What is the principle of campus network authentication system?
First, the concept of electronic authentication-electronic signature is only a way to identify the identity of the signer and confirm the relationship between the sender of the signature document and the electronic document issued. How to solve the above problems, such as judging the certainty of public key and denying the possibility of private key holders signing documents, are all problems that electronic signature technology itself cannot solve. In other words, it is a problem to solve the credibility of the private key holder. There are two possibilities. First, the key holder is subjectively malicious, that is, he consciously denies his behavior; Second, objective reasons, that is, the key is lost, stolen or decrypted, make it difficult for the sender or receiver to explain the imputation problem. In fact, similar problems also exist in our traditional business transactions, but we have a relatively complete solution. Of course, this includes supporting legal norms and protective measures. In the traditional use of signature (seal), in order to prevent the signer (seal) from providing forged or tampered signature (seal) or the sender from denying that the signature (seal) is his own work for various reasons, some countries or regions adopt the way of filing and stamping in advance through authoritative and credible authorities and providing verification certificates to prevent denial or forgery. For example, in Taiwan Province Province, China, for some important legal documents (such as real estate transaction documents), the following methods are used to identify the authenticity of the seal: in order to ensure the authenticity of the sealed document, the seal holder needs to send the seal to the authoritative household administration office for registration and filing before sealing, and handle the seal certificate, and then send the seal certificate together with the sealed document to the recipient. The recipient compares the seal certificate with the original, and if they are completely consistent, the document and its seal can be confirmed. In the process of electronic transactions, a third party with authority and credibility is also needed as a certification body to perform management functions such as public key identification and authentication, so as to prevent the sender from denying or reducing the risk of key loss, theft or decryption. Therefore, the safe use of electronic signature must cooperate with the establishment of the security certification body system. In fact, many western countries (the United States, Canada, Germany, etc. ) and Japan have established or are establishing public key infrastructures. In this way, the combination of electronic signature and CA authentication on the network solves the credit problem that electronic signature technology can't solve. 2. Process of electronic authentication-The specific operation process of electronic authentication is as follows: Before the sender signs electronically, the signatory must send its public key to a legally registered third party, namely CA Certification Center, which has a license to engage in electronic authentication services, and is registered by the Certification Center and issues an electronic seal certificate. Then, the sender sends the electronic signature file together with the electronic seal certificate to the other party, and the receiver can determine the authenticity and credibility of the electronic signature file through the verification of the electronic seal evidence and the electronic signature. It can be seen that in the electronic document environment, the role of CA certification center is similar to that of the third party (household registration office) in the above-mentioned traditional written document signature (seal) environment. CA Certification Center plays the role of a third party and exercises authoritative notarization. The electronic seal certificate issued by CA certification body is the electronic data to prove the corresponding relationship between them, indicating and confirming the user name and its public key. After a user obtains a certificate from a public place, as long as the content of the certificate is indeed issued by a CA institution, it can be inferred that the public key in the certificate is indeed owned by the corresponding user. In this way, the holder of the public key can not deny that the corresponding key belongs to him, let alone that the electronic signature verified by the key is not signed by him. Purpose of electronic authentication-The purpose of electronic authentication is to identify and authenticate public keys (including transnational authentication) by CA institutions, so as to prevent or reduce the uncertainty and unsafe risks of electronic documents caused by lost, damaged or decrypted keys. At the same time, the certification certificate can also prove the credit status of key applicants. Electronic certification authority-1. Form of establishment of electronic certification bodies. -Looking at some countries, there are generally two types of electronic authentication (CA) settings. The first category is the institutions directly established by the subordinate units of the relevant competent departments of the state to engage in electronic certification services. Or the relevant government departments play the role of the highest level certification center in the CA system. The second category is that the relevant government departments authorize, stipulate strict examination and approval conditions and procedures, issue certificates, and exercise supervision power at the same time to ensure the safety of online transactions. Either way, the role played by the government is crucial. The reason is as follows:-1) permission. -Only