CN103560877A - Method and device for attacking secret key - Google Patents
Method and device for attacking secret key Download PDFInfo
- Publication number
- CN103560877A CN103560877A CN201310535334.4A CN201310535334A CN103560877A CN 103560877 A CN103560877 A CN 103560877A CN 201310535334 A CN201310535334 A CN 201310535334A CN 103560877 A CN103560877 A CN 103560877A
- Authority
- CN
- China
- Prior art keywords
- power consumption
- consumption curve
- key
- waveform
- bit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 65
- 238000012360 testing method Methods 0.000 claims abstract description 132
- 238000004458 analytical method Methods 0.000 claims abstract description 8
- 230000008901 benefit Effects 0.000 claims description 87
- 238000012790 confirmation Methods 0.000 claims description 7
- 108010001267 Protein Subunits Proteins 0.000 claims description 4
- 238000005516 engineering process Methods 0.000 description 4
- 229910002056 binary alloy Inorganic materials 0.000 description 2
- 238000002347 injection Methods 0.000 description 2
- 239000007924 injection Substances 0.000 description 2
- 230000007547 defect Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000012938 design process Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000005070 sampling Methods 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The embodiment of the invention discloses a method and device for attacking a secret key. The method comprises the steps that the length of an RSA code operation is set to be t, and the RSA code operation is conducted on data through the attacked secret key, so that a first power consumption curve for the attacked secret key to conduct modular exponentiation is obtained; whether the RSA code operation in the first power consumption curve is implemented through hardware or not is analyzed through a simple energy SPA attack/analysis method, if yes, an attack is failed; if not, according to the number of execution times of modular multiplication in the first power consumption curve, a testing secret key is obtained, RSA code operation is conducted on same random data through the testing secret key and the attacked secret key, whether results are identical or not is judged, and if yes, the attack is successful; the RSA code operation is a standard RSA decoding operation or a signature operation which is implemented through modular exponentiation.
Description
Technical field
The present invention relates to security fields, particularly a kind of method and device of attacking key.
Background technology
RSA(is named the name from three developers, be respectively Ron Rivest, Adi Shamirh and LenAdleman, be called for short RSA) and ECC(Elliptic Curves Cryptography, elliptic curve cryptography) be in information security field, to compare the public key cryptography technology of main flow.The every field such as various keys (Key) and the smart card of realizing based on RSA and ECC has been widely used in finance, communicates by letter, social security, traffic.In order to ensure the fail safe of Key and smart card, need to study various attack method.Popular attack method comprises side-channel attack (Side Channel Attack at present, be called for short SCA) and wrong injection attacks (Fault Injection Attack, be called for short FIA), the SPA(Simple Power Attack/Analysis of SCA in attacking wherein, simple energy is attacked/is analyzed) and DPA(Differential Power Attack/Analysis, differential power consumption is attacked/is analyzed) attack is the most general.
In prior art, to the SPA attack method of RSA Algorithm, be mainly the Montgomery Algorithm of realizing for binary system, in the method, mould is taken advantage of with mould square notable difference in power consumption or on the time, and the current bit that can well analyze key by this difference is 1 or 0.But the mould using in product takes advantage of device for Montgomery modular multiplier, and this multiplier only exists a kind of modular multiplication in design process, and whether two multipliers are no matter identical, all by different pieces of information, carry out; Therefore, in whole mould power process, cannot analyze depanning and take advantage of the difference with mould square.SPA attack method to ECC, is mainly the point multiplication operation of realizing for binary system, and in this implementation, point adds and puts doubly obvious difference in power consumption or on the time, can analyze the value of private key by this difference.But when using similar Montgomery ladder algorithm (Montgomery ' s Ladder Algorithm), because point adds and put, doubly replace execution, traditional SPA cannot bring into play attack function.Visible, there is defect and deficiency in the method for traditional attack key, cannot fully test the chip of various Key, smart card and other embedded products or the fail safe of its operating system.
Summary of the invention
A kind of method and apparatus of attacking key is provided in the embodiment of the present invention, can have solved in existing method the fully problem of the fail safe of test key.
In order to solve the problems of the technologies described above, the embodiment of the invention discloses following technical scheme:
On the one hand, provide a kind of method of attacking key, described method comprises:
The length that rsa cryptosystem computing is set is t, adopts the key of being attacked to carry out rsa cryptosystem computing to data, and the key that obtains being attacked carries out the first power consumption curve of Montgomery Algorithm;
Whether be all hardware realize, if be all that hardware is realized, attack unsuccessfully if by simple energy, being attacked/being analyzed the rsa cryptosystem computing in the first power consumption curve described in the methods analyst of SPA;
Otherwise, according to the execution number of times that in described the first power consumption curve, mould is taken advantage of, obtain test key, with described test key and the key attacked, identical random data is carried out to crypto-operation, whether judged result is consistent, if consistent, success attack;
Wherein, described rsa cryptosystem computing realizes for adopting Montgomery Algorithm standard RSA decrypt operation or signature computing.
In conjunction with first aspect, in the first of first aspect may implementation, describedly according to the mould in described the first power consumption curve, take advantage of number of times to obtain test key, specifically comprise:
If the execution number of times that in described the first power consumption curve, mould is taken advantage of is not 2t time, described in dividing, analyses loop control, the judgement statement in the first power consumption curve and judge that statement adds the order of the waveform appearance of loop control, obtains described test key;
If the execution number of times that in described the first power consumption curve, mould is taken advantage of is 2t time, by analyzing loop control in described the first power consumption curve, add the order that waveform that condition judgment one and loop control add condition judgment two occurs, obtain described test key.
The first possibility implementation in conjunction with first aspect, the second possibility implementation of first aspect is also provided, if the execution number of times that in described the first power consumption curve, mould is taken advantage of is 2t time, obtain after described test key, with described test key and the key attacked, identical random data is carried out to crypto-operation, judge that whether described result is consistent, if consistent, success attack, if inconsistent, described test key is pressed to bit negate, with the key test key after described negate and that attacked, identical random data is carried out to crypto-operation, judge that whether described result is consistent, if consistent, success attack.
