Discussion on the Application of CPU Card Technology in my country’s Transportation Smart Card Industry
chrispeng [ad_1]
introduction
Logic encryption card technology is mature and low in price, and it occupies most of the market share in traditional urban traffic smart card applications. According to the development trend of traffic smart cards “one card with multiple uses and multiple cards interoperability”, the stock of funds in electronic wallets will inevitably increase, and the security risks of logical encryption cards have attracted great attention in the industry. The security of the CPU card is much better than that of the logic encryption card, but the high price severely restricts its promotion and application. Recently, with the introduction of non-contact CPU cards, their prices are close to logical encryption cards, and the technology is becoming more mature. This makes it possible to comprehensively promote the application of CPU cards to replace logical encryption cards. To this end, the Ministry of Construction clearly requires that cross-industry and interconnected IC card applications should use high-security CPU cards, and organizes the compilation of industry standards such as CPU card chip technical requirements and COS technical requirements, and is committed to promoting CPU card technology in transportation smart cards. Field of application.
Mainstream program analysis
At present, the vast majority of urban traffic smart card applications in my country are based on logic encryption card technology. Over 100 million logic encryption cards have been issued nationwide, and hundreds of thousands of card swiping terminals have been installed. When promoting CPU cards, how can we not only protect existing investments, but also facilitate the use of ordinary people, and achieve a smooth transition? The industry currently has three main opinions on this.
Opinion 1: One-step promotionCPU card
Technical solution: CPU card does not need to be compatible with logic encryption card.
System transformation: Fully upgrade the original logic encryption card system, transform or replace all transaction terminals that can only read and write logic encryption cards (hereinafter referred to as M1 terminals) into transaction terminals that can read and write CPU cards (hereinafter referred to as CPU terminals). The CPU terminal should support the reading and writing of the logic encryption card at the same time to achieve backward compatibility.
Operation mode: All newly deployed transaction terminals adopt CPU terminals, and all newly issued cards adopt CPU cards. The CPU card supports cross-industry and interconnection applications. The issued logic encryption card is restricted to the original application field and is gradually eliminated by the market.
Analysis of pros and cons: Since the promotion of CPU card applications does not produce direct economic benefits, and this solution requires operators to comprehensively upgrade the original system, a large one-time investment is difficult for operators to bear, lack of enthusiasm, and it is very difficult to promote. Operability is questionable.
Opinion 2: Dual wallet synchronization
Technical solution: The CPU card has a part of the space drawn by the hardware to simulate the logic encryption card function. The CPU card itself has an electronic wallet that meets the PBOC standard (hereinafter referred to as CPU wallet), and the simulated logic encryption card function also has an electronic wallet (below Called M1 wallet). During each transaction, the card COS checks and synchronizes the data of the two wallets to ensure that the balances of the two wallets are the same.
System transformation: There is no need to upgrade the already deployed M1 consumer terminal, only the recharge terminal needs to be transformed or replaced with a CPU terminal to improve the security of CPU card recharge. The original recharge process is still used for the logic encryption card, and the upper limit of recharge is low.
Operation mode: All newly deployed transaction terminals adopt CPU terminals, and all newly issued cards adopt CPU cards. During the transition period, the M1 consumer terminal uses a logical encryption card consumption process for all cards. The CPU consumer terminal should be able to automatically identify the card type and adopt the corresponding consumption process. When the CPU card is consumed, the COS automatically synchronizes the CPU wallet with the M1 wallet. As the M1 terminal is gradually depreciated, replaced with a CPU terminal, and most of the logical encryption cards have exceeded their validity period, the transition period ends. All links of the application adopt CPU card technology and are no longer compatible with logical encryption cards.
Analysis of pros and cons: This scheme has a small amount of system transformation, which greatly reduces the capital investment of operators during the transition period, which can effectively improve the enthusiasm of operators and is beneficial to the promotion of CPU cards. However, during the transition period of the CPU card, the two electronic wallets need to be synchronized by COS for each transaction, which increases the complexity of the transaction and affects the efficiency and stability of the transaction. Many card dealers said that with current technical conditions, it is difficult to guarantee that the transaction will be completed within 300ms after adding the synchronization operation of the electronic wallet. The transportation smart card application is dominated by fast consumption. If the transaction time exceeds 300ms, it will seriously affect the convenience of cardholders. In addition, increasing the synchronization of electronic wallets also greatly increases the probability of abnormal transactions, and there are certain technical obstacles.
Opinion 3: Dual wallet asynchronous
Technical solution: CPU card supports CPU and M1 dual wallets, but COS does not synchronize the two wallets during transactions.
System transformation: The requirements for system transformation in this plan are consistent with Opinion 2.
Operation mode: The newly deployed transaction terminals all use CPU terminals, and all newly issued cards use CPU cards. The operator provides services for “loading” part or all of the funds from the CPU wallet to the M1 wallet. During the transition period, the M1 terminal uses a logical encryption card consumption process for all cards, and the CPU terminal automatically recognizes the card type and adopts the corresponding consumption process. Since the CPU wallet and the M1 wallet are not synchronized, the two wallets need to be managed independently. This requires the cardholder to be familiar with which wallet’s funds are deducted for various consumptions, and to “load” in time to ensure that both wallets have sufficient balances. Otherwise, it is easy to have money in the card, but cannot be consumed due to insufficient funds in the corresponding wallet. After the end of the transition period, the business model of this plan is consistent with Opinion 2.
