ANDiS CAMS Product Description 1_5 v 2.1

ANDiS CAMS Product DescriptionANDiS Card and Application Management System (CAMS) Copyright © 2002-2009 - Bell Identification B.V. Product Version Document Version: Document Released: [March 2009] 1.5 2.1 All rights reserved. No part of the content of this document may be reproduced or transmitted in any form by any means without the written permission of the publisher. ANDiS™ is a registered trademark of Bell Identification B.V. Table of Contents TABLE OF CONTENTS I. 1. 2. INTRODUCTION .............................................................................................................1 EXECUTIVE SUMMARY ..................................................................................................2 DOCUMENT INFORMATION.............................................................................................3 2.1. 2.2. II. 3. DOCUMENT STRUCTURE .....................................................................................3 LIST OF FIGURES................................................................................................3 CONCEPTUAL VIEW ON THE CAMS...............................................................................1 THE CONCEPT OF CAMS ..............................................................................................2 3.1. 3.2. 3.3. ANATOMY OF A CAMS .......................................................................................2 CAMS AS A BUSINESS ENABLER .......................................................................4 ANDIS CAMS: THE HEART OF A SMART CARD INFRASTRUCTURE ......................5 AUTHORISATION CONTROL SYSTEM (ACS).........................................................7 KEY MANAGEMENT SYSTEM (KMS)....................................................................7 INTRODUCTION ...................................................................................................9 GLOBALPLATFORM ............................................................................................9 MULTOS ..........................................................................................................9 EUROPAY INTERNATIONAL, MASTERCARD VISA (EMV).....................................10 FEDERAL INFORMATION PROCESSING STANDARDS (FIPS)................................10 INTERNATIONAL ORGANIZATION FOR STANDARDIZATION (ISO) .........................11 4. OTHER ANDIS PRODUCTS ...........................................................................................7 4.1. 4.2. 5. INTERNATIONAL STANDARDS ........................................................................................9 5.1. 5.2. 5.3. 5.4. 5.5. 5.6. III. 6. FUNCTIONAL VIEW ON THE CAMS ..............................................................................12 KEY ELEMENTS OF THE CAMS ...................................................................................13 6.1. 6.2. 6.3. 6.4. INTRODUCTION .................................................................................................13 LIFECYCLES .....................................................................................................13 MANAGING CARD CONFIGURATION ...................................................................14 ANDIS WIZARDS .............................................................................................15 INTRODUCTION .................................................................................................17 CARD REQUEST ...............................................................................................17 PHOTO, SIGNATURE AND BIOMETRICS ENROLMENT...........................................17 CARD REGISTRATION .......................................................................................18 CARD DISTRIBUTION ........................................................................................18 CARD AND APPLICATION ADMINISTRATION .......................................................18 CARD RENEWAL ..............................................................................................18 CARD STOCK MANAGEMENT ............................................................................18 PRODUCTION ORDER ADMINISTRATION.............................................................19 CARD WITHDRAWAL ........................................................................................19 REPORTING......................................................................................................19 ADDITIONAL MODULES AND COMPONENTS ........................................................19 7. CAMS BUSINESS PROCESSES ...................................................................................17 7.1. 7.2. 7.3. 7.4. 7.5. 7.6. 7.7. 7.8. 7.9. 7.10. 7.11. 7.12. Copyright © 2002-2009 Bell Identification B.V. I Table of Contents 8. CAMS INTERFACES ...................................................................................................21 8.1. 8.2. 8.3. INTRODUCTION .................................................................................................21 SMART CARD PERSONALISATION .....................................................................21 DATA EXCHANGE .............................................................................................23 DATA PREPARATION ........................................................................................26 EMV............................................................................................................26 FIPS 201/PIV..............................................................................................26 SECURITY ........................................................................................................27 PERFORMANCE ................................................................................................28 SCALABILITY AND AVAILABILITY .......................................................................28 PRODUCT ARCHITECTURE ................................................................................29 DEPLOYMENT ARCHITECTURE ..........................................................................29 CONCLUSION AND CONTACTS ................................................................................32 9. ADDITIONAL FUNCTIONALITY ......................................................................................26 9.1. 9.1.1 9.1.2 9.2. 9.3. 9.4. 10. 10.1. 10.2. 11. ARCHITECTURE......................................................................................................29 - II - ANDiS Product Description 1.5 - ANDiS Card and Application Management System (CAMS) “Introduction” I. INTRODUCTION Copyright © 2002-2009 Bell Identification B.Section I . -1- .V. Issuers and service providers therefore need to keep card ‘churn’ to a minimum. Unlike relatively ‘static’ traditional card systems. governments and enterprises to exploit new business opportunities.Chapter 1 . and in the worst case can risk the economic viability of the smart card deployments. It is little wonder that smart card and application management has emerged as such a fundamental aspect of successful smart card deployments. EXECUTIVE SUMMARY The potential of multi-application smart cards enables banks.ANDiS Card and Application Management System (CAMS) . creating a benefit from a necessity. employee or cardholder databases. A solution to this is ‘Post-issuance personalisation’. With industry specific obligations such as EMV. Experience has proven that a lack of an appropriate smart card management strategy can undermine the long term business case and drive up costs. These dynamic relationships also mean that the Card and Application Management System (CAMS) needs to interface with a greater number of internal or external systems. restructure their cost base. However. issuers and service providers planning to migrate to smart cards. flexible and efficient management. but which adds another dynamic aspect to the management of card and application. creating structure and interoperability between diverse business processes and technologies and helping issuers to realise the real potential of their card and cardholder assets. Intelligent application of mandates can also create revenue or cost saving opportunities. smart card deployments on a significant scale are becoming increasingly common. Certification Authorities. Another factor is the cost of card replacement. traditionally applied to cards in a fairly simple way. the relationships between cards. becomes more complex and should include all of the entities in the card relationship. cardholders and applications demand more dynamic. To begin with. These could be citizen. A successfully implemented CAMS becomes an enabler. the expense of replacing issued smart cards is high compared to relatively cheap but ‘static’ and fraud sensitive magnetic stripe cards. some of these interfaces may need to be real-time or interactive. or who plan to add new card types and applications to their card base. to reduce fraud. streamline administration or to meet legislative or card scheme mandates. This also means that the concept of “lifecycles”. HSPD-12 and biometric border controls creating additional momentum.