CN101808089A - Secret data transmission protection method based on isomorphism of asymmetrical encryption algorithm - Google Patents
Secret data transmission protection method based on isomorphism of asymmetrical encryption algorithm Download PDFInfo
- Publication number
- CN101808089A CN101808089A CN 201010118458 CN201010118458A CN101808089A CN 101808089 A CN101808089 A CN 101808089A CN 201010118458 CN201010118458 CN 201010118458 CN 201010118458 A CN201010118458 A CN 201010118458A CN 101808089 A CN101808089 A CN 101808089A
- Authority
- CN
- China
- Prior art keywords
- trusted entity
- secret data
- shamir
- rivest
- adelman
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses a secret data transmission protection method based on the isomorphism of an asymmetrical encryption algorithm and aims to provide a protection method which has low cost, high efficiency and high safety and is used for the whole processes from decryption to transmission of secret data. A server trusted entity firstly selects a random number r, fakes a cipher text c of secret data, and sends the result to a client trusted entity through a public network; the client trusted entity decrypts the data and returns the result to the server trusted entity through the public network; and the server trusted entity restores a plain text m of the secret data from the result according to the isomorphism of the asymmetrical encryption algorithm. The invention solves the problem of safety when the secret data are transferred in non-trusted clients, open networks and server non-trusted user spaces, and does not need additional identity authentication, thereby reducing the cost.
Description
Technical field
The present invention relates in the computer realm open network system transmission protecting of secret data between the entity.
Background technology
The development of information technology makes organizations such as government, enterprise the office space can be placed on Anywhere, allows the office worker who is in the different location carry out collaborative work by network.The open network environment is that the data security problem is more and more serious making things convenient for user's shared data and reducing a direct negative results of bringing in the data management cost.In open network system, storage be not subjected on the directly actuated far-end server of user, and malicious user all may cause leaking of user data at the attack of network or server.
Data encryption is to guarantee secret data storage security and the unique practical and effective method of transmission security.According to the difference of Key Tpe, DEA can be divided into two classes: symmetric encipherment algorithm and rivest, shamir, adelman.Symmetric encipherment algorithm uses identical key (symmetric key) to carry out encryption and decryption, and encryption and decryption data speed is fast, and major defect is key distribution difficulty, key management complexity, is not easy to use under the open network environment.Rivest, shamir, adelman uses a pair of different key (be unsymmetrical key, comprise a PKI and a private key), only needs open public key information, thereby is particularly suitable for using under the open network environment.Its major defect is the algorithm complexity, and the speed of encryption and decryption data and efficient are all lower.
All known rivest, shamir, adelmans all have isomorphism at present, for asymmetric encryption and decipherment algorithm E, E (a*b)=E (a) * E (b) are arranged that is:, and wherein * represents multiplying.Hereinafter refer to any rivest, shamir, adelman with isomorphism with " rivest, shamir, adelman ".
In actual applications, open network system is usually in conjunction with the advantage of symmetric encipherment algorithm and rivest, shamir, adelman two aspects, utilize symmetric encipherment algorithms such as AES, DES or IDEA to encrypt the bigger secret data of quantity, and adopt rivest, shamir, adelmans such as RSA, elliptic curve with the corresponding symmetric key of public key encryption.When data decryption, read the ciphertext of symmetric key by the service end trusted entity, send to the client deciphering of holding private key then, last client expressly is sent in the service end trusted entity symmetric key so that further service to be provided.Decipher and be transferred in the process of service end trusted entity at above-mentioned symmetric key, take expressly this crucial secret data of efficient and safe method protection symmetric key, most important for user's data safety.
Be the fail safe of protected data transmission course, prevent malicious user at the eavesdropping of communication link, distort and behavior such as data corruption, people have proposed SSL (the Security Socket Layer) data transmission protection based on rivest, shamir, adelman.
The main flow process of SSL method is: client and service end are at first finished mutual authentication by certificate mechanism, guarantee that data send to correct client and service end, in verification process, both sides use rivest, shamir, adelman protection communication data and consult to determine the used symmetric encipherment algorithm of follow-up phase communication and corresponding symmetric key; After authentication was finished, both sides used this symmetric key protection secret data transmission.The SSL method is widely used in carrying out between Web browser and the server authentication and secret data transmission.
Though the SSL method can guarantee secret data safety of transmission in insecure network, but it has following shortcoming: at first need when (1) uses this method client and service end identity are authenticated, need after the authentication to come session informations such as negotiate encryption key, cryptographic algorithm by a series of interaction flows, expense is bigger; (2) this method has only guaranteed that data are in the transmission over networks process safe, when client or service end trusted entity (refer to be difficult in the system invaded part, as operating system nucleus, smart card device etc.) after in addition part (as the user's space relative program) invaded, can't guarantee secret data leave trusted entity after, carry out safety before the Network Transmission by encryption.
