Security Application Convergence at the Point of Card Issuance. Kevin Gillick Head of Corporate Marketing Datacard Group

Size: px

Start display at page:

Download "Security Application Convergence at the Point of Card Issuance. Kevin Gillick Head of Corporate Marketing Datacard Group"

Bernard Smith
5 years ago
Views:

1 Security Application Convergence at the Point of Card Issuance Kevin Gillick Head of Corporate Marketing Datacard Group

2 The Elements of an ID system Public Key Infrastructure Smart Card Smart Card Biometry Certification Identification Card The foundation of a Secure ID is the Issuance System

3 Elements of Card Issuance & Management First Element - Capture: Demographic Information Facial Image Digitized Signature Biometric Attribute Facial Recognition Fingerprint Hand Geometry Iris Scan Other...

4 Elements of Card Issuance & Management Second Element - Production: Personalizing the Card with Captured Information and Card Applications Securing the card with protective overlays and tamper evident materials Producing/Personalizing the card in a: Centralized production environment Decentralized/Distributed production environment

Elements of Card Issuance & Management Third Element - Management: Secure access to Identity/Card Personalization Database, from local or remote sources Managing

5 Elements of Card Issuance & Management Third Element - Management: Secure access to Identity/Card Personalization Database, from local or remote sources Managing card populations throughout their service life Managing card populations and applications in a dynamic post-issuance environment Images courtes y of Datacard Group

6 Central Issuance Environment Large volume production environment A manufacturing process Large scale enterprise based systems involved Short programming time per card desired Generally not interruptible

7 Distributed Issuance Environment Low volume production environment A specialty, on-demand manufacturing process Direct connection Longer programming times generally acceptable Can be interrupt driven

8 Adding Biometrics to Issuance Biometrics adds: Large amount of binary data Additional personal/individual data Need for Certificates/PKI, requiring: CA involvement Generation of key pairs Additional security Therefore. An ideal reason to adopt smart cards!

9 Adding Biometrics to Smart Card Issuance? Things to consider... Connectivity concerns: Will one or multiple CA s be used? How to connect? Where to connect? Will response times be predictable? Will I act as my own CA? Data management concerns: Where is data being generated? Is data pre-generated? Is data secure? How? Is data trusted? How? Public/Private Key Pair generation concerns: Generate on card or off card?

10 Implications of Central Issuance Model If on-card key generation: Major impact on manufacturing process and productivity Variable CA response time difficult for high volume production environments to manage CA responsiveness an issue for process and productivity efficiency If off-card key generation: Pre-generated keys/data may improve productivity Process need to match cards with certificates Raises security issues

11 Implications of Distributed Issuance Model If on-card key generation: Possible minor impact on manufacturing process and productivity Certificate requests to CA from multiple remote connections may impact system response time Dwell time (card under programming head) may be variable If off-card key generation: one-at-a-time production insures certificate matched to card Raises security issues

12 Choosing an Issuance Model There is no one best issuance scenario Both Centralized and Distributed Models may apply It is a red flag if you are told there is only one best way to issue Issuance Strategy can be variable and linked to deployment roadmap - changing over time Seek flexible vendors who understand both models Make sure vendors/partners are supportive of industry-wide initiatives and standards (Smart Card Alliance, Global Platform, ISO, EMV, etc.,)

13 Thank You!