The SAM card crypto applet is intended for execution of cryptographic functions, used for smart card personalization, in case cryptographic support of personalization is provided by SAM cards.
The current version of crypto applet implements functions for personalizing Gemplus, NPX, Axalto native cards. If you want to personalize other types of cards using SAM, the crypto applet functionality may be extended accordingly.
Authorization crypto applet is intended for cryptographic support of EMV authorization. Crypto applet provides secure storage of issuer cryptographic keys and implements symmetric cryptography of issuer authorization host and EMV application, as well as asymmetric cryptography of a POS terminal. Functional capabilities of EMV transaction authorization are equal to the high-volume cryptographic devices (such as SafeNet (Eracom) and Thales e-Security).
Due to the low price and wide functionality a Java card with the crypto applet may have numerous applications, but most often is used for EMV card quality assurance by means of EMV Insight.
KeyCompass CryptoSubSystem (KeyCompass CSS) performs the procedure of information crypto processing and key generation, during the data preparation for smart-cards personalization and testing, and also PIN printing and data generation for the magnetic stripe. The SafeNet (Eracom), Thales e-Security and SAM-card (for some of the operations) crypto devices are used.
The KeyCompass CSS crypto subsystem is a tool for information security, which can also be used for the release of EMV-cards. In particular the The KeyCompass CSS crypto subsystem is used for data preparation, smart-card personalization, generating and printing the PIN.
KeyCompass CSS allows you to perform cryptographic procedures, necessary for card personalization of the following manufacturers:
KeyCompass CSS successfully works with the software for microchip personalization data preparation SmartDataCEnter and the PIN printing and generation application MSDP Manager. For microchip card personalization KeyCompass CSS is used in systems based on SCPE.
KeyCompass CSS is a component of the Complex EMV cards issuance solution.
PRONITspecialists have an in-depth understanding of smart cards architecture and principles of functioning. That is why we offer order development of smart card applets. We have already successfully implemented the following smart card applications:
If you are interested in order development of smart card applets, please This email address is being protected from spambots. You need JavaScript enabled to view it..
With the introduction of the issue and service technology for EMV-cards in large organizations it has become a particularly relevant problem to provide convenient and automate cryptographic keys process management. The solution is a system, which allows to generate, store, transmit, in good time to remove from circulation expired keys and put new ones into circulation. Also the system can provide key material to other information system, for example personalization system, acquiring, smart-cart management.
To solve these problems effectively a Key Management System (KMS) can be used.
Key Management System performs standard cryptographic materials management functions:
In addition to standard functions the Key Management System structures to work with cryptographic material and automates some of the processes, in particular:
Cryptographic materials can me associated with legal entities or individuals, payment systems and cryptographic devices.
KMS enables to generate documents, which correspond to executed operations:
In the Key Management System a protocol keeps record of all transactions made with the system and its objects, including cryptographic materials.
Key Management System can be used by both individuals, and external informational systems. The system provides a means of managing access rights security officers, administrators, and users (including external applications).
To ensure safety when working in public networks the Key Management Systems uses technology to secure communications, including VPN, uses advanced mechanisms to limit access to the database.
The Cert Auth module is designed for testing the formats of the Issuer Self-signed Certificates, which are sent to the Certification Authority (Visa, MasterCard International) for signature. In addition, the module allows you to get signed Issuer and the payment system certificates for testing the additional information without the reference to the Certification Authority.
Currently the module supports the exchange of certificates, accepted by Visa and MasterCard International.
The Cert Auth module allows to:
The crypto subsystem is designed to ensure the safety of data preparation processes, card personalization and their testing. The crypto subsystem includes cryptographic hardware and software component, as well as control software.
At the issue preparation stage the crypto subsystem performs the following:
During the stage of personalization the crypto subsystem performs the following:
The hardware component of the crypto subsystem can be presented by high-performance crypto devices from the SafeNet (Eracom) comoany, Thales e-Security or special SAM-cards. There is also a crypto device emulation software, useful at the stages of implementation and testing.
The management program part of the crypto subsystem must perform the key management procedure with the LMK, ZCMK, RSA keys and with the working issuer keys, and also provide an interface for external applications for secure execution of the crypto procedures.
For many years, cryptographic systems are used in the cards business for data preparation, card personalization and transactions authorization. The technology of this device, designed to work with magnetic stripe cards, have been developed, adjusted and unified to a large extent more than the cryptographic system for smart cards. Thales e-Security equipment is perfect for production of magnetic stripe cards. The ranges of cryptographic functions of the device are determined by firmware version.
Today smart cards are becoming more common, new applications are developed, more complex schemes of card usage and personalization. The dynamic development of the industry requires a more flexible support for the new trends by the crypto subsystems. Payment systems often issue new specifications and their improvement. Under the conditions of constant change and evolution of the market, the issuers are moving from one type of smart card to another, increasing the range of personalized applications – and all this implies a wider range of cryptographic functions, necessary for protecting information on cards that are personalized.
Currently on the market, there are crypto devices, which take into account the above features of smart card personalization. SafeNet (Eracom) equipment allows the developer to load cryptographic functions (functional modules – FM), which meet the needs of a particular project. With this the modification of the functional modules can be carried out by third-party developers without the hardware manufacturer.
Java based SAM-cards and Open Platform cards, have the same advantages, along with exceptionally low price.
The Thales e-Security device implements a different ideology: any change in the scheme of cryptographic personalization support, associated, for example, with the addition of a new application, which uses specific
Cryptography, requires the device firmware change, which is a difficult technical procedure and requires the direct participation of the hardware manufacturer.
An important task in the field of cryptographic security is a key management, used in continuous operation (Key Management).
The issuer works with a significant amount of secret key material and values, specificly:
In connection to this, there is a need for a convenient way to manage and store key material, which greatly simplifies the operation:
It is convenient, when you can work with most types of crypto equipment (SafeNet (Eracom), Thales e-Security, SAM-cards and others), without changing the crypto subsystem, and the main system, which it is based on. This advantage is achieved if the crypto subsystem has the ability to dynamically evolve and meet the requirements of payment systems.
Key Management System | software solution that automates the cryptographic keys management |
KeyCompass CSS | Software solution for management of SafeNet (Eracom), Thales e-Security and SAM-cards equipment. |
Cert Auth | Format testing module Issuer Self-signed Certificate |