Professional Documents
Culture Documents
Product Description
All rights reserved. No part of the content of this document may be reproduced or transmitted in
any form by any means without the written permission of the publisher.
ANDiS™ is a registered trademark of Bell Identification B.V.
Table of Contents
TABLE OF CONTENTS
I. INTRODUCTION .............................................................................................................1
2. DOCUMENT INFORMATION.............................................................................................3
2.1. DOCUMENT STRUCTURE .....................................................................................3
2.2. LIST OF FIGURES................................................................................................3
II. CONCEPTUAL VIEW ON THE CAMS...............................................................................1
- II - ANDiS Product Description 1.5 - ANDiS Card and Application Management System (CAMS)
Section I - “Introduction”
I. INTRODUCTION
1. EXECUTIVE SUMMARY
The potential of multi-application smart cards enables banks, governments and
enterprises to exploit new business opportunities, to reduce fraud, restructure their cost
base, streamline administration or to meet legislative or card scheme mandates.
Intelligent application of mandates can also create revenue or cost saving opportunities,
creating a benefit from a necessity. With industry specific obligations such as EMV,
HSPD-12 and biometric border controls creating additional momentum, smart card
deployments on a significant scale are becoming increasingly common. However, issuers
and service providers planning to migrate to smart cards, or who plan to add new card
types and applications to their card base, must also accept the new challenges created by
this technology.
To begin with, the relationships between cards, data, cardholders and applications
demand more dynamic, flexible and efficient management. Effective management of
these relationships is proving to be a critical success factor in many new deployments.
This also means that the concept of “lifecycles”, traditionally applied to cards in a fairly
simple way, becomes more complex and should include all of the entities in the card
relationship.
These dynamic relationships also mean that the Card and Application Management
System (CAMS) needs to interface with a greater number of internal or external systems.
These could be citizen, employee or cardholder databases, distributed registration
systems, Certification Authorities, risk management systems, access control applications
and so on. Unlike relatively ‘static’ traditional card systems, some of these interfaces may
need to be real-time or interactive.
Another factor is the cost of card replacement; the expense of replacing issued smart
cards is high compared to relatively cheap but ‘static’ and fraud sensitive magnetic stripe
cards. Issuers and service providers therefore need to keep card ‘churn’ to a minimum. A
solution to this is ‘Post-issuance personalisation’, which can also enable new value added
opportunities for the issuer and cardholder population, but which adds another dynamic
aspect to the management of card and application.
It is little wonder that smart card and application management has emerged as such a
fundamental aspect of successful smart card deployments. Experience has proven that a
lack of an appropriate smart card management strategy can undermine the long term
business case and drive up costs, and in the worst case can risk the economic viability of
the smart card deployments.
A successfully implemented CAMS becomes an enabler, creating structure and
interoperability between diverse business processes and technologies and helping issuers
to realise the real potential of their card and cardholder assets.
-2- ANDiS Product Description 1.5 - ANDiS Card and Application Management System (CAMS)
Section I - “Introduction”
2. DOCUMENT INFORMATION
Conceptual View
This section describes the high level requirements and attributes of Card and Application
Management Systems, and introduces the role and situation of Bell ID’s ANDiS software
in ‘generic’ smart card infrastructures. This section also introduces the main standards
organisations that help to shape the relevant functional, technical or industry specific
aspects of the smart card industry.
Functional View
This section explains how ANDiS resolves the potentially complex issues of lifecycle and
configuration management, describes how ANDiS maps the resulting requirements into
actual business processes and explains on a functional level how ANDiS interfaces with
other systems. This section also describes how Bell ID addresses typical functional
requirements such as security, availability and reporting.
For example, lifecycles and processes associated with the cards, applications and
cardholders need to be set up, fulfilled and maintained. This means that a database needs
to be populated, cardholder registration must be performed, data will need to be prepared
and sent to personalisation systems, encryption keys and certificates will need to be
managed, and so on.