The first possibility implementation in conjunction with first aspect, the third possibility implementation of first aspect is also provided, by analyzing loop control, the judgement statement in the first power consumption curve and judging that statement adds the order of the waveform appearance of loop control, obtain described test key, specifically comprise:
From described the first power consumption curve, analyze the second power consumption curve corresponding to loop control, judge that the 3rd power consumption curve and judgement statement that statement is corresponding add the 4th power consumption curve corresponding to loop control;
From t-1 bit to 0 bit, confirm successively the bit value of the i bit of described test key, to obtain described test key, wherein, i is integer, and 0≤i≤t-1.
The third possibility implementation in conjunction with first aspect, the 4th kind of possibility implementation of first aspect is also provided, from described the first power consumption curve, analyze the second power consumption curve corresponding to loop control, judge that the 3rd power consumption curve and judgement statement that statement is corresponding add the 4th power consumption curve corresponding to loop control, specifically comprise:
The longest waveform of time of implementation is described the 4th power consumption curve;
If the next waveform after described the 4th power consumption curve is different from the 4th power consumption curve, this waveform is the 3rd power consumption curve;
The waveform that is different from described the 3rd power consumption curve and the 4th power consumption curve is the second power consumption curve.
In conjunction with the 4th kind of possibility implementation of first aspect, the 5th kind of possibility implementation of first aspect is also provided, the bit value of described confirmation test key i bit, specifically comprises:
Judge that described mould takes advantage of the type of power consumption curve below;
If the waveform of twice mould between taking advantage of is described the 3rd power consumption curve, the value of described i bit is 1;
If the waveform after front mould is taken advantage of is described the 4th power consumption curve, the value of described i bit is 0.
In the first possibility implementation in conjunction with first aspect, the 6th kind of possibility implementation of first aspect is also provided, if the execution number of times that in described the first power consumption curve, mould is taken advantage of is 2t time, by analyzing loop control in the first power consumption curve, add the order that waveform that condition judgment one and loop control add condition judgment two occurs, obtain described test key, specifically comprise:
The method of utilizing SPA and TA to combine analyzes the 5th power consumption curve corresponding to waveform that loop control adds condition judgment one from described the first power consumption curve, and loop control adds the 6th power consumption curve corresponding to waveform of condition judgment two;
From t-1 bit to 0 bit, confirm successively the bit value of the i bit of described test key, to obtain described test key, wherein, i is integer, and 0≤i≤t-1.
In the 6th kind of possibility implementation in conjunction with first aspect, the 7th kind of possibility implementation of first aspect is also provided, from described the first power consumption curve, analyze the 5th power consumption curve corresponding to waveform that loop control adds condition judgment one, loop control adds the 6th power consumption curve corresponding to waveform of condition judgment two, specifically comprises:
Short waveform of time of implementation is described the 5th power consumption curve;
Time of implementation, long waveform was described the 6th power consumption curve.
In the 7th kind of possibility implementation in conjunction with first aspect, also provide the 8th kind of possibility implementation of first aspect, the bit value of described confirmation test key i bit, specifically comprises:
Judge that described mould takes advantage of the type of power consumption curve below;
If the waveform of twice mould between taking advantage of is the 5th power consumption curve, the value of described i bit is 1;
If the waveform after front mould is taken advantage of is the 6th power consumption curve, the value of described i bit is 0.
Second aspect, also provides a kind of attack key device, and described device comprises:
The first power consumption curve acquisition unit, is t for the length of rsa cryptosystem computing is set, and adopts the key of being attacked to carry out rsa cryptosystem computing to data, and the key that obtains being attacked carries out the first power consumption curve of Montgomery Algorithm;
The first judging unit, judges for attacked/analyzed the method for SPA by simple energy whether the rsa cryptosystem computing of described the first power consumption curve is all that hardware is realized, if judgment result is that of described the first judging unit is to attack unsuccessfully;
The second judging unit, if for described the first judging unit, the determination result is NO, according to the execution number of times that in described the first power consumption curve, mould is taken advantage of, obtain test key, with key described test key and that attacked, identical random data is carried out to crypto-operation, and whether judged result is consistent, if consistent, success attack;
Wherein, described rsa cryptosystem computing realizes for adopting Montgomery Algorithm standard RSA decrypt operation or signature computing.
In conjunction with second aspect, in the first possibility implementation of second aspect, described the second judging unit comprises:
The first key acquiring unit, if the execution number of times of taking advantage of for described the first power consumption curve mould is not 2t time, by analyzing loop control, the judgement statement in the first power consumption curve and judging that statement adds the order of the waveform appearance of loop control, obtains described test key;
The second key acquiring unit, if the execution number of times of taking advantage of for described the first power consumption curve mould is 2t time, by analyzing loop control in the first power consumption curve, add the order that waveform that condition judgment one and loop control add condition judgment two occurs, obtain described test key.
The first possibility implementation in conjunction with second aspect, the second possibility implementation of second aspect is also provided, described device also comprises negate judging unit, if the execution number of times of taking advantage of for described the first power consumption curve mould is 2t time, after obtaining described test key, with described test key and the key attacked, identical random data is carried out to crypto-operation, judge that whether described result is consistent, if consistent, success attack, if inconsistent, described test key is pressed to bit negate, with the key test key after described negate and that attacked, identical random data is carried out to crypto-operation, whether judged result is consistent, if consistent, success attack.
In conjunction with the first possibility implementation of second aspect, the third possibility implementation of second aspect is also provided, described the first key acquiring unit comprises:
First analyzes subelement, for analyzing the second power consumption curve corresponding to loop control from described the first power consumption curve, judging that the 3rd power consumption curve, judgement statement that statement is corresponding add the 4th power consumption curve corresponding to loop control;
The first key obtains subelement, for from t-1 bit to 0 bit, confirms successively the bit value of the i bit of described test key, and to obtain described test key, wherein, i is integer, and 0≤i≤t-1.
May implementation in conjunction with the third of second aspect, also provide the 4th kind of second aspect may implementation, described analysis subelement specifically for:
Judgement the longest waveform of time of implementation is described the 4th power consumption curve;
If the next waveform after described the 4th power consumption curve is different from the 4th power consumption curve, judge that this waveform is the 3rd power consumption curve;
The waveform that judgement is different from described the 3rd power consumption curve and the 4th power consumption curve is the second power consumption curve.
