1, a unique serial number.

2. Have your digital certificate, which contains your public key information and the signature value of the certificate CA.

3. The private key corresponding to your digital certificate.

The public key of CA is generally not stored in USBKey, but in the installation package. When installing, the installation package will register the CA certificate of your digital certificate with the system.

The application process of the certificate is roughly as follows: 1, and the RSA key pair is generated inside the USBKey. 2. Data composed of personal information, public key of key pair and hash algorithm. Sign with the key pair's private key, fill in the data in P 10 format and submit it to CA. 3.CA verifies the data of P 10, and then signs P 10 with CA's private key to form certificate data. 4. The client saves the certificate data and becomes the client certificate.

The user's public key is stored in a digital certificate, but usually separate public key data is stored in a USBKey.

CA's private key is used to issue customer certificates.

General users log on to online banking for two-way authentication. CA will issue a server certificate to the online banking server. The client will first verify the server certificate, and then use the client certificate to negotiate a symmetric key for SSL communication with the server to ensure the security of data communication.