Application development and challenges of CPU card in "one card" system

With the development of smart IC card technology, there is a higher requirement for the storage and encryption characteristics of the card body itself. The traditional MIFARE 1 card has been gradually replaced by a smart IC card with a higher encryption technology, and the CPU card is one of the typical representatives. Applying the CPU card to the "one card" system can make the system have higher function scalability and greatly improve the security of use. And the card body itself has a larger storage space and a faster reading speed. Then upgrade the existing system software to complete the integration of the system and the CPU card.

CPU卡在“一卡通”系统中的应用发展及挑战——中国一卡通网

I. CPU card overview

The CPU card, also called a smart card, is an IC card with a microprocessor chip, and the card structure is similar to a microcomputer system. The integrated circuit inside the card is like a computer motherboard. It integrates a central processing unit (CPU), EEPROM, random access memory (RAM), read-only memory (ROM), and has an on-chip operating system in the read-only memory, which is COS. . Some in-card chips also integrate an encryption computing coprocessor to improve security and speed.

The CPU card user storage space adopts a directory and file management mode similar to the computer operating system, and is more flexible when the function is expanded, and the storage space can be allocated as needed. When the microprocessor of the card body runs with its own operating system, it can perform hierarchical encryption and decryption. The user needs to perform multiple password authentication when performing card operation, which improves the security of the system. Regardless of the storage capacity of the user space or the security encryption feature, the CPU card can adapt to the needs of current development. The CPU card can be applied to many fields such as finance, insurance, police, government, etc. It has the characteristics of multi-card use and has been certified by the People's Bank of China and the State Commerce Commission.

2. Comparison of MIFARE 1 card and CPU card features

For the CPU card, it makes up for many of the shortcomings of MIFARE 1. What is the difference between it and the MIFARE 1 card? What advantages does the CPU card have? Here is a brief introduction:

(1). Storage space and partition

MIFARE 1 card storage space is very limited, and adopts fixed sector and block management.

The CPU card storage space is several times that of the MIFARE 1 card, which fully meets the current storage needs. It uses a file storage method similar to the operating system, and the design is very flexible.

(2). Key length

The MIFARE 1 card uses a 6-byte password and is sector-controlled.

The CPU card uses a 16-byte key, and can establish multi-level partitions according to actual needs, realizes combined control of multi-level partition multi-level keys, and improves security in use.

(3). Encryption authentication algorithm

The MIFARE 1 card uses a proprietary, undisclosed hardware logic algorithm that has been cracked.

The CPU card uses universal open software or hardware acceleration algorithms and is customizable and meets financial standards.

(four). read and write security module

The MIFARE 1 card uses the algorithm built-in key delivery, and the authentication method is card and dedicated base station chip authentication. This technology has been cracked.

The CPU card is transparently transmitted by the universal read/write module. With the SAM key algorithm, the authentication is performed inside the two cards. The encrypted random number is used in the transmission process, which greatly improves the security during reading and writing.

(5). Trading process

The trading process of the MIFARE 1 card is simple and non-standard, and the custom defense process needs to be customized.

The CPU card has a financial standard specification, and can also be flexibly designed by the user, and has a built-in anti-extraction process.

(6). Access control

The MIFARE 1 card can be read-only, write-only, read/write, add, and subtract.

The CPU card flexibly designs authentication methods for different file types.

(7). Advantages of the CPU card

From the perspective of system security, IC cards are also constantly improving in terms of security. The CPU card has the most vitality in terms of security. The CPU card can be used in a variety of security modes and can even protect the software system. A variety of different applications can be used at the same time, such as the storage structure of the virtual MIFARE 1 card, that is, one card multi-purpose. The combination of COS and software systems increases operational flexibility.

III. Upgrade plan for the “one card” system of a national ministry

The “one card” system of a national ministry is still applying the MIFARE 1 card. This type of card has gradually failed to meet the growing demand in terms of security and storage capacity. According to the expansion of current application requirements, the MIFARE 1 card has been upgraded. It is imperative. Replacing the existing MIFARE 1 card with a CPU card is more suitable for practical needs.

