High-tech security

Jack Mans, Plant Operations Editor

January 29, 2014

12 Min Read
High-tech security


Privacy for individual Internet accounts is a major concern for many of the most prominent organizations in banking, financial services, healthcare, telecommunications, manufacturing, public utilities, and federal and local governments. With broad expertise in security technology, Secure Computing Corp., San Jose, CA, develops network security products that deal with these concerns and help create a trusted environment both inside and outside of organizations.

Among Secure's products for this market are its credit-card-sized or smaller SafeWord® PremierAccess™ tokens, which positively identify users before giving them access to critical business systems. Each SafeWord token contains a unique secret key, an event counter, and an advanced encryption algorithm that can generate millions of unique codes that can only be predicted by the PremierAccess server, which has the same algorithm and event counter as the token. When a user logs in with a token-generated pass code, the security server verifies that the right pass code has come from the right token, assigned to a specific user who has a specific set of role-based access privileges. Each pass code can only be used once, so that sniffing, stealing or borrowing a used token-pass code is useless to a hacker. For added protection, SafeWord tokens and the PremierAccess server use a synchronized event counter to generate and verify each pass code. For example, if a user has logged in with pass code #100, the server will expect pass code #101 for the next login.

SafeWord tokens are supplied in three levels of sophistication. The most compact and easy-to-use token, the Silver 2000, fits on a key ring and provides one-time pass codes with the push of a single button. Users can also add a PIN to the token pass code when logging in, to provide two-factor authentication. With a durable, sealed case, a large display and an extremely long battery life, the Silver 2000 is convenient, easy to use and very reliable.

The SafeWord Gold 3000 combines a convenient keyring size with an onboard PIN pad for added security. The Gold 3000 will only generate the correct pass code after the correct PIN has been entered and has attack lockouts if the wrong PIN is entered too many times. The large, interactive display allows users to update PINs. The Gold 3000 also supports challenge-response authentication.

The SafeWord Platinum token provides an onboard PIN pad in a calculator-style case. The Platinum also supports attack lockouts, challenge-response authentication and user PIN changes. In addition, the Platinum token allows battery replacement without losing token programming, giving it an almost unlimited life.

New line runs all three tokens
The Secure Computing plant in New Brighton, MN, outside of Minneapolis, recently installed a line to package SafeWord tokens in clear plastic clamshell trays. Designed and built by Midmac Systems, Inc., St. Paul, MN, the Phase II Automated Token Packaging System is engineered to program SafeWord tokens and place up to three of them in a clamshell tray. "We contacted Midmac with a high-level concept of the line we wanted, and they provided a lot of suggestions and ideas based on their experience," says production manager Jon Mills at Secure's New Brighton plant. "We insisted on a partner that was going to give attention to details and help Secure build a very high-integrity system. Once we placed the order, they were very receptive to changes along the way, and they were very helpful during installation and startup. It only took nine months from concept to installation and full operation."

Midmac used their standard Automatic Rigid Tray (ART) automation system as a basis for the design. The system starts with an indexing tray conveyor, which takes trays that are automatically fed from a magazine and moves them along a linear conveyor, where the tokens and all of the support information and components are loaded into the tray. Midmac supplied the equipment for all of the packaging stations, and provided the line integration and programming for the entire operation.

A rotary unit dispenses tokens onto an indexing conveyor that transports them past a programming station and then to a robot that places them in clear trays.

"The challenge for Secure was not just automating the packaging process, but also keeping track of all of the products going into each unique package, with no possibility of error," says Midmac president Tim Hedlund. "The packaging process had to flawlessly check and validate each individual operation through every step of the process. In addition, it had to program the tokens from Secure's main computer system, then transfer information back and forth from the computer system to verify that each unique package was correctly assembled.

"The project required intense coordination between the customer, the machine builder and the supplier of the trays. Secure and Midmac worked closely together to assure that the product design and the package design met the requirements for efficient, effective automation."

Items that may be placed in the same clamshell tray, in addition to the tokens, include a 31/2-in. floppy disk, a CD in a chipboard sleeve, a token jacket (one per token), a manual booklet, a graphic chipboard sheet and a wallet card. (There is also an open station for future personalization literature.) Once loaded, the clamshell tray is closed, scanned and placed in a corrugated tray that is then labeled with unique information based on the token's bar code and programming. The system, which is capable of handling 20 tokens/min, can handle the SafeWord Silver, Gold or Platinum tokens.

During PD's visit, the line was running tokens for a major financial institution that utilize all of the pick-and-place units. To start a production run, data from the customer that is to be imparted to each individual token is loaded into the Midmac packaging line's control computer. The system displays information required by the operator to guide him/her through the production preparation procedure.

Clamshell trays, which are supplied by Axis Packaging, are delivered to an intermittent-motion indexing conveyor by a dual-magazine MGS IPP 290 intermittent-motion pick-and-place unit that removes two trays at a time from the end of the magazine by vacuum and places them onto the conveyor. A scanner verifies that trays are dispensed during this operation. Trays index every three seconds onto the tray conveyor, which utilizes an indexing belt with lugs mounted on it to properly locate and maintain orientation of the trays as they feed through the package-loading process. Side guides provide side-to-side registration of the trays throughout the transport area. The conveyor is driven by an AC servo motor, coupled to a planetary gearbox, to provide a smooth acceleration and deceleration through the intermittent indexing process.

Rotary unit dispenses tokens to conveyor
Tokens are dispensed by a rotary token feeder with multiple vertical magazines. The machine indexes to align a magazine over a reciprocating feed gate that allows a single token to discharge onto an indexing conveyor, while holding back the rest of the stack. When the stack level is below the bottom of the hopper dial, it rotates to the next magazine to maintain the supply of tokens.

