[CSG Fall 2008] Evolution of ID Cards, Physical Access Control & Two-Factor Auth Deployments


Paul Hill – MIT

At one school a student was duplicating cards including mag stripes, which allowed purchasing. Under state laws that was considered a credit card breach, so had to notify effected parties.

Other issues that have arisen: Vendors accepting cards – point of sales terminals display remaining balance on cards, showing to clerk, the purchaser, and all the other people in line.

At one school a student project revealed security flaws in the transit pass card system while the school was working with the transit system to use campus ID cards as transit passes – the transit system then declined to continue working with the school.

Bill, from Georgetown – at Georgetown security controls and access systems are now under control of IT department, consolidated from multiple departments around campus.

From survey – everyone is centralizing card systems. Some have multiple places issuing cards, e.g. the library.

At MIT they’re loading all the pictures from ID Cards into the data warehouse, but there are lots of rules around who can access them. At UCSD all faculty can have access to (all) student pictures, and get them on class lists. Most places allow faculty access to photos of students in their classes. At Princeton students provide their own photo, and they can opt-out of publishing the photo. At Stanford there’s almost no opt-out. Klara notes that at Duke as they make the pictures more available they’re starting to see more requests for vanity photos.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s