Summary
The SM9 cryptographic algorithm belongs to the Identity Based Crytograph (IBC) system. It uses the identity of the user terminal to replace or evolve it into a public key. It does not require a public key certificate authority (Certificate Authority, CA) and reduces key resource management. and deployment difficulty, suitable for IoT application scenarios with higher security requirements. However, user private key distribution requires the user terminals to be centralized in the key management system and written into the password carrier of the user terminal in an offline manner. It cannot be written online through the network, so there are shortcomings of heavy workload and low management efficiency. Based on the SM9 key management technology system and through relevant security design, an online distribution method of user private keys is proposed, which can effectively promote the application of SM9 in the field of Internet of Things.
Content directory:
1 Introduction to SM9 key management system
1.1 Key management system composition and architecture
1.2 Analysis of user key generation and distribution mechanism
2 User private key online distribution solution
2.1 User terminal authentication and registration
2.1.1 Implementation plan
2.1.2 Process design
2.2 Online distribution of user private keys
2.2.1 Implementation plan
2.2.2 Process design
3 Feasibility analysis
3.1 Security analysis
3.1.1 Protection system aspects
3.1.2 Key distribution protocol aspects
3.2 Practical analysis
3.2.1 Deployment of password applications
3.2.2 Impact on application systems
Internet of Things applications include perception layer, transmission layer and application layer. In special fields with high security requirements, authentication and encryption methods need to be used to process the information collected and transmitted by user terminals in the perception layer to ensure the security of application information. The user terminals distributed in the perception layer have the characteristics of wide distribution, large number, and lightweight terminal equipment. The traditional Public Key Infrastructure (PKI)