Electronic cards in systems of an advance payment for the electric power
According to specialized sources, the need for domestic and industrial sectors in Russia in modern electronic electricity meters is estimated at 50 million units, of which the industry annually supplies about one million. As in Russia itself, and in neighboring post-Soviet states, electricity tariffs are increasing, and issues of collection of payments are becoming more relevant. As a factor that stimulates consumers to pay for electricity in a timely manner, in many regions it is considered the introduction of meters that are able to regulate the power output, depending on the actual payment. The very idea of automatically limiting consumption in case of non-payment, which seemed blasphemous even five years ago, is now perceived not just naturally, but also as a real factor of impact on the consumer in the face of rising tariffs.
The counter with a prepayment provides for the use of an intermediate carrier, which would allow delivery of information about the payments made to the end user's meter itself or to the AMRMS, of which it is an element. In a number of existing meters with prepayment of Lithuanian, Ukrainian and Russian production, electronic payment cards are used as an instrument for handling payments. The traditional view of the card as the only means of non-cash payment creates the appearance of no alternatives of choice. However, a deeper analysis shows that there is an alternative.
Analysis of requirements for electronic cards
The main requirements for electronic cards in prepaid systems are sufficient memory, the security of the cards and readers from vandalism and the security of the information transferred by the cards. We estimate the validity of these requirements, and also how much they correspond to electronic smart plastic cards.
Card readers are installed in open access areas, so it is necessary to show increased requirements for their vandal-proofing. At the same time, it is necessary to design the counters so that the failure of the reader does not affect the performance of the device as a whole. The slit hole of the plastic card is protected from vandalism to the least extent. The best in this sense are proximity card readers. However, contactless induction cards with the memory of the road and practically in Belarus, and in Russia are not used, including because of the high cost of readers for them.
The second aspect of prepaid systems is related to the security of information. Since the remedy should correspond to the real threats of information, we will evaluate the real threats in this case. The structure of prepaid systems presupposes the existence of a certain banking institution, in which there is an automated payment system for calculating arrears and accepting payments. As for payment, an electronic receipt is fixed on the card, which must be delivered by the consumer to the meter to continue its operation. Thus, in this application the card is not a means of payment, but only a means of delivery of receipts, which automates the process of entering information into the counter. There are counters with a keypad on which the consumer types a digital code printed on paper in a banking institution. In this development, the role of an electronic card is performed by a sheet of paper with numbers. The security of such a carrier is not less than the card in our case and is determined solely by the methods of preparing a digital payment receipt.
As a means of delivery of messages, an electronic card is subject to the risk of destroying information (to restore it in this case does not present a problem in the banking institution), distortion and substitution of information on the card. We should note an important circumstance: a card in a payment or information system is a carrier of money, a key to accessing an account or confidential information, and therefore an autopsy is of interest to third-party attackers. In this system, third-party attackers are least interested in forging and opening a card, it is of particular interest to its owner. To eliminate threats of distortion and substitution of information, a digital electronic receipt must be encrypted. Encryption and decryption are carried out not by the card, but by the electronic meter controller and the computer of the banking center according to the agreed algorithms. Therefore, the degree of security of a digital payment receipt can be fully determined by coding methods, rather than by the type of media, which is only an electronic card or a piece of paper. Modern coding methods allow to determine both the code change during the transmission process and attempts to re-substitute the same codes (repeated presentation of the receipt without a second payment). Consequently, when using cryptographic methods in the electronic meter and the computer of the banking center, the electronic version of the payment receipt becomes a means of convenient delivery of information and its easy entry into the counter. Hence the requirements for such a device: a sufficient amount of memory, reliability and durability in everyday conditions, a simple and reliable interface.
The more features to protect the portable code has an electronic card, the easier it can be cryptographic protection methods. However, a card in a prepaid system is a massively replicable device. Therefore, if the cost of protected cards exceeds the cost of unprotected cards while both have sufficient memory and, in addition, the protected card has a less vandal-proof reader, then the use of a less complex card is economically more justifiable.
IButton electronic cards
These cards (see Figure 1) are very widely used in Belarus in security systems, access control systems, at gas stations for 9 years already and have everything necessary to use electronic payment receipts as a carrier.
The cards form a number of devices (Table 1) with built-in non-volatile memory from 256 bits to 8 KB.
|Device code||Amount of memory, bit||Unique number, 64 bit||Additional Features|
|DS1971||256 + 64, EEPROM||+|
|DS1991||1344, non-volatile RAM||+||Memory protection by password|
|DS1992||1 K, non-volatile RAM||+|
|DS1993||4 K, non-volatile RAM||+|
|DS1994||4 K, non-volatile RAM||+||Clock|
|DS1995||16 K, non-volatile RAM||+|
|DS1996||64 K, non-volatile RAM||+|
|DS1963S||4 K, non-volatile RAM||+||Enhanced authentication. Recording cycle counter|
|DS1963L||4 K, non-volatile RAM||+||Recording cycle counter|
The iButton card readers (Fig. 2) represent almost two stainless steel contacts. The production of such readers can be organized on site. Unlike smart card readers, iButton card readers do not have holes, are not affected by dust, dirt and do not be afraid of direct moisture penetration. Each device has a unique unchangeable number, which allows you to uniquely link it to the counter (payer). Individual card models have additional properties that can be used by developers. So the device DS1991 (1Kbit RAM) has memory protection by password, the device DS1963S (4Kbit RAM) allows you to implement additional methods of active authentication. When using such a card, even creating an electronic model with a matching number will not allow you to change the card. The device DS1963L (4Kbit RAM) will allow without complex cryptographic methods to be protected from attempts to re-present the digital receipt, that is, to identify situations when information about one payment is substituted several times. It has a built-in automatic transaction counter, so that any unauthorized data entry into it can be detected.
The interface of iButton cards is well described in the literature and allows you to connect several readers to one cheap two-wire network. Due to this, it is possible not only to easily integrate it into individual counters, but it is also easy to arrange a separate arrangement of common readers, for example, in apartment houses when electricity meters are combined into a single network.
In general, the analysis of the requirements for electronic cards in systems with a pre-payment for electricity shows that the main requirements for them should be the requirements of functionality, convenience and reliability of operation, rather than safety, since the safety requirements must be implemented at the equipment level. In this sense, cards like iButton seem to be a fully functional solution.