Along with the upgrade of the bank IC card industry, the number of non-contact financial IC cards will gradually increase, and the acceptance environment will be greatly improved. The offline consumer transaction volume of financial IC cards will increase greatly in the future. How to realize the application of financial IC cards in the urban rail transit field is a common concern of all card-issuing banks and rail transit companies. In March 2005, the People's Bank of China officially issued the "China Financial Integrated Circuit (IC) Card Specification" (the industry referred to as "PBOC2.0"). The specification complements e-wallet and passbook applications and adds borrowing or crediting applications that are compatible with EMV (Europay, MasterCard, Visa) standards, adding non-contact IC card physical characteristics standards and e-wallet extension application guide, borrowing or credit application personalization guide, etc. [1]. On this basis, in order to expand the industrial application of financial IC cards, in February 2011, China UnionPay developed the "Expansion Application Specification Based on Contactless Micropayments". The specification establishes a composite consumer transaction process, clarifies the individualization requirements of composite applications, and provides the possibility for the application of financial IC cards in urban rail transit. In the initial stage of the construction of the financial IC card application system, the issuing bank and the acquiring bank may be the same bank. At this time, all the liquidation can be completed by the issuing bank, and the offline transaction documents and clearing do not need to pass the UnionPay; but with the acceptance of the issuing bank The gradual increase will eventually require liquidation by UnionPay. The files of the industry application information are placed in the same application, which avoids spending more time due to application switching. In the case of card capacity license, multiple industry application information files can be created on one card to achieve cross-industry and cross-regional use of the same card.
HDPE or LDPE Plastic Shopping Bags are our most versatile and economical approach to your Packing needs. They can help customers to be able to pack and carry their items with ease. These high quality poly bags provide outstanding strength and are light weight, making them an excellent choice for packaging during shopping.
Plastic Shopping Bags D Cutting Shopping Bag,D Cutting T-Shirt Plastic Bag,D Cutting HDPE Plastic Shopping Bag BILLION PLASTIC MANUFACTURING CO.,LTD, JIANGMEN , https://www.billion-plastics.com
According to the plan of the People's Bank of China, all domestic banks will stop the issuance of magnetic stripe cards, and all new cards will be smart IC cards. Therefore, the industrial upgrading from the magnetic stripe card to the PBOC2.0 standard smart card has become the trend of the times. The new financial IC card will gradually enter all walks of life with its convenient small offline payment advantage. As a concentrated micropayment field, urban rail transit will be a key industry for all financial IC cards. Realizing the application of financial IC cards in urban rail transit can not only facilitate passengers to travel by car, but also reduce the card issuing cost of urban rail transit companies, avoid waste of resources, and have good economic and social benefits.
1 Financial IC card overall application architecture
In order to realize the application of financial IC cards in urban rail transit, it is necessary to cooperate with AFC (automatic ticket-checking) system, clearing center, and financial IC card issuing bank, acquiring bank and even UnionPay. The general overall architecture of the financial IC card application system is shown in Figure 1. .jpg)
From the perspective of liquidation, urban rail transit as a merchant, through the clearing center and the acquiring bank access to the UnionPay clearing system, the UnionPay completes the fund clearing with the issuing bank and the acquiring bank; after the completion of the UnionPay clearing, the acquiring bank and the clearing The sub-center completes the liquidation, and the clearing between the various lines of urban rail transit is completed by the clearing center. The acquiring bank is specifically connected to China UnionPay or local UnionPay, depending on the access situation of the acquiring bank.
Taking the construction of Ningbo Rail Transit AFC and ACC (Clear Settlement Center) as an example, according to the planning and design, Ningbo Rail Transit opened and operated to accept the financial IC card of Ningbo Citizen Card. The card uses the TYPE A CPU card, and the issuing bank that issued the card for the first time is China Construction Bank and Zhangzhou Bank. According to the overall structure of the system, Ningbo Citizen Card Company completed the docking with Ningbo Rail Transit Clearing Center as the acquiring bank. The offline consumption documents were received by Ningbo Citizen Card Company and transferred to Ningbo UnionPay. Ningbo UnionPay passed the China UnionPay forwarding card line and issued the card. The bank finally completed the transaction legality verification of the offline consumption documents. China UnionPay completed the liquidation with the banks, and Ningbo Citizen Card Company completed the liquidation with Ningbo Rail Transit.
