Since the People's Bank of China promulgated the "China Financial Integrated Circuit (IC) Card Specification" V2.0 (hereinafter referred to as PBOC2.0) in 2005, China's banking industry has entered a new stage of development, with smart IC cards as carriers. New bank cards have gradually matured. In the past few years, the China Financial Certification Center has undertaken the construction and operation of the root key center (hereinafter referred to as the root key center) of the asymmetric financial system of China's financial IC card. Skin Packing Machine,Industrial Skin Packing Machine,Skin Vacuum Packing Machine,Skin Packaging Machine Hangzhou Xiaoshan Wanfeng Mechanical & Electrical Equipment Factory , https://www.wanfengmachinery.com
The significance of the construction of the root key center
1. Completing the construction of the root key center is a prerequisite for the issuing bank to initiate card issuance work.
The PBOC2.0 standard achieves the anti-copy and anti-tampering features of financial IC cards by adopting an asymmetric encryption algorithm, which can effectively solve the security problems faced by current magnetic stripe cards. The asymmetric key system in the PBOC 2.0 standard can be summarized as a two-level central and three-level key system. The entire key system consists of a root key center and a card-level key center. The root key center is the key root node of the PBOC2.0 standard financial IC card. It is the source of trust and is responsible for generating and managing the root key. Is a primary key), and issues the issuing bank public key certificate for the issuing bank level key center; the issuing bank level key center is used by the card issuing authority to generate and manage the issuing bank level key (can be understood as the secondary key) And issue the card public key certificate in all IC cards of the Bank. The third-level key refers to the root key (and the corresponding self-signed public key certificate), the issuer-level key (and the issuer-issued public key certificate issued by the root key), and the card key (and the card issuer issued by the issuer) Key certificate).
The first task of the root key center after it is put into use is to generate an asymmetric root key pair according to the financial IC card business rules, and then use the private key to digitally sign the important information to form a root CA public key file. The important information of the signature includes: a public key file corresponding to the private key, a service identifier, a valid expiration date, a key algorithm, etc., which is customarily referred to as a root CA public key file. The private key in the root key pair is critical. Once the compromise affects the security of the entire financial IC card system, it is properly stored in a secure physical environment with a strict management system to ensure its security; China According to the business rules, UnionPay issues the root CA public key file to each card issuing bank and the acquiring institution to verify the authenticity of the lower level issuing bank public key certificate.
The issuing bank must have a issuing bank key center when issuing the financial IC card. The issuing bank key center generates an asymmetric key pair according to the financial IC card business rule, and then submits the public key file and the important information of the issuing bank public key input file to the root key center; the root key center adopts the root key The medium private key signs the issuing bank public key input file to generate the issuing bank public key certificate. When the issuing bank makes the financial IC card of the bank, each card will generate a card key pair inside the card, and the card issuing key certificate will be issued one by one by the issuing card key pair private key, and the card certificate includes the card public key and Relevant important information. Both the issuing bank public key certificate and the card public key certificate will be written to the card.
It is not difficult to see from the asymmetric key system of the entire financial IC card that only the first to complete the construction of the root key center can enable the issuing bank to initiate the relevant work of issuing cards.
2. Completing the construction of the root key center is a necessary condition for transforming the acceptance environment.
The offline data authentication mode is adopted in the PBOC2.0 standard to complete the authentication of the IC card by the terminal. The offline data authentication specifically includes two methods: static data authentication and dynamic data authentication. Static data authentication is called SDA. In the static data authentication process, the terminal verifies the validity of the static data on the card. SDA can confirm that the application data of the card issuing bank on the card has not been illegally tampered with since the card was personalized. Dynamic Data Authentication is referred to as DDA. In the process of dynamic data authentication, the terminal verifies the static data on the card and the signature of the transaction-related information generated by the card. DDA can confirm that the application data of the card issuing bank on the card has not been illegally tampered since the card is personalized, and the DDA can also confirm the card. Authenticity, preventing illegal copying of cards. The DDA can be standard dynamic data authentication or composite dynamic data authentication/application ciphertext generation (CDA).
