INTRODUCTION

Scope of the report

The objective of this report is to trace, through desk research, the general framework of experiences and tendencies in Italy in adopting security systems in ICT application with particular regards to the aspects of user recognition in e-learning solutions and in the field of such a system intend to certify the results of their distance learning.

Defining “e-learning authentication and assessment”

In order to guarantee absolute certainty of the system’s validity of user authentication and certification of the learning results, it is necessary to prepare a system that is able to:

• Identify in an unambiguous way the user each time he/she accesses his/her computer to study;
• Arrange a tracking system of the route taken (pages visited), of completion times (total and partial for each course section or lesson); of the results of the tests carried out during the training course;
• Arrange a secure user identification system and validation conditions in the environment in which the certification tests are carried out of the final learning results. By validation of the test environment we mean the contextual verification of the test guarantees that the user can not receive help or support of any kind.

Structure of the report

This abstract underlines the main ideas of the report.

The following provides an indication of the main clusters of documentation that has established the basis of the research, as well as the glossary defining electronic and data transmission security.

• Forensic Area
• Government and legislative acts
• Biometrics
• Certification and digital signatures
• Essential experience carried out by:

1. Polytechnic of Turin
2. ANEE (permanent Observatory of Assinform (with reference to the Industrial Association of Lombardy)
3. CISCO
4. CNIPA (National Centre for IT in Public Administration)
5. CNR (National Research Centre)
6. INDIRE (National Institute of Documentation for Innovation and Educative Research)
7. ISVOR FIAT (Corporate University of Fiat Group)
8. Poste Italiane (Italian postal service)

• Glossary - Glossary of electronic– data transmission security

E-LEARNING ASSESSMENT METHODS

AND RELATED SOCIO-CULTURAL ISSUES

The Italian experience on user identification systems for distance learning students to evaluate learning results in e-learning environments can be catalogued according to the following access methods:

a. In a virtual class, or rather single individuals that have subscribed to a course and have used web based training products

b. In dedicated environments called Learning Points in which it is possible various forms of ICT in an integrated way

c. In videoconference settings that can refer to and use virtual classes/environments; or can refer to class- laboratory type settings. This second case is represented by “business television”.

In reference to these three types of learning environment, here follows a summary of identification systems that are currently being used deduced from real cases and consolidated experience.

“TRIO” Case

TRIO is a capillary network of laboratories distributed in the Tuscan region that constantly uses ICT technology for self learning training through the internet. The user identification system that accesses the training offer and the support services and learning assessment managed by a CLMS platform (Content Learning Management System), is based exclusively on the classic system of login and password

“Learning Point” Case

Learning Points are locations which supply a blended type of training. This is a type of assisted self learning with a tutor and supported for about 25% of the learning time by teachers/contents experts either in person and/or at a distance. The user identification system when accessing the training services on line through a CLMS platform is the classic form of login and password. Learning assessment for activities carried out online is entrusted to normal platform tracking systems; vice versa the intermediate and final learning certification is given following direct contact with teachers/experts in person or at a distance through the use of videoconference system both in relation to presence in a role play and/or simulation of real conditions of use of competences acquired. This type of experience has been carried out predominantly by ISVOR Fiat, which constitutes the Corporate University of Fiat, both for the real needs of internal training and in interesting applications in the field of the Public Administration and for the development of the territorial areas and technological Parks.

“Business television” Case

The BTV (Business television) is an interesting application of the use of satellite television to connect and train in “real time” several hundreds or thousands of people displaced in a very vast area, for example in a country. The analysed case refers to a methodology used by Fiat to train its own network of sales and post sales technical assistants.

In the case of BTV, identification of the users that do not directly participate in the lesson in the television studio takes place by telephone or via login and password for internet/intranet interaction.

“Collaborative working Platform” Case

In this case, user identification for course subscribers who are allowed access with a login and password is led by a platform that provides and visualises in the teacher’s workstation the name of the interacting user. As far as learning assessment is concerned, except for the direct questions made by the teacher to the group or the singer user, the typical rules of online training through the CLMS platform apply.

