NIS Research Institute
Shenzhen Network and Information Security Industry Association
—— For more content, click to read the original article.
In recent years, the independent innovation capability of commercial cryptography products in our country has continuously strengthened, and the industrial support capability has been continuously improved. A rich variety of commercial cryptography product systems have been established, with complete chains and secure applicability, and some product performance indicators have reached international advanced levels.
Types of Commercial Cryptography Products
Commercial cryptography products can be divided into six categories based on their form: software, chips, modules, boards, complete machines, and systems. 1. Software refers to cryptography products that appear in pure software form, such as cryptographic algorithm software.
2. Chips refer to cryptography products that appear in chip form, such as algorithm chips and security chips.
3. Modules refer to products that assemble single or multiple chips on the same circuit board, equipped with dedicated cryptographic functions, such as encryption and decryption modules and security control modules.
4. Boards refer to cryptography products that appear in board form, such as smart IC cards, smart cryptographic keys, and cryptographic cards. 5. Complete machines refer to cryptography products that appear in complete machine form, such as network cryptographic machines and server cryptographic machines.
6. Systems refer to products that appear in system form, supported by cryptographic functions, such as certificate authentication systems and key management systems.
Types of Functions of Commercial Cryptography Products
Commercial cryptography products can be divided into seven categories based on their functions: cryptographic algorithm products, data encryption and decryption products, authentication and identification products, certificate management products, key management products, anti-counterfeiting products, and comprehensive products.
1. Cryptographic Algorithm Products
Cryptographic algorithm products mainly refer to products that provide basic cryptographic computation functions, such as cryptographic chips.
(1) Algorithm Chips
Algorithm chips primarily implement cryptographic algorithm logic and generally do not involve secure storage of keys or sensitive information, such as elliptic curve cryptography algorithm chips and digital physical noise source chips.
(2) Security Chips
Security chips add security functions such as key and sensitive information storage on the basis of algorithm chips, equivalent to a “safe” where the most important algorithm data is stored within the chip, and the encryption and decryption operations are completed inside the chip. Security chips have high security protection capabilities, capable of protecting the keys and information data stored inside from illegal reading and tampering, and can serve as the main control chip for cryptographic boards.
2. Data Encryption Products
Data encryption and decryption products mainly refer to products that provide data encryption and decryption functions, such as server cryptographic machines, VPN devices, and encrypted hard drives.
(1) Server Cryptographic Machines
Server cryptographic machines mainly provide high-performance cryptographic services such as data encryption and decryption, digital signature verification, and key management. Server cryptographic machines are usually deployed on the application server side and can provide cryptographic services for multiple application servers simultaneously, ensuring the confidentiality, integrity, and authenticity of important data. As basic cryptographic products, server cryptographic machines can provide high-performance data encryption and decryption services for secure document transmission systems, secure emails, electronic signature systems, and can also serve as the main cryptographic device and core component for host data security storage systems, identity authentication systems, and symmetric/asymmetric key management systems, widely used in security business application systems in industries such as banking, insurance, securities, transportation, e-commerce, and mobile communications.
(2) VPN Devices
VPN devices provide secure access methods for remote access, ensuring confidentiality and integrity protection for network communication, as well as security functions such as identity authentication and replay attack prevention.
(3) Encrypted Hard Drives
Encrypted hard drives are large-capacity storage devices aimed at data security storage, generally using cryptographic chips to encrypt and protect data, with data stored in ciphertext form on the hard drive. At the same time, encrypted hard drives also have user identity authentication functions, which can be combined with identity authentication products such as smart IC cards. Using encrypted hard drives can effectively prevent data leakage risks caused by hard drive loss or unauthorized access.
3. Authentication and Identification Products
Authentication and identification products mainly refer to products that provide identity authentication functions, such as authentication gateways, dynamic password systems, and signature verification servers.
