Embed Size (px)
Citation preview
Version 1.0
PIN solutions from Otto Künnecke
Modular and secure solutions for the dispatch of PIN-numbers
Version 1.0
Content
• Information about market requirements
• Process of PIN
• Otto Künnecke products
Version 1.0
Otto Künnecke – Successfully installed PIN Handling SystemsOtto Künnecke machines are in use in many banks worldwide.
Germany Germany Germany
Australia
Germany Germany Germany
GermanyItaly
Version 1.0
PIN numbers: growing demand to secure electronic transactionsPIN numbers are not only used for ATM machines for financial cards. PIN numbers are used to secure online transactions with POS terminals, to secure private data storage in health cards and to integrate electronic signatures and e-government functions for ID and citizen cards.
PIN no: 9999
Applications which are secured by PINs are:
• E-Government functions for ID-cards• Electronic signatures
• Protect public and private data storage in chips (European Health Card)
• Online transactions
• ATM cash withdrawl
Version 1.0
Actual products
• Non secure during processing and dispatch• No laser printing• Looks antique• Not tamper prove New technologies
PIN number
Address
PIN – letters so far were mostly printed with a matrix-printer with low print quality on special continuous form carbon paper.
The disadvantages were:
Version 1.0
Financial market is looking for new products
These new technologies should contain • Better printing technology (laser, inkjet)• Higher security during processing and
transport• Possible to integrate existing HSM
software• Multiple PIN possible• Same consumable costs like existing
technology
Worldwide, the financial market is looking for new technologies which include higher security and better design and which fits into actual marketing strategy.
For such a new application, it is mandatory that the product itself protects the PIN securely and that the process of personalization and dispatch is secured against fraud.
Version 1.0
Overview Security Levels
The security of Personal Identification Numbers (PINs), which enable business transactions or grant credibility or access to somehow personal content for authentication purposes, builds the foundation layer for the public and assures customers´acceptance of new technologies in general. Especially, when using a chip card for highly secure transactions, the consumer expects (and can expect) highest level of security.
A highly secured PIN is necessary to create and build the necessary “trust and confidence” for instance for bank account holders and plays a central role in the customer acceptance for the “Chip & PIN” - Technology.
However, nowadays, the usage of PINs is not limited to the banking environment, much more PINs have a vital role for the authentication process since digital signature is today playing a major role in the ID sector.
With the worldwide rapid development of the PIN as a primary factor for authorizing for instance bank card transactions and signing documents or other transactions, the vulnerability of the confidential PIN mailer becomes more and more an issue.
Version 1.0
Overview Security Levels
Antique and insecure PIN mailers remained for a long time as a suitable vehicle for advising confidential PINs to cardholders. Since they are still in use, they are a highly underestimated thread for the banking- and ID systems and endanger customers acceptance and especially the “trust and confidence factor” when used.
This document shall describe the different security levels of PIN mailers and attack levels in an abstract level. It describes also the aspect of vulnerability of technology. Furthermore, it presents the possible levels of security of PIN mailers according to their ability to resist attacks from a variety of attackers. First, the types of potential attackers are identified in terms of their skills and the resources and budget available to them. Then, the security levels of PIN mailers are defined in terms of their resistance to attack. Thus, the individual security levels derive from the before mentioned parameters.
Version 1.0
Attack methods
What is a PIN? Personal Identification Number
What is a PIN mailer? Paper device (stationery on which the PIN is printed) used to advise a user of technology of the PIN. A PIN can be used with a specific bank card.
What types of attacks are used by criminals?
• Optical: image detection using visual techniques including microscopy, different illumination sources, scanning,
image filtering, etc.• Physical (tampering): detection and reconstruction using mechanical attack.(image transfer): thermal treatment, X-rays and electrostatics.
• Chemical: image transfer or detection and mailer reconstruction using solvent based techniques.
Version 1.0
Missing Security for these kinds of products
Version 1.0
Attacker skills and resources
SkillsR
esou
rces
- Small organisation (organised crime) - large budget - extensive equipment
- Large organization(organized crime)- unlimited budget- unlimited equipment
- Ordinary individual, - no budget, - no special knowledge - no equipment
- Creative individual- small budget- some special knowledge - some equipment
Version 1.0
PIN-mailer Security Level
The mailer contains tamper resistant and/or tamper evident features. Some or all of these features can be circumvented using simple tools that are readily available in the home or office and with no special knowledge or training.
The mailer has a basic level of security and tamper resistance. The data it contains could be partly or fully obtained by detailed observation without using any aids to observation
The mailer has effective tamper resistant and/or tamper evident features. Skilled attackers deploying laboratory equipment are may be able to retrieve some of the information held within the mailer but it should not be possible to circumvent tamper evident featureswithout significant expenditure of time and resource.
The mailer contains tamper resistant and/or tamper evident features that are effective against a range of unskilled attacks. Some or all of the security features can be circumvented using equipment that is readily available in the home or can be obtained at minimal cost (e.g. < USD 100). Some skill and practice would be required. Untrained attackers should need at least several time to develop the necessary skills to adopt appropriate attack techniques.