In conjunction with the 4th kind of possibility implementation of second aspect, the 5th kind of possibility implementation of second aspect is also provided, described the first key obtains subelement and comprises:
The first curve judgment sub-unit, for judging that described mould takes advantage of the type of power consumption curve below;
The first bit value is confirmed subelement, if the waveform between taking advantage of for twice mould is the 3rd power consumption curve, the value of confirming described i bit is 1;
If described the first bit value confirms that subelement is also the 4th power consumption curve for the waveform after front mould is taken advantage of, the value of confirming described i bit is 0.
In the first possibility implementation in conjunction with second aspect, also provide the 6th kind of possibility implementation of second aspect, described the second key acquiring unit comprises:
Second analyzes subelement, for the method for utilizing SPA and TA to combine, from described the first power consumption curve, analyze the 5th power consumption curve corresponding to waveform that loop control adds condition judgment one, loop control adds the 6th power consumption curve corresponding to waveform of condition judgment two;
The second key obtains subelement, for from t-1 bit to 0 bit, confirms successively the bit value of the i bit of described test key, and to obtain described test key, wherein, i is integer, and 0≤i≤t-1.
In conjunction with the 6th kind of second aspect may implementation in, also provide the 7th kind of second aspect may implementation, described second analyze subelement specifically for:
Judgement short waveform of time of implementation is described the 5th power consumption curve;
The judgement time of implementation, long waveform was described the 6th power consumption curve.
In the 7th kind of possibility implementation in conjunction with second aspect, also provide the 8th kind of possibility implementation of second aspect, the second key obtains subelement and comprises:
The second curve judgment sub-unit, for judging that described mould takes advantage of the type of power consumption curve below;
The second bit value is confirmed subelement, if the waveform between taking advantage of for twice mould is the 5th power consumption curve, the value of confirming described i bit is 1;
If the second bit value confirms that subelement is also the 6th power consumption curve for the waveform after front mould is taken advantage of, the value of confirming described i bit is 0.
A kind of method of attacking key is disclosed in embodiments of the invention, in described method, utilize the difference of nonidentity operation power consumption curve, and power consumption curve and mould are taken advantage of the relation of carrying out number of times, obtain test key, even in the situation that mould is taken advantage of with mould square without any difference, also can reach the object of attacking key, fully the security performance of test key.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, to the accompanying drawing of required use in embodiment be briefly described below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skills, do not paying under the prerequisite of creative work, can also obtain according to these accompanying drawings other accompanying drawing.
Figure 1 shows that a kind of flow chart of attacking encryption key method of the embodiment of the present invention;
Figure 2 shows that a kind of flow chart that obtains the method for test key of the embodiment of the present invention;
Figure 3 shows that the another kind of the embodiment of the present invention obtains the flow chart of the method for test key;
Figure 4 shows that the flow chart of the another kind attack encryption key method of the embodiment of the present invention;
Figure 5 shows that a kind of structural representation of attacking key device of the embodiment of the present invention;
Figure 6 shows that the structural representation of the another kind attack key device of the embodiment of the present invention.
Embodiment
The following embodiment of the present invention provides a kind of method and apparatus of attacking key, fully the security performance of test key.
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out to clear, complete description, obviously, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Embodiment based in the present invention, those of ordinary skills, not making the every other embodiment obtaining under creative work prerequisite, belong to the scope of protection of the invention.
As shown in Figure 1, the embodiment of the present invention provides a kind of method of attacking key, and described method comprises:
In the embodiment of the present invention, data are carried out to crypto-operation and comprise standard RSA signature computing or the decrypt operation that adopts Montgomery Algorithm to realize to data, to the computing of signing of input message, or the ciphertext of input is carried out to standard RSA signature decrypt operation.
Whether step 120, be all that hardware is realized by the rsa cryptosystem computing in the first power consumption curve described in the methods analyst of SPA, if be all that hardware is realized, goes to step 130, otherwise, go to step 140.
The test key getting is identical with the key of being attacked, and can think to cipher key attacks success.But because the key of being attacked is normally sightless, or cannot directly read out in smart card, therefore cannot judge intuitively that whether test key is identical with the key of being attacked, therefore in embodiments of the present invention, the key that adopts test key and attacked carries out crypto-operation to identical random data, if result is consistent, just think that test key is identical with the key of being attacked, think to cipher key attacks success.
In the method for the embodiment of the present invention, utilize the difference of the power consumption curve of hardware realization and software realization, and power consumption curve and mould take advantage of the relation of carrying out number of times to obtain test key, even in the situation that mould is taken advantage of with mould square without any difference, also can reach the object of attacking key, fully the security performance of test key.
In step 140, according to the mould in described the first power consumption curve, take advantage of number of times to obtain test key, specifically comprise:
If the execution number of times that in described the first power consumption curve, mould is taken advantage of is not 2t time, by minute described in analyse loop control in the first power consumption curve, judgement statement, judgement statement and add the order that the waveform of loop control occurs, obtain described test key; Now, to take advantage of the desired value of carrying out number of times be 3t/2 time to mould.
If the execution number of times that in described the first power consumption curve, mould is taken advantage of is 2t time, by analyzing loop control in described the first power consumption curve, add the order that waveform that condition judgment one, loop control add condition judgment two occurs, obtain described test key.
Software computing comprises two class implementations, first kind implementation be loop control, judgement statement, judgement statement add loop control, another kind of implementation is that loop control adds condition judgment one, loop control adds condition judgment two.The execution number of times that in two class implementations, mould is taken advantage of is different, therefore by different moulds, is taken advantage of and is carried out number of times and dissimilar implementation, can obtain test key.
As shown in Figure 2, by analyzing loop control in the first power consumption curve, judgement statement, judgement statement, add the order that the waveform of loop control occurs, specifically comprise:
Step 210 analyzes the second power consumption curve corresponding to loop control, judges that the 3rd power consumption curve and judgement statement that statement is corresponding add the 4th power consumption curve corresponding to loop control from described the first power consumption curve.
