With the development of financial electronics, financial IC cards will gradually replace magnetic stripe cards and become a settlement tool for people's daily consumption. IC card is more secure than magnetic stripe card, low transaction cost, easy to use and other advantages. IC card has the characteristics of good confidentiality, file management security, etc. It can adapt to the more complex business needs in the future and provide services for medical insurance, social security and other fields. The key management system for financial IC cards is the IC card management system that provides security for card issuers and cardholders. This article aims to explore the key management mechanism of financial IC cards.
First, the type of key
According to China's "Financial Integrated Circuit (IC) Card Specification", a total of three key management systems have been established nationwide. The PBC headquarters establishes a primary key management system. Each commercial bank head office and each central branch of the People's Bank establish a secondary key management system. The regional branch of the commercial bank establishes a three-level key management system, which is responsible for generating different levels of key management. System, maintenance of different levels of key management system.
According to different key levels, keys in key management systems can be divided into three categories: public keys, branch private keys, and management keys.
1. The public key refers to the national consumer master key generated by the head office of the People's Bank of China and the in-line public key generated by the head office of each commercial bank, and is safely stored in the parent card of each head office. The National Consumer Master Key is a public key generated and maintained by the head office of the People's Bank of China and is abbreviated as the GPK. The People's Bank of China uses its primary key management system to decentralize each secondary key management system for consumption/acquisition transactions of financial IC cards.
2. Branches of the branches and branches of commercial banks are generated and maintained by the branch, and are safely stored in the parent cards of the branches. Branches generate master keys for other transactions, including maintenance keys for some IC cards. In the financial IC card application, there are seven types of branch-specific common keys, which are used to store, circle, modify passwords, and maintain PINs. For example, the MLK master key, the master key MULK, and the modification The master key MUK, the signature master key MTK, the reinstallation PIN master key MRPK, the unlock PIN master key MPUK, and the application maintenance master key MAMK. Branches can also choose to generate master keys for other applications.
3. Management keys are classified into authentication keys and protection keys. The authentication key is used to externally authenticate the card. The factory key, wash key, and authentication key are keys of the card in different stages of the card key file. Generally referred to as an ADMK authentication key also includes a factory authentication key PRDK, a key card management master key, a branch key card authentication key, a PSAM card authentication key, and the like.
The protection key (transport key) is used to encrypt the master key, input it to the card or output it to another card. There are two kinds of protection keys: the human key and the export key. The user key is stored in the user key file under the application of the financial IC card standard, and the export key is stored in the export key file under the application of the financial IC card standard. All protection keys are encrypted and protected into the person's card using the outer authentication key. The protection key is also called the transmission key. The transmission key is passed to the next-level organization or security device. The next-level organization uses this key to derive the master key. The delivery key can be transmitted through the card or through the envelope. For example, the branch issues the key TK1.
Some keys in the third-level key system are generated and transmitted by primary and secondary key systems. In the transmission process must go through certain operations, this process is called the distribution of keys.
Second, the key distribution
The master key generated by the head office is the consumption/extraction master key, which is called the root key and the flag is G*K. The key generated and used by the branch is called the master key or the branch private key and the flag is M*K. The key that is used by the user card to distribute the master key is called the user card key, and the flag is D*K. The process key flag used during the user card transaction is S*K. The process from G*K to M*K and D*K is the process of key scatter.
1. Public key distribution
The head office distributes the consumption/acquisition root key (GPK) according to the characteristics of each commercial bank and the central bank branch area number of the People's Bank of China and distributes it to the second-level key agencies of the head offices of the secondary key agencies of the commercial banks. The secondary secret key agency distributes according to the characteristics of each commercial bank, and the branch consumption/presentation master key (MPK) decentralization process flag for generating a three-level key system is MPK=DIVERSIFY (GPK, IPI).
The one-person head office uses the GPK to decentralize according to the characteristics of each commercial bank.
The head office of the 2 people will decentralize the consumption/acquisition root key (GPK) according to the regional branch line of the central bank.
3 The secondary secret key agencies of the head offices of commercial banks are dispersed based on the regional branch numbers.
4 PBOC second-level key agencies are distributed according to the characteristics of each commercial bank.
2. Dispersion of user card keys
The consumer card's consumer/acquisition key (DPK) is generated from the branch's consumer/acquisition master key (MPK) according to the card application serial number (ASN), ie the other secret of the DPK=DI_VERSIFY (MPK, ASN) user card. The key DLK, DTK, DULK, DUK, DRPK, DPUK, and DAMK are distributed and generated with the corresponding branch private keys MLK, MTK, MULK, MUK, MRPK, MPUK, and MAMK.
