Firstly, it analyzes and discusses the domestic and international development background of the IC card online value-added solution solution in the city. It is proposed that the IC card online bonus should be based on the security key of the Ministry of Housing and Urban-Rural Development Department's key system, and the importance of the Key System of the Ministry of Housing and Urban-Rural Development for IC Card Online Value Added Security Assurance is analyzed. The dissertation analyzes the key structure of the Ministry of Housing and Urban-Rural Development; proposes the system level and security fault-tolerance method of the IC card online value-added system, and summarizes the data processing flow for online recharging.
1 background proposed
China's urban card construction can be said to be in full swing, many second- and third-tier cities have already been or are planning to invest. The city's single card was evolved from the public transport card. The first time China used the bus card was in Hangzhou in 1993. It was in the form of a magnetic stripe card. Today, it has been 19 years. The original contactless IC card has also been used. Evolved into a more convenient non-contact IC card.
The first domestic IC card with social security card, public transportation card and bank card function was issued in Wujiang City, Suzhou. Wujiang Citizens can apply for social security, receive pensions, take bus, visit parks, and pay for water. Electricity, gas, and telephone charges can also be used for bank savings and other services. It is applicable to 12 major industries including government services, public utilities, and financial payments.
As of August 2011, according to the statistics of the IC Card Application Service Center of the Ministry of Housing and Urban-Rural Development, the total number of cities in China that have launched City Cards has reached 367, and the total number of cards issued has exceeded 180 million. Among them, Beijing, Shanghai and other large cities have experienced rapid growth in the issuance of cards, and both cities have issued over 30 million cards. At the same time, the field of application has been gradually expanded. From the beginning of public transportation card swipes, it has now extended to public utilities such as water supply, gas, rental, and landscape architecture, involving more than 40 areas. In addition, many cities in Shanghai, Tianjin, Guangzhou, Changsha, etc. have already applied public transport cards. It can be said that in some places, the public transport card has become an indispensable part of the citizens' lives.
2 Online Value Added Security Source - Key System
In the future, the Ministry of Housing Construction will provide reliable safety standards for all levels of urban construction projects throughout the country. The IC card key management system of the Ministry of Housing Construction will be developed to provide uniform standards for key management and the unified structure of IC cards to improve standards. The overall system security performance. The key management system adopts a secondary management mode and is divided into a departmental key management system and a city key management system.
2.1 ministerial key
The Key Management Center of the Ministry of Housing Construction is responsible for generating consumer keys used by various industries throughout the country, generating corresponding subkeys for each city management center, and transmitting them to each city in the form of a mother card.
(1) The ministerial level control card. Generated by the head of the Ministry of Housing Construction. Store construction business IC card application master control key.
(2) Ministerial Master Key Card. The department master control card and the corresponding business key code generate a department level business master key, such as a bus industry consumer master key, a TAC master key, an application maintenance master key, and the like.
(3) City Master Key Card. The district master keyfobs and district administrative numbers are used to generate city master keyfobs for each region. The city-level key management system is managed and operated by a city card issuing institution authorized by the IC Card Application Service Center of the Ministry of Housing and Construction and approved by the city administrative department.
2.2 City level keys
Each city will first be led by its supervisor to generate a city master control card. In combination with the city master key card issued by the Ministry of Housing Construction, a city key card is generated. The value key card, ESAM module, and user card key are generated and loaded by the city key master card.
(1) City General Control Card. Store the local master control key generated by the leaders of each city.
(2) City Master Key Card. The city application master key generated by the city master key card and the city master card is stored.
(3) Added value key card. Value-added authentication card, embedded in the user card reader. It is used for value-added authorization and certification of each value-added network in the city.
