Design And Implementation Of Multifunctional Security Signature Terminal Based On PKI System

With the rapid development of Internet technology,handwritten signatures,as a way of expressing personal wishes,have also rapidly moved to electronic.This not only helps the development of e-commerce,but also promotes the popularity of paperless office in various industries,saves paper resources,and helps environmental protection.However,handwritten electronic signatures are different from paper-based handwritten signatures.Its confidentiality,integrity,non-repudiation,and identifiability are not only the focus of people's attention,but also the basic requirements for its wide application.At present,most of these characteristics are guaranteed by Public Key Infrastructure(PKI)technology.Therefore,the secure storage of core keys and digital certificates in the PKI system becomes particularly critical.The international standard ISO7816 specifies the logical structure of these core file storages.However,not only does it not make explicit requirements for the storage mode and data organization structure of the files,but it also does not make clear the security control mechanism.In addition,the characteristics of security chips vary.As a result,various manufacturers still need to develop their own Chip Operating System(COS)based on the actual application and the characteristics of the security chip to achieve the secure storage and use of core files.In this paper,after analyzing the security of electronic signatures,a self-designed security encryption module is added to the existing handwritten electronic signature terminal devices to store the relevant keys and digital certificates,and provide a computing environment for data encryption and decryption.Finally,a multifunctional secure signature terminal based on the PKI system was implemented.The main work and contributions of this paper are as follows:1.This paper uses domestic AS508H256 security chip and HanWang electromagnetic touchpad module to complete the circuit design of the multifunction secure signature terminal.The USB-hub circuit is added to prepare for the function expansion of the terminal device.2.The design of the COS logic function layer is completed.It includes four functional modules: communication management,command processing,file management,and security control.The communication management module supports multiple security protection mechanisms.The command data format and command set are designed in the command processing module.The file management module implemented a file management system suitable for a secure signature terminal.The security control module implemented secure management of the key file and digital certificate file in the signed terminal device.Completed the design of the COS application layer electronic signature application.The method of managing the key file in the COS system and the main working status and workflow of the secure signature terminal are explained in detail.3.The main functions of the system have been completely tested.The test results show that the COS system meets the expected requirements of a multifunctional secure signature terminal and can be put into production.The research results of this thesis have been successfully applied to the multifunctional secure signature terminal products of Beijing AnXin IOT Technology Co.,Ltd.and have been used in banks,hospitals,tender centers and other industries.