(1), key management is very complicated, which is also a difficult problem in the implementation of security API. From the current API products, the key distribution protocol has defects;
(2) Using software encryption, because it is carried out inside the user's computer, it is easy for attackers to track and decompile by using analysis programs.
Hard encryption:
Encryption card: specially used to accelerate data encryption. Generally, it is used on network servers to accelerate HTTPS to avoid occupying the computing resources of the host processor. Many enterprise computer manufacturers provide it.
Encryption lock: At present, the combination of hardware encryption lock and software is generally adopted, and the encryption lock of single chip microcomputer is being eliminated, so I won't say much here. Now I'll talk about the encryption lock of smart card, the mainstream technology product at present:
Smart card encryption lock was created by China people, and it is also the greatest contribution made by China people in the field of soft protection in the world after shell encryption. At present, all patents related to smart card encryption locks are in the hands of China people. In China market, smart card encryption locks account for about 70% of the market.
(1) Smart card chip is designed for security. Generally used in the security field, such as government, military, finance and other fields. Hard copy cloning is basically impossible, but the encryption lock of single chip microcomputer is easy. To measure the standard of smart card chip, we must first look at whether there is international standard certification, that is, the only security certification of smart card chip-EAL series certification. If not, software developers need to think carefully.
(2) Important software codes are completely transplanted into the hardware to run, and no copies are left on the software side, so hackers cannot crack them by tracing, analyzing, decompiling and other means;
(3) Strong computing ability, able to operate codes and complex public algorithms (RSA, TDES, etc.). ). The hardware supports floating-point operations, mathematical functions, security services, file standard input and output, etc.
(4) The powerful code and data storage capacity is no longer a few hundred bytes in the era of single chip microcomputer, but tens of K; Can accommodate nearly ten thousand lines of C language code. (5) Smart card provides hardware random number generator. Under the control of CPU, the generated random number can ensure that the data will not be repeated in each data transmission between the chip and the outside world.
(6) Operating system COS, the core of smart card technology. COS (Card Operating System) is stored on the smart card chip, which is a relatively small but very complete and rigorous system, similar to a DOS.
Choice of smart card encryption lock: Axalto (Schlumberger), Safenet(Rainbow, Aladdin), Giesecke &;; Deviant, Obert, etc. There are also You Ke in the south of Guangzhou, Dean in Jinan, Weishitong in Sichuan and Huazheng Skynet in Wuxi.
Criteria for selecting smart card encryption dogs:
Real smart card chips: At present, there are some encryption dogs on the market who claim to use smart card chips, but actually use some ASIC chips or some chips in the security field, which are not real smart card chips and have no international security certification; International chips are better than domestic chips in stability and security (not unpatriotic, in fact, our chip industry really lags behind foreign countries);
Large storage space: more codes and algorithms can be put, which makes the cracker need to spend more time analyzing and eventually crash;
Driver-free function: it can save after-sales service cost for software developers and prevent crackers from cracking in other ways;
There is no back door: this is an open secret of the dongle industry. Many encryption dog companies have left a back door for their own management, but this back door has opened the door for hackers. Be sure to confirm whether there is a back door before choosing.
After-sales service: This is a very important condition. The after-sales service of large companies is relatively standardized and satisfactory, but there are many problems in small companies. When choosing a dongle, it is better to choose a large-scale enterprise in the industry to cooperate, which is more secure.
Network encryption:
Network encryption is called the safest encryption method, but at the same time its shortcomings are also the most obvious. First of all, you must be in always online to use this service. Once the network is unstable, the encryption software cannot be used. Some foreign game software uses this encryption method, which requires players to connect to the network. Once the network is unstable or disconnected, the program will automatically shut down. In the uproar of users, manufacturers have no choice but to stop using this encryption method.
Secondly, for software with large data flow, network encryption also needs high bandwidth. Network engineers need to constantly solve bandwidth problems and provide users with the best experience.