First, the key management system design prerequisites Key management is an important part of the cryptographic technology. In modern cryptography, in addition to cryptography and cryptanalysis, there is a separate key management. Key management includes key generation, distribution, injection, storage, and destruction. Among them, the most important one is the distribution of keys. The key management mechanism of the IC card directly relates to the security, flexibility, and versatility of the entire system. The key generation, distribution, and update are one of the core issues of the system.
In order to ensure the safe use of a large-scale CPU card application system and ensure that information is not infringed, a complete key management system should be established before the system is implemented. The design goal of the key management system is to securely generate master keys and subkeys at all levels under the premise of security and flexibility, and to send the subkeys to the issuing center of the subsystem safely for generation. The various keys of the SAM card, user card, and operator card ensure the security and consistency of the keys in all the above steps, and realize centralized key management. Within the province, it is ensured that each city can issue its own user cards and key cards, which are monitored by the provincial management center.
Second, the key management system design method 1. System Security Design This paper takes a provincial medical insurance CPU card application system as an example to introduce the key management system design. The system is for the provincial medical insurance industry, application system in various cities, the system issued by the card including the SAM card and user card. The SAM card will be placed on a variety of off-line devices; the user card will be used to store and use the basic information and e-finance information. The key to system design is to ensure that the system has both availability, openness, and sufficient security.
The storage and transmission of the system key are all implemented using a smart card because the smart card has a high degree of security. The key on the user card (the card provided to the end user) cannot be read at all, but can only be used when it reaches a certain safe state. The key in the SAM card (the authentication key card used to identify the user card) can be used to distribute some of the keys used offline in the user's card, but it cannot be read out. The keys on the issuing key cards at all levels can be derived when they reach a sufficient security state, but the derived keys are ciphertexts and can only be decrypted when they are sent to the same type of card.
The security mechanisms of the system include card physical security, smart card operating system security, security algorithms, secure key generation and storage, secure transmission and distribution of keys, and security management measures and auditing systems.
2. The layered management key of the key is mainly managed hierarchically, that is, the provincial key management center is only responsible for generating the seed key, and each city is responsible for generating its own key system and user card according to the key seed, so that it can be in full A unified planning within the province can be used flexibly.
3. The key of the secure key management system is subject to strict authority control. In particular, the authority to use the key is managed and controlled hierarchically; functions such as key generation, injection, and export are performed by the card issuing center (provincial medical insurance fund management center). Unified control and management.
Third, the system function key management system's goal is to safely generate all levels of master keys and various types of sub-keys. Subkeys are securely sent underground to the card issuing center of the subsystem to generate various keys in the SAM card, user card, and operator card to ensure the security and consistency of the keys in all the above links. Type of key management. The system achieves the above objectives through IC card hardware, IC card operating system, rational key management system design, and strict safety management regulations.
The key management system is the most important link in the IC card application system. The key functions are the generation, distribution, use, update and destruction of keys.
1. The generation of the key generates provincial various types of master keys and various types of municipal-level subkeys: various keys for generating user cards and operator cards. Key generation is mainly used in three ways:
Use safe, reliable and fast software generation methods;
Use card storage key
· Use cryptographic machines to generate keys. In the key generation process, it must be conducted in a safe and confidential environment.
2. Distribution of keys: After the keys are generated, the keys are distributed according to different types of services. The key is then sent to the city and the key is secured and consistent. The key is downloaded or distributed to the various subsystems in the form of ciphertext on the IC card, and the key is subject to corresponding security control. Only when the security conditions are met can the key be used for distribution or download. As the carrier of the transmission key, the IC card, due to its very high safety factor, can effectively carry out key transmission and distribution through reasonable design.
3. The use of keys: In each sub-system and IC card, you can design the security conditions for the use of the key, and only use the key to perform the corresponding operation if the key is used safely. In addition, the key is stored in a non-visible format. No one has permission to read it, including card manufacturers and system vendors. When the key is attacked illegally, it can be locked by itself, so as to prevent illegal deciphering.
4. Key update: The security issues involved in key updates are numerous. Since most key updates are performed in weak security environments and involve a large range, key updates should be performed with caution. . If it is necessary to update the key, the key may be periodically updated in the form of cipher text and under certain security conditions in a secure and confidential state.
5. Failure of the key: After the key is used for a period of time, it can be forcibly invalidated due to security needs, but it can be managed with a backup key. If the key is attacked illegally, it can also be automatically changed to protect the security of the entire key system. After the key card and the IC card containing the key data have failed, they must be recycled and destroyed.
