U Shield Technical Study Notes

Learn about the technology of U shield these days and express it in your own understanding.

U-Shield is a tool for electronic signature and digital authentication of online banking. Built-in smart card processor, using 1024-bit asymmetric key algorithm to encrypt, decrypt and digitally sign the data on the Internet. Ensure the confidentiality, authenticity, completeness and non-repudiation of online transactions.

In this paper, party A to party B on the internet to send a contract document as an example, combined with U shield, tell the process of ensuring data security.

1. Confidentiality

The confidentiality of data is the most basic characteristic to ensure the security of data, party A will send a contract document to party B online, and must ensure that the contents of the contract are not viewed by other people. Here can take some data encryption algorithm, the current mature symmetric encryption algorithm has 3DES, DES, Idea, Tdea algorithm and so on. In the symmetric encryption algorithm, the sender of the data sends the plaintext (raw data) and the encryption key together by a special encryption algorithm, which makes it into a complex cipher cipher. After receiving the ciphertext, if you want to interpret the original text, it is necessary to decrypt the ciphertext by using the encryption key and the inverse algorithm of the same algorithm, so that it can be restored to readable plaintext. In the symmetric encryption algorithm, only one key is used, both parties use this key to encrypt and decrypt the data, which requires the decryption party must know the encryption key beforehand.

Symmetric key encryption is fast, but the encryption key and decryption key are the same. So how to pass the secret key is very important, if the secret key is intercepted by hackers then hackers will be able to decrypt the plaintext data. So how do you pass the secret key? We can do it by phone, or online, but it could be intercepted by hackers. Therefore, another technique, asymmetric encryption, is often used here. At present, the asymmetric encryption algorithm is more famous RSA algorithm, asymmetric encryption algorithm requires two keys: Public key (PublicKey) and private key (Privatekey). Public key and private key is a pair, if the data encrypted with public key, only with the corresponding private key to decrypt, if the private key to encrypt the data, then only the corresponding public key can be decrypted. Because encryption and decryption use two different keys, this algorithm is called an asymmetric encryption algorithm. The basic process of the asymmetric encryption algorithm to realize the secret information exchange is: Party A generates a pair of keys and exposes one of them as a public key to other parties; the party B who obtains the public key encrypts the secret information and sends it to party a, and then decrypts the encrypted information with another private key that it saves. Therefore, party A can use the public key of party B to encrypt the secret key of the symmetric algorithm and send it to party B, and party B uses its private key to decrypt the secret key of the symmetric encryption algorithm, and finally decrypts the text and obtains the plaintext data. Note that the asymmetric encryption algorithm, although the confidentiality is good, but because the encryption speed is slow, usually is the symmetric algorithm 10~100 times, therefore for the data volume large information, does not apply directly uses the asymmetric algorithm to encrypt.

2. authenticity, completeness

Although the hacker lacks the private key of B, it cannot solve the symmetric key and get the plaintext. However, because if he uses symmetric encryption algorithm to encrypt a fake file, while using the public key of B to encrypt a false symmetric key to B, then B will mistakenly think it is a file sent, resulting in the authenticity of the file, integrity was tampered with. This can be verified using digital signature technology. Digital signature is mainly through a hash (hash) algorithm, such as MD5 algorithm, extract a summary from the chunk data, and this digest can not be obtained by the hash algorithm any plaintext information, if the original information received any changes, the resulting digest will be different. So a first hash algorithm for a file to get a digest and then use their private key to encrypt the digest (can be decrypted with the public key), so that even if the hacker intercepted the data, the use of a public key to get a digest is no use, because the digest does not contain any information in the source. However, after receiving the message, you can use a public key to decrypt the digest, because as long as a public key can decrypt the private key of the encryption information, and a private key only a. At the same time, the decrypted plaintext of the same hash algorithm, the digest and the use of a public key decryption of the digest to compare, the same as the information has not been tampered with, the difference is incorrect information or information authenticity error.

But even so, if the public key acquired by B is not a, but is imitated by others, it still cannot prove the authenticity of the information. possible to get false information. The workaround is to issue a digital certificate for a, bind the public key and the owner of the public key. A digital certificate is a file that is digitally signed by the Certificate Authority center that contains public key owner information and a public key. The simplest certificate contains a public key, a name, and a digital signature for the Certificate Authority Center. An important feature of digital certificates is that they are only valid for a specific period of time.

