Smart card security strategy

I. Human factors that threaten system security

The threat to the security of the card system has an external objective environment and more malicious damage.
The impact of the so-called objective environment on the bus card charging system refers to the fact that the various IC cards and various types of equipment used in the system are widely distributed in the hands of citizens and public transportation vehicles. The objective environment they face is very complicated and bad. The interference and damage to IC cards and equipment such as bending, corrosion, static electricity, radiation, dust, temperature, humidity, magnetic field and other factors can have a major impact on IC cards and equipment, seriously affecting the persistence and accuracy of system information. Sex. In the face of these external environmental damage, we can take some special measures in the system design, IC card manufacturing, machine tool production, etc., through the use of special design and excellent products, improve the system's anti-jamming The ability to resist corrosion ensures that the operation of the system is not affected. How to design a system to prevent damage to the system from an external objective environment is not the goal of this paper.
This article is about the possibility of destroying the confidentiality, integrity, authenticity, accessibility and persistence of system information due to artificial deliberate invasion and attack. These are the main threats to the system security technology. .
The security of a system, we should look at the following aspects:
(1) Confidentiality: the ability to prevent unauthorized access to information;
(2) Integrity: The ability to prevent unauthorized changes (additions, deletions, changes);
(3) Authenticity: the ability to discriminate the authenticity of information during the transmission and reception of information;
(4) Accessibility: the ability to prevent unauthorized interception of information;
(5) Persistence: The ability to store system information for long-term, accurate, and reliable storage.

We should be clear: the means by which intruders can illegally attack the system are diverse. They have different approaches to different objects, and various means are emerging and omnipotent! Therefore, in the construction of the bus card system, we should examine the security of the system in all aspects, including:
* Attack on IC card * POS machine security technology * Password management system * Data transmission * Network security technology * Central database security technology * Administrative measures

Second, the principle of system security design Since the bus card system has high requirements for security, in the system design, we must put the security of the system in an important position to consider.
For the users of bus companies, because of their different professional priorities, they can't have a thorough understanding of IC cards and system security technologies. In the face of dazzling and overwhelming advertisements, how can we find a set that is both suitable for ourselves and safe? The reliable system is really dazzling, and we have a deep understanding of the mood of bus users. After participating in the construction of public transportation systems in various places, and through exchanges with many bus companies and IC card industry peers, we have summarized some practical experiences and experiences, and also summarized some simple and feasible methods. Public transport users have suggested that they can provide reference for the safety of their design and construction systems, and hope to help them identify and select various systems or products in the market.

What kind of system has reliable security?
We believe that a safe card system must at least meet the following basic principles:

1. Strictly abide by the state's regulations on safety products. As early as 1999, Premier Zhu Rongji issued the “Commercial Password Management Regulations” to regulate the use of commercial passwords and their products in the form of national laws.
According to the provisions of this regulation, the safety performance problems involved in the urban bus card charging system belong to the scope of commercial password management and are applicable to the use of the regulations. Articles 3 and 4 of the Regulations clearly state:
Article 3 Commercial password technology is a state secret. The State implements special control over the research, production, sales and use of commercial cryptographic products.
Article 4 The National Password Management Committee and its office (hereinafter referred to as the State Password Management Agency) are responsible for the management of commercial passwords throughout the country.
Due to the special nature of the commercial password, the national legislation has to implement special control over it. The safety products and technologies designated by the National Password Management Committee are subject to detailed, thorough and detailed arguments by relevant experts and authoritative persons before they can make a “designated exclusive” conclusion. They are highly authoritative and professional. . This is a good guide and guide for the application of a bus IC card system. It can not only provide guidance and help from a professional and authoritative perspective, but also eliminate the need for users to face overwhelming advertising. There is no need to worry about the choice.
Acting in accordance with this regulation will not only relieve us of our worries about product selection, but also greatly reduce the workload of users to inspect and demonstrate products. Conversely, not implementing the national regulations will not only bring disaster to the survival of the system. Sexual influences, and users of the system may also face severe laws.