The key management system is mainly divided into two major modules:
Provincial key management module and municipal key management module The key function of the provincial key management module is to generate provincial master keys, and to generate city master keys for each city, which are transmitted to each in the form of a key card. The city records the card issuing information on the key card to track the audit. The key card's file structure and usage are recorded in writing.
The main function of the municipal key management module is to generate SAM cards, generate and install various keys on user cards and initialize user cards.
IV. Operation of the key management system and management of the location In consideration of the issuance of medical insurance IC card, the key management system should be operated and managed at the provincial or municipal medical insurance fund management center. The password for generating the parent key should be sealed in the Provincial Labor and Social Security Department or the Municipal Labor and Social Security Bureau.
Fifth, the overall functional structure of the key management system 1. Parent key generation module This module is responsible for generating the root key (ie the parent key) of the medical insurance system and can only be used and controlled at the provincial medical insurance fund management center. After completing the generation of the secondary key, the parent key card should be sealed. The generation of parent keys must be performed in a highly secure and confidential manner and managed by a few individuals. The seed that generates the parent key is input by the relevant department responsible for the input, and then it is processed using the security algorithm, and finally the parent key of the medical insurance system is generated. After the parent key is generated, it is divided into multiple carriers for storage and use.
· Stored in the IC card to generate the mother key card (key is not visible) for generating secondary key cards, and each key card is protected by the PLN and external authentication key card, that is to say, in the generation of The mother key card also generates a PLN and an external authentication key for each mother key card, and an external authentication key card is correspondingly generated. When the secondary key is generated using the mother key card, the personal password is first input. Then, the mother key card and the external authentication card perform mutual authentication, and the parent key can be used to generate the next-level key after the security condition of using the parent key is reached.
• The seed of the key must be stored in strict confidentiality in writing and must be separately administered by several individuals.
The role of the parent key is to generate secondary keys.
2. The secondary key generation module uses the parent key to generate a secondary key according to the requirements of the medical insurance system. The secondary keys include the issuer master key, the municipal master key, and the provincial application master key. This level of key is used and kept by the provincial medical insurance fund management center.
The role of the issuer master key: It is used to generate all levels of function keys related to issuance, namely issuing key, report loss key, replacement key, cancellation key, recharge key, and query key.
The role of the municipal master key: According to the system requirements, generate application keys related to the municipal application.
The role of the provincial application master key: According to the system functional requirements, generate a provincial application key for various functions.
3. Issuer key generation module: This module will generate issuing keys for each city as required.
4. Municipal key generation module: This module will use the city's municipal master key to generate corresponding application keys as required.
5. Provincial application key generation module: This module will generate provincial application keys with provincial application master keys as required.
6. Key management: The module will record and manage all key generation and distribution as required, and be responsible for the management of loss, cancellation, blacklist, and re-submission of various key cards.
6. Key security features 1. The loading method of the key loading key is adopted, and the control process is as follows:
The card master key is updated under the control of the card master key;
· The application master key is loaded under the control of the chip master key;
The application master key is updated under the control of the application master key;
The application master key is loaded and updated under the control of the application master key.
2. The key access key does not allow direct reading;
The key must be updated under the control of the master key;
· Keys at all levels cannot be accessed directly by the outside world, and can only be accepted by instructions from the internal operating system.
· The result of calculating the temporary key is only kept inside the card and cannot be directly accessed by the outside world.
3. Key attributes: There are certain restrictions on the use of keys, which must meet the requirements of key attributes.
VII. The system's card issuance process 1. IC card production and distribution process security mechanism When the province or city orders cards from the card factory, the manufacturer uses the transmission key to load the tested IC card chip to make a card and transport the provincial or city IC management center. The transmission key is used to control the secure transmission of the IC card to prevent the card from being replaced when shipped between the manufacturer and the provincial or city.
When the provincial or municipal IC card management center receives the ordered IC card, it first uses the transmission key to authenticate the card to check the validity of the card and prevent illegal cards.
After the authentication is passed, the master key of the provincial or municipal IC card management center is encrypted with the manufacturer's transmission key, loaded into the IC card, and decrypted with the manufacturer's transmission key in the IC card to obtain the master control key. The key is used to replace the transmission key in the IC card, and then the master key can be used to load the key in the system.
2. The IC card issued by the card issuing process for issuing user cards is provided by the designated user card manufacturer. The provincial or municipal level issues a user card transfer master key card to each authorized user card manufacturer. The card factory transfers the master key into the IC card chip that has passed the test to make a card, and then delivers the municipal IC. Card Application Management Center.
The municipal IC card management center first uses the user card to create a master key card to authenticate the cards, and ensures that the cards are securely transmitted. After the certification is passed, the municipal master key card, city master key card authorization card, and SAM card mother card are used. The SAM card mother card authorization initializes these cards as user cards.
