CN1232067C - Data encryption transmission and exchange method in self-cycle balance state and soft-closed management system - Google Patents

Data encryption transmission and exchange method in self-cycle balance state and soft-closed management system Download PDF

Info

Publication number
CN1232067C
CN1232067C CN 01107004 CN01107004A CN1232067C CN 1232067 C CN1232067 C CN 1232067C CN 01107004 CN01107004 CN 01107004 CN 01107004 A CN01107004 A CN 01107004A CN 1232067 C CN1232067 C CN 1232067C
Authority
CN
China
Prior art keywords
data
user
manager
control device
random code
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN 01107004
Other languages
Chinese (zh)
Other versions
CN1305285A (en
Inventor
周学军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN 01107004 priority Critical patent/CN1232067C/en
Publication of CN1305285A publication Critical patent/CN1305285A/en
Application granted granted Critical
Publication of CN1232067C publication Critical patent/CN1232067C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Abstract

The present invention relates to a data encrypting, transmitting and exchanging method under a self-circulation equilibrium state based on one time and one cipher, and a soft closed type centralized management system formed by a data encrypting, transmitting and exchanging method. The present invention is characterized in that random parameters which are different every time are contained in transformation functions of a manager <A> and a user controlled device <B> which encrypt and decrypt data, and thereby, a dynamically equilibrium state of self-circulation encripted protection among data transmitting and exchanging relationships under the condition of one time and one cipher is established. The equilibrium state can be destroyed once the relationship system encounters conditions, such as external intrusion, etc., the data encrypting, transmitting and exchanging relationships between the manager <A> and the user controlled device <B> are automatically isolated, and thereby, a soft closed type protective system for data before and after an event is formed.

