SURE enterprise-level CA system consists of a key management center (KMC), a CA management center and a distribution server, and its structure is shown in the following figure: SURE enterprise-level CA system is suitable for internal use of companies, and its main functions are to realize internal user identity confirmation, data encryption, electronic signature and other functions. Through the construction of enterprise-level CA, the requirements of confidentiality, authentication, integrity and non-repudiation of internal information can be met.
Compared with third-party CA, enterprise-level CA system has the following advantages:
(1) can meet the security requirements of internal information systems at the application level, and realize the issuance and management of internal digital certificates.
(2) Long-term trial can be realized with one investment, and the annual inspection without a license can be paid.
⑶ The digital certificate issued can be applied to multiple systems within the enterprise to realize unified authentication and management of identity. SURE electronic signature system is a security product that combines electronic seal technology and electronic signature technology to detect the integrity of documents and verify the identity of signing users. The system adopts PKI technology and digital signature technology, which fully ensures the authenticity, uniqueness, source confirmation, undeniable and unrepeatable of the signature and seal itself.
Electronic signature consists of an electronic signature server, a management terminal and an electronic signature client, and its architecture is shown in the left figure:
SURE electronic signature system supports Word, Excel, Web, PDF, AutoCAD and other electronic signatures. SURE electronic signature system, as a credible application platform, provides a safe and effective guarantee for application information systems (such as OA, ERP, business systems, etc.). ). SURE Authentication Gateway is a product that provides intranet access control, strong authentication and audit services for access users, and solves security problems such as authentication and information confidentiality when users use application systems.
The security authentication gateway is an independent hardware device. In order to facilitate the use of external network users, the authentication gateway is generally deployed at the outermost layer of the network to realize the authentication of user identity. Its deployment structure is as shown on the right: SURE signature authentication server products provide high-strength data link encryption services and digital signature and verification services based on digital certificates for network applications, which can effectively protect the secure access of network resources. B/S applications that support HTTP and HTTPS and general C/S applications, such as FTP and Remote Desktop.
The signature authentication server consists of a server and a client, which verifies the services provided by the server and the requests of the client. SURE timestamp server is a set of time certification authority (TSA) system based on PKI technology, which provides accurate and reliable timestamp service. Timestamp server can realize the reliable time confirmation of internal information exchange and enhance the credibility of time.
SURE timestamp server adopts client/server mode, and the server is a hardware device based on Linux system kernel, which can synchronize time with the third-party time service center. The client program is an API interface, which can seamlessly interface with various application systems.
The deployment diagram of timestamp server in the network is as follows:
SURE timestamp server can be applied to large government agencies, medical industry, enterprises and institutions with strict time requirements across regions. And it can be determined that the timestamp server can be bound with application products such as electronic signature as a trusted time service of electronic signature. Directory service system is a database that stores data in a tree structure, which is convenient for distributed quick query. It is mainly used to store information of network resources such as administrators, certificates, domain names and e-mail addresses.
The application of directory service system is shown in the right: SSL VPN refers to a new VPN technology that uses SSL (Secure Sockets Layer) protocol to realize remote access. SSL VPN can enable enterprises to establish a secure WAN (Wide Area Network) service with the same strategy as that provided by private networks on cheap infrastructure. It can realize the connection with mobile office workers, branches, partners, product suppliers and customers, improve the ability to conduct business with branches, customers, suppliers and partners, and ensure the security of data transmission through the network.
After years of research and development, Shandong Zhenxin Information Industry Co., Ltd. independently developed SURE series products for different needs, including S- 1000, S-3000, S-5000, S-8000 and other products.
Product advantages:
Zero client: You can access the company's internal network through a browser without installing VPN client software.
Support all operating systems: Windows, Unix, Linux and other operating systems with pre-installed standard browsers.
Customization of interface: The access interface can be customized into an exclusive system containing the company name and LOGO, which has a friendly user interface and improves the corporate image.
Dynamic password authentication mechanism: the client can choose to use dynamic password authentication, which can effectively ensure the security of users' authentication through SMS or email. Support for third-party authentication: Support for LDAP, security ID, MS-active Director, Radius, Usb Key, local database and other authentication methods.
No address conflict: there is no conflict between the IP addresses of the mobile client and the central intranet, even if the IP addresses of the mobile client and the intranet are the same, they can be used normally.
Unlimited network applications: Support various B/S and C/S network applications, such as OA, CRM, ERP, E-MAIL, etc.
Log audit function: record the user's access time, access address, access application, session length and other information, and provide security audit.
Security architecture
The security architecture of SURE SSL VPN allows users to access internal resources anywhere through the set security access policy, and realize the security of data transmission through security technology.