In order to ensure the safe use of a large-scale CPU card application system and ensure that information is not infringed, a complete key management system should be established before the system is implemented. The design goal of the key management system is to securely generate master keys and subkeys at all levels under the premise of security and flexibility, and to send the subkeys to the issuing center of the subsystem safely for generation. The various keys of the SAM card, user card, and operator card ensure the security and consistency of the keys in all the above steps, and realize centralized key management. Within the province, it is ensured that each city can issue its own user cards and key cards, which are monitored by the provincial management center.
Second, the key management system design method 1. System Security Design This paper takes a provincial medical insurance CPU card application system as an example to introduce the key management system design. The system is for the provincial medical insurance industry, application system in various cities, the system issued by the card including the SAM card and user card. The SAM card will be placed on a variety of off-line devices; the user card will be used to store and use the basic information and e-finance information. The key to system design is to ensure that the system has both availability, openness, and sufficient security.
The storage and transmission of the system key are all implemented using a smart card because the smart card has a high degree of security. The key on the user card (the card provided to the end user) cannot be read at all, but can only be used when it reaches a certain safe state. The key in the SAM card (the authentication key card used to identify the user card) can be used to distribute some of the keys used offline in the user's card, but it cannot be read out. The keys on the issuing key cards at all levels can be derived when they reach a sufficient security state, but the derived keys are ciphertexts and can only be decrypted when they are sent to the same type of card.
The security mechanisms of the system include card physical security, smart card operating system security, security algorithms, secure key generation and storage, secure transmission and distribution of keys, and security management measures and auditing systems.
2. The layered management key of the key is mainly managed hierarchically, that is, the provincial key management center is only responsible for generating the seed key, and each city is responsible for generating its own key system and user card according to the key seed, so that it can be in full A unified planning within the province can be used flexibly.
3. The key of the secure key management system is subject to strict authority control. In particular, the authority to use the key is managed and controlled hierarchically; functions such as key generation, injection, and export are performed by the card issuing center (provincial medical insurance fund management center). Unified control and management.
Third, the system function key management system's goal is to safely generate all levels of master keys and various types of sub-keys. Subkeys are securely sent underground to the card issuing center of the subsystem to generate various keys in the SAM card, user card, and operator card to ensure the security and consistency of the keys in all the above links. Type of key management. The system achieves the above objectives through IC card hardware, IC card operating system, rational key management system design, and strict safety management regulations.
The key management system is the most important link in the IC card application system. The key functions are the generation, distribution, use, update and destruction of keys.
1. The generation of the key generates provincial various types of master keys and various types of municipal-level subkeys: various keys for generating user cards and operator cards. Key generation is mainly used in three ways:
Use safe, reliable and fast software generation methods;
Use card storage key
· Use cryptographic machines to generate keys. In the key generation process, it must be conducted in a safe and confidential environment.
2. Distribution of keys: After the keys are generated, the keys are distributed according to different types of services. The key is then sent to the city and the key is secured and consistent. The key is downloaded or distributed to the various subsystems in the form of ciphertext on the IC card, and the key is subject to corresponding security control. Only when the security conditions are met can the key be used for distribution or download. As the carrier of the transmission key, the IC card, due to its very high safety factor, can effectively carry out key transmission and distribution through reasonable design.
3. The use of keys: In each sub-system and IC card, you can design the security conditions for the use of the key, and only use the key to perform the corresponding operation if the key is used safely. In addition, the key is stored in a non-visible format. No one has permission to read it, including card manufacturers and system vendors. When the key is attacked illegally, it can be locked by itself, so as to prevent illegal deciphering.
4. Key update: The security issues involved in key updates are numerous. Since most key updates are performed in weak security environments and involve a large range, key updates should be performed with caution. . If it is necessary to update the key, the key may be periodically updated in the form of cipher text and under certain security conditions in a secure and confidential state.
5. Failure of the key: After the key is used for a period of time, it can be forcibly invalidated due to security needs, but it can be managed with a backup key. If the key is attacked illegally, it can also be automatically changed to protect the security of the entire key system. After the key card and the IC card containing the key data have failed, they must be recycled and destroyed.
The key management system is mainly divided into two major modules:
Provincial key management module and municipal key management module The key function of the provincial key management module is to generate provincial master keys, and to generate city master keys for each city, which are transmitted to each in the form of a key card. The city records the card issuing information on the key card to track the audit. The key card's file structure and usage are recorded in writing.
The main function of the municipal key management module is to generate SAM cards, generate and install various keys on user cards and initialize user cards.