Concrete grammar is: the longest waveform of time of implementation is described the 4th power consumption curve; If the next waveform after described the 4th power consumption curve is different from the 4th power consumption curve, this waveform is the 3rd power consumption curve; The waveform that is different from described the 3rd power consumption curve and the 4th power consumption curve is the second power consumption curve.
Step 220, from t-1 bit to 0 bit, confirms the bit value of the i bit of described test key successively, and to obtain described test key, wherein, i is integer, and 0≤i≤t-1.
The bit value of described confirmation test key i bit, specifically comprises:
Judge that described mould takes advantage of the type of power consumption curve below;
If the waveform of twice mould between taking advantage of is described the 3rd power consumption curve, the value of described i bit is 1;
If the waveform after front mould is taken advantage of is described the 4th power consumption curve, the value of described i bit is 0.
While utilizing running software, the time that different branches carry out is discrepant, therefore can by different power consumption curves, obtain the bit value of each bit of test key, to obtain test key.
As shown in Figure 3, if the execution number of times that in described the first power consumption curve, mould is taken advantage of is 2t time, by analyzing loop control in the first power consumption curve, add the order that waveform that condition judgment one, loop control add condition judgment two occurs, obtain described test key, specifically comprise:
Wherein, short waveform of time of implementation is the 5th power consumption curve, and the time of implementation, long waveform was the 6th power consumption curve.
The bit value of described confirmation test key i bit, specifically comprises:
Judge that described mould takes advantage of the type of power consumption curve below;
If the waveform of twice mould between taking advantage of is the 5th power consumption curve, the value of described i bit is 1;
If the waveform after front mould is taken advantage of is the 6th power consumption curve, the value of described i bit is 0.
Described attack method also comprises:
If the execution number of times that in described the first power consumption curve, mould is taken advantage of is 2t time, obtain after described test key, with described test key and the key attacked, identical random data is carried out to crypto-operation, judge that whether described result is consistent, if consistent, success attack, if inconsistent, presses bit negate to described test key, with the key test key after described negate and that attacked, identical random data is carried out to crypto-operation, judge that whether described result is consistent, if consistent, success attack.
In the embodiment of the present invention, the 5th power consumption curve there is no obvious associated with the 6th power consumption curve and the value of bit, therefore, when confirming the bit value of each bit of test key, conventionally first suppose, for example, suppose that the 5th power consumption curve corresponding to waveform that loop control adds condition judgment one represents that the bit value of current bit is 1.Under this assumed condition, obtain a test key, judge this test key whether identical with the key attacked.For ease of distinguishing, this test key is called test key A.
If test key A is different from the key of being attacked, attack unsuccessfully, think that null hypothesis is wrong, now further suppose that the 5th power consumption curve corresponding to waveform that loop control adds condition judgment one represents that the bit value of current bit is 0, is equivalent to the bit value negate to each bit of test key A.Finally judge that whether the test key B after test key A negate is identical with the key of being attacked, judge that whether attack is successful.
The attack encryption key method of the embodiment of the present invention, utilize the difference of the power consumption curve of hardware realization and software realization, power consumption curve and mould are taken advantage of the relation of carrying out number of times, and the different power consumption curve in dissimilar implementation and the corresponding relation of key obtain test key, even in the situation that mould is taken advantage of with mould square without any difference, also can reach the object of attacking key, fully the security performance of test key.
The attack encryption key method of the embodiment of the present invention, can also be for attacking stationary window method and slip window sampling scheduling algorithm.
As shown in Figure 4, the invention also discloses the attack encryption key method of another kind of embodiment, described method comprises:
Whether step 402, be all that hardware is realized by the rsa cryptosystem computing in the first power consumption curve described in the methods analyst of SPA, if be all that hardware is realized, goes to step 403, if not, goes to step 404.
Step 405 analyzes the second power consumption curve corresponding to loop control, judges that the 3rd power consumption curve and judgement statement that statement is corresponding add the 4th power consumption curve corresponding to loop control from described the first power consumption curve.
The bit value of described confirmation test key i bit, specifically comprises:
Judge that described mould takes advantage of the type of power consumption curve below;
If the waveform of twice mould between taking advantage of is described the 3rd power consumption curve, the value of described i bit is 1;
If the waveform after front mould is taken advantage of is described the 4th power consumption curve, the value of described i bit is 0.
Short waveform of time of implementation is the 5th power consumption curve, and the time of implementation, long waveform was the 6th power consumption curve.
Step 411: success attack.
The attack encryption key method of the embodiment of the present invention, utilize the difference of the power consumption curve of hardware realization and software realization, and power consumption curve and mould are taken advantage of the relation of carrying out number of times, and the different power consumption curve in dissimilar implementation and the corresponding relation of key obtain test key, even in the situation that mould is taken advantage of with mould square without any difference, also can reach the object of attacking key, fully the security performance of test key.
As shown in Figure 5, the invention also discloses the attack key device of a kind of embodiment, comprising:
The first power consumption curve acquisition unit 500, is t for the length of rsa cryptosystem computing is set, and adopts the key of being attacked to carry out rsa cryptosystem computing to data, and the key that obtains being attacked carries out the first power consumption curve of Montgomery Algorithm;
The first judging unit 600, judges for the method by SPA whether the rsa cryptosystem computing of described the first power consumption curve is all that hardware is realized, if judgment result is that of described the first judging unit is to attack unsuccessfully;
The second judging unit 700, if for described the first judging unit, the determination result is NO, according to the execution number of times that in described the first power consumption curve, mould is taken advantage of, obtain test key, with key described test key and that attacked, identical random data is carried out to crypto-operation, and whether judged result is consistent, if consistent, success attack;
Wherein, described rsa cryptosystem computing realizes for adopting Montgomery Algorithm standard RSA decrypt operation or signature computing.
As shown in Figure 6, described the second judging unit 700 comprises:
The first key acquiring unit 710, if the execution number of times of taking advantage of for described the first power consumption curve mould is not 2t time, by analyzing loop control, the judgement statement in the first power consumption curve and judging that statement adds the order of the waveform appearance of loop control, obtains described test key;
The second key acquiring unit 720, if the execution number of times of taking advantage of for described the first power consumption curve mould is 2t time, by analyzing loop control in the first power consumption curve, add the order that waveform that condition judgment one, loop control add condition judgment two occurs, obtain described test key.
