At present, the application status of IC cards in domestic construction enterprises is based on logical encryption cards, with the industry's higher demand for security and multi-applications of IC card applications, higher security based on CPU cards and more powerful computing and storage. The ability to build a business IC card from a logical encryption card to a CPU card has become an inevitable trend.
For more than ten years, the application of IC cards has been rapidly developed in the construction field. At present, the IC cards issued in most cities are non-contact logical encryption cards. As we all know, logical encryption IC cards have certain limitations in terms of security, storage space and multi-application development. With the continuous deepening and expansion of IC card applications in the construction field, the industry has put forward higher requirements for the security and multi-application of IC cards. The upgrade of logical encryption cards to CPU cards has become an inevitable trend in the development of IC card applications for construction enterprises.
I. The necessity of upgrading the IC card for construction projects
(1) Security requirements
The construction business IC card has gradually expanded from the initial single bus application to the multi-domain micro-payment application in the city card. The total amount of transactions is constantly expanding, which requires the construction of the IC card application system to have higher security. As a direct payment tool, the IC card's own security features largely determine the security of the entire application system.
Below we compare the security features of CPU cards and logical encryption cards from several aspects.
1. Transaction security:
After the transaction parties complete the transaction, the acquirer may modify or falsify the transaction flow to achieve the profit. In order to prevent the terminal from forging the transaction flow, the system requires the card to generate the transaction verification code generated by the transaction element, which is Verify the validity of the transaction. Since the logical encryption card does not have the computing power, it is impossible to generate a verification code for the transaction.
A non-contact CPU card can generate a transaction verification code TAC at the end of the transaction to prevent counterfeiting transactions, thus making the security of the entire trading system more complete.
2. Implementation of safety certification:
When the logical encryption card is used for security authentication, the card can be checked by the KeyA (KeyB) sent by the terminal device. Although the current system requires one card and one secret, it is a fatal weakness.
The CPU has a strong computing power. It does not directly use the key for calculation during security authentication. It is usually a work key generated after random number processing to perform encryption and decryption to achieve secure authentication. The key itself is protected to the utmost extent.
3. Transaction integrity
Because the logic encryption only provides the storage function of the transaction information in the whole transaction process, when the power is cut off, the terminal needs to perform maintenance and recovery operations on the related information, which makes the transaction software of the terminal more complicated.
The contactless CPU card can be completely protected by the internal COS. It can operate the debit, write transaction information, transaction details, etc. as an atomic event, thus ensuring that the transaction can be completed completely and provides special The command is used to query if the transaction is complete (when a power outage occurs). As can be seen from the above analysis, the CPU card has the advantage that the logical encryption card cannot match in security. Therefore, from the perspective of security, it is an inevitable choice to upgrade the IC card from the logical encryption card to the CPU card.
(2) Multi-use of one card to optimize resource demand
With the continuous deepening of social information, IC card business continues to advance, and the number and number of card issuance is increasing. At the same time, successful application cases of one-card multi-application are also emerging in China.
One-card multi-application includes one-card multi-application in the industry and one-card multi-application across industries. The difference between the two is mainly that the former adopts the same industry standard specification and uses the key management system of the same industry. The latter must To meet the standard specifications of multiple industries at the same time and to span multiple key systems.
From the perspective of rational use of social resources and convenience of the people, one-card multi-application will be the future development trend. In terms of the implementation of one-card multi-application, the CPU card has more advantages in terms of storage space and computing power than the logical encryption card. The upgrade of the construction business IC card is also a one-card multi-application, and the needs and opportunities for rationally optimizing social resources.
At present, there are already non-contact CPU card products for construction projects that meet the requirements of multiple industries at the same time, which provides favorable conditions for the construction of IC card upgrades.
(3) Transaction complexity requirements
The IC card application in the construction field has been developed from a single bus application to the current public transportation (bus, rail, taxi, etc.), gas, water, heating, digital community, road and bridge toll, parking lot management, park attractions, etc. application.