2 Financial IC card application analysis
2.1 Major transactions
2.1.1 pit stop
According to the non-contact financial IC card micro-payment extension application specification formulated by China UnionPay, when the cardholder uses the non-contact financial IC card to enter the urban rail transit gate (check-in machine), the gate will be processed as follows:
(1) The gate reader first selects and activates the card, and selects whether the card supports the composite consumer transaction through the AID (application identifier).
(2) The gate reader reads the command to query the composite application to determine whether the card supports the urban rail transit charging application. If supported, the specific composite application specific data is read and processed according to the data. If the processing result is that the inbound transaction is not allowed, the cardholder is prompted; if the processing result allows the inbound transaction, the gate reader Conduct a composite application consumer transaction where the transaction amount is zero.
(3) The gate reader reads the fields of transaction flag, pit stop time, line code, station code, stop gate code, etc., and the card caches the CAPP (composite application) record content to be updated.
(4) The gate reader reads the transaction-related records according to the contents recorded by the AFL (Application File Locator), and the card completes the actual CAPP data update after returning the last record.
(5) The gate reader performs dynamic data authentication on the card according to the data returned by the card during the transaction.
(6) If the card passes the authentication, the gate reader generates the inbound transaction message transmission gate, the gate generates the transaction flow, and allows the cardholder to enter the station.
2.1.2 Outbound
When the cardholder uses the non-contact financial IC card to exit the urban rail transit gate, the gate will be treated as follows:
(1) The gate reader first selects and activates the card, and selects whether the card supports the composite consumer transaction based on the contactless micropayment through the AID selection.
(2) The gate reader reads the command to query the composite application to determine whether the card supports the urban rail transit charging application. If supported, the city rail transit charge composite application special data is read, and the fare amount is obtained from the fare table according to the entry and exit station code; if the processing result is that the outbound transaction is not allowed, the cardholder is prompted.
(3) The gate reader reads the special data of the urban rail transit charging composite application, fills in the outbound trading time, the outbound trading line code, the outbound trading station code, the outbound trading gate code, the transaction amount, the reserved city code, The operating enterprise code, the record format version number, the inbound transaction time code, the inbound transaction line code, the inbound transaction site code, the inbound transaction gate code, and other fields record the original value; the card caches the CAPP record content to be updated, wherein the transaction amount For the fare amount.
(4) The gate reader reads the transaction-related records according to the contents recorded by the AFL, and the card completes the actual CAPP data update after returning the last record.
(5) The gate reader performs dynamic data authentication on the card according to the data returned by the card during the transaction.
(6) If the card passes the authentication, the gate reader generates an outbound transaction message transmission gate, the gate generates a transaction flow, and allows the cardholder to exit the station.
2.1.3 Trading Updates
When the IC card cannot be used normally due to confusion in the logic of entering and leaving the station, the transaction should be updated. Transaction updates are divided into inbound updates, outbound updates, timeout overtravel updates, and more. The rules for transaction updates are set by the operator. When receiving the command, the IC card reader/writer in the transaction state first deducts the IC card according to the amount in the rule and the command parameter, and then changes the corresponding entry and exit station identifier on the IC card according to the update type determined by the command parameter, so that The IC card can enter or exit the station normally. The specific read/write card process is the same as the inbound and outbound transaction.
The IC card transaction update is done on the BOM (semi-automatic ticket vending machine).
2.1.4 IC card recharge (circle storage)
Technically, the system can implement online recharge (circle) transactions on the financial IC card on the BOM. The transaction is preferably unified access and forwarding by the clearing center, and the station and line center only transmit messages at the network layer. The clearing center shall deploy the issuer's top-up certification front-end, and the front-end shall directly communicate with the issuer, and the BOM will complete the write-on action after receiving the issuer's top-up message.
