>> RFID Technology News >> Smart Card Technology in Electronic Commerce
Smart Card Technology in Electronic Commerce
1. Typical e-commerce application of smart card technology
1.1 client authentication
Network so that people can easily break through the restrictions geographical, ethnic, etc. communicate with each other. People can engage and participate in online activities, including e-commerce. But at the same time engage in business activities in the online there are many problems, such as the "crisis of confidence." Therefore, how to confirm the identity of the participants in e-commerce transactions, has become the first problem to be solved.
Password authentication is currently the most commonly used for client authentication method adopted. Such as customer management systems, membership-based service system. The general approach is: first establish a user ID and password for the corresponding request authenticator database on the server side, where the user ID is unique in the database; then when the user initiates an authentication request to the client to submit ID and password; server by querying the database and compared with the received password, you can authenticate the client. Achieved in this way is very simple, but very low safety requirements apply only to the occasion, because it's more obvious shortcomings, mainly in:
(1) is not responsible for transmission security, passwords using plain transmitted easily be intercepted.
(2) the user put forward higher requirements, such as requiring passwords have a certain length, no rules to follow, easy to remember and so on, although some of these requirements are contradictory.
(3) can not be effectively prevented dictionary-based brute-force password guessing attacks or by analyzing the user background.
However, the use of smart cards in this way can be improved to increase the retention of certain security on the basis of practicality. Identity authentication via smart card USB interface, you can improve the safety and mobility systems.
USB smart card interface, also known as an electronic key, its small size, the shape is similar to the U disk, easy to carry user and provides a feature-rich application software support for storing important information. Therefore, passwords, credit card numbers or other security authentication information stored in the smart card USB interface. Its convenience and safety will be greatly improved. Meanwhile, USB smart card interface can also be e-mail encryption, digital signatures, security certificate applications, secure network logon and access SSL secure network operation, provide the user authentication and message encryption services.
1.2 Digital Certificates
Digital certificate is a series of data flag network user identity information used to identify the identity of the parties in the communication network communications. A digital certificate is an impartial third party by the authority of the central body, the CA issued. Digital certificate encryption technology as the core of the information transmitted on the network encryption and decryption, digital signature and signature verification, to ensure non-repudiation online transmission of information confidentiality, integrity and authenticity of trading entities and signature information nature, to protect the security of network applications.
Digital certificate using public key cryptography, which uses one pair of mutually matching keys for encryption and decryption. Each user has a personal possession of only the private key (private key), through which the decryption and signature; also has a public key (the public key), and can be open to the public, for encryption and signature verification . When sending a confidential document, the sender uses the recipient's public key to encrypt the data, and the receiver uses his private key to decrypt it. Thus, the information can reach the destination of a safe and correct manner, even if a third party intercepts, but because it has no corresponding private key can not be decrypted. To ensure the encryption process by means of a digital process is irreversible, i.e., only with the private key can decrypt. In the open secret of vanadium cryptosystems. Common one is the RSA system.
From the process of applying for a certificate can be seen. The private key is generated in the smart card, and not leave the smart card, which can ensure the private key is secure. Use smart cards to store digital certificates and private keys. You can get the following benefits:
(1) portable and mobile applications. Smart card chip embedded in a plastic card the size of a business card, easy to carry, can be used in the office, home or any computer in the world.
(2) The private key is absolutely secure. Encryption and decryption operations in the card is completed, the private key can not be read into the computer's memory. Hide malicious programs in the computer can be saved on the hard drive to steal the private key, they can not steal the private key stored on a smart card.
(3) automatically lock protection. Certificate and private key stored in the smart card access, and requires the user to input the correct PIN (Personal Identification Number). If you enter the wrong PIN (can be set, usually the default for 3 times), the smart card will automatically lock. This protection mechanism effectively prevents password guessing attacks.
(4) complete personal control. Smart cards are lightweight, can carry in your pocket, so that private keys are always under personal control, and thus safer.
