CN101296077B - Identity authentication system based on bus type topological structure - Google Patents

Identity authentication system based on bus type topological structure Download PDF

Info

Publication number
CN101296077B
CN101296077B CN 200710049003 CN200710049003A CN101296077B CN 101296077 B CN101296077 B CN 101296077B CN 200710049003 CN200710049003 CN 200710049003 CN 200710049003 A CN200710049003 A CN 200710049003A CN 101296077 B CN101296077 B CN 101296077B
Authority
CN
China
Prior art keywords
key
equipment
receiving equipment
transmitting apparatus
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN 200710049003
Other languages
Chinese (zh)
Other versions
CN101296077A (en
Inventor
余有勇
王志辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan Hongwei Technology Co Ltd
Original Assignee
Sichuan Hongwei Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan Hongwei Technology Co Ltd filed Critical Sichuan Hongwei Technology Co Ltd
Priority to CN 200710049003 priority Critical patent/CN101296077B/en
Publication of CN101296077A publication Critical patent/CN101296077A/en
Application granted granted Critical
Publication of CN101296077B publication Critical patent/CN101296077B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The invention discloses an identity authentication system based on bus topology, which utilizes technologies such as DH exchange and digital envelope, etc. for realizing the identity authentication of equipment and safe delivering of cipher codes. When an access system of receiving equipment or the receiving equipment can not decipher date correctly, the identity authentication with transmitting equipment is actively initiated. The transmitting equipment and the receiving equipment utilize a public and private key pair both owned to generate a shared cipher code value; the transmitting equipment utilizes the shared cipher code generated by self to convert a deciphering code and corresponding check code into a cryptograph M, and the receiving equipment utilizes the deciphering cryptograph M of the shared cipher code generated by self to obtain the deciphering code and prove the accuracy. If the receiving and the transmitting party are legal equipment, both equipment can encrypt and decipher normally; otherwise, both equipment can not encrypt and decipher normally and at least one of the equipment is illegal. The system can be used in software and hardware environments, such as digital content protection interface, e-business, banking system, smart card, and identity authentication, etc.