Description

The method and the soft-closed management system of data encryption transmission exchange under the one-time pad self-loopa equilibrium state
Technical field
The present invention relates to a kind of method and closed management system that data is carried out the encrypted transmission exchange.
Technical background
Shannon (Shannon) has proved the cryptographic system of one-time pad in theory owing to encrypt to be each time at random, makes cryptanalysis person to go to infer next time enciphered message according to previous enciphered message, thereby is unbreakable.But to use this theory in practice, then need solve serial thorny problems such as instantaneity that each decryption key transmits and fail safe, thereby not have also so far comprehensively that the extensive practicability commercial system of this encryption theory of employing appears on the market.
So-called soft-closed management system, be meant that each unit of internal system is under the situation that on the hardware is open (can be communicated with arbitrarily by the external world) to external world, by currency data in the system being taked the supple-management mode block and extraneous information interchange, then can freely carry out the transmission exchange of data between each unit of internal system.
The example of a kind of supple-management formula system is the rating encrypting and deciphering system of having ready conditions of TV station, for realizing having ready conditions rating, TV station as administrative center broadcasts with cipher mode TV programme, and the user only obtains decryption key and utilizes corresponding decipher just can watch normal TV programme from TV station satisfying under the certain condition (as the back of paying dues).Do not get rid of and have some tissues or individual and obtained by all channels and be connected with another part user's decipher in some way privately again behind the core decryption key of ciphered program and authorize, make a part of user escape rating and the toll administration of TV station it to it.To after being carried out outside invasion behaviors such as active data additional modifications and illegal mandates by administrative unit in this kind system and taking place, this supple-management mode is both not had directly to discover means and also do not have directly effective protective approach technically.
The example of another kind supple-management formula system is the record acquisition system of data, the centre data gatherer is all registered the data logger of disperseing each point, and machine is by the common data transmission network or otherwise the data of scrambled record in the data register are read collection in due course.Do not get rid of and have such situation generation, i.e. imitative centre data gatherer of having stolen after data logger log-on message and the enciphered message, active is connected with the register of each collection point and steals the data that read its record, and the data acquisition that causes the investor of this system to enjoy is separately obtained right and encroached on.To this extraneous initiatively connection by administrative unit plagiarizing the behavior of stealing data, this supple-management mode is both not had directly to discover means and also do not have directly effectively protective approach equally technically.
Another soft centralized management formula system example is computer software online registration mandate guard method post sales: the user must be installed on it on a certain computer earlier after buying certain software, after linking to each other and register by the Internet and software marketing manufacturer are online again, just can obtain the only use authority on this TV station computer of this software; But this does not get rid of the still available various methodologies of this user and remove the restriction that this software can only use on this TV station loom, and remove to use software data duplicate copy after the restriction to use to other people or carry out piracy sale with this and seek profit this.This is initiatively lifted restrictions by administrative unit and copies and duplicate the unlawful practice of using data, and this supple-management mode is both not had directly to discover means and also do not have directly effectively protective approach technically equally.
Supple-management formula system does not in sum have the technological means after initiatively finding self to be invaded by external system, do not have automatically effective baffle system inside yet and carried out the reliable way of exchanges data relation privately with the external world, so all can't become a kind of proper soft-closed management system by administrative unit.The implementation method of above-mentioned various supple-managements is simultaneously generally all designed at the course of work and the structure of concrete system, has cross-platform management implementation general pervasive meaning, unified so all can not rise to.
Summary of the invention
Purpose of the present invention is exactly to utilize the single exclusiveness of random signal and the characteristics of unpredictability; being introduced into the manager of system of the present invention and user adds from the data of digital verification between the control device and bidirectional data transfers exchange; among the deciphering transforming function transformation function; forming one is the dynamic equilibrium of the self-loopa data encryption transmission of existence condition with the one-time pad; keep the periodic duty process of this equilibrium state; just set up a kind of working system with soft-closed management system of pervasive meaning; and an above-mentioned all kinds of difficult problem is solved comprehensively; at the encryption protecting method of objectively also having facilitated this highest level in theory of one-time pad, can in the real system of numerous types, be applied simultaneously with the most direct complete form.
Brief description of drawings
Fig. 1 is that a kind of soft-closed management system of the present invention is formed structure chart
Fig. 2 is the manager operation principle block diagram among Fig. 1
Fig. 3 is that user among Fig. 1 is from control device operation principle block diagram
Below in conjunction with Fig. 1---Fig. 3 is described further operation principle of the present invention.
The best mode that carries out an invention
By the system shown in Figure 1 structure, manager (A) is the data centralization administrative center of whole system, be connected from control device (B) with a plurality of users by the bidirectional data transfers channel, and with log-on message and other the agreement verification msg information of each user under the stored record from control device (B), the user from control device (B) also with the agreement verification msg information of stored record correspondence; The relevant data that utilizes these both sides to prestore is followed a self-defined algorithmic rule of cover and proving program and will be marked off internal system element and outside regulatory boundary, and sets up a kind of soft-closed centralized management system that has principal and subordinate's managerial structure each other thus.
