[unisog] token based access (WAS: Re: [unisog] VPN Protection of Wireless Networks)

Patrick O'Callaghan poc at usb.ve
Tue Dec 18 13:18:55 GMT 2001


On Mon, 2001-12-17 at 21:17, Paul L Schmehl wrote:
> Our cards have a chip and a mag stripe.  You can store "money" on the 
> cards, so they can be used in vending machines, to open the gates in 
> restricted parking lots, to open doors in restricted areas, to be part of 
> an authentication scheme, etc.
> 
> Right now we're using them for parking lots, vending machines and like a 
> debit card in the Comet Cafe (Pizza Hut, Subway, etc.).  The future plan is 
> to use them with card readers as part of the authentication process and 
> replace our present keycard entry system with them.  For authentication, 
> you'd swipe the card and then put in your id and pass to get in.
> 
> Peter is right.  They are not cheap.  But UT System mandated them, so we 
> had no choice.  I don't know the exact numbers, but it was well into the 
> six figure range.
> 
> We also had to create a SmartCard department, complete with a manager and 
> one employee (12,000 students, 2000 staff/fac).  And our network admins 
> spent significant time helping that department set up their servers, 
> because they had no technical expertise.
> 
> There aren't any batteries in these cards.  Just a programmable chip with 
> your ISO ID in it.

We recently changed our ID card system to Multos smartcards made by
Gemplus (a local bank covered much of the cost because they wanted to
promote their electronic purse, which is Mondex BTW). We were keen on
using them as tokens for online access but it turned out the ones we got
are not really suitable; for example we can't access the on-card crypto
functions so they're no use for storing certificates. Other cards do
allow this stuff, so go in with your eyes open (we were blinded by the
prospect of saving lots of money, and by the fact that none of us knew
enough about the differences between various cards at the time). Note
that if your card can hold money, the banks seem to get nervous about
allowing just anyone to program them, even though Multos is supposed to
keep applications separate. YMMV of course.

For those interested, there's a lively mailing list on using smartcards
under Linux (most development environments are for Windows). You can
subscribe by sending:

	subscribe sclinux

in the body of a message to <Majordomo at linuxnet.com>

poc



More information about the unisog mailing list