2. It must comply with the industry standards issued by the Ministry of Construction. With the increasing application of IC card technology and products in urban construction, in order to improve the city management level, promote the social and economic benefits of the application industry, standardize construction. In the business IC card application market, the Ministry of Construction has issued technical specifications and application specifications for the construction of IC card applications in a number of enterprises. This is the unified planning and unified standard proposed by the Ministry of Construction for the implementation of the national gold card project. The principle of unified card issuance and unified management is also the most authoritative industry norm for applying IC card technology in China's construction industry.
In June of this year (2002), the Ministry of Construction officially issued the "Application for IC Card Application in Construction", which is the latest specification issued by the Ministry of Construction. She includes requirements for IC cards, requirements for terminal technologies, and application technologies. Requirements, requirements for key systems and security authentication technologies, etc., not only the application of some physical characteristics, application characteristics, but also important discussions and operational guidance from the security of the application, stipulates various types Safe operating procedures and security algorithms, according to this specification to build the system, can undoubtedly guarantee the security of the system we have established. It should be said that this set of specifications is comprehensive and practical. It is indeed instructive, indicative, and practical for IC card applications in the industry. Therefore, industry users who are card users can use this specification to select various systems and products on the market. It should also be one of the important criteria for judging various products.
It is worth noting that in the specifications issued by the Ministry of Construction, the “Basic Principles of Security and Confidentiality” (7.3.1) proposed in the application system security requirements (Section 7.3) states: According to the actual situation of the industry under the Ministry of Construction In the case, the basic principles for the security and confidentiality of IC card applications in construction projects are:
a) Security is subject to national interests: any department or organization should follow the relevant national laws and regulations when implementing safety management, and receive guidance, supervision and inspection from relevant state departments.
b) Independence: In the application of IC card for construction business, all the technologies and products involved in the important aspects of security and confidentiality shall comply with the regulations of relevant state administrative departments.
c) Use mature technology: The construction IC card application system should adopt mature technology and products as much as possible.

Here, the Ministry of Construction’s norms emphasize the principle of “basic principles”. The system must be in conformity with the laws of the country. It must receive the guidance, supervision and inspection of relevant state departments. This not only reflects the seriousness of the national law, but also The ability to fundamentally ensure the security of the system.

The regulations of the Ministry of Construction on system security are multi-faceted, and we will gradually mention them in the following discussion.

3. In line with the People's Bank of China's financial standards, the card system is inseparable from economic interests and financial settlement. Some systems also need to introduce banks into the system. Therefore, the design of these systems, the planning of cards, the application of machinery, etc. must also comply with the relevant regulations of the People's Bank of China.
The PBOC's various specifications on IC card applications, in addition to ensuring that banks' IC card systems have a unified operation mode and a uniform exchange format for data information, it is more important to ensure that there are uniform provisions for the security features of the banking system. To ensure that the operation of China's financial system has strict, controllable and standardized security features.
The People's Bank of China's norms have the same important guiding and reference role for the construction of institutions to apply IC card systems. In fact, the Ministry of Construction's norms are developed on the basis of the norms of the People's Bank of China by increasing their own characteristics. There is no conflict between the two. When possible, especially in the construction business IC card system including financial enterprises, we should abide by the standards set by the Ministry of Construction and the People's Bank. In other words, when examining various systems and products in the market, it is important to examine whether they can abide by the standards set by the Ministry of Construction and the People's Bank.

4. Qualification certification and inspection certificate issued by other authoritative departments for reference

Since the card system is a huge system, in some respects, before the Ministry of Commerce, the Ministry of Construction, and the People's Bank of China have not made any regulations, we can also supplement the qualification certificates and inspection certificates issued by relevant departments and authorities. In order to select various systems and products on the market, in order to prevent some units from mixing their products, they will take the opportunity to promote bad products. For example, the Ministry of Information Industry and the Ministry of Public Security are also good reference for system integration qualification certification, wiring system, anti-virus, etc., at least for some units or systems.

Third, the card security

In the various industries of the card system, in the case of paying in cash, the occurrence of counterfeit money is difficult to eliminate. Similarly, when using IC card payment, IC card as a carrier of electronic money, is widely distributed in the hands of the general public, is one of the most vulnerable targets of vandalism, especially in a card system containing a large number of applications. The high degree of complexity of the system will provide more opportunities for intruders, and will also trigger the appearance of fake cards.

