Making Belgium's sea ports secure
Alfapass is a leading provider of identification and authentication services in the Port of Antwerp-Bruges. The company secures terminals for numerous logistic companies and enables physical and digital authentication for 45.000+ dockers, truckers and visitors.
The Alfapass Smartcard, their physical authentication token, is still widely used by users to enter terminals and vehicles and pick up containers. But as leading, forward-thinking companies do, the people at Alfapass knew they needed to offer a digital authentication solution.
“Mobile authentication is a logical step for various reasons”, according to Els Desloovere, Alfapass’ Account Manager:
Firstly, we’re tailoring our services to our users’ habits. They use their mobile phones in nearly every aspect of their lives. It only makes sense for us to digitise our physical token and all its capabilities. On top of that, a digital solution enables app-to-app integration, which helps us prevent the purchase of hardware like physical terminals.
The inevitable digitisation of its solutions aside, Alfapass also needed to comply with the Certified Pick-up (CPu) regulations that the Port of Antwerp-Bruges implemented. CPu is a mandatory application for container release at container terminals. The legal framework is included in the Port Police Regulations.
“These requirements mandate and regulate the use of biometric authentication in the ports. The user’s biometric data can’t be centralised and can only be accessed and stored by the user. Given these stipulations we chose to roll out mobile biometric authentication that only the user could manage for security and usability reasons.”
Why Alfapass chose nextAuth
nextAuth came on Alfapass’ radar through another use case. One of its employees knew that nextAuth provided KU Leuven with a mobile authentication solution and contacted us for a preliminary discussion.
“We needed a solution that excels in usability and maintains the highest security standards. On top of that, the new solution had to guarantee non-repudiation and admissibility of all authentications.”
nextAuth checked all these boxes and provided Alfapass with a mobile passwordless MFA solution tailored to their needs.
What nextAuth provided Alfapass with
- 45.000+ end users can now access a locker, a vehicle, a terminal or any other building with a fingerprint or face scan on their phone.
- The private key -which is securely stored on their mobile device (something you have)- is combined with a custom implementation of a biometrics SDK in the MyAlfapass mobile app, preventing interception—the users’ mobile phone accounts as a full-fledged factor of the authentication setup.
- New employees and one-off visitors can now quickly onboard thanks to nextAuth’s mobile SDK, which complements Alfapass’ existing onboarding process.
- The users’ data are now protected by a more secure authentication method. On top of that, nextAuth’s technology minimises the risk of unauthorised access, protects app-backend communication with an extra encryption layer and guarantees non-repudiation of all authentications.
- The nextAuth IdP and RESTful API enabled ACA IT and Alfapass to implement our software into their systems seamlessly and manage all authentication processes without friction.