CN101022337A - Network identification card realizing method - Google Patents
Network identification card realizing method Download PDFInfo
- Publication number
- CN101022337A CN101022337A CNA2007100648245A CN200710064824A CN101022337A CN 101022337 A CN101022337 A CN 101022337A CN A2007100648245 A CNA2007100648245 A CN A2007100648245A CN 200710064824 A CN200710064824 A CN 200710064824A CN 101022337 A CN101022337 A CN 101022337A
- Authority
- CN
- China
- Prior art keywords
- authentication
- user
- key
- network
- matrix
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
A method for realizing network ID card includes setting up 600-2000 area certification centers separately according to administrative areas of the country for providing certification on network user ID card at network application server, setting up enciphering-certification unit separately on client computer end and on certification server of area certification center, using cipher key generating algorithm to generate symmetrical cipher key being able to be changed each time on each use and certification password for realizing network real name system.
Description
Technical field:
The present invention relates to information security field, is utilization computer, network, password and chip technology, realizes network identity identification, and the present invention is applicable to the every field of Real-name Registration.
Background technology:
At present; domestic external enwergy solves trustable network promptly fully: the practical product of Real-name Registration problem does not also have; the network authentication product of some manufacturers produce is dangerous; as: password protection; this product is to adopt dynamic password generating algorithm per minute to produce the authenticate password of one group of 6 bit digital; but; the hacker can be by implanting trojan horse and analyzing password protection equipment in certificate server; obtain the starting point of dynamic password generating algorithm and dynamic password; decode the guard system of password protection; the network authentication product of other manufacturers produce; as: PKI/CA sets up cost and the key maintenance cost is all very high; simultaneously, PKI/CA can't solve the network user's scale problem, as: the scale that surpasses 1,000,000,000 network users; PKI/CA can't support; cause the PKI/CA technology not to be used widely, in a word, existing network authentication product all can not satisfy the demand in market.
Summary of the invention:
A kind of implementation method of network identification card is utilization computer network, password and chip technology for each network application server comes recognition network user's identity, and implementation step is as follows:
By domestic administrative region upright 600~2000 regional authentication centers that build together; for each network application server provides authenticating user identification; this network distribution type authentication method is according to user's resident identification card number; determine that regional authentication center makes network user's single-sign-on; use the authentication hardware device the client-side user---based on the cipher key of USB interface built-in intelligence chip or the resident identification card that uses the band intelligent chip promptly: on resident identification card, embed intelligent chip resident identification card and network identification card are united two into one; in each network application server, insert the hard card of band intelligent chip; in the intelligent chip that the domain name and the parameter of all regions authentication center is pre-stored in hard card; the regional authentication center that comes the directs network application server to give appointment with the authenticating user identification task finishes; certificate server end in client-side and regional authentication center is set up encrypted authentication system respectively; the client-side encrypted authentication system is based upon in the intelligent chip of authentication hardware device; the encrypted authentication system of certificate server end is based upon in the intelligent chip of encrypted card; in the encrypted authentication system at client computer and certificate server two ends, set up cover " key seed " matrix and a key schedule; the plain random number that adopts of " key seed " entry of a matrix generates; come a small amount of " key seed " matrix element is chosen and calculated by key schedule; combination generates symmetric key; one time one change; also one time one change of authenticate password with the generation of symmetric key encryption random number; both guaranteed that encrypted authentication system was safe and reliable; and solved this global problem of authentication of identification of network user scale; simultaneously; adopt password promptly: password is discerned the authentication hardware device; adopt the collaborative security strategy of symmetry and asymmetric arithmetic to realize the modification of user cipher; come distributed key by the authentication hardware device; and realize the upgrading of authentication protocol by the network download mode; thereby; set up the perfect network identification card system of a cover; realize Real-name Registration; all processes realizes that with the software and hardware combination concrete grammar is as follows:
1, sets up the distributed authentication center, set up 600~2000 regional authentication centers in the whole nation, be responsible for this area promptly: the user in resident identification card granting area provides online identity identification, network application server is by user's resident identification card number guiding, find the certificate server of regional authentication center, also be the area that resident identification card is authorized by this user location public security department, as: 110108 ..., be Haidian District, Beijing City issuing unit of public security bureau.
2, in network application server, all insert the unified hard card of making of a public security department based on the built-in CPU intelligent chip of api interface, in the intelligent chip of hard card, write district's authentication center's domain name in all parts of the country and regional parameters, as: for the regional parameters of Haidian District, Beijing City is: 110108, use the intelligent chip store data of hard card can prevent that the hacker from distorting domain name and regional parameters, the domain name of regional parameters and regional authentication center is corresponding one by one, as preceding 6 when being 110108 of user's resident identification card number, network application server is delivered to Haidian District, Beijing City authentication center with such user, be responsible for authentication by this authentication center, domain name that the application server end is deposited and regional parameters respectively are: 600~2000 groups, a regional authentication center is a district, county resident or a plurality of district, the resident in county provides network authentication.
3, set up network distribution type authentication center, authentication is provided when surfing the Net for this area resident, the network user's identification also is provided for the network application server in the whole nation, each user's authentication center is fixed, the last any network application server of user all authenticates in fixing authentication center, as long as the public security department of each department runs the authentication center of native system well, just can realize the national network system of real name.
4, at client-side, the authentication hardware device that the user uses is: based on the cipher key of USB interface built-in intelligence chip, perhaps promptly: on resident identification card, embed intelligent chip with the resident identification card of intelligent chip, resident identification card and network identification card are united two into one, an authentication of each user hardware device, if the client-side user uses band intelligent chip resident identification card as the authentication hardware device, the intelligent chip of authentication hardware device and the interface of computer need be transformed, make the intelligent chip of authentication hardware device can insert computer, if the client-side user uses cipher key based on USB interface built-in intelligence chip as the authentication hardware device, the intelligent chip of authentication hardware device and the interface of computer do not need to transform, and directly use USB interface to insert computer.
5, the client-side encrypted authentication system is based upon in the intelligent chip of authentication hardware device, the encrypted authentication system of certificate server end is based upon in the intelligent chip of encrypted card, encrypted card is a hardware device based on the built-in CPU intelligent chip of api interface, inserts a block encryption card in the certificate server of each authentication center.
