Smart cards tokens security and applications pdf


    The original motivation for the book was to provide a suitable reference text for the aptly titled MSc module, ”Smart Cards Tokens, Security and Applications”. Smart Cards, Tokens, Security and Applications provides a broad overview of Pages i-xxxvii. PDF · An Introduction to Smart Cards. Keith Mayes. Pages Smart Cards, Tokens, Security and Applications Digitally watermarked, DRM- free; Included format: EPUB, PDF; ebooks can be used on all reading devices.

    Author:RYAN SALONE
    Language:English, Spanish, Portuguese
    Genre:Academic & Education
    Published (Last):12.08.2016
    Distribution:Free* [*Registration Required]
    Uploaded by: MERRY

    61421 downloads 91239 Views 13.79MB PDF Size Report

    Smart Cards Tokens Security And Applications Pdf

    Request PDF on ResearchGate | Smart Cards, Tokens, Security and Applications | This book provides a broad overview of the many card. Smart Cards, Tokens, Security and Applications provides a broad overview of the many card systems and solutions that are in practical use today. Review of the book. ”Smart Cards, Tokens, Security and Applications” by Keith Mayes and Konstantinos Markantonakis (editors),. SPRINGER.

    Contacts of a Chip Card. A Smart Card Chip old. Snapshot of Smart Card Applications by Sector. Phone and Its SIM. Card Body Manufacturing Flowchart.

    Advantages of smart cards Smart cards can provide a higher level of security than magnetic stripe cards as they can contain microprocessors capable of processing data directly without remote connections; even memory-only smart cards can be more secure because they can securely store more authentication and account data than traditional mag stripe cards.

    Smart credit cards became common as banks embraced the EMV standard Another advantage of smart cards is that once information is stored on a smart card, it can't easily be deleted, erased or altered. As such, smart cards are good for storing valuable data that can't be -- or shouldn't be -- easily reproduced. Smart card technology is generally safe against electronic interference and magnetic fields, unlike magnetic stripe cards.

    In addition, applications and data on a card can be updated through secure channels so issuers do not necessarily have to issue new cards when an update is necessary. Multiservice smart card systems can enable users to access more than one different service with just one smart card. Disadvantages of smart cards While smart cards have many advantages, the cards themselves -- as well as the smart card readers -- can be expensive. Another disadvantage of smart cards is that not all smart card readers are compatible with all types of smart cards.

    With multiple types of smart cards available, some use nonstandard protocols for data storage and card interface; some smart cards and readers also use proprietary software that is incompatible with other readers. While smart cards can be more secure for many applications, they are still vulnerable to certain types of attack. Attacks that can recover information from the chip are possible against smart card technology. Differential power analysis can be used to deduce the on-chip private key used by public key algorithms such as RSA.

    Smart Cards, Tokens, Security and Applications - PDF Free Download

    Some implementations of symmetric ciphers can be vulnerable to timing attacks or differential power analysis as well. Smart cards may also be physically disassembled in order to gain access to the on-board microchip. Examples of smart cards Smart card applications include: Payment cards, including debit or credit cards issued by commercial credit card companies and banks. Electronic benefits transfer EBT cards, which are used for distribution of government benefits such as the U. Supplemental Nutrition Assistance Program.

    Transit cards can be used by local and regional transit systems to process payments as well as give riders points on their downloads.

    Smart cards are used as ID cards issued by schools, corporations and government entities to control access to physical locations. Medical institutions use smart cards to securely store patient medical records. Overview of the Java Card Architecture. GlobalPlatform Card Architecture. The Multos Smart Card Architecture. Overview of Multos Application Development Cycle. NET architecture.

    Smart Card Standardisation for Telecommunications. IMSI Fields. SIM Start-up Sequence. Static Data Authentication. Token Reader. Using Dynamic Passcode Authentication. Passcode Generation. Example Message Flows in 3-D Secure.

    Basic Transport Stream. Synchronisation at the Receiver. ECM Stream. EMM Stream. Key Hierarchy. Scrambling at the Broadcast Centre. Descrambling at the Receiver. Daisy Chaining CIMs. Simulcrypt Transport Stream. TPM Building Blocks. Boot Process. Secure Storage. Evaluation Roles. Multi-application OS. Contacts to Power and Communicate with a Smart Card. A Chip with a Shield Present and Removed.