Described device also comprises negate judging unit 800, if the execution number of times of taking advantage of for described the first power consumption curve mould is 2t time, after obtaining described test key, with described test key and the key attacked, identical random data is carried out to crypto-operation, judge that whether described result is consistent, if consistent, success attack, if inconsistent, described test key is pressed to bit negate, with the key test key after described negate and that attacked, identical random data is carried out to crypto-operation, whether judged result is consistent, if consistent, success attack.
Described the first key acquiring unit 710 comprises:
First analyzes subelement 711, for analyzing the second power consumption curve corresponding to loop control from described the first power consumption curve, judging that the 3rd power consumption curve, judgement statement that statement is corresponding add the 4th power consumption curve corresponding to loop control;
The first key obtains subelement 712, for from t-1 bit to 0 bit, confirms successively the bit value of the i bit of described test key, and to obtain described test key, wherein, i is integer, and 0≤i≤t-1.
First analyze subelement 711 specifically for:
Judgement the longest waveform of time of implementation is described the 4th power consumption curve;
If the next waveform after described the 4th power consumption curve is different from the 4th power consumption curve, judge that this waveform is the 3rd power consumption curve;
The waveform that judgement is different from described the 3rd power consumption curve and the 4th power consumption curve is the second power consumption curve.
Described the first key obtains subelement 712 and comprises:
The first curve judgment sub-unit 7121, for judging that described mould takes advantage of the type of power consumption curve below;
The first bit value is confirmed subelement 7122, if the waveform between taking advantage of for twice mould is the 3rd power consumption curve, the value of confirming described i bit is 1;
If described the first bit value confirms that subelement 7122 is also the 4th power consumption curve for the waveform after front mould is taken advantage of, the value of confirming described i bit is 0.
Described the second key acquiring unit 720 comprises:
Second analyzes subelement 721, for the method for utilizing SPA and TA to combine, from described the first power consumption curve, analyze the 5th power consumption curve corresponding to waveform that loop control adds condition judgment one, loop control adds the 6th power consumption curve corresponding to waveform of condition judgment two;
The second key obtains subelement 722, for from t-1 bit to 0 bit, confirms successively the bit value of the i bit of described test key, and to obtain described test key, wherein, i is integer, and 0≤i≤t-1.
Second analyze subelement 721 specifically for: judgement short waveform of time of implementation is described the 5th power consumption curve;
The judgement time of implementation, long waveform was described the 6th power consumption curve.
The second key obtains subelement 722 and comprises:
The second curve judgment sub-unit 7221, for judging that described mould takes advantage of the type of power consumption curve below;
The second bit value is confirmed subelement 7222, if the waveform between taking advantage of for twice mould is the 5th power consumption curve, the value of confirming described i bit is 1;
If the second bit value confirms that subelement 7222 is also the 6th power consumption curve for the waveform after front mould is taken advantage of, the value of confirming described i bit is 0.
The attack key device of the embodiment of the present invention, utilize the difference of nonidentity operation power consumption curve, and power consumption curve and mould are taken advantage of the relation of carrying out number of times, and the different power consumption curve in dissimilar implementation and the corresponding relation of key obtain test key, reach the object of attacking key, fully the security performance of test key.
The embodiment of the invention discloses a kind of attack encryption key method and attack key device, described method comprises: adopt the key of being attacked to carry out rsa cryptosystem computing to data, the key that obtains being attacked carries out the first power consumption curve of Montgomery Algorithm; By the rsa cryptosystem computing in the first power consumption curve described in the methods analyst of SPA, whether be all that hardware is realized, if be all that hardware is realized, attack unsuccessfully; If not, according to the execution number of times that in described the first power consumption curve, mould is taken advantage of, obtain test key, with described test key and the key attacked, identical random data is carried out to crypto-operation, whether judged result is consistent, if consistent, success attack.Attack method of the present invention and device, can obtain test key, even in the situation that mould is taken advantage of with mould square without any difference, also can reach the object of attacking key, fully the security performance of test key.
Those skilled in the art can be well understood to the mode that technology in the embodiment of the present invention can add essential common hardware by software and realize, common hardware comprises universal integrated circuit, universal cpu, general-purpose storage, universal elements etc., can certainly comprise that application-specific integrated circuit (ASIC), dedicated cpu, private memory, special-purpose components and parts etc. realize by specialized hardware, but in a lot of situation, the former is better execution mode.Understanding based on such, the part that technical scheme in the embodiment of the present invention contributes to prior art in essence in other words can embody with the form of software product, this computer software product can be stored in storage medium, as read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disc, CD etc., comprise that some instructions are with so that a computer equipment (can be personal computer, server, or the network equipment etc.) method described in some part of execution each embodiment of the present invention or embodiment.
Each embodiment in this specification all adopts the mode of going forward one by one to describe, between each embodiment identical similar part mutually referring to, each embodiment stresses is the difference with other embodiment.Especially, for system embodiment, because it is substantially similar in appearance to embodiment of the method, so description is fairly simple, relevant part is referring to the part explanation of embodiment of the method.
Above-described embodiment of the present invention, does not form limiting the scope of the present invention.Any modification of doing within the spirit and principles in the present invention, be equal to and replace and improvement etc., within all should being included in protection scope of the present invention.
Claims (18)
1. a method of attacking key, is characterized in that, described method comprises:
The length that rsa cryptosystem computing is set is t, adopts the key of being attacked to carry out rsa cryptosystem computing to data, and the key that obtains being attacked carries out the first power consumption curve of Montgomery Algorithm;
Whether be all hardware realize, if be all that hardware is realized, attack unsuccessfully if by simple energy, being attacked/being analyzed the rsa cryptosystem computing in the first power consumption curve described in the methods analyst of SPA;
Otherwise, according to the execution number of times that in described the first power consumption curve, mould is taken advantage of, obtain test key, with described test key and the key attacked, identical random data is carried out to crypto-operation, whether judged result is consistent, if consistent, success attack;
Wherein, described rsa cryptosystem computing realizes for adopting Montgomery Algorithm standard RSA decrypt operation or signature computing.