To guard against attacks on IC cards, we usually consider the following aspects:
1. The security technology of the chip prevents the attack on the IC card chip, which is the basis of the IC card chip security. Each chip manufacturer should pay attention to adopt various security protection measures when designing to prevent malicious attacks and detection by the enemy. Commonly used chip security technologies are:
(1) The technique of using a blown fuse is that the chip manufacturer's function for detecting the chip cannot be used again;
(2) Add special technology to prevent attacks on multiple detections such as high and low voltage changes and frequency changes during chip operation;
(3) Add monitoring technology to prevent illegal interception of information such as programs, data buses, and address buses;
(4) Add a physical protection layer to the bus and memory;
(5) Techniques for generating random numbers;
(6) Implement logical encryption protection for the memory and set a password input error counter;

For the users of the card system, although these technologies belong to the chip manufacturers, we should also understand them, master the development of chip security technology, and select the products that are most suitable for their own systems.

2. Software security technology of the card The chip security technology mentioned above is the hardware security technology of the chip. If we use the CPU card, we can also obtain more perfect security protection by using the COS (Chip Operation System) in the card. This is the software security technology for the card. Through COS we can get the following security protection features:
(1) mutual verification of the IC card and the external reader;
(2) Test function of hardware + software;
(3) Generation and application of random numbers;
(4) Encryption and decryption of information;
(5) Control of the application process;
(6) Control of the level of security application;
(7) Isolation or combination of multiple applications.
Thanks to the COS software, the security control methods of the IC card can be varied and flexible, making our application more colorful. Of course, in order to ensure the consistency and security of the application, the management departments of various industries will formulate corresponding COS specifications according to the characteristics of the industry. For example, the Ministry of Construction and the People's Bank of China have established their own specifications for COS and established corresponding tests and The certification department conducts testing and certification of related products on the market to provide authoritative assurance for the user's choice.
In today's all-in-one market, due to the price of products, the maturity of applications such as equipment and technology, etc., in the public transport card system, as a user card sent to the public in large numbers, a non-contact logical encryption card is used. In theory, their security and confidentiality are not as good as those of the CPU card. However, if combined with the security technology of the card application mentioned below, plus the security measures already in the card itself, the security application requirements can also be achieved within a certain period of time.

3, the application security technology of the card application security technology can also be divided into two types: one is the anti-counterfeiting technology on the card surface, and the other is the information security processing technology in the application.
(1) Anti-counterfeiting technology on the surface of the card: In order to further improve the anti-counterfeiting property of the security card, various protection measures can be taken in the manufacture and printing of the card base:
A. Fluorescent image: A printing technique using a fluorescent image so that the printed image can be visualized under ultraviolet light. B. Miniature curve: Generally, it is a straight line or a curve, but under a high magnification magnifying glass, it is a small sequence curve composed of letters and characters with a certain mathematical law.
C. Laser engraving: Lasers are used to “etch” graphics, text, signatures, and even photos into the card base instead of ordinary printing.
D. Polarized light image: The printing technique using polarized light and material generally only looks at the surface image of the card, but under the polarized lens, it sees another image that is "hidden".

With the continuous improvement of printing technology, a variety of card surface anti-counterfeiting technologies continue to emerge. In China, these card surface printing technologies can be realized in China, and can provide various options for the surface anti-counterfeiting of cards.


(2) Card information security processing technology: As mentioned earlier, because the CPU card has a high intelligent judgment ability, a complete verification technology can be used to ensure that information can be sent and received for authentication, preventing card and POS devices. The forgery, the best way to ensure the authenticity of the information, so that the system has a higher security, so the CPU card must be used in key management, card issuing, recharge, etc. where security is very demanding.
For the logical encryption card, in addition to the card itself, there is no intelligent authentication function and technology. Therefore, in the system design, a complete set of password calculation and verification functions are needed to ensure the system. The security and system passwords cannot be exposed. It is precisely in accordance with these needs, but also for the IC card application system built by the guidance and protection industry. The Ministry of Construction has strictly stipulated the method of using the secure storage module to calculate the password of the card in the relevant regulations promulgated, which effectively guarantees “ The realization of one card and one secret provides a scientific method for calculating the safety and reliability of the users.


