Gemplus has announced a token-based authentication security system for mobile workers that it claims, will allow SMEs to buy into the technology for the first time.

GemEvidence is an off-the-shelf system consisting of authentication server, One Time Password (OTP) tokens, support and maintenance, which will be sold to customers through VAR (value-added reseller) partners.

The system is designed to directly replace conventional password security with one-time passwords generated using the token, a major benefit with remote and mobile applications such as VPNs. To date, such systems have been the preserve of large enterprises with pockets deep enough to absorb a myriad of hidden and support costs.

According to Marc Chancerel of Gemplus, the key to the lower cost of GemEvidence was that it was built around Windows, the dominant platform used by SMEs. Any administrator with the skills to understand Microsoft’s Active Directory could implement the system for themselves, greatly reducing deployment costs.

“Existing secure remote access solutions are aimed mainly at large companies. Due to the direct and hidden costs of such schemes they are not practical for SMEs,” he said.

There was no client software to maintain, and no staff training costs, making it even more attractive for hard-pressed SMEs looking for security without complexity. The tokens themselves could also be generated and managed on-site, increasing security.

The company was not willing to divulge unit costs, stating that this information would be made public by its partners at the forthcoming Infosecurity Europe Show at the end of this month.

Chancerel said that GemEvidence would suit any company in the mid-market space between roughly 250 and 5,000 employees with up to 1,000 mobile workers using VPNs. The authentication server could handle up to 500 concurrent connections.

The tokens were virtually immune from physical tampering because they did not use standard - and more easily hackable - CPUs.