2. the method for attack key as claimed in claim 1, is characterized in that, describedly according to the mould in described the first power consumption curve, takes advantage of number of times to obtain test key, specifically comprises:
If the execution number of times that in described the first power consumption curve, mould is taken advantage of is not 2t time, described in dividing, analyses loop control, the judgement statement in the first power consumption curve and judge that statement adds the order of the waveform appearance of loop control, obtains described test key;
If the execution number of times that in described the first power consumption curve, mould is taken advantage of is 2t time, by analyzing loop control in described the first power consumption curve, add the order that waveform that condition judgment one and loop control add condition judgment two occurs, obtain described test key.
3. the method for attack key as claimed in claim 2, described method also comprises:
If the execution number of times that in described the first power consumption curve, mould is taken advantage of is 2t time, obtain after described test key, with described test key and the key attacked, identical random data is carried out to rsa cryptosystem computing, judge that whether described result is consistent, if consistent, success attack, if inconsistent, described test key is pressed to bit negate, with the key test key after described negate and that attacked, identical random data is carried out to crypto-operation, judge that whether described result is consistent, if consistent, success attack.
4. the method for attack key as claimed in claim 2, is characterized in that, by analyzing loop control, the judgement statement in the first power consumption curve and judging that statement adds the order of the waveform appearance of loop control, obtains described test key, specifically comprises:
From described the first power consumption curve, analyze the second power consumption curve corresponding to loop control, judge that the 3rd power consumption curve and judgement statement that statement is corresponding add the 4th power consumption curve corresponding to loop control;
From t-1 bit to 0 bit, confirm successively the bit value of the i bit of described test key, to obtain described test key, wherein, i is integer, and 0≤i≤t-1.
5. the method for attack key as claimed in claim 4, it is characterized in that, from described the first power consumption curve, analyze the second power consumption curve corresponding to loop control, judge that the 3rd power consumption curve and judgement statement that statement is corresponding add the 4th power consumption curve corresponding to loop control, specifically comprise:
The longest waveform of time of implementation is described the 4th power consumption curve;
If the next waveform after described the 4th power consumption curve is different from the 4th power consumption curve, this waveform is the 3rd power consumption curve;
The waveform that is different from described the 3rd power consumption curve and the 4th power consumption curve is the second power consumption curve.
6. the method for attack key as claimed in claim 5, is characterized in that, the bit value of described confirmation test key i bit, specifically comprises:
Judge that described mould takes advantage of the type of power consumption curve below;
If the waveform of twice mould between taking advantage of is described the 3rd power consumption curve, the value of described i bit is 1;
If the waveform after front mould is taken advantage of is described the 4th power consumption curve, the value of described i bit is 0.
7. attack encryption key method as claimed in claim 2, it is characterized in that, if the execution number of times that in described the first power consumption curve, mould is taken advantage of is 2t time, by analyzing loop control in the first power consumption curve, add the order that waveform that condition judgment one and loop control add condition judgment two occurs, obtain described test key, specifically comprise:
Utilize the method that simple energy is attacked and timing attack combines, analyze the 5th power consumption curve corresponding to waveform that loop control adds condition judgment one from described the first power consumption curve, loop control adds the 6th power consumption curve corresponding to waveform of condition judgment two;
From t-1 bit to 0 bit, confirm successively the bit value of the i bit of described test key, to obtain described test key, wherein, i is integer, and 0≤i≤t-1.
8. attack encryption key method as claimed in claim 7, it is characterized in that, from described the first power consumption curve, analyze the 5th power consumption curve corresponding to waveform that loop control adds condition judgment one, loop control adds the 6th power consumption curve corresponding to waveform of condition judgment two, specifically comprises:
Short waveform of time of implementation is described the 5th power consumption curve;
Time of implementation, long waveform was described the 6th power consumption curve.
9. attack encryption key method as claimed in claim 8, is characterized in that, the bit value of described confirmation test key i bit, specifically comprises:
Judge that described mould takes advantage of the type of power consumption curve below;
If the waveform of twice mould between taking advantage of is the 5th power consumption curve, the value of described i bit is 1;
If the waveform after front mould is taken advantage of is the 6th power consumption curve, the value of described i bit is 0.
10. an attack key device, is characterized in that, described device comprises:
The first power consumption curve acquisition unit, is t for the length of rsa cryptosystem computing is set, and adopts the key of being attacked to carry out rsa cryptosystem computing to data, and the key that obtains being attacked carries out the first power consumption curve of Montgomery Algorithm;
The first judging unit, judges for attacked/analyzed the method for SPA by simple energy whether the rsa cryptosystem computing of described the first power consumption curve is all that hardware is realized, if judgment result is that of described the first judging unit is to attack unsuccessfully;
The second judging unit, if for described the first judging unit, the determination result is NO, according to the execution number of times that in described the first power consumption curve, mould is taken advantage of, obtain test key, with key described test key and that attacked, identical random data is carried out to crypto-operation, and whether judged result is consistent, if consistent, success attack;
Wherein, described rsa cryptosystem computing realizes for adopting Montgomery Algorithm standard RSA decrypt operation or signature computing.
11. devices as claimed in claim 10, is characterized in that, described the second judging unit comprises:
The first key acquiring unit, if the execution number of times of taking advantage of for described the first power consumption curve mould is not 2t time, by analyzing loop control, the judgement statement in the first power consumption curve and judging that statement adds the order of the waveform appearance of loop control, obtains described test key;
The second key acquiring unit, if the execution number of times of taking advantage of for described the first power consumption curve mould is 2t time, by analyzing loop control in the first power consumption curve, add the order that waveform that condition judgment one and loop control add condition judgment two occurs, obtain described test key.
12. devices as claimed in claim 11, it is characterized in that, described device also comprises negate judging unit, if the execution number of times of taking advantage of for described the first power consumption curve mould is 2t time, after obtaining described test key, with described test key and the key attacked, identical random data is carried out to crypto-operation, judge that whether described result is consistent, if consistent, success attack, if inconsistent, described test key is pressed to bit negate, with the key test key after described negate and that attacked, identical random data is carried out to crypto-operation, whether judged result is consistent, if consistent, success attack.
