01.07.2015 Views

Affina Profile & Scripting - SMP

Affina Profile & Scripting - SMP

Affina Profile & Scripting - SMP

SHOW MORE
SHOW LESS

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

NETiiS<br />

Datacard Instant Card Issuance Solution<br />

May 2010


What is the Instant Card Issuance ?


Instant Card Issuance<br />

• Instant card issuance is an end-to-end process<br />

allowing to personalize cards on-demand, on-thespot<br />

and deliver it immediately in final customer’s<br />

hand.<br />

• The customer leave the counter with an active card<br />

that can be used immediately for payment or cash<br />

withdrawal.


Instant Card Issuance<br />

Customer<br />

Branch<br />

Card<br />

Usage<br />

Enrolled<br />

- Card/Image Selection<br />

Card<br />

Issued


How does it work ?


Generic Central Issuance Flow<br />

Creation<br />

Batches<br />

Branch<br />

CMS<br />

Report<br />

Perso Center<br />

Card<br />

Authorization server


Report<br />

Generic Instant Issuance Flow<br />

Creation<br />

Activation<br />

Public area<br />

Request<br />

CMS<br />

Authorization server<br />

Production<br />

area<br />

Production<br />

Instant Card<br />

Issuance Server<br />

Branch<br />

Usage


Datacard Instant card Issuance Solution…<br />

NETiiS


Proposed Architecture


Netiis Components


Central server main functionalities<br />

• Functionalities<br />

– Interface with any Card Management System<br />

– Users strong authentication & users administration<br />

– Centralized data personalization<br />

• Magstripe personalization<br />

• EMV data preparation & chip personalization<br />

• Graphical personalization (embossing, thermal printing…)<br />

– Web based technology<br />

– Can enable cardholder PIN selection at the point of sales<br />

– Auditing and tracking mechanisms<br />

– Production reporting & acknowledgment<br />

– Inventory management<br />

• Centralized solution, everything is done on the server side<br />

– Thin clients for POS & administration GUI<br />

– The personalization machine acts as a remote controlled printer<br />

– Centralized HSM


<strong>Affina</strong> Issuance software<br />

• Re-use of <strong>Affina</strong> Smart Card Issuance Software to<br />

easily implement centralized & decentralized<br />

issuance with the same smart card issuance<br />

platform


<strong>Affina</strong> Issuance Software<br />

• <strong>Affina</strong> Personalization Manager<br />

• Manage keys and personalization applications on a central<br />

server<br />

• Can manage multiple smart card objects (contact, contactless)<br />

• Can manage high volume and desktop Datacard equipments<br />

from a single point of control (TCP/IP connection)<br />

• <strong>Affina</strong> One Step<br />

• On demand & centralized data preparation system<br />

• Perfectly suitable for Instant Issuance model<br />

• <strong>Affina</strong> <strong>Profile</strong> & <strong>Scripting</strong><br />

• <strong>Scripting</strong> software for personalization application development<br />

• Open standards (GlobalPlatform, PKCS#11) for cost-effective<br />

development<br />

• <strong>Affina</strong> Multos<br />

• Offer a quick an easy implementation of Multos based<br />

smart cards program


What about security ?


Security concept<br />

• The security of a card issuance solution is based on both logical and physical<br />

security measures<br />

• Implementing it is a combination of security measures around hardware,<br />

software and operational procedures<br />

• Our objective is to propose adapted solutions for the targeted environment<br />

(retail, bank…) and business model<br />

• By adding various security features in our hardware and software offer to either<br />

in certain cases limit the need of procedures/countermeasures or facilitate the<br />

implementation of such measures<br />

100%<br />

80%<br />

60%<br />

40%<br />

Process<br />

Software<br />

Hardware<br />

20%<br />

0%<br />

Case 1 Case 2 Case 3


Security features – Software<br />

• Limit logical and physical access<br />

• Physical access<br />

• Solution hosted in a data centre with restricted access<br />

• Sensitive elements of the solution are centralized (HSM, personalization applications, cardholder<br />

information…)<br />

• Logical access<br />

• Secure network with firewall & DMZ (split GUI and sensitive data)<br />

• Application access granted only after user authentication (unique ID & logon)<br />

• Access to features are granted by role definition and some by dual control (remake, keys…)<br />

• Cardholder data protection<br />

• Sensitive data are encrypted in the central database and purged when no business need<br />

• PIN and sensitive data are end-to-end encrypted from server to personalization unit<br />

• Tracking & audit<br />

• Log instant issuance activity ( actions & users) on the central server<br />

• who, what, when, where<br />

• Reporting & stock control<br />

• Elaborate production report for each location by administrator<br />

• Facilitate operation by stock control & reconciliation (virgin cards, good cards, spoiled<br />

cards, operator rejected cards)


Datacard Instant Issuance Server<br />

• Web based solution for easy deployment and remote<br />

maintenance<br />

• Automatic or manual remote inventory function<br />

(depending of HW)<br />

• Re-use of proven software for smart card issuance<br />

(<strong>Affina</strong> Issuance) for a cost effective & secure<br />

implementation<br />

• Can manage both central & decentralized issuance<br />

with same software to protect your investment<br />

• Multiple card program management to decrease<br />

cost/card investment<br />

• Multilingual GUI configurable a the station level


A modular and evolutive architecture<br />

• Each trade function is a module<br />

User Authentication (smartcard today)<br />

GUI (Operator and Administrator)<br />

Device control (Pin pad, perso machine…)<br />

Production report<br />

Stock control<br />

Smartcard personalization (<strong>Affina</strong> Issuance)<br />

• Can easily implement new trends like NFC,<br />

contactless, keyfobs and other form factors


Datacard Instant Issuance at a glance<br />

• Unique player to offer both HW & SW compliancy between Central<br />

issuance platform & Instant Issuance platform<br />

– Offer flexible solution to control personalization process in both central &<br />

instant issuance<br />

– Common data preparation & personalization process<br />

• Large numbers of EMV solution implemented<br />

– Smartcard expert<br />

– Card manufacturer independent<br />

– Card Management System independent<br />

• Large numbers of decentralized solution implemented<br />

– More than 2,000 retail stores already supported in Financial for more than 10 years<br />

– Several projects with more than 400 locations per project<br />

• Datacard International network & local partner<br />

– Local deployment & support is key in large scale project<br />

– Can support multinational deployment


Key Strengths<br />

• “Real Time” card delivery<br />

• PIN Branch selection<br />

• Card issued in around 1 minute*<br />

• Stock Management<br />

• Centralised complexity & security<br />

• Web based light client<br />

• Re-use of proven software components<br />

• Investment protection<br />

• Centralised / decentralised real strategy<br />

• Driving open standards / multi-cards<br />

• Core product roadmap in line with technical<br />

evolutions & regulations


Thank you !

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!