Wrote doc.Mgr.Roman Jašek, Ph.D., Ing. Pavel Rosman Ph.D. – Fakulta managementu a ekonomiky UTB ve Zlíně, Ústav informatiky a statistiky, e-mail:
jasek@fame.utb.cz, rosman@fame.utb.cz

Jednotlivé univerzity v ČR jsou nuceny řešit způsob a formy vstupu do poslucháren, počítačových učeben, knihoven atp., vybavených nákladnými ICT. Řada z nich zvolila různé technologie pro identifikaci vstupu. Moderní forma vstupu pomocí ID karet. je dnes naprosto běžnou záležitostí. Existují však situace, kdy je nezbytné tuto přístupovou metodu ještě více modernizovat a přizpůsobit novým trendům. Příspěvek je zaměřen na racionalizaci systému elektronické registrace a identifikace učitelů a studentů UTB ve Zlíně a problémy při použití elektronických legitimací – ID karet. Největším problémem zdá se být zejména logistika, např. implementace elektronické registrace a identifikace osob do stávajícího IS univerzity a změny v současném vzdělávacím systému s následnými dopady v organizaci a obsahové náplni vzdělávání.

INTRODUCTION
Modern access form entrance by the help of ID cards into computerized schoolroom, bookcases and so on is today absolutely common business. Most universities in the Czech Republic chose different types of technology for ID cards and if the Universities want to have benefit from the latest technology, they have to develop a new information system or modify the present one. All Universities in Czech Republic switch from the old „paper“ registration system of students toward to use of electronic registration and identification. This is not only because of new law „The Higher education Act dictating that all Universities have to issue an ID card to every student (new law does not specify the type or structure and others details for ID card and the new low does not require electronic registration system). Most importunately, the universities themselves believe that the new electronic registration and identification system (ERI) will improve the present system and also hope that electronic system will bring new possibilities in future.Most universities in the Czech Republic chose different types of technology for ID cards and if the Universities want to have benefit from the latest technology, they have to develop a new information system or modify the present one. The development or modification is not the main problem. The IT departments of all universities have the potential to do it. The main problem is now in the organization structure and legislation. The Universities have a vast experience in how to use ID cards and electronic registration systems from libraries, hostels or refectory and sometimes the systems can be really complicated, but it is solvable. The use of electronic registration became a common standard and there is time to look for a new application in a different situation including education. 1. The process of electronic identification – present situationWe are not able to imagine the present education at University without the use of Internet and Intranet. Students use this service in classrooms, laboratories, libraries and now very often from home. They do not think about the cost of Internet, for them it looks like „free“,, but the cost of Internet and intranet is very important and not a small amount in university’s budget.

Therefore it is necessary for universities to restrict Internet access only for „real“ students (otherwise the universities would become the most popular Internet cafeterias). This, as we know, means that the University has to be in control of students’ accounts. Every single student has access to only precise selected services. The universities offer large spectrum of services (e.g. access to knowledge database, database of bibliographic citations, remote laboratories). The definition of services depends on the student course.
The process of identification could be split into the following three steps:

• The identification during the log in
• The possibility to validate identity of a logged-in student
• The identification during the log in

Present education routinely uses electronic documents exchange. All educators know the situation, when they receive an email from an address from which they are not able to recognize the name of the student, or they received only part of an email and students assert „I sent the whole document and a part was lost somewhere“. The delivery of a document after a given date can be also blamed on the server etc. Of course, it can always happen and every particular problem can be verified, but a lot of these examples can be easily solved by using an adequate technology.

One of them is a special chip card with implemented PKI (Public Key Infrastructure). PKI cards are chip cards, which use PKI certificate for authentication of users and data encryption. If the students use PKI card, documents created by students could have digital signature. The educators can identify the authenticity and integrity of documents. Integrity means the possibility to recognize data consistency. There is also a possibility to use date stamp and time stamp. The Universities offer students the possibilities to sign-on for exams through electronic forms (mostly web forms), but very often the system cannot guarantee, that the act is undeniable. This is not clear from legal point of view. Using digital signatures can easily solve the situation and PKI cards represent an elegant solution.The system ERI (electronic registration and identification) has to solve the problem, which is typical for all student registration offices and every time when it is necessary to search database of system ERI and find the data of a specific student. At first sight this problems does not look so important, but if the university has 40 000 students and the system ERI tries to find the name „Novak“ (common Czech name), the result of searching will bring more then one hundred students and who is the right one? It is necessary to put more specifiable personal data. It is much clear if the system searches for foreign students.

In the case of “face to face” courses, when the system ERI monitors also the attendance, the benefit of using PKI card is obvious. Electronic authentication has to be precise and quicker, but the problem is that the system authenticates the ID card and not the real person.

In the present we have three common possibilities, how to authenticate the real person:

• The person knows something unique (e.g. password, PIN, secret code …)
• The person owns something unique (e.g. chip card, medium with ID code …)
• The person has something unique (e.g. fingerprint, retina …)

Apparently there is no problem because of the above mentioned possibilities, but the real situation is different. There are also other conditions to be fulfilled:

• The person, who knows something unique, never discloses it to other person.
• The person, who owns something unique, never borrows this.
• The person, who has something unique, never uses it on behalf of another person.

The first three possibilities can be solved by technology, but not the last three ones (human behaviour). They are dependent on good will and respect of users. It is necessary to educate and motivate users. The simple principle is:

I observe the rules = I can use all the advantages. I do not observe the rules = I lost the advantage. The student will receive such advantages, that student will not want to share the advantages with others or student will be bound to use an ID card so often, and that there will be no chance to borrow it (we can see similarity with credit cards).

