E Keytech
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

E Keytech

on

  • 867 views

earn

earn

Statistics

Views

Total Views
867
Views on SlideShare
867
Embed Views
0

Actions

Likes
1
Downloads
4
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

E Keytech Document Transcript

  • 1. eKey Technique Manual Page 1 of 12 Shenzhen Mingwah Aohan High Technology Co., Ltd. Tel: (0755)83345003 Fax: (0755)83321809
  • 2. eKey Technique Manual Page 2 of 12 CONTENTS CHAPTER ONE AN INTRODUCTION OF ELECTRONIC KEY (EKEY) ....................´íÎ󣡴¶¨ÒåÊéÇ© 1.1 General Product Description .......................................................................................................´íÎ󣡴¶¨ÒåÊéÇ© 1.2 Product Functions .......................................................................................................................´íÎ󣡴¶¨ÒåÊéÇ© 1.3 Product Features..........................................................................................................................´íÎ󣡴¶¨ÒåÊéÇ© 1.4 Applicability ...............................................................................................................................´íÎ󣡴¶¨ÒåÊéÇ© 1.5 Typical Application ..................................................................................................................................................... 5 1.6 Product Model Number................................................................................................................................................ 5 1.7 Development Kit: EDK................................................................................................................................................ 6 CHAPTER TWO THE INSTALLATION AND USE OF EKEY.......................................´íÎ󣡴¶¨ÒåÊéÇ© 2.1 Installing Process ......................................................................................................................................................... 6 2.2 How to Use eKey ......................................................................................................................................................... 7 CHAPTER THREE THE APPLICATION FOR DIGITAL CERTIFICATES THROUGH EKEY´íÎ󣡴¶¨ÒåÊéÇ© 3.1 What Is Digital Certificate ..........................................................................................................´íÎ󣡴¶¨ÒåÊéÇ© 3.2 eKey CSP & Its Management Tools ...........................................................................................´íÎ󣡴¶¨ÒåÊéÇ© 3.3 Using eKey to Apply for Digital Certificate ...............................................................................´íÎ󣡴¶¨ÒåÊéÇ© CHAPTER FOUR RELEVANT CREDENTIALS ............................................................................................. 11 Enclosed 1 The Credential of Scientific Research and Manufacturing Enterprise for Commercial Cryptogram Products Appointed by National Commercial Cryptogram Committee .......................................................... 11 Enclosed 2 The Credential of Sales Unit for for Commercial Cryptogram Products Appointed by National Commercial Cryptogram Committee .............................................................................................................. 12 Enclosed 3 The Certificate of Technical Identification of Commercial Cryptogram Product.......................................... 12 Shenzhen Mingwah Aohan High Technology Co., Ltd. Tel: (0755)83345003 Fax: (0755)83321809
  • 3. eKey Technique Manual Page 3 of 12 CHAPTER ONE AN INTRODUCTION OF ELECTRONIC KEY (EKEY) 1.1 General Product Description With popularization and application of network technique, social life is carrying an earth-shaking change in various fields as internet develops with an unprecedented speed. Due to the features of Internet in terms of opening, stateless, and freedom, network security, especially in some aspects, such as ID authentication, electronic signature, and data encryption, appearing in network information exchange, has become a central issue concerned by people. People have taken many measures to protect network security. One of the most common ways is to realize encryption and signature through software. However, there exists a hidden danger here in this way, since it must be executed in PC or server processor which means this processor can obtain the encrypted key. This is the fatal weakness of encrypted key by software encryption, because a HeiKe can read the key from outside PC and use it without authorization. Once he owns this key, he can encrypt and decrypt the captured data outside the system. Virus “Lovely Bug” fully indicates how easy to operate PC. Facing innumerable invasion of HeiKe, facing potential danger of large internal information loss of the enterprise, we shall acknowledge that what we have made efforts in is not much enough and we need more effective methods to protect