Implementing GlobalPlatform Standards to Ensure Smart Card Success Jim Harper Datacard Group August 2002.

Implementing GlobalPlatform™ Standards

to Ensure Smart Card Success

Jim HarperDatacard Group

August 2002

Page 2

Topics• Smart Cards before Standards

• Key Considerations for Issuing Multi-application Smart Cards

– Smart Card (Chip) Operating System

– Smart Card Personalization Process

– Smart Card Management System and Post Issuance Personalization Process

– Smart Card Terminals/Devices

• Implement GP Standards for Control, Reliability and Value

Page 3

The “Traditional” Smart Card Industry

Print & Laminate(Sheets)

Die Cut Mill

Embed Initialize Personalize

1234 5678 9012 3456Patty Doe – Exp 13/999

LOTSACREDIT

LOTSA CREDIT

LOTSA CREDIT

LOTSA CREDIT

LOTSA CREDIT

LOTSA CREDIT

LOTSA CREDIT

Deliver

1234 5678 9012 3456Patty Doe – Exp 13/999

Post Issuance Update

1234 5678 9012 3456Patty Doe – Exp 13/999

LOTSACREDIT

Silicon/Chip

Prop.“O/S” Prop. Apps

ProprietaryPersonalization

Application

Use

N E W

Standards-based O/S

Standards-based Personalization

Standards-based Card Management

Page 4

Before Standards• Single application, proprietary

smart cards (operating systems)

– Lack of interoperability• increased time to market

•costs to change cards/applications

– Consumer: single use, no choice, lessening card value over time

– No cross-marketing or “pull” from other applications on card

– Proprietary “issuance” systems

Page 5

1. Smart Card (Chip) Operating System

2. Smart Card Personalization Process

3. Smart Card Management System Interface to “Bureau” Environments

4. Smart Card Terminals/Devices

Where Standards Matter

Page 6

VPN

Smart Card Management

System

Card Usage•ATMs• POSs•Home PCs•Kiosks•Mobile Devices

Where Standards Matter

Loading and Personalization

Process

Chip Data Generation

Process

Standards-based Data Generation and Card Personalization Process

(using GP Profiles and Scripts)

2

Personalization

System(s)

3

Standards-based SCMS to “Bureau” Interface

4

Standards-based Terminal to Terminal Application Interface

Delivered Card

Fully Automated Processes!

Smart cards to be used

Chip Applet(s)

Chip O/S

“Standard” I/F

“Standard” Development

---

“Standard” Development

--- “Standard”

Development

---

“Standard” Development

---

1

Standards-based Chip Application to Chip Operating System Interface

2

Page 7

Key Consideration #1:Smart Card Operating System• Standard interface between chip

operating system and chip “applets”

– “Write Once/Run Anywhere”

• Common approach to loading, deleting and changing applications on cards

• Standard security scheme

• Allows for “standard” personalization and post-issuance personalization processes to be used

Page 8

Key Consideration #2: Smart Card Personalization

Process• New “challenges”

– Data generation (“disintermediate”)– Data encryption– Key management– Application loading– Card personalization – Card life cycle management

• GlobalPlatform response…– A “script-driven” data generation and

personalization process – Simplifies the updating of single and

multi-application smart cards – Moves responsibility to application

developer

Page 9

• Standards-based interface between SCMS and existing issuance/bureau environments

– Independent of personalization hardware

• Card activity must be tracked and managed with great precision

• You must have confidence that a card’s suite of applications and contents (data) can be re-created

• Simplify post-issuance personalization and re-issuance (using Profiles and Scripting)

• SCMS becomes a powerful marketing tool

Key Consideration #3: Smart Card Management System

Page 10

• Standards-based interface between a terminal and it’s applications

• Common approach to adding, deleting and changing applications on a terminal device/reader

• Well defined interface for terminal application development and testing

• Standards-based management interface

Key Consideration #4: Smart Card Terminals/Devices

Page 11

Control• GP standards enables issuers to

quickly capitalize on the power and promise of new technology

• GP standards allow issuers to maintain control of their suppliers and supplies

• Interoperability

Implement GlobalPlatform Standards for…

Page 12

Implement GlobalPlatform Standards for… Reliabilit

y• Standard interfaces and processes simplify development and testing

• High quality

• Vendors held accountable

• Datacard has a wide variety of GP-compliant systems in place today, from desktop to high volume central issuance and smart card management systems

Page 13

• GP systems can exchange data with other systems that use GP methods and specifications

– Interoperability

– Vendor and hardware independence

• Costs can be reduced, reuse is higher, and testing can be handled in the same way (using GP scripts/profiles)

Implement GlobalPlatform Standards for… Value

Page 14

Datacard’s commitment to GlobalPlatform™

standards GlobalPlatform Board

SystemCommittee

MarketingCommittee

CardCommittee

Bill Reding

Stuart Miller

Bob Beer,Chairperson

Pete Thorsen

Christophe Biehlmann

Lorna Williamson

Chris Lomax

PlanningCommittee

Brendan Jones

Jerry Johnson,Datacard President & CEO

Page 15

• Development of new Profiles and Scripts

– XML data with Java Script

• Interface Specifications

– SCMS to Bureau Environment

• Card Specifications

– Open Kernel (OCAPI)

Datacard’s contributions to GlobalPlatform efforts

Page 16

• Datacard solutions personalize more than 90% of the worlds financial cards (7MM every day, 2.5B annually)

• Datacard has nearly 1000 high volume personalization systems installed worldwide

• Experts in “chip” consulting, EMV migration, and systems integration

• Only vendor with true production level Smart Card Management Systems in operation

• Watch for Datacard MAXSYS™ and Syntera – Coming Soon!