Whether it is static data authentication or dynamic data authentication, it is a relatively complicated operation process. Here, only the main process of static data authentication is introduced. The financial IC card performs static data authentication for offline transactions, and the terminal completes the process: the terminal reads the departure card certificate and signature data from the card, and restores the departure card public key using the CA public key PCA; the terminal uses the restored card issuer The key decrypts the card signature data; the terminal compares the decrypted result with the card static data, saves the comparison result, and returns the verification result to the card.
It can be seen that only the root key center is completed and the root key is generated, and the public key file of the root key can be loaded into the terminal device of the acquiring institution, so that the terminal device has the capability of authenticating the IC card.
Root key center construction principle
The construction of the root key center involves many important tasks, including the development of core application systems, the establishment of supporting management systems, the development of corresponding business rules, and so on. The financial IC card root CA system is the core application system in the asymmetric key management system of China's financial IC card, and it is also the most important part in the construction of the root key center. In the early stage of the project, the international experience for reference was found to be scarce. Although everyone is accustomed to calling the key center in the asymmetric key system of the financial IC card as CA, this CA is quite different from the standard PKICA. Therefore, the standard PKICA operation management method does not have much to learn from.
After detailed research and argumentation, combined with the specific situation of China's bank card industry, it is considered that the financial IC card root CA system has the following characteristics: First, the system load capacity will not be too large in a short time; Second, the system's scalability must be Very strong; third, the management of the system and the key must be perfect.
To this end, the following three principles should be grasped in the process of building a root key center.
1. Construct a system based on the principle of economy and efficiency.
First, the functions of the financial IC card root CA system have been clarified, namely, generating a root key, providing a issuing bank public key certificate service for the issuing bank, and managing the issuing bank registration information. In view of the current number of domestic banks and the types of bank card services, even considering the international application of China's financial IC cards in the future, the total number of certificates issued by the root CA system within 10 years will not exceed 10,000. Therefore, financial ICs The Kagan CA system does not need to be equipped with too many hardware devices and storage devices, as long as the requirements are met.
2. The system must be highly scalable.
The scalability of the financial IC card root CA system must be strong, which is a common skill that many application systems should have. System scalability is mainly reflected in three aspects: First, the extended function supports the new cryptographic algorithm. With the continuous development of cryptography, a new cryptographic algorithm that replaces the current cryptographic algorithm is likely to appear in the future, which requires the system to add functional modules at any time to support the new cryptographic algorithm. The second is to support extended key management. With the continuous development of financial IC cards, the system needs to increase the management function of the root key, which requires the system to supplement the function of managing the keys according to management needs. The third is to increase the template of the file. As the functions of financial IC cards continue to be diversified and complicated, it may be necessary to supplement or adjust the templates of important documents such as issuing public key certificates, which requires the system to have scalability in this respect.
3. The security of the root key center must be guaranteed.
The key management center generates and maintains the root key of the financial IC card asymmetric key system. Once the root key leakage result will be unimaginable, all the issuing bank's public key certificates must be reissued, and the certificates in all cards must also be re-issued. Reissued. Therefore, it is important to protect the security of the root key. This requires the financial IC card root CA system to have complete access control functions. The key operations for the key must be strictly controlled. For example, the key operations such as key generation, key backup, and key recovery must be performed after strict authorization and multiple people are present, and full-time recording is performed. In addition, the financial IC Kagan CA system must be placed in a high-security physical environment, at least three or more physical access controls, and the key access should be double-open. In addition, a professional and credible management team is essential.
Practice results of root key center construction
Based on the above three systems construction principles, we completed the construction of the financial IC card key management system at the end of 2005. The financial IC card root system is placed in an independent security zone in the operating room of the China Financial Certification Center. It is completely physically isolated from the outside world and meets the hardware security requirements of the National Cryptographic Authority. The China Financial Certification Center has also established a rights management mechanism and system operation management methods, and established a backup system to ensure data integrity and security.
The financial IC card root CA system has been in stable operation for more than four years. It has provided hundreds of services to more than 10 issuing banks and successfully issued more than 300 public key certificates for card issuing banks. The application of China's financial IC card is still in its infancy. With the continuous development of IC card technology, new payment methods based on IC cards are constantly presented to us. Non-contact financial IC cards and mobile payment are or have entered our lives, and how to ensure safe use has always been people. The focus of concern. We will continue to devote ourselves to the research and practice of the financial IC card security system to protect the application of China's financial IC cards.
October 08, 2019