The structure that it should be noted that native system can also have various distortion: 1. when system configuration had only a user from control device (B), native system just developed into point-to-point closed data exchange system; If the functional structure feature that 2. allows each unit both have manager (A) also has the functional structure feature of user from control device (B) simultaneously, promptly two master-slave mode managerial structures of system of the present invention are carried out reverse each other being combined with each other, then native system will develop into symmetrical expression managerial structure system.
Operation principle by manager shown in Figure 2 (A) is: after manager (A) passes through the bidirectional data transfers channel and the user is communicated with from control device (B), data collector (A3) receives sequence code (L) and the digital verification data (Z) that the user is transmitted from control device (B) earlier, separation through data extractor (A4), the digital verification data are sent checking computing comparator (A2), sequence code (L) data are sent user data librarian (A1), after the reservation verification msg of control device (B), send checking computing comparator (A2) in order to access this user who is pre-stored in this again, and in checking computing comparator (A2), carry out the digital verification computing in early stage thus with the digital verification data that before directly pass to.
To the self-defined algorithmic rule and the proving program of what is called digital verification computing in early stage further be illustrated at this.
A kind of self-defined algorithmic rule and proving program of digital verification computing in early stage are:
The digital verification data (Z) that are located at user's generation from control device (B) are: Z1=a R, wherein R is a random number, a is the number of making an appointment;
Self-defining digital verification operation method and step are:
The first step---the user data librarian (A1) from manager (A) accesses agreement checking number a, b, calculates Z2=(Z1) b=a BRAnd Z3=a r, wherein r also is one and produces number at random, Z1 is transmitted from control device (B) by the user, and the calculated value of Z2, Z3 is returned to the user from controlling device (B) again by data collector (A3);
Second step---also from local data memory (B1), access the agreement checking number b that prestores at the checking computing comparator (B2) of user from control device (B), calculate Z4=(Z1) b=a BRAnd Z5=(Z3) b=a Br, with Z4 relatively with the Z2 that transmits, if Z4=Z2 illustrates that then manager (A) is qualified, then pass Z5 back manager (A) by user data transceiver (B3), and wait for the further instruction of manager (A);
The 3rd step---checking computing comparator (A2) calculates Z6=(Z3) again in manager (A) b=a Br, Z6 and the Z5 that passes back are compared, if Z6=Z5 illustrates that then the user also is qualified from control device (B), and this result is conveyed the user from control device (B) by corresponding instruction, enter further work to control it;
So far manager (A) and user have just been finished from the mutual digital verification work in early stage between the control device (B).The functional relation that it should be noted that above-mentioned digital verification also can adopt other form, even can be reduced to employing directly relatively verifying the pre-poke of both sides.
If the mutual digital verification computing in this early stage be able to by, then manager (A) and user will enter the transfer of data exchange course of work together from control device (B):
1) manager (A) encrypted transmission datamation
Manager data to be passed (X) is input to scrambled device (A7), will be by substitution and manager of extracting artificially selected by the manager from encrypting and decrypting function exam pool manager (A8) at this
The data encryption function formula:
X Close=F i(L, S, X)
X wherein---be manager data to be passed; (X ∈ set of real numbers)
X Close---be encrypted manager data; (X CloseThe ∈ set of real numbers)
F i---be the manager data encryption function, i is its code;
L---be the sequence code of user from control device (B); (L ∈ set of real numbers)
S---a scrambling parameter for generating with random number way is referred to as at random
Sign indicating number.(S ∈ manifold)
After carrying out compose operation with this relational expression, manager data to be passed (X) will be generated encrypted manager data (X by positive-going transition Close), and by data collector (A3) and bidirectional data transfers channel send to the user from the control device (B).
2) manager (A) receives the decryption work after the enciphered data
Transmit the encrypt user data (Y of user by the bidirectional data transfers channel from control device (B) Close), receive through data collector (A3), and pass to unscrambling decoding device (A5) after data extractor (A4) separation.Unscrambling decoding device (A5) will be by extracting corresponding user data decryption function formula from encrypting and decrypting function exam pool manager (A8):
Y=d j(L, S, Y Close)
Y wherein---be user data; (Y ∈ set of real numbers)
Y Close---encrypted user data; (Y CloseThe ∈ set of real numbers)
d j---be the corresponding user data decryption function, j is its code.
After carrying out compose operation with this relational expression, encrypt user data (Y Close) will be reduced to user data (Y) by the inverse transformation deciphering, and give relevant device and handle.
It should be noted that: in the early stage of carrying out the encrypted transmission swap data, [T ∈ set of real numbers also can directly adopt the random code (S) that prestores to take on generally can also to pass the pre-approximate number (T) that goes both sides to make an appointment from control device (B) to manager (A) encryption earlier by the user.], manager (A) send in the checking computing comparator (A2) after this encrypted session number (T) [or random code that prestores (S)] is deciphered by unscrambling decoding device (A5), and compare with the pre-approximate number (T) [or random code (S) of retaining] of self retaining that from user data librarian (A1), takes out, if the two is identical, then the pre-approximate number (T) that prestores in the user data librarian (A1) is also encrypted and sent to the user and from control device (B) and user rs authentication computing comparator (B2) thereof, carry out same comparatively validate, if the two is still identical, just can proceed ensuing mutual transfer of data exchange work; Otherwise if the two difference, then stop next step work and alarmed; Just can before formal transfer of data exchange beginning, finish further checking and protection in this way to mutual closure, make data encryption transmission exchanging safety security system of the present invention can be on more rigorous meaning and more perfect formal realization to the prior protection of data to be transferred.
