CN101296077B - Identity authentication system based on bus type topological structure - Google Patents
Identity authentication system based on bus type topological structure Download PDFInfo
- Publication number
- CN101296077B CN101296077B CN 200710049003 CN200710049003A CN101296077B CN 101296077 B CN101296077 B CN 101296077B CN 200710049003 CN200710049003 CN 200710049003 CN 200710049003 A CN200710049003 A CN 200710049003A CN 101296077 B CN101296077 B CN 101296077B
- Authority
- CN
- China
- Prior art keywords
- key
- equipment
- receiving equipment
- transmitting apparatus
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The invention discloses an identity authentication system based on bus topology, which utilizes technologies such as DH exchange and digital envelope, etc. for realizing the identity authentication of equipment and safe delivering of cipher codes. When an access system of receiving equipment or the receiving equipment can not decipher date correctly, the identity authentication with transmitting equipment is actively initiated. The transmitting equipment and the receiving equipment utilize a public and private key pair both owned to generate a shared cipher code value; the transmitting equipment utilizes the shared cipher code generated by self to convert a deciphering code and corresponding check code into a cryptograph M, and the receiving equipment utilizes the deciphering cryptograph M of the shared cipher code generated by self to obtain the deciphering code and prove the accuracy. If the receiving and the transmitting party are legal equipment, both equipment can encrypt and decipher normally; otherwise, both equipment can not encrypt and decipher normally and at least one of the equipment is illegal. The system can be used in software and hardware environments, such as digital content protection interface, e-business, banking system, smart card, and identity authentication, etc.
Description
Technical field
The present invention is a kind of identity authorization system, specifically to the equipment based on bus type topological structure, through exchanging the system that PKI carries out authentication.
Background technology
In various message transfer systems,, need carry out authentication to participating in identity of entity for the entity that guarantees to participate in information exchange is legal, effectively.For example in military communication, need to confirm the other side's identity, to prevent the leakage of military information information; In internet environments such as ecommerce, need differentiate the other side's identity; In applied environments such as smart card, need carry out authentication to the legal validity of access device; In the intellectual property field, need through the intellectual property content is encrypted, means such as signature guarantee illegally not stolen.Usually before communicating pair transmitted ciphered data, carry out authentication to equipment all was real, legal and valid with the identity that guarantees communicating pair.If authentication can not be succeedd, then do not carry out transfer of data or can not carry out correct deciphering, to let protected data information not receive illegal infringement to ciphered data.Data content generally is divided into dual mode in the transmission of equipment room: mode of unicast and broadcast mode.Mode of unicast can be formed (seeing Fig. 1 for details) by the tree topology structure, and broadcast mode can be formed by bus type topological structure.No matter be clean culture or broadcast transmitted mode, before communicating pair transmitted ciphered data, will carry out authentication to equipment usually all was real, legal and valid with the identity that guarantees communicating pair.If authentication can not be succeedd, then do not carry out transfer of data or can not carry out correct deciphering, to reach the purpose that the protection digital content does not receive illegal infringement to ciphered data.When transmitting with mode of unicast, authentication and transmission normally transmit between two interfaces (perhaps equipment), and the data of transmission are different before the deciphering; And during broadcast mode, a transmitting apparatus will carry out authentication with a plurality of equipment, and content will be transmitted on bus, and the data that all receiving terminals receive all are consistent before and after deciphering.Transmitting apparatus is deciphered with same key by a plurality of equipment with a secret key encryption again, and decruption key will just need the safety that a kind of safe transmission mechanism guarantees decruption key in unsafe channel.
Diffie in 1976 and hellman have proposed the thought of public key cryptography, the new era of having started public key cryptography in " cryptographic new direction ".DH key change in the public-key cryptosystem can solve effectively shares having problems of key, has overcome the deficiency of symmetric cryptosystem.Communicating pair is through parameter value of exchange, and both sides just can produce an identical shared key.Public-key cryptosystem not only can carry out encryption and decryption to data, but also can be used to carry out legitimacy authentication, digital signature of system etc.Through contrasting the consistency of the shared key that produces in the key change, just can carry out authentication to the legitimacy of equipment.