“Executive Summary” 1. data. risk management systems. must also accept the new challenges created by this technology. distributed registration systems. which can also enable new value added opportunities for the issuer and cardholder population.5 . Effective management of these relationships is proving to be a critical success factor in many new deployments. access control applications and so on. -2- ANDiS Product Description 1. ......................................................... This section also describes how Bell ID addresses typical functional requirements such as security.....................Section I ......... List of Figures Figure 1 Common interactions with CAMS ...5 Figure 3 Hierarchy in the ACS ...... technical or industry specific aspects of the smart card industry....................... describes how ANDiS maps the resulting requirements into actual business processes and explains on a functional level how ANDiS interfaces with other systems..................... and introduces the role and situation of Bell ID’s ANDiS software in ‘generic’ smart card infrastructures....... 2. -3- .......1......... DOCUMENT INFORMATION Document Structure Main document sections: Conceptual View This section describes the high level requirements and attributes of Card and Application Management Systems......................15 Copyright © 2002-2009 Bell Identification B..7 Figure 4 Sample of National ID card lifecycle ............................... Functional View This section explains how ANDiS resolves the potentially complex issues of lifecycle and configuration management...........V................. 2..... availability and reporting....................“Introduction” 2. This section also introduces the main standards organisations that help to shape the relevant functional......................2 Figure 2 ANDiS CAMS in a typical environment ..................2..... . .Section II . CONCEPTUAL VIEW ON THE CAMS Copyright © 2002-2009 Bell Identification B.“Conceptual View on the CAMS” II.V.1- .   Updates Reports.Chapter 3 . Update Personalisation  Burea(x) Desktop Personalisation  Post  Issuance  Personalisation Personalisation.  Status  Changes Back  Office Systems Key  Management Authority Certificate  Request Response Application  Data Application Provider(s) Personalisation  Requests/Response Application Add.“The concept of CAMS” 3. data will need to be prepared and sent to personalisation systems. but also the oncard application(s) and the cardholder(s) associated with them means that the CAMS must also manage the relationship between each of these entities. applications and cardholders need to be set up.2Bell ID Product Description 1. Activation and Post Issuance Figure 1 Common interactions with CAMS . fulfilled and maintained.1. For example. meaning that the CAMS will potentially need to communicate with a diverse range of systems. commands or notifications relating to these event or state changes when they occur. The requirement to manage lifecycles of not only the cards themselves. Anatomy of a CAMS EMV payments cards. throughout the various events and changes of state in the lifecycle. encryption keys and certificates will need to be managed. THE CONCEPT OF CAMS 3.ANDiS Card and Application Management System (CAMS) . The following figure illustrates just some of the possible interactions: Enrolment & Cardholder Data Enrolment Via ANDiS   Enrolment Via  Other System LDAP Dbase Key/Certificate Management Authorities Card & Status  Requests. but the management of the cards and applications do share a number of fundamental principles. lifecycles and processes associated with the cards. The CAMS will often need to receive or send data. Updates Cardholder Data.  Delete. Corporate ID cards.5 .  Batch Requests Back Office/  Application Providers Call Centre Certificate Authority Certificate  Request Response Status  Requests. not all of which are necessarily under the control of the issuing organisation. cardholder registration must be performed. Health cards and so on may all have very different uses and applications. and so on. This means that a database needs to be populated. National ID cards. applications. interfaces and processes efficiently and cost effectively means that a meaningful CAMS should have a number of basic attributes. and these systems are likely to have different technologies and behaviours.V. cardholder and application(s) define the events and subsequent changes in state that need to be executed. Open and Platform Independent A CAMS will often be required to support a combination of ‘legacy’ or proprietary technologies. so it follows that the CAMS must itself be secure and resistant to fraud.2 Copyright © 2002-2009 Bell Identification B. importing an embossing file is typically a batch oriented task sourced from a legacy system. Secure In many cases smart cards are introduced to reduce the risks of fraud. and others may be scheduled or automated processes. including: Process Driven The lifecycles of the card.Section II . enrolment and issuing models et cetera. or whether it is to support new card types. Adaptable Business and technology demands can change quickly. some may be interactive. the system should be adaptable enough to easily allow changes in the workflow or processes without impacting the rest of the system. Legacy-aware. whereas card requests from a distributed branch environment would typically require an on-line web service or web enabled interface. and to communications with ‘The outside world’. but it is essential to ensure that these processes are managed securely. as is ‘four eyes principle’ access to sensitive or system management functions. efficiently and reliably. To maintain flexibility and prevent vendor ‘lock-in’. The option to download or update applications onto the existing card population also provides added business agility. the CAMS itself should ideally be based on open technologies such as J2EE. and more current open standards technologies. For example. and Post-issuance application updates take place via interactive web sessions. . This clearly requires the CAMS to support flexible. Comprehensive and secure audit logging is strongly recommended and is frequently a strong prerequisite in banking and government applications. This applies to database information. As there will always be new client specific business processes.“Conceptual View on the CAMS” Managing these relationships. ‘pull’ and interactive needs. 1 See Section 5. whether these are simply additional fields in cardholder records. Some may be initiated manually. Multos or FIPS 201 where applicable. which can lead to cost savings by avoiding the need to reissue cards. Flexible Interfacing Clearly the CAMS may need to communicate with a number of systems. or potentially provide profitable business opportunities. access to potentially sensitive functions such as card issuing.3- . cross-technology interfaces to accommodate the various ‘push’. and the CAMS should be flexible enough to adapt to new requirements. cross-industry standards such as GlobalPlatform 1 and should support appropriate industry specific standards such as EMV. This applies to issues such as capacity. This remainder of this paper introduces ANDiS. as well as a possible future change of system platform. can contribute to higher level of customer retention. improves dissemination of security sensitive information (e. Offering highly flexible configuration options. creates links to billing systems Return on investment – ANDiS reduces re-investment for new cards or applications.     . performance and reliability. and as card infrastructures begin to integrate multiple applications.ANDiS Card and Application Management System (CAMS) . it is wise to consider the possible consequences of growth in the future. creates options to ‘rent’ application space to third parties on issued card chips. ANDiS offers a number of potential business benefits including:  Reduced time-to-market for new applications – creates business agility. 3.reduces liabilities and risks inherent in sharing sensitive data with third parties.5 . open and interoperable.g. the idea of a CAMS simply being a ‘black box’ in the personalisation chain is rapidly becoming obsolete. improves incident responses. adds value for cardholders Optimised management of card base and cardholder relations – efficient administration.