    Overlaid Acquisitions of the Power Consumption. A Differential Trace. Electromagnetic Probing of a Chip. Power and Electromagnetic Measurements. Determining the Moment File access. Java Card Architecture Model. A Simple Java Card applet:. Java SIM Architecture. Development and Test Tool Usage. Dongles in the PC World. A Mobile Dongle?

    OTA security header. BIP message flow. The SIM lifecycle management process. SIM production I. SIM production II. Contactless Card.

    Monolithic Dual Interface Card. The Trends in Memory Size by Application. Smart Card Sizes. Card Materials. Java card Forum Members. Java Card API 2. GlobalPlatform Members. SIM File Types. SIM Toolkit Commands. Sequence of Message Flows. Expected S-Box Hypotheses. SIM Toolkit Events.

    Utility Tools. Technology Changes Comparison. He is also the founder and managing Director of the consulting company Crisp Telecom Limited www. Aside from his current research and teaching focus on smart cards, RFIDs and security, he has maintained an active interest in mobile communications, hardware and software development, Intellectual Property and radio relay trials. Afterwards he did his doctorate at the Institute for Machine Tools and Industrial Management of the same university.

    Konstantinos Markantonakis received his BSc. His main areas of interest are smart card security and smart card applications, security protocol design, mobile devices, tokens and information security.

    Since completing his PhD, he has worked as an independent consultant in a number of information security and smart card related projects. He has worked as a smart card manager in Visa International EU, responsible for multi-application smart card technology for southern Europe. More recently, he was working as a Senior Consultant in Steer-Davies-Gleave responsible for advising transport operators and financial institutions on the use of smart card technology. He is an active figure in the international standardisation of telecommunications smart cards and has been elected as the chair of the influential ETSI SCP Requirements group.

    He also served for a number of years on the DVB Simulcrypt committee. His current research interests are distributed systems security, trusted computing, and mobile network security. Universities, Dr. Following a stint developing auto-layout algorithms for FPGAs, he has worked with smart cards for the last 15 years. Initially this was to develop a secure operating system and applications for a security module system for prepaid payphone smart cards.

    Since he has worked for MasterCard as a project manager, assisting banks who are implementing new products using multi-application chip cards. His current projects concentrate on the introduction of contactless technology by banks. Although the SIM browser seems to be rather side-lined as a development method, the idea was pretty good and faster communications plus a more open-source approach to the gateway might see a resurgence.

    The odds may not be great as in the meantime developers have found their favourite platform in the form of the Java Card [27]. Java is popular as it abstracts the programming environment from the underlying chip platform, which means that applications should in theory run unmodified on Java Cards supplied by different card vendors and using different chips.

    For a long time this was far from reality and even today it is wise to repeat testing for all card types. Flexibility and card management is provided by the GlobalPlatform [12] functionality which helps to support secure application and data loading, modification and quite sophisticated security domains and channels for isolating multiple applications.

    Java Card still suffers from the fact that the functionality has to be developed and loaded on the card itself rather than a remote server , which in some applications creates testing and card management issues.

    Java Card and GlobalPlatform are described in detail within Chapter 3 along with another multiapplication card that was in use whilst Java Card was in its earlier stages and that some would claim is more secure than Java Card.

    This seemed to deter developers and as the vast majority of smart card were and still are for mobile networks that did not exist on formal security evaluations a lot of the activity headed into the Java camp, which also meant that more freely available tools became available to ease development.

    MULTOS has not disappeared however and should still be given consideration particularly for very high security applications. When you design the data content and functionality of a smart card you should capture all current and foreseeable future requirements which is really an impossible task as no one can accurately predict the future.

    If you are smart, you design in some flexibility to make changes and add more data and functionality in future although this will be resisted by the downloading department who believe in saving pennies today rather than the promise of rich yet unspecified new services in the future.

    Whatever the final agreed compromise, it is translated to a smart card profile that is a definition of how the chosen smart card should be configured.

    Depending on the application there may be a great many profiles and reader combinations in use. For example you could have a SIM profiles and s of phones in your network. Testing is really important and to really understand this, consider how much money you could lose your company. If you missed a serious bug you may need to recall and replace the cards, a process that is known to cost an order of magnitude more than the cards i.

    This is one of the 1 An Introduction to Smart Cards 23 reasons you build in remote management - but changing 1 million cards would still be a major undertaking. You might decide to live with a minor bug and so then the interest will be on the normal card lifecycle.

