The high frequency technology of 13.56MHZ has been widely used in various fields. But with the development of technology, the current high-frequency card is not as safe as before. Recently, some high-frequency technologies have been cracked by hackers, and even the equipment used for cracking has been released on the Internet. If an unsafe high-frequency technology is applied to large-scale public projects, especially related to e-wallets and other functions (such as public transportation, etc.), this will not only cause huge losses to the brand image of high-frequency technology manufacturers, but also bring The end user has a huge blow, causing social unrest.
At the beginning of 2009, relevant departments of the Chinese government also paid close attention to this issue and issued corresponding statements. This move, the industry is awesome! The RFID industry, which originally had some illusions about certain products, has begun to look for more reliable and secure RFID products. However, not every user has a deep research and understanding of RFID!
So what kind of RFID high frequency technology is really safe? The first thing to note is that no technology in the world can't be cracked! Just as there is no safe in the world or the door to the vault is not open. People can spend a few hundred dollars to buy safes in the mall, and even spend tens of millions of dollars to install a vault door. The only difference is that a safe that costs a few hundred dollars may be opened with a hoe for a few minutes, but tens of millions of treasury doors require some professional people to spend a few months with high-tech professional tools. Can be opened. So what does this analogy use on the technology of 13.56MHZ?
This example is very vivid in depicting the technical content of high frequency technology from different manufacturers. The security of a technology depends on how much time and effort the hacker spends to crack it. Then, a complex and highly flexible technology will make it harder for hackers to crack. From the external data, the "elasticity" and "complexity" of a technology can reflect the "anti-cracking" ability of the technology. To choose a high-security RFID product, basically refer to the following functions:
1. How is the memory of the card distributed?
There are basically two types of segments in the card: fixed mode and free segmentation, and the flexible memory allocation of free segmentation is more complicated than the fixed mode memory allocation, which is more disadvantageous for hackers to crack the technology.
Fixed mode: The length of the data segment is defined in advance by the manufacturer. For example: MIFARE, INSIDE, HID ICLASS are all fixed mode segments. This segmentation mode makes the company relatively simple when developing applications, but it also affects the user's flexibility and the simplification of its own technology (degradation resistance).
Free segmentation: The length of the data segment can be defined as required. For example: SONY, FELICA, LEGIC, DESFIRE, etc.; the sectors within these cards can be divided according to the amount of different application data. And how many different sectors a card can be divided into, according to different manufacturers different standards. For this function, the application of the card is “elastic†and the “memory utilization rate†is relatively high, and it also increases the complexity of its own technology – “anti-cracking†capability.
2. Is the “data key†in the chip diversified?
The data within the chip is protected by a key. The generation of the key is generally specified by the user or the developer, but some chip keys are also generated on the market. Is the generated key "diversified"? It depends on different manufacturers.
The so-called "diversified" key is the key for protecting data in the card, which is changed according to each card. In other words, each of the initialized cards has different internal keys. This will increase the ability to defend against hackers! However, some manufacturers in order to achieve the "diversified" key function, can only add a layer of protection settings on the periphery of the chip, and hope to achieve the same purpose. This is still a certain distance from the chip itself to generate a "diversified" key.
3. Is there any encryption in the process of data transmission at each step? What encryption method is used?
In the process of reading the card, whether the transmission of data is encrypted, and how to encrypt it is an important test standard. It is recommended not only to keep the data of the front-end card confidential, but also to provide very strict encryption protection for the point-to-point data transmission between the card and the card reader, the card reader and the host.
Which encryption method is used is also crucial. The 3DES encryption method recommended by the industry is one of the more reliable methods. This method is not only used for reading data in a card, but also for outputting data. Most other encryption technologies can only be applied to the reading of data in the card. Only the DESFIRE and LEGIC can support 3DES in data transmission.
4. Does the chip have additional features to protect data security?
In addition to the three-point features mentioned above to protect the security of the chip key, what additional features can complicate the overall technology? If the password management system can be pre-set on the chip, this will make this type of high frequency technology more complicated. (For example, LEGIC's primary token system is an example that can be referenced).
5, CPU card introduction, CPU card is the safest?
At present, domestic CPU cards are moving faster, and different manufacturers have introduced different CPU cards. So how many people really know the CPU card? The CPU card is theoretically safer than a general logic card. The main reason is that the general logic card can be accessed continuously until the card responds, which is good for hackers. For a CPU card that meets the security standard, if there are 3 consecutive "access failures", the card will be locked. (Like the boot PIN code set when the phone is turned on) This feature is not conducive to hackers, so the security will be higher.
However, the true security of the CPU card has a lot to do with the security of the COS itself. Nowadays, most of the world's most recognized safe COSs are written in Java base, and there are many so-called "Native COS" algorithms on the market that are not public, so the degree of COS security is unknown. Internationally, there are also stricter certification standards for COS - Common Criteria (CC evaluation). Therefore, users cannot blindly believe that it is safe to have COS.
There is currently no mature product for CPU card applications and data storage on the market. Therefore, pay more attention to the application of the CPU card. For foreign manufacturers, only LEGIC companies are currently able to provide this application.
In short, there are many high frequency technologies on the market. The security level of a technology depends on the characteristics of the technology. Of course, the more complex and flexible the technology is, the more difficult it is for hackers to crack. For the current high-frequency technology, it is mostly used in cards, especially on consumer and high security projects. The choice of technology is more cautious! The technical characteristics and judgment criteria listed above are expected to provide certain reference for RFID industry insiders!
The existence of "hackers" is not entirely a bad thing. It awakens the entire RFID industry and promotes the continuous development and advancement of RFID technology. "Cracking the door" does not mean "the end of the world", the development direction of RFID technology has become clearer!
Automatic Single Twist Packing Machine,Food Single Twist Wrapping Machine
U-PAC CO.,LTD , https://www.upac-machinery.com