Description

A kind of identity authorization system based on bus type topological structure
Technical field
The present invention is a kind of identity authorization system, specifically to the equipment based on bus type topological structure, through exchanging the system that PKI carries out authentication.
Background technology
In various message transfer systems,, need carry out authentication to participating in identity of entity for the entity that guarantees to participate in information exchange is legal, effectively.For example in military communication, need to confirm the other side's identity, to prevent the leakage of military information information; In internet environments such as ecommerce, need differentiate the other side's identity; In applied environments such as smart card, need carry out authentication to the legal validity of access device; In the intellectual property field, need through the intellectual property content is encrypted, means such as signature guarantee illegally not stolen.Usually before communicating pair transmitted ciphered data, carry out authentication to equipment all was real, legal and valid with the identity that guarantees communicating pair.If authentication can not be succeedd, then do not carry out transfer of data or can not carry out correct deciphering, to let protected data information not receive illegal infringement to ciphered data.Data content generally is divided into dual mode in the transmission of equipment room: mode of unicast and broadcast mode.Mode of unicast can be formed (seeing Fig. 1 for details) by the tree topology structure, and broadcast mode can be formed by bus type topological structure.No matter be clean culture or broadcast transmitted mode, before communicating pair transmitted ciphered data, will carry out authentication to equipment usually all was real, legal and valid with the identity that guarantees communicating pair.If authentication can not be succeedd, then do not carry out transfer of data or can not carry out correct deciphering, to reach the purpose that the protection digital content does not receive illegal infringement to ciphered data.When transmitting with mode of unicast, authentication and transmission normally transmit between two interfaces (perhaps equipment), and the data of transmission are different before the deciphering; And during broadcast mode, a transmitting apparatus will carry out authentication with a plurality of equipment, and content will be transmitted on bus, and the data that all receiving terminals receive all are consistent before and after deciphering.Transmitting apparatus is deciphered with same key by a plurality of equipment with a secret key encryption again, and decruption key will just need the safety that a kind of safe transmission mechanism guarantees decruption key in unsafe channel.
Diffie in 1976 and hellman have proposed the thought of public key cryptography, the new era of having started public key cryptography in " cryptographic new direction ".DH key change in the public-key cryptosystem can solve effectively shares having problems of key, has overcome the deficiency of symmetric cryptosystem.Communicating pair is through parameter value of exchange, and both sides just can produce an identical shared key.Public-key cryptosystem not only can carry out encryption and decryption to data, but also can be used to carry out legitimacy authentication, digital signature of system etc.Through contrasting the consistency of the shared key that produces in the key change, just can carry out authentication to the legitimacy of equipment.
The present invention proposes a kind of brand-new authentication thinking, the identity authentication function of system not only is provided on broadcast channel, and transmit digital content decruption key safely.Illegal equipment can not can not correctly be deciphered protected digit content through correct authentication process.Produce public private key pair by third party authority trust authority through certain algorithm during realization, the value that this algorithm will guarantee behind any two devices exchange PKIs with private key calculates mutually equates that this value is exactly shared key.Transmitting apparatus is with the receiving equipment exchange PKI separately that needs authentication, and both sides go out shared key through identical algorithm computation then.What both sides exchanged is the digital content encryption and decryption key after equipment PKI and the encryption, and PKI was exactly disclosed originally, so there is not confidentiality to say; And the encryption and decryption key need be deciphered with the shared key that produces; Each receiving equipment was both inequality with the shared key that transmitting apparatus produces; Can not just calculate out by PKI, also on channel, do not transmit simultaneously, so the transmission of this encryption and decryption key be safe.
Summary of the invention
The purpose of this method is in the topological structure that solves based on bus-type, and transmitting apparatus is with the problems such as safe transmission of the identification of equipment validity between a plurality of receiving equipments, encryption and decryption key.The key problem of this invention is how to guarantee the legitimacy of both sides' equipment and the safe transmission of encryption and decryption key, and equipment validity is based on and can produces identical shared key, and the safe transmission of encryption key is based on the confidentiality of sharing key.
Suppose in a bus type topological structure, to have transmitting apparatus A and receiving equipment i (i ∈ 1,2 ..., N), the authentication process between them (sees Fig. 2 for details) as follows:
1, when whole transmission system has the authentication demand, transmitting apparatus and each receiving equipment all will carry out authentication, and the sequencing that transmitting apparatus and a plurality of receiving equipment carry out authentication can carry out according to certain priority or algorithm.
2, authentication begins, and the transceiver both sides exchange the PKI P of oneself AWith P i
3, transmitting apparatus A is with the PKI P of receiving equipment i iWith the private key S of oneself ACarry out computing according to certain algorithm, obtain a shared key P Key1Equally, receiving equipment i is with the PKI P of transmitting apparatus A AWith the private key S of oneself iCarry out computing according to same algorithm, obtain a shared key P Key2
