In 2012, the number of dual-interface cards used in the worldwide payment-chip-card market was 672 million. According to IMS Research, that number will grow to 6.1 billion by 2017. This potential for growth is providing incentive for a number of companies to develop products for contact and contactless card applications. Infineon Technologies, for example, recently announced its Coil-on-Module chip package designed for use in dual-interface bank and credit cards.
This package combines a security chip and an antenna for an RF connection to the antenna embedded on the plastic payment card. According to engineers at Infineon, employing an RF link rather than a more traditional mechanical-electrical connection between the card antenna and the module results in a number of advantages, such as a 5X increase in speed. Among the other key benefits are stronger construction of the payment card, simplified design, and less expensive manufacturing.
The card owner’s personal data is stored on the security chip of the dual-interface card. During a payment transaction, that data is transmitted via the card antenna to the card readers. In conventional card manufacturing processes, the chip module is connected to the card antenna via mechanical-electrical procedures, such as soldered connections or conductive paste. The Coil-on-Module technology takes a more simplified approach, using the antenna integrated on the back of the chip module to transmit data to the card antenna. This process relies on inductive coupling, which is essentially a radio connection. Using contactless data transfer rather than the traditional, stressful mechanical connections, the new dual-interface card is more robust than older payment cards. With this design, it is much easier and quicker for card manufacturers to embed the Coil-on-Module in the card.
The Coil-on-Module package combines a security chip and antenna, which enables an RF connection to the antenna embedded on the plastic payment card. By using an RF link rather than a mechanical-electrical connection, this solution provides as much as a 5X increase in speed compared to conventional solutions.
Card makers also have the advantage of being able to use all Infineon chip/module combinations with a universal card antenna. (That antenna’s design parameters were developed by Infineon.) In addition, existing production plants for contact-based chip cards can be used for dual-interface cards with no further plant investments. Each Infineon Coil-on-Module now uses the same type of card antenna, reducing the card manufacturer’s design and testing expenses while simplifying stock management.
In addition to its card developments, Infineon Technologies has been targeting the payment industry’s security gaps. According to the company, its communication interface for near-field communications (NFC) applications, dubbed the Digital Contactless Bridge (DCLB) interface, provides a secure connection between an embedded Secure Element and an NFC modem. Because a DCLB interface is free, it has been widely implemented by manufacturers of NFC modems and Secure Elements for handsets. To date, more than 10 manufacturers have licensed the Infineon DCLB interface. They include Texas Instruments, Inside Secure, MicroPross, MtekVision, Crocus Technology, and KEOLABS.
The DCLB interface is suitable for NFC applications requiring fast response times, such as mobile payment, access control, or ticketing in public transport. It promises to improve performance of the connection between an NFC modem device and the secure element, where the transaction is partially executed by supporting peak data rates of 848 kb/s. In addition, Infineon’s security controller is the first embedded secure element awarded with the security certificate, the Common Criteria EAL 6 (see "An Overview Of EALs" below).
The Evaluation Assurance Level (EAL) of a product is a numerical grade, ranging from EAL1 to EAL7, which is assigned following the completion of a Common Criteria security evaluation—an international standard in effect since 1999. The increasing assurance levels reflect added assurance requirements that must be met to achieve Common Criteria certification. The intent of the higher levels is to provide higher confidence that the system’s principal security features are reliably implemented. The EAL does not measure the security of the system itself. Rather, it states at what level the system was tested.
To achieve a particular EAL, the computer system must meet specific assurance requirements. Most of these requirements involve design documentation, design analysis, functional testing, or penetration testing. The higher EALs involve more detailed documentation, analysis, and testing than the lower ones.