Electronic cards in prepaid electricity systems
According to specialized sources, the demand for domestic and industrial sectors in Russia for modern electronic electricity meters is estimated at 50 million units, of which the industry supplies about one million annually. Both in Russia itself and in the neighboring post-Soviet states, electricity tariffs are rising, and the issues of collecting payments are becoming increasingly relevant. As a factor that stimulates consumers to pay for electricity in a timely manner, in many regions the introduction of meters capable of adjusting the output power depending on the actual payment is considered. The idea of automatically limiting consumption in the event of non-payment, which seemed blasphemous five years ago, today is perceived not only naturally, but also as a real factor affecting the consumer in the face of rising tariffs.
The prepaid meter provides for the use of an intermediate carrier, which would allow to deliver information about the payments made to the meter of the end user or to AMR, the element of which he is. In a number of existing meters with prepayments of Lithuanian, Ukrainian and Russian production, electronic plastic cards are used as a tool for working with payments. The traditional view of the card as the only means of cashless payment creates the appearance of no alternative. However, a deeper analysis shows that an alternative exists.
Electronic card requirements analysis
The main requirements for electronic cards in prepaid systems are considered to be a sufficient amount of memory, the security of the cards and readers themselves against vandalism and the security of information transferred by the cards. Let us evaluate the validity of these requirements, as well as the extent to which they correspond to electronic intelligent plastic cards.
Card readers are installed in places open to access, therefore it is necessary to impose increased requirements on their vandal-proofness. At the same time, it is necessary to design the counters in such a way that the failure of the reader does not violate the operability of the device as a whole. The slotted hole of the plastic card is least protected from vandalism. The best in this sense are readers of contactless induction cards. However, contactless induction memory cards are expensive and practically in Belarus, and in Russia they are not used, including due to the high cost of readers for them.
The second aspect of prepaid systems is information security. Since the remedy must correspond to the real threats to the information, we will evaluate the real threats in this case. The structure of prepaid systems presupposes the presence of a certain banking institution, in which the AWP for calculating debts and receiving payments are established. On payment, an electronic receipt is recorded on the card, which should be delivered by the consumer to the meter in order to continue its work. Thus, in this application, the card is not a means of payment, but only a means of delivering receipts, automating the process of entering information into the counter. There are counters with a keyboard panel, in which the consumer dials a digital code printed on paper in a banking institution. In this development, the role of an electronic card is performed by a sheet of paper with numbers. The security of such a carrier is not less than a card in our case and is determined solely by the methods of preparing a digital payment receipt.
As a means of delivering messages, an electronic card is at risk of destroying information (to restore it in this case does not pose a problem in a banking institution), distortion and substitution of information on the card. We note an important fact: a card in a payment or information system is a carrier of funds, a key to access an account or confidential information, and therefore opening it is of interest to third-party intruders. In this system, third-party attackers are least interested in falsifying and opening the card, it is of particular interest to its owner. To eliminate the threat of distortion and substitution of information, a digital electronic receipt must be encrypted. Encryption and decryption are carried out not by the card, but by the controller of the electronic counter and the computer of the banking center according to agreed algorithms. Therefore, the degree of security of a digital payment receipt can be completely determined by the methods of coding, and not by the type of carrier, which is just an electronic card or a piece of paper. Modern coding methods allow you to define both a code change in the process of transfer and attempts to re-substitute the same codes (re-submitting a receipt without a second payment). Consequently, when using cryptographic methods in an electronic counter and a banking center computer, the electronic version of a payment receipt becomes a means of conveniently delivering information and facilitating its input to the counter. Hence the requirements for such a device: sufficient memory, reliability and durability in living conditions, simple and reliable interface.
The more possibilities for protecting a portable code an electronic card has, the simpler it can be cryptographic protection methods. However, a card in a prepaid system is a massively replicable device. Therefore, if the cost of protected cards exceeds the cost of unprotected cards, while both have sufficient memory and, moreover, the protected card has a less vandal-proof reader, it is economically more reasonable to use a less complex card.
IButton Family Electronic Cards
These cards (see Fig. 1) are very widely used in Belarus in security systems, access control systems, at gas stations for over 9 years and have everything you need to use as a carrier of electronic payment receipts.
The cards form a series of devices (Table 1) with a built-in non-volatile memory ranging from 256 bits to 8 KB.
|Device code||Memory size, bits||Unique number, 64 bits||Additional features|
|DS1971||256 + 64, EEPROM||+|
|DS1991||1344, non-volatile RAM||+||Password memory protection|
|DS1992||1 K, non-volatile RAM||+|
|DS1993||4 K, non-volatile RAM||+|
|DS1994||4 K, non-volatile RAM||+||Clock|
|DS1995||16 K, non-volatile RAM||+|
|DS1996||64 K, non-volatile RAM||+|
|DS1963S||4 K, non-volatile RAM||+||Strong authentication. Write cycle counter|
|DS1963L||4 K, non-volatile RAM||+||Write cycle counter|
The iButton card readers (Fig.2) are practically two stainless steel contacts. The production of such readers can be organized on site. Unlike smart plastic card readers, iButton card readers do not have holes, are not affected by dust, dirt and are not afraid of direct moisture. Each device has a unique unchangeable number that allows you to uniquely link it to the meter (payer). Some models of cards have additional properties that can be used by developers. So the DS1991 device (1Kbit of RAM) has password protection by password, the DS1963S device (4Kbit of RAM) allows to implement additional active authentication methods. When using such a card, even the creation of an electronic model with a matching number will not allow you to replace the card. The DS1963L device (4Kbit of RAM) will allow you to protect against attempts to re-submit a digital receipt without complex cryptographic methods, that is, to detect situations where information about one payment is substituted several times. It has a built-in automatic transaction counter, so that any unauthorized data writing to it can be detected.
The interface of iButton cards is well described in the literature and allows you to connect several readers to one cheap two-wire network. Due to this, it is possible not only to easily integrate it into individual meters, but it is also easy to organize a separate arrangement of common readers, for example, in residential buildings when combining electricity meters into a single network.
In general, an analysis of the requirements for electronic cards in systems with prepaid electricity shows that the main requirements for them should be the requirements of functionality, convenience and reliability of operation, and not security, since security requirements must be implemented at the equipment level. In this sense, iButton-type cards seem to be a completely functional solution.