torsdag den 11. februar 2010

Om Danmarks første computer - Af Kai Mortensen, tidl. IBM


Jeg har fra Kai Mortensen, pensioneret servicetekniker fra IBM , modtaget denne herlige beskrivelse af SASCO I - og om de første 'rigtige' computere i Danmark:

SASCO I systemet bestod grundlæggende af 2 stk IBM 1410 computere.

Disse var tredje og fjerde IBM 1410 systemer i Danmark,

og blev ikke efterfulgt af flere.

Første og anden IBM 1410 system blev installeret i 1962 hos henholdsvis Dansk Folkeforsikring på Otto Mønsteds Plads og hos den daværende Handelsbanken på Frederiksholms Kanal, begge i København.

Dansk Folkeforsikrings var den første, og blev dengang udråbt som Danmarks første computer.

Den blev hentet på IBM's fabrik i Essonnes ved Paris under megen presseopmærksomhed i en specielt luftaffjedret lastbil, som ikke var almindelige dengang, og som var overmalet med hvad dens last var, og ”Danmarks første Computer”.

Dansk Folkeforsikrings direktør fulgte lastbilen på hele turen i sin egen bil.

Begrundelsen for at kalde den for den første computer var, at den som den første kunne multiplicere og dividere direkte, og ikke blot addere og subtrahere på samme måde som tidligere regnemaskiner, og som også mekaniske regnemaskiner gjorde det.

Om begrundelsen var rigtig, skal jeg lade være usagt, men for commercielle computere passer den formentlig.

Den blev dog næsten omgående overgået af en IBM 7070 hos Datacentralen.

SASCO I systemet blev også bygget på fabrikken i Essonnes, og måtte til formålet udbygget med funktioner til at kommunikere med reservationsterminaler (agentsæt), fjernskrivere og skrivemaskineterminaler.

Begge systemer blev opstillet på fabrikken i 1963, og et større udviklings- og testarbejde på såvel hardware som software blev påbegyndt.

Software blev udviklet af vor kollega fra system engineering, Søren Brandt.

1410-enheden bestod normalt af 4 sammenbyggede skabe, hvoraf det første indeholdt strømforsyningen, og det andet hukommelsen, som kunne være på enten 40K, 80K eller 100K 8-bit tegn. Vi startede med 80, og endte med 100K.

SASCO I systemet måtte imidlertid udvides med et ekstra skab, som blev propfyldt med førnævnte specielt udviklede netværksfunktioner.

For at kunne skifte netværket mellem de to computere blev der også udviklet en speciel omskifterenhed til formålet.

På billedet øverst kan man se, hvordan elektronikken i IBM's 14xx og 70xx systemer så ud dengang. Kortene havde trykte kredsløb på bagsiden, men forbindelsen mellem kortene skete med kobbertråde, som vikledes om de pinde, man ser forneden.

På grund af disse specialiteter var vi fire serviceteknikere fra Danmark, som blev koblet på projektet i december 1963 for at lære systemet at kende, og deltage i arbejdet til det var færdigudviklet omkring maj måned 1964. Foruden undertegnede var det Per Løve, Keld Nielsen og Ole Truelsen.

Det færdige resultat blev herefter transporteret til Danmark, og installeret i Københavns Lufthavn.

På det tidligere publicerede billede af SASCO CENTREt på denne Facebook-gruppe sidder personen til højre i billedet ved betjeningskonsollen til den ene 1410, og modsat ham står konsollen til den anden 1410 med bagsiden til.

Imellem de to konsoller sidder en kollega ved en skrivemaskineterminal med ovennævnte omskifterboks overfor sig.

Længere til venstre ses en række båndstationer, hvoraf de to længst til venstre er papirbåndststioner, som kan læse såvel 5-spors som 8-spors papirbånd.

Desuden havde centret 2 stk IBM 1403 kædeprintere og 2 stk 2540 kort-læser og -huller.

Endelig havde anlægget 2 stk IBM 1301 pladehukommelser. De kom fra USA og var derfor bygget til 60 hertz strøm, så for at klare dette blev 2 stk roterende omformere installeret på loftet over maskinstuen sammen med kølemaskiner m.v.