In the work of above-mentioned data encryption transmission exchange is carried out: pseudo-noise code generator (A6) also will according to produce a new random code (S ') self-defining opportunity and with other verification msg after new change [as a of digital verification msg or b etc., but generally not all to change after control device (B) is communicated with the user at every turn, but can come self-defined its change opportunity and numerical value by the manager at manager (A).] be transformed into enciphered data by scrambled device (A7) together after, again by data collector (A3) and bidirectional data transfers channel transfer to the user from control device (B); To compare this reception and the new random code that decrypts (S ') with the existing random code of using (S) of just working at the XOR comparator (B6) of user from control device (B), if the two difference is then encrypted this new random code S ' again and sent back manager [A]; The new random code (S ') that manager [A] then sends back this encryption is delivered to comparator (A9) after deciphering by unscrambling decoding device (A5), compare with the new random code (S ') that before produced and resided in this at this, if the two is identical, illustrate that then the new random code (S ') that the user receives from control device (B) is accurately, therefore this new random code (S ') is deposited in the user data librarian (A1) corresponding to the storage space that prestores of this user from the sequence code (L) of control device (B), meanwhile manager (A) also will send instruction from control device (B) to the user, allow the user also synchronously the new random code (S ') that has received is deposited into the storage space that prestores of subscriber's local data storage (B1) from control device (B), machine in due course, can be chosen to be one of following condition this opportunity: 1. each manager (A) and user carry out in exchanges data finishes from control device (B); 2. manager (A) and user from control device (B) in just be communicated with next time; 3. other are artificial from imposing a condition etc.Both sides will be more synchronously with new random code (S ') replace replacement existing separately work random code (S); If relatively these two new random codes are unequal in comparator (A9), then will produce a signal go to trigger the random code that pseudo-noise code generator (A6) produces a renewal again again (S "); and repeat the above-mentioned course of work once more is until finish above-mentioned work in several; If can't finish above-mentioned work all the time, manager (A) will stop this process, and be alarmed.So far just finished manager (A) with the user from the transfer of data exchange work overall process of control device (B) after once being communicated with.
It should be noted that: if 1. both sides finish prestoring of new random code (S '), but when also not finishing the replacing it of random code (S), situations such as exchanges data accidental interruption (as unexpected power down or go offline etc.) take place suddenly, then new random code (S ') will continue to remain in the position that prestores, and in recovering this, have no progeny or both sides when being communicated with once more, the new random code of at first these both sides being retained (S ') is carried out homogeny to be judged, just can carry out follow-up work when having only the two identical, otherwise will be alarmed; 2. the course of work of the replacement of digital verification data (a, b etc.) and pre-approximate number (T) renewal and storage is also similar with the above-mentioned course of work, does not relatively differentiate but do not need that generally data are carried out XOR.
By user shown in Figure 3 from the operation principle of controlling device (B) be: after manager (A) passes through the bidirectional data transfers channel-connectivity with the user from control device (B), user rs authentication computing comparator (B2) produce a checking number (as: Z1=a at random with elder generation R) also send manager (A) to by user data transceiver (B3) and bidirectional data transfers passage together in company with the sequence code of from subscriber's local data storage (B1), extracting (L), begin matching management device (A) thus and carry out aforesaid digital verification process.If checking is passed through smoothly, the exchange process that then will enter the data encryption transmission and receive:
1) user is from control device (B) encrypted transmission datamation
User data to be passed (Y), the agreement ciphering user data function formula that by user encryption encoder (B7) time, will from subscriber's local data storage (B1), be extracted by substitution:
Y Close=D j(L, S, Y)
D wherein j---be the ciphering user data function of agreement, j is its code, separates with user data
Close function d jBecome the inverse transformation relation each other.
After carrying out compose operation with this relational expression, user data to be passed (Y) will be generated encrypted user data (Y by positive-going transition Close), and pass through user data transceiver (B3) and send manager (A) to by the bidirectional data transfers channel.
2) user is from controlling the decryption work after device (B) receives enciphered data
Encryption manager data (the X that manager (A) transmits by the bidirectional data transfers channel Close), after user data transceiver (B3) receives, send user's unscrambling decoding device (B4), and with the corresponding manager data decryption function formula that from subscriber's local data storage (B1), extracts:
X=f i(L, S, X Close)
F wherein i---be the manager data decryption function of correspondence, i is its code, with the manager number
According to encryption function F iBecome the inverse transformation relation each other.
After carrying out compose operation with this relational expression, encryption manager data (X Close) will be reduced to manager data (X) by inverse transformation deciphering, and through data extractor (B5) undertaken by all types of data from after, offer corresponding use equipment or parts respectively and use.
