[unisog] token based access (WAS: Re: [unisog] VPN Protection
of Wireless Networks)
Paul L Schmehl
pauls at utdallas.edu
Tue Dec 18 01:17:37 GMT 2001
Our cards have a chip and a mag stripe. You can store "money" on the
cards, so they can be used in vending machines, to open the gates in
restricted parking lots, to open doors in restricted areas, to be part of
an authentication scheme, etc.
Right now we're using them for parking lots, vending machines and like a
debit card in the Comet Cafe (Pizza Hut, Subway, etc.). The future plan is
to use them with card readers as part of the authentication process and
replace our present keycard entry system with them. For authentication,
you'd swipe the card and then put in your id and pass to get in.
Peter is right. They are not cheap. But UT System mandated them, so we
had no choice. I don't know the exact numbers, but it was well into the
six figure range.
We also had to create a SmartCard department, complete with a manager and
one employee (12,000 students, 2000 staff/fac). And our network admins
spent significant time helping that department set up their servers,
because they had no technical expertise.
There aren't any batteries in these cards. Just a programmable chip with
your ISO ID in it.
--On Monday, December 17, 2001 10:25 AM -0800 Peter Van Epp <vanepp at sfu.ca>
> While it has been a number of years since I lasted pushed at this issue,
> I expect at least some of the issues are the same. Here are the notable
> ones that I remember:
> 1) The cards cost money (around $50 Candian at the point I looked,
> perhaps cheaper now). With ~ 20,000 accounts we are talking a lot of
> capital (and note item 2!). Being a public University charging for
> them was likely going to be a political problem so the money had to
> come from the house not user charging (your milage may vary of course).
> 2) The cards batteries only last for a couple of years and then they need
> to be replaced (the card, not the battery!). On going capital expense.
> 3) Card administration looked to be a fair amount of work (and expense)
> that needed to be factored in.
> 4) There was a student smart card initiative for campus charging (food,
> vending machines, copy machines) and identification (the library and
> registrar) going and I was pointing them at crypto type smart cards to
> piggy back on their plan, but it fizzled (and they weren't receptive
> to crypto cards anyway having enough troubles of their own). The need
> for card readers was going to be an issue here as well.
> 5) all your hosts / authentication mechanisms will need to be modified to
> accept the cards. Again this is an ongoing workload that needs to be
> remembered and funded.
> There are probably more I haven't remembered but, points 1 and 2 are
> likely the most exciting. Of course technology may have improved over the
> years as well.
> One cheap alternative perhaps worth mentioning is Microchip Ibuttons.
> The buttons themselves are passive (no battery) and something like $2 US
> a piece (see item 1 again :-)). The downside (other than they wouldn't
> talk to me or sell me a sample :-)) is that they need a $15 US reader on
> any machine that used them (but thats still cheaper than $50 per card /
> per user / per 2 years). The readers are on a serial port so securing it
> so students couldn't MTM, steal or otherwise abuse or defeat it was
> going to be exciting but is probably possible. Modems and remote access
> in general are going to be a problem with this scheme (no Ibutton
> reader) but something like Skey or OPIE would be an alternative there.
> Peter Van Epp / Operations and Technical Support
> Simon Fraser University, Burnaby, B.C. Canada
Paul L. Schmehl, pauls at utdallas.edu
Supervisor, Support Services
The University of Texas at Dallas
AVIEN Founding Member
More information about the unisog