Application of Smart Card in the Pilot Project of Jiangsu Electric Power Company
[ad_1]
Jiangsu Province is located in the Yangtze River Delta, with an area of about 1% of the country and a population of about 6% of the country. In 2004, Jiangsu Province achieved a GDP of 155.124 billion yuan, an increase of 14.9% over 2003. It has a pivotal position in China’s national economy. As one of the most active regions in China’s economy, Jiangsu’s power construction has always been the top priority related to the development of the national economy. From January to May 2005, electricity consumption in various parts of Jiangsu reached 55.932 billion kwh, a year-on-year increase of 22.8%, the highest increase in East China. It can also be seen that Jiangsu Electric Power’s construction tasks are heavy.
In the work of vigorously strengthening the production and management of Jiangsu electric power, informatization has always been one of the key areas of Jiangsu Electric Power Company. The informatization of Jiangsu Electric Power started in the 1980s. In 1994, at the computer application leading group meeting held by the Jiangsu Electric Power Company at the end of 1994, after repeated discussions and weighing the pros and cons, it was determined that the construction and development of the province’s power system informatization should implement “unified leadership, unified planning, and unified development.” The principle of “three unifications” of “promotion”. Throughout the country, Jiangsu Electric Power is one of the first domestic electric power companies to realize informatization.
With the arrival of the climax of information network construction and application, information security issues have become increasingly prominent and have become an important part of the national security strategy. Information security has become a new topic that power companies face in the information age and the new situation of knowledge economy. Once the security of the power system information network is destroyed, the impact and loss will be huge. In recent years, incidents of power system information security breaches have occurred from time to time. Combining the characteristics of the power industry, summarizing operation and management experience, in-depth analysis and research on power information system security issues, and formulating power system information security strategies have become an important content of current power informationization work. . At the Symposium of Directors of the Information Center of the State Power Corporation in September 2002, General Manager Zhao Xizheng made it clear that information security should be treated the same as power production security.
In order to improve the level of information security protection of the power system, the State Power Corporation established a project at the end of 2001 to take the “Jiangsu Provincial Electric Power Company Information Security Demonstration Project” as a key scientific and technological project of the State Power Corporation for research and research; in July 2002, the Ministry of Science and Technology officially approved the ” The “Power System Information Security Application Demonstration Project” is one of the three application demonstration projects of the “National Information Security Application Demonstration Project” of the “Tenth Five-Year Plan” national major science and technology project, and is undertaken by Jiangsu Electric Power Company and Liaoning Electric Power Company. The construction of Jiangsu electric power system information network and application system already had a considerable scale at that time, laying a good foundation for the development of power information system safety demonstration projects.
After rigorous selection and review by Jiangsu Electric Power, the world’s top ten smart card technology and service providers and Watchdata, which focuses on data security and smart card research and development, became the solution provider and “all-in-one card” in the information security demonstration project of Jiangsu Electric Power Company. Provider.
Pay equal attention to safe and efficient application and management
Project background, goals and requirements
The information security demonstration project of Jiangsu Electric Power Company includes three parts: PKI platform construction, basic security protection and application system transformation, of which PKI construction is the focus of this project.
The PKI platform of the Jiangsu Electric Power Company’s Information Security Demonstration Project is an enterprise’s internal information security infrastructure. The overall goal of its construction is to establish a unified authentication and authorization mechanism for the entire network, and a unified time service for the entire network to ensure that information is generated, Confidentiality, integrity, non-repudiation and availability during storage, transmission and processing; incorporate company-wide information system users into a unified user management system; improve the security strength and application level of the application system.
PKI (Pubic Key Infrastructure) is a technology and specification that uses public key encryption technology to provide a set of secure basic platform for the development of e-commerce. Users can use the services provided by the PKI platform for secure communication. The PKI of Jiangsu Electric Power Company is an internal information security infrastructure of an enterprise. The overall goal of its construction is to establish a unified authentication and authorization mechanism for the entire network, and a unified time service for the entire network to ensure that information is generated, stored, transmitted, and processed. Confidentiality, integrity, non-repudiation, and availability in the system; incorporate company-wide information system users into a unified user management system; improve the security strength and application level of the application system.
In the PKI system, a digital certificate, also called “digital ID” or “digital ID”, is an authoritative electronic document, which is like an ID card in a network computing environment, used to prove a certain subject (such as The identity of people, servers, etc.) and the legitimacy of their public keys. The digital certificate is composed of a pair of keys and user information, and is written into the smart card to ensure that the user information is not illegally read and tampered with. The Jiangsu Electric Power Smart Card is a carrier that stores the basic information of Jiangsu Electric Power employees and his own digital certificate, just like the digital work card of Jiangsu Electric Power employees.
The construction of Jiangsu Electric Power Smart Card is not only an important link in the construction of Jiangsu Electric Power’s PKI system, but also an important part of the infrastructure for building digital Jiangsu Electric Power. As the digital carrier of employee identity information, Jiangsu Electric Power Smart Card can not only play the role of digital signature and information encryption in the PKI system, but also play the role of identity authentication in the access control system and attendance system, and even in the staff canteen. To the role of e-wallets. Jiangsu Electric Power Smart Card will be more widely used with the continuous promotion of information systems in electric power enterprises, and will truly become the “One Card” of Jiangsu Electric Power.
