Basics of digital certificates (rpm)

Others 2019-06-27 01:25:53 views: null

First, what is a digital certificate

  Digital certificate is a series of data communication in the Internet communication parties sign identity information, provides a verify your identity on the Internet the way, and its role in daily life like driving license or ID card drivers. It is a mechanism by an authority ----- CA, also known as the Certificate Authority (Certificate Authorit y) issued by the center, people can use to identify each other's identity online. A digital certificate is a file that contains information about the owner of the public key and the public key of a signed by a certificate authority figures. The simplest certificate contains a public key, digital certificate authority name and signature. Under normal circumstances the certificate also includes the validity period of the key, the name of the issuing authority (certificate authority), and the certificate serial number, etc., to follow the format of the certificate ITUT X.509 international standard.

  A standard X.509 digital certificate contains some of the following elements:

  Version information of the certificate;

  Certificate serial number, each certificate has a unique serial number of the certificate;

  Certificate signature algorithm used;

  Issuer name of the certificate, naming the general X.500 format;

  The validity of the certificate, the certificate is generally used now common in UTC time, its count range 1950-2049;

  The name of the owner of the certificate, naming the general X.500 format;

  The owner of the public key certificate;

  Certificate issuer sign the certificate.

  Second, why use digital certificates

  Internet-based e-commerce system technology network enables customers to shop online can be extremely convenient and easy access to business and business information, but also increases the risk of data for certain sensitive or valuable abuse. Buyer and seller must be true and reliable operation for all financial transactions conducted over the Internet, and so on to make customers, businesses and enterprises parties to the transaction have absolute confidence, so the Internet (Internet) e-commerce system must have a guarantee very reliable security technology, that is, the network must guarantee the safety of the four elements, namely the confidentiality of information transmission, data exchange integrity, non-repudiation of sending traders identity of certainty.

  1, the confidentiality of information

  Business information transactions are confidential requirements. Such as credit card account number and user name being aware that it might be stolen, ordering and payment information learned by competitors, it may lose business opportunities. Therefore, information dissemination encrypted e-commerce are generally required.

  2, the certainty of the identity of the trader

  The pair was likely unknown to online transactions, thousands of miles away. To make a successful transaction must first be able to confirm each other's identity, for businesses to consider the client can not be a liar, and the client will worry about online shop is not a fraud unscrupulous play. It is possible to easily and reliably confirm each other's identity is a prerequisite for the transaction. To carry out services for the customer or user banks, credit card companies and store sales, in order to be safe, secure and reliable service activities should be carried out authentication work. The relevant store sales, the number of credit card customers that they used is not known, the store can only confirm the work entirely to the credit card bank to complete. Banks and credit card companies may be using a variety of confidential and identification methods, confirm the identity of the customer is legitimate, but also to prevent the occurrence of non-payments problem and confirm the order and the order receipt information.

  3, non-repudiation

  Due to the ever-changing Business, once the deal can not be denied. Otherwise it will inevitably harm the interests of the party. For example ordering gold, when ordering a lower gold price, but after receiving the order, the price of gold rose, as the acquirer can deny that by the time the actual orders, even denying the fact that the order is received, the ordering party will suffer. Therefore, all aspects of the communication process electronic transactions must be undeniable.

  4, non-modifiability

  The transaction file can not be modified, as in the example cited by ordering gold. Supply unit after receiving the order, found that the price of gold rose sharply, as it can change the file contents, the order number 1 t to 1 g, can greatly benefit, then the order unit might therefore suffer. Therefore, the file should be able to do electronic transactions can not be modified to ensure serious and fair trade.

  When people at the same time lamenting the enormous potential of e-commerce, have to think calmly, trade and jobs in the Internet on a computer and do not meet people, how to ensure the fairness and security of transactions, to ensure that the identity of the parties to the transaction authenticity. There are already more mature security solutions internationally, and that is to establish a secure certificate architecture. Digital security certificate provides a way to verify the identity of the Internet. Security certificate system mainly uses the public key system, other also includes symmetric key encryption, digital signatures, digital envelope technology.

  We can use digital certificates, through the use of symmetric and asymmetric cryptography and other cryptographic techniques to establish a set of strict authentication system to ensure that: In addition to sending and receiving information from being stolen parties themselves to other people; no information during transmission It has been tampered with; the sender is able to confirm the identity of the recipient of the digital certificate; for the sender can not deny own information.