The consumer/acquisition process key (SPK) is generated from the consumer/acquisition key in the user's card and is denoted as SPK=SESSION(DPK, DA_TA).
3. Key delivery
In different levels of key management systems, keys are carried by key cards. The key card guarantees the secure transfer of keys between the head office key management system, the head office and branches, branches and user cards.
The process of key transfer is the introduction and export of the key card key. The key file structure in the key card is shown in Figure 2.
The lead key is stored in the lead key file. The lead key is used to decrypt the secret key cipher text of the input person. The export key file stores the export key, and the export key is used to The output master key is encrypted. The importer key of the inbound person key file and the exporter key of the inbound export key file must be encrypted with the management key of the management key file.
The master key into the master key file must be encrypted with the referrer key. When the master key is exported, the card will use the export key to encrypt the master key. In order to ensure that the master key is correctly written, the cipher text needs to be attached with a signature segment, and the signature algorithm is based on the security message format defined in the financial IC card specification.
A counter is preset in the card to limit the number of times the master key is exported. At the same time the card is PIN protected.
Third, the key card generation
The key management system is used to generate various master keys and make various key cards. Based on the three-level key system, the following describes the key card generation and control.
1. Generate branch private key
The key generation system implements its algorithm by a key generation card. The master key generation card is equivalent to a key generator. The supervisor inputs the seed A and the seed B. The master key generation card generates some “higher intensityâ€. The master key of the branch as a branch-specific master key is not the same for master keys generated by different master key generator cards, and the master key generator card, seed A, and seed B should be kept separately.
When the key system generates a bank master key, each master key generates multiple versions and multiple indexes. The use period of the user card is 10 years. If the usage period of each version is 2 years, the key system generates five versions of the master key in the mother card A and the mother card B. The usage period of a version key is 2 years. Only one version of the key is issued in the mother card and user card, which is the key version in the current use cycle and is updated every 2 years.
The master key of the master control card is imported from the parent A of the branch and the parent B of the branch, and it contains all the keys of the branch. The master control card is used to generate other control cards of the system, which is mastered by the master controller, and the master key is controlled by the number of outputs.
2. Import the key into the secondary key mechanism
In the provided card issuing mother card, the consumer/acquisition root key MPK is merged to form a branch card issuing mother card, and the parent card issuing by the branch is issued by the secondary key management center and generally cannot be exported. Only one version of the other private key generated by the Bank can be injected into the card issuer by the master control card and the operator card. The card issuer uses the branch card issuing card and the branch issuing card control card to issue user cards.
The key of the user card is imported by the card issuing system, and the key is formed by the master key distributed on the card issuing mother card.
3. Generate PSAM Cards and HSAM Key Pass Cards
The master control card and the operator card together export the HSAM control card and the PSAM control card. The HSAM control card and PSAM control card are daughter cards of the master control card. The master controller holds the HSAM control card and imports the key into the encryption machine. The master key of the HSAM control card can only be exported once. The operator holds the PSAM control card and imports the MK of the branch into the PSAM card. The master of the PSAM control card The number of key export times is related to the number of PSAM cards.
There are multiple versions of the key in the encryptor and PSAM card so that it can perform transaction key validation for different versions of the user card.
Fourth, the replacement of the key
In the actual operation process, the security of the IC card key is quite important. In order to ensure the reliability of the key, the key of the issuing mother card is changed every two years. At the same time, the user card must be rolled out every two years. It is verified whether the key version of the user card is within a limited period.
In order to ensure the security of the bank's key, the verification of the password in the IC card transaction system is performed by an encryption machine. The password is stored in the encryption machine. If the key is leaked due to unexpected factors, the leaked transaction master key must be replaced. In order to ensure that the issued user card can continue to be used after replacing the transaction master key, the key management system adopts a method of multiple indexing of the transaction key. For each version of a key, there are actually many groups, which are distinguished by multiple index values. For a version of a user card, there are multiple indexes for each transaction key. Normally, the first indexed key is used, and the next index is enabled under different conditions (such as key leakage). This mechanism guarantees that in the event of an abnormal replacement of the key, the issued user card need not be retired, but only the key in the application system (including PSAM) needs to be updated to the new index.
