ERA billion letter Eetrust certification wall Technology white Paper

First, the user faces the risk at present, most application system mainly uses the traditional password authentication method to carry on the identity authentication. This kind of authentication way faces many attacks and the leakage risk, for example: The network eavesdropping (Sniffer), the authentication information interception/Replay (Record/replay), the virus, the hacker and so on, the traditional password authentication way already cannot satisfy the large-scale network application security authentication demand. 498) this.width=498 ' OnMouseWheel = ' javascript:return big (This) ' height=203 alt= ' "src="/files/uploadimg/20070718/ 1444000.gif "width=515 border=0> map: The risk to the user system second, the certification wall introduction 1, the introduction of the certification wall is based on the PKI (Public Key infrastructure) theory system, the use of CA, Digital signature and digital certificate authentication mechanism, integrated application of USB interface smart card, secure channel, security plug-in technology, for the portal, OA, ERP and other business systems to provide user identification, security audit and other strong identity authentication services network equipment and systems. 498) this.width=498 ' OnMouseWheel = ' javascript:return big (This) ' height=205 alt= ' "src="/files/uploadimg/20070718/ 1444001.gif "width=606 border=0>2, product form certification wall consists of hardware and software packages, hardware for the standard 1U or 2U industrial control computer (high-performance requirements users can use High-performance server), software packages are deployed on the user's system and filter filters , complete the protection of the application system and communicate with the authentication wall to provide 498 by means of the installation of CD-ROM this.width=498; ' OnMouseWheel = ' javascript:return big (This) ' height=185 alt= ' "src= "/files/uploadimg/20070718/1444002.gif" width=502 border=0> three, main function 1, CA certificate application and management certification wall contains a complete set of CA system, responsible for user digital certificate and private key application, Issuance, cancellation and other functions. The certificate format follows the X.509 specification, the certificate status adopts OCSP protocol, the blacklist satisfies the CRL, and the smart card satisfies the CSP protocol. CA Certificate Storage Media support: USB interface smartcard IC card P12 file disk, U disk support third party CA system,such as China Telecom CTCA, and by the certificate management system is responsible for the digital certificate and the corresponding private key to the smart card and other storage media. Support the encryption machine or encryption card produced by the National Cipher authority to generate the key pair and store the private key. 2, the identity authentication uses the digital signature and the digital envelope technology to identify the user identity. The authentication wall automatic shielding system original user name and the password, controls the user to the system's access in the application layer, the user submits own certificate and the private key signature, after the authentication wall carries on the authentication, can enter the business system according to the authority. The certification wall can be fine-grained management and configuration of user rights, such as restricting when and how users enter the system (using smart cards from 8:00 to 12:00 Noon to allow access) and so on. 3, the security audit authentication wall records the user's each operation detailed log, and saves the user signature in own database server, realizes afterwards tracing and the security audit. The certification wall through the browser when the real monitoring and management, when there is hacking or illegal system access, the authentication wall can send real-time mobile phone text messages and mail notification managers. Four, the certification wall in the network position 498) this.width=498 ' OnMouseWheel = ' javascript:return big (This) ' height=266 alt= ' "src="/files/uploadimg /20070718/1444003.gif "width=344 border=0> map authentication Wall network access schematic Five, the certification wall product functional specifications 1, client function specification support operating system: Windows 98/2000/xp/2003, Linux Support smart cards: Minghua, PKCS11, and other compliant smart card support certificate file PKCS12 format Certification 2, certification wall function Specification 2.1 user Application System database support mainstream relational database: Oracle, DB2, SQL Server, Support for mainstream directory services such as MySQL: LDAP, Active Directory2.2 authentication Services support the main operating system: Windows, AIX, Solaris, Up-ux, RedHat Linux, etc. support CRLs, OCSP Processing supports RADIUS authentication (third party data source) support domain Authentication 2.3 Authentication Management system support user digital certificate third party CA System Application support user's authorization and management; Support the setting up and management of one-time password (temporary password); Support the unlock of the user's smart card (or the smart card user to recreate it); Support for recognition Certificate and Application system Access security Audit: Log signature storage, log query statistics, real-time monitoring and tracking audit, application system log interface; Support for server itself (Authadmin, Authservice, AutHDB, authagent Web configuration and management; 2.4 Authentication Agent system supports the mainstream operating system: Windows, AIX, Solaris, Up-ux, RedHat Linux, etc.; authentication agent configuration of each parameter; Support one-way SSL, Bi-directional SSL mode of operation; 2.5 authentication filters support the mainstream operating system: Windows, AIX, Solaris, Up-ux, RedHat Linux, etc. can restrict the IP address of the authentication proxy server and direct access to the application system without authentication Implement trust mechanism of application system based on cookie and session; 3. Safety switch according to product implementation experience, users in the early stage of use, the need to retain the original certification, the certification wall using safety switch technology, To ensure that the system can turn on or off the system at any time the original authentication mode, to ensure user habits and the smooth system stability. Security switch can also be in the presence of the certification wall hard fault, temporarily restored to the system before the State, to ensure uninterrupted operation of the system. 4, the Certification wall performance 4.1 The number of certificates issued CA system certificate issued unlimited 4.2 system capacity (standard type) concurrently authentication concurrent Volume 200 times/sec Authentication processing capacity is less than 0.02 seconds/times; CA System certificate Issuance speed of 10 seconds/Zhang 4.3 High reliability dual-machine hot standby, configuration file and data automatic synchronization; Multiple authentication walls can achieve load balance; "Responsible editor: Zhao TEL: (010) 68476636-8001" to force (0 Votes) Tempted (0 Votes) nonsense (0 Votes) Professional (0 Votes) The title party (0 Votes) passing (0 votes) Original: Times billion letter Eetrust certification wall Technology white paper back to network security home