  Third, the introduction of digital certificates principle

  The digital certificate using the public key system, i.e. one another by a pair of matching keys for encryption and decryption. Each user a specific set their own only my knowledge of the private key (private key), use it to decrypt and signature; at the same time set a public key (public key) by himself publicly as a the group of users to share, for encryption and signature verification. When sending a confidential document, the sender uses the recipient's public key to encrypt the data, and the receiver then uses its own private key to decrypt the information so you can reach your destination safe and correct manner. Digital guaranteed by means of encryption process is an irreversible process, that is, only with the private key can decrypt. In public-key cryptography, a common one is the RSA system. The mathematical principle is factoring into a product of two prime numbers, encryption and decryption using two different keys. Even if the known plaintext, the ciphertext, and the encryption key (public key), wants to derive the decryption key (secret key), it is computationally impossible. At the present level of computer technology to crack the 1024 RSA keys currently used, the time required to calculate thousands of years. Public key technology to solve the problem of key distribution management, businesses can open their public key, while retaining its private key. Shoppers can be well known by the public key of the transmitted information is encrypted securely transmitted to the merchant, and then decrypt with his private key by the merchant.

  Users can also employ their own private information to be processed, because the key is only my all, thus creating a file that others can not generated, it formed a digital signature. Digital signature can confirm the following points:

  (1) ensure that information is sent by the signer's own signature, the signer can not be denied or difficult to deny;

  (2) to ensure that the information received since the issuance of any changes so far has not been conducted, documents issued by the real file.

  Digital signature Specifically:

  (1) the packet by computing HASH algorithm to get the two sides agreed a fixed number of message digest. Mathematically guarantee: as long as the change in any one message, re-calculated message digest value will not match the original value. This ensures that messages can not be changed sex.

  (2) The message digest value is encrypted using the sender's private key, and then sent to the recipient along with the original message, and the message generating asymmetric digital signature.

  (3) the receiver receives a digital signature, the same algorithm to calculate the HASH message digest value, and then be decrypted with the sender's public key to unlock the message digest value is compared. Such as equal then the sender of the message did come from alleged.

  Fourth, certificates and certificate authority

  CA agency, also known as certificate charter (Certificate Authority) center, as a third party trusted e-commerce transactions, verify the legitimacy of public responsibility in the public key system. CA Center for each user using the public key of issuing a digital certificate, the role of the digital certificate is listed in the user certificate to prove lawful possession the public key listed in the certificate. CA's digital signature mechanism allows an attacker can not be forged and tampered with the certificate. It is responsible for generation, distribution and management of digital certificates required for all individuals involved in online transactions, and therefore is the core of secure electronic transactions.

  Thus, the construction of the Certificate Authority (CA) center, Shanxi Province to develop and standardize the e-commerce market essential step. To ensure the security of information transfer between users on the Internet, authenticity, reliability, integrity and non-repudiation, not only for the authenticity of the user identity is verified, there is a need to have the authority, impartiality, uniqueness the agency responsible for issuing to all the main e-commerce and management in line with domestic and international secure electronic transaction protocol standard e-commerce security certificate.

  FIVE, digital certificates

  Digital certificates can be applied to e-commerce and e-government activities on the Internet, its applications ranging from identity and data security needs of all sectors, including traditional commerce, manufacturing, retail online trading, as well as public utilities, financial services industry, industrial and commercial tax, customs, government administrative office, education and scientific research institutions, insurance, medical and other online operating system.

 

Reproduced in: https: //www.cnblogs.com/baoposhou/archive/2007/09/01/878008.html

Guess you like

Origin blog.csdn.net/weixin_33733810/article/details/93551713
Recommended
Ranking
iframe let subpages parent page jump parent.location.href
Android Studio connects to Tomcat server in Springboot Failed to connect to XXX
Introduction to the use of Axure components, login interface and drawing of personal resume
Unreal Engine UE problem collection (continuously added)
day72 importlib module
IntelliJ ideaIC / ideaIU download and activation crack
Typescript 静态属性&方法 多态 抽象类
TestNg use annotations
FiscoBcos uses Go to call contracts
Binary-thirds Find
Daily
More
2024-07-30(0)
2024-07-29(0)
2024-07-28(0)
2024-07-27(0)
2024-07-26(0)
2024-07-25(0)
2024-07-24(0)
2024-07-23(0)
2024-07-22(0)
2024-07-21(0)

Code World

© 2018 codetd.com