Technology Choices for IC Credentials

Patrick W. HearnVP ID Markets, Oberthur Technologies

CTST2009 – Smart Card Technology and Payments Applications Workshop © 2009

What I’m Going to Discuss

• The Manufacturing Process• How Markets Determine IC Choices• Multi-Application and Convergence (Lessons)

CompanyLogo

CTST2009 – Smart Card Technology and Payments Applications Workshop © 2009

From the Sand to Your Hand

Manufacturing

Personalization

ManufacturerManufacturer

DomainDomainCard Card

HolderHolder

DomainDomain

APPLICATIONS

SECURITY

ISSUES=

UNIQUE

DATA ELEMENTSLOADING AND

INITIALIZING

SECURITY

PRINTING

CARD

EMBEDDING

MODULE

MANUFACTURING

PLASTIC CARDS

MANUFACTURING

Fabrication Plant

Chip ProviderChip Provider

DomainDomain

CTST2009 – Smart Card Technology and Payments Applications Workshop © 2009

Form Factors – Smart Cards

�A fancy way of saying what the chip sits in�Largely defined by chip type (contact/contactless)

�Contact chips required to meet ISO 7816 or USB to interact with readers

�Attempts to modify Contactless form factor now governed by ISO 14443

�MasterCard, Visa etc all have developed of products to be put in the field

CTST2009 – Smart Card Technology and Payments Applications Workshop © 2009

Various Form Factor Types

CTST2009 – Smart Card Technology and Payments Applications Workshop © 2009

Co-existing technologies

• Bar Codes• One Dimensional• Two Dimensional

• Magnetic Stripe• American Banking Association specification• ISO specification

• Signature Panels• Holograms• Embossing• Optical Memory Panels• Biometrics Sensors

• On board Power (thin battery)• Displays (OTP)• Keyboards

Traditional

Advanced

CTST2009 – Smart Card Technology and Payments Applications Workshop © 2009

Print Factors for Cards

�Scale of print job and through-put is the first factor to determine methodology e.g. Inline vs 2 Pass

� Larger the project; the more you manufacture vspersonalize

�Plastic types have different results with surface printing (e.g. PVC, 100%PET-F,PCB etc)

� It is critical to know that the plastic type is qualified in advance

�Visa, MC, FIPS 201 all have standardized requirements for surface printing – hologram etc

CTST2009 – Smart Card Technology and Payments Applications Workshop © 2009

Application of the Technology

CTST2009 – Smart Card Technology and Payments Applications Workshop © 2009

Financial Services

� Form Factor – ISO 7816 (Contact); Account Holder Name, Account Number, Service Code, Magnetic Stripe, Signature Panel,

� Information Transferred – Account Number, Account Holder Name, PIN, Service Code

� Variety of memory requirements for smart chip 2-64K

� Smart chips able to support post-issuance capabilities

� Various platforms including Java, Multos and Proton

� Contactless, Contactless, Contactless (ISO 14443)

� Security requirements (RSA, 3DES etc)

CTST2009 – Smart Card Technology and Payments Applications Workshop © 2009

Banking card segmentation

CONSUMER MARKETCORPORATE

MARKET

Native card2k – 4K

Native card8K

Java or Multos16k-32k

Java or Multos32k-64k

Card Type

UserProfile

Data Storage

Authentication

Other services

Payment

EMV Authentication

Applications

EMV Payment and e-Payment

Loyalty Program / Convenient Data Storage

CTST2009 – Smart Card Technology and Payments Applications Workshop © 2009

Transportation

�Form Factor – Wallet/Branding/Cell Phone�Antennae embedded into the body �Small Memory Requirements�Chip Information - Older technology e-Purse

Application; no personal identifiable information�Moving towards banking based applications�Contact and Contactless Requirements; Moving to

Contactless �100-200 millisecond throughput� ISO 14443 Contactless Standards (Physical, RFID

and Anti-Collision); 10cm distance

CTST2009 – Smart Card Technology and Payments Applications Workshop © 2009

Mobile

�Small and pop-out form factor

�Information exchange includes: Subscription Management, Contacts, Information, Entertainment, Security, Dynamic Service Management, Device Management

�Higher memory requirements – 8K-128K; Flash at 1Gig

�Transmission between chip and handset 96-114K per second

�USB and MMC interface allow higher communication speed

CTST2009 – Smart Card Technology and Payments Applications Workshop © 2009

Identification – Card

� Smart card information transfer well beyond what’s on topology based on environment

� Biometric Security and Strength Requirements– Certifications (FIPS 140-2, EAL 4+)

– Physical Protection (Light, Voltage, Frequency)

– Algorithmic Protection (applet isolation etc)

– Sensitive Data Protection (Redundancy, Checksums etc)

� Multiple Platforms (Java, Multos etc)� Contact, Contactless, Hybrid, Dual� Speed

– Varies can go to 1MBits per second� Size

– 4K through 512K and beyond

CTST2009 – Smart Card Technology and Payments Applications Workshop © 2009

Multi-Application and Convergence

�New or modified form factor to support different use cases

�Primarily supported in banking/mobile (cell phones)

�Additional products to support scaled security (OTP -Banking)

�Powered form factor – the next thing?�Real Estate will be major issue

�Multiple applications need to be fully flushed in market place

CTST2009 – Smart Card Technology and Payments Applications Workshop © 2009

Conclusion

� IC’s choices are a limited sub-set of the intended eco-system being created

�Combining business transactions (financial transaction, logical security, communication, transport etc) seem to be increasing

�Choosing which technologies to utilize is inextricably linked to the range of applications envisioned over the foreseen life cycle of the technology

�Applications of the technology exist today and are a good source to glean best practice

Smart Card Alliance

191 Clarksville Rd. · Princeton Junction, NJ 08550 · (800) 556-6828

www.smartcardalliance.org

Patrick W. Hearn

p.hearn@oberthur.com