V. Conclusion
Key management system is the core part of financial IC card management. As the head office of the People's Bank of China conducts pilot IC card work in Beijing, Shanghai, Changsha and other places, the three key system will gradually be established, and the security system of the IC card key will be further improved.
First, the type of key
According to China's "Financial Integrated Circuit (IC) Card Specification", a total of three key management systems have been established nationwide. The PBC headquarters establishes a primary key management system. Each commercial bank head office and each central branch of the People's Bank establish a secondary key management system. The regional branch of the commercial bank establishes a three-level key management system, which is responsible for generating different levels of key management. System, maintenance of different levels of key management system.
According to different key levels, keys in key management systems can be divided into three categories: public keys, branch private keys, and management keys.
1. The public key refers to the national consumer master key generated by the head office of the People's Bank of China and the in-line public key generated by the head office of each commercial bank, and is safely stored in the parent card of each head office. The National Consumer Master Key is a public key generated and maintained by the head office of the People's Bank of China and is abbreviated as the GPK. The People's Bank of China uses its primary key management system to decentralize each secondary key management system for consumption/acquisition transactions of financial IC cards.
2. Branches of the branches and branches of commercial banks are generated and maintained by the branch, and are safely stored in the parent cards of the branches. Branches generate master keys for other transactions, including maintenance keys for some IC cards. In the financial IC card application, there are seven types of branch-specific common keys, which are used to store, circle, modify passwords, and maintain PINs. For example, the MLK master key, the master key MULK, and the modification The master key MUK, the signature master key MTK, the reinstallation PIN master key MRPK, the unlock PIN master key MPUK, and the application maintenance master key MAMK. Branches can also choose to generate master keys for other applications.
3. Management keys are classified into authentication keys and protection keys. The authentication key is used to externally authenticate the card. The factory key, wash key, and authentication key are keys of the card in different stages of the card key file. Generally referred to as an ADMK authentication key also includes a factory authentication key PRDK, a key card management master key, a branch key card authentication key, a PSAM card authentication key, and the like.
The protection key (transport key) is used to encrypt the master key, input it to the card or output it to another card. There are two kinds of protection keys: the human key and the export key. The user key is stored in the user key file under the application of the financial IC card standard, and the export key is stored in the export key file under the application of the financial IC card standard. All protection keys are encrypted and protected into the person's card using the outer authentication key. The protection key is also called the transmission key. The transmission key is passed to the next-level organization or security device. The next-level organization uses this key to derive the master key. The delivery key can be transmitted through the card or through the envelope. For example, the branch issues the key TK1.
Some keys in the third-level key system are generated and transmitted by primary and secondary key systems. In the transmission process must go through certain operations, this process is called the distribution of keys.
Second, the key distribution
The master key generated by the head office is the consumption/extraction master key, which is called the root key and the flag is G*K. The key generated and used by the branch is called the master key or the branch private key and the flag is M*K. The key that is used by the user card to distribute the master key is called the user card key, and the flag is D*K. The process key flag used during the user card transaction is S*K. The process from G*K to M*K and D*K is the process of key scatter.
1. Public key distribution
The head office distributes the consumption/acquisition root key (GPK) according to the characteristics of each commercial bank and the central bank branch area number of the People's Bank of China and distributes it to the second-level key agencies of the head offices of the secondary key agencies of the commercial banks. The secondary secret key agency distributes according to the characteristics of each commercial bank, and the branch consumption/presentation master key (MPK) decentralization process flag for generating a three-level key system is MPK=DIVERSIFY (GPK, IPI).
The one-person head office uses the GPK to decentralize according to the characteristics of each commercial bank.
The head office of the 2 people will decentralize the consumption/acquisition root key (GPK) according to the regional branch line of the central bank.
3 The secondary secret key agencies of the head offices of commercial banks are dispersed based on the regional branch numbers.
4 PBOC second-level key agencies are distributed according to the characteristics of each commercial bank.
2. Dispersion of user card keys
The consumer card's consumer/acquisition key (DPK) is generated from the branch's consumer/acquisition master key (MPK) according to the card application serial number (ASN), ie the other secret of the DPK=DI_VERSIFY (MPK, ASN) user card. The key DLK, DTK, DULK, DUK, DRPK, DPUK, and DAMK are distributed and generated with the corresponding branch private keys MLK, MTK, MULK, MUK, MRPK, MPUK, and MAMK.
The consumer/acquisition process key (SPK) is generated from the consumer/acquisition key in the user's card and is denoted as SPK=SESSION(DPK, DA_TA).
