1 Introduction
With the rapid development of the economy and the improvement of the level of electronic payment, the security of the bank card as the main body of personal settlement has attracted much attention. The IC card itself has its own CPU and memory, and has computing and data storage capabilities. Security, the inability to copy forgery and other features have become the main issuing mother cards for modern bank cards. All major banks are competing to design and issue IC cards, which will replace magnetic stripe cards with unparalleled advantages. However, the rapid development and application of new technologies, such as the increase in card capacity and the emergence of new business models for bank IC cards, have challenged the application design of bank IC cards. A serious reality is: the application design of bank IC cards. At the beginning, some are definitely not considered. The issued bank IC cards must be reprocessed at an appropriate time later, such as rewriting security keys, increasing application partitions, etc., while bank cards are issued in large quantities and widely distributed. In the hands of the majority of customers, if they are collected first and then processed centrally, or let customers go to the designated outlets for centralized processing, it is very difficult, and some are almost impossible.
Based on the above situation, this paper proposes a design method for secondary card issuance based on bank card IC card, and gives the corresponding software design, card data storage, security key reset design, etc. This design uses the bank's existing resources. The feasibility of the second card issuance of the bank card is well solved, and the implementation cost is low.
2 system architecture
This design uses the existing resources of the bank, including hardware devices such as network and server. It only adds a processing server and a database for saving card data in the background, and according to the processing capability, the background processing can run on other servers, and the key The server continues the key server at the time of card issuance. The network topology diagram is shown in Figure 1.
The front and back office complete the card processing through C/S architecture interaction, and the IC card reader is equipped with an IC card reader at the front desk. All processing of the IC card is performed at the bank outlet, and the background is composed of a processing server, a database, and a key server. The front desk completes the interaction with the IC card, identity authentication, data reading and writing, etc., and saves the original data of the card and the storage of the card key in the background. Since all the IC card initial keys of the bank are consistent, they are saved in the background key server at the time of one card issuance design, so the key server is strictly synchronized with the one-time card issue. In Figure 1, the front and back of the bank communicate through the TCP/IP protocol. The card security key is presented in cipher text format during the transmission process. The front and back offices verify the identity of each other during each communication. The network operator checks the cardholder. A valid ID such as an ID card determines its identity, and the cardholder must enter the card password for processing.
3 software design
Bank IC card secondary card is involved in more content, roughly as follows: card has data storage, card erasure - restore IC card factory state, establish primary partition, load card master key, establish processing progress record, establish application partition Load the application partition master key, create a partition application file, load the partition application key, load the data in the original card, and so on. as shown in picture 2.
Because each operation of the IC card is especially related to the key, it is necessary to apply for a random number to the IC card. The next time the random number is invalid, it needs to be re-applied, and the data and the key are in the background, so frequent before Background interaction is inevitable. In order to ensure the integrity and consistency of the IC card processing, the design numbers all the processing steps, according to the atomic characteristics of the processing logic, one or several processing actions are numbered, and each number is processed first. After the processing is confirmed, if the confirmation is unsuccessful, the processing is not successful, that is, the pre-write technique is applied. If the processing fails, the next time the re-processing is performed, the processing will start from the last failure point, and it is not necessary to start from the beginning.
The software design of each part is introduced separately below:
First, the processing step number: (1) identity verification, save the original data in the card; card erasure, establish the primary partition, load the card master empty key; (2) establish a processing progress record; (3) establish an application partition; (4) load the application partition master key; (5) Create a partition application file; (6) load the partition application key; (7) load the application data in the original card. All numbered steps are atomic, logically considered to be either successful or unsuccessful, and if a step is not successful, the next step is strictly prohibited to ensure the order of the actions being processed, especially in In step (1), if the data save is not successful, the card erase operation is strictly prohibited. If the card is removed midway, or other reasons fail, the next step will be taken from the step progress indicator.
Second, steps (3)-(7) are repeated as many times as needed for a particular application, as shown in FIG. Each key, each time the data is written, and each time a file is created, the IC card is required to apply for a random number. In the background processing, the random number and other necessary data are required to calculate the check code. When the terminal operates the IC card, the IC card The check code is verified, so steps (3)-(7) require quite frequent interaction with the background. When processing the same application partition, the IC card has a strict order of operations. The partition must be created, the key file created, and the application partition master key must be loaded before the application key load can be processed (circulation, circle, consumption). , overdraft update and other keys), data file creation, application data writing, etc., in the layout steps, pay attention to the step number.
4 Conclusion
This paper proposes the design of the secondary IC card issuing system of the bank IC card using the pre-write technology. The software processing flow, data and key rewriting are given in detail, which solves the problem after the bank issues the IC card once. The development of applications and technologies has made it difficult for secondary card issuance. Moreover, this design has been implemented and put into operation in Shijiazhuang Commercial Bank, and has been highly recognized by the bank.
references
[1] Zhu Jianxin et al. Design and implementation of financial IC card security framework based on EMV standard, Microcomputer Information 2007
[2] Duan Bin et al. Design and Analysis of RF IC Card Financial Transaction Model, Computer Application 2004
[3] China Financial Integrated Circuit IC Card Specification People's Bank of China
[4] http:// EMV website
[5] Lin Baigang Network and Information Security Tutorial Machinery Industry Press 2005
Railway Screw Spike,High Strength Screw Spike,Railroad Screw Spike,Screw Spikes
Anyang Railway Equipment CO.,Ltd , https://www.ayrailway-at.com