In the first layer, MK is the encryption master key, which consists of three parts. It uses double standard DES key (up to 1 12 bits) and stores it in HSM machine, thus realizing triple data encryption technology. Its function is to encrypt all other keys and encrypted data stored locally. Because other keys and encrypted data stored locally are under MK encryption. So MK is the most important key. In the second layer, BMK is usually called key encryption key or key exchange key. Its function is to encrypt the working key that needs to be transmitted on the communication line. So as to realize the automatic distribution of work keys. In a local or * * * shared network. Two different communication sites use different keys to encrypt the key, so as to realize partition management of the key. When storing locally, whether it is encrypted by local M or directly stored in the hardware encryption machine. The third layer, usually called working key or data encryption key. Including PIK, MAK, TMK (including TPK, TAK) and other keys, its function is to encrypt all kinds of data. So as to realize the functions of data confidentiality, information authentication and digital signature. When these data keys are stored locally, they are under the encryption of BMK or stored directly in the hardware encryption machine.