Abstract: A method for providing remote programming of a supply tag of a print supply used with an authorized entity's card personalization system is provided. The method includes an issuance server authenticating remote programming of the supply tag, receiving first supply tag data of the print supply including a first digital signature, updating the first supply tag data to obtain second supply tag data, and issuing a second digital signature based on the second supply tag data. The second digital signature secures the second supply tag data.

Abstract: A payment card data preparation and personalization platform provides a card production environment that provides a production context in which card products and card configurations are able to be defined, for example using various guided user interfaces. Furthermore, the platform implements a data preparation engine and a personalization engine. User interfaces guide definition of payment card products, and aspects of data preparation and personalization are independently executable. A product wizard assists with guided definition of a payment card product to be used within the platform.

Abstract: Methods and systems for facilitating authentication of a user with a plurality of applications are described. One method includes authenticating a user with a first secure application based on information received from a smart credential stored on a mobile device via a local wireless connection. The method includes obtaining a remote challenge from a remote authentication service and a mobile challenge, signing the mobile challenge with a private key, and transmitting a signed version of the mobile challenge, the remote challenge, and a public key to the mobile device. The method further includes receiving a signed version of the remote challenge and a certificate indicating validation of the mobile challenge, and transmitting the signed version of the remote challenge to the remote authentication service. Based on receiving an authentication result from the remote authentication service, access is granted to a remote secure application via the browser.

Abstract: An account and payment processing platform is provided. The platform exposes standardized APIs to financial institutions and application providers, and manages third-party system integrations. Individual financial institutions or application providers are mapped to corresponding core banking or switch network systems, and the mapping may be reconfigured without requiring redevelopment by those application providers or financial institutions to accommodate a new integration that might otherwise be required.

Abstract: A process for performing a dedicated backup in a containerized environment is provided. In example aspects, a backup pod performs a backup process for an associated application. The backup pod is customized to contain backup tools that are specific to the backup process for the associated application. The backup pod works in connection with a backup manager that may interface with different backup pods customized for use in conjunction with different containerized applications. In some cases, the backup manager coordinates with each backup pod to provide backup processes for the different containerized applications.

Abstract: A plastic card personalization system with a drop-on-demand plastic card print station that prints radiation curable material, a plasma treatment station, and a radiation curing station. By using a combination of controlling plasma treatment conditions on the surface of the plastic card prior to DOD printing together with controlling the dwell time of the printed material applied to the plastic card prior to full curing of the printed material, a surprising and unexpected improvement of the adhesion of the printed material to the plastic card is achieved.

Abstract: A centralized compliance platform usable to manage security policies associated with security objects, such as keys, secrets, and certificates. Such a centralized compliance platform performs discovery across the enterprise to obtain information about the varying security objects used by that organization, for example via application programming interface (API) connections to enterprise key and secret vaults, as well as certificate storage locations. The platform may generate a user interface at which compliance with enterprise policies may be monitored, which individual compliance issues for specific security objects able to the sorted, searched, and filtered. The platform may also generate one or more actions that may be taken in response to detected compliance issues, for example to generate alerts in response to noncompliant security objects or storage locations.

Abstract: One or more computing devices employs a method that includes requesting a transient credential (e.g., a one-time PKI certificate) as a first identity credential for an application component instance based on a unique identifier associated with the application component instance. The method includes requesting a dynamically-created second identity credential for the application component instance of the application using a request signed (e.g., using the public key of the first identity PKI certificate) based on the transient credential. The method includes receiving the dynamically-created second identity credential and using the dynamically-created second identity credential in a cryptographic function by the application component instance; and managing the replacement of this credential in environments without persistent archival storage accessible by the device/application.

Abstract: Methods and systems for facilitating authentication of a user with a plurality of applications are described. One method includes authenticating a user with a first secure application based on information received from a smart credential stored on a mobile device via a local wireless connection. The method includes obtaining a remote challenge from a remote authentication service and a mobile challenge, signing the mobile challenge with a private key, and transmitting a signed version of the mobile challenge, the remote challenge, and a public key to the mobile device. The method further includes receiving a signed version of the remote challenge and a certificate indicating validation of the mobile challenge, and transmitting the signed version of the remote challenge to the remote authentication service. Based on receiving an authentication result from the remote authentication service, access is granted to a remote secure application via the browser.