13. devices as claimed in claim 11, is characterized in that, described the first key acquiring unit comprises:
First analyzes subelement, for analyzing the second power consumption curve corresponding to loop control from described the first power consumption curve, judging that the 3rd power consumption curve, judgement statement that statement is corresponding add the 4th power consumption curve corresponding to loop control;
The first key obtains subelement, for from t-1 bit to 0 bit, confirms successively the bit value of the i bit of described test key, and to obtain described test key, wherein, i is integer, and 0≤i≤t-1.
14. devices as claimed in claim 13, is characterized in that, described analysis subelement specifically for:
Judgement the longest waveform of time of implementation is described the 4th power consumption curve;
If the next waveform after described the 4th power consumption curve is different from the 4th power consumption curve, judge that this waveform is the 3rd power consumption curve;
The waveform that judgement is different from described the 3rd power consumption curve and the 4th power consumption curve is the second power consumption curve.
15. devices as claimed in claim 14, is characterized in that, described the first key obtains subelement and comprises:
The first curve judgment sub-unit, for judging that described mould takes advantage of the type of power consumption curve below;
The first bit value is confirmed subelement, if the waveform between taking advantage of for twice mould is the 3rd power consumption curve, the value of confirming described i bit is 1;
If described the first bit value confirms that subelement is also the 4th power consumption curve for the waveform after front mould is taken advantage of, the value of confirming described i bit is 0.
16. devices as claimed in claim 11, is characterized in that, described the second key acquiring unit comprises:
Second analyzes subelement, for utilizing the method that simple energy is attacked and timing attack combines, from described the first power consumption curve, analyze the 5th power consumption curve corresponding to waveform that loop control adds condition judgment one, loop control adds the 6th power consumption curve corresponding to waveform of condition judgment two;
The second key obtains subelement, for from t-1 bit to 0 bit, confirms successively the bit value of the i bit of described test key, and to obtain described test key, wherein, i is integer, and 0≤i≤t-1.
17. devices as claimed in claim 16, is characterized in that, described second analyze subelement specifically for:
Judgement short waveform of time of implementation is described the 5th power consumption curve;
The judgement time of implementation, long waveform was described the 6th power consumption curve.
18. devices as claimed in claim 16, is characterized in that, the second key obtains subelement and comprises:
The second curve judgment sub-unit, for judging that described mould takes advantage of the type of power consumption curve below;
The second bit value is confirmed subelement, if the waveform between taking advantage of for twice mould is the 5th power consumption curve, the value of confirming described i bit is 1;
If the second bit value confirms that subelement is also the 6th power consumption curve for the waveform after front mould is taken advantage of, the value of confirming described i bit is 0.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310535334.4A CN103560877B (en) | 2013-11-01 | 2013-11-01 | Attack the method and device of key |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310535334.4A CN103560877B (en) | 2013-11-01 | 2013-11-01 | Attack the method and device of key |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103560877A true CN103560877A (en) | 2014-02-05 |
| CN103560877B CN103560877B (en) | 2016-11-23 |
Family
ID=50015034
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310535334.4A Active CN103560877B (en) | 2013-11-01 | 2013-11-01 | Attack the method and device of key |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103560877B (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104780051A (en) * | 2015-04-24 | 2015-07-15 | 成都信息工程学院 | Side channel attack method for SM2 public key cryptography encryption algorithm |
| CN104796250A (en) * | 2015-04-11 | 2015-07-22 | 成都信息工程学院 | Side channel attack method for implementation of RSA (Rivest, Shamir and Adleman) cipher algorithms M-ary |
| CN104836666A (en) * | 2015-04-20 | 2015-08-12 | 成都信息工程学院 | Power analysis attack method for SM2 decryption algorithm |
| CN107241198A (en) * | 2017-08-01 | 2017-10-10 | 北京智慧云测科技有限公司 | The security assessment method and device of a kind of elliptic curve |
| CN107786323A (en) * | 2016-08-30 | 2018-03-09 | 航天信息股份有限公司 | A kind of method in correlation side-channel attack lieutenant colonel middle variable result of calculation |
| CN107786324A (en) * | 2016-08-30 | 2018-03-09 | 航天信息股份有限公司 | A kind of method in correlation side-channel attack lieutenant colonel middle variable result of calculation |
| CN108242994A (en) * | 2016-12-26 | 2018-07-03 | 阿里巴巴集团控股有限公司 | The treating method and apparatus of key |
| CN108924161A (en) * | 2018-08-13 | 2018-11-30 | 南京敞视信息科技有限公司 | A kind of encrypted transaction data communication means and system |
| CN109417467A (en) * | 2016-07-22 | 2019-03-01 | 高通股份有限公司 | Montgomery Algorithm with side-channel attacks countermeasure |
| CN112968761A (en) * | 2021-03-15 | 2021-06-15 | 北京理工大学 | Artificial intelligence side channel analysis method for cryptographic algorithm |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1645791A (en) * | 2003-11-12 | 2005-07-27 | 松下电器产业株式会社 | RSA public key generation apparatus, RSA decryption apparatus, and RSA signature apparatus |
| US20070162534A1 (en) * | 2005-04-22 | 2007-07-12 | Stmicroelectronics S.A. | Protection of a calculation performed by an integrated circuit |
| CN101133593A (en) * | 2003-07-31 | 2008-02-27 | 格姆普拉斯公司 | Method for the secure application of a cryptographic algorithm of the RSA type and corresponding component |
-
2013