6, in the intelligent chip of client-side authentication hardware device, write symmetric cryptographic algorithm, asymmetric arithmetic, one group of private key, resident identification card number, user name, password promptly: password, cover " key seed ", symmetric key generating algorithm and an authentication protocol.
7, in the intelligent chip of certificate server encrypted card, write symmetry algorithm, asymmetric arithmetic, private key, one group of symmetric key K
S, symmetric key generating algorithm and authentication protocol, use symmetric key K
SRespectively promptly: password with each user's password, PKI and parameters for authentication such as " key seed " are encrypted to ciphertext, and the resident identification card corresponding with each user number leaves the hard-disc storage district of certificate server together in, key in each certificate server end encrypted card is all inequality, simultaneously, the PKI of certificate server end is left in the hard disk of certificate server, wherein: private key and PKI length all are 1024 or 2048bit, symmetric key length is 128bit, user's resident identification card number is 18 bit digital, username and password promptly: password all is 8~16 bit digital, letter or number and alphabetical mixture.
8, utilize randomizer to produce user " key seed ", guarantee user's's " key seed " production at random, each user has different " key seed " of a cover respectively, every cover " key seed " is the Z group altogether, Z=256~22080, every group 0.5~1 byte, that is: 4~8bit.
9, utilize key schedule that " key seed " chosen and calculated, combination generates symmetric key, key schedule is made up of random number and timestamp and " key seed " matrix, wherein: random number is made up of N position hexadecimal number, N=16~64, random number is changed into (1 * N) random number matrix L, that is: with the hexadecimal random number in N position as the (element of 1 * N) random number matrix L; Timestamp is by forming year, month, day, hour, min clock and second, timestamp is made up of the t bit digital, t is the fetch bit scope of timestamp, t=8~14, as: t=14, timestamp is: " 20070330152030 ", represent 15: 20: 30 on the 30th March in 2007, select C, C=1~100, select 1~12 month, 1~31 day, 1~24 hour, 1~60 minute and 1~60 second, timestamp value: G=C+12+31+24+60+60=C+187.
10, key schedule is as follows:
(1) Z group " key seed " is formed (" key seed " the matrix K K of M * N), M=16~345, N=16~64, the element Z of " key seed " matrix K K
IjAccount for 0.5~1 byte, that is: 4~8bit, wherein: i=0~(M-1), j=0~(N-1), wherein: N<=M, N=M-G+{ (t-2)/2}, " key seed " total amount Z=M * N=256~22080 group, account for 128~22080 bytes, that is: account for 1024bit~176640bit, encrypted authentication system can the leading subscriber amount be at least: 2
1024
(2) it is capable to choose N according to timestamp from " key seed " matrix K K, and the N column element is formed interim " key seed " matrix K K2, with (1 * N) the random number matrix L=(S of random number composition
1, S
2..., S
N), multiply each other with interim " key seed " matrix K K2, obtain (1 * N) cipher key matrix K, K=(k
1, k
2..., k
N),
Definition: " ∧ " representing matrix multiplies each other on mould two territories, and 2 expressions of matrix 1 ∧ matrix: matrix 1 multiplies each other on mould two territories with matrix 2, is that the mould two between matrix 1 and matrix 2 elements adds;
(3) if: L=(S
1, S
2..., S
N),
According to timestamp from " key seed " matrix K K, select (interim " key seed " the matrix K K2 of N * N), that is:
Then:
K=L∧KK2=(k
1,K
2,…,K
N),
Wherein: k
1={ (S
1∧ Y
00) ∧ (S
2∧ Y
10) ∧ ... ∧ (S
N∧ Y
N0),
K
2={〔S
1∧Y
01〕∧〔S
2∧Y
11〕∧…∧〔S
N∧Y
N1〕},
……,
K
N={〔S
1∧Y
0N〕∧〔S
2∧Y
1N〕∧…∧〔S
N∧Y
NN〕};
For example: 1. work as S
1=1100, Y
00=0010, S
2=0101, Y
10=1010,
Ask: (S
1∧ Y
00) ∧ (S
2∧ Y
10) value?
Then: (S
1∧ Y
00) ∧ (S
2∧ Y
10)=(1100 ∧ 0010) ∧ (0101 ∧ 1010)
=(1110)∧(1111)=0001,
For example: 2. get 14 promptly when timestamp: t=14, get that " year " is 10 years in the timestamp, that is: C=10,
Then: timestamp value: G=197 has following relation between " key seed " matrix K K and interim " key seed " the matrix K K2 element:
Y
00Be Z
00~Z
90Totally 10 the row in delegation,
Y
10Be Z
100~Z
210Totally 12 the row in delegation,
Y
20Be Z
220~Z
520Totally 31 the row in delegation,
Y
30Be Z
530~Z
760Totally 24 the row in delegation,
Y
40Be Z
770~Z
1350Totally 60 the row in delegation,
Y
50Be Z
1360~Z
1960Totally 60 the row in delegation,
Y
60=Z
1970,
Y
70=Z
1980,
……,
Y
N0=Z
M0,
More than explanation: the back M-197 of " key seed " matrix K K element is capable capable identical with the back N-6 KK2 element, according to timestamp from " key seed " matrix K K element preceding 197 the row, choose 6 row elements, the back M-197 that gets " key seed " matrix K K element again is capable, it is capable to take out N=M-197+6=M-191 altogether, and the N column element is formed interim " key seed " matrix K K2;
(4) when getting timestamp t=14 position, the corresponding C of row of corresponding " key seed " matrix, that is: C is capable, corresponding 12 months, that is: 12 go corresponding 31 days, that is: 31 row corresponding 24 hours, that is: 24 are gone, corresponding 60 minutes, that is: 60 go corresponding 60 seconds, that is: 60 go, " key seed " the matrix K K that forms is that M is capable, the N row, wherein: N=M-G+{ (t-2)/2}=M-(C+12+31+24+60+60)+6=M-C-181;
(5) when getting timestamp t=14 position, the 1st~C of " key seed " matrix K K element is got 1 row in capable, get 1 row in (C+1)~(C+12), get 1 row in (C+12+1)~(C+12+31), get 1 row in (C+12+31+1)~(C+12+31+24), get 1 row in (C+12+31+24+1)~(C+12+31+24+60), get 1 row in (C+12+31+24+60+1)~(C+12+31+24+60+60), get 6 row altogether, again with " key seed " matrix K K element (C+12+31+24+60+60)+element that 1}~M is capable all takes out, form interim (" key seed " the matrix K K2 of N * N), wherein: from the preceding C+12+31+24+60+60 of " key seed " matrix K K element is capable, take out 6 row;
(6) element with cipher key matrix K merges as key, because interim " key seed " matrix K K2 and all one time one changes of random number chosen, also one time one change of key that generates, also one time one change of authenticate password with this secret key encryption random number generation, thereby, improve the safe class of encrypted authentication system, if key length surpasses 128bit, then carrying out the folding contraposition mould two again in front and back adds, that is: getting preceding 128bit secret key bits adds with back 128bit secret key bits contraposition mould two, if the not enough 128bit of back secret key bits, insufficient section " 0 " polishing.