IV. Operation of the key management system and management of the location In consideration of the issuance of medical insurance IC card, the key management system should be operated and managed at the provincial or municipal medical insurance fund management center. The password for generating the parent key should be sealed in the Provincial Labor and Social Security Department or the Municipal Labor and Social Security Bureau.
Fifth, the overall functional structure of the key management system 1. Parent key generation module This module is responsible for generating the root key (ie the parent key) of the medical insurance system and can only be used and controlled at the provincial medical insurance fund management center. After completing the generation of the secondary key, the parent key card should be sealed. The generation of parent keys must be performed in a highly secure and confidential manner and managed by a few individuals. The seed that generates the parent key is input by the relevant department responsible for the input, and then it is processed using the security algorithm, and finally the parent key of the medical insurance system is generated. After the parent key is generated, it is divided into multiple carriers for storage and use.
· Stored in the IC card to generate the mother key card (key is not visible) for generating secondary key cards, and each key card is protected by the PLN and external authentication key card, that is to say, in the generation of The mother key card also generates a PLN and an external authentication key for each mother key card, and an external authentication key card is correspondingly generated. When the secondary key is generated using the mother key card, the personal password is first input. Then, the mother key card and the external authentication card perform mutual authentication, and the parent key can be used to generate the next-level key after the security condition of using the parent key is reached.
• The seed of the key must be stored in strict confidentiality in writing and must be separately administered by several individuals.
The role of the parent key is to generate secondary keys.
2. The secondary key generation module uses the parent key to generate a secondary key according to the requirements of the medical insurance system. The secondary keys include the issuer master key, the municipal master key, and the provincial application master key. This level of key is used and kept by the provincial medical insurance fund management center.
The role of the issuer master key: It is used to generate all levels of function keys related to issuance, namely issuing key, report loss key, replacement key, cancellation key, recharge key, and query key.
The role of the municipal master key: According to the system requirements, generate application keys related to the municipal application.
The role of the provincial application master key: According to the system functional requirements, generate a provincial application key for various functions.
3. Issuer key generation module: This module will generate issuing keys for each city as required.
4. Municipal key generation module: This module will use the city's municipal master key to generate corresponding application keys as required.
5. Provincial application key generation module: This module will generate provincial application keys with provincial application master keys as required.
6. Key management: The module will record and manage all key generation and distribution as required, and be responsible for the management of loss, cancellation, blacklist, and re-submission of various key cards.
6. Key security features 1. The loading method of the key loading key is adopted, and the control process is as follows:
The card master key is updated under the control of the card master key;
· The application master key is loaded under the control of the chip master key;
The application master key is updated under the control of the application master key;
The application master key is loaded and updated under the control of the application master key.
2. The key access key does not allow direct reading;
The key must be updated under the control of the master key;
· Keys at all levels cannot be accessed directly by the outside world, and can only be accepted by instructions from the internal operating system.
· The result of calculating the temporary key is only kept inside the card and cannot be directly accessed by the outside world.
3. Key attributes: There are certain restrictions on the use of keys, which must meet the requirements of key attributes.
VII. The system's card issuance process 1. IC card production and distribution process security mechanism When the province or city orders cards from the card factory, the manufacturer uses the transmission key to load the tested IC card chip to make a card and transport the provincial or city IC management center. The transmission key is used to control the secure transmission of the IC card to prevent the card from being replaced when shipped between the manufacturer and the provincial or city.
When the provincial or municipal IC card management center receives the ordered IC card, it first uses the transmission key to authenticate the card to check the validity of the card and prevent illegal cards.
After the authentication is passed, the master key of the provincial or municipal IC card management center is encrypted with the manufacturer's transmission key, loaded into the IC card, and decrypted with the manufacturer's transmission key in the IC card to obtain the master control key. The key is used to replace the transmission key in the IC card, and then the master key can be used to load the key in the system.
2. The IC card issued by the card issuing process for issuing user cards is provided by the designated user card manufacturer. The provincial or municipal level issues a user card transfer master key card to each authorized user card manufacturer. The card factory transfers the master key into the IC card chip that has passed the test to make a card, and then delivers the municipal IC. Card Application Management Center.
The municipal IC card management center first uses the user card to create a master key card to authenticate the cards, and ensures that the cards are securely transmitted. After the certification is passed, the municipal master key card, city master key card authorization card, and SAM card mother card are used. The SAM card mother card authorization initializes these cards as user cards.
Overcenter Buckle,Stainless Steel Buckle,Black Track Ratchet Strap,Custom Overcenter Buckle
SHAOXING GULI BELTING CO., LTD , https://www.gulilifting.com