The requirement to manage lifecycles of not only the cards themselves, but also the on-
card application(s) and the cardholder(s) associated with them means that the CAMS
must also manage the relationship between each of these entities, throughout the various
events and changes of state in the lifecycle.
The CAMS will often need to receive or send data, commands or notifications relating to
these event or state changes when they occur, meaning that the CAMS will potentially
need to communicate with a diverse range of systems, not all of which are necessarily
under the control of the issuing organisation.
Enrolment & Cardholder Data
Enrolment
Enrolment
Via LDAP Dbase
Via ANDiS
Other System
Key/Certificate Back Office/
Card & Status Cardholder Data,
Management Authorities Requests, Updates Batch Requests Application Providers
Call Centre
Certificate Status
Certificate
Authority Requests,
Request
Response Updates
Reports, Back
Status Office
Key Certificate Changes Systems
Management Request
Authority Response
Application
Data
Application
Provider(s)
Personalisation Application Add,
Requests/Response Delete, Update
Post
Personalisation Desktop
Issuance
Burea(x) Personalisation
Personalisation
Personalisation, Activation and Post Issuance
- 2- Bell ID Product Description 1.5 - ANDiS Card and Application Management System (CAMS)
Section II - “Conceptual View on the CAMS”
Managing these relationships, interfaces and processes efficiently and cost effectively
means that a meaningful CAMS should have a number of basic attributes, including:
Process Driven
The lifecycles of the card, cardholder and application(s) define the events and subsequent
changes in state that need to be executed. Some may be initiated manually, some may be
interactive, and others may be scheduled or automated processes, but it is essential to
ensure that these processes are managed securely, efficiently and reliably. As there will
always be new client specific business processes, the system should be adaptable
enough to easily allow changes in the workflow or processes without impacting the rest of
the system.
Flexible Interfacing
Clearly the CAMS may need to communicate with a number of systems, and these
systems are likely to have different technologies and behaviours. For example, importing
an embossing file is typically a batch oriented task sourced from a legacy system,
whereas card requests from a distributed branch environment would typically require an
on-line web service or web enabled interface, and Post-issuance application updates take
place via interactive web sessions. This clearly requires the CAMS to support flexible,
cross-technology interfaces to accommodate the various ‘push’, ‘pull’ and interactive
needs.
Adaptable
Business and technology demands can change quickly, and the CAMS should be flexible
enough to adapt to new requirements, whether these are simply additional fields in
cardholder records, or whether it is to support new card types, applications, enrolment and
issuing models et cetera. The option to download or update applications onto the existing
card population also provides added business agility, which can lead to cost savings by
avoiding the need to reissue cards, or potentially provide profitable business opportunities.
Secure
In many cases smart cards are introduced to reduce the risks of fraud, so it follows that
the CAMS must itself be secure and resistant to fraud. This applies to database
information, access to potentially sensitive functions such as card issuing, and to
communications with ‘The outside world’. Comprehensive and secure audit logging is
strongly recommended and is frequently a strong prerequisite in banking and government
applications, as is ‘four eyes principle’ access to sensitive or system management
functions.
1
See Section 5.2
Scalable
Both Issuers and Service providers may need to consider the mid term or long term
growth of their card populations, and in such cases it is necessary for the CAMS to have
the ability to grow with the requirements.
This applies to issues such as capacity, performance and reliability, as well as a possible
future change of system platform. For many issuers, it is wise to consider the possible
consequences of growth in the future.
Clearly, as the application of smart card technology matures, and as card infrastructures
begin to integrate multiple applications, processes, card types and so on, the idea of a
CAMS simply being a ‘black box’ in the personalisation chain is rapidly becoming
obsolete.
This remainder of this paper introduces ANDiS, a flexible, open Card and Application
Management System built on the ‘4 M’ principle: This simply means that a single ANDiS
platform is capable of managing multiple card types, running multiple applications in a
multiple card issuer environment interfacing with multiple card personalisation systems
and bureaux.
