1 / 49

香港中文大學圖書館系統 University Library System

香港中文大學圖書館系統 University Library System. The Chinese University of Hong Kong. Use of Smart Card and Patron API in CUHK Libraries. Paul Lau Ernest Yik Kevin Leung. Dec 10, 2001. A story about how Grace uses our library services. University Library. Turnstile. CU Link Card. Turnstile.

senta
Download Presentation

香港中文大學圖書館系統 University Library System

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 香港中文大學圖書館系統 University Library System The Chinese University of Hong Kong Use of Smart Card and Patron API in CUHK Libraries Paul Lau Ernest Yik Kevin Leung Dec 10, 2001

  2. A story about how Grace uses our library services

  3. University Library

  4. Turnstile

  5. CU Link Card

  6. Turnstile

  7. PC Logon

  8. PC

  9. AVM

  10. Photocopy Card

  11. AVM

  12. Check Out

  13. Check Out

  14. Library Proxy

  15. How we use Smart Card?

  16. Use of Smart Card • Turnstile • PC Logon • Add-value Machine • Check-out

  17. How we use Patron API?

  18. Use of Patron API • PC Logon • Add-value Machine • Library Proxy

  19. Smart Card in CUHK Libraries

  20. Family of Smart Card in CUHK Libraries • CU Link Card • Alumni Card • Faculty Copying Card • Copying/Printing Card

  21. CU Link • CUHK and Hang Seng Bank jointly launch the CU Link as the university identity card starting from the academic year 1999-2000.

  22. CU Link • CU Link is designed to be an all-in-one-card for • identification • access control • Mondex stored-value • ATM banking transactions

  23. CU Link • The card contains two machine-readable elements: • a microprocessor chip for storing personal information and supporting Mondex, and • a magnetic stripe for ATM access.

  24. Library Smart Card Microprocessor Card with 2K memory Multi-application card for payment and identification Secure transaction management for e-purse application

  25. What is Patron API? • Offer patron information and PIN verification • Based on HTTP / HTML • Limit network access by host / IP

  26. PatronAPI request & reply (1) • Request patron information : http://opac.host:4500/PATRONAPI/991234/dump • Reply : <HTML><BODY> P TYPE[p47]=1<BR> CUR CHKOUT[p50]=2<BR> BORROW ID[pb]=991234<BR> </BODY></HTML> • or "Requested record not found"

  27. PatronAPI request & reply (2) • PIN verification : http://host:4500/PATRONAPI/991234/MYPIN/pintest • Reply : <HTML><BODY> RETCOD=0<BR> </BODY></HTML> • or "Invalid patron PIN", "Requested record not found"

  28. Library Proxy • For off-campus access to electronic resources • Squid web proxy cache • Authentication : Patron API + authentication program

  29. PatronAPI and authentication • Gateway between application & Patron API • Retrieve patron record from Patron API • Check block status, exp date, patron type and PIN (including records without PIN) • Reply to application

  30. Authentication program • A small Perl script • Works with Squid & Apache Server • for Squid : read one line "USERNAME PASSWORD", output "OK" or "ERR" • for Apache : read two lines "USERNAME" and "PASSWORD", exit(0) or exit(1)

  31. Smart Card logon system in C.U.H.K. • There are four main elements • Smart Card • Smart Card logon client • Smart Card logon server • Innopac Server with Patron API.

  32. Why Smart Card ? • Hardware token to improve the security level • E-purse application for network printing.

  33. Why Patron API ? • Single Point of patron authorization • Reduces the cost of user account management • Single account & password

  34. Why smart card logon server ?

  35. Smart card logon system without logon server • User insert his library smart card to the public PC • Type in his password • User information “http://Innopac.cuhk.edu.hk/logon%myusername@mypassword” sent to the Patron API server • Patron API server reply to the public PC

  36. Problems • Unencrypted user name & password are transmitted over the network. • All the smart card logon PC can get the access ‘dump’ function in Patron API

  37. How CUHK solve the problems?

  38. Smart card logon system with logon server • User insert his library smart card to the public PC • Type in his password • Encrypted user information “http://logon.cuhk.edu.hk/logon%546864678$@56569009gh” sent to the logon server • Logon server decrypted the user information and sent it to the Patron API server. • Logon server redirect the Patron API reply to the public PC

  39. Problem solved • Encrypted the user name and password before transmitted over the network • Only the Logon Server can access the Patron API functions.

  40. More..

  41. Business logic and rules • Example : supports different kind of Library smart card logon • Normal user (CULink card or library card holder) • Smart Card + Password • Department user (Department Card holder) • Smart Card only • Any User with Printing/Copying card • Smart Card + Borrower id + Password

  42. Audit Trail • Monthly Report

  43. Others.. • Server redundancy and load balancing. • Replaceable authentication modules. • More ..

  44. Summary - Patron API • Single Point of patron authorization • Single account & password in library • Simplifies the implementation and management in the authentication for other library applications and workstations. • Reduces the cost of managing those user account.

  45. Thank You

More Related