First, the design premise of the key management system
Key management is an important part of cryptography. In modern cryptography, in addition to cryptography and cryptanalysis, a separate key management is also available. Key management includes the generation, distribution, injection, storage, and destruction of keys, and the most important one is the allocation of keys. The key management mechanism of the IC card is directly related to the security, flexibility, and versatility of the entire system. The generation, distribution and update of keys are a core issue of the system.
In order to ensure the safe use of a large CPU card application system and ensure that information is not infringed, a complete key management system should be established before the system is implemented. The key management system is designed to safely generate all levels of master keys and various subkeys under the premise of security and flexibility, and send the subkeys securely to the subsystem's card issuance center for generation. The various keys of the SAM card, user card and operator card ensure the security and consistency of the keys in all the above steps, enabling centralized key management. It is guaranteed throughout the province that each city can issue its own user card and key card and be monitored by the provincial management center.
Second, the key management system design method
1. System security design
This paper takes a provincial medical insurance CPU card application system as an example to introduce the design of key management system. The system is a system for the provincial medical insurance industry and is applied in various cities. The final card issued by the system includes the SAM card and the user card. The SAM card will be placed on a variety of offline devices; the user card is the basic information and electronic funds information stored and used by the user to store and store the product. The key to system design is to ensure that the system is both usable, open, and secure.
The storage and transmission of the system key are implemented by using a smart card because the smart card has a high degree of security. The key on the user card (the card provided to the end user) cannot be read at all, but can only be used when a certain security state is reached. The key in the SAM card (the authentication key card used to identify the user card) can be used to distribute the partially used key in the user card, but it cannot be read. The keys on the master card of each level can be exported when the security status is sufficient, but the exported key is ciphertext and can only be decrypted if sent to the same type of card.
The security mechanism of the system mainly includes the physical security of the card, the security of the smart card operating system, the security algorithm, the secure key generation and storage, the secure transmission and dispersion of the key, the security management measures and the auditing system.
2. Hierarchical management of keys
The key is managed hierarchically. That is, the provincial key management center is only responsible for generating the seed key. Each city is responsible for generating its own key system and user card according to the key seed, so that it can be unified in the province. It can be used flexibly.
3. Secure key management system
The key is subject to strict authority control, especially hierarchical management and control of the key usage authority; key generation, injection, and export functions are uniformly controlled and managed by the card issuing center (provincial medical insurance fund management center).
Third, the system function
The goal of the key management system is to securely generate master keys and various subkeys at all levels. And send the subkey securely to the issuing center of the subsystem to generate various keys in the SAM card, the user card and the operator card, to ensure the security and consistency of the keys in all the above links, and to achieve centralized Key management. The system achieves the above objectives through IC card hardware, IC card operating system, reasonable key management system design, and strict security management regulations.
The key management system is the most important part of the IC card application system. The main functions include the generation, distribution, use, update and destruction of keys.
1. Key generation Generates various types of master keys and municipal subkeys at the provincial level: various keys for generating user cards and operator cards. Key generation is mainly used in combination of three forms:
Â· Use safe, reliable and fast software generation methods;
Â· Use a card to store the key;
â€¢ Generate a key using an encryption machine. In the key generation process, it must be done in a secure and confidential environment.
2. Key distribution: After the key is generated, the key is distributed according to different service types. The key is then sent to the city and the security and consistency of the key is guaranteed. The key is downloaded or distributed to each subsystem in the form of ciphertext on the IC card, and the key is subject to corresponding security control. Only when the security condition is met can the key be used for distribution or downloading. As the carrier of the transmission key, the IC card has a very high security factor, and the key transmission and distribution can be effectively performed through reasonable design.
3. The use of the key: In each sub-system and IC card, the security conditions for the use of the key can be designed. Only when the safe use condition of the key is reached, the key can be used for the corresponding operation. Moreover, the use of keys is stored in a non-visible form, and no one has permission to read them, including card manufacturers and system vendors. When the key is attacked illegally, it can lock itself, thus preventing illegal deciphering.
4. Key update: There are many security issues involved in the update of the key. Since most of the keys are updated in a weak security environment and the scope is large, the key update should be performed cautiously. . If the key needs to be updated, the key can be periodically updated in the form of cipher text and under certain security conditions in a secure and confidential state.
5. The invalidation of the key: After the key is used for a period of time, it can be forcibly invalidated due to security needs, but can be managed by using the backup key. If the key is attacked illegally, it can also automatically change to protect the security of the entire key system. After the key card and the IC card storing the key data are invalid, the secret destruction must be recovered.
The key management system is mainly divided into two major modules:
Â·Provincial key management module Â· City-level key management module
The main function of the provincial key management module is to generate the provincial master key, and generate the city master key for each city, transmit it to each city in the form of a key card, and record the card issuance information on the key card to track the audit. The file structure and usage of the key card are recorded in writing.
The main function of the municipal key management module is to generate a SAM card, generate and install various keys on the user card, and initialize the user card.
