Design of IC card and billing system

The "Gold Card Project" is one of the important contents of the "Three Gold Projects" and is the only way to move towards an information society. It is closely related to the construction of my country's financial electronics and modern payment systems. The use of IC cards as a payment method has entered thousands of households. However, they are often incompatible and inconvenient to use, which seriously hinders the implementation of the "Gold Card Project". “One card in hand, travel across the country” has become a reality in Europe and the United States. It is imperative for our country to “travel all over China with one card in hand”. This article introduces various types of IC cards and the design of a billing system.

IC card

IC card is the abbreviation of Integrated Circuit Card, which is an integrated circuit chip embedded in a plastic card. IC cards are the same size as magnetic cards. The chip is generally composed of non-volatile memory (ROM, EPROM, E2PROM), protection logic circuit, and even CPU (central processing unit), so it is also called a microcircuit card.

The following is a brief description of various IC cards;

Contact IC card

The so-called contact IC card is an IC card that communicates with the integrated circuit in the card and external interface equipment through shaped electrical contacts when in use. Such as common phone cards, SIM cards in mobile phones, etc. This type of IC card is the most commonly used and its size complies with international standards.

Contactless IC card

This kind of IC card communicates the data of the integrated circuit in the card with the external interface device through radio waves (such as radio frequency card) and electromagnetic induction. It avoids the trouble of swiping cards and is suitable for situations where it is inconvenient for the human body to come into contact with the interface device (such as parking lots, etc.).

Serial transmission IC card

Data is transmitted serially between the card's integrated circuit chip and the external interface device. The number of pins or electrodes of this kind of card is generally only 8 to 6. IC cards defined by the international standard ISO7816 belong to this type of card. Common transmission methods include asynchronous transmission and I2C bus. The above IC cards are all serial transmission types.

Parallel transmission IC card

Data transmission between the integrated circuit chip of the IC card and the external interface device is carried out in parallel. This kind of IC card has a larger number of electrodes, generally between 28 and 68. Can read/write information at high speed.

Memory Card

The main function of this card is as a data carrier. In fact, it is a kind of memory. The data is read randomly, and reading and writing are relatively casual. Data confidentiality is poor and easily tampered with. Such as the AT24CXX series produced by ATMEL.

Encrypted storage IC card (Memory Card With Security Logic)

It adds some encryption control logic to the storage IC card. Implement opening/closing control of the data area; read/write control of the data area; erasure control of the data area and verification and error counting of the entered password and complete lock functions, such as phone cards and SLE4442 of the German SIEMENS company; AT88SG1604 of ATMEL company, etc.

Smart IC card (also called CPU card)

Its internal structure includes ROM, RAM, E2PROM and CPU.

ROM: The operating system used to store smart cards. The program is written once at the time of manufacture by the manufacturer.

RAM: used to store intermediate data and result data during the operation.

E2PROM: This is the main memory of the IC card. It is used to store the personal information of the cardholder and the issuing unit, such as ID number, transaction time, transaction amount, transaction location, wallet file, public information, etc.

Compared with encrypted memory cards, CPU cards are active cards. It can not only manage various input/output data and verify the personal password (PIN) input from the interface device, but also actively identify the interface device connected to it according to the requirements of the application system. Therefore, smart IC cards can establish authorizations for multiple application systems, store relevant data of multiple application systems, achieve high reliability and high security control of access, and can perform complex information processing and calculations. It is equivalent to a "black box" operation with extremely strong confidentiality. It can create large-amount passbooks and small-amount wallets on the Internet, completely replacing cash for consumption and payment, and becoming a true electronic currency.

COS operating system

If you use a CPU card, it must be equipped with COS (Chip Operating System), which is a chip operating system. It is very similar to DOS for microcomputers. COS completely separates users (including developers) from data information. Avoid malicious tampering and attacks on data information.

Through COS, we can create files on the card, verify the legality of the cardholder's identity, and authenticate the legality of the card and the terminal. It can transfer information, deposit and withdraw cash, perform electronic signatures, and achieve non-repudiation of transactions in a very confidential manner. In short, all business activities are carried out.

Design of terminal hardware circuit

Card head The card head is a circuit design that considers the compatibility of memory cards, encrypted memory cards and CPU cards. The main indicators are to ensure good contact with the IC electrodes of the card and durability. (see picture 1)

Compared with the MCS-51 series microcontroller, the AVR microcontroller has fast working speed and powerful functions. The most important thing is to save power in the dormant state. Power consumption is a very important indicator of this system, because the end system must be powered by batteries.

The SAM module must use a SAM card or SAM module in the IC card application terminal. So that when the card and card terminal equipment exchange information, measures such as "digital signature" and two-way authentication can be implemented.

system software

Upper-layer software The upper-layer software is the software used by management agencies to manage cardholders' transactions. It can be written in VFP, VB, VC and other languages. The operating environment must be a 486 or above microcomputer equipped with Windows 95 and an IC card reader/writer. The configuration requirements for the microcomputer are not high. The upper-layer software mainly completes the following functions:

(1) PIN authentication: to prove that the cardholder is a legal cardholder. This is mainly done by verifying the cardholder's personal password.

(2) Operator password verification to prove that the user of the management software is a legitimate user and prevent the management system from being maliciously tampered with and illegally attacked.

(3) System modification password verification.

(4) Transaction management, including transaction person, transaction item, transaction amount, transaction date, time, digital signature, and non-repudiation of the transaction.

(5) Transaction retrieval and query.

(6) Online transactions. In order to prevent illegal transactions and ensure transaction security, the software must ensure that core data is isolated from operators.

The underlying software should include the main module, card identification and card reading/writing module, authentication module, transaction module, undervoltage protection and alarm module, and display module. The general process is shown in Figure 2.

Authentication module

In the IC card application system, in order to ensure transaction security, the following two types of authentication need to be completed between the IC card and the processing terminal (such as an IC card reader/writer):

PIN authentication is also called personal authentication. The cardholder proves that he is the legal owner of the IC card.

Node Authentication Node authentication completes two functions: first, the terminal needs to confirm that the IC card is legal and not counterfeit; second, the IC card needs to confirm that the terminal and its associated host system are legal and are the real card issuer or legal agent. square rather than fake.

In addition to the above two identifications, it is also necessary to consider that the channel between the IC card and the terminal is secure. That is, the confidentiality and integrity of message transmission can be guaranteed.

As far as authentication is concerned, it must be carried out first at the beginning of each transaction. After both are passed, formal transaction messages can be transmitted. PIN authentication requires a small keyboard installed in hardware with the host computer, and is usually performed on the host computer. Node identification must be performed not only on the host computer but also on the slave computer. Is the most important safe handling process.

Node authentication is actually a process of mutual authentication between the IC card and the terminal. Usually, the IC card proves to the terminal and its associated host that it is legal, which is called internal authentication; the card terminal and its associated host proves to the IC card that it is legal and unique, which is called external authentication.