To implement the Ministry of Construction specification, we must have:
A. A secure storage module (or PSAM card (COS)) that complies with the specifications of the Ministry of Construction;
B. The system design conforms to the key management system standardized by the Ministry of Construction;
C. The operation process of the card reader and the card conforms to the relevant requirements of the Ministry of Construction.

It is worth noting that although the Ministry of Construction has strict regulations that stipulate the calculation method of card passwords, if the comprehensive consideration cannot be made in the design, it will leave a terrible loophole to the enemy.

Fourth, the key management system We have seen that in the card system, we rely on the key to encrypt the information protection, so the security of the system depends largely on the security of the key. The key is the key to the security of all encryption system information. Any negligence leading to the leakage of the key may bring huge loss to the system.
Key management is a comprehensive management technology. It involves the generation, distribution, transmission, storage, use, backup, recovery, revocation, destruction, replacement and other content of the key.
1. The requirements of the card system for the key management system According to the characteristics of the card system, we can propose the principle of building a key management subsystem in the system:
(1) The key is isolated from the user;
(2) Tight management and easy to use;
(3) Problems can be traced back;
(4) The master key cannot appear on the transmission path or remain in the unauthenticated terminal device;
(5) The stored key cannot be read;
(6) Compliance with the specifications of the Ministry of Construction;
(7) Designed in accordance with the financial standards of the People's Bank of China;
(8) The storage and transmission of keys are all commercial products designated by the State Secret Office;
(9) The design of the key system is carried out according to the principle of design, production and application irrelevance. It not only technically guarantees the security of the user, but also guarantees the autonomy of the user, so that the user does not expand in the future system expansion. Restricted by system developers;
(10) Using an already well-established algorithmic system;

2. Basic functions of the key management subsystem in the card system * Password generation and injection;
* Password distribution and storage;
* transmission of passwords;
* the use of passwords;
* Selection, control and update of passwords;
* Destruction of the password;

3. Key generation

Although key generation has mature theory and foundation, in order to ensure the security of the key and prevent leakage, the following measures should be taken when the key is generated:
a) When the key is generated, it should adopt the method of multi-person rotation operation or hardware encryption.
b) strictly guarantee the absolute security of the key generation environment;
c) There should be a rigorous review of the personnel involved in key generation, in full compliance with the system's security management regulations;
d) The key generation process must be carried out step by step according to strict operating procedures. For some data that needs to be sealed, it must be closed on site and be safely handed over;
e) For a key that does not need to be generated repeatedly, a random process is used to truly generate a non-repeatable key; for a reproducible key, attention should be paid to the repeatability of the key transformation so that it can be repeatedly generated when needed. The same key as the original key.
f) The key that has been generated should be stored on the CPU mother card immediately to ensure that it will not be leaked;
g) generate keys as much as possible in a closed, limited environment;
h) After the key is generated, all temporary results should be cleared.

4. Key delivery and storage

The key should be transmitted in a hierarchical manner, from top to bottom, step by step, that is, the subordinates need to generate the various subkeys required by the next level in a specific way. The key transmission and storage depend on the CPU card. The form is carried out step by step.
The use of CPU card for key transfer and storage is a very mature technology. The COS operating system of the CPU card has a very standardized instruction series for operating the key. Users only need to use the certified COS system. I believe this step. It is easy to implement, but it must be noted that when the key is exported, the cipher text must be used to ensure the security of the key.

5. Key control, selection, and application

The normal use of the key means that the user operates the password according to the system design scheme, and provides the user with multiple functions such as encryption and decryption of the sensitive information and identity authentication, which are all performed by the CPU card, so the CPU card COS operation The system is still a very important security tool.

Due to the continuous development of the system, even the same operation, the key used (closed type) can be different. This is the version control of the key. In the design of the key management system and future applications, this must be considered. In the case of a situation, there should be a complete and clear solution for key version selection and application.

6, the key update

When the life cycle of the key ends, or the system key is compromised, the system should have the ability to perform key updates so that the sensitive information of the protection system is no longer leaked. The replacement of the key must be based on the premise that the cardholder's interests are not harmed and the cardholder's normal use is not affected. The same key update process must ensure that the security performance of the system is not affected. These requirements are true for the designer. It is a major challenge.