Teknikken på disse var en videreudvikling af IBM's 305 RAMAC, og i modsætning til denne var 1301 forsynet med et læse- skrivehovede for hver pladeside som vist på fotoet til venstre herunder.

Hver 1301 kunne rumme utrolige 50 millioner 8-bits tegn.

Da udviklingen løb fra 14xx og 70xx systemerne blev IBM's 1410'ere udskiftet med Univac computere til flyreservation.

Venlig hilsen

Kai Mortensen

NB: En gruppe SAS-veteraner har lavet en hjemmeside med deres side af SASCO-historien på http:/www.g-hit.dk/historie.htm


fredag den 5. februar 2010

BIOMETRICS - The Danish Perspective


To day I had the pleasure to participate in the network for Biometrics in Denmark. The network was originally established by Frederik Kortbæk, DeLoitte and others, and todays' meeting had 3 major elements, at status report from the Danish National Police on the biometric passports, a presentation on identity management by Omada, and a user report from the leading architect of the Capital Region, the organisation responsible for hospitals for 1.6 mio inhabitants in the Greater Copenhagen Area.

The representative from the Danish Police was Mrs. Lene Gisselø, a lawyer, presented the status of the bio passport. The passport is based on the EU Directive 2252/2004.

The directive is of course based on the increased focus on terrorism, and demanded the member countries to implement a 2-step strategy, first passports with photos of the card holders, which has always been the case in Denmark, and 2. step due in june 2008 to implement biometric fingerprints as part of the passport. (See the Technology Board report on Biometric Passports - where it is pointed out that also illegal immigration is supposed to be less after the bio passes are introduced. )Denmark is lagging behind the original target date, and in spite of a tender issued 2 years ago and supposed to be closed months ago, is still not signed. The tender called for multiple types of equipment to be used by the municipalities, by the foreign office's representations around the World and by the department for immigrants in Denmark. It was stated that one of the reasons for the delay is the lack of funding, as the preferred vendor was well above the allocated budget.

What wasn't mentioned was that in the meantime 20 municipalities out of the 99 already have established a local workplace to issue not only passports, but also driver's licenses, motor vehicle licenses etc. If the budget discussion drags out much longer, the wisest thing to do will probably be to drop the tender and open a new one based on the experiences with the municipalities.

Lene Gisselø presented all the security features around the Danish passport and pointed out, that even if the holders' picture and fingerprints were stored centrally during a 3-5 week period until the passport was duly delivered to the holder, there would be no centrally stored register on biometrics of the data – 'even if it would have benefitted the police'. The locally captured data is encrypted, the BAC method used to store the photo, and EAC to protect the fingerprint data. Also Lene G. discussed the enormous task of cross-certifying all passports within the European Community.

From the audience a question was raised why the Police didn't choose the 'Match on Card' method for authentication in stead of 'Match off card'. The issue here is that when the border police checks the passport, the passport officer takes a photo of the visitor, takes a digital print of the fingerprint and then let the SW on his workstation extract the data from the passport, convert to some sort of algorithm (which may vary between the countries), and then makes the comparison based on his local algorithm. This means that the data from the passport has to be extracted and at least for some time resides in another computer. The alternative method would be to have a chip residing in the passport with the capacity to perform the comparison without having to extract any data from the passport. Lene G's answer to this question was that is was what met the EU defined standard specifications. This of course raised the question if other countries in Europe were legally prevented from storing biometric data from Danish passports, and the answer to this is, that probably there is no legislation in place to prevent this. For instance UK and Netherlands have active plans to compare the extracted data with the criminal records. The representative from the Data Protection Agency, Janni Christoffersen, pointed out that although the Privacy Officers' forum, the WP29, was looking at these issues, no common agreement has been reached yet. See this excellent book on other outstanding issues regarding use of biometrics, commented buy the WP29.

The question after the presentation remains that one might wonder what will happen to the tender and the selected solution now 12 months after deadline while the World is changing and technology progressing.

