Current location - Quotes Website - Personality signature - Use of personal digital certificates
Use of personal digital certificates

The core of a personal digital certificate is to identify identities and one-way encrypt sensitive data through asymmetric encryption algorithms. It consists of a certificate, public key, and private key. The certificate and public key exist on both the client and the server, and the private key only exists on the client. The certificate can be issued by a certification authority, or it can be a self-signed certificate. Its main function is to match the public and private keys of the server and the client. It does not play a big role in the use of personal digital certificates.

Using the characteristics of private key signature and public key signature verification, the identity of the data source can be verified. Since the private key is unique and confidential, the data signed by the private key represents the identity of the private key holder and cannot be forged by others.

SMS or email verification codes can also identify identities, but the steps are cumbersome and not suitable for frequent use scenarios. The use process of personal digital certificates is almost transparent to users.

The bank’s U-Shield actually implants the personal digital certificate into the U-Shield after undergoing multiple offline identity verifications (ID card, bank card, mobile phone number, etc.), and performs physical and network verification isolation. When using U-Shield, use the private key to sign the data. If the corresponding public key in the bank server can successfully verify the signature, it means that the identity is legal and sensitive operations such as transfers and cash withdrawals can be performed.

There are also personal digital certificates in payment apps. The function is similar to that of U-shield, except that the identity verification conditions are weaker (payment password, mobile phone number, etc.). In addition, there is no physical isolation and is stored in the mobile phone.

Using public key encryption, only the corresponding private key can be decrypted, so sensitive data can be encrypted. So the one-way here refers to the transmission from server to client. After the server encrypts the data with a specific public key, only the client with the corresponding private key can decrypt it and obtain the plain text.

The payment code of a certain payment is used to ensure the offline security of the payment code.

Issuance process

Usage process

The following process first identifies the identity and then encrypts the sensitive data one-way