It should be noted that: 1. both sides' data encryption function also can be reduced to F i(S, X), D jForms such as (S, X), its corresponding data decryption function also can be reduced to f i(S, X Close), d j(S, Y Close) etc. form; If 2. F i=D j, f i=d j, system then of the present invention is referred to as symmetrical expression bidirectional encipher transmission system, otherwise then is called asymmetric bidirectional encipher transmission system.
In the course of work of above-mentioned enciphered data exchange, the user also will receive manager (A) from control device (B) and encrypt the new random code (S ') transmit, give XOR comparator (B6) after the separating of deciphering by user's unscrambling decoding device (B4) and data extractor (B5); In XOR comparator (B6), will compare this new random code (S ') that transmits with the existing random code of using (S) of just working,, then will enter aforementioned both sides' the synchronous pre-stored course of work of new random code (S ') as if the two difference; If the two is identical, then XOR comparator (B6) will add an increment Delta δ to this new random code (S '), be about to S ' and become S '+Δ δ, send back to centre manager (A) with same cipher mode again, make comparator (A9) unequal when comparing the pre-new random code of retaining (S ') of itself and self, thereby trigger the random code that pseudo-random generator (A6) produces a renewal more again (S ") relatively confirms the course of work so begin one again with above-mentioned same random code; If through the several repetitive cycling, still can not determine down new random code, then stop periodic duty, and send information to manager (A) and user from control device (B), manager (A) also will stop from the enclosed exchanges data relation of control device (B) automatically with the user simultaneously.
Description from control device (B) course of work is as can be seen from above-mentioned manager (A) and user in a word: because after the two is communicated with and finishes exchanges data at every turn, a parameter random code (S) parameter that must be related to when next time being communicated with among the data encrypting and deciphering function of transfer of data exchange changes, thereby whether working properly the preceding exchanges data that once is communicated with is, to be related to next time and be communicated with and normally to carry out, so the equilibrium state of the one-time pad self-loopa encipherment protection that normal data exchange is a precondition before just having formed; In case have the internal system unit and the external world that illegal act generations such as exchanges data are arranged; random code (S) parameter that manager (A) and user will be retained mutually from control device (B) misplace [the two is unequal from the random code (S) of controlling device (B) retention promptly to cause random code (S) that manager (A) retains and user]; this dynamic equilibrium that the two self-loopa is encrypted is broken; manager (A) exchanges in the data that next can't carry out under the encryption condition again from control device (B) mutually with the user; just provide direct caution and discovery means when one the invaded back of system and the subscriber unit behavior of initiatively crossing the border managed take place under multiple situation such as aforementioned thus, also provided a kind of direct safeguard measure of stealing of can effectively anti-automatically data after intrusion behavior takes place being continued simultaneously.
Two particular job procedure declarations:
1, particular encryption data access course of work explanation
In order to give full play to the high confidential nature of native system, receive encryption manager data (X from control device (B) the user to data Close) after, can be to a part of particular encryption data earlier without user's unscrambling decoding device (B4) deciphering output, but it directly inputs to particular encryption data storage (B9) and stores by particular encryption data identification controller (B8) identification back control, simultaneously also the data decryption function (fi) and the random code (S that worked at that time of this enciphered data under the stored record together When); Just when need of work, just by input " specific enabled instruction " to particular encryption data identification controller (B8), and under its control, from particular encryption data storage (B9), only read and support those required a part of particular encryption data of current operate as normal and export to user's unscrambling decoding device (B4) [wherein one the tunnel is manager enciphered data (X Close), another road is the data decryption function (fi) and the random code (S that worked at that time of this enciphered data When)], by exporting the work at present of going to support a certain program after its deciphering again.Thisly enciphered data is not all deciphered output; and, just can make the user whole use, obtain anti-copy, anti-piracy protection under the soft-closed encryption handling condition all the time from the data download controlling device (B) and obtain (as software data etc.) just with worked the at that time working method of needed those a part of data of real-time support pattern output.
That 2, encrypts equilibrium state initially sets up course of work explanation
For the user from control device (B) be communicated with first with manager (A) or break down after need the situation of connection again, the initial transition course of work that never equilibrates to balance that establishes of equilibrium state is encrypted in its self-loopa, the method of finishing this process is: by from the checking computing comparator (B2) of controlling device (B) registration switch that is subjected to other physical action could control its conversion (K) being set the user, when it pushes " registration " position, by a cover initialization accreditation process from regulation, synchronously import initial digital verification data from control device (B) and manager (A) respectively to the user, random code data such as (S), and make it just to have set out the static initial value of self-loopa encryption balance between the two with this in the corresponding pre-bit of storage; These static initial conditions are provided with work finish after, switch (K) must be dialled and get back to " return " position, also has only switch (K) when " return " position, the user could recover operate as normal and manager (A) is set up stable equilibrium's attitude of one-time pad each other from control device (B), and finishes corresponding data and add, decipher the exchange work of transmitting.
Manager of the present invention (A) and user are from the specific implementation method of control device (B), remove and to divide by the function of Fig. 2, Fig. 3 block diagram, outside realizing with hardware modes such as electronic circuit, integrated circuits, can also on single-chip microcomputer or in the computer system, realize by the mode of coding software.

