Good news | New product and new certification, Haiweida Technology C6iot V10.0 national security access control
Congratulations: Haiweida Technology has obtained the authoritative certification of national security access control system. Recently, the C6iot V10.0 national security access control system independently developed by Shenzhen Haiweida Technology Co., Ltd. has successfully passed the commercial password product certification and obtained the "Commercial Password Product Certification Certificate" with the number "GM014411320250668". The implementation of this certification is not achieved overnight. As one of the highest levels of national audits for the security and compliance of commercial password products, Guomi certification must strictly follow the GM/T0036 "Technical Guidelines for Password Application of Access Control Systems Using Contactless Cards" standard. From the design of the underlying password algorithm, data encryption transmission, security protection mechanism to the full process compliance of the product, it must undergo multiple rounds of rigorous testing and auditing by the Commercial Password Testing and Certification Center. The R&D team of Haiweida spent a year tackling difficulties, repeatedly polishing the system encryption logic and optimizing the security protection link, and finally passed the certification with excellent performance of full compliance and zero deviation. The high technical difficulty and audit threshold of this certificate are enough to prove its "gold value". Introduction to the National Cryptography SM Series Algorithm: The security core of the National Cryptography Authentication is derived from the SM series commercial cryptographic algorithm independently developed by the country. This algorithm system has been approved and released by the National Cryptography Administration and has significant advantages of "independent controllability, security and efficiency". It is also the security cornerstone of the Haiweida C6iot V10.0 access control system. Its key application algorithms in access control scenarios include: 1. SM2 elliptic curve public key cryptography algorithm - identity authentication "firewall": As a national security standard that replaces the international RSA algorithm, SM2 is designed based on elliptic curve mathematical principles. Under the same security strength, the key length is shorter (only 1/6 of RSA) and the operation speed is faster. In the Haiweida access control system, SM2 is mainly used for two-way identity authentication between cards and devices: when the user swipes the card, the card and access control controller generate a unique digital signature through the SM2 algorithm. Only when the signature verification is passed can the access control be activated, effectively preventing illegal intrusion behaviors such as "card cloning" and "identity forgery". 2. SM4 block cipher algorithm - data transmission "encryption lock": SM4 is the core of the national encryption symmetric encryption algorithm, using a 128 bit key and a 128 bit block length, with high encryption and decryption efficiency and strong security, suitable for real-time encryption of massive data. In the Haiweida access control system, sensitive data such as personnel entry and exit records and permission configuration information are transmitted between the device and the management platform through SM4 algorithm for full link encryption. Even if the data is intercepted, the content cannot be cracked without obtaining the key, thus eliminating the risk of data leakage from the source. 3. SM3 Password Hash Algorithm - Data Integrity "Verification Code": SM3 is mainly used for data integrity verification, which can convert input data of any length into a 256 bit fixed length hash value ("digital fingerprint"). During the firmware upgrade and configuration distribution of the Hiweida access control system, the system generates hash values for files using the SM3 algorithm. The receiving end verifies the consistency of the hash values before executing the operation to avoid security issues such as firmware tampering and malicious program implantation, ensuring the stability of device operation. What is national security certification? National Cryptography Certification, also known as "Commercial Password Product Certification," is a mandatory audit and certification conducted by the Commercial Password Testing and Certification Center (a national authoritative institution) in accordance with the Password Law of the People's Republic of China to verify the security, compliance, and technological maturity of commercial password products. The core requirement is that the product adopts nationally developed cryptographic algorithms (such as SM series algorithms) to ensure the security and controllability of information encryption, identity authentication, and data transmission from the bottom layer. Why do we need to do national security certification? In the digital age, access control systems have evolved from simple "access control" to "secure data nodes", and the security of their password applications directly affects the security of personnel, assets, and core information. The core value of national security authentication lies in: a. Avoiding security risks: replacing overseas password algorithms, avoiding "technical bottlenecks" and hidden dangers such as data leakage and illegal cracking; B meets compliance requirements: The country explicitly requires that key information infrastructure and security products in key industries must comply with national security standards; C ensures the trustworthiness of the system: Products that have passed authentication mean that their password technology and security mechanisms have been verified by authority and have credibility. Which occasions require the use of national security authentication access control? According to the Password Law and industry security standards, the following scenarios have clear mandatory or priority requirements for the national secret authentication of access control systems: a. Party, government, and military organs: Party committees, governments, and military offices at all levels need to use national secret access control to ensure the security of office areas and confidential places; Central state-owned enterprises and key industries such as finance, energy, transportation, and electricity, as key information infrastructure operation units, access control, as the connection point between physical security and information security, must comply with national security compliance requirements; C Classified units/places: places involving state secrets or core technologies, such as research institutes, military enterprises, and confidential institutions, require the implementation of the national security gate to achieve secure binding of "personnel, evidence, and rights"; High end manufacturing and data centers: chip factories, precision manufacturing workshops, data center data centers, and other scenarios with strict requirements for personnel access and operation traceability. National security access control is the core link of security control.