Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

PKI (Public Key Infrastructure) implementation method based on safety certificate

An implementation method and technology for security certificates, which are applied in user identity/authority verification, electrical components, transmission systems, etc., can solve the problem of being vulnerable to external hacker attacks or snooping by internal management personnel, unable to meet the needs of network information security, and security risks. And other issues

Inactive Publication Date: 2012-09-12
杜丽萍 +1
View PDF0 Cites 42 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] At present, domestic network security systems all use PKI / CA, and PKI / CA technology uses asymmetric cryptographic algorithms and symmetric cryptographic algorithms to jointly establish user identity authentication, data integrity verification, and data encryption transmission systems. However, in PKI's CA In the certification center, various certificates of users are stored in the certificate database in plain text. The storage of certificates in plain text is vulnerable to external hacker attacks or prying by internal management personnel. Attackers can obtain and replace all end-entity CA certificates of the CA certification center. , various intermediate CA certificates and root CA certificates, to carry out "flanking attacks" on the CA certification center. In short, the existing PKI products have security risks and cannot meet the market's demand for network information security.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • PKI (Public Key Infrastructure) implementation method based on safety certificate
  • PKI (Public Key Infrastructure) implementation method based on safety certificate
  • PKI (Public Key Infrastructure) implementation method based on safety certificate

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0027] The following is attached figure 1 Explain the implementation steps of establishing a "chip-level" digital signature protocol between the client and the CA certification center:

[0028] Firstly, the client input the file 1 to be signed into the smart card chip, and the encryption system of the client in the chip calls the digest algorithm to digest the file 1 to be signed to obtain the digest information of the file 1, that is, the "digital fingerprint" of the file 1 ", the client encryption system then invokes the user's private key to encrypt the "digital fingerprint 1" of file 1 to obtain the ciphertext of "digital fingerprint 1" of file 1, that is: digital signature, and the identification of the user's end-entity CA certificate , file 1 and the digital signature of the file are sent to the CA certification center together, and the CA certification center searches and locates the ciphertext of the corresponding user end-entity CA certificate CAi in the certificate ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a PKI (Public Key Infrastructure) implementation method based on a safety certificate. The method comprises the following steps of: deploying an encryption card or encryption equipment hardware equipment on the end part of a CA (Certificate Authority); encrypting all final entity CA certificates in the CA into a cipher text for storing; storing each middle-class CA certificate and root CA certificate in a CA encryption card or a chip of the encryption equipment; generating a key in a safety protocol of the PKI and calling the key to encrypt or decrypt the certificate in the chip; establishing a 'chip-class' PKI safety protocol between a user terminal and a CA terminal; establishing a certificate safety detection protocol in the CA; and detecting the CA certificate in a full trusted link in the CA timely to prevent an attacker from tampering the CA certificate to establish a PKI system based on the safety certificate.

Description

Technical field: [0001] The invention relates to the field of network information security. Background technique: [0002] At present, domestic network security systems all use PKI / CA, and PKI / CA technology uses asymmetric cryptographic algorithms and symmetric cryptographic algorithms to jointly establish user identity authentication, data integrity verification, and data encryption transmission systems. However, in PKI's CA In the certification center, various certificates of users are stored in the certificate database in plain text. The storage of certificates in plain text is vulnerable to external hacker attacks or prying by internal management personnel. Attackers can obtain and replace all end-entity CA certificates of the CA certification center. , various intermediate CA certificates and root CA certificates, to carry out "flanking attacks" on the CA certification center. In short, the existing PKI products have security risks and cannot meet the market's demand fo...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L9/32H04L29/06
Inventor 杜丽萍刘宇
Owner 杜丽萍
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com