Information Systems Department of Shibaura Institute of Technology
Authentication system that can use multiple authentication factors and can stand a situation that many students log in at once
We adopted the method net booting the terminal instead of using the terminal service and updated the system in April 2011. Since our fingerprint authentication system of other company that we employed at that time did not support Windows 7, we introduced EVE MA as a new authentication system.
Our institute has about 8000 students and about 900 faculty members. Although use of fingerprint authentication by students is optional, we need to reduce the users who cannot use the authentication system as much as possible. EVE MA capable of selecting multiple authentication factors, such as fingerprint authentication and IC card authentication matched our needs.
Unlike use in a company, students log in the terminal at once at the start of class in the university. At that time, the authentication server suffers a large load. Since students cannot login and the class cannot start as well in case of the time-consuming authentication, we wanted a system capable of withstanding the authentication requests coming at a time.
We have experience in operating a fingerprint authentication system, so we recognized that the authentication accuracy can be improved by improving quality of the registered data. Therefore, we requested to DDS to provide modification that the video lecture of registration method is embedded to the finger print registration utility so that the user can see the optimal way for sliding fingers visually. Furthermore, we could improve the quality of the registered data by applying the method where a password with expiration is issued so that the user can register fingerprint slowly at the seat instead of quick registration of fingerprints within a short period.
Customization for sharing the authentication information in different domains
We wanted to integrate the authentication method among different systems. Since there is personal information, such as student performance on the system for faculty members, the domain for students is separated from the domain for faculty member from the security viewpoint.
In the previous system, since the domain for logging in fingerprint authentication was limited to only one, there was a drawback that the faculty member could not access by fingerprint authentication to the education and research-based terminals in the classroom. The personnel and students use either one of the systems, while faculty uses both systems. As a measure for information leakage of the university, there was a policy that it is permitted to refer to the student information with the terminals beloningg to the clerical domain only. Thus the faculty needed to use different domains of clerical and research-based separately.
Therefore, we requested DDS to add a function for sharing the authentication information among these domains, and the function was then added to EVE MA, and then the authentication information can be shared. As a result, the faculty can log in to both systems with the same authentication method, and we realize that the integration of the authentication could have been materialized in the true sense.
Furthermore, data migration from the existing database of student information and personnel information to EVE MA is also automated. If a user account of a student or a faculty member is newly registered, it will automatically be reflected to the user information on EVE MA. By adopting EVE MA, a period for registering the user information has been reduced and we are helped very much.
As maintaining the security, the number of terminal will be reduced to save the cost in future
We intend to integrate the identification of the faculty and the one-time password card in future. By operating this way, the unified certificate issuing work will be materialized and the security will improve more.
Furthermore, although individual terminals are required for each staff, it is not necessary to distribute the dedicated terminals to the faculties since the faculty can access to the VDI environment from any terminal by using the one-time password. Therefore, we think that we can reduce the cost for the clerical terminal drastically at the next system update.
- Name of school
- Shibaura Institute of Technology
- A private university established in 1949. Since the founding of its predecessor Tokyo Industry and Commerce High School in 1927, the school fostered good technicians who can work steadily with the banner of practical science principle consistently. The university provides education and research as a university to develop human resources with rich creativity and learn to society and contribute to society while taking over the philosophy since the founding. The headquarters is located at 3-7-5 Toyosu Koto-Ku Tokyo. Other than the headquarters campus, the university has Omiya campus (Minuma-Ku, Saitama City) and Shibaura campus (Minato-Ku, Tokyo). 8399 people learn 3 undergraduates of “Engineering”, “System Faculty of Science and Engineering” and “Design Engineering” and 2 Graduate Schools of “Science and Engineering” and “Engineering Management” (As of May 1, 2013)