our internet security. Therefore, we should adopt such a kind of encrypted hardware, where cryptogram key is stored and encryption operation is completed so that the external system of the hardware cannot track the cryptogram key. Thus, separating encrypted hardware from system is the only choice for encryption security. In the process of software encryption, cryptogram key will be transmitted to data or PC processor while in the process of hardware encryption data will be transmitted to the cryptogram key which is stored in the special security hardware. Such hardware can also operate the required encrypted algorithm at a high speed so that nobody can access the cryptogram key, for it is not stored in a PC which can be accessed anytime. Hence, this is the only way of real security without invasion of PC Virus or Trojan horse Virus. Our eKey is such a kind of encrypted hardware with security document systems! Electronic key (or “Electronic Token”)—eKey—is an indispensable information safety product for modern computer network, mainly used as electronic key and ID card in network client-server. eKey is a USB hardware token integrating a smart chip with a reader, with the features of exquisite design and being easy to carry with one. It can be operated in any computer which has USB interface. Having the functions of digital signature, ID authentication, secure encryption and decryption of information & data, and personal credential storage, eKey can be applied for the fields as below: ID authentication, e-Commerce, on-line banking, document encryption and decryption, and secure e-Mail, and can provide a quick and secure solution for building up a safety information platform in the fields mentioned above. 1.2 Product Functions Using USB communication interface in line with USB1.1 technique standard, Shenzhen Mingwah Aohan High Technology Co., Ltd. Tel: (0755)83345003 Fax: (0755)83321809
  • 4. eKey Technique Manual Page 4 of 12 communication speed 1.5 Mb/s; Display: LED, for power & communication indication; Smart card built-in, possessing all functions of SmartCOS PK operation system; User memory space: 16K/32K/64K Maximum power performance: 100mW Power: 5V, directly supplied by USB interface Relative humidity: 30%-95% eKey = Mingwah USB reader + SmartCOS PK smart card; Adopting high-tech materials, eKey can hot plug or pull above 100 thousand times; Because of using chip storage, data will be entirely in safety; Standard USB interface; it can be immediately used when plug-in; you needn’t to worry about the conflict between device and hardware. It will be applied to the following devices’ USB interface: PC, laptop computer, server and other network devices. Communication speed 1.5Mbps; Smart card chip built-in, possessing all functions of Smart COS PK operation system; to store data into the chip is very secure; Optional EEPROM capacity: 16K/32K/64K, for storage of personal information, cryptogram, cryptogram key, credentials, etc.; As cryptogram key is stored in eKey, the operation is also completed in eKey so that it cannot be tracked; Supporting DES, 3DES, RSA1024bit, ECC160bit/192bit algorithms; Key generation and signature in the token; Supporting MD5, SHA-1 data hush algorithm; Random numbers generation in hardware; Driver supporting: Windows98/ME/NT/2000/XP and Linux (optional). 1.3 Product Features 128bit memory cell, 12mhz processor; Middleware: PKCS#11, Microsoft CSP; Up to the standard of X.509V3 digital certificate storage; Display lamp for software control The sole 64bit series number in the world; Password protection, prevent documents from being read/ revised. 1.4 Applicability Supporting far-end access server (IPSec, PPTP, PAP, CHAP, RADIUS, TACACS); Access control on enterprise network and worldwide network (HTTP, SSL); On-line business, authorization management, account management; Working process and electronic signature Guard laptop computer against embezzling; NT work station logging-in; Software protection Shenzhen Mingwah Aohan High Technology Co., Ltd. Tel: (0755)83345003 Fax: (0755)83321809
  • 5. eKey Technique Manual Page 5 of 12 Document or directory encryption; E-mail security (S/MIME, OpenPGP); Network device management; e-Purse (SET, MilliCent, eWallet); e-Government Administration, e-Tax, e-Customs, and on-line securities, etc. 1.5 Typical Application Log-in and access control Based on eKey’s local computer and network landing, authentication tools, including the tool of network user management Document/mail/directory encryption and decryption The documents, mails or directories assigned by encrypted eKey holder can be decrypted and checked by plugging eKey in. Safety distribution Distribute documents to the designated department or person in safety. Only the user which holds the special eKey can read the documents. Safety dialing Store dialing information into eKey in advance and then build up remote safety connection. Digital certificate pioneer Encrypted service module compatible with Microsoft CryptoAPI, to realize a series of functions, such as digital certificate, signature encryption and website authentication. 