    For bank cards this is defined as a few years, but for other cards e. SIM there are no expiry dates and it is not uncommon to find cards in use that are over 10 years old. This comes to another important point regarding new service roll-out. A company will want a great new service to reach all its customers instantly, however card based applications can rarely offer this. If the service requires a new form of card then on the launch date you will have zero customers. If you wait for the cards to expire or wear-out then you may wait many years and if you swap customer cards you know it will be expensive.

    This sounds like some unfortunate bad-luck situation but often this legacy problem was actually designed in because of the catch conflicting logic of smart card deployment.

    smart card

    That is, you need spare capacity and perhaps the most advanced capabilities of the smart card for important services that are not identified when the card is designed, whereas the cost of the card is only justified by the applications that are known to be essential at design time.

    The situation is not helped by the fact that a marketing strategy or service plan is usually much shorter duration than the life of the card. One must always remember that a smart card is a sophisticated, personalised and managed computer platform that is vital to a users secure use of a system or service.

    With proper design and supporting management systems it can be used for many years. Over-specifying a smart card from the bare minimum has a very tangible cost and although it may only be a few pennies or cents per card this starts to become significant for large deployments.

    However the true cost of issuing minimum specification devices is less simple to determine as it may be the denial of a new service to a customer, a reduced card lifetime and earlier replacement cost , a poor service or perhaps the loss of the customer to a competitor. Of course only an overview has been possible here, but much more detail can be found in the following chapters. Acknowledgement The author wishes to thank Vodafone, Giesecke and Devrient plus all the SCC industry supporters for their encouragement and support.

    References 1. Anderson, R. More Information Available via http: Barclays, Barclaycard and TranSys sign agreement to put Oyster on credit cards, COMP attack. EMV Books , Version 4. Irdeto website. More Information Available via www. ITSO, Specification v2. Correspondence, NDS website. Rankl and W. Effing - Smart card handbook, 3rd edition, John Wiley , Smart Trust WIB, Sun microsystems, , Java Card 2. Transport for London Oyster Card. Chapter 2 Smart Card Production Environment Claus Ebner Abstract This chapter gives an introduction to the production steps in the lifecycle of a smart card.

    After a short introduction the manufacturing of the card body will be described. The next paragraphs give information on the personalization process chain from data processing and on to card personalization and additional services such as packaging and shipment.

    A separate paragraph focuses on quality and security issues. At the end there are a few thoughts on current trends and challenges for the smart card industry. As there is a close relation between the two - e. In banking there are the standard debit and credit cards in ID-1 format see Table. A multi-layer usually 4 to 5 layers of individual plastic foils card body with printed design, some optional printed security features, a magnetic stripe, a signature panel, a hologram and more and more with a chip.

    The optical personalization of the card is either done by embossing or by laser engraving. VISA mini or different shapes e. MasterCard MC2 [2]. In telecoms there are prepaid telephone memory cards and microprocessor cards for mobile telephones. The card body may be either multilayer or injection moulded - with a decreasing trend for multilayer.

    For cards either with a short life cycle, or only serving as carrier for the plug-in module until mounted in the mobile, usually the cheaper variant is chosen. For a card body which has no security elements, optical personalization is either done by inkjet and thermal transfer printing or by laser engraving. The card body is usually of multilayer type up to 9 , containing security features such as mentioned for payment cards plus even more sophisticated ones, e.

    Health care cards usually have a contact based chip and most new ID cards use contactless technology. For optical personalization all techniques can be used - preferably laser engraving due to security reasons.

    For photos also colour dye sublimation or retransfer technology is used. First there is the manufacturing of the card body - which includes making of the plastic, printing, and adding additional elements, such as the magnetic stripe. This is followed by embedding the smart card module, which itself went through the steps of test and probably completion and initialization.

    An optical and electrical personalization transforms the smart card to an individual one. This often is accompanied by related services, such as card carrier personalization, mail fulfilment and packaging. The following paragraphs describe these steps in more detail. The classical material used is PVC, but due to environmental discussions and higher lifetime requirements as well, other materials gain importance.

    The image is exposed to the light sensitive plates with a laser beam. After development of the plate and chemical treatment there are zones which attract ink and others which attract water. The plates are mounted to printing cylinders which during their rotation run against water rollers and ink rollers. The water rollers dampen the non-image parts of the plate, the ink rollers dampen the image area of the plate with ink. The plate then transfers the ink to the rubber blanket of a second cylinder, which in turn offsets the image onto the foil running between it and an impression cylinder.

