Identity Management and Smart Cards

1
Identity Management and Smart Cards

• Sinead OGeran
• UCC

2
Agenda

• Identity Management in UCC
• UCC Direct Student Portal
• UCC Smart Card
• Implementing an Integrated Access Control System

3
Identity Management (IdM)

• Two perspectives in IdM
• The User Access (Log-on) Paradigm
• Manages user authentication, access rights,
  access restrictions, account profiles, and
  passwords e.g. smart cards
• The Service Paradigm
• Manages all resources used to deliver online
  services, i.e. devices, network equipment,
  servers, portals, content, applications, and
  products as well as users credentials, address
  books, preferences, entitlements and telephone
  numbers
• UCC is trying to achieve identity coherence in
  order to deliver unified services to large
  numbers of users on demand

4
Identity Management (IdM)
OID
Applications Servers
5
Identity Management (IdM)

• UCC Directory Project
• Directory Project currently being scoped
• Aim of Project is to provide a single, scalable
  application-independent directory, initially for
  the Computer Centre and ultimately for UCC, in
  place of existing application-specific
  directories.
• The directory may be a logical metadirectory
  synchronizing multiple physical directories.
• To provide an authoritative source for identity
  management in UCC.

6
UCC Direct - Student Portal

• UCC Direct - Student Portal
• Developed in Oracle Portal
• Using Single Sign On (SSO) Technology to connect
  to external applications
• Student Records System
• Student E-Mail System
• Using Oracle Internet Directory
• Populated nightly from Student Records System
  (ITS)
• Student number and PIN updates
• New students added nightly
• Integrated with Student IT Web Page

7
UCC Direct
8
UCC Direct
9
Smart Cards

• A smart card is defined as any pocket-sized
  card with embedded integrated circuits, typically
  credit card size
• Types of Smart Card
• Contact Smart Cards
• Contactless Smart Card, Radio Frequency
  Identification (RFID)

10
Smart Cards

• Contact Smart Card
• Contains a small gold chip about ½ inch in
  diameter on the front of the card.
• When inserted into a reader, the chip makes
  contact with electrical connectors that can read
  information from the chip and write information
  back.
• The cards do not contain batteries energy is
  supplied by the card reader.

11
Smart Cards

• Contactless Smart Card
• Chip communicates with the card reader through
  RFID induction technology.
• These cards require only close proximity to an
  antenna to complete transaction.
• They are often used when transactions must be
  processed quickly or hands-free.
• UCC selected the contactless 1K Mifare type A
  chip with a passive RFID tag

12
Radio Frequency Identification (RFID)

• Is an automatic identification method, relying on
  storing and remotely retrieving data using
  devices called RFID tags or transponders
• Chip-based RFID tags contain silicon chips and
  antennae
• Passive tags require no internal power source,
  whereas active tags require a power source
• The minute electrical current induced in the
  antenna by the incoming radio frequency signal
  provides just enough power for the CMOS
  integrated circuit in the tag to power up and
  transmit a response

13
Access Control Project Background

• Opening Doors in UCC
• New HR Information System implemented in 2003
  (HRIS)
• Access Control Module
• Computer Centre Piloted Integrated Access Control
  system
• Integration of Student Records System (ITS) and
  HRIS Dynamic Link
• Proof of Concept - Successful - Ready to Roll
  Out

14
Scope of Project
15
Key Project Deliverables
16
Project Stake Holders
Project Sponsor
17
Project Summary WBS
18
Project Timescale
19
Multiple Systems and Cards
20
Multiple Systems and Cards
21
New ID Card

• ID Cards - Multi Functional
• Bar Code
• Used by Library for Book Circulation
• Magnetic Strip
• Used for Access Control and Photocopying
• Smart Card Chip
• Access Control and other applications

22
How it all works!
23
Project Challenges

• UCC Project Management environment
• Departments are autonomous entities
• Lack of control on scope changes
• Internal UCC Communications
• IR Issues on Departmental Roll -Out

24
Project Challenges

• New Cards had to meet College wide requirements
  and be both backward and forward compatible
• Initial formal contracts for the software and
  hardware for this project are all with one vendor
• After hours support
• No central card office

25
Key Achievements

• Successful Identity Management of students access
  rights to UCC buildings that can be audited and
  tracked.
• Online realtime integration with student and
  staff systems
• Suite of online integrated reports
• Gold Plating
• Proximity and smart card technology introduced
  together

26
Introduction of one UCC ID card
Key Achievements
27
Introduction of one preferred Access Control
System
Key Achievements
28
Future Project Objectives
Platform provided for future smart card
applications

• Smart Card Technology
• Cashless Campus
• Vending and catering
• printing and photocopying
• car parking
• registration fees and library fines

29
Future Project Objectives
Platform provided for future smart card
applications

• Smart Card Technology
• Lecture attendance recording
• Examination attendance recording
• Biometric access controlled areas

30
Questions?
31
Additional Information
32
HRIS System Architecture
33
http//depthris.ucc.ie
34
Roll out of Access Control in UCC

• Departments using Core AC currently Local
  Admin
• Brookfield Library students and staff
• Boole Library students and staff (March 20th
  2007)
• Computer Centre staff only
• Dental Hospital staff only (Time Recording
  using TA)
• Department of Accounting students and staff
• Department of Speech and Hearing Sciences
  students and staff
• School of Clinical Therapies students and staff
• School of Medicine students and staff
• School of Nursing and Midwifery students and
  staff
• Mardyke Arena students only
• Department of Food Business students and staff

35
CC Administration Role on Access Control

• User Management
• Zone Management
• Data integration with the Student Record system
• Recommend hardware configuration
• Software/hardware configuration and testing
• Liaise with Core and Time and Data
• User Training
• Support for Local Administrators
• Support for out of office hours

36
Departmental Rollout Template

• Computer Centre meets and requests a quote from
• Time and Data for hardware
• Buildings and Estates for cabling and related
  costs
• Department make decision on purchase of system
• Meeting with Department, CC and Buildings and
  Estates
• Agree timescale for installation of system
• Obtain purchase order for hardware
• Obtain purchase order for cabling and related
  costs
• Organise user training
• Implement system for department