With the expansion of the application field, the charging method also expands the counting, timing, and metering methods on the basis of the original one-time charging method to realize the application requirements such as the section charging and parking charging.
The complexity of segment charging and parking charging is much larger than one-time charging. Since the logical encryption card does not have the computing function, the corresponding composite transaction function cannot be realized in the card. If you continue to use logical encryption, it will definitely require the terminal to do more things, or even impossible. At this point, if the card side can do more things, then it is much easier to implement.
The use of non-contact CPU card can be applied to the function of segment charging and parking charging, and the corresponding composite wallet processing function is added in the card COS to provide a better card platform for realizing these functions. Therefore, the construction of the business IC card from the logical encryption card to the CPU card, can better achieve the cross-industry multi-application function realization.
Second, the feasibility of upgrading the IC card for construction
(1) Feasible in industry standards
In order to standardize the application of CPU card in the construction field, promote the innovation and scientific development of non-contact CPU card, and improve the overall technology and application level of the CPU card industry, the Ministry of Construction issued the "Building Business Contactless CPU Card Chip Technology" in May 2007. The requirements for the preparation of the national industry standards for the requirements and the COS technical requirements for the construction of non-contact CPU cards are to be jointly edited by the Information Center of the Ministry of Construction and the IC Card Application Service Center of the Ministry of Construction. For the standard preparation, the IC Card Application Service Center of the Ministry of Construction held a standard preparation work meeting in Beijing, and the non-contact CPU card chip specification, contact CPU card chip specification, non-contact CPU card compatible M1 card design, non- The contact CPU card COS specification, compatible MI card design requirements, and composite electronic wallet transactions were discussed in depth.
(2) The product is technically feasible
In order to promote the promotion and application of non-contact CPU cards for construction projects, the Ministry of Construction established the “Building Business CPU Card Industry and Application Alliance†in June 2006. The "Union" held three working meetings in 2007, and carried out work on the development of the CPU card for the construction business, the design of the operating system COS, and the transaction time to promote the independent research and development of the CPU card by the member units.
At present, the members of the governing members of the alliance have successively launched products that meet the requirements of the alliance. Under the organization arrangement of the IC card application service center of the Ministry of Construction, the products of the members of the board of directors of the Eastcom and Equality Alliance have passed the physical testing and construction of the third-party authoritative testing organization. Department of trading function testing.
(3) Product cost is feasible
Since the issuance volume of IC cards for construction projects is generally large, when the IC cards are widely distributed in various places, the cost of cards must be a factor that must be considered by the issuing unit, especially in cities with less developed economies.
Before the construction business IC card generally adopted the logical encryption card, a very important reason is that the cost of the CPU card is relatively higher than the logical encryption card.
With the development of chip technology and technology, the cost of chips is continuously decreasing, and the cost of non-contact CPU cards is correspondingly decreasing. Although the cost of the CPU card is still slightly higher than that of the logical encryption card, the cost gap is not so insurmountable compared to before.
With the continuous expansion of the IC card application function of the construction business and the continuous improvement of the project operation mode, the value-added points of the project are also increasing, and the impact of the card cost will become smaller and smaller under the condition of increased revenue.
Third, the construction enterprise IC card upgrade compatibility issues
The upgrade of the construction business IC card from the logical encryption card to the CPU card is inevitably faced with the same problem: if the original system software and equipment are upgraded at the same time, the construction cost and construction period are unbearable and have been issued. The logical encryption card also requires a relatively long transition period to achieve replacement.
Based on the above reasons, while the Ministry of Construction promotes non-contact CPU cards, it also requires manufacturers to implement CPU card analog logic encryption card transactions on the design of card COS.