The present invention proposes a kind of brand-new authentication thinking, the identity authentication function of system not only is provided on broadcast channel, and transmit digital content decruption key safely.Illegal equipment can not can not correctly be deciphered protected digit content through correct authentication process.Produce public private key pair by third party authority trust authority through certain algorithm during realization, the value that this algorithm will guarantee behind any two devices exchange PKIs with private key calculates mutually equates that this value is exactly shared key.Transmitting apparatus is with the receiving equipment exchange PKI separately that needs authentication, and both sides go out shared key through identical algorithm computation then.What both sides exchanged is the digital content encryption and decryption key after equipment PKI and the encryption, and PKI was exactly disclosed originally, so there is not confidentiality to say; And the encryption and decryption key need be deciphered with the shared key that produces; Each receiving equipment was both inequality with the shared key that transmitting apparatus produces; Can not just calculate out by PKI, also on channel, do not transmit simultaneously, so the transmission of this encryption and decryption key be safe.
Summary of the invention
The purpose of this method is in the topological structure that solves based on bus-type, and transmitting apparatus is with the problems such as safe transmission of the identification of equipment validity between a plurality of receiving equipments, encryption and decryption key.The key problem of this invention is how to guarantee the legitimacy of both sides' equipment and the safe transmission of encryption and decryption key, and equipment validity is based on and can produces identical shared key, and the safe transmission of encryption key is based on the confidentiality of sharing key.
Suppose in a bus type topological structure, to have transmitting apparatus A and receiving equipment i (i ∈ 1,2 ..., N), the authentication process between them (sees Fig. 2 for details) as follows:
1, when whole transmission system has the authentication demand, transmitting apparatus and each receiving equipment all will carry out authentication, and the sequencing that transmitting apparatus and a plurality of receiving equipment carry out authentication can carry out according to certain priority or algorithm.
2, authentication begins, and the transceiver both sides exchange the PKI P of oneself
AWith P
i
3, transmitting apparatus A is with the PKI P of receiving equipment i
iWith the private key S of oneself
ACarry out computing according to certain algorithm, obtain a shared key P
Key1Equally, receiving equipment i is with the PKI P of transmitting apparatus A
AWith the private key S of oneself
iCarry out computing according to same algorithm, obtain a shared key P
Key2
4, transmitting apparatus A is with sharing key P
Key1Decruption key Key with digital content
1(decruption key that each receiving equipment obtains at last is identical) and a check code (whether be used for the detected transmission process has error code to produce) are encrypted as M, and send to receiving equipment i.
5, receiving equipment i utilizes and shares key P
Key2M deciphered draw Key
2If share key P
Key2With P
Key1Identical, then can draw decruption key Key
2=Key
1If share key Pkey
2With P
Key1Difference, the decruption key Key that then draws
2≠ Key
1
If 6 Key that decrypt
2=Key
1, then receiving equipment can correctly decrypt digital content, explains that also both sides' equipment all is legal simultaneously.If Key
2≠ Key
1, then explain in the transceiver both sides, to have an illegality equipment at least, digital content also just can't correctly transmit.
In above authentication process, transmitting apparatus A will carry out exchange of public keys with each receiving equipment i respectively, thereby produces N different shared key.Transmitting apparatus A will send corresponding receiving equipment to respectively with the encryption and decryption key of this N shared secret key encryption digital content.The final resulting decruption key of each receiving equipment is identical, because transmitting apparatus can only be used an encryption keys digital content, receiving equipment also must come decrypts digital content with identical decruption key.It is key issue that the transceiver both sides can calculate identical shared key, and this not only proves the legitimacy of both sides' equipment, can be used for transmitting simultaneously the encryption and decryption key of digital content again.
