1 Introduction
The domestic CPU smart cards are becoming more and more popular, and their use is becoming wider and wider. There are more and more types of smart cards, including public transportation cards, social insurance cards, and financial cards. Relying on the high security of the CPU smart card, generally can support offline payment transactions, that is, without the need to connect the background system in real time to complete the payment transaction, then the offline payment should focus on those technical points, this article will focus on this CPU smart card Machine payment transaction process technology is analyzed, and several types of domestic standard card product offline transactions are compared for your reference.
2CPU smart card product features
The CPU smart card is a security device with a microprocessor, a hardware algorithm encryption coprocessor, a hardware random number generator, a memory, contact or non-contact or dual interface communication, and functions such as identity authentication and electronic payment. It can be applied to such fields as finance, social security, public transportation, utilities and government affairs.
Smart card products are passive devices and do not have their own power supply. The power supply comes entirely from the terminal POS devices. Therefore, the abnormal interruption process often occurs during the use of the smart card. When an abnormal situation occurs, the smart card product must ensure the integrity and accuracy of the data in the card, and at the same time, it should provide some auxiliary means or methods to query the terminal POS machine for transaction status. In particular, in the offline transaction process, if an exception occurs, the transaction completion review mechanism appears to be an important one, ie, a transaction prevention mechanism.
At present, the main smart card products in China are divided into application technology standards, mainly including financial IC cards based on debit and credit applications (including standard debit/credit application cards, electronic cash cards based on debit/credit applications, and Debit/credit card (Qpboc card), social security IC card, electronic wallet card based on the Ministry of Construction CPU card COS standard, etc. This article will use these card products as analysis objects.
3 offline transaction relationship analysis
The off-line transaction of the CPU smart card mainly involves several aspects: the issuer's background system, the acquirer's POS machine, cards and cardholders.
4 offline payment technology analysis 4.1 card certification to cardholders
The cardholder password is generally used to implement this verification. This legality verification is mainly used to prevent the card from being stolen or unauthorized use.
When a financial IC card based on a debit/credit application is used for off-line transactions, legal verification of card-holding is optional, but it is necessary to check whether the number of card-holder verification errors exceeds the limit; if the cardholder of the social security IC card is set The password must be verified by the cardholder when the transaction is offline. The IC card does not support cardholder authentication when offline transactions are required due to the transaction amount and transaction speed.
4.2 POS authentication of card legality
It is mainly used to prevent the copying of cards or counterfeit cards, thereby protecting the interests of cardholders and issuing banks. In the off-line transaction process, the POS machine uses a symmetrical or asymmetrical algorithm to verify the integrity of the key data of the card or the key data has not been tampered with and duplicated so as to verify the identity of the card.
4.3 Card Validity Verification of POS Machines
It is mainly to prevent the card from being illegally modified so as to protect the interests of cardholders. Especially for pre-paid and bearer card products, it is important. The social security IC card and the construction IC card use a symmetric algorithm scheme to verify the integrity of the key data of the POS machines during the off-line transaction, so as to achieve the verification of the legality of the POS machines.
4.4 transaction review mechanism that is anti-pull function
The main achievement is to provide a way to query whether the last transaction was successfully completed when an exception occurs during the off-line transaction and return the key verification data of the successful transaction. The social security IC card and the construction IC card have a good anti-examination transaction mechanism, and can be used in conjunction with the POS machine to improve the abnormal transaction processing. The financial IC card based on debit/credit application does not have this function.
4.5 Card Transaction Anti-counterfeiting TAC or TC Calculation
It mainly implements offline transaction verification data generated by the card, which is used to prevent cardholders from repudiating the transaction and the risk of falsification of the POS machine. A symmetric algorithm is generally used to calculate the key data. The TAC or TC produced by each card per transaction is different.
4.6 Offline Payment Requires PSAM
In the offline payment process, according to the key management features of the product, there are cards that need the support of the PSAM card, and some cards do not need the PSAM. Based on the debit, the credit IC card used for credit application adopts an asymmetric key system, and the PSAM card is not required to support the off-line transaction. The social security IC card and the construction IC card use a symmetric key system, and the offline transaction Must have PSAM card participation to complete.