Based on the above considerations, Watchdata believes that the construction of Jiangsu Electric Power’s smart card should follow the following principles:
1. The principle of “one card with multiple uses”
One card for multiple purposes is for users to allow card readers made by different manufacturers to enter the system, but users can implement all applications with one card. One card with multiple uses can avoid waste, avoid duplication of development and blind issuance of cards. It not only increases the convenience and comfort of the user, but also reduces the construction cost and management cost. With the support of the unified authentication system, unified card management can be realized.
2. Follow the principles of standards
The selection of smart cards must follow certain domestic and international standards to ensure that Jiangsu Electric Power smart cards have good compatibility and can be used in a variety of application systems.
3. The principle of safety and reliability
First of all, as the carrier of the digital certificate, the Jiangsu Electric Power Smart Card must be able to ensure the security of the user’s digital certificate in the card. In addition, as a multi-purpose card, Jiangsu Electric Power Smart Card must be durable, not easy to wear, and adapt to various application environments.
4. The principle of large storage capacity
The storage capacity of the card should be large enough to facilitate information storage in a multi-application environment. Provide expansion space for the future development of new smart card applications.
Implement TimeCOS/PK&DI smart card and travel all over Jiangsu Electric Power
Smart card selection
Based on the above construction principles of Jiangsu Electric Power Smart Card, and considering the various practical applications that the smart card will involve, Watchdata decided to adopt a dual interface CPU card.
Smart card is a kind of IC card. According to the different chips embedded on the card, IC cards can be divided into: memory cards, logic encryption cards, and CPU cards. According to the different forms of data transfer between the card and the outside world, IC cards can be divided into contact cards, contactless cards, and dual interface cards.
Watchdata Systems Co., Ltd. has recently developed its own TimeCOS/PK&DI smart card, a card product based on the TimeCOS system. The card chip of this card selects the security chip that has passed the international certification and obtained the highest level ITSEC E4 certificate for product development, and the operating system software uses the TimeCOS smart card operating system independently developed by Watchdata and has independent intellectual property rights.
TimeCOS/PK&DI smart card products are dual-interface cards with contact and non-contact characteristics. Its contact characteristics comply with ISO/IEC 7816 specifications, the stored data has a high degree of security, and there is a strict authority management mechanism for file access and function use; non-contact characteristics comply with ISO/IEC 14443 TYPE-A and TYPE-B Communication protocol specification.
TimeCOS/PK&DI smart card products have a high degree of security and support PKI functions. This product can quickly complete the RSA algorithm signature, verification, encryption, and decryption functions in the card, and generate 1024 RSA key pairs in the card, using strong Prime number generation scheme to ensure the quality of the key pair. At the same time, this product supports domestic security algorithms.
Another outstanding feature of TimeCOS/PK&DI smart IC card products is that it has fingerprint recognition technology and can realize fast fingerprint recognition comparison in the card. This feature combines traditional smart card password recognition technology with “biological recognition technology”, which greatly improves the security strength of the system and is a powerful supplement to PKI technology. Organically integrate fingerprint authentication with CA authentication, use fingerprints to authenticate personnel, and based on PKI technology, implant information security technologies such as digital signatures, identity authentication and certificate management into the existing e-commerce/government system to ensure the system Reliable certification and reliable transmission of information.
In summary, the characteristics of TimeCOS/PK&DI smart cards meet the project requirements of Jiangsu Electric Power:
1. Security
The CPU card has computing functions and can perform more complex encryption/decryption operations. The built-in operating system (COS) also includes security technology, which provides a double security guarantee for the CPU card. The CPU card is extremely difficult to forge and is currently a very safe card type.
2. Convenience
Realize one card with multiple applications in the true sense, each application is independent of each other and controlled by its own key management system. The user can perform a variety of applications with one card in hand. With the characteristics of a non-contact card, it can communicate with the reading and writing device from any direction within a certain distance, which makes the operation more convenient and faster.
3. Durability
The non-contact interface of the dual-interface card allows the card to be used without taking it out of the wallet, so the card is not easily worn out by the environment, and it is not easily affected by the environment to destroy the use effect. It has a long service life, and the data storage time can reach more than ten years.
Project implementation effect and outlook
The photos of employees and basic information of employees are printed on the smart card of Jiangsu Electric Power. The card contains the employee’s own digital certificate, signature, and encryption key, which becomes a real digital work card. It can also store personal accounts. Therefore, the TimeCOS/PK&DI smart card will play a greater role in the continuous improvement of Jiangsu Electric Power’s information security construction, especially with the further improvement of the PKI system.
After the establishment of the Jiangsu Electric Power PKI system, the digital certificate on the TimeCOS/PK&DI smart card will serve as a digital pass for employees to enter the enterprise network and application system. It is the authoritative certification of employees’ digital information, and can be used as a personal digital signature of employees. It also provides encryption services for office information that needs to be encrypted. In addition, when the access control system of each enterprise is connected with the PKI system, it can also be used as a certificate for employees to enter and exit various places and departments of the power enterprise, and strictly verify and audit the personnel entering and exiting, ensuring the safety of the power enterprise and the business of the power enterprise to the greatest extent .
TimeCOS/PK&DI smart card also has the characteristics of one card with multiple functions and easy expansion. It can be applied to other related fields of electric power enterprises, such as in the staff canteen, as a digital wallet; in the attendance system, as a digital attendance card; in the corporate library In, use as an electronic lending card, etc.
In the future, with the successful implementation and completion of the Jiangsu electric power project pilot, Jiangsu electric power informatization will enter a brand new stage. With a small card, the operation of electric power enterprises and the work and life of electric power employees will enter the digital wave in an all-round way, enjoying the convenience, safety and efficiency of a digital society.
[ad_2]