摘要
传统的ETC卡充值主要是通过充值营业厅的内部安全网络保证POS设备与卡平台通信的安全,同时配合CPU卡本身的应用规范安全体系来保障整个交易过程中的安全性。移动互联网时代的空充模式,不在安全可控的内部网络中,交易过程的通信报文可能会被截获破解。利用安全连接SSL/TLS的核心思想以及卡片安全体系,设计合理的安全方案。该方案能在较少增加系统额外开销的前提下,有效提高ETC卡空充过程中的安全性。
Traditional charging on ETC-Card ensure the communication security between POS equipment and card platform mainly through the internal security network of the business hall, cooperating with the standard security system of CPU card application itself to guarantee the safety of the whole trading process. Air-Charge mode at the mobile internet era, without the internal security network, the message package in the trading process could be intercepted and cracked. Design a reasonable security solution using the kernel idea of SSL/TLS and the standard security system of CPU card. The solution can effectively increase the safety of the Air-Charge on ETC-Card with less increasing on system overhead.