Analysis of pros and cons: This solution circumvents the technical barriers to electronic wallet synchronization, but it is not realistic to require cardholders to know which wallet corresponds to various consumptions. It is very inconvenient for cardholders to use, and it is difficult for operators to explain the reasons. Losing the user will lose the foundation of the application. Such an application method is difficult to gain a foothold in the market. There is a risk of abortion during the transition period, and operators will weigh themselves.
solution
The above three solutions have their own advantages and disadvantages. How to overcome the obstacles of promotion, technology and application and achieve a balance has become the most intensely debated topic among industry experts. After analysis and research, the following solutions are proposed for the industry’s reference.
Technical choice: The dual wallet solution is still adopted. Part of the space of the CPU card is simulated by the hardware to encrypt the function of the logic card to realize the CPU and M1 dual electronic wallet. Card COS should ensure that only the CPU wallet can be recharged through external instructions, and the M1 wallet cannot be recharged through external instructions. Only COS can automatically transfer funds from the CPU wallet to ensure that the logic encryption card recharge key is not transmitted to the terminal during the transaction. Ensure that the M1 wallet The recharge is safe.
The key technology of this solution is to require the card COS to support two kinds of recharge instructions, instruction A (the same below) to recharge the CPU wallet, and instruction B (the same below) to recharge the M1 wallet through the CPU wallet. Instruction A uses the CPU card recharge process that meets the PBOC standard; the basic process of instruction B is: After receiving the instruction, COS first uses the CPU card recharge process to recharge the CPU wallet. After the recharge is successful, COS automatically performs full consumption operations on the CPU wallet. “Load” all funds to M1 wallet. After the recharge is completed, the CPU wallet balance should be zero, and the M1 wallet balance should be the original balance plus the recharge amount.
System transformation: The requirements for system transformation in this solution are basically the same as those in Opinion 2. The recharge terminal is specifically required to support the instruction A and instruction B processes, and can be controlled by parameters; the CPU consumer terminal does not need to automatically recognize the card type, and the logic is controlled by the parameters. Encryption card consumption process or CPU card consumption process.
Operation mode: All newly deployed transaction terminals adopt CPU terminals, and all newly issued cards adopt CPU terminals.CPU card. During the transition period, the CPU card recharge all adopts instruction B, that is, all funds are transferred to the M1 wallet after recharge. The CPU consumer terminal will operate according to the logic encryption card consumption process regardless of the CPU card or the logic encryption card, and the cardholder is just like using it. Same as a single M1 wallet.
The “service” life of traffic smart card transaction terminals and logical encryption cards is generally 5 years. As the deployed M1 terminals are gradually depreciated and replaced with CPU terminals, and most of the logical encryption chips exceed their valid years, the transition period ends. The operator downloads the parameters, the recharge terminal uniformly uses the instruction A to recharge, and the consumer terminal uniformly uses the CPU card process, and all links of the application use the CPU card technology, which is no longer compatible with the logic encryption card. Operators should provide a “fund transfer” service to charge the M1 wallet balance into the CPU wallet. The process is: full consumption of the M1 wallet, and then full recharge of the CPU wallet through instruction A.
case analysis:
This solution simultaneously overcomes the drawbacks of the above three opinions:
1. The amount of system transformation is small, and the capital investment in the transition period is small, which is conducive to increasing the enthusiasm of operators to promote CPU cards.
2. There is no need to synchronize the e-wallet for every transaction, and the COS will only transfer funds when the CPU card is recharged during the transition period. Since recharge does not require high transaction speed, and the frequency of use is much lower than consumption, the impact on transaction efficiency and stability is minimal.
3. For cardholders, there is only one wallet. During the transition period, all consumptions will be made with logical encryption card wallets. After the official launch, all consumptions will be made with CPU card wallets, which will not cause any inconvenience.
It is controversial that the CPU terminal also uses the logic encryption card consumption process for the CPU card. This is a retrogression of technology and the system security has not been improved, which is a waste of investment.
The author believes that the security of the traffic smart card is mainly in the aspect of recharging, because the increase of card funds by counterfeiting recharges will cause losses to the operator, and the counterfeit consumption can only reduce the funds in the card, and the loss is the counterfeiter himself, and the operator increases it instead. income. This solution requires that the CPU card recharge adopts a CPU card security authentication mechanism that meets the PBOC standard, and the hardware prohibits the virtual M1 wallet recharge of the CPU card; for the issued logical encryption card, the operator can control the risk by reducing the upper limit of the recharge, from the most The main aspect has improved system security. During the transition period, all consumption adopts a unified logical encryption card process, which is convenient for users and a means to ensure a smooth transition. It can also reduce the amount of transformation and upgrade investment in the central settlement system during the transition period, which can increase the enthusiasm of operators to a certain extent , The so-called kill two birds with one stone. It is true that since the logical encryption card itself cannot generate the TAC code to verify the uniqueness and validity of the transaction, it will have a certain impact on the settlement of interconnected applications. However, as long as the logic encryption card is still in use, the impact cannot be avoided. The current mainstream solution only minimizes the logic encryption card transaction and cannot fundamentally solve this problem. After the transition period is over, the CPU card consumption process will be uniformly adopted, and this problem will no longer exist. Therefore, the unified use of the logic encryption card consumption process during the transition period has little impact on system security, which is a feasible solution.
Concluding remarks
This solution overcomes the obstacles of CPU card promotion, technology and application, and can effectively promote the promotion of CPU card technology, improve the safety of the traffic smart card system, and achieve a smooth transition. It is hoped that this plan can play a role in attracting new ideas and resonating. As long as people in the industry work together, give full play to the ingenuity of the Chinese, work together and actively promote, I believe that the spring of CPU card applications will soon come.
About the author: Chen Zhe, Guangdong United Electronic Toll Collection Co., Ltd.
[ad_2]