Tamper resistance
Tru
st
an
d
con
fid
en
ce
facto
r
3
2
4
1
Version 1.0
A secure product has to be protected against various attacks. There are different levels of security to protect the PIN from simple mechanical to complicated chemical manipulation. The main objective of all efforts is to create a product that is safe from fraud – from its generation until the end user holds it in his hands. The PIN can be manipulated in different ways:
Securing the PIN
• Mechanical opening
• Different light, X-Ray, UV
• Hot and cold temperatures
• Chemical opening
• Magnetic visualization
Version 1.0
Overview Security Levels – existing technologies
Hydalam Pin-Tab Dot matrix
Version 1.0
PHS – TS: PIN Handling System – Thermoseal®
Special Thermoseal®-Paper is printed, folded and sealed once around by means of heat. It can be used either as u- or roll-fold. The connection of online-laser print-systems is included as a standard – it is also possible to run the system offline, though.
PHS – SL: PIN Handling System – PIN with Single Label
The system uses standard laser paper. The back side of the paper includes a special matrix. As soon as a label is affixed on top of the PIN, the PIN is no longer visible from the back side. More than one label can be attached to the carrier. Printing of the layout is carried out by means of a laser printer. Optionally, the carrier can then be folded and inserted.
*Secu
rity
level 2
:*S
ecu
rity
level 2
:
*Security level according to APACS Standard 72
Family ties: MAILok PHS
Version 1.0
PHS – TSL: PIN Handling System – Thermoseal® with Label
Special Thermoseal®-Paper is pre-printed by a laser printer. The printed PIN-number is covered with a security label. Afterwards, the letter is folded and sealed once around by means of heat. Opening without any visible traces is nearly impossible.
PHS – DL: PIN Handling System – PIN with Double Label
The carrier is printed and the first label is attached. Also, more than one label can be affixed (PIN & TAN). In the second step, the PIN-number is printed to the label. Immediately after printing of the PIN-number, the second label is attached above the PIN. The PIN is now no longer visible and absolutely safe in between the two labels.
1234
*Secu
rity
level 3
:*S
ecu
rity
level 4
:
*Security level according to APACS Standard 72
Family ties: MAILok PHS
Version 1.0
Security is not only limited to the product itself – also the production process has to be protected to prevent unauthorized eyes from viewing the PIN together with the corresponding address. For this reason, machines that process PINs have to be designed in such a way that makes it impossible for the operator to read the PIN. This has to be done by mechanical security concepts like non-transparent covers with electrical locks as well as IT- and technical security structures, so the PIN can neither be recognized during print editing, nor during and after printing.
Securing the production process
Electrical lock
Black covers
Version 1.0
Software solutions – High Secure Module basic process
Logo
Information, Information, Information, Information, Information, Information.
Logo
Information, Information, Information, Information, Information, Information.
123456
AdressAdressAdress
9876
With the basic process, the text of the PIN letter is pre-printed in offset and only PIN, account number and address are added during personalization.
Offset Print Final product
In basic version, the data is encrypted in the customer software (PIN Manager) and transferred to the customer’s HSM software. The existing HSM software transmits the data, PIN and simple print information (such as address) to the printer in unencrypted form. In the printer, the PINs and addresses are printed on pre-printed paper.
Version 1.0
Software solutions – High Secure Module advance processWith the advanced process, a blank sheet is personalized with any information, PIN, Barcode, Datamatrix, account number and address. The print can be different from sheet to sheet.
Logo
Information, Information, Information, Information, Information, Information, Information.
123456
AdressAdressAdress
9876
Logo
Information, Information, Information, Information, Information, Information.
123456
AdressAdressAdress
9876
Logo
Information, Information, Information, Information, Information, Information.
123456
AdressAdressAdress
9876
Logo
Information, Information, Information, Information.
123456
AdressAdressAdress
9876
Information, Information, Information, Information.
Offset Print
Final product
The encrypted PIN is transmitted from the customer network to the Otto Künnecke Security PC (SPC) with integrated HSM solution. The integrated print software can activate different print layouts “on demand” an is able to generate PIN specific prints that way.
Version 1.0
Existing new solutions with some disadvantages
The industry developed some special paper technologies which are easy to operate but have disadvantages in security.
Technology A Technology B
Version 1.0
Missing Security for these kinds of products
Version 1.0
New practical and safe solutions are available
Otto Künnecke is offering complete solutions around PIN-letters in various designs for printing and mailing as single step production or as a complete inline solution. These solutions include:
The future for the personalization of PIN-letters will not include old fashioned technology or unsecure and expensive paper solutions. The future lies in high secure and professional solutions.
Thermo sealing
Press sealing Secure Labeling
Version 1.0
Special paper is required.
The advantages are obvious• Universally applicable and suitable for laser
printers.• All leading providers of laser printers certify
the best applicability of Thermo-Seal®-paper for your printing systems.
• Certified data security through a perfect thermo lock which can not be opened without visible damaging.