- 4- Bell ID Product Description 1.5 - ANDiS Card and Application Management System (CAMS)
Section II - “Conceptual View on the CAMS”
The following figure shows how the CAMS is positioned in a “typical” generic environment;
more specific implementations are discussed in the appropriate ANDiS CAMS solution
documents for EMV, Corporate ID, and National ID and Health applications.
Enrolment & Cardholder Data
Enrolment
Enrolment
Via LDAP Dbase
Via ANDiS
Other System
Key/Certificate Back Office/
Management Authorities Application Providers
Call Centre
Certificate CWS Dataport CNS
Authority
Post
Personalisation Desktop
Issuance
Burea(x) Personalisation
Personalisation
Personalisation, Activation and Post Issuance
Before exploring these components and interfaces in more detail, it is useful to look at
some important card management concepts and how they are applied in ANDiS.
- 6- Bell ID Product Description 1.5 - ANDiS Card and Application Management System (CAMS)
Section II - “Conceptual View on the CAMS”
The ACS database contains all the user, user group and access control data, which can
only be altered according to a predefined hierarchy, enables ANDiS administrator to
define and manage rights of access to all of the ANDiS functionality. The diagram below
shows how this hierarchy works.
Users Groups Roles & Actions
Preparation
Johnson
Card Request
Requesters
Smith Photo/Signature
Authorisation
Authorisation
Administration
Stanford Administrators
Card Administration
Cardholder Administration
The KMS facilitates import of keys generated by third parties and distribution of keys to
third parties. During the life cycle of keys, the KMS registers all changes in status. In most
cases, for generation of cryptographic keys a so-called Hardware Security Module (HSM)
is required. ANDiS provides interfaces to all major HSM providers (see Error! Reference
source not found. Hardware Security Modules). The KMS can also be implemented
separately, to manage keys and key hierarchies for card or non- card related applications.
The KMS functionality is exposed to other ANDiS components or third party applications
(where permitted) using the KMS Web Service interface. Comprehensive information is
available in the KMS/KWS Product White Paper.
- 8- Bell ID Product Description 1.5 - ANDiS Card and Application Management System (CAMS)
Section II - “Conceptual View on the CAMS”
5. INTERNATIONAL STANDARDS
5.1. Introduction
ANDiS supports a wide range of generic IT interoperability standards, many of which are
outlined in the Technical View section of this document.
However, there are certain organisations that have a particular influence on vertical
market segments or which guide business and technology strategies on a broader basis
than generic IT standards. The following industry bodies are particularly significant for Bell
ID and for sections of our customer base:
5.2. GlobalPlatform
GlobalPlatform is the leading, international smart card association, responsible for
creating and advancing interoperable technical specifications for smart cards, acceptance
devices and systems infrastructure. It is driven by a cross-industry member base
comprising over 50 organisations.
Since the formation in 1999, the GlobalPlatform Specifications have become recognised
by the world-wide smart card industry as the standard upon which to base smart card
infrastructures, thanks to a finely tuned balance of technical superiority and business
justification.
The specifications offer backwards compatibility and allow adopters the opportunity to
grow revenues by capitalising on either the single or multiple-application smart card
model. By providing these specifications on a royalty-free basis (available for free
download at www.globalplatform.org), GlobalPlatform actively promotes worldwide
acceptance of its standards and encourages a universal approach to the development of
smart card infrastructures. This facilitates deployment, decreases time to market and
accelerates the adoption rate of smart card technology in diverse industries around the
globe.
GlobalPlatform technology is being used across Europe, North America, Asia and
Australia by many bodies, including government departments, issuers, payment card
organisations and telecommunication companies, to implement a range of smart card
programmes. Current programmes range from city/ID/health card projects to enhanced
credit/debit cardholder loyalty schemes which also offer post-issuance download
capabilities.
With over 75 million GlobalPlatform smart cards currently in circulation across the globe,
the stability of the technology has been proven and the standard has now been set.
Operating on a not-for-profit basis, GlobalPlatform funds its on-going technical work and
the marketing efforts of the organisation with funds raised from membership fees.