“The concept of CAMS” Scalable Both Issuers and Service providers may need to consider the mid term or long term growth of their card populations. and in such cases it is necessary for the CAMS to have the ability to grow with the requirements. creates marketing opportunities. processes.2. leverages CRM.4- Bell ID Product Description 1. card revocation Card issuer retains control of the chip at all times . open Card and Application Management System built on the ‘4 M’ principle: This simply means that a single ANDiS platform is capable of managing multiple card types. card types and so on. making it a powerful business enabling tool for issuers and service providers. a flexible. software platform.Chapter 3 . reduces costs associated with future card and application deployments Post Issuance Personalisation of existing card population – flexible management of card portfolios reduces card re-issue costs. as the application of smart card technology matures. improves competitive positioning. helps create value added or revenue generating applications. Clearly. For many issuers. allows phased business strategies. CAMS as a Business Enabler Bell ID’s CAMS delivers genuinely market leading functionality on a single. the ANDiS CAMS is adaptable to many different business concepts and organisational needs. converges management and administration tasks Flexible reporting functionality – provides real-time views for portfolio management and risk analysis. running multiple applications in a multiple card issuer environment interfacing with multiple card personalisation systems and bureaux. more specific implementations are discussed in the appropriate ANDiS CAMS solution documents for EMV. and National ID and Health applications. or will be in the future. Corporate ID. The following figure shows how the CAMS is positioned in a “typical” generic environment. Activation and Post Issuance Figure 2 ANDiS CAMS in a typical environment The CAMS is primarily responsible for:  Card Request Processes  Card.5- . Enrolment & Cardholder Data Enrolment Via ANDiS   Enrolment Via  Other System LDAP Dbase Key/Certificate Management Authorities Back Office/  Application Providers Call Centre Certificate Authority CWS Data  Prep Dataport Card M’gmt Application M’gmt KMS Web Perso Interface CNS Provider Interface Audit/ Reporting PIP PWS Key  Management Authority PKI/ KMA KWS Perso Interface Back  Office Systems Application Provider(s) Personalisation  Burea(x) Desktop Personalisation  Post  Issuance  Personalisation Personalisation. ANDiS CAMS: The heart of a Smart Card Infrastructure The CAMS manages essential card personalisation and lifecycle aspects such as data preparation. Cardholder & Application Administration  Card Configuration Management  Reporting Copyright © 2002-2009 Bell Identification B.Section II .“Conceptual View on the CAMS” 3. enrolment. . Furthermore the CAMS offers legacy and web based interfaces between related internal and external systems. encryption key management.3. Where more sophisticated cards and applications are being issued. CAMS is also capable of delivering dynamic application and parameter management and post issuance personalisation for a varied card and user population. and card status management.V. 6- Bell ID Product Description 1.5 .Chapter 3 . it is useful to look at some important card management concepts and how they are applied in ANDiS. personalisation bureau or other systems  Interfacing to application providers  Interfacing to PKI(s) or KMA  Key Management Services (KMS)  Post Issuance Personalisation (PIP)  A Notification Service (CNS) for publishing change of state notices Before exploring these components and interfaces in more detail. administration.“The concept of CAMS” Additional components or options manage functional or interface requirements such as:  Scheduled Data Preparation (mainly in banking/EMV)  Web based enrolment. .ANDiS Card and Application Management System (CAMS) . photo studio and various other modules  Import/export of data from and to external systems  In Branch issuance / Central in-house personalisation  CAMS User Access and Authorisation Management (ACS)  Interfacing to registration systems . storage. enables ANDiS administrator to define and manage rights of access to all of the ANDiS functionality. screens and buttons for each group of ANDiS operators. the KMS registers all changes in status.7- . When logging onto the central system. The KMS can also be implemented separately. Authorisation Control System (ACS) Access to functionality of ANDiS Management Systems is controlled by means of the ANDiS Authorisation Control System (ACS).1.509 certificate. Users Groups Roles & Actions Preparation Johnson Requesters Smith Photo/Signature Card Request Card Request Check Authorisation McNeal Authorisers Card request check Authorisation Administration Stanford Administrators Card Administration Cardholder Administration Figure 3 Hierarchy in the ACS 4. . user group and access control data. In most cases. or for verification and authorisation of other parties. OTHER ANDIS PRODUCTS 4. by IP address and / or by an oncard X. The diagram below shows how this hierarchy works. During the life cycle of keys. operators can be identified by a combination of username / password. ANDiS provides interfaces to all major HSM providers (see Error! Reference source not found. which enables the CAMS administrators to define rights of access to modules. Additional hardware at workstations is required when biometrics or certificates are utilised.Section II . using digital certificates. identification by means of biometrics is supported. Hardware Security Modules). Key Management System (KMS) The ANDiS Key Management System (KMS) is an extremely powerful tool which is concerned with the potentially complex process of generation. which can only be altered according to a predefined hierarchy.V. Optionally. through a web browser.“Conceptual View on the CAMS” 4. distribution or import and lifecycle management of cryptographic keys. to manage keys and key hierarchies for card or non. The keys may be used for encryption and decryption of data.card related applications. Copyright © 2002-2009 Bell Identification B. for generation of cryptographic keys a so-called Hardware Security Module (HSM) is required. The KMS facilitates import of keys generated by third parties and distribution of keys to third parties. such as personalisation bureaus.2. The ACS database contains all the user. Chapter 4 .ANDiS Card and Application Management System (CAMS) .5 .“Other ANDiS Products” The KMS functionality is exposed to other ANDiS components or third party applications (where permitted) using the KMS Web Service interface. . Comprehensive information is available in the KMS/KWS Product White Paper.8- Bell ID Product Description 1. responsible for creating and advancing interoperable technical specifications for smart cards. Operating on a not-for-profit basis. international smart card association. GlobalPlatform funds its on-going technical work and the marketing efforts of the organisation with funds raised from membership fees. thanks to a finely tuned balance of technical superiority and business justification. many of which are outlined in the Technical View section of this document. acceptance devices and systems infrastructure. payment card organisations and telecommunication companies. Current programmes range from city/ID/health card projects to enhanced credit/debit cardholder loyalty schemes which also offer post-issuance download capabilities.3. INTERNATIONAL STANDARDS 5. By providing these specifications on a royalty-free basis (available for free download at www. which in turn was particular to a hardware (chip) or silicon platform supplier. However. GlobalPlatform GlobalPlatform is the leading. Interfacing and Messaging. It is driven by a cross-industry member base comprising over 50 organisations. North America.1. open. Prior to the emergence of multi-application smart cards. With over 75 million GlobalPlatform smart cards currently in circulation across the globe. Introduction ANDiS supports a wide range of generic IT interoperability standards. 5. decreases time to market and accelerates the adoption rate of smart card technology in diverse industries around the globe. MULTOS MULTOS is the first. Systems Compliance. to implement a range of smart card programmes. Bell ID is an active contributor to the GlobalPlatform systems specifications in terms of Key Management. The specifications offer backwards compatibility and allow adopters the opportunity to grow revenues by capitalising on either the single or multiple-application smart card model. Copyright © 2002-2009 Bell Identification B.2. each software application representing a product or service on a card was written for a specific operating system.globalplatform. Asia and Australia by many bodies.Section II .