Research And Practice On Safety Of Financial IC Card Of ETC

With the development of China’s Golden card project, banks begin to issue financial IC cards instead of magnetic stripe cards, and introduced many applications based on it.In addition to the basic functions such as deposit and POS purchase, we can also make ourselves take bus, shopping, and make an appointment in hospital just by using financial IC cards. ETC traffic card is the typical financial IC card application in recent years. Nowadays, it’s different from the past that we get the ETC traffic card from Highway Administration, thanks to the cooperation between banks and Highway Administration, a financial IC card can solve the problem.Financial IC cards became more powerful, applications are becoming more and more popular, and information security for IC card attacks has become increasingly prominent.Which mainly about two aspects, on one hand, the secure transmission of transaction information between trading terminals, on the other hand, authentication.This paper mainly discussed financial IC card’s application in ETC system, focus on multi-system information security between ETC system and bank’s IC card system. Based on analysis of the PBOC standard encryption algorithms, this paper propose that apply the Chinese commercial encryption standard algorithm in the protection of IC card information security. Meanwhile, this paper analyzed the defect and potential risks about on-board units(OBU) and IC card authentication process, proposed some prevension measures.In the end, according to the author’s working background, this paper provide an implementation plan, the IC card named "Longyuan transportation card”, which is jointly issued by Highway Administration of XX province and local XX commercial bank.The contribution of this paper is as following:1. On the basis of analysis and comparison of PBOC2.0 and PBOC3.0, this paper point out the necessity of adopting PBOC3.0 standards in the construction of the ETC system.Considering PBOC3.0 standard is not an compulsory requirement, so the author put it to a forward-looking design that using the Chinese commercial encryption to ensure the information security of ETC cards.SM2, SM3 for the legitimacy of IC card authentication, and SM4 algorithm for secure transmission of transaction messages.2. While the existing ETC system has taken a variety of technical measures preventing stolen card from cheat tolls, safety measures that considerd from IC card is still insufficient.After introducing the risks that cause by stolen cards, this paper proposed an idea that require cardholders input PIN code in order to identify whether the card is used by his owner.3. Discussed the improvement of input PIN mode, in order to solve the man-in-the-middle attack.4. According to auther’s working experience, this paper introduced the implementation of ETC card which is jointly issue by both bank and Highway Administration, and contains design of IC card file system, transaction flow of credit for load and purchase.