GlobalPlatform is a fully independent and democratic organisation with its strategic
priorities defined by an elected Board of Directors. Bell ID is an active contributor to the
GlobalPlatform systems specifications in terms of Key Management, Post Issuance
Personalisation, Systems Compliance, Interfacing and Messaging.
5.3. MULTOS
MULTOS is the first, open, high security, multi-application operating system for smart
cards (hence 'MULT-OS').
This forced card issuers to commit to a specific application developer, operating system
and chip for each service the issuer wished to provide to its customer base. The issuer
had almost no flexibility to change any of these components without having to invest funds
into a new software and/or hardware implementation. Early smart cards therefore created
high cost of ownership and yet offered virtually no flexibility. Cardholders were forced to
carry a different card for each service or function they wished to benefit from, and if the
product or service changed in any way, they would receive a replacement card.
The MULTOS high security, multi-application operating system has changed the smart
card proposition for both issuers and cardholders. MULTOS provides increased
convenience and flexibility for users while delivering savings and a wealth of opportunities
for issuers across all business sectors.
Bell ID has a valuable and flourishing working relation with Multos and our systems
support MULTOS based operating systems and card schemes.
With the acquisition of Europay by MasterCard in 2002 and JCB International joining the
organisation in 2005, EMVCo is currently operated by JCB International, MasterCard
International, and Visa International.
The latest version of the specifications, EMV 2000 version 4.1, was published in June
2004.
The EMV specifications have been integrated into the ANDiS system to serve the financial
industry with a proven solution. Bell ID works closely with Visa and MasterCard to ensure
the latest specification update throughout all ANDiS products and modules.
FIPS has also introduced a standard which is likely to impact Identity Management and
Identity Verifications systems. In August 2004, President George Bush issued his 12th
Homeland Security Presidential Directive (HSPD-12) with the intention to:
Enhance security
Increase government efficiency
Reduce identity fraud
Protect personal privacy
- 10 - Bell ID Product Description 1.5 - ANDiS Card and Application Management System (CAMS)
Section II - “Conceptual View on the CAMS”
HSPD-12 demands that agencies must issue “secure and reliable forms of identification,”
which means that identification:
ANDiS has been successfully tested for compliance with the appropriate elements of PIV,
and with the expectation that more government and corporate ID card projects will
assume FIPS 201 as ‘de facto’ standards, this is likely to become increasingly important.
- 12 - Bell ID Product Description 1.5 - ANDiS Card and Application Management System (CAMS)
Section III - “Functional View on the CAMS”
6.1. Introduction
Two essential aspects of successful smart card deployment and operations are:
Management of all of the card and application related processes from a card request
through to the withdrawal or expiry of a card
ANDiS addresses these two fundamental aspects of smart card deployments providing
comprehensive and powerful tools to manage and maintain lifecycles and card
configurations. Both of these issues are briefly discussed below.
6.2. Lifecycles
The personalisation processes of smart cards tend to be more complex than, for example,
for magnetic stripe cards, and there may also be one or more (potentially dynamic)
applications Card Lifecycle example Application (eg Certificate) Lifecycle example
associated with the New New
card. This means that
Ready for Input
lifecycle management
becomes far more Ready for Authorization
Managing these lifecycles is a particular strength of ANDiS, and the Lifecycle Wizard (see
Wizard Concept below) provides a graphical, ‘drag and drop’ flow chart tool to make the
task as clear and simple as it can be.
Target Groups: A collection of cardholders, for whom certain card types are
available. For each cardholder, ANDiS can specify to which target group(s) a user
belongs via a membership. As a result, only the card types linked to that target
group will be available for that particular cardholder.
Card Type: The card type indicates the type of card, to which card family it belongs,
how the card number is assembledthe type of chip embedded in the card, etc.
Card Programme: A card programme defines the set of applications which can be
assigned to a card. The card programme can also define which applications are
mandatory and which, if any, are optional.
