings into the NHS: Web Single Sign On, Remote Access, and Self Service Password Reset.
The Winfrasoft HAS solution, he explained, binds the NHS smartcard to the active directory user name and password credential used in the Trust so that when it is presented it is immediately recognised.
Deploying authentication technology in the NHS – and other markets – says Hope, is made easier by offering clients a software development kit – as well as embedded code to allow them to include “five lines of code” on their Web sites and other gateway applications.
The authentication process is also supported, he says, by the use of authentication apps on all the major smartphone platforms, although, he concedes, the server programming code is a lot more complex.
Perhaps surprisingly, Hope told ITSP that, whilst Winfrasoft is a member of the OATH open source authentication project, much of its security technology is based on proprietary code, which has allowed it to develop smartphone authentication and simple code elements for clients.