Abstract: Printing multi-color images on non-vinyl plastic identification documents in identification document printing systems. A non-linear pixel density adjustment curve is used to adjust the pixel density data of a multi-color image to be printed which adjusts the power applied to the thermal print head. The use of a non-linear pixel density adjustment curve to adjust the pixel density data improves the quality of the resulting multi-color printed image, reduces mass transfer of the dye donor layer, and reduces breaking of the carrier film of the print ribbon.

Abstract: A drop-on-demand plastic card printer includes a tray disposed underneath the plastic card during drop-on-demand printing to catch any overspray that may occur during printing on the plastic card. The tray may be disposable so that the tray is intended to be removed and disposed of. An ink absorbent pad can be disposed in the tray to absorb the oversprayed ink. The ink absorbent pad can be disposed of along with the tray or disposed of separately from the tray.

Abstract: A method of delivering a one-time password to an entity is provided. The entity requesting the one-time password provides a public key of a public-private key pair to the authentication service. The entity can then submit a challenge request to the authentication service. The authentication service will generate a one-time password, and encrypt the one-time password with the public key. The encrypted one-time password is delivered to the entity via an unauthenticated channel.

Abstract: Thermal printing on plastic cards where the energization of each individually energizable heating element of a thermal printhead is adjusted based on a temperature of the thermal printhead and a density of the pixel to be printed. For each pixel, the printhead temperature and the pixel density of a pixel to be printed are used to adjust the strobe pulse length that energizes the heating element to print that pixel. By compensating for both printhead temperature and pixel density, a tighter tolerance of the resulting printed densities is achieved.

Abstract: Root certificates generated by root certificate authorities may be bound at the time of generation. In an example, a first root certificate can include an identity of a first root certificate authority, a first key identifier associated with a first key of the first root certificate authority and an identity of a first digital signature algorithm used by the first root certificate authority. The first root certificate can also include at least one extension including a second key identifier of a second key associated with the second root certificate authority and an identity of a second digital signature algorithm used by the second root certificate authority, the second digital signature algorithm being different from the first digital signature algorithm.

Abstract: Content, such as an encryption key, may be transmitted between computing systems that both use more than one encryption algorithm. Secrets may be used to encode the content. The different encryption algorithms may be used to separately encrypt the encoded content and the secrets prior to communicating the encrypted, encoded content and encrypted secrets between computing systems.

Abstract: A material that is curable by radiation is applied over or included in colored material on non-printed machined characters formed on a plastic card. After applying the colored material and the radiation curable material to the machined characters, radiation is used to cure the radiation curable material. The colored material has improved durability due to the radiation cured material.

Abstract: A DOD print station has at least one DOD print head that applies radiation curable material, to a surface of an identification document. A curing station is adjacent to the DOD print station. The curing station includes at least one radiation emitting device, for example a UV light emitting device, that cures the radiation curable material applied to the surface. The curing station is configured to prevent stray radiation emitted from the radiation emitting device from impinging on the DOD print head(s) and prevent exposure to the operator of the DOD print station.

Abstract: A card/carrier combination sorter system is described that is configured for use with a card/carrier combination production system. The sorter system includes an input that is in communication with an output of the production system so as to receive a plurality of card/carrier combinations one-by-one from the production system. The sorter system is configured to sort the plurality of card/carrier combinations into one or more bins of the sorter system. In some embodiments, a card/carrier combination is not diverted and is instead output through an output of the sorter system to an inserter system for insertion into an envelope and subsequent mailing.

Abstract: Methods and systems of actively cooling a card while the card is within a card processing machine are described. One or more cooling stations are provided within the card processing machine to actively cool the card prior to performing a processing operation, during a processing operation, and/or after a processing operation on the card in order to reduce a temperature of the surface of the card.

Abstract: Methods and systems for remote, asynchronous key entry and extraction are provided. A credential device can store a first key thereon, and can store an encrypted key component. A hardware security module manages a key template including a plurality of key components. The hardware security module manages a complementary key to the first key. The key component on the credential device can be encrypted with the first key for storage on the credential device and decrypted by the complementary key at the hardware security module. Alternately, the key component can be encrypted with the complementary key and provided to the credential device for decryption at a secure system via the first key. Accordingly, a key custodian may supply or extract a key component at a hardware security module remotely and at a time convenient to that key custodian.