[unisog] token based access (WAS: Re: [unisog] VPN Protection of Wireless Networks)

Paul L Schmehl pauls at utdallas.edu
Tue Dec 18 01:17:37 GMT 2001

Our cards have a chip and a mag stripe.  You can store "money" on the 
cards, so they can be used in vending machines, to open the gates in 
restricted parking lots, to open doors in restricted areas, to be part of 
an authentication scheme, etc.

Right now we're using them for parking lots, vending machines and like a 
debit card in the Comet Cafe (Pizza Hut, Subway, etc.).  The future plan is 
to use them with card readers as part of the authentication process and 
replace our present keycard entry system with them.  For authentication, 
you'd swipe the card and then put in your id and pass to get in.

Peter is right.  They are not cheap.  But UT System mandated them, so we 
had no choice.  I don't know the exact numbers, but it was well into the 
six figure range.

We also had to create a SmartCard department, complete with a manager and 
one employee (12,000 students, 2000 staff/fac).  And our network admins 
spent significant time helping that department set up their servers, 
because they had no technical expertise.

There aren't any batteries in these cards.  Just a programmable chip with 
your ISO ID in it.

--On Monday, December 17, 2001 10:25 AM -0800 Peter Van Epp <vanepp at sfu.ca> 

> 	While it has been a number of years since I lasted pushed at this issue,
> I expect at least some of the issues are the same. Here are the notable
> ones that I remember:
> 1) The cards cost money (around $50 Candian at the point I looked,
> perhaps     cheaper now). With ~ 20,000 accounts we are talking a lot of
> capital (and    note item 2!). Being a public University charging for
> them was likely going    to be a political problem so the money had to
> come from the house not user    charging (your milage may vary of course).
> 2) The cards batteries only last for a couple of years and then they need
> to     be replaced (the card, not the battery!). On going capital expense.
> 3) Card administration looked to be a fair amount of work (and expense)
> that    needed to be factored in.
> 4) There was a student smart card initiative for campus charging (food,
> vending    machines, copy machines) and identification (the library and
> registrar)    going and I was pointing them at crypto type smart cards to
> piggy back on    their plan, but it fizzled (and they weren't receptive
> to crypto cards     anyway having enough troubles of their own). The need
> for card readers was    going to be an issue here as well.
> 5) all your hosts / authentication mechanisms will need to be modified to
> accept    the cards. Again this is an ongoing workload that needs to be
> remembered and    funded.
> 	There are probably more I haven't remembered but, points 1 and 2 are
> likely the most exciting. Of course technology may have improved over the
> years as well.
> 	One cheap alternative perhaps worth mentioning is Microchip Ibuttons.
> The buttons themselves are passive (no battery) and something like $2 US
> a  piece (see item 1 again :-)). The downside (other than they wouldn't
> talk to me  or sell me a sample :-)) is that they need a $15 US reader on
> any machine that used them (but thats still cheaper than $50 per card /
> per user / per 2  years). The readers are on a serial port so securing it
> so students couldn't  MTM, steal or otherwise abuse or defeat it was
> going to be exciting but is  probably possible. Modems and remote access
> in general are going to be a  problem with this scheme (no Ibutton
> reader) but something like Skey or OPIE would be an alternative there.
> Peter Van Epp / Operations and Technical Support
> Simon Fraser University, Burnaby, B.C. Canada

Paul L. Schmehl, pauls at utdallas.edu
Supervisor, Support Services
The University of Texas at Dallas
AVIEN Founding Member

More information about the unisog mailing list