From the perspective of transaction success rate and security, it is generally not recommended to recharge financial IC cards on the BOM.
2.2 Offline consumption file transfer
(1) File generation. The urban rail transit gates are packaged according to the AFC line network specification to generate offline consumption documents according to the information of the incoming and outgoing station messages sent by the card reader; the box office ticket vending machine is packaged according to the AFC line network specification according to the updated message information sent by the card reader. Consume files offline.
(2) File transfer. Offline consumption file transfer is completed according to the following process: gate or BOM → station computer → line central computer → clearing center → acquiring line → UnionPay → issuing bank. If it is an in-row receipt, you do not need to pass UnionPay.
(3) Transaction verification. After the card issuing bank receives the offline consumption file, it performs transaction certificate verification for each transaction, and the transaction that fails the verification needs to find the reason and make manual adjustment.
2.3 Trading Clearance
After receiving the offline consumption documents, the urban rail transit clearing center unpacks and records the transaction records according to the AFC line network specification, and completes the transaction clearing of the inbound records through the clearing application system. Financial IC card transactions are the same as one-way tickets and city pass cards, and the same clearing rules apply.
2.4 Fund clearing
The liquidation of funds between the acquiring bank, the issuing bank and the UnionPay is carried out according to the UnionPay clearing method. The urban rail transit company completes the fund clearing of the financial IC card transaction through the clearing center and the acquiring bank, and the secondary clearing of each income party of the urban rail transit road network The clearing center is completed.
2.5 Difficult analysis
Due to the non-real-time nature of offline transactions, the system's security system is the main difficulty of application. According to PBOC 2.0, when the issuing bank issues a financial IC card, the key stored by the card includes an application ciphertext key, a secure message authentication key, a secure message encryption key, and a card public-private key pair. These keys fully guarantee the security of the card itself, and provide security keys for card transaction applications, secure message MAC (message authentication code) calculations, offline data authentication, and the like. When a financial IC card is used in urban rail transit, the system needs to complete security measures such as card legality authentication, secure transmission of transaction messages, and extension of application file protection. After the transaction is over, the issuer will also need to verify the legality of each transaction.
2.5.1 The card authentication gate and the box office ticket machine use the asymmetric cryptosystem for the authentication of the financial IC card. The clearing center obtains the certificate center public key from the acquiring bank, and sends the public key to the gate with the parameter issuing transaction. Machine and box office ticket machine, the signature verification is completed with the public key during the transaction.
2.5.2 Public key cryptosystem Public key cryptosystem, also known as asymmetric cryptosystem. It uses two keys, one for encrypting information and the other for decrypting information. The two keys satisfy a certain mathematical relationship. Data encrypted by any one of the two keys can only be decrypted by another data. Therefore, it can be guaranteed that any other user who receives the public key of the user transmits the data encrypted by the public key, and only the user can decrypt with his own private key.
2.5.3 Extended application file protection Financial IC card card extension application file write protection uses a symmetric cryptosystem, the key is stored in the PSAM (Terminal Consumer Security Access Module) card of the gate and box office ticket vending machine. Since the key protects the composite consumption area, it is recommended to be issued by the urban rail transit company, and even share the same key with the urban rail transit one-way ticket, which saves investment and saves the PSAM card slot of the machine.
2.5.4 Security message transmission Data integrity and authentication of the sender are achieved by using MAC. The reliability of the data is guaranteed by encrypting the data domain [4]. The security control of financial IC cards in urban rail transit applications is part of the security control of the entire financial IC card system. From the perspective of the use of financial IC cards that have been issued and put into offline payment, these security measures can meet the security requirements of users.
2.6 Example of Card Structure An example of the internal structure of a financial IC card supporting a composite consumer application is shown in Figure 2. .jpg)
Talking about the Application Research of Financial IC Card in the Field of Rail Transit
Next Article
Advantages of the structure
Prev Article
Precautions for the purchase of the whole wardrobe