4, transmitting apparatus A is with sharing key P Key1Decruption key Key with digital content 1(decruption key that each receiving equipment obtains at last is identical) and a check code (whether be used for the detected transmission process has error code to produce) are encrypted as M, and send to receiving equipment i.
5, receiving equipment i utilizes and shares key P Key2M deciphered draw Key 2If share key P Key2With P Key1Identical, then can draw decruption key Key 2=Key 1If share key Pkey 2With P Key1Difference, the decruption key Key that then draws 2≠ Key 1
If 6 Key that decrypt 2=Key 1, then receiving equipment can correctly decrypt digital content, explains that also both sides' equipment all is legal simultaneously.If Key 2≠ Key 1, then explain in the transceiver both sides, to have an illegality equipment at least, digital content also just can't correctly transmit.
In above authentication process, transmitting apparatus A will carry out exchange of public keys with each receiving equipment i respectively, thereby produces N different shared key.Transmitting apparatus A will send corresponding receiving equipment to respectively with the encryption and decryption key of this N shared secret key encryption digital content.The final resulting decruption key of each receiving equipment is identical, because transmitting apparatus can only be used an encryption keys digital content, receiving equipment also must come decrypts digital content with identical decruption key.It is key issue that the transceiver both sides can calculate identical shared key, and this not only proves the legitimacy of both sides' equipment, can be used for transmitting simultaneously the encryption and decryption key of digital content again.
The new receiving equipment that inserts also can carry out the transmission of authentication and decruption key according to above flow process in the digital content transport process.The existence of any one illegality equipment can not influence the normal reception and the deciphering of other legitimate device, and just illegality equipment can not correctly be deciphered protected digit content.
Description of drawings
Fig. 1 is the topological structure based on bus-type of the present invention
Fig. 2 is the authentication process based on bus type topological structure of the present invention
Embodiment
When concrete operations realized, all parameters of this algorithm were confirmed by third party trusty authoritative institution.Open a part of parameter, and another part parameter holds in close confidence, and be set to relevant parameters in transmitting apparatus and N receiving equipment and go.For for simplicity, present embodiment has been selected the P-192 elliptic curve and some simple parameters on the prime field that NIST recommended for use.
At first by the selected elliptic curve parameter of authoritative trust authority (p, a, b, G, n, h) etc.:
Wherein need disclosed parameter to be:
Elliptic curve equation y 2=x 3-ax-b
P=2 192—2 64—1
a=—3(modp)=p—3=2 192—2 64—2 2
b=0x64210519?E59C80E7?0FA7E9AB?72243049?FEB8DEEC?C146B9B1
The parameter that need hold in close confidence is:
G x=0x188DA80E?B03090F6?7CBF20EB?43A18800?F4FF0AFD?82FF1012
G y=0x07192B95?FFC8DA78?631011ED?6B24CDD5?73F977A1?1E794811
n=0x?FFFFFFFF?FFFFFFFF?FFFFFFFF?99DEF836?146BC9B1?B4D22831
h=1
Basic point G should be chosen and holded in close confidence by authoritative trust authority, chooses the basic point parameter G that NIST recommends here for the sake of simplicity.
Be that transmitting apparatus and N receiving equipment are chosen N+1 ostensible equipment PKI P by authoritative trust authority then A, P 1, P 2..., P N, and P A, P 1, P 2..., P N ∈ [ 1 , n - 1 ] , Value is P in order to calculate simply here A=P i=1.Calculate scalar and take advantage of P AG, P iG is following:
P AG x=0x188DA80E?B03090F6?7CBF20EB?43A18800?F4FF0AFD?82FF1012
P AG y=0x07192B95?FFC8DA78?631011ED?6B24CDD5?73F977A1?1E794811
P iG x=0x188DA80E?B03090F6?7CBF20EB?43A18800?F4FF0AFD?82FF1012
P iG y=0x07192B95?FFC8DA78?631011ED?6B24CDD5?73F977A1?1E794811
Scalar is taken advantage of P AG and P 1G distributes as follows: public private key pair P as the private key of equipment AAnd P AG distributes to transmitting apparatus A, public private key pair P iAnd P iG distributes to receiving equipment i.Wherein, private key P AG and P iG holds in close confidence.The authentication process is following:
1, transmitting apparatus A sends P A=1 gives receiving equipment i, and receiving equipment i sends P i=1 gives transmitting apparatus A.At P AWith P iOn the bit wide of value is selected, because P A, P 1 ∈ [ 1 , n - 1 ] , So can be chosen as 96 bits.
2, transmitting apparatus A calculates scalar and takes advantage of P iP AG obtains sharing key P Key1Receiving equipment i calculates scalar and takes advantage of P 1P AG obtains sharing key P Key1Result of calculation is following:
P key1x=0x188DA80E?B03090F6?7CBF20EB?43A18800?F4FF0AFD?82FF1012
P key1y=0x07192B95?FFC8DA78?631011ED?6B24CDD5?73F977A1?1E794811
P key2x=0x188DA80E?B03090F6?7CBF20EB?43A18800?F4FF0AFD?82FF1012
P key2y=0x07192B95?FFC8DA78?631011ED?6B24CDD5?73F977A1?1E794811
3, transmitting apparatus A is with P Key1Be key, utilize ECC or RSA scheduling algorithm the encryption and decryption key K Ey1" 0x5FA8D30B " converts ciphertext M into the built-in check word, and sends to receiving equipment i.
4, receiving equipment i utilizes and shares key P Key2Decrypting ciphertext M extracts the built-in check word from the plaintext after the deciphering, see whether it is " 0x5FA8D30B ", if then extract the encryption and decryption key K Ey2If not then can not extract correct decruption key K Ey2
If the 5 encryption and decryption key K that decrypt Ey2With the encryption and decryption key K of making a start Ey1Be identical, the authentication success is described so, both sides' equipment all is legal.In the digital content transmissions process, just can use decruption key K Ey2Correctly decode the digital content of receiving equipment i.
If the encryption and decryption key K that decrypts Ey2With the encryption and decryption key K of making a start Ey1Be inequality, explain that so authentication is unsuccessful, the transmission that digital content is can not be between receiving-transmitting sides correct.An illegal receiving equipment can not influence the normal reception and the decoding of other legitimate device; But illegal transmitting apparatus will make whole bus-type topological network work normally.