2.3 The importance of the key
In the “Urban One Card†system, the value-added service of the user card is an important part of the overall design of the system. On the one hand, the value-added key card should be used for value-added authorization authentication to ensure system security; on the other hand, The specific implementation form has two solutions: offline value-added and online online value-added. As an offline value-added method, although the initial input cost is low, there are various drawbacks and security risks. Lag-listing and blacklist lagging post-uploading, lagged uploading of value-added data resulting in unbalanced clearing, loss of offline value-added equipment, loss of value-added data, privilege control over value-added operations, and weak business monitoring capabilities. The emergence of the above situation. Will cause unnecessary losses to cardholders and card owners. With the gradual reduction of network connection costs and the further improvement of users' requirements for system security, online value-added methods have gradually become the preferred solution.
3 Online Value Added 3.1 Online Value Added Structure and Process
From a system design point of view, the online value-added system should adopt a “three-tier architectureâ€, namely a front-end front-end client system, a middleware application server system, and a back-end database system (Fig. 1). The front-end front-end client system is linked to the back-end database through the middleware. Conducive to system security, reliability, and scalability.
For front-end customer systems, in addition to self-built central service center outlets, online value-added services can also be established through existing outlets of supermarkets, post offices, and banks, etc., to solve the problem of a small number of value-added outlets. Inconvenient user bonus issues. Since the online value-added service data needs to be transmitted over the network, when the corresponding exception processing flow is prepared, it is necessary to fully consider the situation of the network failure so that the front-end client system data and the back-end database maintain data consistency.
When the front-end client system of the agent network site performs a value-added operation, the IC card reader/writer performs the value-added operation on the card, and determines whether it is the system card by verifying whether the key in the authentication card matches the value-added key card. After the front-end client system program sends the reader/writer read card instruction, the IC reader/writer sends the card information to the front-end client system. If you continue to add value, you need to confirm the amount of the bonus according to the system prompts. At this point, the value-added transaction begins, and the front-end client system sends a value-added request message to the middleware system. The middleware will firstly determine whether the request message is valid and valid according to the sequence, and then whether the card is legally authenticated. After the certification passes, the background trading process begins. The database records the value-added transaction data, deducts the credit line value of the network, and returns the value-added content to the reader through the front-end client system. According to the content sent back, the reader/writer uses the value-added key card to calculate the value-added key, and then adds the user card according to the value-added rules. After the successful addition, the front-end client system returns a success message to the background. The value-added transaction and background transaction process are ended.
3.2 fault-tolerant processing
If an anomaly occurs during the process of adding value, the front-end client system must enter the process of correcting. The process of correcting the flow is to correct the card first and then flush the background data to ensure data security.
In this way, the card center can authorize its value-added services by providing IC card readers to the agency outlets. And it can monitor the working conditions of each network point in real time, thus solving the problems such as the blacklist lag caused by the offline value-added system and the privilege control ability for the value-added operation is not strong.
3.3 Value Added Security Guarantee
In the system design, because the IC card currently used by the user is generally a logical encryption card, the card itself does not have a MAC authentication function, so when the card structure is planned and designed, it needs to comply with the specifications of the Ministry of Housing and Construction and implement the “one card, one secret, one "One area is dense," and the security authentication mechanism is encapsulated inside the front-end IC reader. When the front-end client system communicates with the middleware, the communication message is transmitted in ciphertext. DES algorithm encryption. The transmission key is formed by the One Card Center based on the principle of "one card, one secret, one area, one secret" and stored in a value-added key card. The front-end client system/IC reader/writer uses the transmission key to add and decrypt communication messages. To ensure the safety of data transmission.
4 Conclusion
In short, as a completely different scheme from the conventional one, the IC card online bonus opens the middleware and the reader's communication interface to the front-end client system by encapsulating the business logic. The goal of ensuring system security has been achieved. By formulating the corrective process, the problem of data consistency of the system can be solved, and the online value-added solution can be further improved, which can promote the further development of the city card system.
As a completely different way from the traditional value-added thinking. To demonstrate the rationality and security of the "IC card online bonus", the best way is to use this method to add value to the customer's IC card and verify that it is feasible. This method has been piloted in cities such as Lanzhou and Fuzhou, and has achieved good results. The solution for the online value-added card of the IC card in the city demonstrated by this article is feasible and improves the safety of the city's one-card bonus.