3. Key delivery
In different levels of key management systems, keys are carried by key cards. The key card guarantees the secure transfer of keys between the head office key management system, the head office and branches, branches and user cards.
The process of key transfer is the introduction and export of the key card key. The key file structure in the key card is shown in Figure 2.
The lead key is stored in the lead key file. The lead key is used to decrypt the secret key cipher text of the input person. The export key file stores the export key, and the export key is used to The output master key is encrypted. The importer key of the inbound person key file and the exporter key of the inbound export key file must be encrypted with the management key of the management key file.
The master key into the master key file must be encrypted with the referrer key. When the master key is exported, the card will use the export key to encrypt the master key. In order to ensure that the master key is correctly written, the cipher text needs to be attached with a signature segment, and the signature algorithm is based on the security message format defined in the financial IC card specification.
A counter is preset in the card to limit the number of times the master key is exported. At the same time the card is PIN protected.
Third, the key card generation
The key management system is used to generate various master keys and make various key cards. Based on the three-level key system, the following describes the key card generation and control.
1. Generate branch private key
The key generation system implements its algorithm by a key generation card. The master key generation card is equivalent to a key generator. The supervisor inputs the seed A and the seed B. The master key generation card generates some “higher intensityâ€. The master key of the branch as a branch-specific master key is not the same for master keys generated by different master key generator cards, and the master key generator card, seed A, and seed B should be kept separately.
When the key system generates a bank master key, each master key generates multiple versions and multiple indexes. The use period of the user card is 10 years. If the usage period of each version is 2 years, the key system generates five versions of the master key in the mother card A and the mother card B. The usage period of a version key is 2 years. Only one version of the key is issued in the mother card and user card, which is the key version in the current use cycle and is updated every 2 years.
The master key of the master control card is imported from the parent A of the branch and the parent B of the branch, and it contains all the keys of the branch. The master control card is used to generate other control cards of the system, which is mastered by the master controller, and the master key is controlled by the number of outputs.
2. Import the key into the secondary key mechanism
In the provided card issuing mother card, the consumer/acquisition root key MPK is merged to form a branch card issuing mother card, and the parent card issuing by the branch is issued by the secondary key management center and generally cannot be exported. Only one version of the other private key generated by the Bank can be injected into the card issuer by the master control card and the operator card. The card issuer uses the branch card issuing card and the branch issuing card control card to issue user cards.
The key of the user card is imported by the card issuing system, and the key is formed by the master key distributed on the card issuing mother card.
3. Generate PSAM Cards and HSAM Key Pass Cards
The master control card and the operator card together export the HSAM control card and the PSAM control card. The HSAM control card and PSAM control card are daughter cards of the master control card. The master controller holds the HSAM control card and imports the key into the encryption machine. The master key of the HSAM control card can only be exported once. The operator holds the PSAM control card and imports the MK of the branch into the PSAM card. The master of the PSAM control card The number of key export times is related to the number of PSAM cards.
There are multiple versions of the key in the encryptor and PSAM card so that it can perform transaction key validation for different versions of the user card.
Fourth, the replacement of the key
In the actual operation process, the security of the IC card key is quite important. In order to ensure the reliability of the key, the key of the issuing mother card is changed every two years. At the same time, the user card must be rolled out every two years. It is verified whether the key version of the user card is within a limited period.
In order to ensure the security of the bank's key, the verification of the password in the IC card transaction system is performed by an encryption machine. The password is stored in the encryption machine. If the key is leaked due to unexpected factors, the leaked transaction master key must be replaced. In order to ensure that the issued user card can continue to be used after replacing the transaction master key, the key management system adopts a method of multiple indexing of the transaction key. For each version of a key, there are actually many groups, which are distinguished by multiple index values. For a version of a user card, there are multiple indexes for each transaction key. Normally, the first indexed key is used, and the next index is enabled under different conditions (such as key leakage). This mechanism guarantees that in the event of an abnormal replacement of the key, the issued user card need not be retired, but only the key in the application system (including PSAM) needs to be updated to the new index.
V. Conclusion
Key management system is the core part of financial IC card management. As the head office of the People's Bank of China conducts pilot IC card work in Beijing, Shanghai, Changsha and other places, the three key system will gradually be established, and the security system of the IC card key will be further improved.
Flooring Surface Protection,Non Woven Fleece,Absorbent Painter Cover,Custom Floorliner Surface Protection
Suzhou Surface Protective New Material Technology Co.,Ltd , https://www.surfaceprotective.com