Case Study

TrustBuilder handles millions of authentications a day at EUROCONTROL

EUROCONTROL is an intergovernmental organization with 41 member states. To support its mission of building a Single European Sky that can deliver air traffic management for the 21st century and beyond, EUROCONTROL has automated many of the interactions between its own operational applications and the applications of its partners. “We have a divergent set of external users of our operational applications,” says Zdravko Krastev, Sysadmin at EUROCONTROL. “We connect to many players in the field of aeronautics in Europe and globally. In fact, with everyone who is involved in European air traffic: control towers, airports, service companies at airports, local aeronautic service providers, etc.” 

 

“The solution is so robust that we rarely need to call on TrustBuilder. When we have upgrades to the system, we work closely together, and so far these projects have always been delivered on time and with the expected result. We are very happy with our partnership with TrustBuilder.”

– Zdravko Krastev, Sysadmin at EUROCONTROL.

eurocontrol logo

Tokens and PKI certificates

Each separate request to the operational applications must be authenticated, either by the use of a token or a PKI certificate. As a user of IBM Security Access Manager, the organization needed to find a solution that brought an external authentication interface to ISAM. TrustBuilder provided that solution. “We need increased security,” said Zdravko Krastev. “That’s why we don’t use simple user/password combinations but rely on tokens and certificates. TrustBuilder makes the bridge between IBM Security Access Manager and the RSA server for tokens and GlobalSign certificate authentication.” 

Mission critical and robust

These authentications are very sensitive and mission critical to EUROCONTROL. “If these authentications did not happen, that could cause disruption,” said Zdravko Krastev. That’s why the access management system is also isolated from the EUROCONTROL network. Only the WebSEAL servers are allowed to receive traffic.

Most of the authentications happen between applications, without human intervention. “Each of these applications has different permissions and authorizations, but first they have to be authenticated. That is done by ISAM with the help of TrustBuilder.” Currently, authentication happens on the basis of tokens or certificates, but EUROCONTROL is also investigating other authentication mechanisms such as One-Time Passwords (OTP) via SMS. This is also one of the many authentication mechanisms TrustBuilder supports.

On a daily basis, millions of these authentications are handled by TrustBuilder. “The solution is very robust and performs very well,” said Zdravko Krastev. He is also positive about the collaboration with TrustBuilder. “The solution is so robust that we rarely need to call on TrustBuilder. When we have upgrades to the system, we work closely together, and so far these projects have always been delivered on time and with the expected result. We are very happy with our partnership with TrustBuilder.”

Challenges

  • EUROCONTROL was looking for an external authentication interface to ISAM. 
  • The solution needed to support authentication through tokens and PKI certificates. 
  • As the EUROCONTROL operational applications are mission critical, the solution needed to be robust and high-performing. 

Results

  • TrustBuilder supports authentication through tokens and PKI certificates, and can also support other authentication mechanisms in the future. 
  • TrustBuilder is robust and handles millions of authentications a day.  

About EUROCONTROL

The European Organisation for the Safety of Air Navigation, commonly known as EUROCONTROL, is an international organization working to achieve safe and seamless air traffic management across Europe. Founded in 1960, EUROCONTROL currently has 41 member states and is headquartered in Brussels, Belgium.

eurocontrol logo

Implemented Technologies

Strong Authentication

M2M authentication

OCSP check

PKI

RSA OTP validation

Authorization