This paper takes LEGIC's CPU card application scheme - "card in card" as an example, and introduces the encryption algorithm in CPU card application comprehensively. It points out that the security of CPU system based on universal encryption method also has certain security risks. It is recommended to use CPU card technology through security authentication (GP, EAL+), preferably AES encryption method for CPU card application; in the choice of COS, it is best to adopt a system with communication security certification, and preferably adopt JAVA based COS, such as JCOP.
End-to-end security
In the process of reading the card, the CPU card application program provided by LEGIC not only keeps the data confidential from the front-end card, but also has very strict protection in the process of finally sending the read data from the card reader. . Figure 1 is a point-to-point data security diagram of card-to-data transmission over the air, to the reader to collect data, and to the reader to transfer the data.
.jpg)
figure 1
1, data protection inside the card
The MTSC (Primary Token System) unique to this CPU card is a key management system. There is one key gene in each token. The key to protect the data is generated by the key gene plus the UID number of the card, through the operation program, during the initialization of the card. Therefore, after the card is initialized, "one card, one secret" and "one fan one secret" are established to protect the data in the sector. The encryption method used, in addition to the general DES, 3DES, SHA-1, also has a new CPU card application using AES encryption method. Due to the system's read head and application on the CPU card, and support for online updates, security is guaranteed.
The system not only protects the data in the card, but even the public serial number (UID) can be encrypted if the application requires it. This ensures the uniqueness of the UID and also enhances security.
Although the system uses the concept of DiversifyKey to protect the data in the card, the key calculation program of each chip card is different. For the "hacker", cracking a chip's key operation method does not mean that other types of chips are broken together at the same time. In fact, he has to start from scratch. In addition to the traditional high-security logical encryption technology, the data written in the CPU card is not only protected by the COS key, but also protects its own data, which is not only safer, but also does not conflict with other applications. The uniqueness of the CPU card application.
2. Data transmission between the card reader and the card
At the beginning of the communication, all readers and cards will pass an attestation procedure to ensure that the card in front of the reader is not a real CPU card, not a "clone card." The advantage of this is that it prevents attempts to steal data from the air.
The communication between the card reader and the card is never to transmit the key to protect the data over the air, in order to ensure the security of the key.
All data can be transmitted using its own encryption method, or you can use the encryption method commonly used in the market for DES, 3DES or AES (implemented only on AFS4096). The advantage of this is that even if the data is stolen in transit, the content of the data itself cannot be unlocked.
The transmission of all data can be verified (CRCCheck), which also ensures the stability and reliability of data transmission.
3, the security of the card reader
The card reader of the CPU card has an automatic elimination token function, so that when the card reader is illegally opened, the stored token will be automatically eliminated. This is much safer than storing a key with a PSAM card. Because in case the card or POS terminal is stolen, the PSAM card will be stolen together. The current PSAM card technology and the corresponding DES algorithm are widely used, but its security has been debated. First, DES is an improved version of the Lucifer algorithm, but it has changed from 128 bits of the lucifer algorithm to 56 bits. The 56-digit password should not be enough to defend against exhaustive attacks. Second, the design criteria for the S-box that is vital in the internal structure of DES are confidential and cannot be assured that it is safe. The password-related information is stored inside the chip, which is more secure.
The card reader of the CPU card needs to be authorized by the relevant token to read and write the relevant card without the need to transmit the password. The license card is in physical form and can be authorized and retrieved to reduce management risk.
4, card reader to computer communication security
Data communication between readers and computers can also be achieved by authentication and encryption. Its implementation is similar to the three-factor authentication of the wireless interface and will not be described in detail. All of the above different security features add complexity to the technology base, and relatively increase the anti-cracking capabilities of the technology itself.
Password management system
Password management generally includes password generation, password decentralization, and password transmission. The following password management is an introduction to the password management of the Ministry of Construction.
There are two main ways to generate a new key in a key card: a new key is generated directly in the key card; a new key is generated in other security devices and then loaded into the key card. The data that generates the new key may be in the form of a code list, a key seed, or the like. The code list is actually a form of key seed, which divides the seed data into several parts, which are controlled by different people, which can improve the security of the system.
Different application keys are obtained by performing distributed operations based on the encryption algorithm. It is dispersed from multiple levels, such as seed data, application master key, regional key, and card decentralized key. For the purpose of key distribution, even if a subkey is leaked, it will not threaten to manage the security of the master key. Because the master key cannot be derived from the subkey and the distributed data, the security of the system is improved and the security is lowered. Security risks and management costs.
Pass the password to protect its security during password transmission.
It is not difficult to see from the various aspects of the password management system that its complex management procedures are very large and mainly rely on people or systems to manage. Also use a dedicated encryption machine. For example, the rules for the management of confidentiality stipulate that the disclosure of commercial password technology secrets, illegal attacks on commercial passwords or the use of commercial passwords, and activities that endanger the security and interests of the state, if the circumstances are serious, constitute a crime, criminal responsibility shall be investigated according to law.
In addition to the encryption machine used by the Ministry of Construction to manage passwords, the password management method also employs a physical password management method. As long as the physical management of the token (physical card), you can protect the security of the system.
Master token system
The CPU card application, the token issued to each partner is the only one in the world. Therefore, all sub-tokens generated from each token are also unique worldwide. Each token can generate 256 sub-tokens, each of which can generate 256 sub-sub tokens, and so on, up to 12 layers deep. This is a large master token system, the structure of which is shown in Figure 2.
.jpg)
figure 2
Each sub-token can be compiled into 3 different authorization cards
IAM card: used as an initialization authorization card (IAM+: can limit the number of cards issued);
SAM card: used to initialize the application system;
GAM card: A universal authorization card that generates sub-tokens for the next level.
2. The permissions of each generated sub-token are controllable.
For example: Can this token generate another token of the next level; whether the token can self-generate another identical sub-token so that the entire token system is under control.
Moreover, the token of the initialization card (IAM) and the token of the initialization card reader (SAM) are separated by two different tokens, which enables higher security.
Card medium card technology
Most of the contactless technologies in the existing market use logical encryption technology. Because most non-contact cards do not have a CPU, the encrypted program is still inferior to the contact type CPU card. Moreover, the contactless card can be constantly tried and read, which is beneficial for hackers to try to crack. Although the contact type CPU card is safer and the amount of memory is much larger than the logical encryption card, normal damage still occurs.
Thus, a dual interface card incorporating a CPU card and a contactless card is produced, as shown in FIG.
.jpg)
image 3
Therefore, the dual interface technology combines the advantages of RF technology and contact technology - large memory, flexible, non-contact and extremely secure.
Skin Scrubber Factory,Facial Skin Scrubber,Ultrasonic Face Cleaner,Ultrasound Skin Spatula,Custom Skin Scrubber
Zhongshan Seven Cool Electronics Technology Co.,Ltd , https://www.gdsevencool.com