“Conceptual View on the CAMS” 5. including government departments. GlobalPlatform actively promotes worldwide acceptance of its standards and encourages a universal approach to the development of smart card infrastructures. GlobalPlatform is a fully independent and democratic organisation with its strategic priorities defined by an elected Board of Directors. the GlobalPlatform Specifications have become recognised by the world-wide smart card industry as the standard upon which to base smart card infrastructures. there are certain organisations that have a particular influence on vertical market segments or which guide business and technology strategies on a broader basis than generic IT standards. Post Issuance Personalisation. .V. multi-application operating system for smart cards (hence 'MULT-OS'). the stability of the technology has been proven and the standard has now been set. The following industry bodies are particularly significant for Bell ID and for sections of our customer base: 5.org).9- . This facilitates deployment. high security. GlobalPlatform technology is being used across Europe. Since the formation in 1999. issuers. sometimes the wider market uses FIPS in the absence of any other appropriate standards. they would receive a replacement card. 5. MULTOS provides increased convenience and flexibility for users while delivering savings and a wealth of opportunities for issuers across all business sectors.4. The issuer had almost no flexibility to change any of these components without having to invest funds into a new software and/or hardware implementation.10 - Bell ID Product Description 1. The EMV specifications have been integrated into the ANDiS system to serve the financial industry with a proven solution. contractors etc). FIPS has also introduced a standard which is likely to impact Identity Management and Identity Verifications systems. The latest version of the specifications.“International Standards” This forced card issuers to commit to a specific application developer. Bell ID has a valuable and flourishing working relation with Multos and our systems support MULTOS based operating systems and card schemes. President George Bush issued his 12th Homeland Security Presidential Directive (HSPD-12) with the intention to:     Enhance security Increase government efficiency Reduce identity fraud Protect personal privacy . As the secure smart card/token and HSM markets have proven.Chapter 5 . Early smart cards therefore created high cost of ownership and yet offered virtually no flexibility.5.5 . In August 2004. EMVCo is currently operated by JCB International. Bell ID works closely with Visa and MasterCard to ensure the latest specification update throughout all ANDiS products and modules.US Federal Information Processing Standards – cover a wide range of IT technologies and in theory only apply to US government agencies (and their suppliers. LLC. was formed in February 1999 by Europay International. maintain and enhance the EMV Integrated Circuit Card Specifications for Payment Systems as technology advances and the implementation of chip card programmes become more prevalent. With the acquisition of Europay by MasterCard in 2002 and JCB International joining the organisation in 2005.1. was published in June 2004. and Visa International. and if the product or service changed in any way. multi-application operating system has changed the smart card proposition for both issuers and cardholders. MasterCard Visa (EMV) EMVCo. MasterCard International. 5. Europay International. operating system and chip for each service the issuer wished to provide to its customer base. MasterCard International and Visa International to manage. For example banks and many enterprises in all regions now routinely specify that HSMs must be validated to the relevant FIPS standard (FIPS 140-2). The MULTOS high security. Federal Information Processing Standards (FIPS) FIPS . The formation of EMVCo ensures that single terminal and card approval processes are developed at a level that will allow cross payment system interoperability through compliance with the EMV specifications. EMV 2000 version 4. Cardholders were forced to carry a different card for each service or function they wished to benefit from.ANDiS Card and Application Management System (CAMS) . so the term PIV is frequently used. ISO/IEC 7816 for Integrated circuit cards with contacts and ISO/IEC 14443 for Integrated circuit cards without contact. FIPS 201 is called Personal Identity Verification of Federal Employees and Contractors. There are various types of identification cards for the numerous application areas. .” which means that identification:  Must be issued based on sound criteria for verifying an individual employee’s identity  is strongly resistant to identity fraud. and with the expectation that more government and corporate ID card projects will assume FIPS 201 as ‘de facto’ standards.6.11 - . e.“Conceptual View on the CAMS” HSPD-12 demands that agencies must issue “secure and reliable forms of identification.Section II . ISO/IEC 7501 covers machine readable travel documents. Copyright © 2002-2009 Bell Identification B. tampering. International Organization for Standardization (ISO) ISO standards for identification cards are developed by the joint technical subcommittee for cards and personal identification.g. 5. ISO/IEC JTC1/SC 17. counterfeiting. this is likely to become increasingly important. Standards for application areas ISO 7813 sets out requirements to be met by financial transaction cards. ANDiS has been successfully tested for compliance with the appropriate elements of PIV. such as passports and visas. and terrorist exploitation  can be rapidly authenticated electronically  is issued only by providers whose reliability has been established by an official accreditation process FIPS 201 was issued in February 2005 to specify the standards for this directive. Whereas.V. FUNCTIONAL VIEW ON THE CAMS .Chapter 5 .5 .“International Standards” III.ANDiS Card and Application Management System (CAMS) .12 - Bell ID Product Description 1. for magnetic stripe cards.“Functional View on the CAMS” 6. not only the card. ANDiS addresses these two fundamental aspects of smart card deployments providing comprehensive and powerful tools to manage and maintain lifecycles and card configurations.2. A simple example of a card and application lifecycle might look like the boxed example above. Lifecycles The personalisation processes of smart cards tend to be more complex than. This means that Ready for Input lifecycle management Ready for Authorization becomes far more important with smart Ready for Production cards than with static In Production Ready for Initialization magnetic stripe cards. managed and synchronised. Introduction Two essential aspects of successful smart card deployment and operations are:  Management of all of the card and application related processes from a card request through to the withdrawal or expiry of a card  Definition and Management of the potentially varied relationships between each of the card related entities These issues are clearly fundamental where large or complex smart card deployments are involved.Section III . and there may also be one or more (potentially dynamic) applications Card Lifecycle example Application (eg Certificate) Lifecycle example associated with the New New card. so that an event (such Removed Blocked as ‘card request authorised’) leads to a Physically Withdrawn Installed change of card state Logically Withdrawn Terminated (such as to ‘ready for production’).V. Both of these issues are briefly discussed below. .13 - . Issuers who neglect or underestimate these essential aspects of smart card management can find themselves unexpectedly ‘locked in’ to increasingly unsuitable processes or technologies.1. KEY ELEMENTS OF THE CAMS 6. for example. 6. but also the applications and cardholders need to have lifecycle defined. but should not be underestimated even where apparently straightforward smart card deployments are concerned. and the Lifecycle Wizard (see Wizard Concept below) provides a graphical. and unable to react effectively to future demands. Managing these lifecycles is a particular strength of ANDiS. Ready for Activation Initialized Post Issuance A lifecycle consists of In Use In Use Ready for Update ‘events’ and ‘states’. In Synchronized Card and Application Lifecycles addition. ‘drag and drop’ flow chart tool to make the task as clear and simple as it can be. Copyright © 2002-2009 Bell Identification B. which will be used by a (centralised) system to identify the cardholder.ANDiS Card and Application Management System (CAMS) . ‘membership’ indicates which of the target groups a cardholder should belong to. multiples types of each might co-exist.3.  Card Type: The card type indicates the type of card. or multiple sorts of bank payment card. different categories of health and health insurance cards. For each cardholder. In many cases. for example issuers may have different employee and visitor ID cards. but this is not always the case. for whom certain card types are available. ANDiS separates different entities and groups as follows:  Issuers: An entity that is responsible for issuing cards. Managing Card Configuration ANDiS can support many different sorts of cards. With single-application cards. the card issuer is usually also the application provider.  Card Family: A card family is a group of one or more card types with similar physical attributes. for many different types of issuers.  