Walk through any hospital. Glance at the workstation behind the nurses' station, the one on the medication trolley, the one in the doctor's room with three people queued behind it. The screen is unlocked. The session belongs to whoever logged in at the start of the shift, possibly hours ago, possibly to a different person on a different shift who never logged off.

Everyone in IT knows this is wrong. Compliance knows. The CISO knows. The auditors know. And yet the unlocked PC is the dominant operating mode in healthcare, because the cost of locking it (in user friction) has always been higher than the perceived cost of leaving it open.

Until now.

The reason medical workstations stay unlocked is not negligence. It is arithmetic. A nurse hits a workstation thirty to forty times in a twelve-hour shift. If each login costs at least thirty seconds (at best!), that is fifteen to thirty minutes of unproductive standing per shift, per nurse, per workstation. Multiplied across a ward, that is hours. Multiplied across a hospital, it is full-time equivalents. Nobody can defend that math at a budget meeting, so the practical compromise has always been the same: log in once at the start of the shift, leave the workstation open, hope for the best.

Every authentication option offered to healthcare has crashed against this constraint:

• Passwords: too slow to type, too many to remember, shared on sticky notes within the first week.
• Smart cards: better, but require inserting, removing, and carrying a card that is easily lost or forgotten in a reader. PIN entry adds seconds to every login.
• Windows Hello for Business: designed for personal devices. The PIN and biometric are bound to a specific user on a specific machine. Shared workstations are not its problem to solve.
• Existing "tap-and-go" overlays: most replay a stored password under the hood. Audit logs see one user. Real authentication did not happen. Security theatre that auditors are increasingly unwilling to accept.

What healthcare needed was a credential that the user already carries, that produces an AD logon in under two seconds, and that does not collapse into a shared password somewhere in the chain. For a long time, that combination did not exist.

The badge a hospital employee already carries (the NFC card that opens the door to the staff lounge, releases their print job, charges their canteen meal) becomes their Active Directory credential. One tap. Sub-two-second logon. The previous user's session locks. The new user's session resumes or starts. No password is entered. No password exists.

What makes this possible is the credential model. When a user taps their badge against a reader on the workstation, SystoLOCK brokers an authentication request that ends with a short-lived X.509 certificate issued specifically for that session. Active Directory validates that certificate the same way it would validate a smart-card certificate, through PKINIT. The user is logged in. The certificate expires shortly afterwards. There is no password to phish, replay, share, or write on a sticky note, because the protocol does not use one.

The badge itself does not need to change. SystoLOCK reads the existing card data from the same NFC chips that the access-control system already uses. No re-issuance, no parallel infrastructure, no second card to lose. The hospital's investment in physical-access badges, often a six- or seven-figure programme, is reused as the identity factor for AD.

Active Directory authenticates with Kerberos. Kerberos was designed in the 1980s for passwords and later extended for smart cards via PKINIT. There is no native way for AD to accept "this person tapped a badge on a reader" as a logon credential. Every vendor who built a tap-and-go product before SystoLOCK had to bridge that gap somehow, and the bridge was almost always the same: store the user's password in a vault, retrieve it on tap, replay it to the workstation. Functionally, it worked. Securely, it did not. The password still existed. The vault was a target. Auditors saw a user "typing" a password every time the badge touched a reader and asked uncomfortable questions.

The SystoLOCK approach removes the password from the chain entirely. The badge tap triggers a certificate issuance, and the certificate is what authenticates to AD. There is no vault, no password, no replay. The credential the user presents (a badge they already carry) is structurally different from the credential AD verifies (a fresh certificate), but the cryptographic linkage between them is sound and the user experience is one tap.

This was an engineering problem that took years to solve cleanly. SystoLOCK's core approach was patented in 2017 and has been in production with paying customers since 2021.

The interesting part is what happens to operational policy once tap-and-go actually works.

The lock screen becomes deployable. The inactivity timeout on every clinical workstation can be set to two or three minutes without prompting a revolt, because the cost of unlocking is one tap. The default screensaver-lock policy that GPO has been offering since 2003 finally has a tap-and-go partner that makes it tolerable in production.

Audit logs become useful. Every session has a real, individually-attributable AD user behind it. The Windows event log, the EHR application log, and the physical-access log all reference the same identity. Incident response can answer "who viewed this patient's record at 03:14?" with a name rather than "the ward3 account", because SystoLOCK also supports functional accounts.

Compliance narratives stop being aspirational. Every framework that touches healthcare authentication (NIS2, GDPR, the country-specific patient-data laws across the EU, the KRITIS-Dachgesetz in Germany) assumes that personal authentication is the default. For two decades, that assumption was politely ignored on the ward floor. With tap-and-go that actually works, the assumption becomes operational reality.

A nurse approaches the medication trolley. The screen is locked, showing the SystoLOCK prompt. They tap their badge against the reader on the trolley. Within two seconds, the session is on screen, ready, with their EHR open at the patient they was last reviewing. They chart what they need to chart. they walk away. After two minutes, the screen locks. Three minutes later, a different nurse on the same shift taps their badge against the same reader. Their session appears, separate and personal. The previous nurse's session is preserved in the background, locked, attributable to them in any audit query. Or, if so configured, the previous session is logged out.

The workstation has had ten different users in the last hour. The lock screen has been active between every pair of them. Nobody types a password. Nobody loses a smart card. Nobody is queueing.

That is what SystoLOCK does. The badge in the pocket already paid for itself once at the door. It is paying for itself a second time at the workstation.