Process Thermoseal®
Thermo sealing is an option for PIN letters which is similar to press sealing. Special paper is required which already contains a special kind of glue on the whole inside of the paper structure. In difference to press sealing paper, combining of the paper can be carried out at any position by means of heated rolls.In this case, these parts of the paper are glued together securely. The PIN letter can only be opened by destroying the paper.Due to additional security reasons, a special security label can be added to hide the PIN number. The labels which are used are either scratch off or peel off labels.For PIN mailers the gluing process has to be done in two steps to cover all four sides of the paper.
Version 1.0
Process Thermoseal® with label attachment
• The carrier is printed on special Thermoseal®-paper. • The security label is attached to the carrier. • The carrier is folded and thermosealed®.
Version 1.0
Process carrier with one label
• The carrier is printed.• The paper has a special matrix on the backside in order for the
PIN to be invisible. • The security labels are attached to the carrier. One or more
labels can be attached to the carrier.
• As an option the carriers could be folded and inserted.
Version 1.0
Process carrier with sandwich label
PIN with two labels on top of each other
• The carrier is printed and the first label is attached to the carrier. Multiple labels for different PIN & TAN can be applied.
• In the second step the PIN number is printed on top of the first label.
• Immediately after printing, the second label is attached to hide the PIN number.
1234
Version 1.0
Process carrier with card and label attachment
• The card carrier is printed and the PIN is printed in the same stream.
• The security label is attached to the carrier to hide the PIN and the card is attached also.
• The carrier is folded and inserted in an envelope.• In the bank branch, the card holder has to identify himself and
card and PIN is activated by either telephone connection between bank officer and headquarter or by scanning a printed barcode which is linked online to the central server.
PIN
Barcode
Version 1.0
Peel-off - LabelThe Peel-off-Label is a simple and efficient solution to protect PIN-numbers on forms. The PIN-number will be visible through simple peel-off along the perforation line. This label is not resistant to heat or special acids.
Void – LabelThe Void-Label was specially created for covering of secret numbers on forms and contains an absolute opaque scratch covering. The covering foil of the label is equipped with a concealed writing which will show an irrevocable message (void or a logo) when trying to dissolve the label. In the event of exposure to heat, the label tightens irrevocably.
Double - LabelHere, two labels are used. The bottom label is affixed to a card or a carrier. A number is printed to the bottom label with a printer and afterwards, a second label with a scratch field is affixed on top. The PIN-number is now safe in between the two labels and can only be read after scratching off the scratch field. In case of manipulation, the bottom label as well as the top label will tear off together. Thus, there is no possibility to attain the PIN-number unnoticeably.
Individual label solutions for the safe protection of your PIN
Version 1.0
PIN labels are available in the sizes of min. 10mm x 20mm up to 60mm x 100mm, no matter if scratch- or peel-off label.
Min. Max.
Individual PIN solutions for the safe protection of your PIN
Multiple PINs
ATM
Electronic banking
Version 1.0
Form Feeding• Cut sheet printer•Duplex/ simplex
Form Processing• Security label attachment• Form verification
Folding• U-fold• Z-fold• C-fold
Thermo-Sealing®
Press-Sealing®
Inserting•C6/C5 envelopes•Multiple enclosures
•Gripper arm•Friction feed•Vacuum feed
Post processing•Verification•Grouping•Sorting•Franking•Labeling
OK has produced complete modular solutions for all these products
Version 1.0
PHS-TS: standalone thermo seal system
(no label; with and without printing)
FoldingPrinting
Mr. MustermannMusterstarsse 1234657 Musterstadt
Thermo sealing
Folding
Mr. MustermannMusterstarsse 1234657 Musterstadt
Thermo sealing
OK products – PHS – TS
Version 1.0
PHS-SL for C6 sheets with one scratch label per form
OK products – PHS – SL
Version 1.0
PHS-TSL with labeling and thermo seal®
FoldingPrinting Labeling
Mr. MustermannMusterstarsse 1234657 Musterstadt
Mr. MustermannMusterstarsse 1234657 Musterstadt
Thermo Seal ®length & square
Verification
OK products – PHS – TSL
Version 1.0
PHS-DL with sandwich label
Security label I
Mr. MustermannMusterstarsse 1234657 Musterstadt
Mr. MustermannMusterstarsse 1234657 Musterstadt
Mr. MustermannMusterstarsse 1234657 Musterstadt
Mr. MustermannMusterstarsse 1234657 Musterstadt
Ink-jet printing
Mr. MustermannMusterstarsse 1234657 Musterstadt
Mr. MustermannMusterstarsse 1234657 Musterstadt
1234 1234
Security label II
Mr. MustermannMusterstarsse 1234657 Musterstadt
Mr. MustermannMusterstarsse 1234657 Musterstadt
1234 1234
OK products – PHS – DL
Version 1.0
OK products – PHS – CCL
PHS-CCL Card-carrier in combination with label
FoldingPrinting Labeling
Mr. MustermannMusterstarsse 1234657 Musterstadt
Card attachment
Mr. MustermannMusterstarsse 1234657 Musterstadt
Mr. MustermannMusterstarsse 1234657 Musterstadt
1234
Version 1.0
Summary
Otto Künnecke provides machines for all PIN applications.