Claims (10)

1, a kind of based on the method that realizes data encryption transmission exchange under the one-time pad self-loopa equilibrium state, be to constitute by following workflow:
A, after manager (A) passes through the bidirectional data transfers channel-connectivity with the user from control device (B) both sides, the user will pass to manager (A) from control device (B) and remove sequence code (L) and digital verification number (Z), corresponding reservation poke word verification msg and random code (S) data be retrieved and be extracted to manager (A) will with this sequence code (L) data in user data librarian (A1), digital verification number (Z) according to a self-defining digital verification working procedure of cover and mutual biography comes mutually pre-retained data is calculated and comparatively validate afterwards, judges that with this manager (A) and user are from controlling device (B) legitimacy of identity each other;
If b has a side defective, then will stop mutual further transfer of data exchange, and send alarm;
If the c digital verification is qualified, the random code that will retain separately (S) data parameter substitution data encryption function (F separately then i) and (D j), data decryption function (f i) and (d j) in, and accordingly manager data to be passed (X), user data to be passed (Y) are carried out the enciphering transformation of forward and reverse deciphering conversion respectively by these instant functions that generate, realize the transmission exchange of both sides' data under the encipherment protection state with this;
D, and at the beginning of the encrypted transmission swap data, also can allow the user from control device (B) the pre-approximate number of self retaining in advance (T) be encrypted to pass to manager (A) earlier goes, and allow manager (A) that the pre-approximate number of self retaining in advance (T) is transmitted from control device (B) encryption to the user, and respectively the checking computing comparator (A2) and user rs authentication computing comparator (B2) in separately the retention pre-approximate number (T) whether identically compare, identical then qualified, just can carry out next formal data encryption transmission exchange work, otherwise will send warning information, and stop next step work, finish further checking and protection with this to mutual closure;
E, in the process of encrypted transmission data, arrive the user behind control device (B) for a part of particular encryption transfer of data, by will directly storing in the particular encryption data storage (B9) after particular encryption data identification controller (B8) identification, only when need of work, just read out and satisfy at that time that a part of enciphered data of need of work and be decrypted output for user's unscrambling decoding device (B4) with " specific enabled instruction " control to encrypt form;
F, at manager (A) each time with after the user is communicated with work from control device (B), pseudo-noise code generator (A6) also will produce a new random code (S ') and with other also taken place the agreement verification msg that changes together encrypted transmission to the user from control device (B), and the XOR comparator (B6) of user from control device (B) will compare this new random code (S ') with the random code (S) the existing work use, if the two is identical, then will send out and go to regenerate again (the instruction that S ") passes back; next will repeat above-mentioned relatively deterministic process once more; still identical after repeating for several times; as then will to stop this process; also send warning information to manager (A) and user from control device (B) respectively; of a renewal random code if the two difference to manager (A), then the user sends out to manager (A) from control device (B) and goes new random code (S ') to receive and verify qualified affirmation information, and after manager (A) receives this confirmation, just new random code (S ') and with the agreement verification msg that other has also newly changed deposit in together to should the user from user data librarian (A1) buffer memory of control device (B) sequence code (L), and this work of prestoring finish in to the user from the control device (B) send instruction, allow the new agreement verification msg that has changed of its new random code (S ') that also this has been received and other deposit in synchronously in the buffer memory of subscriber's local data storage (B1), select one of following opportunity:
1. each manager (A) and user finish in the exchanges data from control device (B);
2. manager (A) and user from control device (B) in just be communicated with next time;
3. other self-defined opportunity;
Both sides use new random code (S ') to replace existing separately work random code (S) and other the new agreement verification msg that has changed in memory space more synchronously;
Just formed a complete workflow of the inventive method thus.
2, according to method described in the claim 1, wherein said self-defined digital verification working procedure is to preexist in manager (A) and pre-retention algorithmic function and the reserved data of user from control device (B) respectively by extracting, and digital verification number (Z) substitution that the other side is transmitted this retain in advance separately and carry out computing in the algorithmic function formula, compare with this result who calculates and each comfortable local predetermined computation result, if conform to, then decidable the other side identity is legal, otherwise illegal.
3, according to the described method of claim 1, wherein said manager (A) and user are from controlling device (B) at the beginning of the work of encrypted transmission swap data begins, carry out mutual closure checking with the comparison of pre-approximate number (T), it is characterized in that pre-approximate number (T) is the real number that both sides make an appointment and retain, the random code of reserving in the time of also can utilizing last connection the (S) is served as; If it is qualified that the pre-approximate number (T) that manager (A) transmits from control device (B) encryption the user is verified; prove that then the user externally is that sealing is good from control device (B); same user is qualified from control device (B) pre-approximate number (T) checking that encryption is transmitted to manager (A); prove that then manager (A) externally is that sealing is good; otherwise will send warning information; and stop next step work, also just provided prior protection function simultaneously thus to data to be transferred.
4, according to the described method of claim 1, wherein said user sends new random code (S ') from control device (B) to manager (A) and receives and verify qualified affirmation information, to be the user beaming back this new random code (S ') from control device (B) in that the qualified back of new random code (S ') checking is encrypted to manager (A) again to a kind of feature of confirming the method for this feedback information, the new random code (S ') that comparator (A9) in the manager (A) is then passed this back compares with the new random code (S ') of self previous pre-retention, if the two is identical, just can carry out next step both sides to the stores synchronized of new random code (S ') and replace the work such as (S) of old random code; Otherwise if the two difference, then comparator (A9) will be sent out to pseudo-noise code generator (A6) and go a triggering signal, make it produce a random code more again, and carry out once the above-mentioned course of work again, until repeating to reach qualified with interior for several times, otherwise illustrate that the user has problems from the two the transfer of data exchange of control device (B) and manager (A), and send corresponding alarm prompt.
5, according to the described method of claim 1, wherein said manager (A) and user is characterized in that data encryption function (F from the closed data encryption transmission of the one-time pad of setting up between control device (B) commutative relation i) and (D j), data decryption function (f i) and (d j) in be introduced into each random code (S) parameter all inequality, under the normal condition that both sides' equilibrium state is set up, both sides at every turn can both be automatically this random code (S) synchronously, random code (S) value that manager (A) and user are retained from control device (B) is equal, is objectively just maintaining manager (A) and user from controlling between device (B) encryption function (F one to one thus i) and (D j) and data decryption function (f i) and (d j) data to be transferred is added; the self-loopa dynamic equilibrium of deciphering transmission exchange; in case and this encrypted transmission commutative relation and the third party outside these two set up; then former the two all will change the random code (S) of parameter value after based on each connection; can't be again by containing adding of random code (S) parameter; the corresponding data one by one that decryption function forms adds; the deciphering transmission channel realizes synchronous equivalence; this just makes that former the two equilibrium relation is broken; its mutual data encryption transmission commutative relation also will be blocked automatically; simultaneously former manager (A) and original subscriber from controlling device (B) when linking to each other once more; system will send alarm, has just obtained intrusion behavior externally thus and the back has taken place to one of follow-up data to be transferred defencive function afterwards.
