The Need for Smarter, Streamlined Personalization
Contactless smart chip technology is undoubtedly the most prevalent technology used in today’s large identification and access control projects in many industry segments. NXP’s MIFARE® DESfire® EV1, EV2 and now EV3 contactless chip technology is rapidly becoming the gold standard for card technology in higher education, large corporations, and many airports. HID’s iClass Seos®, iCLASS SE® and iCLASS® are other popular contactless card technologies that are often deployed in these same market segments.
While these contactless chip cards may contain some pre-programming of data in the chip, they almost always require further personalization (chip programming) at the time of issuance to the cardholder or just before. The typical routine often involves putting a contactless card near or on a contactless encoder/reader and reading some pre-programmed information from the card, then encoding additional information using a client’s custom encryption keys. This process is often performed using a simple contactless encoder that looks like a wireless phone charger, and it connects to the PC that is running the card issuance software using a USB cable.
And once the contactless chip in the card is programmed for a specific person, it is often then placed into a desktop identification card printer, and the card is further personalized by adding the cardholder’s photo, name and other identifying info to front and/or back of the contactless card.
The Problem with Manual Personalization
This well-established manual process works fine – so long as there are no mistakes. But what happens, say, during a university orientation week when extremely large quantities of cards must be printed in rapid succession? Imagine the cost when a very large corporation makes a small ID card printing error many times. Or when an employee with lower security privileges is inadvertently granted top security clearance due to crossing card printing?
Here’s where errors might happen: In a busy ID card issuance office, you run the risk that you put one person’s information into the contactless chip in step one, and you accidentally put someone else’s information on the outside of the card in step two. This might happen, for example, if you set the card down for a moment due to a printer problem or another interruption, and then you pick up the wrong card and place it into the ID card printer in step two and print the wrong person’s information on the card.
There are definitely steps you can put in place to verify the information in the chip matches what is printed on the card BEFORE the cardholder leaves the ID office, but fixing such a mistake will require you shred two brand new ID cards. You may have just spent the last 5 or 10 minutes making those cards and now have to start over, which isn’t great if you have a line of people waiting for a card. Ignoring the human labor cost, keep in mind that these types of cards often cost $3 to $6 each, so the mistake described here might cause $8 of cards to go in the shredder. And if you don’t verify the cards before they leave the ID issuance office, you run the risk that two people leave with the wrong security privileges, which could have consequences well beyond the card costs.
And remember that contactless card technology is most prevalent in larger organizations where there may be 25,000 to 100,000 active cardholders, which means there is considerably higher potential for waste and mistakes. And some of the markets that use this technology, like universities, need to issue cards for a lot of people in a short period of time – perhaps thousands of new student IDs in only a couple of weeks.
The manual process of reading a card, encoding it, then inserting it into a card printer by hand also prevents the use of batch printing, which if often desirable when doing a corporation is doing a mass reissue of cards, or a university is in the middle of new student orientation.
Solution: Chip Encoding and Printing in One Process
One solution is to hire a third-party to help you with large-scale contactless card issuance in a short period of time. Companies like K&A Industries in South Plainfield, NJ specialize in converting cardholder populations over from an older technology to the newest contactless technologies. Companies like K&A can definitely help with pre-populating cards and ease the pain of migrating from an older, less sure technology like magstripe encoding or HID Prox cards to something like DESFire.
But if you already have your campus, company or airport converted to new contactless technology cards, you may still find the multistep process of personalizing the contactless chip and then separately printing the ID card to be too cumbersome or laborious for your high-volume card issuance office. That’s when it is time to investigate options to combine the processes into a single step inside a card printer.
Ideally, you want to click “Print” or “Issue Card” or something like that in your software:
- Have a card loaded into your printer
- Have the chip serial number read by a reader/encoder in the printer and passed to the software application for associating with a particular person’s cardholder record;
- Then have the software application securely program the information related to the cardholder into the contactless chip
- Verify that all the encoding completed correctly
- Print a cardholder’s image, name and other info onto the card.
The overall process is often referred to as “inline chip encoding,” as “in line” with the printing process. The distinguishing feature is that you issue a single PC command that performs both the chip encoding and printing as one process.
Inline chip encoding is definitely doable when connecting the card printer or printers to PCs using a USB connection. Almost all card printers on the market have a USB interface, and virtually all contactless (and contact) chip encoders available today use a USB interface. The viability of inline contactless chip encoding over USB really comes down to just a few things:
- Can your card printer support internal mounting of a contactless chip encoder that meets the latest standards?
- Does your ID card issuance software support “inline” encoding of the chip as part of the printing process for your printer type and encoder type?
In some cases, you may need a different card printer brand, but this inline chip encoding over USB is definitely in place at numerous customer sites today.
But everything gets more complicated when you need or want to connect your printers via Ethernet. While most modern card printers include a USB and an Ethernet port, the problem is there are virtually no contactless chip encoders designed for use with an Ethernet interface. They all pretty much rely on a USB interface with Windows-based USB drivers installed on the PC that will perform the chip encoding. This can be a major problem to large organizations that like to have all devices like card printers attached to their network via Ethernet and assigned an IP address for remote monitoring or for security reasons.
A few card printer manufacturers have developed “bridge” devices that allow the bridge device to connect to the customer’s Ethernet network, and it then relays all chip encoding commands to the inline encoder via the standard USB communication channel, as well as the same for the card printing commands. Inline chip encoding over Ethernet, which is often called “single wire encoding” (meaning all the chip encoding commands and card printing commands travel over a single Ethernet cable), is doable, but it requires the card printer, bridge device and card printing (card issuance) software to work together in way that require advance testing and certification.
Swiftpro retransfer card printers offer several bridge device solutions to allow card issuance software companies options. For example, one solution uses a simple Raspberry Pi device running Linux along with a special SDK that address most requirements. Another involves an embedded or external mini PC that running Windows 10. We have also seen solutions deployed using basic Silex Ethernet-to-USB devices, although it required a good bit of custom software development.
How to Learn More
If your organization wants to perform contactless (or contact) chip encoding in a card printer connected to your PCs and server via an Ethernet network, and you develop your own card issuance software or have a software provider that is open to implementing such a solution with and for you, please contact a technical sales specialist at firstname.lastname@example.org or call us at 732-271-7369.