Traditionally, non-contact IC cards have been positioned for fast payment applications, mainly based on 13.56MHz RF technology for short-range contactless read and write operations, and offline transactions based on in-card wallets, enabling safe and fast For trading applications, the typical trading time is about 250ms-300ms, which can meet the application requirements of large-capacity passenger flow in public transportation, especially rail transit. Therefore, it has been widely and maturely applied in the public transportation industry, especially in China. representative.
First, NFC payment application related background
Domestic cities are large in scale, with frequent population movements, and cities with a population of over 10 million people abound. Due to the relatively scattered living and working areas, urban residents have a huge demand for public transportation. Taking North Shangguang and Hong Kong as examples, the daily subway traffic has approached or exceeded 10 million passengers, and the number of public transport card issued has exceeded 40 million, and the daily transaction volume has exceeded 10 million. The total domestic card issuance exceeds 4 Billion Zhang, the overall application scale ranks first in the world. Because the public transportation card application has the characteristics of small amount, high frequency and wide use, it can become the fastest payment application with the largest application scale and the most mature application mode.
The financial industry is also promoting non-contact payment applications. China UnionPay's main push (QuickPass), VISA's main payWave, and MasterCard's main PayPass all use the same RF technology and similar technical standards. Taking China UnionPay as an example, more than 4 million flash payment terminals have been deployed in China, and more than 1 billion financial IC cards have been issued by member banks.
With the development of mobile communication technology, NFC mobile payment technology that integrates contactless IC card technology and mobile communication technology has become a hot spot in the market. In fact, NFC technology began to develop in 2005, Nokia, Samsung is the first to launch NFC mobile phone manufacturers. Due to the long chain of NFC mobile payment application industry, including NFC chip manufacturers, mobile phone manufacturers, mobile operators, payment institutions, etc., the interests of all parties are more complicated, and the technical standards and application modes are different, resulting in unsatisfactory practical applications. For example, the current NFC full terminal and NFC-SIM main modes are respectively led and promoted by payment institutions and mobile operators. The final result is a typical “ideal is full, reality is very skinnyâ€, and the proportion of mobile phones supporting NFC technology is insufficient. 10%, the application scale is smaller. Apple recently launched ApplePay, which opened up a new situation in NFC payment applications with its unique security and experience advantages.
With the popularity of mobile Internet and the rise of wearable products, external NFC payment products that are integrated with Bluetooth 4.0 (BLE) low-power communication technology through contactless IC card technology have gradually become a hot spot in the market. Since the Bluetooth BLE technology has been basically popularized and matured, it will not be restricted by the mobile terminal, and the external NFC payment product has a short industrial chain, flexible application mode, and low cost, and can directly become an upgrade and replacement of the existing contactless IC card. , with explosive conditions for large-scale applications.
Second, the security analysis of external NFC payment products
One of the biggest differences between NFC payment applications and existing contactless IC card payment applications is the difference between closed and open. The existing traditional IC card payment application is almost in a closed application environment, and the consumption is completed on a dedicated financial POS or bus toll terminal, and a dedicated ATM, self-service terminal or manual network is completed in the circle, and all devices are in a closed dedicated intranet or Inside the VPN network, it can ensure the environment, equipment and operation security; even if it can be operated through the Internet, it also uses a customized device and a dedicated protocol, which has a similar sealing effect. The NFC payment application is deployed on the user's mobile terminal and peripheral products, and the equipment, environment, and users are not restricted, and the security is greatly restricted and challenged.
As an independent product with NFC mobile phones, external NFC payment products are also positioned to implement NFC mobile payment applications. It is necessary to make a relatively simple comparative analysis.
The structure of the external NFC payment product is relatively simple, and it is quite different from the NFC mobile phone.
The NFC mobile phone is respectively connected to the SE and the NFC controller through the baseband controller, and the NFC controller is connected to the non-contact RF antenna (including the active or passive RF antenna component); the NFC mobile phone processor has the processing capability equivalent to the PC processor, and can Competent for a variety of complex business logic and security computing tasks; NFC mobile phones have mature, industrial-grade operating systems, with very complete access control and access rules, can be prevented from multiple layers such as OS layer, application layer, to ensure overall safety.
The external NFC payment product is directly connected to the 7816 interface of the IC card chip through the Bluetooth BLE chip or the additional MCU, and the IC card chip is connected with the non-contact RF antenna (including the active or passive RF antenna assembly); the wristband and the watch are adopted due to the product form. The main form is based on battery power supply. It has strict limits on the power consumption and volume of the product. The MCU has limited processing capacity, so it is difficult to implement more complex business logic and security computing tasks. Only the idea of ​​a dumb terminal can be adopted, that is, the product. The firmware does not include business logic. Remote control and local execution of instructions are achieved by transferring IC card commands and data between the remote system and the IC card chip. Unfortunately, if no security protection is applied to the operation and data of the IC card through the Bluetooth transparent transmission, the product firmware simply controls the access of the component, which will bring great security risks to the product and the system.
