Smart card life-cycle management – SCLM
Client-capable card management system of the highest quality
For companies with at least 100 workers it is useful and practical to implement an easy-to handle system card management system, with which cards for the individual workers can be produced from one or more SCLM service workplaces and be administered for the total life-cycle.
This is a card management system for companies of all sizes. All requirements of the card personalisation and administration are organised perfectly and in a clearly presentable form in the SCLM. Every card produced can be administered simply over the total life-cycle.
From the small desktop machine for card printing and personalisation to the parallel control of smart card production and personalisation systems for millions of cards the smart card life-cycle manager is the one to choose.
Distributed card issue and administration
This card management system has three levels, consisting of SCLM client, SCLM service and the SCLM database. Scalability is of course a feature of the system. All components can be replicated and combined as many times as you like. This means that card issue and administration can take place as parallel operations and at a variety of places and locations. A valuable feature for all large organisations.
High-quality data security
With SCLM, sensitive and secret data are not secured via the standard encryption of an MS SQL database. The SCLM Scope Management ensures that sensitive master data are protected additionally with symmetric and asymmetric keys (AES-256, RSA 2048 bit key). The relevant RSA keys are entered on the smart cards for security personnel, to be used by them for personalisation, issue and administration of cards. Should it ever happen that a security officer smart card of the SCLM operating personnel is lost, this can be disabled immediately, removed from the system, and a new smart card is then used instead.
Secure data transfer
All communication channels between SCLM Client and SCLM Service as well as between SCLM Service and SCLM Database are authentic and encrypted.
Smart card supported authorisation system for card issue and administration – the Scope Management system
Our scope management system – anchored in the card management system – is a separate authorisation system (supported by a smart card) for the personnel of a company with the job of personalising, issuing and administering cards.
The smart card life-cycle management system includes linkage with directory services like the Microsoft Active Directory, and in this way portrays the exact directory structure of a company in the scope management system.
In every organisation/division (domains, sub-domains, OUs, etc.) personnel can be given the responsibility for card issue and administration. These company officers will have special SCLM smart cards. Authorisation cards of this type are also known as “security officer smart cards”.
If a company officer entrusted with the card management authorises himself with his smart card vis à vis the smart card life-cycle management system, the officer will have access to the organisational area entrusted to him.
Master data administration
One of the key components of the card management system is the
master data administration.
Using the master data administration of the card management system, all the master data required for the optical, contact-based and contactless card personalisation are determined specific to the project concerned.
It will be shown in the following how the master data are defined, what constitutes them and where they are used.
Master data can be allocated to a variety of application areas, among others, cards, card applications, users and card projects. A number of pre-defined master data profiles are included in SCLM. However, as required, customer-specific master data templates can be newly defined and generated.
Prominent examples of master data:
- Card-relevant master data for the optical personalisation of a card (card print) are, for example, name, title, photograph, card ID, card layout with company logo.
- The master data stored for a particular user can comprise, for example, ID No., date of birth, company, department and role in the company.
- Master data or master data templates are required for coding a chip for particular applications, e.g. certificate templates for the smart card PKI logon and also structural guidelines for the recording and storage of fingerprints for the smart card biometric logon, templates PINs, PUKs and also master data for time recording, the use of cash applications and many more applications.
Other useful card management functions: disabling cards, enabling, recalling
In SCLM many other useful card management functions are available: disabling cards temporarily, enabling, recalling, resetting and at the same time cancelling the user allocation in order to reissue the card to another user. This is all straightforward and free of problems.
The core of the SCLM card personalisation is formed by the workflows. In order to generate a workflow with the corresponding plug-in, a workflow designer is needed and this is of course available in SCLM. With this component you can generate a suitable workflow in a few minutes. You give a meaningful name to the workflow, choose the required plug-ins for the personalising required, insert the plug-ins in the correct order and select the master data – available for every plug-in – which are relevant to the customer project.
Selections can be made from a whole number of available plug-ins for the optical, contact-based and contactless personalising. Plug-ins are needed for card design and
card printing, and for
contact chip initialising, PIN and PUK generation, card user allocation, trust centre / PKI connection, RFID coding, PIN letter print and many others.
What other information can be extracted from this section?
Every manufacturer-specific system, whether canteen payments, time recording or entry system, can be added with little effort via the corresponding plug-ins in the card personalising workflow of the smart card life-cycle management system.
For this you need also to set up the manufacturer/customer-specific RFID coding and parameterisation for the SEFIROT GmbH repertoire.