Claims (2)

1. the identity identifying method based on bus type topological structure is characterized in that, may further comprise the steps:
(1), be set in transmitting apparatus A and N receiving equipment by the selected elliptic curve parameter of authoritative trust authority and go, wherein, basic point parameter G holds in close confidence;
(2), be transmitting apparatus A selected equipment PKI P by authoritative trust authority A, be N receiving equipment difference selected equipment PKI P 1, P 2..., P N, and equipment PKI P A, P 1, P 2..., P NSpan do
Figure FSB00000688631500011
(3), transmitting apparatus A sends its equipment PKI P AGive receiving equipment i, receiving equipment i sends its equipment PKI P iGiving transmitting apparatus A, i is receiving equipment number, and span is 1 to N;
(4), transmitting apparatus A calculates scalar and takes advantage of P iP AG obtains sharing key P Key1, receiving equipment i calculates scalar and takes advantage of P AP iG obtains sharing key P Key2
(5), transmitting apparatus A is to share key P Key1Be key, utilize ECC or RSA Algorithm encryption key Key 10x5FA8D30B converts ciphertext M into the built-in check word, and sends to receiving equipment i;
(6), receiving equipment i utilizes and shares key P Key2Decrypting ciphertext M extracts the built-in check word from the plaintext after the deciphering, see whether it is 0x5FA8D30B, if then extract encryption and decryption key K ey 2, if not then can not extract correct clear crytpographic key Key 2
(7) if the encryption and decryption key K ey that decrypts 2With the encryption key Key that makes a start 1Be identical, the authentication success is described so, both sides' equipment all is legal; In the digital content transmissions process, just can use decruption key Key 2Correctly decode the digital content of receiving equipment i;
If the encryption and decryption key K ey that decrypts 2With the encryption key Key that makes a start 1Be inequality, explain that so authentication is unsuccessful, digital content can not transmission correctly between receiving-transmitting sides.
2. the identity identifying method based on bus type topological structure according to claim 1; It is characterized in that: the decruption key that transmitting apparatus sends to each receiving equipment all is identical; Before the data encryption transmission; This decruption key is to be produced according to certain algorithm by transmitting apparatus, and it all is different at every turn.
CN 200710049003 2007-04-29 2007-04-29 Identity authentication system based on bus type topological structure Expired - Fee Related CN101296077B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 200710049003 CN101296077B (en) 2007-04-29 2007-04-29 Identity authentication system based on bus type topological structure