    There is also a waterless variant of offset printing using special inks and UV technology. This technique is used in machines for single card printing, where the design is applied to white cards - mostly coming from an injection moulding process.

    Screen Printing The other technique used for card printing works with a porous woven fabric which is stretched over an aluminium frame. A stencil is created on the screen by filling its mesh for the negative parts of an image.

    A positive film of the image is made and placed over the screen, which is coated with a light sensitive emulsion. Exposed to ultraviolet light, the emulsion will harden in the parts of the screen, where the UV light passes through the transparent areas of the film. The non-hardened emulsion will be washed away afterwards from the screen and a negative stencil of the image will be left. In the press the screen is placed over the foil to be printed and filled with ink.

    A rubber blade called squeegee then is pulled across the screen which fills the holes of the mesh with ink. In a second step a squeegee will press the ink through the mesh onto the foil which is pressed against it. The printed foil must now dry before the next colour can be applied. Digital Printing For high volume printing today there is no alternative to the techniques described above.

    Digital printers working with thermal sublimation dye or retransfer printing are used to print individual designs onto white cards. Though the quality of this technique has so far not reached the level of Offset or Screen Printing, the results are already very well accepted by card Issuers.

    As the foils are of thermoplastic material they will establish a connection under heat when their softening temperature is reached. The most common compositions are four- and five-layer cards, for contactless and ID cards even up to nine layers are put together. No matter how many layers are used, as the physical parameters of a card are defined in ISO, the sum of the foil thicknesses has to be less than microns. To protect the design printing there are two ways: If there is external printing on the outer layers of a card the surface will be covered by a transparent varnish.

    In the most common case of internal printing, transparent overlay foils will be laminated over the design which provides a better resistance against scratching and abrasion. Besides design and overlay foils there are other components which can be applied in the lamination process. Magnetic stripes and signature panels brought onto a foil before are often added in this process step already. Before entering the lamination press the layers have to be collated in such a way that the images for front and back side match exactly and the location of additional elements, such as magnetic stripes or contactless inlays, is within given tolerances.

    This may either be done by hand or using a sheet collating machine. The simplest way is to align the sheets using their ledges or using adjustment holes in the sheets. If more precision is needed, printed crosses on the foils are brought together using a special table with two cameras - one for the front and one for the back design.

    In any case the foils will be stapled together by a heated spot stamp in the rim. These pre-mounted sheets are stacked together with thin, highly polished metal plates. This stack is put between one of the several heating plate pairs in the laminator. Depending on the necessary process parameters - which are specific for each product regarding the type of materials etc. After cooling down under pressure of the laminated sheet, the card bodies will be punched out in the next process step.

    If necessary, the sheets will be cut to fit the punching machine. The cavity needed for the chip module is already created in this process, so that no milling is necessary afterwards. The preferred material for injection moulding is ABS. The plastic granulate is pressed under high pressures into the pre-heated mould form. The material melted by heat and shearing forces fills the shape of the mould and solidifies. The form is opened and the work piece ejected. Another important attribute of injection moulded cards is their printability, as the card design will be applied afterwards in a single card printing process before the chip module is implanted.

    In order to do so with a customary ballpoint pen, a special signature panel is necessary. Signature panels are applied with two different techniques: Laminating or hotstamping. Paper signature panels are mounted to the outside overlay foil of a card and will connect to the card surface during the lamination process.

    Another option is to create overlay foils with a printed signature panel by the use of special colours in a screen printing process. Again, this overlay will be applied in a lamination process. The hot-stamping technique works with prefabricated elements which are transferred from a carrier tape to the card body by the usage of a heated stamp. The elements - such as signature panels - are covered with an adhesive which activates under heat and pressure.

    Under the hot stamp the element will bond to the card surface and in turn lose its connection to the carrier tape. Magnetic Stripe The magnetic stripe which is a main element for all payment cards, needs to be put onto the card at a certain position. The techniques used to apply it are the same as for signature panels. Either the magnetic stripe comes on an overlay foil and is laminated or a hot-stamping process is used.

    Hologram Another security element - for example known from some payment cards - is the hologram. It also is applied to the card body using a hot-stamping process.

    There are three main ways to manufacture the antenna for such an inlay: The surplus copper will be etched away by acids only leaving the antenna shape on the plastic foil. The technology to connect the smart card module to the antenna depends on the antenna type.