1.6 Product Model Number e-Key naming description: EK --- K 16 04 PA 1 2 3 4 56 1. eKey product series; 2. K means PK series; C means PBOC series; 3. EEPROM capacity; 4. FLASH capacity; 5. system standard: space for MW standard, P for PC/SC standard; 6. public key algorithm label (A: RSA, B: RSA/ECC, C: RSA/SFF33, D: DES, E: RSA/SFF33/ECC); 7. SZD-12 is Mingwah external commercial cryptogram name of eKey including SFF33 algorithm; 8. Each eKey has the sole 13bit production number. For example: EK-C16D indicating PBOC style, 16K byte of EEPROM capacity, supporting DES algorithm. EK-K64C indicating PK style, 64K byte of EEPROM capacity, Shenzhen Mingwah Aohan High Technology Co., Ltd. Tel: (0755)83345003 Fax: (0755)83321809
  • 6. eKey Technique Manual Page 6 of 12 supporting RSA and SFF33 algorithms. EK-K6404PA Indicating PK style, 64K byte of EEPROM capacity, 4M of FLASH capacity, up to PC/SC standard, supporting RSA algorithm. 0207K01010001 produced in Jul. 2002, PK style, chip style 01, batch 01, No. 0001. 1.7 Development Kit: EDK EDK is an eKey development kit made for user to speed up the development and application of eKey products. It consists of the following parts: 1) One eKey 2) Extension cable 3) Development software: MWUSB SDK CD-ROM A) Windows Platform --USB driving program: Windows98/ME/NT/2000 --Win32 dynamic base and ActiveX control element interface function library --CSP (optional) --Demostration program: eKey Demo --Examples: we provide some source codes to examples of how to use our API’s. B) Linux (optional) --USB driving program --static interface base --security middle element: PKCS#11 (optional) --using example C) User manual (electronic user manual of eKey, SmartCOS PK user manual) D) README.TXT (edition and supplementary documents) CHAPTER TWO THE INSTALLATION AND USE OF EKEY 2.1 Installing Process Before installing eKey in computer, you are required to prepare for such things as below: 1. Your computer must be installed with Windows operation system (eKey supports WIN98/ME/NT/2002); 2. As eKey is a USB interface device, there should be an unused USB interface in your computer; 3. Hardware driving program for eKey special use. The kit you obtained will contain driving program disk. You can also download the newest eKey driving program from Mingwah website (http://www.mwcard.com) ; 4. Please read this eKey User Manual carefully. It will guide you how to install and use eKey Shenzhen Mingwah Aohan High Technology Co., Ltd. Tel: (0755)83345003 Fax: (0755)83321809
  • 7. eKey Technique Manual Page 7 of 12 correctly and how to complete your task by means of eKey. After the above preparation, you can start to install eKey hardware: 1. Plug eKey in USB interface of the computer, and it will prompt a message of finding new hardware Mingwah eKey; 2. Require user to assign the route where the new driving program exists; 3. You can go to the driver directory of installation disk; 4. Operation system will automatically identify the driving program; 5. Windows implement document copy and then complete the installation process. 2.2 How to Use eKey EKey is a standard USB device. Once you plug it in computer’s USB interface, it can be used. Because USB device has the feature of hot plug and pull, you can plug or pull eKey anytime during the using process, and needn’t to worry about the hardware damage. If your computer’s USB interface is behind the computer, it is really not convenient to plug or pull eKey frequently. We suggest that you buy a USB extension wire. We advise that you tie it with your key ring and carry on your person. CHAPTER THREE THE APPLICATION FOR DIGITAL CERTIFICATES THROUGH EKEY 3.1 What Is Digital Certificate Digital certificate is a kind of ID certificate for various entities (card holder/private, businessman/enterprise, gateway/bank, etc.) to implement information exchange and business activities on the network. In each link of electronic trade, each party concerned must identify the validity of the other party’s certificate so as to solve problems with each other. The certificate is a document including public crypto key and its owner’s information digital-signed by the Certificate Authentication Center. Viewing from the use of certificate, digital certificate can be classified in two types: signature certificate and encryption certificate. The former is mainly used for signature in user information to ensure information undeniability; the latter is mainly used to encrypt the messages transmitted by user so as to make sure of information truth and integration. Simply speaking, digital certificate is a data segment containing user ID information, user public key information and digital signature of the ID Authentication Institution. We can ensure the authenticity of certificate information. Certificate format and contents are up to X.509 standard. 3.2 eKey CSP & Its Management Tools Encryption service groupware eKey CSP which is used for digital certificate management has obtained Microsoft signature and our company becomes the first supplier of digital certificate service hardware supporting CryptoAPI in China. This makes Mingwah realize a new Shenzhen Mingwah Aohan High Technology Co., Ltd. Tel: (0755)83345003 Fax: (0755)83321809