4.7 Accounting methods
There are two kinds of pre-authorization and pre-paid methods for the card-based offline payment amount accounting method. Based on financial debit/credit IC card, the pre-authorization method is usually used. The offline payment can be made by the bank. The pre-set offline amount is not a real amount. When offline payment is deducted, only the card is available. Authorization quota, actual currency payment occurs when the background clears.
Social security IC cards and construction IC cards are usually prepaid. The amount of offline payments in a card has to be pre-paid by the “recharge†operation. The actual currency payment occurs before the offline payment. However, some local social security IC cards also use a pre-authorization method. The actual currency payment occurs when the offline payment is processed in the background.
In addition, the financial IC card and the social security IC card use a registered method, and the card may be lost. Loss may occur. The construction of the IC card uses an anonymous method. The card is lost and the money in the card is also lost.
5 domestic comparison of several types of CPU smart cards
From the perspective of smart card product features and transaction process, the following six offline payment technology points can be summarized for comparison.
Note:
MAC authentication: data packet authentication method, using a symmetric algorithm to verify the validity and integrity of the data;
SDA: Static data authentication, using asymmetric algorithms to verify that the data in the card has been tampered with;
DDA: dynamic data authentication, using asymmetric algorithm to verify that the card is not a copy card or a fake card;
CDA: Composite dynamic data authentication, using asymmetric algorithm to verify that the card is not a copy card or a fake card;
Based on the advantages of debit/credit financial Ic cards, the asymmetric key system is adopted, and participation of PSAM cards is not required in the transaction process, so that there is no restriction on the interoperability of the cards;
Due to the disadvantages of debit/credit-based financial IC card offline transactions, it is impossible to authenticate the POS machine's legal identity. At the same time, it does not have a transaction prevention mechanism.
6 product application scenarios
According to the characteristics of various products, application scenarios are related to offline payment, as shown in Table 2. (Eastern Peace Smart Card Co., Ltd. Lei Diesheng)
The domestic CPU smart cards are becoming more and more popular, and their use is becoming wider and wider. There are more and more types of smart cards, including public transportation cards, social insurance cards, and financial cards. Relying on the high security of the CPU smart card, generally can support offline payment transactions, that is, without the need to connect the background system in real time to complete the payment transaction, then the offline payment should focus on those technical points, this article will focus on this CPU smart card Machine payment transaction process technology is analyzed, and several types of domestic standard card product offline transactions are compared for your reference.
2CPU smart card product features
The CPU smart card is a security device with a microprocessor, a hardware algorithm encryption coprocessor, a hardware random number generator, a memory, contact or non-contact or dual interface communication, and functions such as identity authentication and electronic payment. It can be applied to such fields as finance, social security, public transportation, utilities and government affairs.
Smart card products are passive devices and do not have their own power supply. The power supply comes entirely from the terminal POS devices. Therefore, the abnormal interruption process often occurs during the use of the smart card. When an abnormal situation occurs, the smart card product must ensure the integrity and accuracy of the data in the card, and at the same time, it should provide some auxiliary means or methods to query the terminal POS machine for transaction status. In particular, in the offline transaction process, if an exception occurs, the transaction completion review mechanism appears to be an important one, ie, a transaction prevention mechanism.
At present, the main smart card products in China are divided into application technology standards, mainly including financial IC cards based on debit and credit applications (including standard debit/credit application cards, electronic cash cards based on debit/credit applications, and Debit/credit card (Qpboc card), social security IC card, electronic wallet card based on the Ministry of Construction CPU card COS standard, etc. This article will use these card products as analysis objects.
3 offline transaction relationship analysis
The off-line transaction of the CPU smart card mainly involves several aspects: the issuer's background system, the acquirer's POS machine, cards and cardholders.
4 offline payment technology analysis 4.1 card certification to cardholders
The cardholder password is generally used to implement this verification. This legality verification is mainly used to prevent the card from being stolen or unauthorized use.
When a financial IC card based on a debit/credit application is used for off-line transactions, legal verification of card-holding is optional, but it is necessary to check whether the number of card-holder verification errors exceeds the limit; if the cardholder of the social security IC card is set The password must be verified by the cardholder when the transaction is offline. The IC card does not support cardholder authentication when offline transactions are required due to the transaction amount and transaction speed.
