First, why use a CPU card
IC cards are divided into interface types, which can be divided into contact IC cards, non-contact IC cards and composite cards. From the device technology, it can be divided into non-encrypted memory card, encrypted memory card and CPU card. The non-encrypted card has no security, and the data in the card can be arbitrarily rewritten. The encrypted memory card is added with a logical encryption circuit on the basis of the ordinary memory card, and becomes an encrypted memory card. The logically encrypted memory card uses password control logic to control access and rewriting of the EEPROM. It is necessary to verify the password before writing to perform the write operation, so it is safe for the chip itself, but it is not safe in application. It has the following insecurities:
1. The password is transmitted in plain text on the online line and is easily intercepted;
2. For system vendors, passwords and encryption algorithms are transparent.
3. The logical encryption card is unable to authenticate whether the application is legal. For example, if someone fakes an ATM, you can't know its legitimacy. When you insert a credit card and enter a PIN, the password for the credit card is intercepted. Another example is INTENET online shopping. If you use a logical encryption card, shoppers can't determine the legitimacy of the online store.
It is precisely because of the insecure factors in the use of logical encryption cards that the development of CPU cards has been promoted. The CPU card can authenticate the legality of the three parties to the person, the card, and the system.
Second, the three types of CPU card certification
The CPU card has three authentication methods:
Cardholder legality certification - PIN verification card legality certification - internal certification system legality certification - external certification
Cardholder legality certification:
The process of verifying by entering the personal password by the cardholder.
System legality certification (external authentication) process:
System card,
Send random number X
Encrypt random numbers with a specified algorithm, key]
Decrypt Y with the specified algorithm, key], and get the result Z
Compare X, Z, if the same, the system is legal;
Card legality certification (internal certification) process:
System card send random number X
Encrypt random numbers with a specified algorithm, key]
Decrypt Y with the specified algorithm, key], and get the result Z
Compare X, Z, if the same, the card is legal;
In the above authentication process, the key is not present in the plaintext on the line. It is encrypted by random number each time it is sent, and because there are random numbers, it ensures that the content of each transmission is different. If intercepted, it doesn't make any sense. This is not only the password-to-password authentication, but also the method authentication method. Just like the cryptographic telegram used in the military in the early days, the sender encrypts the message into a ciphertext according to a certain method, and then the receiver receives it and then presses it. A certain method decrypts the ciphertext.
Through this authentication method, there is no attack point on the line, and the card can also verify the legality of the application;
However, because the keys and algorithms used by the system for authentication are in the application, the attackability of the system vendor cannot be removed.
Here, we introduced the concept of a SAM card.
The SAM card is a CPU card with special features for storing keys and encryption algorithms. It can perform mutual authentication, password verification, encryption and decryption operations in transactions, and is generally used as an identity mark.
Thanks to the emergence of the SAM card, we have a more complete system solution. When issuing the card, we store the master key in the SAM card, and then the master key in the SAM card encrypts the feature byte of the user card (eg, the application serial number) to generate the subkey, and injects the subkey. In the user card. Due to the uniqueness of the application serial number, the subkeys in each user card are different.
Once the key is injected into the card, it will not appear outside the card. In use, the subkey generated by the master key of the SAM card is stored in the RAM area for encrypting and decrypting data.
The above certification process becomes the following form:
System legality certification (external authentication) process:
SAM card system card Send random number X
SAM card generation subkey encryption random number decryption Y, the result Z
Compare X, Z, if the same, the system is legal;
Card legality certification (internal certification) process:
SAM card system card
Send random number X
Encrypt the random number with the specified algorithm, key]. The SAM card decrypts Y, and the result is Z.
Compare X, Z, if the same, the card is legal;
In this way, the key in the application is transferred to the SAM card, and the authentication becomes the card-card authentication, and the system provider no longer has the responsibility.
Baby PU Rainwear, Children PU Rainwear, PU Raincoat, Kids PU Raincoat
Zhejiang CC Industrial And Trading Co., Ltd , http://www.ccraincoats.com