IC cards can be divided into contact cards, non-contact cards, and compound cards according to interface methods. By device technology, they can be divided into non-encrypted memory cards, encrypted memory cards, and CPU cards.
The encrypted memory card is used to authenticate the cardholder. Only the correct password can be entered to access or modify the data in the card. The most typical is the mobile phone SIM card's pin code. After setting the PIN code, you must enter a PIN code when starting the instance. If you enter an incorrect PIN code several times in a row, you must use a pukcode with higher permissions to modify the PIN code. If the pukcode also fails consecutively, you only need to change the card.
The encrypted memory card ensures the authentication of the cardholder, but it is not enough to ensure the security of the system.
1. transparent transmission is used for password input. The password is easily intercepted on a forged ATM or network;
2. The logic encryption card cannot authenticate the application;
3. For system integrators, passwords and encryption algorithms are transparent;
Therefore, the CPU card is introduced;
The CPU card ensures security in three aspects:
1. for: the holder legality authentication: the holder must enter a password.
2. Cards: Card legality certification; internal certification.
3. System: System legality authentication; external authentication.
Card legality certification:
The CPU card sends a random number to the card (such as a subway card). After the card receives the random number, it uses the encryption algorithm to encrypt the number and pass the encrypted value to the CPU card. The CPU card decrypts the data and compares it with the sent random number, the card is considered valid.
Validity authentication of the system (for example, whether the handheld POS is produced by a legally certified manufacturer ):
The CPU card sends a random number to the card or module that comes with the POs. The card or module encrypts the random number and returns it to the CPU card. The CPU card decrypts and compares the random number with the sent number. If the random number is equal, the system is deemed legal. This process is performed at startup.
The encryption and decryption process involves two factors: encryption and decryption algorithms and keys. Encryption and decryption algorithms are public. In a CPU card, the operating system cos: Chip OS is provided by the card manufacturer and the encryption and decryption algorithms are provided. The card manufacturer must be certified by a dedicated organization. Keys are controlled by the issuing authority and issued at different layers.
Sam: security access module, a special CPU card that stores keys and encryption and decryption algorithms.
Currently, samka is divided into many types:
PSAM card: terminal security control module, which is generally used for small payment deduction;
Esam: The sam of the manufacturer (system) for device authentication;
Isam: used for recharging;
In the specific implementation, it will be more diversified. For example, some devices use a dedicated module instead of an Esam card for authentication. In this way, there is a problem, that is, the key is implemented by software, and the key leakage may exist. One solution is to store multiple groups of keys and specify a group of keys in the random number.
The issuance of common cards generally uses the key pair's unique physical card number encryption method.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
