Is it your job to deploy a smart card system? Are you unsure where to start?

When developing a smart card system, several factors should be considered in advance. Careful planning will help you avoid problems and optimize results in the long run. Consider, for example, the type of information that you will store and how you will protect and share that data. Additionally, you may want to avoid overrunning the system with too many features in the beginning. It could confuse users or create unnecessary difficulties for management. While the inclusion of smart cards requires careful planning and consideration, its advantages are worth the effort. Smart cards and secure elements are the industry standard for identity and device authentication, secure transactions, and the protection of data and assets. The following list of questions and recommendations is intended as a rough guideline to help you get started.

If you are short on time and/or on a budget, you may be interested in pre-configured, scalable building blocks for identity smart card systems; see www.idblox.com.

Getting Started: Important Considerations for Smart Card System Design

The First Four

  1. Do you require an original smart card system design? Or, is there an existing application that you can leverage?
  2. Is there a clear business case? Does it include financial and consumer behavior factors?
  3. Will the smart card handle data, value, or both? Adding a value function increases system design security and complexity.
  4. What are the card’s most essential features? With multiple functions, you must prioritize. Start with the most important feature and phase in additional features incrementally.

.

If you are thinking, Why reinvent the wheel?, you may be interested in building blocks that accelerate smart card deployments. Visit www.idblox.com to learn more.

Security

  1. What are your security requirements?
  2. Does all of the data need to be secured (protected)? Or, only some?
  3. Will you include biometrics? Fingerprint, iris, face, signature, and/or other? Do you require 1:1 matching or 1:many?
  4. Will the biometrics be stored in the smart card’s chip for user privacy and distributed user authentication?
  5. Who will have access to this information?
  6. Who will be allowed to change this information?
  7. In what manner will you secure this data? (e.g. encryption, host passwords, card passwords, PINs, etc.)
  8. Should keys/PINs be customer or system activated?
  9. How will you identify the card issuance and versions?
  10. Will the system utilize PKI and Digital Certificates? If so, how will they be managed?
  11. What about security printing options? (e.g. guilloches, microprinting, holograms, hidden images, etc.)

Basic Setup

  1. Will the smart card system be single-application or multi-application?
  2. Are there industry standards (e.g. ISO, EAL, or ETTSI) to conform to for specific encryption or chip requirements?
  3. What information do you want to store in the cards?
  4. How much memory is required for the applications?
  5. If the system is multi-application, how will you separate different types of data?
  6. Will data be obtained from a database or loaded each
    time?
  7. Will this data concurrently reside on a database?
  8. How many smart cards will be needed?
  9. Have card or infrastructure vendors been identified? What are their lead times?
  10. What are the required readers, handsets, terminals, and software?
  11. Is a Card Management System (CMS) necessary?
  12. How many types of artwork will be included in the issuance?
  13. Who will design the artwork?
  14. What is needed on the card (e.g. signature panels, magnetic stripes, embossing, etc.)?

Deployment Recommendations

  1. Establish clear and achievable program objectives
  2. Analyze the application and IT environment
  3. Make sure the organization has a stake in the project’s success and that management buys into the program
  4. Set a budget
  5. Name a project manager
  6. Assemble a project team and create a team vision
  7. Graphically create a data flow diagram
  8. Assess the card and reader options
  9. Write a detailed specification for the cards and system
  10. Set a realistic schedule with inch stones and milestones
  11. Establish security parameters for people and the system
  12. Build your on-card and host file structures
  13. Phase in each system element and test as you deploy
  14. Reassess your system for security leaks
  15. Deploy the first phase of cards and test the system
  16. Train the key employees responsible for each area
  17. Set up a system user manual
  18. Check the reporting structures
  19. Create contingency plans, should problems arise
  20. Deploy and announce your system
  21. Advertise and market your system

Value Applications

  1. Is the value in your cards re-loadable or designed for one-time use?
  2. How will you distribute the cards?
  3. How will cards be activated and loaded with value?
  4. Will there be a refund policy?
  5. What is the minimum and maximum value to store on each card?

Need additional assistance?  Contact CardLogix today to speak to one of our Smart Card System Design Consultants.

Call: +1-949-380-1312     |     Email: sales@cardlogix.com

CardLogix Smart Partners and the idblox ID Ecosystem offer smart card solutions to help jump start your smart card system.