Challenge the Suspense of CAPKI

1
Challenge the Suspense of CA/PKI
BEIJING WISDOM INDUSTRIAL PARK OF SCIENCE
TECHNOLOGY CO. LTD. June 2004
2
Suspense of CA/PKI
Is recombinatorial logic security chip applied in
CA/PKI system?OR Is CA/PKI applied in
recombinatorial logic security chip?
3
CA/PKI Faces Puzzle No.1
Eager for improved technology
How to authenticate cross certification?
Protect enough?
Is Public key secure ?
Reliable service?
Well-defended network?
Application integration?
Network traffic?
4
CA/PKI Faces Puzzle No. 2
Complicated infrastructure, loaded management

• Registry
• Grant, Archive and Revoke Certificates
• Generate/Verify Digital Signature
• Third party credibility
• Operation management

5
CA/PKI Faces Puzzle No.3
Lacking trusted terminals in applications

• How powerful we are
• Registry
• (register?archive)
• Authority (grant revoke certificate)
• Authenticate (identify/signa-ture)
• Trusted Third Party(Key generate/exchange)
• Operation (management?agent)

How to deal with CA? Is the terminal reliable?
Where are the users ?!
User
CA
6
CA/PKI Faces Puzzle No.4
Interconnection?Intercommunication?Interoperation
(Algorithm?Protocol ?Security Policy)
Guangzhou (A2)
Shanghai (A1)
America (A3)
Beijing (A6)
Europe (A4)
Shenzhen (A5)
7
Recombinatorial Logic Technology

• Major Goal Create a general purpose chip
  utilized in multi-applications by the way of ASIC
  design Blank Chip.
• It is generated from the revelation of China
  antiquated abacus and supported by Chinese
  Remainder theorem.
• It is a security chip designed with the
  technology of MISC instructions?ESOC
  technology?frequency conversion control?focus
  register architecture?global network structure
  and MCOS hardware implementation.

8
Recombinatorial logic chip
Function Support CA/PKI?esxtensible
technology,support multi certificates
system,support recombination of
protocol?algorithm and security policy,support
users security entropy design. Architecture ASIC
performance, DSP application methods, FPGA
flexibility Circuit Dynamic change of logic,
function, clock, connection, etc. under the
control of configuration files PerformanceRSA
signature 2500-10000/sblock algorithm
1G-6GbpsHash algorithm 1G-4Gbps Application Solv
ed problems of interconnection,
intercommunication and interoperation of security
terminals.
9
Trusted terminals
POS and Smart card
MISC2000 network computer
Router and its security chip
CSTU secure terminals and its key
T-MACRO E-seal
Wisdom Finger Star
10
CA/PKI relied on trusted terminals
Security chip is the application core of trusted
terminals in CA/PKI system Recombinatorial logic
architecture is the technology core of security
chip Recombinatorial logic security chip is
vitality to increase credibility of CA/PKI system
11
How recombinatorial logic chip applied in CA/PKI
system
Registry (register/archive) Authority (grant/ Re
voke/archive certificate) Authenticate (identify/
signature) Third party credibility (Key
generate? exchange) Operation (management/agent)
Encryption (file?data) integration (system?proto
col) security (VPN?certificate? Keys) management
(session?keys) implement
CA
PKI
SSX11 security chip
12
How CA/PKI applied inrecombinatorial logic ship
PKI core
COS core
Communication link
Authenticate
Certificate management
integration authenticate
Authority management
security entropy
Key management
Key exchange
Security policy
Recombi-natorial elements
Random number
Private key storage
CA core
Registry
Signature Authenticate
Prime number
Algorithm IP
Encryption decryption
Identity authenticate
Algorithm expand
13
Complete application environmentStructure

• 2?Client Terminal

Destination

• 4?Server

PKI Superspeed 16 Chip
Speedstring 16 Chip
MISC 9816 CPU
Channel
Ethernet
CloseString 16 Chip
Source
Channel

• 3?Router

Super Speedstring Chip
VPN IPsec
5?VPN
OpenStirng 16 Chip
Internet
1?Smart card
14
Security guarantees
Recombinatorial logic chip is compatible with
CA/PKI now And supports CA/PKI future development

• Random Number Generator design and verification
• Data integration verification and system
  integration
• Key generation and management inside chip for
  protecting attacks
• Powerful support in security policy, algorithm
  recombination, security entropy and security
  protocol design
• MCOS logic supports configuration files,
  instruction format and coding recombination.

15
Interconnection, Intercommunication
Interoperation
Aalgorithm?protocol?security policy.
16
Prospect of recombinatorial logic chip

• Algorithm recombination
• Cipher algorithm (support symmetric cipher system
  (block, sequence ), asymmetric cipher system?hash
  algorithm, applicable to router, secure
  telephone, Network computer, smart card, POS, Key
  and cipher platform and other security systems)
• Speec Codec algorithm (Support 600-9.6Kbps coding
  rate, applicable to wire, wireless?shortwave and
  carrier wave speech terminals)
• Image Codec algorithm (MPEG, multi media
  streaming application)
• Protocol recombination
• Hardware logic algorithm IP design,support COS
  for multi protocols,support download protocol
  (suitable for network interoperation)
• Instruction recombination
• MCOS logic support user defined instruction set
  design,support coding recombination of algorithm
  configuration file for increasing anti-attack
  power
• Security policy recombination
• Support multi security policy design(suitable to
  dynamic interoperation)

17
Prospect of CA/PKI

• Recombinatorial logic technology, as a
  breakthrough for traditional security record
  system, opened door to CA/PKI and removed
  obstacles in interconnect, intercommunicate and
  interoperate by providing security chips and
  trusted terminals
• CA/PKI still to be develop
• application platform(conference?mail?transaction?s
  eal?banking, education)
• Service system(legal?authentication?government
  affairs )

18
Conclusion

• Recombinatorial logic chip
• Provided security entropy for CA/PKI development
• Created new realm for security chip design
• Solved problems of interconnect, intercommunicate
  and interoperate in security terminal
  applications
• Supplied core products of trusted terminls
• CA/PKI will have bright future in China
• Industrialization is vitality of recombinatorial
  logic chip
• Application of recombinatorial logic chip is
  vitality of CA/PKI