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 200710049003 CN101296077B (en) 2007-04-29 2007-04-29 Identity authentication system based on bus type topological structure

Publications (2)

Publication Number Publication Date
CN101296077A CN101296077A (en) 2008-10-29
CN101296077B true CN101296077B (en) 2012-07-11

Family

ID=40066113

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200710049003 Expired - Fee Related CN101296077B (en) 2007-04-29 2007-04-29 Identity authentication system based on bus type topological structure

Country Status (1)

Country Link
CN (1) CN101296077B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101707767B (en) * 2009-10-26 2012-09-26 中兴通讯股份有限公司 Data transmission method and devices
CN101826960A (en) * 2010-04-16 2010-09-08 中国电子科技集团公司第二十八研究所 Checking method of real-time transmission encryption and decryption data
CN102710421A (en) * 2012-06-14 2012-10-03 深圳市中联创新自控系统有限公司 Matched communication method
CN104796262B (en) * 2015-04-27 2018-05-04 上海青橙实业有限公司 Data ciphering method and terminal system
CN114124378B (en) * 2021-11-26 2024-03-08 北京神经元网络技术有限公司 AUTBUS bus-based communication method, system, equipment and medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1264974A (en) * 1999-12-01 2000-08-30 陈永川 Digital signature method using elliptic curve encryption algorithm
CN1505306A (en) * 2002-11-29 2004-06-16 海南信安数据系统有限公司 Elliptic curve encryption and decryption method and apparatus

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1264974A (en) * 1999-12-01 2000-08-30 陈永川 Digital signature method using elliptic curve encryption algorithm
CN1505306A (en) * 2002-11-29 2004-06-16 海南信安数据系统有限公司 Elliptic curve encryption and decryption method and apparatus

Also Published As

Publication number Publication date
CN101296077A (en) 2008-10-29

Similar Documents

Publication Publication Date Title
US11323276B2 (en) Mutual authentication of confidential communication
CN101296075B (en) Identity authentication system based on elliptic curve
CN102082790B (en) Method and device for encryption/decryption of digital signature
EP2361462B1 (en) Method for generating an encryption/decryption key
CN102394749B (en) Line protection method, system, information safety equipment and application equipment for data transmission
CN102724041B (en) Steganography-based key transmission and key updating method
JP6417036B2 (en) Entity authentication method and apparatus based on pre-shared key
US11870891B2 (en) Certificateless public key encryption using pairings
KR20170035665A (en) Apparatus and method for exchanging encryption key
CN102664898A (en) Fingerprint identification-based encrypted transmission method, fingerprint identification-based encrypted transmission device and fingerprint identification-based encrypted transmission system
JP2020530726A (en) NFC tag authentication to remote servers with applications that protect supply chain asset management
JP2006174356A (en) Pseudo public key encryption method and system
KR101516114B1 (en) Certificate-based proxy re-encryption method and its system
CN104243439A (en) File transfer processing method and system and terminals
CN101296077B (en) Identity authentication system based on bus type topological structure
US9635003B1 (en) Method of validating a private-public key pair
CN103493428A (en) Data encryption
US20220038267A1 (en) Methods and devices for secured identity-based encryption systems with two trusted centers
CN111526131B (en) Anti-quantum-computation electronic official document transmission method and system based on secret sharing and quantum communication service station
EP3361670B1 (en) Multi-ttp-based method and device for verifying validity of identity of entity
KR20170087120A (en) Certificateless public key encryption system and receiving terminal
CN111656729A (en) System and method for computing escrow session key and private session key for encoding digital communications between two devices
Chetan et al. Security framework for VANET for privacy preservation
US7327845B1 (en) Transmission of encrypted messages between a transmitter and a receiver utilizing a one-time cryptographic pad
CN114342315B (en) Symmetric key generation, authentication and communication between multiple entities in a network

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20120711

Termination date: 20160429