The present invention relates to a method for downloading and verifying a CAS client in a downloadable CA system that encrypts and verifies a CAS client using a certificate of a security module, and more particularly, unique X held by a security module of a DCAS host. Enhance the integrity of the transmitted CAS client by sending the encrypted CAS client using the public key of the .509 certificate as the public key of Pretty Good Privacy (PGP) to increase the security of the DCAS system, and the CAS client sent to the DCAS host. By repeatedly verifying during installation or booting process, the integrity of the transmitted CAS client is continuously verified to maximize the stability of the DCAS system, and by using the security functions of the PGP by using the certificate of the existing security module. Superior security than the digital signature method And to maintain a secure system, easy maintenance DCAS effect.
展开▼
机译:本发明涉及一种用于在可下载的CA系统中下载和验证CAS客户端的方法,该方法使用安全模块的证书,更具体地,由DCAS主机的安全模块持有的唯一X来对CAS客户端进行加密和验证。通过使用.509证书的公钥作为Pretty Good Privacy(PGP)的公钥发送加密的CAS客户端,以增强DCAS系统的安全性,并发送给CAS客户端,以增强传输CAS客户端的完整性。 DCAS主机。通过在安装或引导过程中反复进行验证,可以不断验证传输的CAS客户端的完整性,以最大程度地提高DCAS系统的稳定性,并通过使用现有安全模块的证书来使用PGP的安全功能。比数字签名方法优越的安全性并保持安全的系统,易于维护DCAS的效果。
展开▼
