First, the composition of the intelligent IC card network data security system
Safety is the most important point of outdoor swing and hanging chair, During the process of design, Sevenze`s swing sets has fully considered the perfect match of function and safety, selected elaborately and checked strictly each accessory. Our swing beds have experienced many physical tests to guarantee the safety, with easy assembly, fashionable outward and comfort use.
Swing Chair,Outdoor Swing,Metal Swing Sets,Rocking Chair SEVENZE INDUSTRAL CO.,LIMITED , http://www.sevenze.com
A smart IC card is an integrated circuit card with internal storage and processing capabilities. The card itself can modify or build data in response to an external stimulus. It consists of a microprocessor (MCU), read only memory (ROM), random access memory (RAM), electrically erasable programmable memory (EEPROM), secure logic, and input and output units.
The smart IC card is actually a single-chip microcomputer with high security features. Its operating system is called COS. Its main functions are:
1. User Information Management: Manage and process user-specified files in EEPROM. The management of the file system includes creating files, selecting files, writing files, reading files, and modifying files. 2. Data security protection: The reading and writing of files in the file system are protected by predefined access attributes. Unauthorized file read and write operations cannot be performed. Security measures for files include system authentication, PIN authentication, and data encryption and decryption.
3. Communication management between the card and the card reader: The information received/sent by the card to the card reader has a secure anti-theft and anti-destructive capability.
The intelligent IC card network data security and security system is an integrated system integrating intelligent IC card technology, data encryption technology, digital signature technology and computer network technology. It makes full use of the security features of smart IC cards, and has designed a variety of security protection measures to provide the most stringent protection of network data in the application system.
The intelligent IC card network data security system consists of a computer network database (application system), a card reader, a key fob, an operation card, and a card operation interface.
1, computer network database
The computer network database is the object of the entire system protection. The network uses a C/S structure. Special data inventory is placed in the database server in the network center, and workstations distributed in various places can request data query, statistics, change and processing services from the server. While requesting the service, the operator must use a smart IC card (defined as an operation card) with personal information and access rights, and the server can provide the corresponding service after being authenticated by the operator.
2, card reader
The smart IC card reader is a device that reads and writes the IC card. Its basic function is to complete the reading and writing operations and data processing of the card. It can be a stand-alone device, connected to a computer via an interface, or embedded as a component in a computer system. It can independently implement functions such as reading, writing, display, data processing, etc., and can also perform operations on the card in conjunction with a computer or other system. By loading the card reader operation command into the application system program, the host computer can perform operation control on the card reader and the IC card.
The card reader designed by the system has a security management module implemented by a pluggable smart IC card. This card is defined as a key fob because the key of the system is stored in the key fob. The characteristic of this design is that the security function of the card reader is realized by the key card; the key card is protected to protect the card reader; the card reader can only work if the key card is inserted.
Other components of the card reader include a card holder, a communication interface, a display unit, and buttons and controls. The completed tasks mainly include card authentication, reading and writing, information processing storage, control and communication.
3, the key card
The key fob is a security component that is inserted into the reader in this system. Its first function is to protect the card reader. It is a component of the card reader. If the card is not inserted, the card cannot operate. The second function is the operation. The card performs legality authentication; the third function is to record the operation and use information of the operation card.
The public files in the key fob include:
STCF (Safety Test Control File) A security protection file describing the operation of this system.
ATR (Reset Answer File) Describes the card and external communication, and indicates the type of the card SKF (Key File) Stores the key file RSK (random number file) Stores the random number seed file
4, the operation card
The operation card holds a variety of basic information about the cardholder. In addition to the same files as the public key files, the card has the following files:
The basic information file stores the basic information of the cardholder. When the card is issued, the cardholder information is recorded on the card. This information includes name, work unit, card number, card number, expiration date, operating authority and password.
Operation log file: The operation of the record card.