Source : "Urban Public Transport" Tongji University Zhang Libin
1 background proposed
China's urban card construction can be said to be in full swing, many second- and third-tier cities have already been or are planning to invest. The city's single card was evolved from the public transport card. The first time China used the bus card was in Hangzhou in 1993. It was in the form of a magnetic stripe card. Today, it has been 19 years. The original contactless IC card has also been used. Evolved into a more convenient non-contact IC card.
The first domestic IC card with social security card, public transportation card and bank card function was issued in Wujiang City, Suzhou. Wujiang Citizens can apply for social security, receive pensions, take bus, visit parks, and pay for water. Electricity, gas, and telephone charges can also be used for bank savings and other services. It is applicable to 12 major industries including government services, public utilities, and financial payments.
As of August 2011, according to the statistics of the IC Card Application Service Center of the Ministry of Housing and Urban-Rural Development, the total number of cities in China that have launched City Cards has reached 367, and the total number of cards issued has exceeded 180 million. Among them, Beijing, Shanghai and other large cities have experienced rapid growth in the issuance of cards, and both cities have issued over 30 million cards. At the same time, the field of application has been gradually expanded. From the beginning of public transportation card swipes, it has now extended to public utilities such as water supply, gas, rental, and landscape architecture, involving more than 40 areas. In addition, many cities in Shanghai, Tianjin, Guangzhou, Changsha, etc. have already applied public transport cards. It can be said that in some places, the public transport card has become an indispensable part of the citizens' lives.
2 Online Value Added Security Source - Key System
In the future, the Ministry of Housing Construction will provide reliable safety standards for all levels of urban construction projects throughout the country. The IC card key management system of the Ministry of Housing Construction will be developed to provide uniform standards for key management and the unified structure of IC cards to improve standards. The overall system security performance. The key management system adopts a secondary management mode and is divided into a departmental key management system and a city key management system.
2.1 ministerial key
The Key Management Center of the Ministry of Housing Construction is responsible for generating consumer keys used by various industries throughout the country, generating corresponding subkeys for each city management center, and transmitting them to each city in the form of a mother card.
(1) The ministerial level control card. Generated by the head of the Ministry of Housing Construction. Store construction business IC card application master control key.
(2) Ministerial Master Key Card. The department master control card and the corresponding business key code generate a department level business master key, such as a bus industry consumer master key, a TAC master key, an application maintenance master key, and the like.
(3) City Master Key Card. The district master keyfobs and district administrative numbers are used to generate city master keyfobs for each region. The city-level key management system is managed and operated by a city card issuing institution authorized by the IC Card Application Service Center of the Ministry of Housing and Construction and approved by the city administrative department.
2.2 City level keys
Each city will first be led by its supervisor to generate a city master control card. In combination with the city master key card issued by the Ministry of Housing Construction, a city key card is generated. The value key card, ESAM module, and user card key are generated and loaded by the city key master card.
(1) City General Control Card. Store the local master control key generated by the leaders of each city.
(2) City Master Key Card. The city application master key generated by the city master key card and the city master card is stored.
(3) Added value key card. Value-added authentication card, embedded in the user card reader. It is used for value-added authorization and certification of each value-added network in the city.
2.3 The importance of the key
In the “Urban One Card†system, the value-added service of the user card is an important part of the overall design of the system. On the one hand, the value-added key card should be used for value-added authorization authentication to ensure system security; on the other hand, The specific implementation form has two solutions: offline value-added and online online value-added. As an offline value-added method, although the initial input cost is low, there are various drawbacks and security risks. Lag-listing and blacklist lagging post-uploading, lagged uploading of value-added data resulting in unbalanced clearing, loss of offline value-added equipment, loss of value-added data, privilege control over value-added operations, and weak business monitoring capabilities. The emergence of the above situation. Will cause unnecessary losses to cardholders and card owners. With the gradual reduction of network connection costs and the further improvement of users' requirements for system security, online value-added methods have gradually become the preferred solution.