The new receiving equipment that inserts also can carry out the transmission of authentication and decruption key according to above flow process in the digital content transport process.The existence of any one illegality equipment can not influence the normal reception and the deciphering of other legitimate device, and just illegality equipment can not correctly be deciphered protected digit content.
Description of drawings
Fig. 1 is the topological structure based on bus-type of the present invention
Fig. 2 is the authentication process based on bus type topological structure of the present invention
Embodiment
When concrete operations realized, all parameters of this algorithm were confirmed by third party trusty authoritative institution.Open a part of parameter, and another part parameter holds in close confidence, and be set to relevant parameters in transmitting apparatus and N receiving equipment and go.For for simplicity, present embodiment has been selected the P-192 elliptic curve and some simple parameters on the prime field that NIST recommended for use.
At first by the selected elliptic curve parameter of authoritative trust authority (p, a, b, G, n, h) etc.:
Wherein need disclosed parameter to be:
Elliptic curve equation y
2=x
3-ax-b
P=2
192—2
64—1
a=—3(modp)=p—3=2
192—2
64—2
2
b=0x64210519?E59C80E7?0FA7E9AB?72243049?FEB8DEEC?C146B9B1
The parameter that need hold in close confidence is:
G
x=0x188DA80E?B03090F6?7CBF20EB?43A18800?F4FF0AFD?82FF1012
G
y=0x07192B95?FFC8DA78?631011ED?6B24CDD5?73F977A1?1E794811
n=0x?FFFFFFFF?FFFFFFFF?FFFFFFFF?99DEF836?146BC9B1?B4D22831
h=1
Basic point G should be chosen and holded in close confidence by authoritative trust authority, chooses the basic point parameter G that NIST recommends here for the sake of simplicity.
Be that transmitting apparatus and N receiving equipment are chosen N+1 ostensible equipment PKI P by authoritative trust authority then
A, P
1, P
2..., P
N, and P
A, P
1, P
2...,
Value is P in order to calculate simply here
A=P
i=1.Calculate scalar and take advantage of P
AG, P
iG is following:
P
AG
x=0x188DA80E?B03090F6?7CBF20EB?43A18800?F4FF0AFD?82FF1012
P
AG
y=0x07192B95?FFC8DA78?631011ED?6B24CDD5?73F977A1?1E794811
P
iG
x=0x188DA80E?B03090F6?7CBF20EB?43A18800?F4FF0AFD?82FF1012
P
iG
y=0x07192B95?FFC8DA78?631011ED?6B24CDD5?73F977A1?1E794811
Scalar is taken advantage of P
AG and P
1G distributes as follows: public private key pair P as the private key of equipment
AAnd P
AG distributes to transmitting apparatus A, public private key pair P
iAnd P
iG distributes to receiving equipment i.Wherein, private key P
AG and P
iG holds in close confidence.The authentication process is following:
1, transmitting apparatus A sends P
A=1 gives receiving equipment i, and receiving equipment i sends P
i=1 gives transmitting apparatus A.At P
AWith P
iOn the bit wide of value is selected, because P
A,
So can be chosen as 96 bits.
2, transmitting apparatus A calculates scalar and takes advantage of P
iP
AG obtains sharing key P
Key1Receiving equipment i calculates scalar and takes advantage of P
1P
AG obtains sharing key P
Key1Result of calculation is following:
P
key1x=0x188DA80E?B03090F6?7CBF20EB?43A18800?F4FF0AFD?82FF1012
P
key1y=0x07192B95?FFC8DA78?631011ED?6B24CDD5?73F977A1?1E794811
P
key2x=0x188DA80E?B03090F6?7CBF20EB?43A18800?F4FF0AFD?82FF1012
P
key2y=0x07192B95?FFC8DA78?631011ED?6B24CDD5?73F977A1?1E794811
3, transmitting apparatus A is with P
Key1Be key, utilize ECC or RSA scheduling algorithm the encryption and decryption key K
Ey1" 0x5FA8D30B " converts ciphertext M into the built-in check word, and sends to receiving equipment i.