Application: In ANDiS
Issuer terminology, an application as
Cardholder
it applies to a smartcard is a
collection of data, commands
and procedures, which can be
loaded onto a smartcard.
Target group Certain applications (for
example Access Control) may
only consist of an identification
number, which will be used by
Card type a (centralised) system to
identify the cardholder. Other
applications may contain
actual programme code (a
Card
Java applet on a Java enabled
Program
card for example).
Application
Card Family: A card family is
a group of one or more card
types with similar physical
(For example…) Identity Time/ attributes, and can be used to
Attendance identity card with different
personalisation processes.
- 14 - Bell ID Product Description 1.5 - ANDiS Card and Application Management System (CAMS)
Section III - “Functional View on the CAMS”
ANDiS allows highly flexible configuration of all of these elements, which means that card
issuers can use ANDiS map potentially complex hierarchies, groups, chip technologies,
card products and so on in highly relational way.
Figure 5 below shows how ANDiS can also be scaled up to manage more complex and
numerous groupings, with support for memberships and organisations to create further
flexibility.
Issuer
Cardholder
Membership
Target group
Cardholder
Photo/
Signature/
Biometric
Card type
Organisation
Card Selection
program
Application
ANDiS wizards are a set of Graphical User Interfaces with a common look and feel which
have been created to help users set up or operate many of the configuration and operator
tasks.
For example, wizards are available to help establish lifecycles and card configurations, for
administrative functions such as managing cardholders and card requests, for application
management and so on. For both security and ease of use, access to any of this
functionality is controlled by the ANDiS Authorisation Control System, discussed later in
this chapter.
- 16 - Bell ID Product Description 1.5 - ANDiS Card and Application Management System (CAMS)
Section III - “Functional View on the CAMS”
7.1. Introduction
The ANDiS Card and Application Management System (CAMS) manages the complete
lifecycle of unlimited numbers of multi-application smart cards. The key mission of the
CAMS is to:
Manage the cardholder data and the status of the card, and the related processes.
Manage and activate applications, where appropriate from external service
providers. Applications could be EMV debit/credit, e-purse, cardholder identity and
authentication, physical and logical access control, health (insurance) data, and
many others.
The following describes a “default” ID card business process, but clearly the flexible
lifecycle support and extensive interface options offered by ANDiS mean that issuers and
implementers can tailor such processes as appropriate to the circumstances.
Via an ANDiS CAMS Web Service (CWS) based on SOAP protocol, for example
where another enrolment infrastructure or ID Management System (IDMS) will be
used. The CWS is described in section 8.3.1.
Via import of Cardholder data through the ANDiS Import/Export Module, again
described in section 8.3.5.
Via data input through a web based GUI by an ANDiS operator. This is described
below.
The first step in the lifecycle of a card is the registration of a card in the ANDiS CAMS.
This process is called Card Request and enables the ANDiS Operator to select the proper
card type and the appropriate applications, as defined in the card configuration.
The web based nature of the operator GUI and the ability of the ACS to allow only the
functions that a given operator needs (e.g. card registration for front office operators,
authorisation and card withdrawal for management operators) means that the operator
processes can be both distributed and tailored to the issuer’s preferred workflow.
In some cases, such as for ID cards, a photograph should be printed on the card and
other biometric data such as fingerprints will be stored on the chip.
2
The BioAPI Consortium is a group of over 120 companies and organizations that have a common interest in promoting the
growth of the biometrics market. For more information the reader is referred to http://www.bioapi.org/.
Note that ANDiS allows issuers and service providers to configure different
enrolment options, so for example when a company is issuing Corporate ID Cards,
payroll staff can be automatically entered into the system via an interface with the
HRM system, but visitors and hired staff might be entered via the operator GUI.
