From a technical point of view: U shield is a tool for electronic signature and digital authentication of online banking. It has a built-in micro smart card processor. Based on PKI technology, it uses 1024-bit asymmetric key algorithm to encrypt, decrypt and digitally sign online data to ensure the confidentiality, authenticity, integrity and non-repudiation of online transactions. Although its equipment is small, its technical content is extremely high. This product adopts the international leading information security technology, the core hardware module is smart card CPU chip, and the internal structure is composed of CPU, encryption logic, RAM, ROM, EEPROM and I/O. It is a small computer with a security system.
In addition to hardware, the realization of security depends entirely on the high-tech smart card chip operating system (COS), which, like DOS, WINDOWS and other operating systems, manages all kinds of data, keys and files closely related to information security and controls all kinds of security services. USBKey has a hardware true random number generator, and the key is completely generated and stored in the hardware, which can ensure that the key does not leave the hardware, and the encryption and decryption algorithm provided by the hardware runs completely in the encryption hardware.
Safety measures of U shield
1. Hardware PIN code protection
U Shield adopts personal client certificate based on physical media, and establishes personal certificate authentication system (PIN code) based on public key PKI technology. Hackers need to get the user's U shield hardware and the user's PIN code at the same time to log in to the system. Even if the user's PIN code is leaked and the U shield is not lost, the identity of the legitimate user will not be faked. If the user's U shield is lost and others don't know the user's PIN code, they can't impersonate a legitimate user.
2. Secure key storage
The key of U shield is stored in the internal smart chip, so users can't read it directly from the outside. Reading, writing and modifying the key file must be executed by calling the corresponding program file by the CPU inside the U shield, so there is no instruction to read, modify, update and delete the contents of the key area outside the U shield interface, which can ensure that hackers cannot use illegal programs to modify the key.
3. Double-key cryptosystem
In order to improve the security of transactions, U Shield adopts a double-key cryptosystem to ensure security. When the U shield is initialized, the cryptographic algorithm program is first burned in ROM, and then a pair of public and private keys is generated by the program that generates the public and private key pair. After the public key and private key are generated, the key can be exported to the U shield, and the private key is stored in the key area, and external access is not allowed. In the process of digital signature and asymmetric decryption, all cryptographic operations with private participation can only be completed in the chip, and the private key can't leave the U shield medium in the whole process, thus ensuring that the digital certificate authentication with U shield as the storage medium is impeccable in security.
4. Hardware implementation of encryption algorithm.
U shield has built-in CPU or smart card chip, which can realize various algorithms of data summary, data encryption and decryption and signature. The encryption and decryption operation is carried out in the U shield to ensure that the user key will not appear in the computer memory.