11, the cipher key matrix K that random number matrix L and interim " key seed " matrix K K2 multiply each other and obtain, each element of two matrixes all participates in calculating, the cipher key matrix K that obtains is by calculating, it or not the individual element of choosing interim " key seed " matrix K K2, simultaneously, the generation of " key seed " matrix K K2 temporarily is the timestamp that becomes by a time, the capable combination of element of " key seed " matrix K K chosen, has randomness, also one time one change of interim " key seed " matrix K K2 that generates, the variable quantity of every day is: 12 * 31 * 24 * 60 * 60, that is: 32140800, thereby prevent that the hacker is by to choosing parameter in a large number: the analysis of timestamp and random number obtains the element of interim " key seed " matrix K K2 and " key seed " KK, attacks this key schedule system.
12, with the symmetric key K that leaves in the encrypted card intelligent chip
S, the respectively password (password) of encrypting user, PKI and " key seed ", wherein: the method for encrypting " key seed " is: use symmetric key K
S1~(C+12+31+24+60+60) row with " key seed " matrix K K element is encrypted to the ciphertext element by row respectively, uses symmetric key K again
SThe capable order up and down by row of (C+12+31+24+60+60)+1 row~M of " key seed " matrix K K element is encrypted to the ciphertext element, thereby, guarantee the speed of " key seed " matrix K K2 element deciphering temporarily in verification process, wherein: specifically preceding how many row of " key seed " matrix K K element are used symmetric key K respectively
SEncrypt, also need to decide,, need to use symmetric key K if timestamp is got the t=8 position according to timestamp
SEncrypt the behavior of " key seed " matrix K K element respectively: 1~(C+12+31) row, that is: preceding M-N+{ (the t-2)/2} row element of " key seed " matrix K K element.
13, leave the symmetric key K of the parameters for authentication of encrypting user in the encrypted card intelligent chip in
SConstant, the key management cost is low like this, because " key seed " is to be produced by random number functions, has randomness, and PKI and password do not have the readability of literal yet, and whether the result that the code breaker can't confirm to decode these parameters is correct, therefore, even symmetric key K
SConstant, the hacker can not decode these parameters for authentication.
14, in each user's authentication hardware device intelligent chip, only need to deposit a spot of " key seed " promptly: M * N organizes " key seed ", account for intelligent chip memory space 0.128K~22K byte, that is: account for 1024bit~176640bit, just can make up and generate 2
128Kind different keys for the user provides the network access authentications of decades, utilizes 1024bit~176640bit " key seed ", and encrypted authentication system can manage 2 at least
1024The above network user; in the certificate server of regional authentication center, back up " key seed " of 1.28G~220G byte; just can provide network access authentication for 1000 general-purpose families; construction cost is low; simultaneously; solve this global problem of userbaseization of network identification card system; the combination key system also solves the difficult problem that symmetric key upgrades cost; this network distribution certification mode need be in the parameters for authentication of different authentication center stores same subscriber; it is few to take resource; and the PKI/CA technology must be at the certificate of different authentication center stores same subscriber promptly: unified certificate; it is many to take resource; simultaneously, the PKI/CA technology also need be carried out cross-certification between different authentication centers, and efficient is low.
15, behind user's logging in network application server, " click " enters the application system function key, that is: the following operation of needs: transaction, state one's views or login internal office work system etc., client computer is sent authentication request, and the resident identification card that sends the user is number to network application server, after network application server is received, in preceding 6 intelligent chips that send hard card with resident identification card number, and and be pre-stored in regional parameters contrast in the hard card intelligent chip, after finding corresponding regional parameters and domain name, network application server is given the regional authentication center that this user's resident identification card is issued licence public security department with the authenticating user identification task, be responsible for this user's identity is discerned by the certificate server of this area authentication center, encrypted authentication system according to resident identification card number with interim authentication center of the regional authentication center of correspondence as each network application server, for network application server provides authentication service, realize user's single-sign-on application system, simultaneously, the user who authenticates in each department authentication center fixes, the user who logins on each network application server is unfixed and unknown, this network distribution type certification mode is opening, and the network authentication system of PKI/CA framework, the user of authentication center and network application server all be fix with known, the PKI/CA certification mode is case type.
16; after client computer is sent authentication request; encrypted authentication system at first points out the user to import username and password; after the user imports username and password; encrypted authentication system is imported username and password in the intelligent chip of authentification of user hardware device; with the username and password contrast that prestores in the intelligent chip; if it is incorrect; this authentication hardware device can not use; if it is correct; then continue to carry out authentication protocol; the intelligent chip of this authentication hardware device sends authentication request; and send resident identification card number to network application server; setting up the username and password Verification System, is that username and password is inoperative in the network ID authentication process for the authentication hardware device of protecting client-side is not used by other people.