The update of the key can be regarded as an emergency recovery measure after a disaster event in which a password leak occurs. There are two ways to update a key: replacement and replacement.
(1) Replacement - In consideration of the possibility that the key may be deciphered or need to be replaced after a period of use, when the system key is generated, we generate multiple sets of unrelated key groups, which are initialized in the card. It is pre-installed in the card. Once one of them is deactivated for various reasons, another set can be activated immediately to ensure that the system can run uninterrupted. The current set of keys is used effectively, and is indicated by the "key version identifier" in the card and in the device so that they can authenticate each other. The replacement process is simple: once the system needs to change the cipher suite, we need to set the “key version identifier” in all POS machines. After the set device, the transaction will be forwarded during the new and old password replacement period. The card first determines the version of the password used by the card. If it is already a new password version, continue to operate; if the card still uses the old password version, immediately after confirming the legality of the card, the card's "key" The version identifier is updated, and then the card is operated according to the new password system. The replacement of the password is thus replaced by the user unconsciously.
(2) Replacement - Stop the use of the current password, regenerate the new key group, and then re-download it to each device and card. The biggest difficulty in this process is how the new key can be transmitted securely to each device and card. This involves the secure transmission of the password and the confirmation of the authenticity of the password change. Especially for those large systems, in order to achieve fast key replacement, it is possible to use the network to transmit new keys. To ensure the security of key transmission, an encryption algorithm for asymmetric keys must be introduced (such as RSA, ECC, etc., enable the operator to confirm the identity of the sender or receiver, while ensuring the confidentiality of the information itself, and realizing the control of authenticity and integrity.
Replacing the key is easy for the case where the CPU card is used as a ticket card. However, in the case of a logical encryption card as a ticket card, it is unsafe to put the key replacement work in an ordinary car charging machine. (The reason is similar to the above-mentioned segmentation charge), it can only be achieved in a safe environment such as the recharge point, which is in contradiction with the premise of not affecting the use of the cardholder. Therefore, the method of replacement has a wide range of influences and should be carefully considered.

Fifth, equipment safety

In the bus card system, all kinds of IC card devices, especially car-mounted POS devices, are scattered in each car, and the mobility is large, which is the other target that the destroyer is the easiest to attack. In order to ensure its safety, to ensure its safety. In addition to the strict safety regulations for information processing, the system should also take corresponding measures on the circuit control board:
(1) According to the specifications of the Ministry of Construction, we must adopt a safe storage module (SAM card or module) with extremely high security performance. It must conform to the specifications of the Ministry of Construction and the People's Bank of China, and it should be certified by these departments.
(2) The data in the machine is stored in duplicate to maximize the integrity of the data of the machine.
(3) The data stored in the machine is preferably encrypted to prevent theft;
(4) The data stored in the machine must have a check code to ensure that the data is not changeable;
(5) The machine should faithfully record the situation after performing any of the operations so that the use of the machine can be tracked if necessary;
(6) For the initialization machine and the card-selling machine: in addition to the above-mentioned performance, in addition to the control of the user, the method of “operator ID card” should be added, that is, each legal operator has one. The CPU card is used for identity verification, and the information and password of the person are placed therein. Only the CPU card that has been verified to be legal can obtain the key of the entry; the CPU card also has the appropriate amount for recharging the card. Restricted information, to prevent the vicious "lost" of the ID card, each CPU ID card, to the "control" confirmation to the control center.
(7) The workflow of all equipment shall be implemented in accordance with the specifications of the Ministry of Construction.
(8) The device should have a large blacklist data capacity.