Permission Control File: Saves the cardholder's access to data or programs. Operation rights include central pass card, sub-central pass card and site card security control file: save the card's security data and define the card's security attributes
5, the application interface
The system enables connection to a protected application system by providing limited card operation commands. These commands include selecting files, reading cards, writing cards, changing records, changing passwords, and encrypting/decrypting.
Second, the security mechanism of the intelligent IC card network data security system
1. Security features of smart IC cards
Smart IC cards have the strictest security measures. Its security is reflected throughout the life cycle from production to destruction.
Safety in production: The card chip is produced in a very tight environment, ensuring that the technology and process related to the chip chip are not leaked during production.
Security in transmission: The card is transported from the manufacturer to the seller or developer, and finally to the user, and the card's transmission key is used throughout the transportation process to protect it. The card also uses the same protection during storage.
Security in the release: the key of the issuer, the characterization, and the cardholder's basic information and personal identification number (PIN) are written at the time of card issuance.
In-use security: The card must be internally and externally authenticated during use to ensure that both the card and the card reader are legal; PIN authentication is also required to ensure the cardholder's legitimacy.
Security in Destruction: Smart IC cards can be issued and used multiple times. If it is determined that a card is no longer used, it must be destroyed in a safe environment to prevent the outflow from being illegally used.
2, system security protection
System certification:
When the application system starts, the system issues a reset operation instruction to the card reader, and the key card is powered on by the card reader, and the key card returns a 10-byte number in an ART (answer to reset) manner. These bytes are generated when the key card is initialized. There are 3 bit flags. Different letters are written according to the type of the key card. The system will judge according to the received data to determine whether the key card is inserted correctly. The location is legal. After the operation card is inserted, the operation of the card reader is mainly performed by the key card. In this process, the key card first judges whether or not the operation card is inserted, and then judges whether the flag of the operation card is correct, and finally determines whether the type of the operation card is correct. System certification ensures that the operating and key fobs used are legal and used correctly.
C/R certification:
C/R certification is the card reader's authentication of the operation card. After confirming that the operation card has been correctly inserted into the card reader, C/R authentication is performed. It is a process of checking the legitimacy of the card. The system first issues a random number command to the key card, and obtains a random number from it, and these random numbers are encrypted in the key card using the DES algorithm. After the system obtains the random number, it sends it to the operation card for encryption, and also uses the DES algorithm. Then the system sends the encrypted random number back to the key card and compares it with the encrypted random number in the key card. The same, it proves that the operation card is legal, and the key card matches the user card. On the contrary, it means that the operation card is illegal. C/R certification can further ensure the legality of the operation card, refuse the invasion of the illegal operation card, and ensure the security of the system.
PIN certification:
After the C/R certification is passed, there is no doubt about the legality of the operation card. The next step is PIN authentication. First, the cardholder enters the password from the card reader, and then the card determines whether the entered password is the same as the password when registering itself. If they are consistent, the user of the card is a legal cardholder; otherwise, the cardholder is determined to be illegal, the card is refused further operation, and a prompt is given to lock the application system, so that the operator cannot operate the application system, thereby Protects the security of the application system.
Both the operation card and the key card require PIN authentication. Each time you turn the phone on, use the key fob for administrator PIN authentication; each time you use the operation card, only the operator PIN authentication is performed.
data encryption:
Since the data of the application system to be protected has security and confidentiality requirements, especially when data is transmitted on the network, if the data is not encrypted, it is easily intercepted by a third party, which may result in data leakage or illegal tampering. Therefore, the data transmitted on the network must be encrypted. The encryption algorithm used in this system is DES. The keys are stored in a card reader key card file that is connected to each site and server.
Support for digital signature technology:
This system supports digital signature technology. Because digital signatures have unforgeable and undeniable characteristics, digital signature technology can be used for data transmission when the application system performs data transmission, which greatly improves the security and anti-attack capability of the system.
Digital signature technology uses the RSA algorithm. The system has a key file on the operation card, saves the cardholder's private key, the server's public key, and establishes a database for storing the operator's public key on the server for digital signature.
Intelligent IC card network data security system