17, user network authentication process is:
(1) certificate server is received user ID---behind the resident identification card number, encrypted authentication system generation time stamp and random number are also issued client computer, authentication protocol in the client-side authentication hardware device intelligent chip, select N * N element in the element according to timestamp " key seed " matrix K K from be pre-stored in intelligent chip, form interim (" key seed " matrix K K2 of N * N), again random number is changed into (1 * N) random number matrix L, the random number matrix L is multiplied each other with interim " key seed " matrix K K2, obtain cipher key matrix K, the element of cipher key matrix K is merged into key, come encrypted random number to obtain authenticate password 1, authenticate password 1 is sent to certificate server, wherein: since one time one change of key that produces, also one time one change of authenticate password 1 that encrypted random number generates;
(2) after certificate server is received authenticate password 1, number find the element ciphertext of corresponding " key seed " matrix K K according to resident identification card, from " key seed " matrix K K, select N * N group element according to timestamp and form interim " key seed " matrix K K2, interim " key seed " matrix K K2 is imported in the intelligent chip of encrypted card, with the element key K of KK2
SBe decrypted into expressly, again random number is imported in the intelligent chip, and change into (1 * N) random number matrix L, multiply each other with interim " key seed " matrix K K2 with the random number matrix L and to obtain cipher key matrix K, the element merging of cipher key matrix K is obtained key, obtain authenticate password 2 with this secret key encryption random number, whether contrast authenticate password 1 is identical with authenticate password 2 in intelligent chip, differentiates user's identity.
18, the upgrading of authentication protocol, the authentication protocol by after will upgrading from the certificate server of regional authentication center downloads in the intelligent chip of authentification of user hardware device.
19, the user wants the authentication hardware device of log on identity card, the user at first is with resident identification card to public security department's log on identity card, the user receives the authentication hardware device---based on the cipher key of USB interface built-in intelligence chip, or the resident identification card of band intelligent chip, in the intelligent chip of authentication hardware device, prestore: authentication protocol, resident identification card number, user name, password, " key seed ", one group of private key and key schedule etc.
20, public security system is set up the flow process of network identification card authentication hardware device and is, in the intelligent chip with authentication protocol, resident identification card number and user name input authentication hardware device, randomizer in the authentication hardware device intelligent chip produces " key seed " and password promptly automatically: password, encrypted authentication system generates a pair of public and private key and private key is left in the intelligent chip of authentication hardware device, and user name, resident identification card number, password, " key seed " and one group of public and private key etc. are backed up in the server of public security department.
21, setting up regional authentication center certificate server flow process is, certificate server end in each department authentication center is set up encrypted authentication system promptly: insert encrypted card, write symmetry algorithm, asymmetric arithmetic, private key, one group of symmetric key K in the intelligent chip of encrypted card
S, symmetric key generating algorithm and a cover authentication protocol, with the symmetric key K in the encrypted card intelligent chip
SEach user's of this area password, PKI and " key seed " are encrypted to ciphertext, and number leave the hard-disc storage district of certificate server together in corresponding resident identification card, the certificate server end is not deposited user name.
22, the user is if lose the authentication hardware device, go the sales counter of local public security department to report the loss, and show residence booklet or say user cipher and resident identification card number, the certificate server system manager of public security department uses power user's authentication hardware device, login the certificate server of regional authentication center, whether resident identification card number and the password of examining the user be correct, if it is incorrect, be the disabled user, if it is correct, then remove the parameters for authentication of this user in this area authentication center certificate server, again produce " key seed " for the user, a pair of public and private key and password, user's user name and resident identification card are number constant, user's parameters for authentication are write in the intelligent chip of a new authentication hardware device respectively and in the certificate server of regional authentication center, and the authentication hardware device that will newly change is issued the user.
23, set up the authentication supervisory control system at the certificate server end, encrypted authentication system is considered as used timestamp and string at random the hacker and " acts as fraudulent substitute for a person ", prevents that the hacker from utilizing " playback " attack encrypted authentication system.
24, when the user need revise password, the certificate server of login local district authentication center of user elder generation, select to revise the password button key again, the user imports new password twice, the client encrypt Verification System at first is stored in new password in user's the authentication hardware device intelligent chip, the public key encryption new password of invokes authentication server end again, the ciphertext of new password is sent to the certificate server end, the certificate server end is in the intelligent chip of encrypted card, with the plaintext that obtains password after the decrypt ciphertext of its private key with new password, use symmetric key K again
SPassword encryption is become ciphertext, and alternative original code leaves this user's parameters for authentication memory block in.
25, forgotten and to have given for change when user's password, the user holds the sales counter that the authentication hardware device goes to local public security department, the certificate server system manager of public security department uses power user's authentication hardware device, logins the certificate server of regional authentication center, for the user gives password for change.
Description of drawings:
Fig. 1: the process journey figure of network identification card
Fig. 2: the flow chart that the foundation of key schedule and cipher key combinations generate
Embodiment:
Performing step below in conjunction with the description of drawings network identification card:
Fig. 1: the verification process that network identification card is described, application server 1~n platform is arranged in the network at home, n>1,000 ten thousand, certificate server 1~m platform is arranged, m=600~2000, user b position is arranged, b>200,000,000, when user a logging in network application server u also intends entering application system, as: bank transfer or virtual property trade etc., or enter the internal office work system, user a will authenticate hardware device and insert client computer and import username and password promptly: password, encrypted authentication system is with the username and password contrast that prestores in the username and password of user a input and the authentication hardware device intelligent chip, if it is incorrect, then this authentication hardware device can not use, if it is correct, then continue to carry out authentication protocol, this authentication hardware device sends resident identification card number to network application server u, the user network authentication tasks is given to the certificate server v of this resident identification card location authentication center according to the resident identification card network application server u of user a, after certificate server v receives resident identification card number, produce one group of random number and timestamp at once and send to client-side, the client-side authentication protocol generates one group of symmetric key according to the two combination, become ciphertext promptly random number encryption: authenticate password 1, and authenticate password 1 sent to certificate server v, certificate server v number finds corresponding " key seed " matrix K K according to the resident identification card of user a, according to timestamp the element of " key seed " matrix K K is chosen, generate interim " key seed " matrix K K2, and in the intelligent chip of the encrypted card of " key seed " matrix K K2 input temporarily, use symmetric key K
SThe element of " key seed " matrix K K2 is decrypted into expressly temporarily, multiply each other with it with the random number matrix L again and obtain cipher key matrix K, element with cipher key matrix K is merged into symmetric key, and encrypted random number generates authenticate password 2, whether contrast authenticate password 1 is identical with authenticate password 2 in intelligent chip, whether the identity of determining user a is legal, certificate server v tells authentication result network application server u at last, the authentication result that network application server u provides according to certificate server v, whether decision allows user a to enter application system.