Target Groups: A collection of cardholders. The card programme can also define which applications are mandatory and which.Chapter 6 . Issuer Cardholder Target group Card type Card Program Application (For example…) Identity Time/ Attendance . As a result.14 - Bell ID Product Description 1. only the card types linked to that target group will be available for that particular cardholder. are optional. but even simple groupings of users or card types need to be clearly established and managed.5 . etc. commands and procedures. how the card number is assembledthe type of chip embedded in the card.  Card Programme: A card programme defines the set of applications which can be assigned to a card. ANDiS can specify to which target group(s) a user belongs via a membership. if any. an application as it applies to a smartcard is a collection of data. users and applications. to which card family it belongs. Certain applications (for example Access Control) may only consist of an identification number.  Application: In ANDiS terminology. and can be used to identity card with different personalisation processes. which can be loaded onto a smartcard. As has been described. Other applications may contain actual programme code (a Java applet on a Java enabled card for example). ANDiS is capable of supporting many combinations on a single management platform.  Membership: Where cardholders could be members of multiple target groups.“Key Elements of the CAMS” 6. to help organisations. with support for memberships and organisations to create further flexibility. administrators and operators are provided with a set of ‘Wizards’. variables and configuration choices.“Functional View on the CAMS” ANDiS allows highly flexible configuration of all of these elements. which means that card issuers can use ANDiS map potentially complex hierarchies. two card types.15 - . Figure 4 (above) shows an example of a straightforward set of relationships that might exist when an issuer has only two user groups. Copyright © 2002-2009 Bell Identification B. administrators and system operators to navigate their way through the various options. ANDiS Wizards Clearly. . Figure 4 Simple Configuration Issuer Cardholder Target group Membership Cardholder Photo/ Signature/ Biometric Card type Card program Organisation Selection Application Time/ Attendance (For example…) Identity Payment Physical Access Control Fuel Logical Access Control Figure 5 Manage Complex Configurations & Relationships 6. Figure 5 below shows how ANDiS can also be scaled up to manage more complex and numerous groupings. groups.V.4.Section III . issuers and service providers planning to implement a smart card infrastructure are faced with a wide range of possible parameters. ANDiS is itself a flexible and feature rich system so. card products and so on in highly relational way. and two applications of which one should be available on both card types. chip technologies. For example.16 - Bell ID Product Description 1. access to any of this functionality is controlled by the ANDiS Authorisation Control System. for administrative functions such as managing cardholders and card requests.“Key Elements of the CAMS” ANDiS wizards are a set of Graphical User Interfaces with a common look and feel which have been created to help users set up or operate many of the configuration and operator tasks.ANDiS Card and Application Management System (CAMS) . for application management and so on.5 . . wizards are available to help establish lifecycles and card configurations. discussed later in this chapter. For both security and ease of use.Chapter 6 .  Manage and activate applications. as defined in the card configuration. and the related processes. Copyright © 2002-2009 Bell Identification B. . health (insurance) data. The first step in the lifecycle of a card is the registration of a card in the ANDiS CAMS. Introduction The ANDiS Card and Application Management System (CAMS) manages the complete lifecycle of unlimited numbers of multi-application smart cards. for example where another enrolment infrastructure or ID Management System (IDMS) will be used. In some cases.1. a photograph should be printed on the card and other biometric data such as fingerprints will be stored on the chip.V.“Functional View on the CAMS” 7. e-purse. ANDiS can integrate with other biometric devices such as fingerprint or retina scanners through the industry standard BioAPI 2 .bioapi. authorisation and card withdrawal for management operators) means that the operator processes can be both distributed and tailored to the issuer’s preferred workflow.3. but clearly the flexible lifecycle support and extensive interface options offered by ANDiS mean that issuers and implementers can tailor such processes as appropriate to the circumstances. physical and logical access control. again described in section 8.2. CAMS BUSINESS PROCESSES 7.g. 7. 2 The BioAPI Consortium is a group of over 120 companies and organizations that have a common interest in promoting the growth of the biometrics market.  Via import of Cardholder data through the ANDiS Import/Export Module.3. 7. where appropriate from external service providers. and many others. and has a Photo Studio module for capturing and managing photographic images. Applications could be EMV debit/credit.Section III . The key mission of the CAMS is to:  Manage the cardholder data and the status of the card. cardholder identity and authentication.5.17 - . The CWS is described in section 8. such as for ID cards. The following describes a “default” ID card business process. Signature and Biometrics enrolment ANDiS supports on-card digital images such as photographs or handwritten signatures. This is described below. The most common are:  Via an ANDiS CAMS Web Service (CWS) based on SOAP protocol. For more information the reader is referred to http://www. The web based nature of the operator GUI and the ability of the ACS to allow only the functions that a given operator needs (e.1. card registration for front office operators. Card Request There are several ways to enrol a cardholder and register the card in the ANDiS CAMS.  Via data input through a web based GUI by an ANDiS operator. Photo.3.org/. This process is called Card Request and enables the ANDiS Operator to select the proper card type and the appropriate applications. application providers with an interest in a card renewal can be updated through online interfaces. As with any other state changes. For example. Card Distribution Card Distribution involves physical and logical distribution of the card and updating the states of both the card and the applications linked to that card. e-mail messages or offline synchronisation (e. By making a selection of pre-defined events (card request.18 - Bell ID Product Description 1. distribution. Features:  Provides GUI for Cardholder Support Services  Administration of the card. personalisation. This will guarantee that all requested cards have also been received physically. Card Registration When cards are personalised by an external Personalisation Bureau. and card renewal is supported as an option by ANDiS. the Card Registration process may be used to match the result file received from the Personalisation Bureau. offering a potential saving on physically reissuing expired or suspended cards. 7.5. 7.4. Card Stock Management The ANDiS CAMS offers three types of stock administration: Card Type Independent Stock Administration This type of stock administration can be used to keep track of “white plastic” stock. it should be possible to renew cards. 7.5 .) a card issuer can compose a lifecycle for a certain card type. so for example when a company is issuing Corporate ID Cards. All state transitions are recorded in the database for audit trail purposes. card holder and the applications on the card  Changing the status of the card (including logical card collection) 7. . Card and Application Administration The ANDiS CAMS manages smart cards and applications throughout their entire lifecycle. containing information about the produced cards. payroll staff can be automatically entered into the system via an interface with the HRM system.Chapter 7 .8. and the physical cards themselves. etc. whereas formal employee identity cards must be authorised and checked before personalisation can take place. 7. The lifecycles of each card type can also be configured to match the business needs of an organisation.“CAMS Business Processes” Note that ANDiS allows issuers and service providers to configure different enrolment options. but visitors and hired staff might be entered via the operator GUI.7.g. certain card types such as short term visitor ID cards might be issued immediately after they have been printed and should be logically withdrawn after a short time period.6. Renewal requires the states of both the card and the applications linked to that card to be updated. Card Renewal In some cases. authorisation. XML based export files).ANDiS Card and Application Management System (CAMS) . 11. there are environments in which a greater level of manual control should be exercised.12. Note that the same operator interface provides an overview of any cards which may have failed the production process. During production. but where there is no external ‘trigger’. production of this card will be refused.