(1). The concept of application upgrade

Currently, the ministry uses the MIFARE 1 card to implement applications such as access control, reimbursement, medical care, and consumption. The access control subsystem sends the ID of the card to the access controller, and compares the card ID with the information stored in the controller when the card is swiped, and confirms whether the access authority is available. This comparison efficiency is the highest, but the system management terminal needs to send data to each access controller. If a network failure occurs or a new controller is replaced, the data needs to be re-issued, which is likely to result in inconsistent data and is difficult to manage. At present, there are many related subsystems, and users often need to operate multiple application systems to make one card, which is difficult to use.

If you upgrade your current access control subsystem, consider a new application model. First, integrate the system software to minimize the operator's operational complexity. Second, upgrade the card carrier to a CPU card, taking advantage of its storage capacity and encryption features. Make necessary upgrades to the system, set the pass permission code for each access controller, and set the code according to the agreed rules. Each access controller is authorized in the initial phase, and this authorization is actually to write the permission code to the controller. What needs to be added is that the controller needs a built-in authentication program to control the card authentication process. Authorization of the controller only needs to be done once during the initialization phase. Since the storage space of the CPU card is increased, and the management of the data and the file is managed by the directory and the file, a storage space can be separately opened for the access control system, and the access permission codes of the access points are directly written into the card. In this way, each card has its own access rights. When entering and leaving, the CPU card reader cooperates with the access controller, and the card can be directly authenticated through the internal authentication program of the controller. This eliminates the need to send data to the access controller, and makes full use of the storage capacity of the CPU card. The above upgrade method of the access control subsystem improves the security and ease of operation of the system to a certain extent. Before the actual application, it is necessary to conduct a large number of tests on the working efficiency and stability of the access control authentication method.

The reimbursement, medical, consumption and access control subsystems are separated from each other. They only use the existing card carrier to store some personnel basic information for interaction. Due to the MIFARE 1 card capacity limitation, the storage information is quite limited, which limits the function expansion of the entire access control system. The CPU card has one MF but can have multiple ADFs. Each file is read and written under the control of its own key, thus realizing a truly secure and reliable one-card multi-purpose. The key file is used to store the key, and a series of keys are set according to the user's needs and specific applications, and the card is authenticated and the file access is controlled by different keys. It includes a manufacturing key, a issuing key, an internal authentication key, an external authentication key, a consumption key, a transmission key, a signature key, an encryption key, and the like. Therefore, it is possible to generate separate storage areas for other systems and generate different keys. In the process of authentication and consumption of the CPU card, the MCU in the table is only a data transfer function. The specific encryption and decryption operations and card reading and writing are performed under the control of the internal operating system of the card, which is different from the read/write control of the logical encryption card. From the perspective of security, there has been a great improvement.

(two). The overall idea of ​​system upgrade

One card multi-use is the basic function that should be realized by the intelligent "one card" system. That is to say, access control, consumption, medical care, reimbursement system and other systems are integrated in one card, and the expansion space of various other systems and applications is reserved, realizing "one card at hand, convenient and worry-free" in the true sense.

The real intelligent "one card" system should realize the intelligent centralized management function, that is, establish a unified centralized management center, that is, the access control management system can perform centralized card issuance, centralized authorization, centralized loss reporting, and unified management with each subsystem to ensure the data of each subsystem. Synchronization and integrity, to achieve "resource sharing" between subsystems in the true sense.

The intelligent "one card" system should establish a common database to achieve unified storage and data sharing. At the same time, various data interfaces should be reserved to connect with other intelligent information management systems.

In addition to using the CPU card as the "one card" system card carrier, it is necessary to consider the upgrade of the CPU card security access control from two aspects, including the CPU card key management system and the CPU card access control card reader.

