The connection and difference between IC card, M1 card, CPU card, Sam Card, PSAM card

I. Technical aspects (contactless IC card)
1, the logic encryption card is called the memory card, the IC in the card has the encryption logic and the EEPROM (electrically erasable programmable read-only memory).
2, the CPU card is called a smart card, the IC in the card includes the central processing unit (CPU), EEPROM, random memory (ROM), and cured in the read-only memory (ROM) on-chip operating system (COS), Some of the chip also integrates the cryptographic coprocessor to improve security and speed of operation, so that its technical indicators are much higher than the logic encryption card.

3, the CPU card because of the micro-processing function, so that in the transaction speed and data interference is much higher than the logic encryption card, and allow more than one card at the same time, with anti-collision mechanism.
4, the most important difference in technology is: The CPU card is a micro-processing chip IC card, can perform cryptographic operations and other operations, storage capacity is large, to be applied to different systems; The logic encryption card is a single memory card, the main feature is the internal read-only memory, but the storage capacity is smaller than the CPU card, So that it has no extensibility in terms of use.

Ii. Confidentiality (contactless IC card)
1, the logic encryption card has to prevent the card information arbitrary rewriting function of the storage IC card, when the operation of the encryption card must first check the card password, only check the correct, Advant sent a string of correct response signal, to the card for the correct operation, but because only one certification, and no other security protection measures, It is easy to lead to the leakage of password and the generation of pseudo-card, its security can be very low.
2, because the CPU card has a microprocessor and IC card operating system (COS), when the CPU card operation, encryption and decryption algorithm (algorithm and password are not easy to crack), the user and IC card system need to conduct multiple mutual password authentication (and very fast), improve the system's security performance, To prevent the production of pseudo-card has a good effect. To sum up, for the logic encryption card and CPU card, the CPU card not only has all the functions of the logic encryption card, but also has the high security, flexibility and support and application extension which the logic encryption card does not have, and is the main trend and direction of IC card development in the future.

Three, the CPU card security system and the logical encryption system comparison
As we all know, key management System (Management), also referredto as KMS, is the core of IC project security. How to carry out the security management of the key, running through the whole life cycle of IC card application.

1,   Non-contact logic encryption card security authentication, relying on each sector independent Keya and keyb verification, can be through the sector control word to Keya and keyb different security combinations, to achieve the read and write security control of the sector data. Contactless logic encryption card personalization is also relatively simple, mainly including data and sectors Keya, keyb updates, during which all sensitive data including Keya and keyb are directly in the form of clear text updates. Due to the Keya and keyb verification mechanism, can only solve the card to the terminal certification, and can not solve the terminal card certification, that is, we commonly known as "pseudo-card" risk. Contact Logic encryption card, that is, the key is a predetermined number, no matter what method to calculate the key, and finally must be consistent with the number of original write, you can read and write to the protected data. Therefore, whether it is a card or a dense system or unified password system, through the crack can realize the decryption of the non-contact logic encryption card. Many people think that as long as the use of a card, a dense, real-time online system or non-contact logic encryption Card ID number can avoid the decryption of the key, in fact, the non-contact logic encryption card decryption means that the M1 card can be copied, using the online system can avoid being illegally recharge, but can not guarantee illegal consumption, That is, a copy of the same ID number of M1 card, you can be illegal consumption. Today's technology uses FPGAs to replicate completely. Based on this principle, M1 's access card is also unsafe. At present, 80% of the domestic access control products are using the original IC card ID number or ID card ID number to do the access card, there is no encryption authentication or development of private key, its security hidden danger far more than the Mifare card crack more dangerous, illegal to crack the person only need to use professional technical means can complete the cracking process , leading to the current domestic access control products are not one of the reasons for security, is because the early access control product design theory is imported from abroad, the majority of domestic manufacturers long-term use of foreign practices, using ID and IC card read-only characteristics for identity recognition, very little attention to the encryption authentication between the card and implement, The lack of the key system design, and the ID card is very easy to copy the carrier, resulting in all the access control can easily be cracked in an instant copy; This is the biggest disaster in our domestic security market.  

2, contactless CPU card smart card and contactless logic encryption card, with independent CPU processor and chip operating system, so you can more flexibly support a variety of application requirements, more secure design transaction process. But at the same time, compared with contactless logic encryption card system, the system of contactless CPU card is more complicated, and more system transformation is needed, such as key management, transaction process, PSAM card and card personalization. The key is usually divided into the recharge key (ISAM card), the impairment key (PSAM card), the external authentication key (Sam card), and the Universal key (Asam card). Contactless CPU card cards can be validated through internal and external mechanisms, such as the trading process of e-wallets defined by the Ministry of Construction, to meet the requirements for security and key management of different business processes with high reliability. The wallet can be used to register the key, consumption can use the consumer key, liquidation can use the TAC key, update data can use the card Application maintenance key, card personalization process can use card transfer key, Card master key, Application master key, etc., really do a key one use.

The CPU card encryption algorithm and the random number generator and the key authentication card (SAM card) installed in the reading and writing device send each other the authenticated random number, which can realize the following functions:
1) certification of Cards via Sam card on terminal equipment

2) The mutual authentication of the CPU card and the SAM card on the terminal equipment, realizes the authentication to the card terminal

3) through the ISAM card to recharge the CPU card operation, to achieve a safe storage value

4) through the PSAM card to the CPU card to reduce the value of operation, to achieve a safe debit

5) The data transmitted in the terminal device and the CPU card is encrypted transmission

6) The calculation of the data transfer verification can be achieved through the Mac1,sam card sent to the SAM card by the CPU card to the CPU MAC2 and the TAC returned by the CPU card. The MAC1, MAC2, and TAC are different for each transmission of the same CPU card, so it is not possible to use aerial reception to crack the key of the CPU card.

The connection and difference between IC card, M1 card, CPU card, Sam Card, PSAM card