Fig. 2: the foundation of key schedule and method and the process that combination generates key are described, getting timestamp is 12, that is: get timestamp be year, month, day, the time and minute, getting the timestamp middle age is 50 years, that is: C=50, getting random number is 32 hexadecimal numbers, get " key seed " Z=M * N group, every group 0.5 byte is total to 4bit, then: the element corresponding with timestamp is capable in " key seed " matrix K K element has G=C+12+31+24+60=177 capable, wherein: M=204, N=32, if: the scope in 50 years is in the timestamp: 2007~2056
Then: set up (204 * 32) " key seed " matrix K K, the element of " key seed " matrix K K is: 204 row, and 32 row, that is:
If: the timestamp that encrypted authentication system generates is: 200703301520, that is: in 2007 on March 30,15: 20, the random number that encrypted authentication system generates at random is: S
1, S
2..., S
32,
Then: according to timestamp the element of " key seed " matrix K K is chosen, selected 32 row, 32 column elements are formed interim " key seed " matrix K K2, that is:
Wherein: the element of interim " key seed " matrix K K2 is: A
20070, A
2007..., A
200731, B
30, B
31..., B
331, C
300, C
301..., C
3031, D
150, D
151..., D
1531, E
200, E
201..., E
2031, Z
50, Z
51..., Z
531..., Z
310, Z
311..., Z
3131,
Random number is changed into (1 * 32) random number matrix L=(S
1, S
2..., S
32), interim " key seed " matrix K K2 multiplies each other with (32 * 32)---and " ∧ " obtains (1 * 32) cipher key matrix K=(k
1, k
2..., k
32), that is: K=L ∧ KK2, wherein:
k
1=(S
1∧A
20070)∧(S
2AB
30)∧(S
3∧C
300)∧(S
4∧D
150)∧(S
5∧E
200)∧(S
6∧Z
50)∧…∧(S
32∧Z
310),
k
2=(S
1∧A
20071)∧(S
2∧B
31)∧(S
3∧C
301)∧(S
4∧D
151)∧(S
5∧E
201)∧(S
6∧Z
51)∧…∧(S
32∧Z
311),……,
k
32=(S
1∧A
200731)∧(S
2∧B
331)∧(S
3∧C
3031)∧(S
4∧D
1531)∧(S
5∧E
2031)∧(S
6∧Z
531)∧?…∧(S
32∧Z
3131),
At last, the element of cipher key matrix K is merged as key,, with the secret key bits of overage, add, if the not enough 128bit of the secret key bits of overage then uses " 0 " polishing with the folding back contraposition of preceding 128bit secret key bits mould two if key length surpasses 128bit.
Claims (10)
1, a kind of implementation method of network identification card is utilization computer network, password and chip technology for each network application server comes recognition network user's identity, and implementation step is as follows:
By domestic administrative region upright 600~2000 regional authentication centers that build together; for each network application server provides authenticating user identification; this network distribution type authentication method is according to user's resident identification card number; determine that regional authentication center makes network user's single-sign-on; use the authentication hardware device the client-side user---based on the cipher key of USB interface built-in intelligence chip or the resident identification card that uses the band intelligent chip promptly: on resident identification card, embed intelligent chip resident identification card and network identification card are united two into one; in each network application server, insert the hard card of band intelligent chip; in the intelligent chip that the domain name and the parameter of all regions authentication center is pre-stored in hard card; the regional authentication center that comes the directs network application server to give appointment with the authenticating user identification task finishes; certificate server end in client-side and regional authentication center is set up encrypted authentication system respectively; the client-side encrypted authentication system is based upon in the intelligent chip of authentication hardware device; the encrypted authentication system of certificate server end is based upon in the intelligent chip of encrypted card; in the encrypted authentication system at client computer and certificate server two ends, set up cover " key seed " matrix and a key schedule; the plain random number that adopts of " key seed " entry of a matrix generates; come a small amount of " key seed " matrix element is chosen and calculated by key schedule; combination generates symmetric key; one time one change; also one time one change of authenticate password with the generation of symmetric key encryption random number; both guaranteed that encrypted authentication system was safe and reliable; and solved this global problem of authentication of identification of network user scale; simultaneously; adopt password promptly: password is discerned the authentication hardware device; adopt the collaborative security strategy of symmetry and asymmetric arithmetic to realize the modification of user cipher; come distributed key by the authentication hardware device; and realize the upgrading of authentication protocol by the network download mode; thereby; set up the perfect network identification card system of a cover, realize Real-name Registration.
2, according to the method for claim 1, it is characterized in that:
Set up 600~2000 regional authentication centers in the whole nation, be responsible for this area promptly: the user in resident identification card granting area provides the network identification, 6 guiding before the resident identification card of network application server by the user number, find the certificate server of regional authentication center, it also is the area that resident identification card is authorized by this user location public security department, as: 110108 ..., be Haidian District, Beijing City issuing unit of public security bureau.
3, according to the method for claim 1 and claim 2, it is characterized in that:
(1) all inserts the unified hard card of making of public security department in the network application server based on the built-in CPU intelligent chip of api interface, in intelligent chip, deposit district's authentication center's domain name in all parts of the country and parameter, domain name and parameter respectively are the M group, M=600~2000, as: the parameter of Haidian District, Beijing City is: 110108, thereby, prevent that the hacker from distorting domain name and parameter in the network application server;
(2) client computer is sent authentication request, and the resident identification card that sends the user is number to network application server, after network application server is received, in preceding 6 intelligent chips that send hard card with resident identification card number, with the parameter comparison that prestores, after finding corresponding parameters and domain name, network application server is given the regional authentication center that this user's resident identification card is issued licence public security department with the authenticating user identification task, be responsible for this user's identity is discerned by the certificate server of this area authentication center, and recognition result is passed to network application server.