4, receiving equipment i utilizes and shares key P
Key2Decrypting ciphertext M extracts the built-in check word from the plaintext after the deciphering, see whether it is " 0x5FA8D30B ", if then extract the encryption and decryption key K
Ey2If not then can not extract correct decruption key K
Ey2
If the 5 encryption and decryption key K that decrypt
Ey2With the encryption and decryption key K of making a start
Ey1Be identical, the authentication success is described so, both sides' equipment all is legal.In the digital content transmissions process, just can use decruption key K
Ey2Correctly decode the digital content of receiving equipment i.
If the encryption and decryption key K that decrypts
Ey2With the encryption and decryption key K of making a start
Ey1Be inequality, explain that so authentication is unsuccessful, the transmission that digital content is can not be between receiving-transmitting sides correct.An illegal receiving equipment can not influence the normal reception and the decoding of other legitimate device; But illegal transmitting apparatus will make whole bus-type topological network work normally.
Claims (2)
1. the identity identifying method based on bus type topological structure is characterized in that, may further comprise the steps:
(1), be set in transmitting apparatus A and N receiving equipment by the selected elliptic curve parameter of authoritative trust authority and go, wherein, basic point parameter G holds in close confidence;
(2), be transmitting apparatus A selected equipment PKI P by authoritative trust authority
A, be N receiving equipment difference selected equipment PKI P
1, P
2..., P
N, and equipment PKI P
A, P
1, P
2..., P
NSpan do
(3), transmitting apparatus A sends its equipment PKI P
AGive receiving equipment i, receiving equipment i sends its equipment PKI P
iGiving transmitting apparatus A, i is receiving equipment number, and span is 1 to N;
(4), transmitting apparatus A calculates scalar and takes advantage of P
iP
AG obtains sharing key P
Key1, receiving equipment i calculates scalar and takes advantage of P
AP
iG obtains sharing key P
Key2
(5), transmitting apparatus A is to share key P
Key1Be key, utilize ECC or RSA Algorithm encryption key Key
10x5FA8D30B converts ciphertext M into the built-in check word, and sends to receiving equipment i;
(6), receiving equipment i utilizes and shares key P
Key2Decrypting ciphertext M extracts the built-in check word from the plaintext after the deciphering, see whether it is 0x5FA8D30B, if then extract encryption and decryption key K ey
2, if not then can not extract correct clear crytpographic key Key
2
(7) if the encryption and decryption key K ey that decrypts
2With the encryption key Key that makes a start
1Be identical, the authentication success is described so, both sides' equipment all is legal; In the digital content transmissions process, just can use decruption key Key
2Correctly decode the digital content of receiving equipment i;
If the encryption and decryption key K ey that decrypts
2With the encryption key Key that makes a start
1Be inequality, explain that so authentication is unsuccessful, digital content can not transmission correctly between receiving-transmitting sides.