Features:
Provides GUI for Cardholder Support Services
Administration of the card, card holder and the applications on the card
Changing the status of the card (including logical card collection)
- 18 - Bell ID Product Description 1.5 - ANDiS Card and Application Management System (CAMS)
Section III - “Functional View on the CAMS”
7.11. Reporting
Job Scheduler
ANDiS processes are frequently triggered by external events such as card requests, PIP
requests et cetera. However there are occasions when processes or ‘jobs’ need to be
executed automatically and unattended, but where there is no external ‘trigger’.
This might be to suspend ACS users who have not accessed the system for a certain
period, or to execute regular import or export tasks, which is a typical requirement for
batch oriented data preparation. The ANDiS Job Scheduler offers the possibility to run
certain jobs both automatically and unattended on a regular basis (e.g. daily for overnight
runs). Jobs can also be manually started without affecting scheduled jobs.
Email Notifier
It is also possible to configure the job scheduler to initiate a (configurable) e-mail. In
conjunction with the job scheduler, the E-mail Notifier could for example be used to send
confirmations, or e-mail advisories appropriate to the administrative requirements of the
organisation.
- 20 - Bell ID Product Description 1.5 - ANDiS Card and Application Management System (CAMS)
Section III - “Functional View on the CAMS”
8. CAMS INTERFACES
8.1. Introduction
ANDiS CAMS provides functionality to personalise cards and on-card chips in various
ways. Cards can be personalised within the card issuing organisation either on distributed
(“in branch”) or on centralised personalisation equipment. Alternatively, the issuer can
also opt for personalisation services to be provided by a third party, or bureau, who will
then receive electronic personalisation files via secured connections.
ANDiS also offers the capability to mix these options, so that some card types or user
groups can receive cards immediately ‘in branch’, others via a bureau which is capable of
managing larger volumes, takes care of distribution logistics and can provide economies
of scale. This flexibility can put issuers at a considerable business advantage, or reduce
delays in ‘emergency’ or V.I.P. situations where some cards might be required
immediately.
performed remotely when cardholders present their cards at local card readers or kiosks,
without a need to use the initial, central issuing and personalisation station. Secure
connections between the central CAMS web server and the local card readers or web
browsers are established with HTTPS and SSL.
- 22 - Bell ID Product Description 1.5 - ANDiS Card and Application Management System (CAMS)
Section III - “Functional View on the CAMS”
Cardholders connect to the central web server and request for the additional application to
be downloaded onto their card. The same goes for deleting or changing on-card
applications. Obviously, all changes are registered and managed centrally in ANDiS
CAMS. Updating the cards can be performed either at the central issuing station, at a
kiosk, or at a home PC equipped with web browser and card reader. Definition of the PIP
workflow largely depends on the defined business processes.
PIP enables a card issuer to establish considerable cost savings by eliminating the need
to replace large numbers of cards when new applications are added to the smart card
scheme.
A highly beneficial new feature of PIP is the availability of a Web Service based on the
SOAP protocol to provide greater ease of integration and flexibility for customer specific
requirements.
Section 6.3 provides examples of the type of relationships and data exchanges that
ANDiS might be expected to support.
However, the best method of interfacing and exchanging data between ANDiS and other
systems depends on a variety of factors, including the type and volume of data that needs
to be transferred, the type of system with which ANDiS is communicating, requirements
for real time or near real time communication, whether communication needs to be
unidirectional or bi-directional and so on.
ANDiS provides comprehensive interfacing options to support existing and potential future
interface requirements for various systems, applications and databases.
This approach also enables ANDiS to effectively integrate with and conform to the diverse
demands of each customer’s own IT strategies, architectures and processes, which is an
increasingly important aspect of IT planning.
3
Worldwide Web Consortium, www.w3.org
ANDiS CAMS Web Services (CWS) opens the services of ANDiS to other enterprise
systems – while still maintaining security and authorisation controls – using state of the art
web technologies.
ANDiS makes extensive use of these web services technologies for data exchange with
the CAMS itself, with the KMS, and with PIP.