Some people may say that the IC card chip itself includes a security chip and COS. It has very high security and has a security certificate such as EAL5+. How is it unsafe? In fact, the problem lies in the operation access distance. The contactless payment (near-field payment) technology has a swipe operation distance of no more than 10 cm, which is not limited by the capabilities of the radio frequency technology, but is considered for transaction security. The 2.4G-based RCC (limited-area communication) contactless payment technology adopted in Shenzhen and other places, in order to prevent illegal manipulation and stealing of trading orders and data in the air, is to take the initiative to reduce the operating distance to less than 10cm. At this close distance, the user must directly participate in the transaction and be deemed to authorize the transaction, which is the origin of near-field payment.
The external NFC payment product is based on Bluetooth BLE technology to achieve wireless connection and operation command transmission, up to 100 meters, which is equivalent to expanding the operating distance of near-field payment by 1000 times. In fact, it is equivalent to remote payment. As we all know, IC card payment applications generally adopt the "strict entry and exit" mode (for reasons you understand), that is, the operation control of wallet recharge is relatively strict, using online transaction mode; while the operation control of wallet consumption is relatively loose, adopting offline means of transaction. This means that an attacker with a slight technical background can deduct the wallet balance of the user card and read the data in the card, including sensitive data such as the PAN number, after obtaining the access rights.
Third, the external NFC payment products security countermeasures recommendations
The author believes that due to the limited computing and processing capabilities of the external NFC payment products, it is difficult to maintain payment security by the product itself. It should be considered from the overall systemized thinking, and the remote system and the external NFC payment products should cooperate with each other. Take a safe channel between the two to ensure the secure transmission of IC card commands and data, prevent interception and tampering with orders and data, or initiate unauthorized transactions.
There are two main types of secure channel technology:
1.COS safe channel
By modifying the COS software inside the IC card, adding special custom instructions, and establishing a secure channel between the remote system and the IC card chip through customized instructions, the APDU commands and data related to the transaction are all in a ciphertext manner in the remote system through custom instructions. The transmission between the IC card chips can not be decoded or falsified even if the data is intercepted in the middle, thereby ensuring the security of the air transaction.
The COS secure channel mode is similar to the principle that the GP uses a secure channel to implement air card issuance. It requires a card to support JAVA, develops and tests COS applications, and develops and adjusts key systems, card issuance systems, and recharge systems. According to the author's understanding, China UnionPay Bluetooth card and wearable mobile payment solution adopts COS secure channel.
2. Terminal security channel
By changing the product design, an additional security chip with PKI or symmetric encryption and decryption algorithm is added to the hardware design of the product, and a secure channel between the remote system and the product firmware is established through an additional security chip, and all IC card APDU commands and data pass through the secure channel. It is transmitted between the remote system and the product firmware in cipher text. Even if the data is intercepted, it cannot be decoded or falsified, thus ensuring the security of the air transaction.
The terminal security channel mode is similar to the current principle that online banking uses a secure channel to implement online payment on a bank card. It is necessary to manage and distribute the security chip and to develop and adjust the recharge system.
Compared with the two secure channel modes, the COS secure channel is established at a lower level. The channel is located at the COS level of the IC card. The session key is not available inside the IC card chip. The security is very high, but it has a great impact on the system and involves multiple foundations. The modification and adjustment of the system has a large workload, and in principle, the card is required to adopt a JAVA card; the terminal security channel is established at a higher level, the channel is at the firmware level of the product, and the session key is located inside the security chip and cannot be exported, and the security is high. However, it has less impact on the system, supports the NaTIve card, does not need to adjust the card and COS, needs to establish an additional management system for establishing the security chip, and modify and adjust the recharge system with a small workload. The two secure channel technologies are also derived from the mature application technologies in the financial payment field, which can meet the requirements of establishing a secure channel and ensuring the security of airborne data transmission, and can be selected according to the actual system application.
With the recent introduction of the Internet+ concept, external NFC payment products are IC cards and products combined with the Internet and IC card industry. By adding mobile connection capabilities to IC cards, IC cards can no longer be directly connected to the system through terminals. Eliminating intermediate links and providing more efficient access methods will bring innovative applications to the financial and transportation industry. The author believes that IC card + has the opportunity to become a subversive replacement and upgrade of existing traditional IC cards. In the form of various wearable products, together with mobile phone NFC payment applications, it becomes the main layout of mobile near-field payment.
If further, the establishment of IC+-based cloud services, directly connected to all IC cards +, combined with air card opening and air recharge, air consumption services, will achieve the Internet + era of national transportation card mobile interconnection.
Hongkong Onice Limited , https://www.ousibangvape.com