I haven't written anything for a long time. The widget has been put for a while. Recently, I transplanted the PKCS #11 library to Symbian and made a CS-mode online banking demo in Symbian. Make notes.
Basic Design Concept and processing process color: windowtext "> overall design
Symbian "Times New Roman" '> the offline online banking client uses pkcs11 "Times New Roman"'> library and TF; MSO-ascii-font-family: "Times New Roman "; MSO-Hansi-font-family: "Times New Roman" '> the card interface library communicates with the tfmso-Hansi-font-family: "Times New Roman"'> card in the terminal, obtain the in-Card certificate and private key object, and then use the certificate and private key to shake hands with the server for security link. If the verification process is completed, A symmetric key is generated to serve as a session key for secure communication with the server. Each transaction made by the client must be signed with its own private key.
Color: windowtext "> Security Process of Logon
MSO-bidi-font-size: 10.0pt; line-Height: 150% "lang =" En-us ">
MSO-Hansi-font-family: "Times New Roman" '> due to the limited computing capability of the terminal, we do not perform two-way authentication. Assume that the terminal has a certificate issued by the server and trusts it. In addition, the above is not the standard SSL "Times New Roman" '> process. It is only the process of negotiating the session key value. It does not negotiate the symmetric and asymmetric cryptographic algorithms. Therefore, we agree in advance:
MSO-Hansi-font-family: "Times New Roman" '> symmetric encryption algorithms, such as 3DES "Times New Roman"'>;
MSO-Hansi-font-family: "Times New Roman" '> asymmetric algorithm, using 1024 "Times New Roman"'> bit RSA; MSO-ascii-font-family: "Times New Roman"; MSO-Hansi-font-family: "Times New Roman" '>.
MSO-Hansi-font-family: "Times New Roman" '> negotiation process:
MSO-Hansi-font-family: "Times New Roman" '> assume that the terminal a "Times New Roman"'> is connected to server B; MSO-ascii-font-family: "Times New Roman"; MSO-Hansi-font-family: "Times New Roman" '>.
1)
A; MSO-ascii-font-family: "Times New Roman"; MSO-Hansi-font-family: "Times New Roman" '> send camso-Hansi-font-family: "Times New Roman"'> to B "Times New Roman" '>, CA; MSO-ascii-font-family: "Times New Roman"; MSO-Hansi-font-family: "Times New Roman" '> Yes amso-Hansi-font-family: "Times New Roman" '> Certificate
2)
B; MSO-ascii-font-family: "Times New Roman"; MSO-Hansi-font-family: "Times New Roman" '> use the root certificate of camso-Hansi-font-family: "Times New Roman"'> to verify the validity of the certificate ca "Times New Roman" '>.
3)
B; MSO-ascii-font-family: "Times New Roman"; MSO-Hansi-font-family: "Times New Roman" '> verify the information of the certificate subject (MSO-Hansi-font-family: "Times New Roman"'> whether the information is required by the application, for example, if the application definition terminal cnmso-Hansi-font-family: "Times New Roman" '> meets the requirements, ou "Times New Roman"'> meets the requirements) "Times New Roman" '>.
4)
B; MSO-ascii-font-family: "Times New Roman"; MSO-Hansi-font-family: "Times New Roman" '> generates a random number R (MSO-Hansi-font-family: "Times New Roman" '> the number of bytes of the random number generated is the number of bytes corresponding to the symmetric encryption algorithm key)
5)
B "Times New Roman" '> construct a message, M = "Times New Roman"'> (TB, R, IA "Times New Roman" '>), where TB; MSO-ascii-font-family: "Times New Roman"; MSO-Hansi-font-family: "Times New Roman" '> Yes bmso-Hansi-font-family: "Times New Roman" '> time mark, IA "Times New Roman"'> is a; MSO-ascii-font-family: "Times New Roman "; MSO-Hansi-font-family: "Times New Roman" '>.
6)
B; MSO-ascii-font-family: "Times New Roman"; MSO-Hansi-font-family: "Times New Roman" '> convert EA (m) MSO-Hansi-font-family: "Times New Roman" '> send a "Times New Roman"'>, EA; MSO-ascii-font-family: "Times New Roman"; MSO-Hansi-font-family: "Times New Roman" '> is the public key of amso-Hansi-font-family: "Times New Roman"'>.
7)
A; MSO-ascii-font-family: "Times New Roman"; MSO-Hansi-font-family: "Times New Roman" '> Use damso-Hansi-font-family: "Times New Roman"'> to decrypt EA (m)
8)
A; MSO-ascii-font-family: "Times New Roman"; MSO-Hansi-font-family: "Times New Roman" '> check IA in mmmso-Hansi-font-family: "Times New Roman"'>
9)
A; MSO-ascii-font-family: "Times New Roman"; MSO-Hansi-font-family: "Times New Roman" '> check mmmso-Hansi-font-family: "Times New Roman"'> TB "Times New Roman" '> to confirm that the message was just sent
10)
A; MSO-ascii-font-family: "Times New Roman"; MSO-Hansi-font-family: "Times New Roman" '> check the random number to ensure that the message is not resending
11)
A; MSO-ascii-font-family: "Times New Roman"; MSO-Hansi-font-family: "Times New Roman" '> constructs a message, mm = (TA, R, IB) "Times New Roman"; MSO-Hansi-font-family: "Times New Roman" '>, where tamso-Hansi-font-family: "Times New Roman" '> is the time mark of a "Times New Roman"'>. IB "Times New Roman" '> is B; MSO-ascii-font-family: "Times New Roman"; MSO-Hansi-font-family: "Times New Roman" '> identity information.
12)
A; MSO-ascii-font-family: "Times New Roman"; MSO-Hansi-font-family: "Times New Roman" '> convert EB (mm) MSO-Hansi-font-family: "Times New Roman" '> sent to B "Times New Roman"'>, EB; MSO-ascii-font-family: "Times New Roman"; MSO-Hansi-font-family: "Times New Roman" '> is the public key of bmso-Hansi-font-family: "Times New Roman"'>
13)
B; MSO-ascii-font-family: "Times New Roman"; MSO-Hansi-font-family: "Times New Roman" '> Use dbmso-Hansi-font-family: "Times New Roman"'> decrypt EB (mm ), DB "Times New Roman" '> is B; MSO-ascii-font-family: "Times New Roman"; MSO-Hansi-font-family: "Times New Roman" '> Private Key
14)
B; MSO-ascii-font-family: "Times New Roman"; MSO-Hansi-font-family: "Times New Roman" '> check IB in mmmso-Hansi-font-family: "Times New Roman"'>
15)
B; MSO-ascii-font-family: "Times New Roman"; MSO-Hansi-font-family: "Times New Roman" '> check mmmso-Hansi-font-family: "Times New Roman"'> Ta "Times New Roman" '> confirm that the message was just sent
16)
B; MSO-ascii-font-family: "Times New Roman"; MSO-Hansi-font-family: "Times New Roman" '> check whether the R "Times New Roman"'> In mmmso-Hansi-font-family: "Times New Roman" '> is consistent; use this R "Times New Roman" '> as the session key later.