“Functional View on the CAMS” Card Type Dependent Stock Administration This type is used to keep track of pre-personalised or pre-printed cards. if the serial number exists in the database. Additional modules and components Job Scheduler ANDiS processes are frequently triggered by external events such as card requests. Jasper Reports also supports HTML and CSV file formats in addition to PDF. web or file based). 7. 7. or to execute regular import or export tasks.19 - . but is linked to a different card type. PIP requests et cetera. The card’s state is changed and all applications residing on the card are immediately blocked. However there are occasions when processes or ‘jobs’ need to be executed automatically and unattended. Production Order Administration Although batch production orders can be launched by the ANDiS job scheduler. 7. ANDiS provides a comprehensive GUI which gives operators a clear overview of the cards which are ready for production. the chip serial number is read and compared to the database. increasing the security of the production process. The ANDiS Job Scheduler offers the possibility to run Copyright © 2002-2009 Bell Identification B. which is a typical requirement for batch oriented data preparation.Section III . This might be to suspend ACS users who have not accessed the system for a certain period. . in the case of lost or stolen cards) the status can be set of ‘logically withdrawn’.10.V. 7. In this case it is necessary to keep stock for each individual card type. Only registered chips may be produced. Reporting Reporting for Administrative or Billing Purposes ANDiS uses Jasper Reports to present reports. while the ANDiS CNS component can notify the involved application providers. Furthermore. the chips on these cards are also administered on an individual basis. Production Stock Administration In addition to keeping track of the pre-personalised cards.g. to provide outputs that are most suitable for the reporting requirement (hard copy. The unique serial number of each prepersonalised card is stored in the ANDiS database. Card Withdrawal Withdrawal is the last stage in the lifecycle of a card. Reports are selected via the ANDiS User Interface and the report is showed to the user as a PDF. so that they can be resent or investigated as appropriate. Ideally cards should be physically destroyed (physical withdrawal) but if this is not possible (e. and allows them to dictate which cards (of not all) should be sent in the next production order.9. since the basic material is already linked to a certain card type. g. daily for overnight runs). Jobs can also be manually started without affecting scheduled jobs. Email Notifier It is also possible to configure the job scheduler to initiate a (configurable) e-mail. or e-mail advisories appropriate to the administrative requirements of the organisation. In conjunction with the job scheduler. the E-mail Notifier could for example be used to send confirmations. .ANDiS Card and Application Management System (CAMS) .5 .“CAMS Business Processes” certain jobs both automatically and unattended on a regular basis (e.Chapter 7 .20 - Bell ID Product Description 1. national or banking implementations.Section III . others via a bureau which is capable of managing larger volumes. Web Based Issuance The ANDiS Web Based Issuance Solution allows issuers to execute local (“in-branch”) issuance and personalisation. ANDiS CAMS communicates by means of an XML-file based interface and (where appropriate) EMVCo personalisation specifications. such as within the bank branch. and a field with the number of cards that were rejected in the quality check. It is however intended as a means to provide the cardholder with quicker service for card replacements. This flexibility can put issuers at a considerable business advantage. Introduction ANDiS CAMS provides functionality to personalise cards and on-card chips in various ways. Alternatively.P. who will then receive electronic personalisation files via secured connections.2. situations where some cards might be required immediately. application data and 'collection station' address. the Response File contains information about the results of the personalisation process. The Personalisation Response file contains records of the cards correctly personalised. in-branch personalisation is not generally a replacement for mass personalisation (centralised personalisation at a bureau. for example). VIP or urgent cases and so on. the issuer can also opt for personalisation services to be provided by a third party. in government or local governments’ distributed office locations. This interface consists of a “Request File” and a “Response File”. . in corporate Human Resources offices. Typical PIP processes are Copyright © 2002-2009 Bell Identification B. 8.21 - . The GlobalPlatform personalisation specifications are supported by personalisation bureaus around the globe. or bureau. ANDiS also offers the capability to mix these options. It provides organizations with the opportunity to print and personalize cards locally. and so on. card number.V. Cards can be personalised within the card issuing organisation either on distributed (“in branch”) or on centralised personalisation equipment.1. the Request File contains information about the cards to be personalised.I. a field with the number of cards unable to be produced. Post-Issuance Personalisation (PIP) The ANDiS Post-Issuance Personalisation (PIP) module facilitates adding. deleting or changing applications on cards that have already been issued. cardholder data. card type. Smart Card Personalisation Personalisation Bureau Interface Where personalisation is carried out by a personalisation bureau.“Functional View on the CAMS” 8. or reduce delays in ‘emergency’ or V. CAMS INTERFACES 8. The Personalisation Request File contains records of the cards to be personalised including available fields for batch number. The same technology can also be used for smaller implementations to take advantage of centralized desktop printing and personalisation facilities. In large scale. so that some card types or user groups can receive cards immediately ‘in branch’. takes care of distribution logistics and can provide economies of scale. 22 - Bell ID Product Description 1.“CAMS Interfaces” performed remotely when cardholders present their cards at local card readers or kiosks.ANDiS Card and Application Management System (CAMS) . . central issuing and personalisation station.Chapter 8 .5 . Secure connections between the central CAMS web server and the local card readers or web browsers are established with HTTPS and SSL. without a need to use the initial. including the type and volume of data that needs to be transferred.3 provides examples of the type of relationships and data exchanges that ANDiS might be expected to support. 8. This approach also enables ANDiS to effectively integrate with and conform to the diverse demands of each customer’s own IT strategies. “Web Services”. Definition of the PIP workflow largely depends on the defined business processes. www. the type of system with which ANDiS is communicating. the best method of interfacing and exchanging data between ANDiS and other systems depends on a variety of factors. makes integration between different systems and platforms easier.1 CAMS Web Service (CWS) Depending on the appropriate solution architecture.Section III . IDMS or other systems and may require an on-line interface in near real time. or at a home PC equipped with web browser and card reader. However. A highly beneficial new feature of PIP is the availability of a Web Service based on the SOAP protocol to provide greater ease of integration and flexibility for customer specific requirements. ANDiS provides comprehensive interfacing options to support existing and potential future interface requirements for various systems.3. requirements for real time or near real time communication.org Copyright © 2002-2009 Bell Identification B. defined by W3C 3 as a “system designed to support interoperable machine-to-machine interaction over a network”. Obviously.“Functional View on the CAMS” Cardholders connect to the central web server and request for the additional application to be downloaded onto their card. whether communication needs to be unidirectional or bi-directional and so on. Data Exchange Section 6. ANDiS may need to integrate with one or more systems such as HRM. Call Centres. PIP enables a card issuer to establish considerable cost savings by eliminating the need to replace large numbers of cards when new applications are added to the smart card scheme.w3. architectures and processes.23 - . 3 Worldwide Web Consortium. ANDiS is able to interface to external systems through:  Web Services  Web Enabling  Batch File Exchange (DataPort)  Directory Services (LDAP)  Messaging Middleware This section provides a brief functional description of each method.V. . which is an increasingly important aspect of IT planning. at a kiosk. Updating the cards can be performed either at the central issuing station.3. 