4.2 POS authentication of card legality
It is mainly used to prevent the copying of cards or counterfeit cards, thereby protecting the interests of cardholders and issuing banks. In the off-line transaction process, the POS machine uses a symmetrical or asymmetrical algorithm to verify the integrity of the key data of the card or the key data has not been tampered with and duplicated so as to verify the identity of the card.
4.3 Card Validity Verification of POS Machines
It is mainly to prevent the card from being illegally modified so as to protect the interests of cardholders. Especially for pre-paid and bearer card products, it is important. The social security IC card and the construction IC card use a symmetric algorithm scheme to verify the integrity of the key data of the POS machines during the off-line transaction, so as to achieve the verification of the legality of the POS machines.
4.4 transaction review mechanism that is anti-pull function
The main achievement is to provide a way to query whether the last transaction was successfully completed when an exception occurs during the off-line transaction and return the key verification data of the successful transaction. The social security IC card and the construction IC card have a good anti-examination transaction mechanism, and can be used in conjunction with the POS machine to improve the abnormal transaction processing. The financial IC card based on debit/credit application does not have this function.
4.5 Card Transaction Anti-counterfeiting TAC or TC Calculation
It mainly implements offline transaction verification data generated by the card, which is used to prevent cardholders from repudiating the transaction and the risk of falsification of the POS machine. A symmetric algorithm is generally used to calculate the key data. The TAC or TC produced by each card per transaction is different.
4.6 Offline Payment Requires PSAM
In the offline payment process, according to the key management features of the product, there are cards that need the support of the PSAM card, and some cards do not need the PSAM. Based on the debit, the credit IC card used for credit application adopts an asymmetric key system, and the PSAM card is not required to support the off-line transaction. The social security IC card and the construction IC card use a symmetric key system, and the offline transaction Must have PSAM card participation to complete.
4.7 Accounting methods
There are two kinds of pre-authorization and pre-paid methods for the card-based offline payment amount accounting method. Based on financial debit/credit IC card, the pre-authorization method is usually used. The offline payment can be made by the bank. The pre-set offline amount is not a real amount. When offline payment is deducted, only the card is available. Authorization quota, actual currency payment occurs when the background clears.
Social security IC cards and construction IC cards are usually prepaid. The amount of offline payments in a card has to be pre-paid by the “recharge†operation. The actual currency payment occurs before the offline payment. However, some local social security IC cards also use a pre-authorization method. The actual currency payment occurs when the offline payment is processed in the background.
In addition, the financial IC card and the social security IC card use a registered method, and the card may be lost. Loss may occur. The construction of the IC card uses an anonymous method. The card is lost and the money in the card is also lost.
5 domestic comparison of several types of CPU smart cards
From the perspective of smart card product features and transaction process, the following six offline payment technology points can be summarized for comparison.
Note:
MAC authentication: data packet authentication method, using a symmetric algorithm to verify the validity and integrity of the data;
SDA: Static data authentication, using asymmetric algorithms to verify that the data in the card has been tampered with;
DDA: dynamic data authentication, using asymmetric algorithm to verify that the card is not a copy card or a fake card;
CDA: Composite dynamic data authentication, using asymmetric algorithm to verify that the card is not a copy card or a fake card;
Based on the advantages of debit/credit financial Ic cards, the asymmetric key system is adopted, and participation of PSAM cards is not required in the transaction process, so that there is no restriction on the interoperability of the cards;
Due to the disadvantages of debit/credit-based financial IC card offline transactions, it is impossible to authenticate the POS machine's legal identity. At the same time, it does not have a transaction prevention mechanism.
6 product application scenarios
According to the characteristics of various products, application scenarios are related to offline payment, as shown in Table 2. (Eastern Peace Smart Card Co., Ltd. Lei Diesheng)
Instrument Accessories And Others
other instrument accessories , Pneumatic Control Valve , Aluminum Alloy Trough Cable Tray , Waterproof Spray Plastic Trough Type Bridge
Jiangsu Leitai Automation Instrument Co., Ltd. , https://www.ltybmall.com