    For embedded antennas it is micro welding while for etched antennas it is soldering. No matter what technologies are used to create a contactless card, it is essential that the unevenness caused by antenna and module is equalized to achieve a good card surface. In a first step an incoming inspection will be made on a test handling machine to ensure the quality of the modules before embedding. As machine costs for test handlers are lower than for card personalization machines, they are often used to already load data to the chip which are common for a range of products.

    For Flash controllers the complete OS has to be loaded in this step. Depending on the contents of the initialization file loaded afterwards, file structures and also partly their contents will be created, applications and keys will be available on the chip. The criteria which parts to load in which step will not only be dependant on cost calculations but also on the product and related security requirements. So for some products it is necessary to have a clear separation between the initialization and the personalization.

    For other products it may be better to perform the initialization as late as possible. This avoids logistic problems, as not too much variants have to be kept in stock for the subsequent processes. As the modules have to be glued into the card body another step is necessary before embedding which applies an adhesive tape to the modules.

    The module will be applied and glued to the card body in an implanting machine. To verify that the module is still alive after this process step, usually an ATR test is performed in the implanting machine. For some products it is also necessary to write some information onto the card body. This is possible via an inkjet printer within the machine. The data necessary to do this is usually provided by the card Issuer - sometimes enhanced by data generated in the process at personalization see Fig.

    For big volumes sometimes also tapes or other media are still used. The data has to be encrypted and will be decrypted only after being transferred to the production network. Quite often similar products are within one file, e. In a typical scenario the customer apply form for a card has a special part for the photo, which is teared off and sent directly to the personalization bureau. The photo will be scanned and stored under a reference number, so it can be linked with the other personalization data sent by the card Issuer to create a photo card.

    So before the data can be processed a transfer of the data via the separating firewall has to be initiated. After decryption of the files a validation of the data takes place.

    Sometimes also a conversion has to be done, e. This may be simple checks like whether a field is numeric or checks whether there is a defined product and process available as requested by control fields of the customer data. In many cases a grouping and sorting of the data will be the next task.

    So there may be different service levels and certain records have to be processed and produced on the same day while for others there is a bigger time frame. Other criteria may be different shipment methods by mail, by courier, etc. A merge of data from different sources is another task of data processing.

    This may be photos or logos for optical personalization as well as data for different applications on the chip. For many products it is also necessary to generate additional data which will go into the chip.

    The values for keys e. In that case the card Issuer needs to receive a response file which contains all the values generated, so he can store it in his systems. Another task for products being sent out by direct mail is to create the postage information - depending on mail type, weight and destination. Due to the requirements of the local mail service this information needs to be printed on the carrier, probably leads to the usage of different envelopes in fulfilment and must be provided in a billing report.

    Also for credit cards with chip EMV there is a process which takes the magnetic stripe data and some card Issuer keys to generate data for the chip.

    As the secure storage and generation of keys and the encryption of production data is a basic requirement today, a key management system and the usage of Hardware Security Modules HSMs is a must. At the end of the data preparation process there are several outputs: Data validation reports, production files for the different card personalization machines, printing files for carriers and labels, information on the products bill of material, process steps for production and sales what to bill to the card Issuer?

    Most machines can be set up individually by combining different machine modules and can also be adjusted for further requirements later see Fig. Its result can be seen in the different layers of a card and be felt on the surface of the card. The laser can either personalize vector fonts or raster images.

    The latter one takes more time, so for bigger images photos, logos, barcodes it is necessary to have more laser modules in one machine for a high output. Another advantage for laser personalization is reduced cost, as no ink or transfer film is needed.

    Embossing and Indent Printing Embossing and Indent printing are the classical methods for personalizing credit cards. Still in many countries credit cards are not processed online, so the embossed characters are needed to create the receipt. In modern high speed machines two or more modules are used to enable high throughputs. Printing on the rear side of the card is called indent printing, characters are not embossed in that case.

    Inkjet Inkjet printing is often used in conjunction with simple products such as voucher cards. There are machines available which have a very high throughput cards per hour. On the other hand inkjet also can be used for colour images. Thermal transfer printing is used for monochrome images, such as logos or barcodes.

    It delivers high optical quality, but less security than laser engraving, as the ink is applied to the surface only and does not go into the deeper layers. For colour dye sublimation a three-pass process is necessary, using ribbons for Yellow, Magenta and Cyan. Usually an overlay ribbon is applied on top of the images to protect them against abrasion and fading.