2. SECURITY OF WORKPLACE
Almost all departments are equipped with expensive hardware, which is very often located in public place. It is necessary to protect the equipment from possible theft or damage. Typical places are library, laboratory, reading room. Very often such places are equipped with CCTV (close circuit television), it is very useful to connect the CCTV to the system ERI. It can be achieved as follows:Access to network services• Phase of log in: The user logs in only by using password. In a better case, a user can be authenticated by other identification such ID cards or fingerprint. The whole system of authentication is easy to get around. The real person logs in and after he gives up to another person. The solution is clear. The authentication process is connected to CCTV. Both CCTV and ERI systems can communicate through protocol X10 (home automation protocol). The pictures can be saved just as log file.• The phase current: Is the same like the phase log in. The current pictures are saved. The sophisticated system can save only changes.• The phase log out: This phase is the same as the phase log in. The advantages of described methods are clear. The system has data on authentication and also detailed information about a given workstation.Record-keeping of attendanceThis problem can be solved again with the connection of both systems CCTV and ERI and following archive of all obtained data:Entrance – student is authorised by card and PIN and in the same time the CCTV saves his pictures. This method eliminates the situation, when the course is attended by a non enrolled student.Exit – if we won’t to be really precise, the same methods is used at the end of a lesson. This method eliminates the situation when student exits shortly after entrance. The problem is the same. The system ERI identifies the ID card and not the real person. If our task is to identify a real person, there is no other possibility, than the authentication by biometrics. Reliability of all these solutions depends on frequency of authentication procedures. But the amount of authentications can complicate the whole system and also the users are motivated to simplify the system or ticked the system.

The most widespread method how to connect an ID card to a real person card is using a PIN code. This method expects that the person memorizes the PIN, so that the ID card is securely connected to the real person. But one has to remember several PINs (credit cards mobiles software applications). Therefore many people use small paper notes with all the PINs. The PKI card can substitute this small paper, but the idea to unify all PINs decreases security, because once the PIN of the PKI card is known all PINs are known.
3. Identification at the TBU in Zlín

Tomas Bata University in Zlín is a top-quality educational, scientific and research institution, characterized by its very fast development, openness to the world, emphasis put on science and research and cooperation with institutions and enterprises. In the academic year 2006/07 10,158 students are studying at TBU. TBU was established on 1st January 2001 on the basis of the former Faculty of Technology, existing in Zlín since 1969 as a part of the Brno University of Technology and educating hundreds of specialists particularly for the rubber and plastics industries. The University was named after Tomas Bata (1876 – 1932), an ingenious entrepreneur and the founder of the shoemaking factory in Zlín, who became known all over the world.

Applicants for study can choose among the following four faculties and one institute: The technically oriented Faculty of Technology, the economically oriented Faculty of Management and Economics, and the only one of its kind in the Czech Republic – the Faculty of Multimedia Communications, which prepares professionals in the study programmes Visual Arts and Marketing Communications, or the Faculty of Applied Informatics. On 1st January 2007 the fifth faculty, the Faculty of Humanity Studies, will be opened. Since 2002 TBU has been a member of the EUA (European University Association) that involves 777 universities from 45 European countries. The membership enables the University to take part in all significant activities of the EUA supporting higher education in Europe, and thus present itself to the whole European academic community.

All TBU workplaces and a lot of Halls of Residence rooms are connected to the local computer network. This network is connected to the high-speed academic network CESNET 2 with the data rate 1 Gbit/s. This allows a quick access to electronic information from the whole world. Students and pedagogues can use computers in the Central Library study rooms (94 computers, 86 of them are connected to the internet). Furthermore, they can work with computers in the study room either in the U2 building, Mostní ulice or the U5 building, Jižní Svahy (35 computers). There is the computer room Nr. 212 (12 computers) available in the Faculty of Technology.

In the year 2006 it was been involved entering system into computer rooms in the U2 building. There are the PC´s rooms’ No. 505 and 509 (25 computers). The teachers, lecturers and students can enter using by ID cards. Than they can free enter into mentioned PC rooms and leave them (end of chairs between the doors). By the exit the computer room they have to door again block – to take ID cards onto outside card reader (to lock the door). Students shall on their cards only get out, so-called when they are inside there let work, they can ourselves be off and come into rooms, what’s room is lock-in. As far as yourself you will forget ID cards, than only lecturers will have to take up the keys onto the gatekeeper. By the outgoing of the PC rooms, you don’t have to lock up it and only close the door. As far as you will stay into computer room without ID cards or keys, you have to break through glass on the little box which is being the side the doors. There is the fuse, whose unblock sweep-up. Whole ID system is in phase of checking and pilot verification now.4. ConclusionThe problem of sharing of the ID cards or PINs can be solved by sophisticated technology like chip card with asymmetric cryptography. There is a new and rapidly developing biometric. These technologies are still rather expensive, but the price will decrease progressively with a more common and widespread use. One of common methods is the use of a fingerprint reader. The price of the fingerprint reader is similar to a chip card reader. The inspiration can be found at some German Universities, which use combination of fingerprint reader and chip cards with memory. The data on the fingerprint are saved in the memory of a chip card during authentication (student puts the finger in the reader and the reader reads the fingerprint and also the chip card). The fingerprint is compared with data on fingerprint from the card memory. It means that the person and ID cards are presented during authentication. The advantage of this method is clear, the process of comparison of two fingerprints runs only in reader and there is no need to upgrade of the present system ERI. Of course the price of these special readers is a bit higher, but the benefit is obvious. The present system does not have to be changed. These special readers can be used only when it is necessary to positively authenticate the real person, not to authenticate the ID card.