2. the identity identifying method based on bus type topological structure according to claim 1; It is characterized in that: the decruption key that transmitting apparatus sends to each receiving equipment all is identical; Before the data encryption transmission; This decruption key is to be produced according to certain algorithm by transmitting apparatus, and it all is different at every turn.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 200710049003 CN101296077B (en) | 2007-04-29 | 2007-04-29 | Identity authentication system based on bus type topological structure |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 200710049003 CN101296077B (en) | 2007-04-29 | 2007-04-29 | Identity authentication system based on bus type topological structure |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101296077A CN101296077A (en) | 2008-10-29 |
CN101296077B true CN101296077B (en) | 2012-07-11 |
Family
ID=40066113
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN 200710049003 Expired - Fee Related CN101296077B (en) | 2007-04-29 | 2007-04-29 | Identity authentication system based on bus type topological structure |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101296077B (en) |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101707767B (en) * | 2009-10-26 | 2012-09-26 | 中兴通讯股份有限公司 | Data transmission method and devices |
CN101826960A (en) * | 2010-04-16 | 2010-09-08 | 中国电子科技集团公司第二十八研究所 | Checking method of real-time transmission encryption and decryption data |
CN102710421A (en) * | 2012-06-14 | 2012-10-03 | 深圳市中联创新自控系统有限公司 | Matched communication method |
CN104796262B (en) * | 2015-04-27 | 2018-05-04 | 上海青橙实业有限公司 | Data ciphering method and terminal system |
CN114124378B (en) * | 2021-11-26 | 2024-03-08 | 北京神经元网络技术有限公司 | AUTBUS bus-based communication method, system, equipment and medium |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1264974A (en) * | 1999-12-01 | 2000-08-30 | 陈永川 | Digital signature method using elliptic curve encryption algorithm |
CN1505306A (en) * | 2002-11-29 | 2004-06-16 | 海南信安数据系统有限公司 | Elliptic curve encryption and decryption method and apparatus |
-
2007
- 2007-04-29 CN CN 200710049003 patent/CN101296077B/en not_active Expired - Fee Related
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1264974A (en) * | 1999-12-01 | 2000-08-30 | 陈永川 | Digital signature method using elliptic curve encryption algorithm |
CN1505306A (en) * | 2002-11-29 | 2004-06-16 | 海南信安数据系统有限公司 | Elliptic curve encryption and decryption method and apparatus |
Also Published As
Publication number | Publication date |
---|---|
CN101296077A (en) | 2008-10-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11323276B2 (en) | Mutual authentication of confidential communication | |
CN101296075B (en) | Identity authentication system based on elliptic curve | |
CN102082790B (en) | Method and device for encryption/decryption of digital signature | |
EP2361462B1 (en) | Method for generating an encryption/decryption key | |
CN102394749B (en) | Line protection method, system, information safety equipment and application equipment for data transmission | |
CN102724041B (en) | Steganography-based key transmission and key updating method | |
JP6417036B2 (en) | Entity authentication method and apparatus based on pre-shared key | |
US11870891B2 (en) | Certificateless public key encryption using pairings | |
KR20170035665A (en) | Apparatus and method for exchanging encryption key | |
CN102664898A (en) | Fingerprint identification-based encrypted transmission method, fingerprint identification-based encrypted transmission device and fingerprint identification-based encrypted transmission system | |
JP2020530726A (en) | NFC tag authentication to remote servers with applications that protect supply chain asset management | |
JP2006174356A (en) | Pseudo public key encryption method and system | |
KR101516114B1 (en) | Certificate-based proxy re-encryption method and its system | |
CN104243439A (en) | File transfer processing method and system and terminals | |
CN101296077B (en) | Identity authentication system based on bus type topological structure | |
US9635003B1 (en) | Method of validating a private-public key pair | |
CN103493428A (en) | Data encryption | |
US20220038267A1 (en) | Methods and devices for secured identity-based encryption systems with two trusted centers | |
CN111526131B (en) | Anti-quantum-computation electronic official document transmission method and system based on secret sharing and quantum communication service station | |
EP3361670B1 (en) | Multi-ttp-based method and device for verifying validity of identity of entity | |
KR20170087120A (en) | Certificateless public key encryption system and receiving terminal | |
CN111656729A (en) | System and method for computing escrow session key and private session key for encoding digital communications between two devices | |
Chetan et al. | Security framework for VANET for privacy preservation | |
US7327845B1 (en) | Transmission of encrypted messages between a transmitter and a receiver utilizing a one-time cryptographic pad | |
CN114342315B (en) | Symmetric key generation, authentication and communication between multiple entities in a network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120711 Termination date: 20160429 |