Summary of the invention
Technical problem to be solved by this invention is: secret data uses the public key encryption of rivest, shamir, adelman to be stored in service end, when the private key holder who ciphertext is delivered to rivest, shamir, adelman locates to decipher, the safety issue of secret data when client untrusted software, open network and service end untrusted software transmit.Utilize the isomorphism of rivest, shamir, adelman and the service end fact of secret encryption data, that realizes that expense is little, efficient is high, safe deciphers guard method the whole process of transmission from secret data.
Technical scheme of the present invention may further comprise the steps:
The first step, the service end trusted entity generates random data r;
In second step, the service end trusted entity uses rivest, shamir, adelman and PKI ek to encrypt r, obtains ciphertext s=E
Ek(r),
E
Ek() is the public key encryption operation of rivest, shamir, adelman;
The 3rd step, the ciphertext c=E of the secret data m that the service end trusted entity will be protected
Ek(m) multiply each other with s, obtain c*s;
In the 4th step, the service end trusted entity is the client trusted entity with c*s by the holder that open network sends to private key dk;
In the 5th step, the holder of private key dk uses the decryption method of this rivest, shamir, adelman and private key dk that c*s is decrypted, and the isomorphism according to rivest, shamir, adelman has E
Dk(c*s)=E
Dk(c) * E
Dk(s)=and m*r, promptly the result that obtains of deciphering is m*r, the private key holder does not also know m and what r is respectively, E
Dk() is the private key decryption oprerations of rivest, shamir, adelman;
In the 6th step, the holder of private key dk sends to the service end trusted entity with m*r by open network;
In the 7th step, the service end trusted entity divided by having only the r that oneself knows, obtains the plaintext m of secret data with m*r.
Adopt the present invention can reach following technique effect:
(1). secret data does not need the extra authentication of this class of SSL and the protection of encipher-decipher method in the process of open Network Transmission, reduced overhead;
(2). the plaintext of secret data does not appear at all incredible links in the whole flow process of deciphering and transmitting, and only occurs with the form after pretending at random.Prevented that client, the insincere subsystem of service end from meeting with the invasion back to the harm that secret data brings, prevented malicious user at the eavesdropping of communication link, distort and behavior such as data corruption.
Description of drawings
Fig. 1 is each entity relationship diagram involved in the present invention.
Fig. 2 is a flow chart of the present invention.
Embodiment
As shown in Figure 1, service end is held secret data ciphertext c=E
Ek(m), go for its expressly m.Because the private key of deciphering is in client, deciphering must be carried out in client.The service end trusted entity is at first chosen random number r, secret data ciphertext c is implemented camouflage (step (1) formula), and the result sent to client trusted entity (step (2)) by open network, the client trusted entity is decrypted (step (3)) to these data, and the result sent back to service end trusted entity (step (4)) by open network, the service end trusted entity restores expressly m (step (5)) of secret data according to this result.
As shown in Figure 2, idiographic flow of the present invention is:
The first step, the service end trusted entity generates random data r, generally recommends more than 128;
In second step, the service end trusted entity uses the encryption method of rivest, shamir, adelman and PKI ek to encrypt r, obtains ciphertext s=E
Ek(r);
In the 3rd step, the service end trusted entity is with the ciphertext c=E of m
Ek(m) multiply each other with s, obtain c*s (step (1) in this three steps corresponding diagram 1);
In the 4th step, the service end trusted entity is client trusted entity (step in the corresponding diagram 1 (2)) with c*s by the holder that open network sends to private key dk;
In the 5th step, the holder of private key dk uses the decryption method of rivest, shamir, adelman and private key dk that c*s is decrypted, and obtains m*r (step in the corresponding diagram 1 (3));
In the 6th step, the private key holder sends to service end trusted entity (step in the corresponding diagram 1 (4)) with m*r by open network;
In the 7th step, the service end trusted entity divided by having only the r that oneself knows, obtains the plaintext m (step in the corresponding diagram 1 (5)) of secret data with m*r.
