Affina Profile & Scripting - SMP
Affina Profile & Scripting - SMP
Affina Profile & Scripting - SMP
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
NETiiS<br />
Datacard Instant Card Issuance Solution<br />
May 2010
What is the Instant Card Issuance ?
Instant Card Issuance<br />
• Instant card issuance is an end-to-end process<br />
allowing to personalize cards on-demand, on-thespot<br />
and deliver it immediately in final customer’s<br />
hand.<br />
• The customer leave the counter with an active card<br />
that can be used immediately for payment or cash<br />
withdrawal.
Instant Card Issuance<br />
Customer<br />
Branch<br />
Card<br />
Usage<br />
Enrolled<br />
- Card/Image Selection<br />
Card<br />
Issued
How does it work ?
Generic Central Issuance Flow<br />
Creation<br />
Batches<br />
Branch<br />
CMS<br />
Report<br />
Perso Center<br />
Card<br />
Authorization server
Report<br />
Generic Instant Issuance Flow<br />
Creation<br />
Activation<br />
Public area<br />
Request<br />
CMS<br />
Authorization server<br />
Production<br />
area<br />
Production<br />
Instant Card<br />
Issuance Server<br />
Branch<br />
Usage
Datacard Instant card Issuance Solution…<br />
NETiiS
Proposed Architecture
Netiis Components
Central server main functionalities<br />
• Functionalities<br />
– Interface with any Card Management System<br />
– Users strong authentication & users administration<br />
– Centralized data personalization<br />
• Magstripe personalization<br />
• EMV data preparation & chip personalization<br />
• Graphical personalization (embossing, thermal printing…)<br />
– Web based technology<br />
– Can enable cardholder PIN selection at the point of sales<br />
– Auditing and tracking mechanisms<br />
– Production reporting & acknowledgment<br />
– Inventory management<br />
• Centralized solution, everything is done on the server side<br />
– Thin clients for POS & administration GUI<br />
– The personalization machine acts as a remote controlled printer<br />
– Centralized HSM
<strong>Affina</strong> Issuance software<br />
• Re-use of <strong>Affina</strong> Smart Card Issuance Software to<br />
easily implement centralized & decentralized<br />
issuance with the same smart card issuance<br />
platform
<strong>Affina</strong> Issuance Software<br />
• <strong>Affina</strong> Personalization Manager<br />
• Manage keys and personalization applications on a central<br />
server<br />
• Can manage multiple smart card objects (contact, contactless)<br />
• Can manage high volume and desktop Datacard equipments<br />
from a single point of control (TCP/IP connection)<br />
• <strong>Affina</strong> One Step<br />
• On demand & centralized data preparation system<br />
• Perfectly suitable for Instant Issuance model<br />
• <strong>Affina</strong> <strong>Profile</strong> & <strong>Scripting</strong><br />
• <strong>Scripting</strong> software for personalization application development<br />
• Open standards (GlobalPlatform, PKCS#11) for cost-effective<br />
development<br />
• <strong>Affina</strong> Multos<br />
• Offer a quick an easy implementation of Multos based<br />
smart cards program
What about security ?
Security concept<br />
• The security of a card issuance solution is based on both logical and physical<br />
security measures<br />
• Implementing it is a combination of security measures around hardware,<br />
software and operational procedures<br />
• Our objective is to propose adapted solutions for the targeted environment<br />
(retail, bank…) and business model<br />
• By adding various security features in our hardware and software offer to either<br />
in certain cases limit the need of procedures/countermeasures or facilitate the<br />
implementation of such measures<br />
100%<br />
80%<br />
60%<br />
40%<br />
Process<br />
Software<br />
Hardware<br />
20%<br />
0%<br />
Case 1 Case 2 Case 3
Security features – Software<br />
• Limit logical and physical access<br />
• Physical access<br />
• Solution hosted in a data centre with restricted access<br />
• Sensitive elements of the solution are centralized (HSM, personalization applications, cardholder<br />
information…)<br />
• Logical access<br />
• Secure network with firewall & DMZ (split GUI and sensitive data)<br />
• Application access granted only after user authentication (unique ID & logon)<br />
• Access to features are granted by role definition and some by dual control (remake, keys…)<br />
• Cardholder data protection<br />
• Sensitive data are encrypted in the central database and purged when no business need<br />
• PIN and sensitive data are end-to-end encrypted from server to personalization unit<br />
• Tracking & audit<br />
• Log instant issuance activity ( actions & users) on the central server<br />
• who, what, when, where<br />
• Reporting & stock control<br />
• Elaborate production report for each location by administrator<br />
• Facilitate operation by stock control & reconciliation (virgin cards, good cards, spoiled<br />
cards, operator rejected cards)
Datacard Instant Issuance Server<br />
• Web based solution for easy deployment and remote<br />
maintenance<br />
• Automatic or manual remote inventory function<br />
(depending of HW)<br />
• Re-use of proven software for smart card issuance<br />
(<strong>Affina</strong> Issuance) for a cost effective & secure<br />
implementation<br />
• Can manage both central & decentralized issuance<br />
with same software to protect your investment<br />
• Multiple card program management to decrease<br />
cost/card investment<br />
• Multilingual GUI configurable a the station level
A modular and evolutive architecture<br />
• Each trade function is a module<br />
User Authentication (smartcard today)<br />
GUI (Operator and Administrator)<br />
Device control (Pin pad, perso machine…)<br />
Production report<br />
Stock control<br />
Smartcard personalization (<strong>Affina</strong> Issuance)<br />
• Can easily implement new trends like NFC,<br />
contactless, keyfobs and other form factors
Datacard Instant Issuance at a glance<br />
• Unique player to offer both HW & SW compliancy between Central<br />
issuance platform & Instant Issuance platform<br />
– Offer flexible solution to control personalization process in both central &<br />
instant issuance<br />
– Common data preparation & personalization process<br />
• Large numbers of EMV solution implemented<br />
– Smartcard expert<br />
– Card manufacturer independent<br />
– Card Management System independent<br />
• Large numbers of decentralized solution implemented<br />
– More than 2,000 retail stores already supported in Financial for more than 10 years<br />
– Several projects with more than 400 locations per project<br />
• Datacard International network & local partner<br />
– Local deployment & support is key in large scale project<br />
– Can support multinational deployment
Key Strengths<br />
• “Real Time” card delivery<br />
• PIN Branch selection<br />
• Card issued in around 1 minute*<br />
• Stock Management<br />
• Centralised complexity & security<br />
• Web based light client<br />
• Re-use of proven software components<br />
• Investment protection<br />
• Centralised / decentralised real strategy<br />
• Driving open standards / multi-cards<br />
• Core product roadmap in line with technical<br />
evolutions & regulations
Thank you !