Summary elements of experiences

From the point of view of user identification in the use of ICT, as concerns learning assessment and evaluation, the current situation in Italy almost sees the only condition that of assigning logins and passwords (automatic and/or by the system administrator), while the verification of results is strongly connected with CLMS platform tracking systems.

BIO-METRICS AUTHENTICATION EU SUPPLIER NETWORK

Before confronting the specific analysis of the biometric authentication system and the other themes connected with the development and use of IT, it is important to recall the attention to what was the level of awareness and political determination of the development and diffusion of information technology.

For this reason, please refer to the “DIGITAL REFORM TO INNOVATE ITALY” report that is provided in the attached main report, edited by the Ministry for Innovation and Technology. This report tracks, in particular, an evolutionary description of the Italian situation in the last 5-6 years supplying a historical socio-cultural analysis and legislative reform put into act by computer literacy in the development and diffused use of technologies.

Bio-metrics used to scan analyse Human characteristics

The desk investigation has highlighted considerable attention to the development of biometrics in the analysis and recognition of human characteristics for commercial, business and security reasons. In the last few years, this last point has become particularly topical to prevent and combat terrorism.

From the enormous amount of documentation resulting from the desk research we have identified and supply a report edited by CNIPA (National Centre for IT in Public Administration) that summarises the state of the art on this theme. We refer however to the analysis of the attachments for further investigation of the subject.

CNIPA report

1 Introduction

Due to the incessant generalised request for measures to enhance “safety”, in Italy too greater knowledge of biometric techniques is becoming rapidly diffused. Finger prints, characteristics of the iris or geometry of the hand, have at this point definitively left the world of fiction and arrived in daily life and recent measures (January 2004) adapted by the United States Administration in terms of immigration probably represent the more important example. This document analyses various aspects of biometric techniques, gives a quick illustration of the operative ways of analysing strengths and weaknesses of each use sector. Beyond, however, any general evaluation of an individual sensor or individual technique, the objective of the document, is to highlight that the correct implementation of a biometric process is based not only on the satisfaction of technical and economic factors, but also, and above all, on the complete performance of juridical and social duties, lack of consideration of which has lead in the past to misunderstandings and an evident series of failures.

2 TAXONOMY

The term “biometric authentication” often more simply put “biometrics”, comes from the Greek bios (life) and metros (measure), even if also used in other scientific contexts1, in today’s IT meaning, refers to the automatic identification or the verification of the identity of a person on the basis of physical and/or behavioural characteristics.

We can therefore divide biometrics into:

• Physical Biometrics which is based on the derivative data of the measurements of the physical characteristics of a person such as the iris, fingerprints, facial/ hand or other characteristics.

and:

• Behavioural Biometrics which is based on reference to behavioural characteristics such as, for example, voice emission, writing a signature, or the type of walk

Considering that, as we will see in more depth later, each biometric process starts with a preliminary phase called “enrolment” in which, generically2, the subject provides the biometric system, through a sensor, his/her own physical/behavioural characteristics, that is subsequently transformed into a mathematical model (template). The two operative ways of biometrics are:

• 1:1 (one-to-one) where the data produced by the biometric sensor is compared with a single template thus creating a verification process;

• 1:N (one-to-many) where the data is compared with a group of templates contained in an archive thus creating an identification process. In biometrics two recurrent terms are:

• Physical Access (Biometric control of), verification procedure of legal right of the subject to enter a room, building, district or area;

• Logical Access, (Biometric Control), verification procedure of legal right of the subject to access an IT resource.

For example, an employee of a company can enter an office (physical access) through biometric control of his/her own physical characteristics (for example a fingerprint) with one deposited on a smart-card (1:1 process).

In accessing his/her own computer (logical access) the same fingerprint could be compared with what is present in the authorised users archive (1:N process).

THE BIOMETRIC PROCESS

Biometric systems are characterised by a process of use that, generally, lead back to the comparison of a physical or behavioural characteristic acquired by a subject with one or more samples of the individual that have been previously recorded. Both the recording and the comparison take place according to the series of steps shown in figure 1.

http://biometrics.pbwiki.com/f/biometric%20process.png