The emergence and development of usb key authentication products

With the development of Internet and e-commerce, USB keys are becoming increasingly recognized and used by more and more users as the "electronic keys" for network user identification and data protection. This article briefly introduces the generation and future development of USB keys.

Currently, USB keys on the market can be divided into two types based on different hardware chips: Smart Card chips and Smart Card chips.AlgorithmIt can also be divided into USB keys with and without algorithms. Generally, we call a stored USB key without an encryption algorithm and a Encrypted USB key with an encryption algorithm.

The development of software protection gave birth to USB key

The concept of USB key was first proposed by the manufacturer of encryption locks. Encryption locks are hardware products used to prevent software piracy. The concept of encryption locks is to enable applications installed in computers.ProgramThe hardware that is separated from the encryption lock cannot run to protect the software from piracy. With the continuous development of network applications and the change of application software sales model, software users may not need to buy software to install and run on local computers in the future, instead, the data to be processed is uploaded to the application server that runs the software service over the network for processing, and the data processing result is obtained through the network. The software developer charges the software fee by providing the application service. At this time, software vendors are no longer faced with how to prevent local software from being copied, but how to determine the identity of network users and the security of user data. As a result, the encryptor proposed the concept of USB key to identify users.

Since then, with the rise of e-commerce and PKI applications, digital certificates have become increasingly accepted as an effective means to identify users and protect user data. However, digital certificates are essentially a data file with user information and keys. How to protect digital certificates has become the weakest link in the PKI system. Digital certificates can be stored on various storage media, such as floppy disks and hard disks. Early digital certificates issued by CAS in China were issued in the form of floppy disks, or were downloaded by users from the network and then imported to the system for hard disks. However, storing data with a floppy disk is extremely unreliable and insecure. Although the floppy disk is easy to carry, it is very easy to damage. However, although it is not easy to store data with a hard disk, it is not easy to carry, what's even more fatal is that digital certificates stored on hard disks or floppy disks are easily copied or damaged by viruses. Although the general digital certificates are password-protected, once the certificate is illegally copied, the security of the entire security system is reduced to the password-protected level. Therefore, USB keys used to store confidential information naturally become the best carrier of digital certificates.

The USB key manufacturer combines the USB key and PKI technology to develop a security middleware that complies with the PKI standard. The USB key is used to save the digital certificate and the user's private key, it also provides application developers with PKI-compliant programming interfaces such as PKCS #11 and mscapi to facilitate the development of PKI-based applications. Because the USB key itself acts as the key storage, its hardware structure determines that users can only access data through the vendor programming interface, which ensures that the digital certificate stored in the USB key cannot be copied, and each USB key is protected by a PIN code, so that the hardware and PIN code of the USB key constitute two necessary factors for using the certificate. If your PIN code is leaked, you only need to save the USB key hardware to protect your certificate from theft. If your USB key is lost, because the winner does not know the PIN code of the hardware, he or she cannot steal the certificate from the user's USB key. The combination of PKI technology enables the application field of USB key to identify only users, to all areas where digital certificates can be used.

Integrates with smart card technology to enhance the security of USB tokens

Because of its hardware restrictions, the stored USB key can only implement a simple data digest algorithm, symmetric and asymmetric encryption algorithms widely used in PKI can only be implemented through middleware running on PC. In this way, users' keys will appear in the memory during encryption and signature operations, it may be obtained by skilled hackers. As users have higher requirements on information security, there is a need for hardware to implement encryption operations. With the development of smart card technology, smart card computing capability is constantly improved, and smart cards that can run encryption algorithms are emerging. However, smart cards in the form of cards must communicate with computers through card readers, which is inconvenient for users to use. So there is a USB key that combines the smart card chip with the card reader. The USB key with a smart card chip can implement des/3DES and RSA encryption and decryption operations through the built-in smart card chip in the key, and support generating RSA key pairs within the key, this eliminates the possibility of keys appearing in the client memory and greatly improves security.

With the development of e-government and e-commerce, CAS have been established in various regions and industries in China to provide digital certificate services to their customers. More and more users are using digital certificates, due to the superiority of usb key in certificate storage, more and more CAs and users choose USB key as their certificate storage medium. Therefore, with the expansion of the USB key market, more and more manufacturers, especially the original smart card manufacturers, are entering the USB key market, which drives the development and application of the USB key-related industry.