8. The same goes for deleting or changing on-card applications. more flexible and is frequently in line with contemporary IT architecture strategies. all changes are registered and managed centrally in ANDiS CAMS. applications and databases. but does have the ability to integrate with a range of PKI systems. ANDiS integrates with a directory server using the LDAP protocol for communication.500 Directory Services such as Microsoft Active Directory.5 . ANDiS itself does not generate or issue certificates. Microsoft Certificate Service. Entrust and Cybertrust CAs. thus ensuring that certificates also benefit from fully integrated card. 8. et cetera.5 DataPort Module • The DataPort Module is generally used where data is transferred in batch and/or offline . applications et cetera. The ANDiS Notification Service is a tool that can be used to inform external applications on life cycle state changes of entities in the ANDiS CAMS. RSA Keon. ANDiS makes extensive use of these web services technologies for data exchange with the CAMS itself. if an application is blocked. cardholder and certificate lifecycle management. but each PKI vendor has a different approach to interfacing with external systems. and with PIP. These are particularly common in the large Corporate ID market segment. such as if a card is issued. Netscape Directory or SunONE Identity Server. Such Directory Services are often considered to be the “leading” authority for Identity and Authorisation information. This can be particularly useful when one part of an organisation or an external agency needs to be kept informed of changes.2 LDAP Users or cardholder information required by ANDiS is sometimes already present in external X. 8. The following is a typical ‘generic’ process that ANDiS will need to follow to generate certificates for cards:  Generate key pair on-card or in an HSM (usually on-card generation will be for low volume or post issuance certificate requests.3 CAMS Notification Service (CNS) There are many occasions when it may be useful (or essential) for other systems to be notified of changes to cards.ANDiS Card and Application Management System (CAMS) .24 Bell ID Product Description 1. 8. cards.3.3. HSMs will be used for mass issuance)  Make certificate request  Create PKI Connector from request  Ask PKI connector for certificate request hash  Sign the hash on the card or in the HSM  Give the signature to the PKI connector  Get the certificate from the PKI connector ANDiS is currently capable of providing support for Verisign On-Site. ANDiS has the capability to manage public key certificates in the same way as other on-card applications. reducing the need for entering duplicate user and cardholder data and facilitating the reuse of existing systems and data.3.“CAMS Interfaces” ANDiS CAMS Web Services (CWS) opens the services of ANDiS to other enterprise systems – while still maintaining security and authorisation controls – using state of the art web technologies.4 Public Key Infrastructure (PKI) Many smart card applications.Chapter 8 . applications and organisations. with the KMS. The entities for which a notification can be sent include cardholders. especially in the Identity Management field.3. make use of Public Key Infrastructure (PKI) as a means of authentication. 8. and/or on manual request as required. DataPort is capable of handling high volumes of data.V. such as an import of existing cardholder database information. and several proprietary applications are also supported. Most of the interfaces comply with industrial standards (particularly GlobalPlatform).Section III .6 Application Provider Interface ANDiS CAMS caters for a true multi-application smart card scheme by means of a varied and extensive range of interfaces with third party application providers.3.“Functional View on the CAMS” scenarios. . ANDiS DataPort is designed to easy importing and exporting information • A special DataPort Template is used is used to specify the fields in an import or export file as well as the mapping to the corresponding database fields • The main focus of DataPort is fast performance for the import and export of large amounts of data • Relatively straightforward imports and exports can be built without the need to do any additional programming • It is flexible enough to alter the default behaviour by implementing custom classes. Copyright © 2002-2009 Bell Identification B. 8. Transfer of batch data can take place on a regularly scheduled basis. The interfaces enable secure data communication (either online / real-time or in batch mode) between the CAMS and all of the external application providers.25 - . ANDiS Card and Application Management System (CAMS) . The data preparation component is a scheduled process which is to run at intervals specified within a configuration file. any optional printed data and cardholder facial data and so on. the cardholder fingerprints.1.26 Bell ID Product Description 1. The ANDiS Data Preparation process creates the necessary content. This also means that each of the containers are populated by different data elements. The ANDiS data preparation Module provides a variety of benefits such as:       Fast data preparation Database population for future re-issuance HSM independence Single Issuance and post-Issuance platform User-friendly interface Integration with common EMV test tools The data preparation component is an integral part of the ANDiS4EMV solution. ANDiS prepares the card holder information so that it can be loaded to the appropriate container during personalisation. The relevant scheme data and cardholder data can be input through either an embossing file. which are supported by the ANDiS FIPS 201 solution. 9. divided into up to ten containers. ANDiS4EMV that also caters for:       9.“Additional Functionality” 9.1.5 .1 Data Preparation EMV Issuers looking for either an integrated or stand-alone high performance data preparation system will find that ANDiS caters for both requirements.2 Management of EMV Templates EMV Variable settings EMV Cryptographic Key Management EMV Issuer Scripting Support VISA and MasterCard Support EMV and Loyalty Application FIPS 201/PIV Data Preparation for FIPS 201 also has very specific attributes. A FIPS 201 PIV card is itself highly complex. Each card contains a PIV applet.Chapter 9 . including required Cardholder Unique Identifiers (CHUID) and Federal Agency Smart Credential Numbers (FASC-N). The output from this process is the enrichment of embossing or cardholder data with EMV and security data which are used in generating an output file which can be sent to a personalisation bureau or used as input into a personalisation manager application. . soap service or via the web based interface. which is specifically tailored for EMV application schemes such as VSDC (Visa) and M/Chip (MasterCard) and AEIPS (American Express).1. the life-cycle of which must be managed separately. ADDITIONAL FUNCTIONALITY 9. During data preparation. each of which will be populated by different data elements. the operator who made the change. ANDiS is capable of complying with industry or region specific mandates and policies.  All sensitive information in the database (sometimes referred to as ‘Data at Rest’) can be stored in encrypted form. and is described in greater detail in section 4. encrypted storage of cardholder data in the central CAMS database).1. e. manages the state changes and fires appropriate notification to IDMS (enrolment system). Auditing for Security Purposes The ANDiS CAMS supports configurable logging using Log4j. Application or Key management System. For data encryption an HSM (Hardware Security Module) can be accessed via any ANDiS product. Oracle role based authentication. which can be important for companies who have high legal requirements.g. ANDiS Database Security The ANDiS system can be protected on several levels:  In addition to the ACS.Section III .27 - . Signing trail records makes certain user changes irrefutable. a library that is integrated directly with the application which requires logging. Digital signing of audit logs is fully supported. creates or authorises card requests. This might be whenever an operator changes a smart card’s state. The ANDiS Key Management System (KMS) is Copyright © 2002-2009 Bell Identification B. SSLv3. Secure Communication ANDiS supports secure communication using HTTPS. 9. .  It is generally good practice to ensure that the ANDiS server platform and HSMs are placed in a physically secure environment. and the following is a short overview of common functional security requirements that ANDiS must support. ANDiS Key Management System The ANDiS KMS integrates seamlessly with the ANDiS Card Management and Application Management System. access to the CAMS database can be protected using Oracle security mechanisms. the contents of the old record. Access Control to the Card Management System The access security of ANDiS is handled by the ANDiS Authorization Control System (ACS). with encryption keys and processing handled in the secure and tamper resistant environment of a Hardware Security Module (HSM). security is an essential component of ANDiS design and implementation methodology.2.V. etc.g. SAMs or software keys. (e.