- 2013-11-01 CN CN201310535334.4A patent/CN103560877B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101133593A (en) * | 2003-07-31 | 2008-02-27 | 格姆普拉斯公司 | Method for the secure application of a cryptographic algorithm of the RSA type and corresponding component |
| CN1645791A (en) * | 2003-11-12 | 2005-07-27 | 松下电器产业株式会社 | RSA public key generation apparatus, RSA decryption apparatus, and RSA signature apparatus |
| US20070162534A1 (en) * | 2005-04-22 | 2007-07-12 | Stmicroelectronics S.A. | Protection of a calculation performed by an integrated circuit |
Non-Patent Citations (1)
| Title |
|---|
| 李欣: "RSA公钥密码算法的能量分析攻击与防御研究", 《中国优秀硕士学位论文全文数据库》, no. 12, 15 December 2006 (2006-12-15), pages 23 - 29 * |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104796250B (en) * | 2015-04-11 | 2018-05-25 | 成都信息工程学院 | The side-channel attack method realized for rsa cryptosystem algorithm M-ary |
| CN104796250A (en) * | 2015-04-11 | 2015-07-22 | 成都信息工程学院 | Side channel attack method for implementation of RSA (Rivest, Shamir and Adleman) cipher algorithms M-ary |
| CN104836666A (en) * | 2015-04-20 | 2015-08-12 | 成都信息工程学院 | Power analysis attack method for SM2 decryption algorithm |
| CN104836666B (en) * | 2015-04-20 | 2019-04-12 | 成都信息工程学院 | A method of for the power analysis of SM2 decipherment algorithm |
| CN104780051B (en) * | 2015-04-24 | 2019-04-12 | 成都信息工程学院 | For the method for the side-channel attack of SM2 public key cryptography Encryption Algorithm |
| CN104780051A (en) * | 2015-04-24 | 2015-07-15 | 成都信息工程学院 | Side channel attack method for SM2 public key cryptography encryption algorithm |
| CN109417467A (en) * | 2016-07-22 | 2019-03-01 | 高通股份有限公司 | Montgomery Algorithm with side-channel attacks countermeasure |
| CN107786324A (en) * | 2016-08-30 | 2018-03-09 | 航天信息股份有限公司 | A kind of method in correlation side-channel attack lieutenant colonel middle variable result of calculation |
| CN107786323A (en) * | 2016-08-30 | 2018-03-09 | 航天信息股份有限公司 | A kind of method in correlation side-channel attack lieutenant colonel middle variable result of calculation |
| CN108242994A (en) * | 2016-12-26 | 2018-07-03 | 阿里巴巴集团控股有限公司 | The treating method and apparatus of key |
| CN107241198A (en) * | 2017-08-01 | 2017-10-10 | 北京智慧云测科技有限公司 | The security assessment method and device of a kind of elliptic curve |
| CN108924161A (en) * | 2018-08-13 | 2018-11-30 | 南京敞视信息科技有限公司 | A kind of encrypted transaction data communication means and system |
| CN112968761A (en) * | 2021-03-15 | 2021-06-15 | 北京理工大学 | Artificial intelligence side channel analysis method for cryptographic algorithm |
| CN112968761B (en) * | 2021-03-15 | 2022-04-19 | 北京理工大学 | Artificial intelligence side channel analysis method for cryptographic algorithm |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103560877B (en) | 2016-11-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103560877A (en) | Method and device for attacking secret key | |
| Bauer et al. | Horizontal collision correlation attack on elliptic curves: –Extended Version– | |
| Oswald et al. | Template attacks on masking—resistance is futile | |
| Yen et al. | Power analysis by exploiting chosen message and internal collisions–vulnerability of checking mechanism for RSA-decryption | |
| Ors et al. | Power-analysis attack on an ASIC AES implementation | |
| EP2523385A1 (en) | Method and circuit for cryptographic operation | |
| Dabosville et al. | A new second-order side channel attack based on linear regression | |
| US8817973B2 (en) | Encrypting method having countermeasure function against power analyzing attacks | |
| CN111817842B (en) | Energy analysis attack testing device and method for RSA-CRT operation | |
| Poussier et al. | A systematic approach to the side-channel analysis of ECC implementations with worst-case horizontal attacks | |
| Guo et al. | Exploiting the incomplete diffusion feature: A specialized analytical side-channel attack against the AES and its application to microcontroller implementations | |
| CN112653546A (en) | Fault attack detection method based on power consumption analysis | |
| Hu et al. | An effective differential power attack method for advanced encryption standard | |
| Diop et al. | Collision based attacks in practice | |
| Fouque et al. | Defeating countermeasures based on randomized BSD representations | |
| Yin et al. | A novel spa on ecc with modular subtraction | |
| Pontie et al. | Dummy operations in scalar multiplication over elliptic curves: a tradeoff between security and performance | |
| Saeedi et al. | Fuzzy analysis of side channel information | |
| Walter | Issues of security with the oswald-aigner exponentiation algorithm | |
| CN104573544B (en) | The anti-attack method and device of data, RSA modular exponentiation operation method, device and circuit | |
| Rahaman et al. | Side channel attack prevention for AES smart card | |
| Jiang et al. | Profiling attack on modular multiplication of elliptic curve cryptography | |
| Takemura et al. | ECC Atomic Block with NAF against Strong Side-Channel Attacks on Binary Curves | |
| Kabin et al. | EC P-256: Successful simple power analysis | |
| CN102970145A (en) | Signature method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20210729 Address after: 100083 No. 211 middle Fourth Ring Road, Haidian District, Beijing Patentee after: CETC (Beijing) information evaluation and Certification Co.,Ltd. Patentee after: BEIJING HUADA INFOSEC TECHNOLOGY, Ltd. Address before: 100083 No. 211 middle Fourth Ring Road, Haidian District, Beijing Patentee before: NO.15 INSTITUTE OF CHINA ELECTRONICS TECHNOLOGY Group Corp. Patentee before: BEIJING HUADA INFOSEC TECHNOLOGY, Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20240316 Address after: 100083 No. 211 middle Fourth Ring Road, Haidian District, Beijing Patentee after: NO.15 INSTITUTE OF CHINA ELECTRONICS TECHNOLOGY Group Corp. Country or region after: China Patentee after: BEIJING HUADA INFOSEC TECHNOLOGY, Ltd. Address before: 100083 No. 211 middle Fourth Ring Road, Haidian District, Beijing Patentee before: CETC (Beijing) information evaluation and Certification Co.,Ltd. Country or region before: China Patentee before: BEIJING HUADA INFOSEC TECHNOLOGY, Ltd. |
|
| TR01 | Transfer of patent right |