Infineon Technologies AG and Bundesdruckerei GmbH have developed a new security smart card with an LED display and a one-time password. This new technology is centred around a security chip in the card which generates a one-time password for each transaction and displays this on the integrated LED display. Requesting the one-time password in addition to the static password boosts the security of authentication and payment applications and protects against attacks on e.g. company networks and against card manipulation.
At the "CeBIT", which will be held in Hanover from 5 to 9 March, 2013, the partners will present mobile application scenarios using the card.
Bundesdruckerei and Infineon Technologies have joined forces in 2011 to develop technologies that will make security documents even more secure. The aim of the innovation partnership has been to develop technologies for the next generation of security documents, such as company ID cards or electronic ID documents (eID). As a developer and producer of high-security ID documents and systems, Bundesdruckerei is contributing its expertise and the design of security features for polycarbonate cards. Semiconductor manufacturer Infineon is contributing its expertise in the development and the production of contactless security chips and chip packages and their integration into cards.
Greater security by combining the static and dynamic PIN
The new contactless security card is based on the combination of static and dynamic PIN. The future holder receives the card with a static password that can be made up of a sequence of numbers. Each time the card is used, a dynamic PIN supplement (one-time password) is requested. The dynamic PIN is automatically generated for each transaction by the security chip in the card and displayed on the integrated LED display. The chip used has set new standards for contactless applications: It uses the energy radiated from the card reader to power the security chip and generate the password as well as to power the display elements. The LED display itself is embedded into the card so that the digits light up on the card surface.
This solution provides enhanced security, i.e. even if the static PIN is stolen or read out by malware, it cannot be used by an unauthorised party when the dynamic PIN supplement is missing. The dynamic PIN, on the other hand, is only generated on the card and cannot be read from the card's display by malware. "With this new system-on-documents technology, we have lifted the security of log-in processes to a whole new level," Ulrich Hamann, CEO of Bundesdruckerei GmbH is pleased to report.
One solution for different card systems conceivable
The card can be used for all log-in scenarios, such as logging in at a PC into a company network or into social networks on the net. The new technology is also suitable for many other card systems. It could be used, for instance, to boost security for card payments (EC cards or credit cards). "The combination of contactless security chip and innovative package technology in one LED display card is unique," says Dr. Stefan Hofschen, President of the Chip Card & Security Division at Infineon Technologies AG. "We constantly advance our chip solutions, to serve the needs of new markets with growing security demands and to increase consumer trust in new applications."
Also designed for mobile use
The unique new polycarbonate smart card is not only designed for use with a conventional reading device, it can also be used via an NFC-enabled smart phone that serves as the reader. Bundesdruckerei is presenting such a scenario at its CeBIT booth in hall 7 of the Public Sector Parc from 5 to 9 March 2013 in Hanover.
Further information on Infineon's chip card and security solutions is available under www.infineon.com/chip-card-and-security .
Explore further: Sony's contactless IC card chip acquires world's first EAL6+ certification of common criteria, standard for IT Security