“The PSAM card driver module designed in this paper, according to the above-mentioned software and hardware design ideas, has been practically verified and a satisfactory effect has been achieved. Both the software code and the hardware power conversion module have good portability, which is convenient for application in different systems, and provides external interface functions, which are convenient for upper-level system application engineers to call. This module can be applied to fixed network payment, POS terminal and other devices.

“

introduction

With the improvement of people’s living standards, credit card consumption has become one of the commonly used payment methods. In order to ensure the security of credit card consumption, the PSAM card is embedded in various terminal credit card devices. PSAM (Purchase SecureAccess Module, point-of-sale terminal security access module), issued by the IC card issuing authority or application authority, is a security authentication card that can be used to authenticate IC cards for offline consumption transactions, mainly used in commercial POS , outlet terminal, direct connection terminal and other equipment, support multi-level card issuance mechanism, suitable for multi-application environment, in line with identification card, integrated circuit card standard with contacts, ISO/IEC 7816-1/2/3/4 and “People’s Bank of China PSAM Card Specifications”.

1 Introduction to PSAM Card

PSAM card is a type of contact CPU card. A CPU card is also called a smart card. The integrated circuit in the card has a microprocessor CPU, a storage unit (including random access memory RAM, electrically erasable memory EEP ROM, program memory ROM) and a chip operating system (Chip Operating System, COS). The CPU card equipped with COS not only has the function of data storage, but also has the functions of command processing and data security protection. The CPU card chip is equivalent to a microprocessor installed in the chip, and its function is roughly the same as that of a microcomputer. In life, the metal sheet on the integrated circuit card (IC card) that people often use is the CPU chip. Because the CPU card has the advantages of large storage space, strong processing capacity, safe information storage, multi-purpose support for one card, and fast reading speed, it has been widely used in the fields of finance, traffic police, insurance and government industries. Certification by the People’s Bank of China.

In terms of appearance, there is no obvious difference between the CPU card and the ordinary IC card and radio frequency card, but the performance and security have been greatly improved. This is mainly because the CPU card contains a random number generator, 3DES coding algorithm, hardware DES and 3DES encryption algorithms, etc., with the operating system, can achieve financial-level security level. The depreciation key is generally stored in the PSAM card, and the IC card is depreciated through the PSAM card to achieve safe deduction. In the system of the non-contact logical encryption card, the PSAM card mainly uses the card authentication key and the KEYA and KEYB keys of each sector to generate the KEYA and KEYB authentication codes of each sector required for the operation of the non-contact logical encryption card. Information does not directly participate in operations. In the non-contact CPU card system, the PSAM card is usually used to calculate and verify the MAC code that appears in the process of consumer transactions. At the same time, in the process of calculation, transaction information such as transaction time, transaction amount, transaction type, etc. are also involved in the calculation, making Transactions are more secure and reliable. In some cases, the PSAM card in the contactless CPU card system can also be used to support the calculation of the MAC when the security message updates the data, and the verification of the transaction TAC.

The internal logical structure of the card is shown in Figure 1.

The CPU and encryption logic ensure the safety of the data in the EEPROM, so that the outside world cannot use illegal means to obtain the data in the EEPROM. RAM is an area where command parameters, return results, security status and temporary work keys are stored when COS is working. ROM is used to store COS programs. The user application data area is stored in the EEPROM, and the COS saves the user data in the EEPROM in the form of a file. When the security conditions meet the regulations, the file can be read/written.

2 Hardware Design

2.1 PSAM card circuit design

2.1.1 PSAM card power switch module

The ISO7816 protocol stipulates that there are two types of PSAM cards that are used more frequently. Types of PSAM cards (type A and type B), type A needs to provide 5V voltage, and type B needs to provide 3V voltage. In order to ensure the compatibility of the two types of cards, it is required that The designed reader can provide a choice of 5V or 3V voltage. So this paper designs the power switch module as shown in Figure 2. Its working principle is: when PSAM POW is high, the P-channel MOS tube is turned on, providing 5 V voltage to PSAM_VDD, when PSAM_POW is low, the P-channel MOS tube is not turned on, providing 3.3 V voltage, and then through the diode voltage drop to provide 3 V.

2.1.2 PSAM card reset signal

Also consider the two types of PSAM cards, especially when the PSAM card is type A, the main consideration is that the I/O port voltage of the MCU is 3.3V, while the PSAM card needs 5 V to prevent the reset level from being insufficient. The PSAM_RST1 signal is connected to SAM_RST1 through a transistor to enhance the drive capability. Among them, PSAM_RST1 is connected with MCU, and SAM_RST1 is connected with PSAM card. The specific circuit is shown in Figure 3.

2.1.3 PSAM card data port level conversion circuit

In order to ensure that the signal received by the MCU is 3.3 V, a level conversion circuit for the data port of the PSAM card is designed. The specific circuit is shown in Figure 4. When the PSAM card is class A, the 5 V voltage needs to be converted to 3.3 V. This is In the circuit of Figure 4, only two triodes (Q1, Q2) need to be welded, and no resistor R needs to be welded. When the PSAM card is class B, only the resistor R needs to be welded, and two triodes (Q1) need not be welded. , Q2).