1.3 Wallet
Wallet has many forms, but it can basically be divided into two categories: one is based on a smart card as an electronic wallet electronic cash payment system. It can be applied to a variety of uses, with information storage, electronic purse, security locks and other functions, safe and reliable. And can be electronic payments and consumer on the correct configuration of POS systems. The most typical representative of Mondex card; the other is an electronic wallet software, which is capable of storing monetary value and important information, you can put all kinds of electronic money, information and data on the electronic debit cards as well as electronic credit card input into the electronic wallet, and ready for online payments. But either take the form of the electronic wallet often requires a combination of smart card, can only be equipped with electronic money, i.e. smart cards, electronic cash, electronic coins, electronic credit card in the electronic currency, and network wallet.
Customers using the electronic wallet in the bank are normally accounts. Before using electronic wallet, customers want to provide electronic banking application for the registration of electronic wallet purse, wallet software and the use of electronic data input their various electronic money or electronic debit card on the inside, so that customers can use the electronic purse paid.
In the e-wallet shopping process was going through the credit card companies and commercial banks and other times for identification, bank authorization, a variety of financial and accounting data exchange dealings, etc., but these are in a very short period of time to complete. In fact, starting from customer input orders, the whole process of selling the store to get an electronic receipt issued until only 5 to 20 seconds. This electronic shopping very easy, effort, time, and for the customer, the whole shopping process from beginning to end are very safe and reliable. Because the customer's credit card information to others is invisible, so confidentiality is very good, very safe and reliable to use. In addition, thanks to e-commerce server security measures, it is sufficient to ensure that the customer must go shopping in the store is legitimate, and not a fake, thus ensuring customers can safely and securely purchase the goods. In short, this shopping process completely changed the traditional face to face transactions and crunching and other shopping, is a very effective and very safe and secure e-shopping process, is a fundamental difference with the traditional way of shopping, modern high-tech technical shopping.
2. Smart card technology in e-commerce applications in the problems and countermeasures
2.1 security risks
Security issues smart card technology in e-commerce applications that exist are mainly: ① information between the smart card and the interface device easily be stolen; ② flow between the smart card and the interface device information can be intercepted analysis, which can be copied or insert false signal; ③ analog smart card (or counterfeit smart cards); love interest ④ analog smart card interface devices, so that the interface device can not determine the legal or simulation of smart cards; ⑤ replace the smart card in the transaction; ⑥ use during the authorization process the smart card is legitimate, but before the transaction data is written to be replaced with another card. Therefore, the presence of the card transaction data write substitute problem; ⑦ modify the credit card balance update date control; ⑧ to enter the current date when the use of credit cards, the card determines whether it is for the first time that day, that is, whether the balance should be effective entry is updated to the highest authorization balance, control balance update if the modification date (date last used), and ahead of it, the day after the date of the input interface device will be mistaken for the first day of withdrawal, so will effectively balance updated to the highest authorization balance, so to use stolen cards advisable given the highest amount authorized, the danger lies (in the bank before the proposed new blacklist) can be repeated many times cheating; cheating ⑨ store employees; ① interface device data written to the card is incorrect, or an employee in private transaction will write two transactions.
2.2 Measures
For security protection, and can take the following measures: ① the legitimacy of the cardholder, the card and the device connected to each other VI test; ② After transferring important data encryption; ③ Set the security zone in the card and the interface device, in the safe zone contains a logic circuit or an external memory area unreadable for any irregularities detrimental to the operation. The card automatically disables further operations; ④ require the officer to clarify their respective responsibilities, and strict compliance; ⑤ Setting pay list (blacklist).
2.3 Prospects 3 smart card technology
Smart card technology as a modern society personalized IT, in addition to using traditional encryption algorithm and a variety of security measures to ensure the security of the card outside. More and more biometric technology will gradually be adopted, especially in those areas for sensitive data, such as financial, military, social security, public security and other departments. Simple, safe, and efficient information security certification will become the future trend of development.
* Oprfid.com is a professional RFID card and NFC tags manufacturer in China. We can provides many types of RFID cards, RFID tag and smart card with various frequency in different shapes. Any inquiry, please send email to info@oprfid.com, thanks!
|