Identity authentication, known as "Authentication" or "Identity Authentication", refers to the process of confirming the identity of an operator in a real application, which determines whether the user has access to and use of a resource, prevents an attacker from impersonating a legitimate user for access to resources, guarantees the security of the system and data, and authorizes the legitimate interests of the visitor.
The proposed scheme is based on the assumption that the user wants to log on to a computer, then the server must authenticate the user identity, while the user to the server to identify the identity of the server, but also need to authenticate the identity of the servers, only when both identities are confirmed to meet the user's requirements.
A smart card is a generic term for a plastic card (usually the size of a credit card) with a microchip embedded in it. The smart card can effectively prevent the hardware cloning, and can make the decryption of software-side code tracking, debugging, listen to the data of the means of failure, to a great extent to ensure the security of the entire software system.
First, in the use of smart card encryption and decryption scheme, the PC-side application software key code and data is missing, is securely ported to the smart card hardware protection. When needed, the application software can use the function call engine to instruct the smart card to run the key code and data in the hardware and return the result, so that it can still complete the whole software function. Since there is no copy of the code and data on the PC side, the decryption can not guess the algorithm or steal the data, which greatly guarantees the security of the whole software system. The smart card can provide up to 32~64k bytes of program and data space, can hold nearly the line of C language code, thus still can complete the entire software function.
Once again, the smart card chip has a high degree of integration, unlike ordinary low-end MCU, only the professional security chip manufacturers who have passed the International Security Agency Detection and certification (EAL 4+) can provide smart card chip (LKT series of encryption chip security level to eal4+,eal5+ security level). and has the following advantages:
1, the private key is unreadable: Smart card hardware and software design strictly control the use of the user's private key, can only be used when the conditions are met, to protect the security of the private key.
2, Isla Canela signature, verification: the signature of the private key, verification functions are implemented in the card, there is no possibility of private key leakage in transit.
3, the card generates RSA key pair: RSA key pair can be generated directly within the card, thereby eliminating the possibility of private key leakage from the source.
4, easy to use: Smart card is small and easy to carry, use is not subject to geographical restrictions. A user can activate a smart card with a digital certificate with a private key on a computer that has the appropriate driver installed to facilitate secure electronic transactions on the network.
In summary, storing user key pairs, CA public keys, and digital certificates on smart cards can provide users with a higher level of security. Smart cards use a variety of cryptographic algorithm technologies to store private keys in a more secure manner rather than being stored in vulnerable computers. In addition, the PIN code of the smart card ensures that the smart card protects against unauthorized access and brute force attacks. The smart card with asymmetric key algorithm can meet the security requirements of the private key, mobile storage requirements and anti-counterfeiting requirements, and is the most ideal security carrier of PKI private key at present.