ID tokens tighten up security for users of motor industry portal

Covisint, the automotive industry web portal which links car manufacturers with parts suppliers, plans to encourage the industry...

Covisint, the automotive industry web portal which links car manufacturers with parts suppliers, plans to encourage the industry to replace passwords with secure electronic ID tokens.

The portal is stepping up its approach to security following a rapid growth in the number of suppliers and motor manufacturers signing up to use the system, which allows suppliers and manufacturers to share data and place orders via internet links.

Covisint has more than 120,000 registered users across 11,000 companies, but this is expected to grow to over 200,000 by the end of the year as more automotive suppliers and car manufacturers sign up to use the system.

David Miller, the company's chief information security officer, said Covisint will be encouraging suppliers and motor manufacturers to invest in secure tokens, despite the financial pressures faced by the industry.

"We have the ability to support out-of-the-box certificate-based or token-based authentication, but I cannot find companies that are willing to pay for it. I think people pay lip service to security, but when it comes to spending money, they are less enthusiastic," he said.

Miller plans to challenge this reluctance by highlighting that the advantages offered by Covisint far outweigh the $100 (£64) a year it costs to run a secure token.

"Now we have a user base of over 100,000 IDs, if suppliers adopt our federated log-in system, they get access to thousands of customers by default," he said.

Suppliers and car manufacturers using the system have made significant savings by eliminating the need to employ teams to manage large numbers of passwords to access web systems belonging to business partners.

"If you came from Bosch, you would have an ID for Ford, DaimlerChrysler, and whoever else you supply. Delphi, for example, has 20 staff just to administer IDs. That is a huge cost for suppliers," Miller said.

Motor manufacturers have also cut the cost of providing help-desk services to suppliers accessing in-house web portals, he said. The calls cost between $40 and $60, but 70% of the enquiries are from people who have forgotten their passwords.

Covisint is based on RSA's Secure Code software and passes XML-encoded credentials from users to the motor manufacturer.

Read more on IT risk management