What kind of digital currency
Publish: 2021-04-13 07:15:02
1.
When it comes to digital currency, your first reaction may be bitcoin or Libra, which Facebook plans to launch
from the perspective of usage scenarios, the central bank's digital currency does not pay interest, and can be used in small, retail and high-frequency business scenarios, which is no different from paper money. At the same time, the use should comply with all the existing regulations on cash management, anti money laundering and anti-terrorism financing
the Xueshuo innovation blockchain Technology Workstation of Lianqiao ecation online is the only approved "blockchain Technology Specialty" pilot workstation of "smart learning workshop 2020 Xueshuo innovation workstation" launched by the school planning, construction and development center of the Ministry of ecation of China. Based on providing diversified growth paths for students, the professional station promotes the reform of the training mode of the combination of professional degree research, proction, learning and research, and constructs the applied and compound talent training system
2. "Digital currency is an alternative currency in the form of electronic currency, which can be used for real goods and services transactions. Digital currency has the main characteristics of network packets. This kind of data package is composed of data code and identification code. The data code is the content to be transmitted, while the identification code indicates where the data package comes from and goes Definition of digital currency: the alternative currency in the form of electronic currency belongs to digiccy. Digital currency is an unregulated and digital currency, which is usually issued and managed by developers and accepted and used by members of a specific virtual community. The European Banking authority defines virtual currency as: the digital expression of value, which is not issued by the central bank or authorities, nor linked with legal currency, but because it is accepted by the public, it can be used as a means of payment, or can be transferred, stored or traded in electronic form. Digital currency can be considered as a virtual currency based on node network and digital encryption algorithm. The core characteristics of digital currency are mainly reflected in three aspects: first, e to some open algorithms, digital currency has no issuing subject, so no one or institution can control its issuing; ② Because the number of algorithm solutions is fixed, the total amount of digital currency is fixed, which fundamentally eliminates the possibility of inflation caused by the overuse of virtual currency; ③ Because the transaction process needs the approval of each node in the network, the transaction process of digital currency is safe enough. The emergence of bitcoin poses a great challenge to the existing monetary system. Although it belongs to the generalized virtual currency, it is essentially different from the virtual currency issued by network enterprises, so it is called digital currency. This paper compares digital currency with electronic currency and virtual currency from the aspects of issuing subject, scope of application, issuing quantity, storage form, circulation mode, credit guarantee, transaction cost and transaction security.
3. Safe and reliable digital wallet should be designed from at least five dimensions:
1. Security risk of running environment
the core file of encrypted digital currency Wallet - private key / mnemonics is stored on the terminal device, whether it is PC or mobile terminal, if the terminal device appears unsafe phenomenon, it has a very high security risk for private key / mnemonics
at the beginning of design, a secure digital wallet can avoid the possibility of private key / mnemonics being stolen e to the running environment. The security problems of the running environment on the terminal mainly include virus software, operating system vulnerabilities and hardware vulnerabilities
2. The security risk of network transmission
the security of network transmission is more reflected in the ability to resist man in the middle attack. Man in the middle attack means that the attacker creates independent contact with both ends of the communication and exchanges the data they receive, so that both ends of the communication think that they are talking directly with each other through a private connection, but in fact the whole conversation is completely controlled by the attacker
although most digital wallet applications use the HTTPS protocol to communicate with the server, the man in the middle attack method is to get the content of the HTTPS protocol by installing a digital certificate in the user terminal
a secure digital wallet needs to be able to scan the legality of all the digital certificates in the terminal, check the proxy settings in the network transmission process, and ensure the security of the basic network communication environment
in the development of digital wallet, whether to use two-way verification for communication verification at the network transmission level is also an important criterion to measure the security of a digital wallet application
3. The security risk of file storage mode
for the private key / mnemonics of digital wallet, the storage mode of terminal device also needs to be paid attention to in the security design. The access right of private key / mnemonic file directory, the form of private key / mnemonic file storage and the design of encryption algorithm all need to be strictly designed
when we analyze the security of several mainstream digital wallets, we find that even the well-known digital wallets are random in the storage of private key / mnemonic words. There are both plaintext storage and encrypted storage, but the decryption key is fixed in the code, which can not play any role in security defense
4. The security risk of the application itself
the security risk of the application itself mainly focuses on the security defense of the application installation package itself
whether the application installation package has the ability of anti tampering is a very core technical ability. In addition, memory security, anti debugging ability, life cycle management of private key / mnemonics, security of debugging log and security of development process also need to be enhanced
5. Security risk of data backup
if the mobile application can be backed up, it can use the machine with more powerful computing performance to brutally crack the private key / mnemonics. For example, if android:allowBackup Property is set to allow backup, then the backup mechanism of the system can be used to back up the application data files, and the private key / mnemonics of the encrypted digital currency will be backed up to the external media, which breaks the security boundary design of the operating system from another direction
for the majority of users, the security of digital wallet also means the security of wealth, so we must be careful when choosing digital wallet.
1. Security risk of running environment
the core file of encrypted digital currency Wallet - private key / mnemonics is stored on the terminal device, whether it is PC or mobile terminal, if the terminal device appears unsafe phenomenon, it has a very high security risk for private key / mnemonics
at the beginning of design, a secure digital wallet can avoid the possibility of private key / mnemonics being stolen e to the running environment. The security problems of the running environment on the terminal mainly include virus software, operating system vulnerabilities and hardware vulnerabilities
2. The security risk of network transmission
the security of network transmission is more reflected in the ability to resist man in the middle attack. Man in the middle attack means that the attacker creates independent contact with both ends of the communication and exchanges the data they receive, so that both ends of the communication think that they are talking directly with each other through a private connection, but in fact the whole conversation is completely controlled by the attacker
although most digital wallet applications use the HTTPS protocol to communicate with the server, the man in the middle attack method is to get the content of the HTTPS protocol by installing a digital certificate in the user terminal
a secure digital wallet needs to be able to scan the legality of all the digital certificates in the terminal, check the proxy settings in the network transmission process, and ensure the security of the basic network communication environment
in the development of digital wallet, whether to use two-way verification for communication verification at the network transmission level is also an important criterion to measure the security of a digital wallet application
3. The security risk of file storage mode
for the private key / mnemonics of digital wallet, the storage mode of terminal device also needs to be paid attention to in the security design. The access right of private key / mnemonic file directory, the form of private key / mnemonic file storage and the design of encryption algorithm all need to be strictly designed
when we analyze the security of several mainstream digital wallets, we find that even the well-known digital wallets are random in the storage of private key / mnemonic words. There are both plaintext storage and encrypted storage, but the decryption key is fixed in the code, which can not play any role in security defense
4. The security risk of the application itself
the security risk of the application itself mainly focuses on the security defense of the application installation package itself
whether the application installation package has the ability of anti tampering is a very core technical ability. In addition, memory security, anti debugging ability, life cycle management of private key / mnemonics, security of debugging log and security of development process also need to be enhanced
5. Security risk of data backup
if the mobile application can be backed up, it can use the machine with more powerful computing performance to brutally crack the private key / mnemonics. For example, if android:allowBackup Property is set to allow backup, then the backup mechanism of the system can be used to back up the application data files, and the private key / mnemonics of the encrypted digital currency will be backed up to the external media, which breaks the security boundary design of the operating system from another direction
for the majority of users, the security of digital wallet also means the security of wealth, so we must be careful when choosing digital wallet.
Hot content