Smart card external authentication method

Abstract

The invention aims to disclose a smart card external authentication method, which comprises the following steps of: (1) generating a production public / secrete key pair PK0 / SK0 by certification authority (CA), and reading the production public key PK0 into a smart card during delivery; (2) encrypting and reading an encryption-decryption public / secrete key pair PK1 / SK1 into the smart card by the production secrete key SK0; (3) encrypting and reading a signature public / secrete key pair PK2 / SK2 into the smart card by the encryption-decryption secrete key SK1; and (4) managing the production secrete key SK0 by the CA, wherein the CA uses the production secrete key SK0 to sign all operation of the secrete key of the smart card. The method has the advantages that: by signing and verifying the related operation contents of the secrete key, the shortcomings of a secrete key file in the smart card are overcome effectively; the integrality protection of the operation contents of the secrete key is realized by the CA; risks that the secret key file is intercepted, covered and replaced under the conditions of insecure terminals and channel are avoided; and the aim of the invention is fulfilled.

Description

technical field [0001] The invention relates to an internal authentication method of a smart card, in particular to an external authentication method of a smart card based on PKI technology in the field of computer security and smart card application security. Background technique [0002] The trust agency of the PKI system is called CA, and ensuring the security of the private key is the core of the PKI system. That is to say, if the private key is leaked, the entire PKI system will be in danger. In early PKI applications, the private key was stored on the terminal in the form of a soft certificate. Since the terminal is vulnerable to attacks by viruses and Trojan horses, it is easy to leak the private key. In order to solve this problem, smart cards that store private keys and certificates are applied to the PKI system as cryptographic devices independent of terminals, especially smart cards that can generate public-private key pairs themselves, whose private keys cannot b...

AI Technical Summary

Problems solved by technology

If SK appears 1 If it is overwritten, the legally encrypted information cannot be restored, so that normal encryption and decryption operations cannot be performed

[0020] Similarly, if the attacker bypasses the authority verification and obtains the operation authority to generate the public-private key pair, it will prompt the smart card to generate a new signature public-private key pair, because the SK 2 is used for signing, when SK 2 After being overwritten, it will appear that the signature verification of the other party has been unable to pass, which has caused a de facto denial of service attack

[0021] The risk of replacing the private key, encrypting and decrypting the private key SK 1 The replacement risk is mainly to replace the victim’s private key and certificate with the legitimate private key and certificate applied by the attacker. When SK 1 If it is written in the smart card in plain text and is not associated with personally identifiable information or signed, then the encryption and decryption private key and certificate file will be easily replaced

Images