Sixth, other security of the system

1. Network security (1) Any information transmitted on the Internet is encrypted, and the system implements application layer protection.
(2) The communication between the PC and the IC card reader has strict interface specifications, and they have dynamic identification and encryption transmission functions, which realize the encryption of packet transmission, and any operations of interception, insertion, and forgery. it is invalid. These measures are also technologies for financial IC cards to perform authentication and data confidentiality.
(3) The transmission information is transmitted together with the verification information to prevent unauthorized changes of the information.
(4) After receiving the information, the management center must check the database correctly before it can be put into the warehouse to prevent repeated delivery of information. (5) Control of identity rights: Implement a strict password management system. Each person working on the system has its own number and password, which is confidential to anyone (including superiors). The system password is also confidential to the system developer (supplier). (6) Control of access rights: Through strict security system, the developers, users and publishers on the system are insulated from each other, and each has an independent password system. Not being stolen by others.
(7) Routing control: Network management should be equipped with multiple controls such as firewall and routing control, so any attempt to enter the network center through these levels is extremely difficult.
(8) The transmission of network data adopts the “drop-down” method: the amount of data collected from each data collection point is placed on the site machine, and the management center (or the operating company computer room) allocates time according to time and automatically dials to these. Access is made on the site machine to control the use of the central communicator.
(9) In order to prevent virus attacks, the system design only exchanges data on the network without exchanging programs. Any program exchange is illegal. This is not only the control of technology, but more importantly, administrative management. .

2. The security technology center database of the host and the central database is the place where the information is collected. It is the ultimate goal of the attack. The system adopts the current popular C/S or B/S mode, and the operation terminal and the data center are strictly separated. Only the central administrator Only the right to perform database-level operations, the client's operations are carried out through the internal instructions of the system.
By adopting advanced, reliable, secure and mature core platforms and technologies, these systems are powerful measures that can convincingly enhance system security and reliability.
According to the provisions of the system, data backup is carried out in time, passwords are exchanged in time, and the security of the system is ensured in the administrative standard management. The system should establish a complete log function, and make a true and complete record of all operations entering the system, so that the system can trace back in the future.
When processing all kinds of operational information, the system center must judge its authenticity (including decryption, check code authentication, identity authentication, etc.) before it can be added to the main database, and its calculation amount is very large. Therefore, in the central computer room, a card-specific encryption machine must be used. On the one hand, it can provide a large data processing throughput for the operation of the system, on the other hand, it can guarantee that the relevant key information will not be leaked, and the password cannot be directly stored in the password. In the computer.

3, the improvement of the management system As we all know, the fortress is the most easily broken from within. Although in the design and construction of the card, we can add a lot of security technology to ensure that the enemy is not easy to break our defense. However, if there is a problem inside, or if the destroyer is an operator, or if the insider does not operate according to the specifications, leaking sensitive things to the outside world, etc., will bring immeasurable losses to the system. Therefore, establishing, improving and perfecting the management system and strengthening the management of the personnel inside the system is also an important aspect to ensure the security of the system. There are many examples in this aspect, which are very worthy of serious consideration by system administrators.
The card system is a huge system. The security of the system involves many aspects. It will be a difficult and meaningful job to carefully analyze and summarize all aspects. In view of the length of this article, we can't talk about it in detail. For interested readers, please contact our company or the author. We are willing to share our lessons and experiences with you and jointly promote the forward development of China's bus card business.

Kitchen Cutting Tools
Nowadays, Kitchen Tools expand world-wided quickly and plays an significant role in the modern kitchen life. Though knives can handle most of the kitchen situations, kitchen cutting tools, as a kitchen fresher, develops to a vital implement without which no kitchen can work. Compared with large and heavry traditional knives, these widgets are small and easy-to use. They can be the first choice when you need to cut things into thin slices. Tiny size, safe griping design and convenient handling characters, make these cutting tools totally welcomed by the modern kitcheners.

Fruit/Vegetable cutters and corers
For any families who love fruit and vegetable, these cutting tools are optimum selections. You can make fruits and vegetables into small pieces that is suitable for both adults and children, as well as for going in salads.

Slicer and grater
Slicers and graters can turn the cheese, fruits and vegetables into slices without any damages or bruise. Thesse tiny tools mostly look like a metal piece with a sharp slit on it, which is used to cut food thin and into peices.

Vegetable press
Do you have any tear experience when you are chopping lemen, onions or garlic? These vegetable presses can help you in any tearing chopping situations!

Kitchen Cutting Tools

Kitchen Cutting Tools,Fruit Cutter Tools,Food Cutting Tools,Kitchen Shears

V-Boom's Industrial Co.Ltd , http://www.v-booms.com