520 likes | 899 Views
香港中文大學圖書館系統 University Library System. The Chinese University of Hong Kong. Use of Smart Card and Patron API in CUHK Libraries. Paul Lau Ernest Yik Kevin Leung. Dec 10, 2001. A story about how Grace uses our library services. University Library. Turnstile. CU Link Card. Turnstile.
E N D
香港中文大學圖書館系統 University Library System The Chinese University of Hong Kong Use of Smart Card and Patron API in CUHK Libraries Paul Lau Ernest Yik Kevin Leung Dec 10, 2001
Use of Smart Card • Turnstile • PC Logon • Add-value Machine • Check-out
Use of Patron API • PC Logon • Add-value Machine • Library Proxy
Family of Smart Card in CUHK Libraries • CU Link Card • Alumni Card • Faculty Copying Card • Copying/Printing Card
CU Link • CUHK and Hang Seng Bank jointly launch the CU Link as the university identity card starting from the academic year 1999-2000.
CU Link • CU Link is designed to be an all-in-one-card for • identification • access control • Mondex stored-value • ATM banking transactions
CU Link • The card contains two machine-readable elements: • a microprocessor chip for storing personal information and supporting Mondex, and • a magnetic stripe for ATM access.
Library Smart Card Microprocessor Card with 2K memory Multi-application card for payment and identification Secure transaction management for e-purse application
What is Patron API? • Offer patron information and PIN verification • Based on HTTP / HTML • Limit network access by host / IP
PatronAPI request & reply (1) • Request patron information : http://opac.host:4500/PATRONAPI/991234/dump • Reply : <HTML><BODY> P TYPE[p47]=1<BR> CUR CHKOUT[p50]=2<BR> BORROW ID[pb]=991234<BR> </BODY></HTML> • or "Requested record not found"
PatronAPI request & reply (2) • PIN verification : http://host:4500/PATRONAPI/991234/MYPIN/pintest • Reply : <HTML><BODY> RETCOD=0<BR> </BODY></HTML> • or "Invalid patron PIN", "Requested record not found"
Library Proxy • For off-campus access to electronic resources • Squid web proxy cache • Authentication : Patron API + authentication program
PatronAPI and authentication • Gateway between application & Patron API • Retrieve patron record from Patron API • Check block status, exp date, patron type and PIN (including records without PIN) • Reply to application
Authentication program • A small Perl script • Works with Squid & Apache Server • for Squid : read one line "USERNAME PASSWORD", output "OK" or "ERR" • for Apache : read two lines "USERNAME" and "PASSWORD", exit(0) or exit(1)
Smart Card logon system in C.U.H.K. • There are four main elements • Smart Card • Smart Card logon client • Smart Card logon server • Innopac Server with Patron API.
Why Smart Card ? • Hardware token to improve the security level • E-purse application for network printing.
Why Patron API ? • Single Point of patron authorization • Reduces the cost of user account management • Single account & password
Smart card logon system without logon server • User insert his library smart card to the public PC • Type in his password • User information “http://Innopac.cuhk.edu.hk/logon%myusername@mypassword” sent to the Patron API server • Patron API server reply to the public PC
Problems • Unencrypted user name & password are transmitted over the network. • All the smart card logon PC can get the access ‘dump’ function in Patron API
Smart card logon system with logon server • User insert his library smart card to the public PC • Type in his password • Encrypted user information “http://logon.cuhk.edu.hk/logon%546864678$@56569009gh” sent to the logon server • Logon server decrypted the user information and sent it to the Patron API server. • Logon server redirect the Patron API reply to the public PC
Problem solved • Encrypted the user name and password before transmitted over the network • Only the Logon Server can access the Patron API functions.
Business logic and rules • Example : supports different kind of Library smart card logon • Normal user (CULink card or library card holder) • Smart Card + Password • Department user (Department Card holder) • Smart Card only • Any User with Printing/Copying card • Smart Card + Borrower id + Password
Audit Trail • Monthly Report
Others.. • Server redundancy and load balancing. • Replaceable authentication modules. • More ..
Summary - Patron API • Single Point of patron authorization • Single account & password in library • Simplifies the implementation and management in the authentication for other library applications and workstations. • Reduces the cost of managing those user account.