4, according to the method for claim 1, claim 2 and claim 3, it is characterized in that:
(1) encrypted authentication system with the interim authentication center as each network application server of the regional authentication center of correspondence, for network application server provides authentication service, is realized user's single-sign-on application system according to resident identification card number;
(2) set up network distribution type authentication center, authentication is provided when surfing the Net for this area resident, the network user's identification also is provided for the network application server in the whole nation, each user's authentication center is fixed, the last any network application server of user all authenticates in fixing authentication center, as long as the public security department of each department runs the authentication center of native system well, just can realize the national network system of real name;
(3) user who authenticates in each department authentication center fixes, the user who logins on each network application server is unfixed and unknown, this network distribution type certification mode is opening, and the network authentication system of PKI/CA framework, the user of authentication center and network application server all be fix with known, PKI/CA network authentication pattern is case type;
(4) this network distribution of the present invention certification mode, need be in the parameters for authentication of different authentication center stores same subscriber, it is few to take resource, and the PKI/CA technology must be at the certificate of different authentication center stores same subscriber promptly: unified certificate, it is many to take resource, simultaneously, the PKI/CA technology also need be carried out cross-certification between different authentication centers, and efficient is low.
5, according to the method for claim 1, it is characterized in that:
Only deposit " key seed " of 0.128K~22K byte in the intelligent chip of each authentification of user hardware device, each user's " key seed " is all different, the all users in this area of backing up in the certificate server of regional authentication center " key seed " amount to: 1.28G~220G byte, just can be for 1000 general-purpose families provide the network access authentication service, it is low to set up cost.
6, according to the method for claim 1 and claim 4, it is characterized in that:
The construction scaleization of network identification card system and cost directly influence this system implementation; the PKI/CA technology of the U.S. can only solve 1,000,000,000 scale users' network authentication; simultaneously; PKI/CA to set up cost huge; the present invention adopts key schedule that a spot of " key seed " matrix element is chosen and calculated; obtain symmetric key, can manage 2
1024The above network user, thereby, solving this global problem of userbaseization that the network identification card system is built, the combination key system also solves symmetric key and upgrades the high difficult problem of cost.
7, according to the method for claim 1 and 4 and 5, it is characterized in that:
(1) " key seed " formed (" key seed " matrix K K of M * N), from " key seed " matrix K K, select the capable N column element of N by timestamp control, form interim " key seed " matrix K K2, coming row to " key seed " matrix K K element to make up according to the timestamp that becomes for a time chooses, reach one time one change, also one time one change of interim " key seed " matrix K K2 of generation;
(2) random number is changed into (1 * N) random number matrix L, multiply each other with interim " key seed " matrix K K2, obtain (1 * N) cipher key matrix K, element with cipher key matrix K is merged into key again, because interim " key seed " matrix K K2 and all one time one changes of random number chosen, the key of generation is one time one change also, with also one time one change of authenticate password of this secret key encryption random number generation, thereby, the safe class of raising encrypted authentication system;
(3) each element all participates in calculating among random number matrix L and interim " key seed " matrix K K2, the cipher key matrix K that obtains is by calculating, it or not the individual element of choosing among the matrix K K2, thereby, prevent that the hacker is by to choosing parameter in a large number promptly: the analysis of timestamp and random number obtains the element of matrix K K and KK2, attacks this key schedule.
8, according to the method for claim 1, claim 4, claim 5 and claim 6, it is characterized in that:
(1) " key seed " is the major parameter that generates key, after " key seed " leaks by hacker's acquisition, the safety of encrypted authentication system will be subjected to serious threat, at client-side user's resident identification card number and corresponding " key seed " thereof are all left in the intelligent chip of authentication hardware device, intelligent chip can prevent that the information that the hacker illegally reads in the intelligent chip from attacking encrypted authentication system;
(2) all will be with the symmetric key K in the certificate server end encrypted card intelligent chip in all users of certificate server end " key seed "
SEncrypt, then each user " key seed " of ciphertext form is left in the hard-disc storage district of certificate server, in the verification process ciphertext of user " key seed " is deciphered in chip, thereby, both guaranteed the storage security of each user " key seed ", and greatly reduced certificate server end encrypted authentication system again and use hardware device stores " key seed "---the construction cost of main parameters for authentication;
(3) according to timestamp t fetch bit scope, M-N+{ (t-2)/2} is capable before the element with " key seed " matrix K K, uses symmetric key K
SBe encrypted to ciphertext in row and separately,, use symmetric key K N-{ (t-2)/2} is capable behind the element of " key seed " matrix K K
SOrder by up-downgoing is encrypted to ciphertext, thereby, guarantee in verification process the speed of " key seed " matrix K K element deciphering temporarily.
9, according to the method for claim 1 and claim 7, it is characterized in that:
(1) at client-side, with user's various parameters for authentication promptly: user name, password promptly: password, resident identification card number, private key and " key seed ", leave in the intelligent chip of authentication hardware device with symmetry algorithm, asymmetric arithmetic, key seed generating algorithm and authentication protocol, data in the intelligent chip can not illegally be read, thereby, the prevent hacker attacks encrypted authentication system of client-side simultaneously, comes distributed key by the authentication hardware device;
(2) at the certificate server end, with user's various parameters for authentication promptly: " key seed ", password and private key symmetric key K
SBe encrypted to ciphertext respectively, number leave certificate server hard-disc storage district together in corresponding resident identification card, thereby, prevent that the hacker from distorting the authentification of user parameter of certificate server end.