6, method according to claim 5, it is by among control device (B) switch (K) that is subjected to other physical action ability control transformation being set the user that wherein said manager (A) and user encrypt the initial feature of setting up process of equilibrium state from the self-loopa of exchanges data between control device (B), when switch (K) is put " registration " position, the user overlaps accreditation process from control device (B) and manager (A) by self-defining one, synchronously import initial digital verification data respectively, random code (S) data are set out the static initial data of self-loopa encryption equilibrium state between the two thus in the two corresponding bank bit; And only returning " return " position at switch (K), the user could recover the right require 1 described course of normal operation from control device (B), and sets up mutually dynamic balance between the manager (A) and finish corresponding data encryption transmission exchange work.
7, a kind of based on the soft-closed management system of setting up under the one-time pad self-loopa equilibrium state, be that manager (A) is by user data librarian (A1), checking computing comparator (A2), data collector (A3), data extractor (A4), unscrambling decoding device (A5), pseudo-noise code generator (A6), scrambled device (A7), encrypting and decrypting function exam pool manager (A8), comparator (A9) constitutes, the user is from controlling device (B) by subscriber's local data storage (B1), user rs authentication computing comparator (B2), user data transceiver (B3), user's unscrambling decoding device (B4), user data separator (B5), XOR comparator (B6), user encryption encoder (B7), particular encryption data identification controller (B8), particular encryption data storage (B9) constitutes, after it is characterized in that manager (A) and user pass through the bidirectional data transfers channel-connectivity from control device (B) both sides, the user passes to manager (A) by user data transceiver (B3) from control device (B) and removes sequence code (L) and digital verification number (Z), corresponding reservation poke word verification msg and random code (S) data be retrieved and be extracted to manager (A) will with this sequence code (L) data in user data librarian (A1), afterwards according to a self-defining digital verification working procedure of cover and the digital verification data that pass mutually, utilize in the manager (A) checking computing comparator (A2) and the user rs authentication computing comparator (B2) of user from control device (B) to carry out digital operation and compare checking with pre-retained data separately; If there is a side defective, then will stop mutual further transfer of data exchange, if digital verification is qualified, the random code that will retain separately (S) data parameter substitution data encryption function (F separately then i) and (D j), data decryption function (f i) and (d j) in, and accordingly manager data to be passed (X), user data to be passed (Y) are carried out the enciphering transformation of forward and reverse deciphering conversion respectively by these instant functions that generate, realize the transmission exchange of both sides' data under the encipherment protection state with this; Also can allow the user from control device (B) the pre-approximate number of self retaining in advance (T) be encrypted to pass to manager (A) earlier at the beginning of this encrypted transmission swap data goes, and allow manager (A) that the pre-approximate number of self retaining in advance (T) is transmitted from control device (B) encryption to the user, and respectively the checking computing comparator (A2) and user rs authentication computing comparator (B2) in separately the retention pre-approximate number (T) whether identically compare, identical then qualified, just can carry out next formal data encryption transmission exchange work, otherwise will send warning information, and stop next step work; In the process of encrypted transmission data, arrive the user behind control device (B) for a part of particular encryption transfer of data, by will directly storing in the particular encryption data storage (B9) after particular encryption data identification controller (B8) identification, only when need of work, just read out and satisfy at that time that a part of enciphered data of need of work and be decrypted output for user's unscrambling decoding device (B4) with " specific enabled instruction " control to encrypt form; At manager (A) each time with after the user is communicated with work from control device (B), pseudo-noise code generator (A6) also will produce a new random code (S ') and with other also taken place the agreement verification msg that changes together encrypted transmission to the user from control device (B), and the XOR comparator (B6) of user from control device (B) will compare this new random code (S ') with the random code (S) the existing work use, if the two is identical, then will send out and go to regenerate again (the instruction that S ") passes back; next will repeat above-mentioned relatively deterministic process once more; still identical after repeating for several times; as then will to stop this process; also send warning information to manager (A) and user from control device (B) respectively; of a renewal random code if the two difference to manager (A), then the user sends out to manager (A) from control device (B) and goes new random code (S ') to receive and verify qualified affirmation information, and after manager (A) receives this confirmation, the affirmation information that will transmit this is confirmed again, promptly comparing from control device (B) new random code (S ') data of passing back and new random code (S ') data that manager (A), generate before this by the user, when having only the two also identical, just this newly-generated new random code (S ') and with the agreement verification msg that other has also newly changed deposit in together to should the user from user data librarian (A1) buffer memory of control device (B) sequence code (L), and this work of prestoring finish in to the user from the control device (B) send instruction, allow the new agreement verification msg that has changed of its new random code (S ') that also will receive and other deposit in synchronously in the buffer memory of subscriber's local data storage (B1), select one of following opportunity:
1. each manager (A) and user finish in the exchanges data from control device (B);
2. manager (A) and user from control device (B) in just be communicated with next time;
3. other self-defined opportunity;
Both sides use new random code (S ') to replace the new agreement verification msg that has changed of existing separately work random code (S) and other more synchronously;
Just constituted work relationship collaborative mutually between the complete structure of soft-closed management system of the present invention and structure, mutual restriction thus.
8, system according to claim 7, user data librarian (A1) in the wherein said manager (A) and the user subscriber's local data storage (B1) from control device (B) all can retain accordingly synchronously data that both sides make an appointment as: representative of consumer is from the sequence code (L) of control device (B) identifying information, the random code (S) that all will change after each connection the, the data encryption transforming function transformation function (F that contains random code (S) parameter i) and (D j), contain the data decryption transforming function transformation function (f of random code (S) parameter i) and (d j) and other relevant digital verification data, and can realize power down protection.
9, system according to claim 7, wherein said XOR comparator (B6) is to carry out XOR relatively with new random code (S ') that produces and the random code (S) in the existing work, the two is identical, then will to manager (A) send out go to regenerate again one upgrade random code (command information that S ") passes back; the two difference represents that then newly-generated random code (S ') is qualified; can carry out further work, just guaranteed thus manager (A) and user from control device (B) is being communicated with at every turn and mutual transfer of data exchange end after its data encryption function (F i) and (D j), data decryption function (f i) and (d j) all will change, make strict establishment of condition of one-time pad, and form a mutual encryption function and decryption function thus and constantly change and keep tight data encryption transmission protection system under the dynamic equilibrium condition again.
10, system according to claim 7, wherein said user from control device (B) for the storage of a part of particular encryption data with read, also will be when it is characterized in that storing the particular encryption data corresponding with it data decryption function (f i) and the random code (S that worked at that time When) corresponding stored together, the time generally only read those a part of particular encryption data that support worked required at that time in deciphering and give user's unscrambling decoding device (B4), and herein still with the same deciphering output of finishing these particular encryption data of decryption work process of general enciphered data.
CN 01107004 2001-01-03 2001-01-03 Data encryption transmission and exchange method in self-cycle balance state and soft-closed management system Expired - Fee Related CN1232067C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 01107004 CN1232067C (en) 2001-01-03 2001-01-03 Data encryption transmission and exchange method in self-cycle balance state and soft-closed management system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 01107004 CN1232067C (en) 2001-01-03 2001-01-03 Data encryption transmission and exchange method in self-cycle balance state and soft-closed management system