  • 8. eKey Technique Manual Page 8 of 12 breakthrough in the functions based on ID authentication platform of hardwares of eKey, Mingwah USB reader + SmartCOS PK Smart card, etc. Through compatible Microsoft cryptoAPI, eKey CSP enables user to utilize eKey or Mingwah USB reader + SmartCOS PK Smart card to store digital certificate provided by a large number of certificate service providers, such as Verisign (www.verisign.com), e-Commerce Authentication Center of Guangdong Province (www.cnca.net) and China Institution Card (www.sheca.com). Meanwhile, CSP makes an entire connection with Windows series and be directly applied to series software in terms of Outlook, Outlook Express, and IE so as to realize e-mail signature encryption, website access control and other security functions. EKey CSP supports many kinds of symmetric and non-symmetric algorithms. Either eKey or Mingwah USB reader + SmartCOS PK Smart card possesses 8K-64K bytes memory space which can store lots of certificates. At the same time, eKey CSP management tool can implement multi-certificate management, certificate application/abolish/import/export, and eKey PIN code management. Note: CryptoAPI is encryption application interface standard put forward by Microsoft. CSP is groupware interface standard for cryptographic service provider raised by Microsoft. 3.3 Using eKey to Apply for Digital Certificate Before applying for digital certificate, you should make preparation as below: 1. Your computer has been installed with eKey CSP and CSP management tool; 2. Your eKey has been plugged into computer USB interface, or Mingwah USB reader has been plugged in computer USB interface and SmartCOS PK Smart card also plugged in USB reader; 3. Your eKey or SmartCOS PK Smart card has been formatted by eKey CSP management tool; 4. Application, download, and using certificate operation must be carried on in the same computer. After the above preparation, you can start to apply for digital certificate. We will take as an example probational personal digital certificate applied to the e-Commerce Authentication Center of Guangdong Province www.cnca.net and show how to use Mingwah USB reader + SmartCOS PK Smart card or eKey: 1. Install certificate chaining of probational personal digital certificates; 2. Fill in the blank of the application form and submit it: 1) Fill in basic information; Shenzhen Mingwah Aohan High Technology Co., Ltd. Tel: (0755)83345003 Fax: (0755)83321809
  • 9. eKey Technique Manual Page 9 of 12 2) In the box of CSP (provided encryption-service program), please choose CSP provided by Mingwah eKey, or eKey Crypto Service Provider (v1.0); 3) Click the icon and go on the next step; here it will prompt an input box of eKey access password. After inputting eKey password, CSP will produce a pair of crypto key; 3. Download and install your digital certificates: 1) Click the button of “Installing Certificate”; 2) Enter the checkout page of digital certificate installation. After inputting your certificate accepted number and password, click the button of “Confirmation” and then enter the page of certificate installation; Shenzhen Mingwah Aohan High Technology Co., Ltd. Tel: (0755)83345003 Fax: (0755)83321809
  • 10. eKey Technique Manual Page 10 of 12 3) Click the button of “Installing Certificate”, input eKey access password once again. CSP will download digital certificate to eKey. Thus, you have succeeded in applying for digital certificate by means of eKey. You can use this certificate to sign your name or encrypt e-mail in Outlook Express. Shenzhen Mingwah Aohan High Technology Co., Ltd. Tel: (0755)83345003 Fax: (0755)83321809
  • 11. eKey Technique Manual Page 11 of 12 CHAPTER FOUR RELEVANT CREDENTIALS Enclosed 1 The Credential of Scientific Research and Manufacturing Enterprise for Commercial Cryptogram Products Appointed by National Commercial Cryptogram Committee Shenzhen Mingwah Aohan High Technology Co., Ltd. Tel: (0755)83345003 Fax: (0755)83321809
  • 12. eKey Technique Manual Page 12 of 12 Enclosed 2 The Credential of Sales Unit for Commercial Cryptogram Products Appointed by National Commercial Cryptogram Committee Enclosed 3 The Certificate of Technical Identification of Commercial Cryptogram Product Shenzhen Mingwah Aohan High Technology Co., Ltd. Tel: (0755)83345003 Fax: (0755)83321809