10, according to the method for claim 1 and claim 8, it is characterized in that:
At first import username and password when (1) user carries out network authentication, the client encrypt Verification System is transferred to username and password in the intelligent chip of authentication hardware device, compare with the username and password that prestores in the intelligent chip, determine user's identity, validated user can use this authentication hardware device, the disabled user then can not use this authentication hardware device, set up the username and password Verification System, be that username and password is inoperative in the authentication of identification of network user process for the authentication hardware device of protecting client-side is not used by other people;
(2) process of user's modification password is: the user is the certificate server of login local district authentication center at first, select to revise the password button and import new password, the encrypted authentication system of client-side writes new password in the intelligent chip of authentification of user hardware device, the PKI of invokes authentication server end is encrypted new password again, and send to the certificate server end, in the encrypted card intelligent chip of certificate server end with the deciphering of its private key after, use symmetric key K
SPassword encryption is become ciphertext, and alternative original code leaves user's parameter memory block in.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2007100648245A CN101022337A (en) | 2007-03-28 | 2007-03-28 | Network identification card realizing method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2007100648245A CN101022337A (en) | 2007-03-28 | 2007-03-28 | Network identification card realizing method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101022337A true CN101022337A (en) | 2007-08-22 |
Family
ID=38709999
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2007100648245A Pending CN101022337A (en) | 2007-03-28 | 2007-03-28 | Network identification card realizing method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101022337A (en) |
Cited By (27)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2009089764A1 (en) * | 2008-01-10 | 2009-07-23 | Shaohua Ren | A system and method of secure network authentication |
| CN101808089A (en) * | 2010-03-05 | 2010-08-18 | 中国人民解放军国防科学技术大学 | Secret data transmission protection method based on isomorphism of asymmetrical encryption algorithm |
| CN102170450A (en) * | 2011-05-16 | 2011-08-31 | 北京和利时系统工程有限公司 | Key processing method, apparatus and system of train operation control system |
| CN101431410B (en) * | 2007-11-09 | 2011-11-30 | 康佳集团股份有限公司 | Authentication method for network game client and server cluster |
| CN102420798A (en) * | 2010-09-27 | 2012-04-18 | 任少华 | Network authentication system and method thereof |
| CN102859929A (en) * | 2010-04-15 | 2013-01-02 | 通用仪表公司 | Online secure device provisioning with updated offline identity data generation and offline device binding |
| CN102868705A (en) * | 2012-10-24 | 2013-01-09 | 张仁平 | Device for achieving network login certification by using dynamic passwords and using method of device |
| CN103780584A (en) * | 2012-10-22 | 2014-05-07 | 上海俊悦智能科技有限公司 | Cloud computing-based identity authentication fusion method |
| CN103888243A (en) * | 2014-04-15 | 2014-06-25 | 飞天诚信科技股份有限公司 | Seed key safe transmission method |
| CN104735082A (en) * | 2015-04-10 | 2015-06-24 | 山东中孚信息产业股份有限公司 | Login authentication method based on linux system |
| CN104767617A (en) * | 2015-03-06 | 2015-07-08 | 北京石盾科技有限公司 | Message processing method, system and related device |
| CN105187369A (en) * | 2015-06-05 | 2015-12-23 | 杭州华三通信技术有限公司 | Data access method and data access device |
| CN105550603A (en) * | 2008-01-11 | 2016-05-04 | 质子世界国际公司 | Hierarchization of crytographic keys in an electronic circuit and application method and system |
| CN106063308A (en) * | 2014-03-17 | 2016-10-26 | 瑞典爱立信有限公司 | User identifier based device, identity and activity management system |
| CN106411507A (en) * | 2016-09-23 | 2017-02-15 | 杭州华三通信技术有限公司 | Secret key generation method and device |
| CN107070912A (en) * | 2017-04-07 | 2017-08-18 | 许昌学院 | The network security verification method and system of a kind of distributed system |
| CN107124409A (en) * | 2017-04-25 | 2017-09-01 | 新华三技术有限公司 | A kind of access authentication method and device |
| CN107172436A (en) * | 2017-06-09 | 2017-09-15 | 国政通科技股份有限公司 | A kind of method and system of ID card information transmission protection |
| CN107257350A (en) * | 2017-07-28 | 2017-10-17 | 胡祥义 | The offline authentication or method of payment of a kind of " wearable " equipment or mobile phone |
| CN107317679A (en) * | 2017-06-05 | 2017-11-03 | 国政通科技股份有限公司 | A kind of identity card loses the method and system of rear defence swindle |
| CN108370316A (en) * | 2015-10-02 | 2018-08-03 | 韩国框架研究院 | The integral authentication system being authenticated using disposable random number |
| CN108933761A (en) * | 2017-05-25 | 2018-12-04 | 深圳市鑫科蓝电子科技有限公司 | A kind of the control flow encryption method and system of Intelligent hardware product |
| CN108964905A (en) * | 2018-07-18 | 2018-12-07 | 胡祥义 | A kind of safe and efficient block chain implementation method |
| CN110766831A (en) * | 2019-09-29 | 2020-02-07 | 深圳深岚视觉科技有限公司 | Dynamic two-dimensional code generation method and device and storage medium |
| CN111275858A (en) * | 2020-01-22 | 2020-06-12 | 广东快车科技股份有限公司 | Credit granting method and system for voiceprint recognition |
| CN113890730A (en) * | 2021-09-23 | 2022-01-04 | 上海华兴数字科技有限公司 | Data transmission method and system |
| CN114299628A (en) * | 2021-12-29 | 2022-04-08 | 北京万集科技股份有限公司 | Electronic transaction method, device, computer equipment and storage medium |
-
2007
- 2007-03-28 CN CNA2007100648245A patent/CN101022337A/en active Pending
Cited By (40)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101431410B (en) * | 2007-11-09 | 2011-11-30 | 康佳集团股份有限公司 | Authentication method for network game client and server cluster |
| CN101978650B (en) * | 2008-01-10 | 2012-08-15 | 任少华 | A system and method of secure network authentication |
| WO2009089764A1 (en) * | 2008-01-10 | 2009-07-23 | Shaohua Ren | A system and method of secure network authentication |
| CN105550603A (en) * | 2008-01-11 | 2016-05-04 | 质子世界国际公司 | Hierarchization of crytographic keys in an electronic circuit and application method and system |
| US10158482B2 (en) | 2008-01-11 | 2018-12-18 | Proton World International N.V. | Hierarchization of cryptographic keys in an electronic circuit |
| CN101808089A (en) * | 2010-03-05 | 2010-08-18 | 中国人民解放军国防科学技术大学 | Secret data transmission protection method based on isomorphism of asymmetrical encryption algorithm |
