Product introduction >>
The financial IC card is an IC card that implements the financial services of bank cards through the use of the automated chip. It comes with high security and has a broad range of use. Not only it can be used as a financial IC card but can at the same time load applications from various industries, form multipurpose bank cards such as financial social security cards, citizenship cards, and financial purchasing cards, be used for making payments, self-serve shopping, and public transportation, hence offering great convenience to consumers while providing an establishment for banks in developing new bank cards.
Sansec’s financial IC card key management system, along with the authentication center, data preparation system, personal systems, and associated business IC card systems complete the financial IC card issuer and maintain the security of business applications. The system supports RSA and SM2 asymmetric encryption algorithms and the 3DES, AES, and SSM4 symmetric encryption algorithms.
The key management system primarily provides certificate management (including card issuer certificate management), asymmetric key management, symmetric key management, personnel management, log and audit, strategic management, and system management capabilities.
> Supports domestic standards
The financial IC card key management system was designed by studying related specifications such as the 《Financial IC card key management system technology specifications》 as well as the 《Certificate verification system and relevant security technology specification》 standards defined by OSCCA. It rationalizes the system’s architecture, giving the system a more effective protection and allowing for a greater scalability and ease of use.
> Complete support for domestic algorithms
Completely supports the domestic algorithms SM2, SM3, and SM4. In terms of technology, we completely adhere to the management policies and our key management designs follow the relevant national standards.
> Secure key storage
The key management system’s protection keys and internal authentication keys are provided by and stored in the HSM and can only be accessed by authorized parties but cannot be exported.
Administrator keys and user keys are protected via a USB automated cryptographic key, hence instilling control over key usage and effectively preventing illegal key usage.
Uses advanced hardware cryptographic devices
Uses the SJJ1212 financial HSM and SJK1130 automated cryptographic key to implement key management and operation. Supports the state certified domestic algorithms SM2, SM3, and SM4 while advancing algorithm strength and speed, key security, and system stability.
IC card certificate issuing：Systems can respond to the IC card keys and certificates, business offline key request files, and generated and returned IC card public/private keys or business keys sent by the data preparation system with IC card certificates.
Certificate management: Manages CA certificates and architectural certificates and issues requests for architectural certificates.
Symmetric key management: System currently supports “Financial debit and credit IC card applications” templates. Under this template, symmetric keys including application cipher text keys, secure message verification keys, secure message encryption keys, master keys, and transfer keys. Can generate, link, and delete the above key types.
Personnel management: Personnel management function rights such as adding, updating, and deleting are distributed depending on level of authority.
Log and audit: Checks system running state and personnel operation logs. Logs can be audited.