3 Online Value Added 3.1 Online Value Added Structure and Process
From a system design point of view, the online value-added system should adopt a “three-tier architectureâ€, namely a front-end front-end client system, a middleware application server system, and a back-end database system (Fig. 1). The front-end front-end client system is linked to the back-end database through the middleware. Conducive to system security, reliability, and scalability.
For front-end customer systems, in addition to self-built central service center outlets, online value-added services can also be established through existing outlets of supermarkets, post offices, and banks, etc., to solve the problem of a small number of value-added outlets. Inconvenient user bonus issues. Since the online value-added service data needs to be transmitted over the network, when the corresponding exception processing flow is prepared, it is necessary to fully consider the situation of the network failure so that the front-end client system data and the back-end database maintain data consistency.
When the front-end client system of the agent network site performs a value-added operation, the IC card reader/writer performs the value-added operation on the card, and determines whether it is the system card by verifying whether the key in the authentication card matches the value-added key card. After the front-end client system program sends the reader/writer read card instruction, the IC reader/writer sends the card information to the front-end client system. If you continue to add value, you need to confirm the amount of the bonus according to the system prompts. At this point, the value-added transaction begins, and the front-end client system sends a value-added request message to the middleware system. The middleware will firstly determine whether the request message is valid and valid according to the sequence, and then whether the card is legally authenticated. After the certification passes, the background trading process begins. The database records the value-added transaction data, deducts the credit line value of the network, and returns the value-added content to the reader through the front-end client system. According to the content sent back, the reader/writer uses the value-added key card to calculate the value-added key, and then adds the user card according to the value-added rules. After the successful addition, the front-end client system returns a success message to the background. The value-added transaction and background transaction process are ended.
3.2 fault-tolerant processing
If an anomaly occurs during the process of adding value, the front-end client system must enter the process of correcting. The process of correcting the flow is to correct the card first and then flush the background data to ensure data security.
In this way, the card center can authorize its value-added services by providing IC card readers to the agency outlets. And it can monitor the working conditions of each network point in real time, thus solving the problems such as the blacklist lag caused by the offline value-added system and the privilege control ability for the value-added operation is not strong.
3.3 Value Added Security Guarantee
In the system design, because the IC card currently used by the user is generally a logical encryption card, the card itself does not have a MAC authentication function, so when the card structure is planned and designed, it needs to comply with the specifications of the Ministry of Housing and Construction and implement the “one card, one secret, one "One area is dense," and the security authentication mechanism is encapsulated inside the front-end IC reader. When the front-end client system communicates with the middleware, the communication message is transmitted in ciphertext. DES algorithm encryption. The transmission key is formed by the One Card Center based on the principle of "one card, one secret, one area, one secret" and stored in a value-added key card. The front-end client system/IC reader/writer uses the transmission key to add and decrypt communication messages. To ensure the safety of data transmission.
4 Conclusion
In short, as a completely different scheme from the conventional one, the IC card online bonus opens the middleware and the reader's communication interface to the front-end client system by encapsulating the business logic. The goal of ensuring system security has been achieved. By formulating the corrective process, the problem of data consistency of the system can be solved, and the online value-added solution can be further improved, which can promote the further development of the city card system.
As a completely different way from the traditional value-added thinking. To demonstrate the rationality and security of the "IC card online bonus", the best way is to use this method to add value to the customer's IC card and verify that it is feasible. This method has been piloted in cities such as Lanzhou and Fuzhou, and has achieved good results. The solution for the online value-added card of the IC card in the city demonstrated by this article is feasible and improves the safety of the city's one-card bonus.
Source : "Urban Public Transport" Tongji University Zhang Libin
Anti Sticking Softener,Anti Sticking Softening Agent,Softening Agent Special for Printing
Reactive Dye Printing Thickener Co., Ltd. , http://www.nsdispersant.com