NXP MIFARE Webinar: Streamlined User Management For Multi-Vendor Installations
-
Upload
nxp-mifare-team -
Category
Technology
-
view
636 -
download
0
Transcript of NXP MIFARE Webinar: Streamlined User Management For Multi-Vendor Installations
EXTERNAL USE
CHRISTOPH ZWAHLEN
JUNE 15TH, 2016
PRESENT IMPROVED - FUTURE
INSIDE
STREAMLINED USER
MANAGEMENT FOR MULTI-
VENDOR INSTALLATIONS
• Multi-vendor systems are common in IT
environments in users daily life
• Each user has multiple log-in credentials for
individual service reducing the user
convenience and the accessibility of services
• Significant increase of system maintenance
effort to manage user credentials across
multiple services
• Identity Access Management (IAM) offering
harmonized log-in solutions
Log-in CredentialsMulti-vendor solutions in IT systems
June 15, 20162.
Agenda
1. Drivers for multi-vendor systems
2. Card Identity Management – optimized for multi-
vendor systems
3. Practical implementation
• MIFARE DESFire EV2
Christoph ZwahlenMarketing Manager
Access Management
• Flexibility of contactless smart cards have
extended the usage into more applications• Optimized business processes for improved efficiency
• Increased comfort and availability through automation of
services
• Controllability and traceability and reduced cost of service
ownership
• New use cases introduce new solution specific
data structures on contactless smart card• New application specific data structures introducing new
identification data structure
• Increased efforts in centralized credential management
Multi-application contactless smart cardsFlexible solutions maximizing organizational benefits
June 15, 20164.
• Organizations are looking for best solutions fitting
the requirements of new use cases• Organizational benefits driving solutions selection
• Cost of system ownership
• Multi-application solutions enable simplified
operation of multi-vendor systems• Extension of application coverage e.g. offline locks replacing
mechanical keys
• Integration of new use cases, e.g. follow-me printing
• Manageability of growing systems for sustainable
solutions• Maintainability of system and individual applications
• High availability, controllability and traceability of applications
Multi-vendor systemsStandard ecosystem in growing technology adoption
June 15, 20165.
Use Cases: Multi-national companyCentralized credential management without limiting local autonomy
June 15, 20166.
• Centralized management of access rights
ensuring availability controllability and
traceability• E.g. Centralized blocking of credentials
• Global credential compatible with local
requirements• Local regulations
• Site specific security demands
• Support of individual local solutions
• Flexible system extendibility and maintainability• Enable site specific extension of use cases
Multi-vendor vendor systems
June 15, 20167.
Contactless Smart Card
• High acceptance in
various applications
• User convenience
• Fast roll-out of new
applications
Secure Multi-application
• Adaptable to organiza-
tional changes
• Simple and secure
integration into one
card
Manageable solutions
• Central user and right
management
• Cross application
traceability and
controllability
Shared platform Adaptable solutions Maintainability
• Secure multi-application ensure
protection of individual applications • Only dedicated devices are enabled to access
specific application data
• Usage of harmonized card ID not
natively supported
• Common solutions• Switching of applications resulting in
increased transaction times
• Harmonized application data structure limiting
benefits of individual applications
• Duplication of user id in each application
increasing system maintenance efforts
Challenges of multi-vendor systems
June 15, 20168.
Root directoryPICC Level
User ID1Standard file
Application 1Application ID
User ID2Standard file
Application 2Application ID
• Workflow enabling harmonized user management
throughout multiple applications and services on
card• Compliance with organizational security and privacy
requirements
• Ensuring centralized controllability and traceability
• Single secure user identification accessible from
different applications• Simplified multi-vendor solutions
• Resource efficient and convenient workflows
• Ensuring efficient long-term maintenance of multi-
application systems
Card Identity ManagementCross application user management
June 15, 20169.
MIFARE DESFire® generation benefitsMIFARE DESFire® EV2
June 15, 201610.
2002MIFARE DESFire
2008MIFARE DESFire EV1
2015
MIFARE DESFire EV1 256B
2016MIFARE DESFire EV2
MIFARE
DESFire EV1
MIFARE
DESFire EV2
ISO/IEC 14443 A 1-4
ISO/IEC 7816-4 support extended extended
EEPROM data memory 2/4/8KB 2/4/8KB
Flexible file structure
NFC Forum Tag Type 4
Secure, high-speed cmd
Unique ID 7BUID or 4B RID 7BUID or 4B RID
Number of applications 28 unlimited
Number of files per app 32 32
High data rates support up to 848 Kbit/s up to 848 Kbit/s
Crypto algorithms supportDES/2K3DES/
3K3DES/AES
DES/2K3DES/
3K3DES/AES
CC certification (HW + SW) EAL 4+ EAL 5+
MIsmartApp feature -
Transaction MAC per app -
Multiple keysets per app - Up to 16 keysets
Multiple file access rights - Up to 8 keys
Inter-app files sharing -
Virtual Card Architecture -
Proximity Check -
Delivery typesWafer, MOA4 &
MOA8
Wafer, MOA4 &
MOB6
• Improving maintainability and flexibility of multi-
vendor installations
• Enabling centralized credential management for
efficient local credential use cases• Centralized controllability and traceability
• Simplified cross-site usage
• Optimized overall system maintenance
• Support of individual use cases for maximal
solution benefits• Flexible introduction of new local applications
• Maximize benefits through usage of vendor specific data
structure
Inter-app files sharing Enhanced card identity management capabilities in MIFARE DESFire EV2
June 15, 201611.
Inter-app files sharing – example employee card
Employee Card(MIFARE DESFire EV2)
Upgrade
Employee Card(MIFARE DESFire EV1)
Site A Site B Global ID Site BSite A
New application in Site A is
available to all employees
• Verify backwards compatibility of MIFARE DESFire EV2
in existing applications
• Integration of Inter-app file sharing• To card management workflows
• To infrastructure components
• Integration of interfaces to centralized card identity
management solutions• E.g. blocking of credentials in system, log-file reporting
• Roll-out of flexible solution for multi-vendor environment
Inter-app files sharing – Integration Enabling smart solutions
June 15, 201613.
Thank you
Visit us at http://MIFARE.net
Follow us:
https://twitter.com/nxp_mifare https://at.linkedin.com/in/nxpmifarewww.youtube.com/user/nxpsemiconductorshttp://blog.nxp.com/ https://www.facebook.com/nxpsemi
Webinar SeriesOutlookDate Title
May 24th 2016 MIFARE Innovation Roadmap – present improved, future inside
June 1st 2016 How to protect contactless systems today and tomorrow
June 8th 2016 Enhanced user experience through active application management
June 15th 2016 Streamlined user management for multi-vendor installations
June 22nd 2016 Secure closed loop payments in an open environment
June 29th 2016 Introduce the future in your today’s system – how to ensure smooth system upgrades
July 6th 2016 Added value to card based environments through NFC and cloud – when IoT
becomes reality
July 13th 2016 Complement use cases with mobiles and wearables