The card compatibility method generally includes the following two types. The following describes the general principles and security of the two methods:
1, wallet synchronization method
An e-wallet similar to a CPU wallet does not itself store the amount. When the composite wallet is used for consumption, refilling or reading the balance, the composite wallet sends corresponding instructions to the corresponding wallet address of the logical encryption card according to Ka and Kb, and then returns the tool according to the value returned by the logical encryption card. And calculate and return the TAC and MAC2 that the CPU wallet should return.
The supported instruction set is exactly the same as the CPU wallet. In other words, for CPU tools, whether it is a composite wallet or a CPU wallet, the consumption process and consumption instructions are the same.
When issuing a card, it is necessary to create a composite wallet and a CPU wallet in the application directory. During the compatibility of the logical encryption card and the CPU, the machine sends a CPU command to the card, which is only a composite wallet response. After all the tools have been upgraded to the CPU in the future, you need to close the composite wallet. At this point, you need to have a conversion command to ensure that the money in the composite wallet is correctly transferred to the CPU wallet.
The advantage of this scheme is that the wallet of the CPU wallet and the logical encryption card are always consistent; avoiding the CPU wallet and the logical encryption card wallet are not really synchronized. The disadvantage is: In fact, the CPU composite wallet maintains a logical encryption card wallet, which has security risks.
2, the wallet is not synchronized
An e-wallet similar to a CPU wallet that stores the amount itself. When the composite wallet is used to consume, recharge or read the balance, the composite wallet sends corresponding instructions to the corresponding wallet address of the logical encryption card according to Ka and Kb while updating the amount of the wallet, and then returns the tool according to its own value, and calculates and calculates Returns the TAC and MAC2 that should be returned by the CPU wallet. Ka and Kb can be placed in the Key file for special application identification.
The supported instruction set is exactly the same as the CPU wallet. In other words, for CPU tools, whether it is a composite wallet or a CPU wallet, the consumption process and consumption instructions are the same.
The wallet of the logical encryption card does not support recharge, that is, the CPU card is used to recharge. [This part is the most critical, and is also one of the main points of attack on the logical encryption card] At the same time, the amount in the logical encryption card wallet must not be greater than the amount in the CPU wallet.
When issuing a card, it is necessary to create a composite wallet in the application directory. During the compatibility of the logical encryption card and the CPU, the machine sends a CPU command to the card, but only the composite wallet responds. After all the tools have been upgraded to the CPU in the future, it is necessary to cancel the hook of the logical encryption card wallet and the composite wallet.
The disadvantage of this scheme is that the wallet of the CPU wallet and the logical encryption card are not always consistent. After the CPU is consumed, the two are consistent. After the logical encryption card is consumed, the wallet amount of the logical encryption card is less than the CPU wallet amount.
The advantage is that the security level is higher than the previous scheme, and the logical encryption card is not allowed to be recharged, so the security level of recharging is similar to the CPU card.
The contactless CPU card is a product with higher security and more powerful functions, and will gradually replace the logical encryption card into a mainstream product in the construction business field. In the past two years, the promotion and application of non-contact CPU card products have also achieved remarkable results. On the one hand, the Ministry of Construction has made substantial progress in the organization of standards and product conformity testing; on the other hand, some pilot cities have begun to implement non-contact CPU cards for application construction, and many cities are new. The non-contact CPU card product is planned on the card project. In short, the replacement of logical encryption cards by CPU cards has become an inevitable trend in the development of IC card applications for construction projects.
Author: Eastcom Peace Smart Card Co., Ltd. Chen Xiangrong Ray storeys
Cast iron bathtub with claw feet is very popular. The styles can be double end, slipper, double slipper, roll rim and oval. Color of cast iron feet can be white, black, polished chrome, brushed nickel and oil rubbed bronze.
Bathtub With Claw Feet,Iron Clawfoot Tub,Claw Foot Bath Tub,Cast Iron Claw Foot Tub
Anping Sunshine Sanitary Ware Co., Ltd. , https://www.sunshinebathtub.com