1. CPU card key management system

In the "one card" system with IC card as the application carrier, the management of the key is the basis of the whole system. Users can generate, distribute, and update keys through a key management system that is directly related to the security of the entire system. Users can classify and manage various types of keys, and complete card initialization by themselves, ensuring that users have the initiative to manage keys and issue cards.

The key data may be an AB code list, a key seed, or the like. The AB code list is actually a form of key seed. It divides the seed into two parts of AB, which are controlled by two people, which can improve security.

In the initialization phase of the CPU card, the filling of the card key and the initialization of the card structure are to be completed. To put it simply, the MF key file should be created for the CPU card. Secondly, the corresponding DDF and ADF key files are created according to the classification of the application. Finally, the EF file is created in each application directory.

2. CPU card reader

The CPU card reader introduces the authentication security mechanism into the field of access control. A card reader supporting a CPU card is used, and a pre-established security authentication read/write mechanism is applied. A Secure Access Module (SAM) can be built inside the reader, which establishes a complete and rigorous key management system with the CPU card. After the key is injected into the SAM card, the external cannot be read. Insert the SAM card into the card reader and pass the SAM card and CPU card for mutual authentication. The verification message is performed by a random factor. The same card is swiped on one device, and each time is different, eliminating the appearance of "pseudo-card".

(three). System function expansion

In order to make full use of the security features and high storage of the CPU card, a higher-level security authentication object can be stored in the card. More common fingerprint authentication. In the case of access control identification, fingerprint authentication can be used to quickly and accurately identify the "identity of identity", effectively preventing the occurrence of incidents such as fraudulent use of other people's documents and forgery of documents.

The function of the "one card" system with CPU card as the data storage carrier can be extended, which can realize attendance, patrol, out-of-town personnel management, visitor management, conference sign-in function, etc., and even further realize parking lot management, elevator management, energy control management.

In summary, due to the technical advantages of the CPU card itself, the "one card" system that applies the CPU card can be transformed into an intelligent "one card" system with complete functions and safety certification in place.

Fourth, the challenge of CPU card promotion

In terms of current CPU cards, card cost, compatibility with existing "one-card" systems, and ease of use are major challenges for further application.

At present, the cost of a general CPU card is twice as high as that of a traditional non-contact IC card, and can be accepted for relatively high-end applications such as traffic card and bank card, and for the "one card" system, campus card, and parking lot for enterprises and institutions. Applications such as management systems, such high costs will limit their development in these areas.

At this stage, a large number of non-contact IC card systems, especially reading and writing devices, are basically built on the MIFARE technology system. For so many applications, replacing all infrastructure is obviously not very realistic and often results in increased costs. Then, the CPU card upgrade solution with a good compatibility is the main thrust of the rapid development of CPU technology.

In the very good areas of CPU card expansion, such as traffic card, finance and e-government, because the application has very high requirements for system interactivity, there is a general standard and specification. Therefore, having a "plug and play" CPU card solution is especially important for the rapid development of CPU technology in this field.

Focusing on the above challenges, when selecting the CPU card, we must pay attention to the cost, compatibility, and ease of use of the card. Only in this way can we promote the application and development of CPU card technology in various fields.

V. Conclusion

In general, the development of the "one card" system will be more rapid and the application will be more abundant. Security and integration will be the goal and research direction of its development. It is imperative to upgrade and integrate existing systems. Because the CPU card has good security encryption features, it is more suitable for applications of security protection products. In particular, the high storage capacity makes it more suitable for the "one card" system, achieving the goal of one card multi-purpose. At this stage, using the CPU card as an upgrade card for the "one card" system should be a good choice.

Hardware Die Casting Customization

Ceramics Handles,Kitchen Ceramics Handles,Furniture Ceramics Handles,Ceramic Cupboard Knobs

Shenzhen Hongjingyuan Metal&Plastic Products Co., Ltd. , https://www.hjypull.com