Electronic Cards in Electricity Prepaid Systems
According to specialized sources, the demand of the domestic and industrial sectors of Russia in modern electronic electricity meters is estimated at 50 million units, of which the industry supplies annually about a million. Both in Russia and in the neighboring post-Soviet states, electricity tariffs are rising, and collection issues are becoming increasingly relevant. As a factor stimulating consumers to pay for electricity on time, the introduction of meters is considered in many regions, which can regulate the available power depending on the actual payment. The very idea of automatic restriction of consumption in the event of non-payment, which seemed blasphemous five years ago, today is perceived not only naturally, but also as a real factor in influencing the consumer in the context of tariff increases.
A prepaid meter provides for the use of an intermediate medium, which would make it possible to deliver information about payments made to the final consumer’s meter or to the automated metering and control system, of which it is an element. In a number of existing counters with prepaid Lithuanian, Ukrainian and Russian production, electronic plastic cards are used as a payment processing tool. The traditional view of the card as the only means of cashless payment creates the appearance of no choice. However, a deeper analysis shows that an alternative exists.
Analysis of requirements for electronic cards
The main requirements for electronic cards in prepaid systems are considered sufficient memory, the security of the cards and readers themselves from vandalism, and the security of information transferred by cards. We will evaluate the fairness of these requirements, as well as how they correspond to electronic smart plastic cards.
Card readers are installed in places open for access, therefore it is necessary to make increased requirements for their vandal proof. At the same time, it is necessary to design the meters so that the failure of the reader does not interfere with the operability of the device as a whole. The slotted hole of the plastic card is least protected against vandalism. The best in this sense are contactless induction card readers. However, contactless induction cards with memory are expensive both in Belarus and in Russia, not because of the high cost of readers for them.
The second aspect of prepaid systems is related to information security. Since the security measure should correspond to real threats to information, we will evaluate the genuine threats in this case. The structure of prepaid systems assumes the presence of a certain banking institution in which workstation for calculating debts and receiving payments are installed. For payment, an electronic receipt is fixed on the card, which must be delivered by the consumer to the meter in order to continue its work. Thus, in this application, the card is not a means of payment, but only a means of delivery of receipts, automating the process of entering information into the counter. There are meters with a keyboard panel, on which the consumer dials a digital code printed on paper at a banking institution. In this development, the role of an electronic card is played by a sheet of paper with numbers. The security of such a carrier is no less than cards in our case and is determined solely by the methods of preparing a digital payment receipt.
As a means of message delivery, an electronic card is at risk of information destruction (restoring it in this case does not present a problem in a banking institution), distortion and substitution of information on the card. We note an important circumstance: a card in a payment or information system is a carrier of money, a key to access an account or confidential information, and therefore opening it is of interest to third-party attackers. In the system under consideration, third-party attackers are least interested in counterfeiting and opening a card; it is of most interest to its owner. To eliminate threats of distortion and substitution of information, the digital electronic receipt must be encrypted. Encryption and decryption are not carried out by a card, but by an electronic meter controller and a banking center computer according to agreed algorithms. Therefore, the degree of security of a digital payment receipt can be completely determined by encoding methods, and not by the type of media, which is just an electronic card or piece of paper. Modern coding methods make it possible to determine both a change in a code during transmission and attempts to re-substitute the same codes (re-presenting a receipt without a second payment). Therefore, when using cryptographic methods in the electronic meter and the computer of the banking center, the electronic version of the payment receipt becomes a means of convenient delivery of information and its easy entry into the meter. Hence the requirements for such a device: sufficient memory, reliability and durability in the home, a simple and reliable interface.
The more security features of the portable code an electronic card has, the easier it can be cryptographic protection methods. However, a card in a prepaid system is a mass-replicated device. Therefore, if the cost of protected cards exceeds the cost of unsecured cards, while both have sufficient memory, and, in addition, the protected card has a less vandal-proof reader, then it is more economical to use a less complex card.
IButton Family Electronic Cards
These cards (see. Fig. 1) are very widely used in Belarus in security systems, access control systems, gas stations for 9 years and have everything necessary for use as a carrier of electronic payment receipts.
Cards form a number of devices (Table 1) with built-in non-volatile memory ranging in size from 256 bits to 8 Kbytes.
|Device code||Memory size, bits||Unique number, 64 bits||Additional features|
|DS1971||256 + 64, EEPROM||+|
|DS1991||1344 non-volatile RAM||+||Password protection|
|DS1992||1 K, non-volatile RAM||+|
|DS1993||4 K, non-volatile RAM||+|
|DS1994||4 K, non-volatile RAM||+||Clock|
|DS1995||16 K, non-volatile RAM||+|
|DS1996||64 K, non-volatile RAM||+|
|DS1963S||4 K, non-volatile RAM||+||Strong authentication. Write cycle counter|
|DS1963L||4 K, non-volatile RAM||+||Write cycle counter|
IButton card readers (Figure 2) are almost two stainless steel contacts. The production of such readers can be arranged on site. Unlike smart card readers, iButton card readers have no openings, are not affected by dust, dirt and are not afraid of direct moisture. Each device has a unique, unchangeable number, which allows you to uniquely associate it with a counter (payer). Individual card models have additional properties that can be used by developers. Since the DS1991 device (1Kbit RAM) has password protection, the DS1963S device (4Kbit RAM) allows you to implement additional methods of active authentication. When using such a card, even creating an electronic dummy with a matching number will not allow you to replace the card. The DS1963L (4Kbit RAM) device will allow you to protect yourself from attempts to re-present a digital receipt without complicated cryptographic methods, that is, to identify situations where information about one payment is substituted several times. It has a built-in automatic transaction counter, so that every unauthorized record of data in it can be detected.
The interface of iButton cards is well described in the literature and allows you to connect multiple readers to one cheap two-wire network. Due to this, it is possible not only to easily integrate it into individual meters, but also to easily organize a separate arrangement of common readers, for example in residential buildings, when combining electricity meters into a single network.
In general, an analysis of the requirements for electronic cards in prepaid systems for electricity shows that the basic requirements for them should be the requirements of functionality, convenience and reliability of operation, and not safety, since safety requirements must be implemented at the equipment level. In this sense, cards like iButton seem to be a quite functional solution.