(1) Authentication Gateways
Authentication gateways mainly provide high-strength identity authentication services based on digital certificates for network applications, effectively protecting the security of access to network resources. Authentication gateways are access and control devices before users enter application service systems, usually deployed between users and protected servers. The external network port of the authentication gateway connects to the user network, while the internal network port connects to the protected server. Since the protected server connects to the authentication gateway through the internal network, the connection between users and the server is isolated by the authentication gateway, preventing direct access to the protected server, and services can only be obtained through gateway authentication.
(2) Dynamic Password Systems
Dynamic password systems are comprehensive systems that include dynamic tokens and dynamic token authentication, providing dynamic password authentication services for information systems. The dynamic token authentication system consists of an authentication system and a key management system. The dynamic token is responsible for generating dynamic passwords, the authentication system is responsible for verifying the correctness of dynamic passwords, and the key management system is responsible for managing the keys of dynamic tokens, while the information system is responsible for sending dynamic passwords to the authentication system for authentication according to specified protocols.
4. Certificate Management Products
Certificate management products mainly refer to products that provide certificate generation and distribution management functions, including certificate authentication systems.
(1) Digital Certificates
Digital certificates, also known as public key certificates, are data structures signed by certificate authorities that contain information about the public key holder, the public key, issuer information, validity period, and extension information. They can be classified into personal certificates, organizational certificates, and device certificates based on the subject. Based on usage, they can be divided into signature certificates and encryption certificates. The system that manages digital certificates is usually called a “certificate authentication system.”
(2) Certificate Authentication Systems
Certificate authentication systems are a set of software that manages digital certificates throughout their lifecycle, including user registration management, certificate and certificate revocation list (CRL) generation and issuance, certificate and CRL storage and publication, certificate status querying, and security management. Certificate authentication systems generally include a certificate management center and a user registration center.
The certificate management center is responsible for managing certificates, such as issuing and updating certificates and CRLs, revoking certificates, and querying or downloading certificates and CRLs. The user registration center is responsible for providing face-to-face certificate business services to users, such as certificate applications and identity verification.
5. Key Management Products
Key management products mainly refer to products that provide functions such as key generation, distribution, updating, archiving, and recovery, including key management systems.
Key management products usually include hardware for generating keys, such as cryptographic machines and cryptographic cards, as well as software that implements services such as key storage, distribution, backup, updating, destruction, archiving, recovery, querying, and statistics, such as financial IC card key management systems, digital certificate key management systems, social security card key management systems, and Alipay service key management systems. The core function of key management products is to ensure the security of keys, which is central to various cryptographic systems.
Digital Certificate Key Management Systems
Digital certificate key management systems mainly consist of functional modules such as key generation, key vault management, key recovery, cryptographic services, key management, security auditing, and authentication management.
6. Anti-Counterfeiting Products
Anti-counterfeiting products mainly refer to products that provide cryptographic anti-counterfeiting verification functions, including electronic seal systems, payment password devices, and timestamp servers.
(1) Electronic Seal Systems
Electronic seal systems usually combine traditional seals with digital signature technology, using component technology, image processing technology, and cryptographic technology to protect electronic documents with data signatures.
Electronic seal systems include electronic seal production systems and electronic seal service systems.
The electronic seal production system is mainly used to produce electronic seals, and the seal data is imported into the electronic seal service system offline. The electronic seal service system is mainly used for stamping and verifying electronic seals.
(2) Timestamp Servers
Timestamp servers are authoritative systems based on KPI technology that provide accurate and reliable timestamp services, widely applicable in online transactions, electronic medical records, online bidding, and digital intellectual property protection in e-government and e-commerce activities.
7. Comprehensive Products
Comprehensive products refer to products that provide functions from two or more of the six categories of cryptographic products, including ATM password application systems.
ATM Password Application Systems
ATM password application systems are used in the financial sector, providing a series of financial services such as account inquiries, transfers, deposits/withdrawals, and balance inquiries.
NIS Research Institute compiled and edited
Source: National Engineering Research Center for Information Security
If you need to reprint, please leave a message in the background.
·END·
Shenzhen Network Information Security Association
Subscription Number: NIS Research Institute
For more information, please follow the “NIS Research Institute” public account
Shenzhen Network and Information Security Industry Association