8.1 Development of a Security Product

We design things because we encounter, in the broadest sense of the word, problems. A problem as such, however, does not suffice to evoke the design process. Even if a problem exists that could be resolved if the right measures were taken, the problem owner may be insufficiently aware of the problem. Awareness of the problem must be developed; the problem must be understood and considered of sufficient importance to justify creative action. The creation process may involve aesthetics, usability, durability, cost, and ease of manufacture. This chapter focuses on security aspects of designs that aim at protecting valuable documents like banknotes, identification cards, and passports, and products like watches, perfume, and software, against fraud.

Ideally, the development of a security product passes through several crucial phases, in a systematic manner: from becoming aware of a security problem and assessing the problem sufficiently significant (e.g., the awareness of significant fraud) via analyzing the problem and the subsequent design phases to the final product. These subsequent phases are schematically represented in Figure 8.1.

Figure 8.1: The development of a security product. ( After [1].)

The awareness and understanding of existing or expected fraud will eventually result in the definition of a security policy, with objectives and strategies. The objectives are the basis for a program (or statement) of requirements, which, together with the drafted strategies, will result in the security program (security scheme). This part of the process is the responsibility of the...