Design And Implementation Of COS Security Authentication Mechanism Based On PKI System

With the rapid development of Internet technology and e-commerce,electronic transactions based on Internet has become the main means of payment,how to guarantee the security of electronic transactions,including the authentication and authorization of both parties,the safety of the transaction information transmission,data integrity and non-repudiation,is at the core of the smooth implementation of e-commerce technology.Public Key system(Public Key Infrastructure PKI)has the confidentiality of data transmission,user identity identification,data integrity verification,the advantages of standardization,has become the mainstream of the current electronic commerce information security solutions.The PKI system consists of certification center CA,certificate server,security application system and safety terminal product,one of the important components is to realize terminal products for PKI strategy,which can store the user's digital certificate and key file,realize data integrity,confidential transmission,All certificates and private documents operate within the security terminal products.The core part of PKI safety terminal products is Chip Operating System(COS),which can realize the function of power reset,chip underlying hardware,card internal memory space maintenance,system operation security control,command processing,code execution,etc.This thesis is based on a domestic security chip SSX1111,research on the smart card operating system,implementing PKI security authentication mechanism.The paper's main work and contributions are as follows.1.Realized the file system module of the chip operating system for the safety terminal products,responsible for the creation,deletion and selection of the files,and store key documents and digital certificates of the PKI system.2.Realized the security management module of the chip operating system for the safety terminal products,responsible for file system and authorization control of key management module.3.Realized the cryptographic algorithm call module of the chip operating system for the safety terminal products,support national encryption algorithm SM1,SM2,SM3 and Key algorithm of PKI system RSA.Realize data encryption,digital signature check and other functions.The research results of this thesis are to realize the PKI security authentication mechanism for the chip operating system on the safety terminal products,and successfully applied to a company's security terminal product--intelligent password key.It has been applied in online banking,e-commerce and other fields.