Usb key authentication principle

You should be familiar with USB keys. USB keys are similar to USB flash disks, which store users' private keys and digital certificates to achieve secure communication between users and servers.
USB Key Construction
Although the USB key seems to be no different from the USB flash drive and MP3, the internal structure of the USB key is quite complex. It has built-in CPU, memory, and Chip Operating System (COS. Users are verified using the built-in USB key password algorithm.
There are two types of USB keys on the market: low-end and high-end. The low-end USB keys are mainly used to store key certificates. They can only provide 3DES encryption, and the storage capacity is relatively small. The high-end USB key can provide RSA encryption algorithms with a large storage capacity. It can store several private keys or digital certificates at the same time.

USB key application
Currently, the USB key has three main applications.
First, when used by dongle. At the beginning, the dongle used a serial port. When the USB interface became popular, it was changed to a USB interface. It should be said that the USB key is developed from the dongle, and the function of the dongle is to prevent unauthorized users from copying and cracking the software.
Second, the key is used when the computer starts up. In this case, the USB key is used to verify the user's identity, which is similar to that of a smart card. Compared with biometric identification systems (such as fingerprint recognition), USB key is simpler and cheaper.
Third, it is used to store digital certificates and private keys for secure communication and identity authentication. This is also the most commonly used USB key application. For example, China Construction Bank's online banking system must use USB keys to transfer funds.
USB key security
The digital certificate or private key cannot be exported if it exists in the USB key. The encryption operation uses the CPU embedded in the USB key. You cannot directly read or write the private key, therefore, the data is not in the memory of the computer. Therefore, the digital certificate or private key stored with USB key is safer than the digital certificate or private key of the direct hard disk version.
USB key can adopt two-factor authentication, that is, the PIN code and hardware constitute two important factors for users to use USB key. Users can only have USB key (entity) at the same time) and the user's pin code to log on to the system.
Usb key authentication method
First, two-factor authentication based on Impact-Response:
The USB key and the server store a key that proves the user's identity in advance. When the server receives an authentication request from the client, generate a random number and transmit it to the client over the network (this process is called impact). After the client receives the random number, it provides the USB key to the client, the USB key uses the random number and the key stored in the USB key for one-way hashed operation with the key. A result is obtained and the authentication data is sent to the server (this process is called a response ), at the same time, the server also performs one-way hashed operation. If the calculation result of the server is the same as that of the Operation sent from the client, the client is considered to be a legal user.
Second, digital certificate-based authentication:
The digital certificate authentication method based on PKI architecture can effectively ensure user identity security and data security, but the digital certificate may be copied. After the USB key is used, all key operations are performed in the USB key. Only the holder of the USB key can perform operations to prevent the digital certificate from being cracked.