Digital certificates are issued by an authoritative agency--CA, also known as the Certificate Authority (Certificate Authority) center. As a trusted third party in e-commerce transactions, CA institutions assume the responsibility of verifying the validity of public key in public key system. The CA Center issues a digital certificate for each user who uses the public key, and the role of the digital certificate is to certify that the user listed in the certificate has a legitimate public key listed in the certificate. The digital signature of the CA institution makes it impossible for an attacker to forge and tamper with a certificate, which is at the core of the PKI and is responsible for managing the certificates of all users (including various applications) under the PKI structure, bundling the public key of the user with other information of the user and verifying the identity of the user online.

A digital certificate contains a digital signature of the CA institution (refer to the digital signature above), which is the signature given by the CA agency using the private key encryption (a public key and identity information, etc.). A copy of the certificate as well as ciphertext, abstracts and other sent to party B. The second is to verify the validity of the certificate by verifying the signature of the Authority on the certificate (just use the public key of that trusted authority to verify the signature on the certificate), and if the certificate check is all right, then you can trust that the public key contained in the certificate does belong to the person listed in the certificate (that is, a).

3. Non-repudiation

If a contract is sent to party B, the estoppel does not recognize the signature at the time shown in the signing of the document, (digital signature equivalent to a written text signature), and then do not perform the contract, how to do? The solution is to use a trusted clock service (provided by an authoritative authority), which is a federated signature of a file by a trusted time source and the signer of the file. In a written contract, the date and signature of the document are important to prevent the forgery and falsification of the document (for example, the general provisions of the contract take effect on the date the document is signed). In electronic files, because user desktop time is easily changed (inaccurate or can be artificially changed), the time stamp generated by this time is not trustworthy, so a third party is required to provide a timestamp service (Digital timestamp service (DTS) is an online security service project, provided by a specialized agency). This service provides security for the publication time of electronic documents.
The time stamp is generated by a user who first encrypts a file that needs to be timestamp into a digest, and then sends the digest to DTS, which is encrypted (digitally signed) and then sent back to the user after it joins the date and time information that received the digest of the file. Therefore, the timestamp (Time-stamp) is an encrypted document, which consists of three parts: a summary of the file to be timestamp, the date and time DTS received the file, and the digital signature of DTS. Because a trusted time source and the signer of the file are federated signatures of the file, which prevents the party that signed the document (that is, party a) from the possibility of fraud in time, it is non-repudiation.

Even if a digital certificate is used to bind the public/private key and identity, and the authority provides the clock service to make it non-repudiation, it is still possible for someone else to steal a private key (or take advantage of a computer that is not using a), and then replace A and B to trade. The workaround is to use techniques such as strong passwords, authentication tokens, smart cards, and biometrics to authenticate users who use the private key to determine that it is the legitimate consumer of the private key.

Summarize
By solving the above problems, it basically satisfies the requirement of sending files securely. The following summarizes this process, the entire sending process for a is as follows:
1. Create the symmetric key (the corresponding software is generated and is one-time), use its cryptographic contract, and package the symmetric key with the public key of B.
2. Create a digital signature, hash the contract with the algorithm (such as the MD5 algorithm) and generate the original digest, which encrypts the digest with its own private key (the public/private key can either be created by itself or provided by the CA).
3. Finally, a post-encrypted contract, a packaged key, an encrypted digest, and a digital certificate (issued by an authoritative CA) are sent to B.
When B receives the encrypted file, the following actions need to be completed:
1. After receiving, use the private key of B to decrypt the symmetric key, and use the symmetric key to unlock the encrypted contract to get the contract plaintext.
2. Obtain the public key belonging to a by a digital certificate of a and use it to extract the digest (referred to as summary 1).
3. Create a summary of the decrypted contract using the same hashing algorithm as the sender (called Summary 2).
4. Comparative Summary 1 and Summary 2, if identical, indicate that the information has not been tampered with and is from a.

U Shield Technical Study Notes