| CN102859929A (en) * | 2010-04-15 | 2013-01-02 | 通用仪表公司 | Online secure device provisioning with updated offline identity data generation and offline device binding |
| CN102420798A (en) * | 2010-09-27 | 2012-04-18 | 任少华 | Network authentication system and method thereof |
| CN102170450A (en) * | 2011-05-16 | 2011-08-31 | 北京和利时系统工程有限公司 | Key processing method, apparatus and system of train operation control system |
| CN103780584A (en) * | 2012-10-22 | 2014-05-07 | 上海俊悦智能科技有限公司 | Cloud computing-based identity authentication fusion method |
| CN102868705B (en) * | 2012-10-24 | 2015-07-15 | 陶慧丽 | Device for achieving network login certification by using dynamic passwords and using method of device |
| CN102868705A (en) * | 2012-10-24 | 2013-01-09 | 张仁平 | Device for achieving network login certification by using dynamic passwords and using method of device |
| CN106063308A (en) * | 2014-03-17 | 2016-10-26 | 瑞典爱立信有限公司 | User identifier based device, identity and activity management system |
| CN106063308B (en) * | 2014-03-17 | 2019-11-12 | 瑞典爱立信有限公司 | Device, identity and event management system based on user identifier |
| CN103888243A (en) * | 2014-04-15 | 2014-06-25 | 飞天诚信科技股份有限公司 | Seed key safe transmission method |
| CN103888243B (en) * | 2014-04-15 | 2017-03-22 | 飞天诚信科技股份有限公司 | Seed key safe transmission method |
| CN104767617A (en) * | 2015-03-06 | 2015-07-08 | 北京石盾科技有限公司 | Message processing method, system and related device |
| CN104735082A (en) * | 2015-04-10 | 2015-06-24 | 山东中孚信息产业股份有限公司 | Login authentication method based on linux system |
| CN105187369B (en) * | 2015-06-05 | 2019-03-15 | 新华三技术有限公司 | A kind of data access method and device |
| CN105187369A (en) * | 2015-06-05 | 2015-12-23 | 杭州华三通信技术有限公司 | Data access method and data access device |
| CN108370316A (en) * | 2015-10-02 | 2018-08-03 | 韩国框架研究院 | The integral authentication system being authenticated using disposable random number |
| CN106411507A (en) * | 2016-09-23 | 2017-02-15 | 杭州华三通信技术有限公司 | Secret key generation method and device |
| CN107070912B (en) * | 2017-04-07 | 2020-10-13 | 许昌学院 | Network security verification method and system for distributed system |
| CN107070912A (en) * | 2017-04-07 | 2017-08-18 | 许昌学院 | The network security verification method and system of a kind of distributed system |
| CN107124409B (en) * | 2017-04-25 | 2021-05-14 | 新华三技术有限公司 | Access authentication method and device |
| CN107124409A (en) * | 2017-04-25 | 2017-09-01 | 新华三技术有限公司 | A kind of access authentication method and device |
| CN108933761A (en) * | 2017-05-25 | 2018-12-04 | 深圳市鑫科蓝电子科技有限公司 | A kind of the control flow encryption method and system of Intelligent hardware product |
| CN107317679B (en) * | 2017-06-05 | 2020-01-31 | 国政通科技股份有限公司 | Method and system for preventing fraud after identity cards are lost |
| CN107317679A (en) * | 2017-06-05 | 2017-11-03 | 国政通科技股份有限公司 | A kind of identity card loses the method and system of rear defence swindle |
| CN107172436B (en) * | 2017-06-09 | 2019-11-26 | 国政通科技股份有限公司 | A kind of method and system of ID card information transmission protection |
| CN107172436A (en) * | 2017-06-09 | 2017-09-15 | 国政通科技股份有限公司 | A kind of method and system of ID card information transmission protection |
| CN107257350A (en) * | 2017-07-28 | 2017-10-17 | 胡祥义 | The offline authentication or method of payment of a kind of " wearable " equipment or mobile phone |
| CN107257350B (en) * | 2017-07-28 | 2023-04-07 | 胡祥义 | Offline authentication or payment method of wearable equipment |
| CN108964905A (en) * | 2018-07-18 | 2018-12-07 | 胡祥义 | A kind of safe and efficient block chain implementation method |
| CN110766831A (en) * | 2019-09-29 | 2020-02-07 | 深圳深岚视觉科技有限公司 | Dynamic two-dimensional code generation method and device and storage medium |
| CN110766831B (en) * | 2019-09-29 | 2021-08-20 | 深圳深岚视觉科技有限公司 | Dynamic two-dimensional code generation method and device and storage medium |
| CN111275858A (en) * | 2020-01-22 | 2020-06-12 | 广东快车科技股份有限公司 | Credit granting method and system for voiceprint recognition |
| CN111275858B (en) * | 2020-01-22 | 2022-07-01 | 广东快车科技股份有限公司 | Credit granting method and system for voiceprint recognition |
| CN113890730A (en) * | 2021-09-23 | 2022-01-04 | 上海华兴数字科技有限公司 | Data transmission method and system |
| CN114299628A (en) * | 2021-12-29 | 2022-04-08 | 北京万集科技股份有限公司 | Electronic transaction method, device, computer equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101022337A (en) | Network identification card realizing method | |
| CN101282222B (en) | Digital signature method based on CSK | |
| CN108781161B (en) | Method for controlling and distributing blockchain implementation of digital content | |
| CN108646983B (en) | Processing method and device for storing service data on block chain | |
| CN100432889C (en) | System and method providing disconnected authentication | |
| WO2019165906A1 (en) | Verifiable post-quantum electronic voting system and implementation method therefor | |
| WO2018046008A1 (en) | Storage design method of blockchain encrypted radio frequency chip | |
| CN105103488B (en) | By the policy Enforcement of associated data | |
| CN109450877B (en) | Block chain-based distributed IDaaS identity unified authentication system | |
| KR101659110B1 (en) | Method for authenticating access to a secured chip by a test device | |
| CN110324143A (en) | Data transmission method, electronic equipment and storage medium | |
| US9467293B1 (en) | Generating authentication codes associated with devices | |
| KR20190075771A (en) | Authentication System Using Block Chain Through Distributed Storage after Separating Personal Information | |
| CN109728903B (en) | Block chain weak center password authorization method using attribute password | |
| CN101136750A (en) | Network real-name system implementing method | |
| CN101965574B (en) | Authentication information generation system, authentication information generation method and a client device | |
| JP2001326632A (en) | Distribution group management system and method | |
| EP3395004B1 (en) | A method for encrypting data and a method for decrypting data | |
| CN101420302A (en) | Safe identification method and device | |
| CN101552672A (en) | A method to realize a global network real name system based on ID authentication | |
| CN111460400A (en) | Data processing method and device and computer readable storage medium | |
| KR102163274B1 (en) | Personal information protection system using block chain | |
| CN101777984B (en) | Method and system for secure transaction | |
| CN100431297C (en) | Method for preventing user's pin from illegal use by double verification protocol | |
| CN1980127A (en) | Command identifying method and command identifying method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20070822 |