The second presentation on Identity Management from OMADA corporation was an OK run down of the issues of ID management, but it clearly showed the lack of standard solutions in a Microsoft world based on Sharepoint, where Omada clearly filled a gap in providing multiple roles access management admin solutions, deploying even Kerberos in a federated security environment, but compared to the solutions offered by for instance the Tivoli portfolio and a Websphere environment, the presentation was not that ground breaking.

The 3rd item of the day was presented by Claus Thorsen, who is the lead enterprise architect from the IT department of the Capital Region. (Region Hovedstaden). This is a merger of 3 former counties, the Island of Bornholm and the city of Copenhagen. They are responsible for the health care and the 12 public hospitals int he region, producing more than 800.000 in take patients pr. year.

Claus' topic was based on the defined need for a single sign on solution for use in the hospitals; One hospital department (Gentofte) claimed, that due to the security regulations, logging on/off, changing workstations, registration of patient data at centrally placed terminals etc. required one additional medical doctor.

Against this, the National Health Domain committee has come to the conclusion, that only 1.2 minute pr. day is waisted because of long log-in procedures.

Claus took us through all the tedious steps required to register patient data, and where he hoped that 'some day' a biometric solution would help. One example is the use of the so-called Medical Card, introduced to increase patient security, so that the doctor checks that the right patient is getting the prescribed medicine. In order to access this application, the doctor is required to use his digital signature issued by the hospital. When he has signed and logged in, he has to make an additional log in using the digital signature to access the Medical Card application. But what happens if the doctor is ill and a substitute has to do the checking? You can't have fast track issuance of official digital signatures, and the result is that the doctor's from time to time borrow each other's digital signature. And this is only one example.

The most promising solution at this stage is to use virtual desktops, so that the desktop of each doctor remains 'active' in a sort of private cloud, so that it is much faster to check in at another terminal later. The Virtual Desktop Infrastructure is one possibility, but the enormous variation in clients and PC-equipment makes is complicated and difficult to implement this at a large scale.

So the biometric solution to assist in an almost-automatic sign on, could be helpful. But so far the conclusion is that you cannot just have one biometric solution: In the operations theatre you need to wear a mask, hence you can't use face recognition. If you wear glasses, Iris recognition is a problem, and if you want to avoid congestion, fingerprint readers (and even keyboards) are doubtful. As Claus put it: The problem is, that we are users, we are many , and we are poor!

The long range solution is probably a combination of RFID active tags and biometrics, but it remains to be seen if this can be implemented in a practical way. Yet the Region intends to start a number of pilot projects, because the problem is real – the workload around log in/log out is simply too heavy – either it takes too long time, or the doctors and nurses are cheating to ensure quality of patient treatment.

To this statement Janne Christoffersen from the Data Security Agency pointed out, that the privacy legislation 'definitely has no intention to be a problem for daily operations, as it only required, that the doctors and nurses only has access to the data, that are necessary!'

'This is exactly the issue,' Claus Thorsen declared, 'For who knows what data are necessary? Take use of Antabuse! If this is an information that is not revealed to the Doctor, the patient might be seriously mistreated!' This seems to be a very central point in designing an up-to-date privacy legislation, that ensures a more holistic treatment of patients.

The next question, equally central for the discussion, is whether Claus' Region are coordination or cooperating with the other regions, and why this is not a centrally managed development program.

The representative from the Health Domain Steering Group - (Digital Health is an organisation supposed to coordinate anything within the health domain) – claimed that they weren't funded to do this, which again lead us back to the fundamental question on whether the Regions should continue inventing hot water all of them or if the Government should step in and define real areas for centralized solutions.

But a very interesting and down-to-earth real-life presentation with lots of areas where a combination of new technology and use of biometrics might be helpful.

Following this presentation, Ulrich Østergaard from CardLab presented the biometric card that they were trying to introduce in a number of countries. As can be seen from their homesite, this seems to be very promising – the card contains an active RFIOD chip, it has a fingerprint reader, which can be used by the proper owner to turn the card on, and can be equipped with various passwords, digital signatures etc. Looking forward to see some pilot projects based on this idea – and of course combined with proper ID/access management systems on the network.