Claims (2)
1. secret data transmission protection method based on the rivest, shamir, adelman isomorphism is characterized in that may further comprise the steps:
The first step, the service end trusted entity generates random data r;
In second step, the service end trusted entity uses rivest, shamir, adelman and PKI ek to encrypt r, obtains ciphertext s=E
Ek(r), E
Ek() is the public key encryption operation of rivest, shamir, adelman;
The 3rd step, the ciphertext c=E of the secret data m that the service end trusted entity will be protected
Ek(m) multiply each other with s, obtain c*s;
In the 4th step, the service end trusted entity is the client trusted entity with c*s by the holder that open network sends to private key dk;
In the 5th step, the holder of private key dk uses the decryption method of this rivest, shamir, adelman and private key dk that c*s is decrypted, and the isomorphism according to rivest, shamir, adelman has E
Dk(c*s)=E
Dk(c) * E
Dk(s)=and m*r, i.e. the result that deciphering obtains is m*r, E
Dk() is the private key decryption oprerations of rivest, shamir, adelman;
In the 6th step, the holder of private key dk sends to the service end trusted entity with m*r by open network;
In the 7th step, the service end trusted entity divided by r, obtains the plaintext m of secret data with m*r.
2. the secret data transmission protection method based on the rivest, shamir, adelman isomorphism as claimed in claim 1 is characterized in that described random data r is more than 128.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010118458 CN101808089A (en) | 2010-03-05 | 2010-03-05 | Secret data transmission protection method based on isomorphism of asymmetrical encryption algorithm |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010118458 CN101808089A (en) | 2010-03-05 | 2010-03-05 | Secret data transmission protection method based on isomorphism of asymmetrical encryption algorithm |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101808089A true CN101808089A (en) | 2010-08-18 |
Family
ID=42609709
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201010118458 Pending CN101808089A (en) | 2010-03-05 | 2010-03-05 | Secret data transmission protection method based on isomorphism of asymmetrical encryption algorithm |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101808089A (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102098295A (en) * | 2010-12-28 | 2011-06-15 | 上海华御信息技术有限公司 | Method for improving data security under SaaS application |
| CN102970143A (en) * | 2012-12-13 | 2013-03-13 | 中国科学技术大学苏州研究院 | Method for securely computing index of sum of held data of both parties by adopting addition homomorphic encryption |
| CN104954136A (en) * | 2015-06-16 | 2015-09-30 | 祝峰 | Network security encryption device under cloud computing environment |
| CN105490806A (en) * | 2015-11-28 | 2016-04-13 | 中国电子科技集团公司第三十研究所 | Homomorphic key generating-sharing method and device |
| CN105933102A (en) * | 2016-04-06 | 2016-09-07 | 重庆大学 | Identity-based and hidden matrix-constructed fully homomorphic encryption method |
| CN106612274A (en) * | 2016-07-25 | 2017-05-03 | 四川用联信息技术有限公司 | Homogeneity-based shared data verification algorithm in cloud computing |
| CN103580859B (en) * | 2013-11-11 | 2017-05-10 | 国家电网公司 | Asymmetric encryption method for intelligent electricity using interaction |
| CN107181584A (en) * | 2016-03-09 | 2017-09-19 | 郑珂威 | Asymmetric complete homomorphic cryptography and its replacement of keys and ciphertext complete a business transaction method |
| CN107181739A (en) * | 2017-04-28 | 2017-09-19 | 深圳市航天无线通信技术有限公司 | Data safety exchange method and device |
| CN111738238A (en) * | 2020-08-14 | 2020-10-02 | 支付宝(杭州)信息技术有限公司 | Face recognition method and device |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1350735A (en) * | 1999-05-10 | 2002-05-22 | 艾利森电话股份有限公司 | Indirect public-key encryption |
| EP1691501A1 (en) * | 1998-01-02 | 2006-08-16 | Cryptography Research Inc. | Leak-resistant cryptography method an apparatus |
| CN101005357A (en) * | 2006-12-28 | 2007-07-25 | 北京飞天诚信科技有限公司 | Method and system for updating certification key |
| CN101022337A (en) * | 2007-03-28 | 2007-08-22 | 胡祥义 | Network identification card realizing method |
| CN101346691A (en) * | 2005-12-26 | 2009-01-14 | 格姆普拉斯公司 | Cryptographic method comprising a modular exponentiation secured against hidden-channel attacks, cryptoprocessor for implementing the method and associated chip card |
-
2010
- 2010-03-05 CN CN 201010118458 patent/CN101808089A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1691501A1 (en) * | 1998-01-02 | 2006-08-16 | Cryptography Research Inc. | Leak-resistant cryptography method an apparatus |
| CN1350735A (en) * | 1999-05-10 | 2002-05-22 | 艾利森电话股份有限公司 | Indirect public-key encryption |