    Again, the images are only on the surface and therefore not as secure against copying as laser images. The retransfer method is similar to colour dye sublimation, but instead of printing directly to the card a reverse image is printed to a transfer film which is then applied to the card body. The main advantages are better quality, as an unevenness of the card does not affect the printing result and that the image can be printed over the full surface area of the card and no white borders can be seen.

    Magnetic Stripe Encoding To encode the magnetic stripe with its three tracks e. The first one encodes the magnetic stripe, the second one reads back the information from the magnetic stripe to ensure that it is written correctly.

    Chip Encoding Chip personalization has become quite a complex process in the last few years, as the capabilities of the chips e.

    Java Card , the memory sizes Megabytes! The basic process is that the card reader has to establish a connection to the smart card, perform an authentication by presenting a key and then select files on the smart card and update them with personalized contents provided by the data preparation and generation process. Additional data may be loaded from different sources configuration files, databases or also be generated during the personalization process and passed back to data preparation.

    So the smart card itself may perform asymmetric key generation and export the public part for a certificate request. To cope with the amount of data and the throughput needed, a number of high performance card readers are needed in personalization machines.

    It must be possible to change parameters like voltage, frequency or divider in a wide range for optimization. With local memory available on the readers, also certain parts of the personalization data can be stored there to improve performance. There are also high requirements to the hard- and software handling the personalization data and process - regarding quality, performance and stability.

    A typical scenario today is to handle 60 smart cards in parallel and load each one individually with some hundred kilobytes with other components involved HSMs, databases etc. The input and output modules either handle a loose stack of cards or work with magazines.

    Some machines may have more than one input module, so different plastics can be mixed in personalization. If the same plastic has to be separated for different card Issuers or sorted for later shipment more output stacks are an option as well.

    A typical machine for credit card personalization will have a magstripe reader module, followed by a chip encoding module for EMV cards. A colour dye sublimation module may follow to personalize a photo of the cardholder - again this may be for the front or rear side.

    The last stations in the machine will be the embossing units, one with types to emboss the credit card number, one or more for high throughput other units to emboss the remaining lines, e. The performance range starts with cards per hour cph for small desktop systems and ends at cph for high volume systems. A typical machine for SIM card personalization may have a vision system after the input module, which serves two purposes: Verify that the right card body is used and calculate offsets for the origin for optical personalisation to equalize punching tolerances.

    As the data volume for the chip can be quite high for SIM cards, there will be multiple chip encoding heads working parallel to ensure the machine throughput does not go down for longer loading times. High volume machines which run at more than card-per-hour may have 40, 60 or even more chip encoding heads.

    So the typical number of laser stations is one or two. To be flexible for either front or rear personalization often a flip over station is used. To verify the quality of the optical personalization, a vision system can be the last module before the cards go to the output stacker.

    Additional modules are available for printing the card carrier, affixing the card to the carrier and also to put this in an envelope, probably together with some additional enclosures. This will be described in the next two paragraphs. For small volumes this may be simple office printers, for high volumes there are high speed machines printing up to pages per minute ppm for cutsheet printers or even over ppm for continuous feed printers.

    All the rest will be printed variable, which gives the card Issuer a maximum of flexibility and enables him to address his customers very personally.

    For smaller volumes colour printers are an option as well, which will print all information including logos etc. To enable an automatic matching of the card and the carrier in the fulfilment step, a machine readable card identification number needs to be printed onto the carrier either as barcode or using an OCR Optical Character Recognition font type.

    You might also like: CCNP SECURITY 300-206 PDF

    PIN Personal Identification Number letter personalization today most often also works with laser printers. One method is to cover the PIN with a sealed label after printing, another one works with a special paper which already incorporates a sealed label.

    Another method still used works with needle printers and carbon coated multilayer paper. There is no carbon ribbon in the printer, so the PIN cannot be seen during printing - but will be found in the PIN letter after tearing off the seals.

    Depending on the card Issuer requirements this leads to a high variety of products, e. The process may either be handled manually for small batch sizes or by dedicated mail processing systems for higher volumes, with a throughput of up to mailings per hour. These machines are set up from different modules; a typical configuration looks like as follows: The paper feed module will take the pre-printed carriers, in case of continuous paper a cutter will then cut it into single sheets.

