| With the rapid development of the Internet and the popularity of online business, a variety of virtual community and shopping platform on the Internet also gradually rise, traditional offline monetary transactions is moving in the direction of the online virtual trading, the scope of information security also will be covered more widely. Compared to the traditional channels of information exchange, the online world is more likely to reveal personal information, it has higher requirements on the security of transactions. Network information security protection system is not perfect, in today's wave of Internet development, to protect the security of online transactions are becoming more important.The most commonly used is asymmetric key technology. Encryption and decryption use different keys, it can be achieved in a non-secure channel key management, provides accountability proof, it is widely used in network transactions certification. In a number of authentication mechanisms, the Public Key Infrastructure(PKI) system is the most perfect in the field of network applications digital signature, key exchange, etc. But with the growing size of the network, such authentication system urgently needed to solve the problem of the key management and distribution.This paper based on the CPK(Combined Public Key) identity authentication system presents a viable authentication system solutions. In CPK Key Management System, we use the user ID as a key generation factor. The public key factor matrix is stored in the user terminal entity card. The security of user keys is protected by hardware. When the user's identity needs to be verified, the terminal identity card will search the identity invalid list in the Key Management Center to check the validity of the user's identity. Then digital signature needs to be verified. If the user's identity is valid, then the public key calculated by this identity is effective. Using a combination of mapping algorithm simplifies the complicated PKI key management mechanism and the legitimacy of user's public key can be self-validating directly by the user identification. Greatly reduced operating and maintenance costs of the CPK system.This paper follows the principle of security design and combines with the basic theory of CPK combined public key system. It also proposes the overall design of the system framework. According to the functional requirements, the system is divided into several major modules and specifies its main function. The security network topology structure that the various modules can communicate with each other is also designed. The detailed design and the deployment requirements for each module is given in this paper.The system uses the user terminal entity card as a unique identification of the user. The Key Management Center generates the user's key pair first, then the card will be issued to the user by the Registration Management Center. The card is non-copyable and unforgeable. The user terminal entity card itself has a certain capacity and the safety storage space. It implements the safe storage of the user keys.Finally, according to the application scenarios, the paper gives the process of the user registration and data flow in the system. And the main module was tested successfully by the safety certification card. |
PDF Full Text Request