| CN101346691A (en) * | 2005-12-26 | 2009-01-14 | 格姆普拉斯公司 | Cryptographic method comprising a modular exponentiation secured against hidden-channel attacks, cryptoprocessor for implementing the method and associated chip card |
| CN101005357A (en) * | 2006-12-28 | 2007-07-25 | 北京飞天诚信科技有限公司 | Method and system for updating certification key |
| CN101022337A (en) * | 2007-03-28 | 2007-08-22 | 胡祥义 | Network identification card realizing method |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102098295A (en) * | 2010-12-28 | 2011-06-15 | 上海华御信息技术有限公司 | Method for improving data security under SaaS application |
| CN102970143A (en) * | 2012-12-13 | 2013-03-13 | 中国科学技术大学苏州研究院 | Method for securely computing index of sum of held data of both parties by adopting addition homomorphic encryption |
| CN103580859B (en) * | 2013-11-11 | 2017-05-10 | 国家电网公司 | Asymmetric encryption method for intelligent electricity using interaction |
| CN104954136A (en) * | 2015-06-16 | 2015-09-30 | 祝峰 | Network security encryption device under cloud computing environment |
| CN105490806A (en) * | 2015-11-28 | 2016-04-13 | 中国电子科技集团公司第三十研究所 | Homomorphic key generating-sharing method and device |
| CN105490806B (en) * | 2015-11-28 | 2018-06-19 | 中国电子科技集团公司第三十研究所 | A kind of homomorphism key generation, sharing method and device |
| CN107181584A (en) * | 2016-03-09 | 2017-09-19 | 郑珂威 | Asymmetric complete homomorphic cryptography and its replacement of keys and ciphertext complete a business transaction method |
| CN107181584B (en) * | 2016-03-09 | 2020-02-07 | 郑珂威 | Asymmetric completely homomorphic encryption and key replacement and ciphertext delivery method thereof |
| CN105933102A (en) * | 2016-04-06 | 2016-09-07 | 重庆大学 | Identity-based and hidden matrix-constructed fully homomorphic encryption method |
| CN106612274A (en) * | 2016-07-25 | 2017-05-03 | 四川用联信息技术有限公司 | Homogeneity-based shared data verification algorithm in cloud computing |
| CN107181739A (en) * | 2017-04-28 | 2017-09-19 | 深圳市航天无线通信技术有限公司 | Data safety exchange method and device |
| CN107181739B (en) * | 2017-04-28 | 2021-02-26 | 深圳市航天无线通信技术有限公司 | Data security interaction method and device |
| CN111738238A (en) * | 2020-08-14 | 2020-10-02 | 支付宝(杭州)信息技术有限公司 | Face recognition method and device |
| CN111738238B (en) * | 2020-08-14 | 2020-11-13 | 支付宝(杭州)信息技术有限公司 | Face recognition method and device |
| US11256900B1 (en) | 2020-08-14 | 2022-02-22 | Alipay (Hangzhou) Information Technology Co., Ltd. | Facial recognition methods and apparatuses |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Khan et al. | Security in cloud computing using cryptographic algorithms | |
| Bhardwaj et al. | Security algorithms for cloud computing | |
| Timothy et al. | A hybrid cryptography algorithm for cloud computing security | |
| CN101808089A (en) | Secret data transmission protection method based on isomorphism of asymmetrical encryption algorithm | |
| EP3345335B1 (en) | Homomorphic based method and system for securely aggregating data | |
| CN108347419A (en) | Data transmission method and device | |
| US11316671B2 (en) | Accelerated encryption and decryption of files with shared secret and method therefor | |
| CN105553951A (en) | Data transmission method and data transmission device | |
| CN104253694A (en) | Encrypting method for network data transmission | |
| CN102624522A (en) | Key encryption method based on file attribution | |
| CN103957109A (en) | Cloud data privacy protection security re-encryption method | |
| CN105307165A (en) | Communication method based on mobile application, server and client | |
| CN104901935A (en) | Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem) | |
| CN104270242A (en) | Encryption and decryption device used for network data encryption transmission | |
| CN104301108A (en) | Signcryption method based from identity environment to certificateless environment | |
| CN103152322A (en) | Method of data encryption protection and system thereof | |
| CN109543434A (en) | Block chain information encryption method, decryption method, storage method and device | |
| CN104901803A (en) | Data interaction safety protection method based on CPK identity authentication technology | |
| CN204180095U (en) | A kind of ciphering and deciphering device for network data encryption transmission | |
| Olumide et al. | A hybrid encryption model for secure cloud computing | |
| CN104009841A (en) | Message encrypting method under instant messaging situation | |
| CN106257859A (en) | A kind of password using method | |
| Mateescu et al. | A hybrid approach of system security for small and medium enterprises: Combining different cryptography techniques | |
| CN107493287A (en) | Industry control network data security system | |
| Runde et al. | Performance evaluation of an it security layer in real-time communication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20100818 |