Datacard and Smart Cards

Page 17

PR

OD

UC

TIO

NE

NV

IRO

NM

EN

TC

AR

D P

LA

TF

OR

ME

NV

IRO

NM

EN

T

SO

FT

WA

RE

AN

DS

OL

UT

ION

SE

NV

IRO

NM

EN

T

MULTOS™

Shared CryptographicResources and

Certificate Authorities

Smart CardManagement System

(Affina™)

Smart Card Personalization Manager (SCPM™)

and P3™

Low VolumeIssuance

9000/7000/500

Proprietary

Maxsys

Datacard Smart Card MAP™ Architecture(Multi-application Architecture for Personalization)

GlobalPlatform™/Java™

Page 18

MULTOS™

Smart CardManagement System

(Affina™)

Shared CryptographicResources and

Certificate Authorities

Smart Card Personalization Manager (SCPM™)

and P3™

Low Volume Issuance 9000/7000/500

• Modular• Flexible• Scalable

Proprietary P

RO

DU

CT

ION

EN

VIR

ON

ME

NT

CA

RD

PL

AT

FO

RM

EN

VIR

ON

ME

NT

SO

FT

WA

RE

AN

DS

OL

UT

ION

SE

NV

IRO

NM

EN

T

Maxsys

• Full Range• Investment Protection• Future Proof

GlobalPlatform™/Java™

• Standard• Open• Customizable

Datacard Smart Card MAP™ Architecture(Multi-application Architecture for Personalization)

Page 19

Summary• Choose your smart card solution partner

carefully– Your partner and solutions should

“future proof” your investments (i.e., flexible, scalable, extensible)

• Request GP standards in your:– Cards– Personalization Systems (Processes)– Smart Card Management System– Terminals

• Enjoy…– Control– Reliability– Value

Page 20

White Papers on www. datacard.com:

“Implementing GlobalPlatform™ Standards to Ensure Smart Card Success”

“The Transition from Magnetic Stripe to EMV Chip (Smart) Cards”

“The Transition to Multi-application Smart Cards with Post Issuance Personalization Capabilities”

“Datacard MAP™ Smart Card Architecture”

For More Information…

Page 21

Brochures on www. datacard.com:

Smart Card Issuance and Management

Datacard Smart Card Solutions

Datacard Smart Card Infrastructure

Datacard Smart Card Personalization Manager (SCPM)

Datacard Desktop Smart Card Issuance Solutions

Datacard Smart Card Consulting Services

For More Information…

Page 22

Presentation on www. datacard.com:

“Datacard products which implement GlobalPlatform™ methods”

For More Information…

Page 23

Thank You!

Jim HarperDirector, Smart Card Solutions Marketing

Datacard Group

jim_harper@ datacard.comOffice 952-988-1179Mobile (1) 612-229-1179

Page 24

Additional Slides

Page 25

Smart Card Personalizatio

n Manager

Store Issuance Data

Issue,Re-issueCards

Download new apps and update existing apps over the internet or other secure “channels”

Internetor VPN

How Datacard’s Smart Card Solutions Relate to Each Other

AffinaCard Life Cycle Management (Card Data Warehouse)

Marketing

Call CenterCustomer Support

New Card Products

Aptura(Java/GP cards)

Several card delivery solutions are available from Datacard. Ask your sales rep. for more info.

Move perso apps to

production after fully tested

Move chip applets to

production after fully tested

Move cards to production after

fully tested

SCPM SDKSmart Card Loading and

Personalization Development and Test

Systems

Aptura ADKSmart Card Applet

Developers Kit

CSM/Synter

a

Data Filewith Chip Data

Test the loading and

personalization of the new chip

applets

•Home PCs•Kiosks•Mobile Handsets

Low Volume Smart Card Issuance

High Speed Smart Card Issuance

Central Smart Card Issuance

Gen 2E smart card module

Deliver

Generate Chip Data Process (Fully Automated

Operation)Card Data File

(from host)

P3

Page 26

450280/295150i

Embossing

SCPM*

9000 MAXSYS500 7000

X XXX XX

Graphics Printing

XX XX

Laser

Color Printing/Photo

XX

X

SCPM* X XXX XX

SCPM* - supports loading and personalization of Multos, Java, Open Platform, TIBC, VC, VSDC, M/Chip, Mondex, UKIS and other cards. Many proprietary single application smart cards also supported. SCPM also has an SDK for custom application development of industry-specific cards (e.g., for Transit, Health, Telecom, Government, other). Users can migrate from one Datacard hardware system above to another and the SCPM loading and personalization process and applications remain unchanged.

Cards Pgmmed Simult.

1 1431 71

DCL3000

X

Custom

8

X

X

100+

ID Works with SCPM*

P3 DesktopP3 Advance

P3 Server

Inkjet X

Dev.& Test

Dev.& Test

Aptura**

Aptura** - Datacard’s industry standard Java Card/GlobalPlatform Card - portable Java operating system.

Select Magna IC-IV

X XX

X XX

1 11

Datacard Smart Card Personalization Systems

X

Mag Stripe XXX XX X XXX XX

Contactless SC

XXX X X X

Affina Card Life Cycle Management System

XX X

X

X

X