8.3.2 LDAP
Users or cardholder information required by ANDiS is sometimes already present in
external X.500 Directory Services such as Microsoft Active Directory, Netscape Directory
or SunONE Identity Server. These are particularly common in the large Corporate ID
market segment. Such Directory Services are often considered to be the “leading”
authority for Identity and Authorisation information.
ANDiS integrates with a directory server using the LDAP protocol for communication,
reducing the need for entering duplicate user and cardholder data and facilitating the
reuse of existing systems and data.
ANDiS itself does not generate or issue certificates, but does have the ability to integrate
with a range of PKI systems, but each PKI vendor has a different approach to interfacing
with external systems. The following is a typical ‘generic’ process that ANDiS will need to
follow to generate certificates for cards:
Generate key pair on-card or in an HSM (usually on-card generation will be for low
volume or post
issuance certificate requests, HSMs will be used for mass issuance)
Make certificate request
Create PKI Connector from request
Ask PKI connector for certificate request hash
Sign the hash on the card or in the HSM
Give the signature to the PKI connector
Get the certificate from the PKI connector
ANDiS is currently capable of providing support for Verisign On-Site, Microsoft Certificate
Service, RSA Keon, Entrust and Cybertrust CAs.
- 24 - Bell ID Product Description 1.5 - ANDiS Card and Application Management System (CAMS)
Section III - “Functional View on the CAMS”
9. ADDITIONAL FUNCTIONALITY
9.1.1 EMV
Issuers looking for either an integrated or stand-alone high performance data preparation
system will find that ANDiS caters for both requirements. The ANDiS data preparation
Module provides a variety of benefits such as:
The data preparation component is an integral part of the ANDiS4EMV solution, which is
specifically tailored for EMV application schemes such as VSDC (Visa) and M/Chip
(MasterCard) and AEIPS (American Express). The relevant scheme data and cardholder
data can be input through either an embossing file, soap service or via the web based
interface.
This also means that each of the containers are populated by different data elements, the
life-cycle of which must be managed separately. During data preparation, ANDiS prepares
the card holder information so that it can be loaded to the appropriate container during
personalisation.
The ANDiS Data Preparation process creates the necessary content, including required
Cardholder Unique Identifiers (CHUID) and Federal Agency Smart Credential Numbers
(FASC-N), the cardholder fingerprints, any optional printed data and cardholder facial data
and so on.
- 26 - Bell ID Product Description 1.5 - ANDiS Card and Application Management System (CAMS)
Section III - “Functional View on the CAMS”
ANDiS also manages the container signing and update services required for Activation
and Post Issuance Personalisation, manages the state changes and fires appropriate
notification to IDMS (enrolment system).
More details on the ANDiS solution for FIPS 201/PIV is available on request.
9.2. Security
As Card and Application Management Systems often deal with privacy or fraud sensitive
data, security is an essential component of ANDiS design and implementation
methodology. ANDiS is capable of complying with industry or region specific mandates
and policies, and the following is a short overview of common functional security
requirements that ANDiS must support.
Secure Communication
ANDiS supports secure communication using HTTPS, SSLv3.
The contents of files exchanged with external systems can be encrypted with
DES/3DES/RSA using HSMs, SAMs or software keys. For data encryption an HSM
(Hardware Security Module) can be accessed via any ANDiS product. Encryption
functionality can be used from ANDiS Card, Application or Key management System. (e.g.
encrypted storage of cardholder data in the central CAMS database).
Message Authentication Codes (MACs) or digital signatures are widely used to ensure the
integrity of data transfer between ANDiS and 3rd party systems.
concerned with the implementation of security concepts based on the generation and the
secure storage, export and distribution of all sorts of cryptographic keys (DES, triple DES,
RSA/PKI, Mifare keys. Electronic keys can be used for encryption and decryption of data
and for verification and authorization of trusted parties (using digital certificates). The
ANDiS KMS supports the management of all Global Platform keys. Please refer to ANDiS
KMS Whitepaper for more information.
9.3. Performance
The performance of ANDiS depends on a variety of factors, such as the level of data
preparation required, the type, number and method of keys that may need to be
generated for each card, the hardware platform being used, and so on. The performance
requirements must therefore be addressed according to the requirements of a given
implementation.
