Transcript Utilising City Card on the Campus

AEB/Yleisesittely
7/18/2015
Utilising City Card on the Campus
TNC 2004, Rhodes
7th of June, 2004
Mikael Linden, [email protected]
Petteri Jekunen, [email protected]
AEB/Yleisesittely
7/18/2015
Tampere polytechnic
• a medium-sized polytechnic in Finland
– 5000 students, 600 staff members
• belongs to the city of Tampere
• IT infrastructure maintained centrally by the computer center
• user administration done centrally in cc
– LDAP enterprise directory
– one username/password for most of the services
– automatic account creation, maintenance and closing based on
the student registry
AEB/Yleisesittely
7/18/2015
Where we started in Tampere Polytechnic (TP)
• TP willing to start using PKI/token based user authentication
• people already carrying several cards in their wallet
– let’s not introduce a new one
 multi-application smart card, integrating services on a single
card
• smart card readers installed to workstations in TP
– 700/1200 workstations in computer classes
– 100/650 workstations for staff use
AEB/Yleisesittely
7/18/2015
eTampere card – a card for local residents
•part of the eTampere programme (2001-2005)
– a collaboration project of research&education,
business, organizations and communities
•eTampere card pilot 2003-2004
– city of Tampere provided 5000 cards to local residents
– 3500 of the card were given to students in TP
•computer-skilled people with good facilities and large number
of network services in the school and at home
 card penetration reached 80 % among active students in TP
•basic idea: services provided by public and private organisations on a
single card
AEB/Yleisesittely
7/18/2015
Services available for cardholders in TP in the pilot
Services by the city of Tampere
• payments in public transportation and swimming halls
• electronic services (requiring authentication) on the web
Services provided by Tampere Polytechnic
• workstation logon (Windows 2000)
• signing (and circulating) an application for ”overtime”
– for students that are not able to graduate in 4 years
Services provided by TP’s privately operated student restaurant
• paying student lunch
Services provided by Student union of TP
• voting in the election of the student union’s council
AEB/Yleisesittely
7/18/2015
eTampere pilot card’s technology
• a hybrid card: two separate chips in the same piece of plastic
– contactless (Mifare) chip: electronic purse for payments
(busses, swimming hall, student restaurant)
– chip with contacts (ISO 7816): personal certificates
• about the PKI in use
– certificates signed by Sonera (a Finnish-Swedish teleoperator)
– two separate certificates: authentication, non-repudiation
– unique identifier of a user: EETU, a unique number assigned by
the city of Tampere
– for W2k logon at TP an extra certificate was added to the card
• CA: computer center of TP
• binds the W2k username to the public key
AEB/Yleisesittely
7/18/2015
User experiences of the card
A web survey (n=699) made to cardholders 1-2 months after getting the
card
What property do you consider important?
Library card
94 %
Car parking fees
83 %
Passage card in the school
80 %
E-purse (lunch, shops…)
76 %
Ticketing (concerts, ice hockey…)
73 %
Voting in the net
68 %
Bonys/loyalty programs
63 %
Passage card in municipal services (sports hall…)
60 %
Strong network authentication
56 %
Telephone card
38 %
=> for an end user security (AuthN) is not very interesting
AEB/Yleisesittely
7/18/2015
From pilot to production: experiences/challenges
For the city of Tampere
• certificates are expensive but not used very much
– not easy to find a business model that makes them fly
• integrating to municipal libraries (library card)
• dual-interface card?
For Tampere Polytechnic
• problems mostly non-technical
• usage of the certificates is still too narrow, should be extended to
make it more usable (web authN, SSH connections, VPN etc)