1 Introduction
Domestic CPU smart cards are becoming more and more popular, and the scope of use is becoming more and more extensive, and there are more and more types, such as public transportation cards, social security cards, financial cards, and so on. Relying on the high security of the CPU smart card, generally can support offline payment transactions, that is, without the need to connect the back-end system in real time to complete the payment transaction, then the technical points that should be paid attention to offline payment are those, this article will focus on this CPU smart card off The machine payment transaction process technology is analyzed, and several types of domestic standard card products offline transactions are compared for your reference.
2. CPU smart card product features
CPU smart card is a security device with micro processor, hardware algorithm encryption coprocessor, hardware random number generator, with memory, contact or contactless or dual interface communication, with identity authentication and electronic payment functions. It can be applied in the fields of finance, social security, public transportation, water and electricity gas, and government business.
Smart card products are passive devices that do not have a power supply themselves. The power supply comes entirely from the terminal POS device. Therefore, during the use of the smart card, the process of abnormal interruption often occurs. In the event of an abnormal situation, the smart card product shall ensure the integrity and accuracy of the data in the card, and at the same time provide some auxiliary means or methods to query the terminal POS machine for the transaction situation. In particular, in the process of offline trading, if an abnormality occurs, at this time, the transaction completion review mechanism appears to be an important, that is, the transaction prevention mechanism.
At present, the main domestic smart card products are divided into application technology standards, mainly based on debit, credit application financial IC cards (including standard debit/credit application cards, electronic cash cards based on debit/credit applications, fast Debit/credit card (Qpboc card), social security Ic card, e-wallet card based on the COS standard of the Ministry of Construction CPU card, etc., this article will use these kinds of card products as the analysis object.
3. Offline trading relationship analysis
CPU smart card offline transactions mainly involve several aspects, the card issuer back-end system, the acquirer POS machine, the card and the cardholder.
4. Analysis of key points of offline payment technology
4.1 Card cardholder certification
This is generally done using the cardholder password, which is primarily used to prevent cards from being stolen or unauthorized.
When offline trading is performed on a financial IC card based on a debit/credit application, it is optional to hold the card into the legal authentication, but it is necessary to check whether the number of cardholder verification errors is exceeded; if the social security IC card is set by the cardholder The password must be authenticated by the cardholder when offline. The construction of the IC card does not support cardholder authentication when it is offline due to the transaction amount and transaction speed.
4.2 POS machine card legality certification
It is mainly used to protect copy card or counterfeit card, thus protecting the interests of cardholders and issuers. In the offline transaction process, the POS machine uses a symmetric or asymmetric algorithm scheme to verify the integrity of the key data of the card or the key data has not been tampered with and copied, thereby achieving the purpose of verifying the identity of the card.
4.3 Card POS machine legality certification
The main purpose is to prevent the card from being illegally modified, thus protecting the cardholder's interests. Especially for prepaid unsigned card products, it is important. The social security IC card and the construction IC card adopt a symmetric algorithm scheme to verify the integrity of the key data of the POS machine during the offline transaction process, thereby verifying the legality of the POS machine.
4.4 Transaction review mechanism
Mainly to achieve an exception when an offline transaction, provide a way to query whether the last transaction was successfully completed, and return the key verification data of the successful transaction. The social security IC card and the construction IC card have a good anti-pull transaction mechanism, which can well cooperate with the POS machine to improve the abnormal transaction processing; while the financial IC card based on the debit/credit application does not have this function.
4.5 Card transaction flow anti-counterfeiting TAC or TC calculation
It mainly realizes the offline transaction verification data generated by the card, which is used to prevent the risk of cardholder transaction repudiation and POS machine counterfeiting. Generally, a symmetric algorithm is used to calculate key data, and the TAC or TC generated by each transaction of each card is different.
4.6 Offline payment requires PSAM
In the offline payment process, according to the key management features of the product, there are cards that require the support of the PSAM card, while some cards do not require the PSAM. Based on the debit, the financial IC card used in the credit application adopts an asymmetric key system, and the PSAM card is not required in the offline transaction process; the social security IC card and the construction IC card adopt a symmetric key system, and the offline transaction Must have PSAM card participation to complete.
4.7 Accounting method
There are two types of online payment methods: the pre-authorization method and the pre-payment method. Financial debit/credit financial IC cards are usually pre-authorized. The offline payment in the card is the bank's pre-set offline credit limit is not the real amount. When offline payment, only the card is deductible. The amount of authorization, the actual currency payment occurs in the background clearing.
The social security IC card and the construction IC card usually adopt the prepaid method, and the offline payment amount in the card must be pre-stored by the “recharge†operation, and the actual money payment occurs before the offline payment. However, some local social security IC cards also use pre-authorization, and actual currency payments occur during background clearing after offline payment.
In addition, the financial IC card and the social security IC card use the registration method, the card is lost, and loss may occur; while the IC card is built in an anonymous manner, the card is lost, and the money in the card is also lost.
5. Comparison of several types of CPU smart cards in China
From the perspective of smart card product features and transaction process, the following six offline payment technology points can be summarized for comparison.
Note:
MAC verification: data packet verification mode, using a symmetric algorithm to verify the legality and integrity of the data;
SDA: Static data authentication, using an asymmetric algorithm to verify that the data in the card has been tampered with;
DDA: Dynamic data authentication, using an asymmetric algorithm to verify that the card is not a duplicate card or a fake card;
CDA: Composite dynamic data authentication, using an asymmetric algorithm to verify that the card is not a duplicate card or a fake card;
Based on the advantage of debit/credit financial Ic card, the asymmetric key system is adopted, and the participation of PSAM card is not required in the transaction process, so there is no restriction on card intercommunication;
Based on the shortcomings of the debit/credit financial Ic card offline transaction, the legal identity of the POS machine cannot be authenticated, and at the same time, there is no transaction prevention mechanism.
6. Product application scenario recommendations
According to the characteristics of various products, the application scenarios in offline payment are recommended.
- Bonet Eyelash Curler is designed to create a perfect and beautiful fit on every lashes to give you huge satisfaction from our product!
- Accentuate your eyes by curling your eyelashes. Curl the lashes before applying mascaras or false lashes !
- High quality carbon steel frame that was perfectly engineered for both at home and professional use !
- Ergonomics handle made of carbon steel will keep well-balanced when creating the most lift and curl for your gorgeous eyes, without slipping !
- Comes with soft refill pads. Legit: *NO PAIN, NO TOXIC*
Carbon Steel Eyelash Curler,Precision Eyelash Curler,Mini Eyelash Curler,Steel Eyelash Curler
Bonet Houseware Co., Ltd. , https://www.manicureset.de