How to issue EMV and NFC on a single platform
Rambus Certificate Manager
The Rambus EMV Token Manager, which was recently acquired from Bell ID, is an efficient smart card solution that acts as a central ‘hub’, connecting all actors involved in the implementation of a token at each stage of its lifecycle.
The EMV Token Manager enables issuers to manage and control any EMV token, such as contact and contactless cards as well as an expansion module for NFC enabled mobile devices. It offers basic EMV migration functionality such as data preparation and key management and the possibility to expand with value added functionality. The additional modules are described below in more detail.
EMV data preparation generates the cryptographic and application data required for personalizing the smart card’s chip and is an essential part of issuing EMV cards.
Every EMV application needs to be personalized with your token holder’s details. These details include a name, account number, wide range of risk management parameters, security keys, certificates and signatures. Since smart card requirements are constantly changing, it is important that a smart card issuance solution not only meets today’s needs, but also provides a path to meet any future smart card requirements, such as contactless, mobile, multi-application and in-branch or post-issuance.
Our DataPrep module provides an affordable yet powerful solution to realize a basic issuance of EMV compliant payment cards. As a vendor independent software provider, our solution allows to integrate with your equipment vendor and card manufacturer of choice.
The EMV DataPrep module receives issuance requests from traditional card management systems, stores and processes the received embossing file data and generates the required EMV security data elements. EMV DataPrep module interfaces to a host security module (HSM) in order to derive keys and encrypt selected data. The completed set of data can then be passed on to the personalization bureau.
As the process generates, stores, and uses secret key material, the Data Preparation System leverages a fully integrated key management component to manage the key life cycles, ranging from generation and storage, to distribution and exchange.
The solution can easily be inserted into an issuer’s business processes.
Many smart card issuing systems need to manage a large number of diverse cryptographic keys for different applications. These keys can be used for data encryption and decryption, verification, authentication and authorization. However the process of tracking these keys, lifecycles, key types and procedures on various locations can be challenging to control.
A key management system related to the issuance of EMV chip cards is concerned with the management of cryptographic keys between authorized parties and is designed to control complex configurations while keeping costs low.
Our Key Manager module offers full key management functionality for all types of tokens / payments applications and deals with the potentially complex process of generation, storage, distribution, import and lifecycle management of cryptographic keys.
Key Manager provides interfaces to all major Hardware Security Model (HSM) providers and is managed through an easy to use interface. During the lifecycle of keys, the system registers all changes in the status of all keys under its control. In addition, Key Manager takes care of key distribution to other third party applications.
Being a main part of our Mobile Payments software platform, the functionality of Key Manager and key material secured in its key management database is interoperable with EMV Token Manager.
EMV instant issuance enables instant personalization and activation of an EMV chip card. Such functionality enhances customer service, lowers the risk of cards being stolen during distribution and saves on distribution costs.
Instant issuance refers to the process of personalizing and issuing a card upon request. It typically takes place at distributed customer service points where card requests are received, such as bank branches and retail outlets and is performed using desktop card printers. Some issuers also use instant issuance technology to set up their own in-house small scale personalization bureau to save the expense of buying bulk personalization equipment.
The EMV Instant Issuance module connects desktop EMV card printers to back-office servers, enabling banks to instantly issue EMV chip cards to customers while in the branch. This increases customer service while decreasing card distribution cost and the risk of cards and PIN mailers being stolen during distribution.
Our branch-based instant issuance software has been developed to connect to an extensive range of desktop card printers and to network to your secure, centralized back-office card applications. Support is provided to issue e.g. VISA® and MasterCard® debit and credit cards on JavaCard/GlobalPlatform cards.
The easy to use user interface is designed for use by customer-facing staff and assists with card stock control at the branch, while centralized back-office stock management helps with planning and ensuring branches have adequate card stock for day-to-day operations.
PIN Management provides the end-to-end management of financial payment card PINs. It serves as a central point of reference for the distribution and synchronization of PINs between systems and provides controlled access to PIN functions through multiple channels.
Most debit cards and a growing amount of credit cards are using a PIN (personal identification number) to authenticate the cardholder. In order to authenticate transactions through the wide array of modern banking channels, the PIN needs to be synchronized between many systems and accepted via multiple channels.
The PIN Manager module is a secure central server for the end-to-end management of PINs as used for financial EMV payment cards. It serves as a central point of reference for the distribution and synchronization of PINs between systems and provides controlled access to PIN functions through multiple channels.
PIN Manager offers centralized generation, enrollment, change, (un)blocking and verification of the PIN. Furthermore, it enables multi-channel distribution via post, Internet, SMS, ATM, branch, telephone (IVR) and enables banks to implement a more considered and coherent PIN management strategy. This is particularly critical when offline PINs on the chip and online PINs on central systems need to remain synchronized; where multiple applications are loaded onto the chip and where multiple channels can be used to block, unblock or change the PINs.
PIN Manager follows the VISA and MasterCard guidelines for PIN management and can be used with a variety of HSMs from different manufacturers. Besides supporting a well-defined set of standard message formats to access web services, PIN Manager has been designed with the idea of the interface flexibility in mind and can be connected
FREE Webinar: Secure Silicon IP Series: Complexity vs. Security