![<?echo $_SERVER['SERVER_NAME'];?>](/template/twentyseventeen/skin/images/header.jpg)
There are two very important concepts in PBOC/EMV, SDA (static data authentication) and DDA (dynamic data authentication), which are called static data authentication and dynamic data authentication. Both of these certifications are off-line authentication. People in the industry know that a very important reason for the migration of magnetic cards and IC cards is security.
Take two examples of magnetic card crimes:
1 The construction principle of the magnetic card itself makes its data very easy to be illegally modified, and you certainly do not want someone to illegally modify the data on your card. Of course, if you add a few 0's to your balance, it's another matter.
2 I believe in the following example, many people have heard: Criminals use two devices, card readers and pinhole cameras. They fixed the card reader to the bank’s original card reader and aligned the card slot. When we took the card when we took the money, the information on our card was read by their reader, and then they With a blank card, we can copy our card. The function of the pinhole camera is to steal our password when we withdraw money. With the card in place, the password is there, and the remaining step is to withdraw money.
SDA can solve the first problem mentioned above. The principle it implements is digital signature. Simply put, the process is as follows: The data in the IC card is first signed, how to sign it? Of course, instead of writing a name directly with a pen. Its approach is to use Hash to generate a short representation of the data as a digest of the data, and then encrypt the digest to get a signature. Then send the data and the encrypted signature to the terminal. The terminal receives a signature from the received data Hash first, then decrypts the received cryptographic signature and obtains a signature. After comparing the two signatures, it can know whether the data has been modified or not, if the data is modified. However, the two signatures are different. Verification will not pass.
In addition to the function of SDA, DDA is the most powerful place to solve the above-mentioned second crime. The principle of its realization is as follows: Compared with SDA, its signature is dynamic. SDA's signature is set when the card is issued. The private key used for encryption is the issuing bank's private key (if you do not understand the concept of private key and public key, it is recommended that you first look at cryptographic knowledge). The signature data used by DDA each time is some dynamic data in the current transaction. The private key used for signature encryption is the IC card private key, which is stored in a secure area of ​​the IC card (this is very important). The end of the terminal has a public key corresponding to it for decryption. So how to achieve anti-copy it?
For example, Zhang San’s card was copied by Li Si and Li Si took this card to withdraw money. During the transaction, the IC card will generate a dynamic signature for the terminal to confirm. The key place is here. This dynamic signature requires a private key to be encrypted. The IC card's private key is stored in a secure area on the IC card. It is impossible for Li Si to know that Li Si randomly selected a private key to encrypt the signature. Therefore, verification at the end of the terminal is definitely not possible because the public key and private key do not correspond. Then the transaction will surely be forced to stop, and Zhang Sankali’s money will not be taken away by Li.
DDA is really too strong. It can be imagined that if all the bank cards we use later are DDA-capable IC cards, it will greatly reduce financial crimes. Visa and master have announced that after 2011, IC cards issued by all banks in Europe will use offline functions.