“Functional View on the CAMS” ANDiS also manages the container signing and update services required for Activation and Post Issuance Personalisation. The contents of files exchanged with external systems can be encrypted with DES/3DES/RSA using HSMs. Encryption functionality can be used from ANDiS Card. ACS is a powerful tool which provides fine grained access and authorization control for both ANDiS users and applications interfacing to ANDiS. et cetera. Message Authentication Codes (MACs) or digital signatures are widely used to ensure the integrity of data transfer between ANDiS and 3rd party systems. More details on the ANDiS solution for FIPS 201/PIV is available on request. Signed records contain information on date/time of the change. Security As Card and Application Management Systems often deal with privacy or fraud sensitive data. See also SECTION 10. export and distribution of all sorts of cryptographic keys (DES. Please refer to ANDiS KMS Whitepaper for more information. and has generated in excess of 50. number and method of keys that may need to be generated for each card. the type. or over 1.Chapter 9 .000 cards per hour. national identity card and health card schemes. ANDiS has proven itself capable of scaling up to meet the requirements of nationally deployed large scale credit card issuers. such as the level of data preparation required.4. Performance The performance of ANDiS depends on a variety of factors. ANDiS has been deployed in environments which use techniques such as load balancing and system mirroring to provide a robust and fault tolerant platform. The performance requirements must therefore be addressed according to the requirements of a given implementation. This demonstrates a proven track record of managing issuers with requirements to issue many millions of cards.28 - Bell ID Product Description 1. Electronic keys can be used for encryption and decryption of data and for verification and authorization of trusted parties (using digital certificates).5 . RSA/PKI. Ultimately the scalability and availability of ANDiS depends on an intelligent and appropriate choice of system architecture and hardware. Scalability and Availability ANDiS is a fully J2EE compliant product. and so on. 9. . Mifare keys. a major credit card issuer deploying several millions of chip based credit cards has deployed ANDiS on a single hardware platform. and the software supports scaling to many millions of cards.2 million cards per day. multinational corporate card and ministry of defence identity card schemes.“Additional Functionality” concerned with the implementation of security concepts based on the generation and the secure storage. 9.3.ANDiS Card and Application Management System (CAMS) . and the Oracle database used by ANDiS has tools available to support fault tolerant data storage. The ANDiS KMS supports the management of all Global Platform keys. In a real test of ANDiS’ performance capabilities. the hardware platform being used. Where high availability is required. triple DES. ARCHITECTURE. System availability again depends on customer requirements and an intelligent choice of hardware and network architecture. Deployment Architecture The flexibility of ANDiS J2EE based product architecture means that many different deployment architectures and concepts can be met by a single instance of ANDiS. SUN.1. simple requirements can be met by installing ANDIS and the Oracle Database on a single server. For example. IIS Oracle TomCat. Product Architecture Developed on a fully J2EE compliant platform to maximise flexibility.29 - . and also of the IT architecture policies of the organisation deploying the system. Linux) Apache. Client  Presentation                   Business   Database SOAP Client/ Adapters  SOAP CAMS ACS Events  J2EE Browser  ActiveX Web  Server PIP JSP Reports Perso Gen’r Messaging  Listeners  Wizard  Pages Data prep etc… Multi Platform (MS. performance.Section III . The ultimate deployment architecture depends on the functional. scalability and availability requirements of the issuer. Copyright © 2002-2009 Bell Identification B.2. IBM.V. perhaps to issue cards from a desktop printing system (as shown below). .“Functional View on the CAMS” 10. WebLogic. WebSphere … Figure 6 ANDiS J2EE Multi Tier Product Architecture 10. ANDiS has been designed and implemented following a ‘Three tier architecture’ model which separates the database. HP. SunOne. business logic and presentation layers from the client applications. ARCHITECTURE 10. as illustrated below. online card activation and/or post issuance personalisation (PIP) requirements.Chapter 10 .30 - Bell ID Product Description 1. the business logic (effectively. as might be required in a nationally scaled and mission critical system. the following illustrates how ANDiS might be deployed in a high performance. As an example. high availability environment taking advantage of clustering techniques and technologies to further improve the predictability and resilience of business–critical applications.“Architecture” Desktop Printer ANDiS System ANDiS Operator Figure 7 Simple ANDiS configuration: Presentation. In very large implementations. the core ANDiS applications).5 .ANDiS Card and Application Management System (CAMS) . . the ANDiS’ flexible J2EE design means that ANDiS ‘tiers’ can also be physically distributed across multiple systems. with physically and logically separate server systems running the database. Business and Database Logic on one server However. offering options to meet very high performance and availability criteria. The web based nature of the operator component lends itself ideally to a distributed organisational structure. and the ‘client facing’ web functions such as enrolment. ANDiS is typically deployed across several systems. “Functional View on the CAMS” Personalisation Systems  Enterprise Directory ANDiS CAMS  Servers Identity Manager ANDiS  Web Servers ANDiS Database   Servers Enterprise Portal Certificate Authority ANDiS Operators Application Providers Archiving  and Storage Figure 8 Example of ANDiS in a complex deployment: Clustered.31 - . .V.Section III . physically separated tiers Copyright © 2002-2009 Bell Identification B. processes and encryption keys. secure and scalable issuing platform. web-enabled software platform on which this strategy can be realised.V. business and operational requirements can be structurally and systematically addressed.com  sales@bellid. The intelligent and proven design of ANDiS also means that this comprehensive functionality also provides a flexible. ANDiS effectively consolidates and coordinates card related systems and processes including enrolment. technology and operations requirements in a way that benefits all of the stakeholders in a card issuing business or project. ANDiS provides the tools to define and manage the appropriate and related lifecycles. central Card and Application Management System.com  www. please feel free to contact us: Bell Identification B. or to discuss your own situation and requirements in more detail.com POSTAL ADDRESS: PHONE: FAX: E-MAIL (GENERIC): E-MAIL (SALES): INTERNET: . especially when there are so many potential sources of data and potentially many different formats. biometrics. certificate issuing. If you have any questions or remarks. In addition. ANDiS provides the proven. VISITING ADDRESS: Stationsplein 45 Entrance A.5 . key management. managing data related to lifecycles.bellid.Chapter 11 . Ultimately. Box 29141 3001 GC Rotterdam The Netherlands  +31 (0) 10 885 1010  +31 (0) 10 885 1011  info@bellid. Bell ID would be pleased to help you learn more about how Bell ID’s ANDiS Card and Application Management solutions can help you and your organisation.O. and applications is an extremely challenging task. card(holder) and application administration.32 - Bell ID Product Description 1. personalisation and post issuance personalisation. which are likely to be linked to multiple cards. which becomes the point at which many technical. standards and protocols to support. and data exchange with back office systems. CONCLUSION AND CONTACTS Issuing chip based cards to meet immediate and future business and legislative requirements in a technically and operationally efficient way can be a complex matter.ANDiS Card and Application Management System (CAMS) . cardholders. 6th floor 3013 AK Rotterdam The Netherlands P. ANDiS gives issuing organisations the opportunity to meet business. In particular. most notably for different types of cards and applications.“Conclusion and Contacts” 11. The solution is to focus the data and processes management onto a single. Copyright © 2002-2009 Bell Identification B.V.“Functional View on the CAMS” For other Bell ID worldwide locations and an up to date list of our worldwide strategic partners please visit the corporate website.33 - . .Section III .