    In the next module an adhesive label will be placed onto the carrier. The card attaching station reads information from the card usually from the magnetic stripe or chip and the corresponding information from the carrier usually OCR or barcode. If the information matches, the card will be affixed to the carrier. It is also possible to attach more than one card to the carrier - so a bank may send out a MasterCard and a VISA card on the same carrier to its customers or a family receives all their health cards within one mailing.

    Afterwards the carrier with the attached card is folded e. An inserter module consists of a number enclosure stations from which for each mailing additional enclosures can be individually pulled and inserted. Most often these are non-personalized information leaflets or booklets, but also personalized items are possible, e. After all components are in the envelope, it is sealed and a weighing scale behind it checks the weight of each mailing.

    This may be used to check whether the mailing is correct e. From the output stacker module the operator can the take the mailings and put them into boxes, which will then be handed over to the shipment area.. These packages may either contain only cards or cards in mailings which are distributed in other ways after they leave the personalization bureau. Related to packaging there is the printing of shipment lists and identification labels to the cardboard boxes.

    As these lists and labels apart from some overall product information also contain some personalization data e. In nearly all cases this is a manual process, as the individual items cannot be handled by a machine and the volumes usually are not high enough for the investment in an automated solution. CD boxes, sophisticated cardboard boxes, blister packages and even wooden boxes or leather cases. With the cards may go user guides, mobile phone handsets and manuals or different marketing items.

    During data generation and processing some data is created which the card Issuer may need in his systems for either logistical or technical reasons. Some card Issuers need the information which card number has when left the personalization site. Whenever a card contains individual values created or allocated in personalization, the card Issuer will need these values in his system. For example this applies to load certificates for keys generated on the smart card: During personalization the smart card generates an asymmetric key pair, the public key is sent in a certification request to an external certification authority a trust center and the certificate received gets personalized to the smart card in a second personalization step.

    Due to the many variants which are generated by different card bodies, carrier papers, enclosures and shipment methods production breaks down into small lot sizes. On the other hand there are very restrictive rules how cards have to be treated in a secure production environment. The cards are stored in a vault and any movement and withdrawal has to be recorded. A counting of cards takes place between the significant process steps.

    When a card is spoiled in a process, this of course has to be recorded as well. There are two main ways to provide the cards to personalization: Either the amount of cards given by the card Issuer order is moved to personalization and rejects produced on the machines have to be pulled in an additional run - or a higher amount is moved to production and the rest needs to be balanced at the end when returned to the vault. In order to reduce machine setup times, similar orders can be processed together - this can also be supported by intelligent data preparation.

    There are four different card designs which are applied to the same type of carrier paper. The data preparation will create one carrier printing file and four card embossing files. So there is only one order at the printer instead of four. The same then applies to fulfilment where the card stacks are combined and the machine can produce with one carrier stack in one run. A card manufacturing plant or personalization bureau has to fulfil high requirements on physical security.

    This starts with the fences around the building, which must constructed in a way that no car or lorry simply can break through it.

    Additional electronic systems detect any other trials to break through this first barrier. Video cameras need to survey the whole plant area as well. The building itself has to fulfil certain standards wall thickness, stability of doors, etc. Only people who are able to prove their integrity may work in those areas and all their comings and goings are recorded.

    No single person is allowed in the security area, a four-eyes-principle needs to be guaranteed in any case, supported by video cameras all over. Security is also part of all processes - there is a continuous counting of security relevant materials, such as cards, holograms etc.

    Another very important task to ensure logical security in personalization is the protection of data. Networks for smart card production are strictly separated from other networks and of course from the internet. Access to data is limited to the persons who need to deal with it and encryption of data is applied wherever possible.

    It is also essential to delete the personalization data after production in a safe way. On the other hand certain data has to be kept on behalf of the card Issuer or to ensure traceability.

    If severe problems were detected by them, this could lead to a decertification and such to the loss of the business. Therefore an ongoing process has to be established, which always ensures the compliance with the actual security regulations.

    Quality is the other very important issue. Well defined quality management procedures and a quality assurance during the whole product lifecycle are a matter of course. This starts with the definition of a product, continues with development, test and the production release process following it. Examples are: This means high hurdles for newcomers in the market and a challenge for the existing companies to remain competitive.

    Mayes K., Markantonakis K. (Eds.) Smart Cards, Tokens, Security and Applications

    It starts with a high variety of card body designs. World Cup, Olympics , with and without photo, etc. On top of that there are debit cards, customer cards, savings account cards - again with different characteristics.

    Related articles:

    Copyright © 2019