The first stop on the indexing conveyor is a programming station, where the token is registered, and the token bar code is scanned. The system PC records the bar code in its local record set as a record associated with the first user profile that has not been completed (i.e., programmed, packaged and labeled for shipping). This identifies the token serial number with the end user.

The programming station includes a program wand with a seven-pin connection. The pins are pogo pins that allow for compliance for interaction with the token. The programming wand moves downward and interacts with the programming holes on the token. If contact on the probe is not achieved on the first try, a slight vibration to the probe is induced on the second try to help establish connection. If connection is still not achieved, the token is rejected. After the token is programmed, it is inspected by a vision system, which identifies the presence of each display "segment" when the test pattern is displayed. Any token that fails this test is placed in the reject bin at the robot station, and the next token in line is programmed with the information intended for the rejected token.

A roller passes across the top edges of the tray to push protrusions in the top flap into indentations in the bottom.

After programming, the token indexing conveyor transports the tokens to the robotic packing station. An Adept SCARA robot picks up the token and presents it to a bar-code reader to verify its identity. Most tokens are loaded into the clamshell trays, but three discharge chutes within the robotic workcell provide alternate discharges for programmed tokens into customer-supplied bulk bins or for manual packaging, thereby bypassing the automated packaging operations downstream. One of these discharge locations serves as a reject for tokens that have failed a quality test prior to this point. A presence sensor is included at each of the bulk-bin locations to verify the presence of a bin for quality control purposes. An operator scans the bar code on each bin during bin changes to track of which tokens reside in which bins after processing.

For tokens that are to be loaded into the clamshell trays, the robot places each of these tokens into the appropriate location on the tray. If more than one token is to be placed into a tray, the token-loading procedure is repeated before the tray indexes to the next station. At this point, if the tray is identified as a successful package, this information is communicated to the system record set.

Pick-and-place units
After the tokens have been placed in the tray, the indexing conveyor transports the tray past six MGS IPP 190 intermittent-motion pick-and-place units that place additional items in the trays. Not all token customers use all of these systems, but if all of them are used, they would place a floppy disk, a token jacket, a jacketed CD, a wallet card, an information literature booklet and a graphic card into the tray. Each pick-and-place unit includes a single magazine capable of storing up to 30 in. of product. Products are removed from the end of the magazine by vacuum and are placed directly into the tray. Each magazine includes a low-level sensor to alert the operator if it is running out of products, while other sensors ensure proper placement and movement of the pick-and-place system.

As the trays continue down the conveyor, a lid-closing rail gradually folds the lids over from the open position to the nearly closed position. The tray then reaches the lid closer, where a pneumatically actuated roller passes across the top of the tray while it is stopped to snap the lid closed, and then retracts prior to the next index of the conveyor.

Trays then advance to the reject area, where trays identified as rejects are diverted onto a chute for removal by the operator. Reasons for rejection include a "mis-pick" of material or a clamshell lid not completely closed.

A scanner after the lid closer scans the bar codes on the tokens as they are exposed through the see-through clamshell on the bottom of the tray, and provides information to the control system for printing the label that is applied on the outside of the shipping case. A pneumatically actuated, cam-driven loader moves the tray off of the indexing tray conveyor into a MGS HIS 1200 end-load case erector. The interface between the two systems ensures that the tray is loaded into the case at the appropriate time, and that the appropriate signals are sent to the case erector. The case erector runs E-flute, knocked-down, end-load FOL cases from a 30-in. inclined magazine, and partially erects them into a tube-form for tray loading. The case then continues through the machine where the major and minor flaps are tucked and secured by hot-melt glue supplied by H.B. Fuller and applied by a Nordson system.

The print-and-apply Paragon labeler, which is mounted over the case-load area of the case erector, applies a shipper label to the top surface. The labeler includes a Zebra 170 PAX print engine, and a pneumatic tamp applicator. The labeler is interfaced to a second human/machine interface, and is triggered to cycle by the system PLC.

A bar-code scanner mounted within the cartoner scans the previously applied shipper label on the case and confirms the application of the label tying it to the bar-code information from the tokens in the clamshell within this case. A second bar-code scanner mounted at the eject/reject station again scans the label to confirm complete processing of the packaged product. This is a final-verification scan after the application of the carrier shipper label gives an added level of assurance of data integrity up through and including the carrier shipper label. Scanners in the system are supplied by Sick, Inc. The completed case continues along the accumulation conveyor, unless an error is detected. If this occurs, a reject shuttle removes the discrepant case from the accumulation conveyor.

As part of the data management system, the system creates data-CDs for customers and generates a job completion report when all tokens in the order are completed. The system also communicates the job status at that time, giving the operator the option of viewing and printing reports and generating DAT file CDs.

More information is available:

Token and clamshell indexing conveyors, rotary token escapement, line integration, programming: Midmac Systems, Inc., 651/739-1700. Circle No. 211.

Clamshell trays: Axis Packaging, 651/439-0860. Circle No. 212.

Pick-and-place units, carton erector, carton closer: MGS Machine Corp., 763/425-8808. Circle No. 213.

Robot: Adept Technology, 513/792-0266. Circle No. 214.

Hot-melt glue: H.B. Fuller, 800/328-9673. Circle No. 215.

Hot-melt glue system: Nordson Corp., 770/497-3715. Circle No. 216.

Labeler: Paragon, 5952/888-5483. Circle No. 217.

Printer: Zebra Technologies Corp., 5847/634-6700. Circle No. 218.

Scanners: Sick, Inc., 612/829-4714. Circle No. 219.

About the Author(s)

Jack Mans

Plant Operations Editor

Sign up for the Packaging Digest News & Insights newsletter.

You May Also Like