Fourth, the key management system operation and management location settings
Considering the requirements for the issuance of medical insurance IC cards, the key management system should be operated and managed in the provincial or municipal medical insurance fund management center. The password for generating the parent key shall be sealed in the Provincial Labor and Social Security Department or the Municipal Labor and Social Security Bureau.
Fifth, the overall functional structure of the key management system
1. Master key generation module
This module is responsible for generating the root key (ie the parent key) of the medical insurance system, which can only be used and controlled in the provincial medical insurance fund management center. After the generation of the secondary key is completed, the parent key card should be sealed. The generation of the parent key must be carried out with a high degree of security and confidentiality and managed by a small number of people. The seed that generates the parent key is input by the relevant department, and then processed by the security algorithm to finally generate the parent key of the medical insurance system. After the parent key is generated, it is divided into a plurality of carriers for storage and use.
Â· Deposited into the IC card to generate the master key card (key is not visible) is used to generate the secondary key card, and each key card is protected by PLN and external authentication key card, that is, generated The master key card also generates a PLN and an external authentication key for each mother key card, and correspondingly generates an external authentication key card. When generating the secondary key using the parent key card, first input the personal password. Then, the parent key card and the external authentication card perform mutual authentication, and the parent key can be used to generate the lower key after the security condition of using the parent key is reached.
Key seeds must be stored in strict confidential form in writing and must be separated by a few people.
The role of the parent key is to generate a secondary key.
2. Secondary key generation module
A secondary key is generated using the parent key in accordance with the requirements of the medical insurance system. The secondary key includes: the issuance master key, the municipal master key, and the provincial application master key. This level of key is used and kept by the Provincial Health Insurance Fund Management Center.
The function of the card issuance master key: used to generate the function keys of all levels related to card issuance, namely, issuing key, loss key, reissuing key, deregistration key, recharge key, and inquiry key.
The role of the municipal master key: Generate application keys related to city-level applications based on system requirements.
The role of the provincial application master key: Generate provincial application keys for various functions according to system function requirements.
3. Card Issuance Key Generation Module: This module will generate the card issuance keys for each city as required.
4. Municipal Key Generation Module: This module will generate the corresponding application keys using the municipal master key of this city as required.
5. Provincial Application Key Generation Module: This module will generate provincial various application keys with the provincial application master key as required.
6. Key management: This module records and manages the generation and distribution of all keys as required, and is responsible for the management of loss, cancellation, blacklisting, and re-issuance of various key cards.
Sixth, the security features of the key
1. The loading of the key The way the key is loaded is controlled as follows:
Â· The card master key is updated under the control of the card master key;
Â· The application master key is loaded under the control of the chip card master key;
Â· The application master key is updated under the control of the application master key;
The application master key is loaded and updated under the control of the application master key.
2. Access to the key â€¢ The key is not allowed to read directly;
The key must be updated under the control of the master key;
Â· Keys at all levels cannot be directly accessed by the outside world, and can only accept commands from internal operating systems for calculation;
â€¢ The result of calculating the temporary key is only kept inside the card and cannot be directly accessed by the outside world.
3. Key attributes: The use of keys has certain restrictions and must meet the requirements of key attributes.
Seven, the key generation process (omitted)
Eight, the system issuance process
1. Security Mechanism for IC Card Production and Distribution Process When a province or city orders a card from a card manufacturer, the manufacturer uses the transfer key to load a card into a test-qualified IC card chip and ship it to a provincial or city IC management center. The transport key is used to control the secure transmission of the IC card to prevent the card from being replaced when it is shipped between the manufacturer and the provincial or city.
When the provincial or municipal IC card management center receives the ordered IC card, it first uses the transmission key to authenticate the card to verify the legality of the card and prevent illegal cards.
After the authentication is passed, the provincial or municipal IC card management center's own master key is encrypted with the manufacturer's transmission key, loaded into the IC card, and then decrypted by the manufacturer's transmission key in the IC card to obtain the master control key. The key is used to replace the transport key in the IC card, and then the key can be loaded using the master key in the system.
2. Card Issuance Process The IC card used to issue the user card is provided by the designated user card manufacturer. The provincial or municipal level issues a user card transmission master key card to each authorized user card manufacturer. The card factory will transfer the master key into the tested IC card chip to make the card, and then transport the city-level IC. Card Application Management Center.
The municipal IC card management center first uses the user card to manufacture the master key card to authenticate these cards to ensure the secure transmission of the card. After the authentication is passed, the city-level master key card, the city master key card authorization card, and the SAM card mother card are used. The SAM card is authorized to initialize these cards into user cards.
we specialize in this field for more than 15 years, with rich experience and mature technology, with good quality and pretty competitive price.
Our main products cover Adult Toothbrush, Kids Toothbrush , home use Toothbrush , Bamboo Toothbrush, Baby Toothbrush , Travel Toothbrush, Hotel Toothbrush, electric toothbrush, sonic toothbrush...... We have more than two hundred types of products, and can also be customized according to your design. The material and color of the toothbrush can also be customized.
Adult Toothbrush,Adults' Oral Care Toothbrush,Care Toothbrush,Electronic Toothbrush
Yangzhou Special Care Daily Products Co., Ltd , http://www.justspecialcare.com