Publications (2)

Publication Number Publication Date
CN1305285A CN1305285A (en) 2001-07-25
CN1232067C true CN1232067C (en) 2005-12-14

Family

ID=4655958

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 01107004 Expired - Fee Related CN1232067C (en) 2001-01-03 2001-01-03 Data encryption transmission and exchange method in self-cycle balance state and soft-closed management system

Country Status (1)

Country Link
CN (1) CN1232067C (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1753359B (en) 2004-09-24 2011-01-19 华为技术有限公司 Method of implementing SyncML synchronous data transmission
CN1808975B (en) * 2006-01-26 2010-09-08 黄涛 System and method of preventing network account from stolen
US8923519B2 (en) * 2009-05-29 2014-12-30 Alcatel Lucent Method of efficient secure function evaluation using resettable tamper-resistant hardware tokens

Also Published As

Publication number Publication date
CN1305285A (en) 2001-07-25

Similar Documents

Publication Publication Date Title
CN108055235B (en) Control method of intelligent lock, related equipment and system
JP2552061B2 (en) Method and apparatus for preventing network security policy violation in public key cryptosystem
EP2697931B1 (en) Qkd key management system
US7155616B1 (en) Computer network comprising network authentication facilities implemented in a disk drive
EP0809379B1 (en) Authentication apparatus according to the challenge-response principle
US6907127B1 (en) Hierarchical key management encoding and decoding
CN100592683C (en) Protected return path from digital rights management dongle
US7685421B2 (en) System and method for initializing operation for an information security operation
CN106534092A (en) Message-based and key-dependent privacy data encryption method
CN111324881B (en) Data security sharing system and method fusing Kerberos authentication server and block chain
US20060195402A1 (en) Secure data transmission using undiscoverable or black data
JPH0363261B2 (en)
JPH05344117A (en) Opposite party certifying/ciphered key distributing system
CN101142599A (en) Digital rights management system based on hardware identification
JPH05103094A (en) Method and apparatus for mutually certifying users in communication system
RU2001130985A (en) Method and device for providing secure transmission of digital data between devices
US8230218B2 (en) Mobile station authentication in tetra networks
US5651066A (en) Cipher key distribution system effectively preventing illegitimate use and charging of enciphered information
CN101938353B (en) Method for remotely resetting personal identification number (PIN) of key device
CN1808975B (en) System and method of preventing network account from stolen
TW201032606A (en) Spectrum authorization and related communications methods and apparatus
JP2003084853A (en) Method and system for preventing copy of programmable gate array
CN1232067C (en) Data encryption transmission and exchange method in self-cycle balance state and soft-closed management system
CN110855622A (en) Method and device for protecting sensitive data transmission of distributed system
JP2541308B2 (en) Confidential database communication method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20051214

Termination date: 20180103