In a real test of ANDiS’ performance capabilities, a major credit card issuer deploying
several millions of chip based credit cards has deployed ANDiS on a single hardware
platform, and has generated in excess of 50.000 cards per hour, or over 1.2 million cards
per day.
- 28 - Bell ID Product Description 1.5 - ANDiS Card and Application Management System (CAMS)
Section III - “Functional View on the CAMS”
10. ARCHITECTURE
SOAP Client/ CAMS
Adapters SOAP J2EE
ACS
Events
Browser PIP
Web
JSP
Server Reports
ActiveX
Perso Gen’r
Wizard Data prep
Messaging
Pages etc…
Listeners
Multi Platform (MS, SUN, IBM, HP, Linux)
The flexibility of ANDiS J2EE based product architecture means that many different
deployment architectures and concepts can be met by a single instance of ANDiS. The
ultimate deployment architecture depends on the functional, performance, scalability and
availability requirements of the issuer, and also of the IT architecture policies of the
organisation deploying the system.
For example, simple requirements can be met by installing ANDIS and the Oracle
Database on a single server, perhaps to issue cards from a desktop printing system (as
shown below).
Desktop Printer
ANDiS System
ANDiS Operator
Figure 7 Simple ANDiS configuration: Presentation, Business and Database Logic on one
server
However, the ANDiS’ flexible J2EE design means that ANDiS ‘tiers’ can also be physically
distributed across multiple systems, offering options to meet very high performance and
availability criteria, as might be required in a nationally scaled and mission critical system.
In very large implementations, ANDiS is typically deployed across several systems, with
physically and logically separate server systems running the database, the business logic
(effectively, the core ANDiS applications), and the ‘client facing’ web functions such as
enrolment, online card activation and/or post issuance personalisation (PIP) requirements.
The web based nature of the operator component lends itself ideally to a distributed
organisational structure. As an example, the following illustrates how ANDiS might be
deployed in a high performance, high availability environment taking advantage of
clustering techniques and technologies to further improve the predictability and resilience
of business–critical applications.
- 30 - Bell ID Product Description 1.5 - ANDiS Card and Application Management System (CAMS)
Section III - “Functional View on the CAMS”
Personalisation Systems
Enterprise Directory
ANDiS CAMS ANDiS Database
Servers Servers
Identity Manager
ANDiS
Web Servers
Enterprise Portal Certificate Authority
Archiving
and Storage
ANDiS Operators
Application Providers
In particular, managing data related to lifecycles, processes and encryption keys, which
are likely to be linked to multiple cards, cardholders, and applications is an extremely
challenging task, especially when there are so many potential sources of data and
potentially many different formats, standards and protocols to support.
The solution is to focus the data and processes management onto a single, central Card
and Application Management System, which becomes the point at which many technical,
business and operational requirements can be structurally and systematically addressed.
ANDiS provides the proven, web-enabled software platform on which this strategy can be
realised.
ANDiS effectively consolidates and coordinates card related systems and processes
including enrolment, biometrics, key management, certificate issuing, personalisation and
post issuance personalisation, card(holder) and application administration, and data
exchange with back office systems. In addition, ANDiS provides the tools to define and
manage the appropriate and related lifecycles, most notably for different types of cards
and applications.
The intelligent and proven design of ANDiS also means that this comprehensive
functionality also provides a flexible, secure and scalable issuing platform.
Bell ID would be pleased to help you learn more about how Bell ID’s ANDiS Card and
Application Management solutions can help you and your organisation, or to discuss your
own situation and requirements in more detail.
If you have any questions or remarks, please feel free to contact us:
- 32 - Bell ID Product Description 1.5 - ANDiS Card and Application Management System (CAMS)
Section III - “Functional View on the CAMS”
For other Bell ID worldwide locations and an up to date list of our worldwide strategic
partners please visit the corporate website.