First of all, the identity of the sender is determined by a third-party certification body, such as GlobalSign.
Second, after confirmation, the certification authority issues the sender's identity certificate containing the public key and locks the issued file.
Thirdly, the receiver needs to automatically check with the certification authority the following matters: whether the identity certificate is correct, whether the identity certificate of the sender has expired, whether the certificate of the sender has been tampered with, and whether the issued certificate is consistent with the identity of the sender.
The public key infrastructure includes: a set of digital signature and encryption technologies, a considerable number of certification institutions with reasonable distribution, including the data communication network of the sender, receiver and certification institutions. Obviously, the establishment of such a public key infrastructure not only requires a lot of manpower, material resources and financial resources, but also is closely related to the safe and effective operation of the whole e-government. Because e-government, e-commerce and the construction of e-community all depend on the realization of digital signature, the importance of public key infrastructure and its huge demand are obvious. In foreign countries, the construction of public key infrastructure is still in the stage of accumulating experience through pilot projects. From the perspective of development, a country may have not only one set of public key infrastructure, but also multiple sets of public key infrastructure systems for different fields and uses. Because different services handled by the system have different requirements for the complexity, security and reliability of public key infrastructure. As far as the development of e-government is concerned, in order to ensure the safe and reliable operation of government affairs and the confidentiality of government communications, the "certificate management institution" dedicated to government departments is naturally planned and established by the government.
Another key factor in implementing electronic authentication is the choice of private key form. At present, the popular forms are personal password and personal fingerprint. Among them, the personal password is combined with a unique personal number. When authenticating, the authenticated user needs to provide his own identity number to the system, and then input the password, and the system extracts the password information corresponding to the number from the database according to the number.
Compare it with the password entered by the user to confirm whether the user is a legal digital signature user, and then the user can obtain the right to use the digital signature. Using personal password is relatively simple to implement and relatively low in cost, but the overall security is not strong enough. The basic principle of personal fingerprint authentication is similar to that of personal password, and it is also necessary to provide personal identification number and use fingerprint instead of password as the private key of authentication. Due to the limitation of technology, the current fingerprint authentication adopts one-to-one authentication method, that is, one identity number corresponds to one person's fingerprint. This method is characterized by high security and no duplication, but it is costly to implement. As a kind of face recognition, fingerprint recognition is the development trend of identity recognition in the future. One-to-many fingerprint authentication will appear in the future, and users can use fingerprints instead of personal identification numbers as the only carrier of identity. E-government advocates the establishment of a digital and networked social system, and all kinds of behaviors of enterprises, institutions and the public can be realized on the network. The basis of ensuring the validity and legality of these behaviors is to establish a complete identity management system, so that enterprises and individuals have unique and credible identity data on the network, and all kinds of services and transactions should be based on identity authentication. Because the identification and confirmation of identity has a strong authority, the public identity authentication system needs to be built and maintained by the government, and the establishment of a complete and efficient e-authentication system has become an important function of e-government.
While researching, developing and building national public key infrastructure, countries also attach great importance to researching and formulating legislation and regulations related to digital signature. A regulation on digital signature needs to determine: in what areas and under what circumstances, electronic documents and digital signatures can be used and recognized; Using digital signatures as evidence in legal proceedings; Prohibit "discrimination" against digital signatures permitted by law; At present, France can take digital signature as judicial evidence, which requires the security and advancement of digital signature technology recognized by law, as well as technical certification. At the same time, relevant laws and regulations should also formulate technical requirements, standards and management regulations for public key infrastructure; Formulate management measures and regulations for the establishment of "certificate management institutions", such as the qualification identification of certificate management institutions, the determination of legal responsibilities of certificate management institutions, and the national management departments for certificate management institutions. At present, e-commerce authentication is divided into personal authentication and enterprise authentication. Enterprises engaged in e-commerce can spend money to register and certify in intermediaries, and intermediaries will issue a certificate to enterprises. Now the general corporate websites are certified. E-cert can be viewed in ie tools, Internet access options, contents and certificates, which can prove the identity of the website owner. If you don't make a website, just insert a USB flash drive or something in your computer and add a lot of passwords to confirm your identity during the transaction. Personal authentication is to go to the bank to open an online banking and a silver shield, which is also a USB flash drive. When doing online payment and real-name authentication, it is used for purposes.