CPU card definition
Introduction of CPU card, the difference between CPU card and contactless IC card
CPU in general, the card chip refers to the chip contains a microprocessor, its function is equivalent to a microcomputer. People often use integrated circuit card (IC card chip on the metal sheet is the CPU card chip. CPU card can be used in finance, insurance, traffic police, government industry and other fields User space Large, fast reading speed, support a card multi-use characteristics, has passed the Peoples Bank of China and the National Trade Secrets Commission certification. CPU from the appearance of the card is ordinary IC RF card and RF card no difference, but the performance has CPU card hardware contains random number generator DES, 3DES encryption algorithm, etc., with the operating system that is the OS on the cpu chip, also known as COS, can achieve the level of financial security.
Introduction of CPU card
CPU card: also known as smart card, with a microprocessor card integrated circuit CPU, storage unit (including random memory RAM, program memory ROM (FLASH), user data memory EEPROM) and the chip operating system COS. Data security protection function. Due to the lack of mastery of key production processes, Chinas original design of the CPU has been in foreign production card chips. At present, Chinas independent design and manufacture of CPU card capacity of 128K. CPU card can be applied to finance, insurance, traffic police, government industry and other fields. With the characteristics of large user space, fast reading speed, and support for multiple uses of one card, it has been certified by the Peoples Bank of China and the National Business Secretary Committee.
The difference between CPU card and contactless IC card
I. Technology (contactless IC card and CPU card)
1、 Logic encryption card also known as memory card, the integrated circuit in the card has encryption logic and EEPROM (electrically erasable programmable read-only memory).
2, CPU card, also known as smart card, the integrated circuit in the card includes a central processing unit (CPU), EEPROM, random memory (ROM), cured in read-only memory (ROM) on-chip operating system (COS), some card chips also integrate a cryptographic operation association processor to improve security and work speed, making its technical specifications are much higher than the logical encryption card.
3、 CPU is much higher than logical encryption card in terms of transaction speed and data interference due to the cards microprocessor function, and allows simultaneous operation of multiple cards with anti-collision mechanism.
Second, security and confidentiality (contactless IC card and CPU card)
1, the logic encryption card has a storage storage function to prevent the card information randomly rewritten IC card, when the encryption card operation must first check the card password, only check the correct, the card sends a series of correct response signal, the card correct operation, but because there is only one authentication, no other security protection measures, easy to lead to password leakage and counterfeit card, its security performance is very low.
2, due to the CPU card in the microprocessor and IC card operating system (COS), when the CPU encryption and decryption algorithms (algorithms and passwords are not easy to crack) can be used for card operation IC card system requires multiple mutual password authentication (extremely fast), improving the security performance of the system and has a very good effect on preventing counterfeit cards.
In summary, logical encryption card and CPU card, CPU the card not only has all the functions of the logical encryption card, but also has a logical encryption card does not have high security, flexibility, support and application expansion performance, but also the main trend and direction of future IC card chip development.
III. Comparison of CPU and logical encryption system (contactless) IC card and CPU card)
As we all know, the key management system (Key Management System), also referred to as KMS, is the core of IC project security. How to carry out key security management throughout the entire life cycle of IC card applications.
1, non-contact logic encryption card security authentication depends on the independence of each sector KEYA and KEYB verification can be carried out through the fan control word KEYA and KEYB different security combinations to achieve the fan data read and write security control. Non-contact logic encryption card personalization is also relatively simple, mainly including data and fan area KEYA, KEYB during this period, all sensitive data including KEYA and KEYB in the form of plaintext directly updated. As KEYA and KEYB authentication mechanism can only solve the authentication of the card to the terminal, can not solve the authentication of the terminal to the card, commonly known as the risk of counterfeit cards. The contact logic encrypts the card, i.e., the key is a predetermined deterministic number. Regardless of how the key is calculated, it must ultimately match the original number in order to read and write the protected data. Therefore, either a one-card, one-secret system or a unified cryptographic system can decrypt a non-contact logic encrypted card after cracking. Many people believe that ID numbers can avoid key decryption as long as they use a one-card, one-secret, real-time online system or a non-contact logic encrypted card. In fact, decrypting non-contact logic encrypted cards means that M1 cards can be copied and illegal top-ups can be avoided by using online systems, but illegal consumption is not guaranteed, i.e., copying M1 cards with the same ID number can be used for illegal consumption. The technology nowadays can be fully replicated using FPGA. Based on this principle, M1. access control cards are also not secure. Currently 80% of domestic access control products are original IC card ID number or ID card ID number to do access control card, no encryption authentication or development of special keys, its security risks are far greater than Mifare card crack more dangerous. Illegal crack can only be completed by professional technical means to crack the process, resulting in most domestic access control products are not secure. Due to the early design theory of access control products introduced from abroad, most domestic manufacturers have long adopted foreign practices ID and IC identification using the read-only characteristics of the card, with little attention to the encryption authentication between the card and the machine, the lack of key system design; ID card is an easy-to-copy carrier, resulting in almost all access control can be cracked and copied in an instant; this is the biggest domestic security market in China of the disaster.
2. Compared with contactless CPU and contactless logic encryption cards, card smart cards have independent CPU processors and chip operating systems can be more flexible to support different application requirements and more securely designed transaction processes. But at the same time, compared with the contactless logic encryption card system, contactless logic encryption card system CPU card smart card system is more complex and requires more system modifications, such as key management, transaction process, PSAM card and card personalization. Keys are usually divided into recharge keys (ISAM cards), impairment keys (PSAM cards), external authentication keys (SAM cards) and all-purpose keys (ASAM cards). Contactless CPU smart cards can be used to meet the security and key management needs of different business processes with high reliability through internal and external authentication mechanisms such as the e-purse transaction process defined by the Ministry of Construction. The circling key can be used for e-purse circling, the consumption key can be used for consumption, the clearing can be used for TAC key, the card application maintenance key can be used for updating data, and the card personalization process can be used for card transmission key, card master key, application master key, etc., truly realizing one key.
CPU installed in the read-write device card encryption algorithm, random number generator and key authentication card (SAM can achieve the following functions.
1) The authentication of the card is realized through the terminal equipment SAM card
2) Mutual authentication of CPU card and terminal device SAM card realizes the authentication of the card terminal
3） The recharge of the CPU card through the ISAM card to achieve safe stored value
(4) The PSAM card is used to reduce the value of the CPU card to achieve safe deduction.
5） The data transmitted in the terminal device and the CPU card is encrypted transmission
6） The data transmission verification calculation can be realized by the MAC1 sent from the CPU card to the SAM card, the MAC2 sent from the SAM card to the CPU and the TAC returned from the CPU card; MAC1, MAC2 and TAC are different for the same CPU card in each transmission, so the method of air reception cannot crack the CPU card