the electronic certification service company authorized by the national competent department or the CA certification institution with the wholesale business license issued by the competent department is the most authoritative. In a sense, this is just like the personal identity card issued by the public security department is absolutely reliable and authoritative. -At the same time, because the application of electronic authentication in the network has the characteristics of crossing national boundaries, only the national competent department intervenes in the name of the country, thus making the reliability of electronic authentication effectiveness recognized by other countries. -2) standardization. -The competent government departments can formulate a unified legal technical scheme to standardize the electronic certification standards and processes of CA institutions at all levels. At the same time, government authorities can play the role of the highest level public key certification center. This is a common form of public key infrastructure system in American states and federal governments, Germany and other countries. -3) enforceability-Because the government department plays the role of the state in CA certification, it has the characteristics of absolute authority and unity in the establishment of the system, the formulation of standards, and the compatibility with transnational certification. Therefore, in the process of implementing electronic authentication service, its operability and enforceability are obvious. In this way, the possibility that electronic authentication cannot be implemented due to the emergence of different standards (technologies and services) can be avoided, and the fear of lack of security in online transactions can not be eliminated. -2. Conditions for establishing an electronic certification authority (CA)-When applying for an electronic certification service license, CA must meet certain examination and approval conditions. When approving the wholesale license, the competent government departments should not only examine the applicant's hardware measures (such as the choice of office space) and software conditions (such as the technical expertise of the company's personnel), but also examine the subject qualification and the ability to bear damages. The following is a brief introduction to the conditions for CA to provide electronic authentication services under Utah electronic signature law. -( 1) Subject qualification: can be a practicing lawyer; Trust machine function or insurance institution registered in Utah; Utah governor, state courts, cities, counties and other institutions that designate public servants to carry out CA certification business according to laws or administrative orders and their certified employees; Any company that obtains a business license in Utah; -(2) Procedures: CA itself must apply for a public key certificate and store it in a public key certificate database established or recognized by the competent authority for public viewing and reading; ——(3) Notary qualification: You must have a notary qualification or at least employ one employee with a notary qualification; -(4) Employees must not have a serious criminal record: employed employees must not have a serious criminal record or commit other crimes of fraud, false reporting or deception; -(5) Professional knowledge: The employed employees must have professional knowledge in conducting certification business; -(6) Business guarantee: In addition to government officials or institutions applying for CA business, other applicants must provide business guarantee; -(7) Software and hardware facilities: You must have legal rights to the software and hardware facilities required for CA business; -(8) Business place: You must have a business place in Utah or appoint an agent to perform business on your behalf; -(9) All other regulations of the competent authority must be observed. Third, the effectiveness of electronic authentication-there are generally two ways to guarantee the effectiveness of electronic authentication. The first and most direct way is to confirm it through legislation. This is mainly through the law to authorize the competent departments of government agencies to formulate corresponding rules, thus ultimately ensuring the effectiveness of electronic authentication, which has legal basis and guarantee. This method is adopted in many states in the United States. This is mainly manifested in the following aspects:-1, expressing and directly recognizing acceptable technical solution standards in the form of direct legislation; (such as Utah, USA; Laws of the Hong Kong Special Administrative Region, etc. ) -2. Authorize the competent government departments to formulate corresponding rules, such as the right to issue or revoke the license of CA institutions to engage in electronic authentication business, and at the same time have the power of administrative punishment for CA institutions that violate the rules/illegally operate; -3. Formulate clear conditions and procedures for establishing and managing CA institutions. At the same time, at the level of supervising CA institutions, the government authorities have also established a database of all CA institutions legally registered and engaged in electronic authentication business for customers to inquire. For example, according to the laws of Utah, the competent authority has established a database containing the detailed documents of all registered CA institutions in its public key certificate database. In addition to general company information (such as company name, address, telephone number, authorized business scope, etc.), it also includes information such as whether the institution currently in use has been punished for illegal operation.