2.1.4 PSAM card slot circuit interface

The circuit interface of the PSAM card slot is shown in Figure 5. Since it is a low-level reset, the PSAM VDD signal needs to be connected to the RST port, and the level is pulled high during normal operation. The data pin (DATA) also needs to be pulled up under normal circumstances. This is to prevent the level amplitude from being insufficient. Especially at 5 V, the signal through level switching is 3.3 V and must be pulled up to 5 V.

2.2 Design of the main control module

FIG. 6 is a schematic diagram of the main control module and related peripheral circuits. The main control module selects the STM32F103C8T6 chip. The two pins of OSC32_IN and OSC32_OUT are connected to a low-speed external crystal oscillator of 32.768 kHz, which can be used to drive the real-time clock RTC. The two pins of OSC_IN and OSC_OUT are connected to an 8 MHz crystal oscillator, and the STM32 system clock (SYSCLK) of 72 MHz is generated by setting the relevant registers of the STM32 after PLL frequency multiplication. C1 and C2 are used as crystal matching capacitors. To make the crystal oscillator easier to start, a 1 MΩ resistor (R) is placed in parallel next to the crystal oscillator. The main control module is reset at a low level, the resistor is connected to a high level, the capacitor is grounded at the bottom, and the middle bit is RST. The specific working principle is to charge the capacitor when it is powered on, and the capacitor gives RST a short low level, which becomes high as VCC charges the capacitor.

3 Software Design

The software-driven design of the PSAM card should conform to the ISO7816-4 protocol. Application Protocol Data Units (APDUs) may contain command messages or response messages, which are sent from the interface device to the card, or vice versa by the card to the interface device.

The format of the APDU command is listed in Table 1.

The contents of the command header of the APDU command are listed in Table 2.

The APDU command response structure is listed in Table 3.

The contents of the APDU command response are listed in Table 4.

(1) The main data structure

Typedef struct{

u8 Cla; //Type of command
u8 Cmd; //Code of command
u8 P1; //Specific command parameter 1
u8 P2; //Specific command parameter 2
u8 P3; //Lc in transmit mode;//Le in receive mode
u8*Data_Ptr;//Command and corresponding data field
u8 RspCode[2];//The content of the APDU response

}APDU;

(2) Main functions

①Function name: PSAM_APDU_Out

Function description: Read data from smart card.

Parameters: *Data_out, returns the data read from the smart card; PSAMConfig, the configuration of the smart card.

Return value: read data success flag (0 for failure, 1 for success).

②Function name: PSAM_APDU In

Function description: write data to the smart card.

Parameters: *Data_in, the data written to the card; PSAMConfig, the configuration of the smart card.

Return value: write data success flag (0 for failure, 1 for success).

③Function name: PSAM_Send1 Byte

Function description: Send 1 byte of data to the smart card, and judge whether the receiver receives it successfully. If unsuccessful, send the data to the recipient twice.

Parameters: SendByte, the byte data to be sent.

Return value: SendStatus, whether the data is sent successfully or not (success is 0x01, failure is 0x00, and timeout is 0xFF).

④Function name: PSAM_Send1Block

Function description: Send n bytes of data to the smart card.

Parameters: *SendPtr, the byte data pointer to be sent; DataLen, the number of bytes to be sent; ByteDir, the byte direction.

Return value: SendStatus, whether the data is sent successfully or not (success is 0x01, failure: 0x00).

⑤Function name: PSAM_Receive1Byte

Function description: Receive 1-byte data from the smart card. When a parity error is detected, the smart card can be requested to send the current byte data twice.

Parameters: None.

Return value: DataBuf, where the high byte is the success flag of data reception (success is 0x01, failure is Parity error (0x55), timeout overflow (0xff)) and the low byte is the received valid byte data.

⑥Function name: PSAM_Reset

Function description: reset the smart card and wait for the response from the smart card. If the response is successful, it will return the reset success flag, otherwise it will return the reset failure flag.

Parameters: *uiATR, the pointer to save the reply-to-reset information.

Return value: reset success flag (0x01 is reset success, 0x00 is reset failure).

4 Module testing

Test the system through the serial port debugging assistant, analyze the data sent and returned, and judge whether the module works normally. Figure 7 is a command to send a reset operation to the PSAM card. Figure 8 is a command to transmit transparent data streaming to the PSAM card.

Epilogue

The PSAM card driver module designed in this paper, according to the above-mentioned software and hardware design ideas, has been practically verified and a satisfactory effect has been achieved. Both the software code and the hardware power conversion module have good portability, which is convenient for application in different systems, and provides external interface functions, which are convenient for upper-level system application engineers to call. This module can be applied to fixed network payment, POS terminal and other devices.