technology choices for ic credentials...ctst2009 – smart card technology and payments applications...
TRANSCRIPT
Technology Choices for IC Credentials
Patrick W. HearnVP ID Markets, Oberthur Technologies
CTST2009 – Smart Card Technology and Payments Applications Workshop © 2009
What I’m Going to Discuss
• The Manufacturing Process• How Markets Determine IC Choices• Multi-Application and Convergence (Lessons)
CompanyLogo
CTST2009 – Smart Card Technology and Payments Applications Workshop © 2009
From the Sand to Your Hand
Manufacturing
Personalization
ManufacturerManufacturer
DomainDomainCard Card
HolderHolder
DomainDomain
APPLICATIONS
SECURITY
ISSUES=
UNIQUE
DATA ELEMENTSLOADING AND
INITIALIZING
SECURITY
PRINTING
CARD
EMBEDDING
MODULE
MANUFACTURING
PLASTIC CARDS
MANUFACTURING
Fabrication Plant
Chip ProviderChip Provider
DomainDomain
CTST2009 – Smart Card Technology and Payments Applications Workshop © 2009
Form Factors – Smart Cards
�A fancy way of saying what the chip sits in�Largely defined by chip type (contact/contactless)
�Contact chips required to meet ISO 7816 or USB to interact with readers
�Attempts to modify Contactless form factor now governed by ISO 14443
�MasterCard, Visa etc all have developed of products to be put in the field
CTST2009 – Smart Card Technology and Payments Applications Workshop © 2009
Various Form Factor Types
CTST2009 – Smart Card Technology and Payments Applications Workshop © 2009
Co-existing technologies
• Bar Codes• One Dimensional• Two Dimensional
• Magnetic Stripe• American Banking Association specification• ISO specification
• Signature Panels• Holograms• Embossing• Optical Memory Panels• Biometrics Sensors
• On board Power (thin battery)• Displays (OTP)• Keyboards
Traditional
Advanced
CTST2009 – Smart Card Technology and Payments Applications Workshop © 2009
Print Factors for Cards
�Scale of print job and through-put is the first factor to determine methodology e.g. Inline vs 2 Pass
� Larger the project; the more you manufacture vspersonalize
�Plastic types have different results with surface printing (e.g. PVC, 100%PET-F,PCB etc)
� It is critical to know that the plastic type is qualified in advance
�Visa, MC, FIPS 201 all have standardized requirements for surface printing – hologram etc
CTST2009 – Smart Card Technology and Payments Applications Workshop © 2009
Application of the Technology
CTST2009 – Smart Card Technology and Payments Applications Workshop © 2009
Financial Services
� Form Factor – ISO 7816 (Contact); Account Holder Name, Account Number, Service Code, Magnetic Stripe, Signature Panel,
� Information Transferred – Account Number, Account Holder Name, PIN, Service Code
� Variety of memory requirements for smart chip 2-64K
� Smart chips able to support post-issuance capabilities
� Various platforms including Java, Multos and Proton
� Contactless, Contactless, Contactless (ISO 14443)
� Security requirements (RSA, 3DES etc)
CTST2009 – Smart Card Technology and Payments Applications Workshop © 2009
Banking card segmentation
CONSUMER MARKETCORPORATE
MARKET
Native card2k – 4K
Native card8K
Java or Multos16k-32k
Java or Multos32k-64k
Card Type
UserProfile
Data Storage
Authentication
Other services
Payment
EMV Authentication
Applications
EMV Payment and e-Payment
Loyalty Program / Convenient Data Storage
CTST2009 – Smart Card Technology and Payments Applications Workshop © 2009
Transportation
�Form Factor – Wallet/Branding/Cell Phone�Antennae embedded into the body �Small Memory Requirements�Chip Information - Older technology e-Purse
Application; no personal identifiable information�Moving towards banking based applications�Contact and Contactless Requirements; Moving to
Contactless �100-200 millisecond throughput� ISO 14443 Contactless Standards (Physical, RFID
and Anti-Collision); 10cm distance
CTST2009 – Smart Card Technology and Payments Applications Workshop © 2009
Mobile
�Small and pop-out form factor
�Information exchange includes: Subscription Management, Contacts, Information, Entertainment, Security, Dynamic Service Management, Device Management
�Higher memory requirements – 8K-128K; Flash at 1Gig
�Transmission between chip and handset 96-114K per second
�USB and MMC interface allow higher communication speed
CTST2009 – Smart Card Technology and Payments Applications Workshop © 2009
Identification – Card
� Smart card information transfer well beyond what’s on topology based on environment
� Biometric Security and Strength Requirements– Certifications (FIPS 140-2, EAL 4+)
– Physical Protection (Light, Voltage, Frequency)
– Algorithmic Protection (applet isolation etc)
– Sensitive Data Protection (Redundancy, Checksums etc)
� Multiple Platforms (Java, Multos etc)� Contact, Contactless, Hybrid, Dual� Speed
– Varies can go to 1MBits per second� Size
– 4K through 512K and beyond
CTST2009 – Smart Card Technology and Payments Applications Workshop © 2009
Multi-Application and Convergence
�New or modified form factor to support different use cases
�Primarily supported in banking/mobile (cell phones)
�Additional products to support scaled security (OTP -Banking)
�Powered form factor – the next thing?�Real Estate will be major issue
�Multiple applications need to be fully flushed in market place
CTST2009 – Smart Card Technology and Payments Applications Workshop © 2009
Conclusion
� IC’s choices are a limited sub-set of the intended eco-system being created
�Combining business transactions (financial transaction, logical security, communication, transport etc) seem to be increasing
�Choosing which technologies to utilize is inextricably linked to the range of applications envisioned over the foreseen life cycle of the technology
�Applications of the technology exist today and are a good source to glean best practice
Smart Card Alliance
191 Clarksville Rd. · Princeton Junction, NJ 08550 · (800) 556-6828
www.smartcardalliance.org
Patrick W. Hearn