CN101296077A - Identity authentication system based on bus type topological structure - Google Patents

Identity authentication system based on bus type topological structure Download PDF

Info

Publication number
CN101296077A
CN101296077A CNA2007100490034A CN200710049003A CN101296077A CN 101296077 A CN101296077 A CN 101296077A CN A2007100490034 A CNA2007100490034 A CN A2007100490034A CN 200710049003 A CN200710049003 A CN 200710049003A CN 101296077 A CN101296077 A CN 101296077A
Authority
CN
China
Prior art keywords
key
equipment
receiving equipment
topological structure
bus type
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CNA2007100490034A
Other languages
Chinese (zh)
Other versions
CN101296077B (en
Inventor
余有勇
王志辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan Hongwei Technology Co Ltd
Original Assignee
Sichuan Hongwei Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan Hongwei Technology Co Ltd filed Critical Sichuan Hongwei Technology Co Ltd
Priority to CN 200710049003 priority Critical patent/CN101296077B/en
Publication of CN101296077A publication Critical patent/CN101296077A/en
Application granted granted Critical
Publication of CN101296077B publication Critical patent/CN101296077B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The invention discloses an identity authentication system based on bus topology, which utilizes technologies such as DH exchange and digital envelope, etc. for realizing the identity authentication of equipment and safe delivering of cipher codes. When an access system of receiving equipment or the receiving equipment can not decipher date correctly, the identity authentication with transmitting equipment is actively initiated. The transmitting equipment and the receiving equipment utilize a public and private key pair both owned to generate a shared cipher code value; the transmitting equipment utilizes the shared cipher code generated by self to convert a deciphering code and corresponding check code into a cryptograph M, and the receiving equipment utilizes the deciphering cryptograph M of the shared cipher code generated by self to obtain the deciphering code and prove the accuracy. If the receiving and the transmitting party are legal equipment, both equipment can encrypt and decipher normally; otherwise, both equipment can not encrypt and decipher normally and at least one of the equipment is illegal. The system can be used in software and hardware environments, such as digital content protection interface, e-business, banking system, smart card, and identity authentication, etc.

Description

A kind of identity authorization system based on bus type topological structure
Technical field
The present invention is a kind of identity authorization system, specifically to the equipment based on bus type topological structure, by exchanging the system that PKI carries out authentication.
Background technology
In various message transfer systems,, need authenticate participating in identity of entity for the entity that guarantees to participate in information exchange is legal, effectively.For example in military communication, need to confirm the other side's identity, to prevent the leakage of military information information; In internet environments such as ecommerce, need differentiate the other side's identity; In applied environments such as smart card, need the legal validity of access device be authenticated; In the intellectual property field, need by the intellectual property content is encrypted, means such as signature guarantee illegally not stolen.Usually before communicating pair transmitted ciphered data, carry out authentication to equipment all was real, legal and valid with the identity that guarantees communicating pair.If authentication can not be succeedd, then do not carry out transfer of data or can not carry out correct deciphering, to allow protected data information not be subjected to illegal infringement to ciphered data.Data content generally is divided into dual mode in the transmission of equipment room: mode of unicast and broadcast mode.Mode of unicast can be formed (seeing Fig. 1 for details) by the tree topology structure, and broadcast mode can be formed by bus type topological structure.No matter be clean culture or broadcast transmitted mode, before communicating pair transmitted ciphered data, will authenticate with the identity that guarantees communicating pair to equipment usually all be real, legal and valid.If authentication can not be succeedd, then do not carry out transfer of data or can not carry out correct deciphering, to reach the purpose that the protection digital content is not subjected to illegal infringement to ciphered data.When transmitting with mode of unicast, authentication and transmission normally transmit between two interfaces (perhaps equipment), and the data of transmission are different before the deciphering; And during broadcast mode, a transmitting apparatus will authenticate with a plurality of equipment, and content will be transmitted on bus, and the data that all receiving terminals receive all are consistent before and after deciphering.Transmitting apparatus is decrypted with same key by a plurality of equipment with a secret key encryption again, and decruption key will just need the safety that a kind of safe transmission mechanism guarantees decruption key in unsafe channel.
Diffie in 1976 and hellman have proposed the thought of public key cryptography, the new era of having started public key cryptography in " cryptographic new direction ".DH cipher key change in the public-key cryptosystem can solve effectively shares having problems of key, has overcome the deficiency of symmetric cryptosystem.Communicating pair is by parameter value of exchange, and both sides just can produce an identical shared key.Public-key cryptosystem not only can carry out encryption and decryption to data, but also can be used to carry out legitimacy authentication, digital signature of system etc.By contrasting the consistency of the shared key that produces in the cipher key change, just can the legitimacy of equipment be authenticated.
The present invention proposes a kind of brand-new authentication thinking, the identity authentication function of system not only is provided on broadcast channel, and transmit digital content decruption key safely.Illegal equipment can not can not correctly be deciphered protected digit content by correct authentication process.Produce public private key pair by third party authority trust authority by certain algorithm during realization, the value that this algorithm will guarantee behind any two devices exchange PKIs with private key calculates mutually equates that this value is exactly shared key.Transmitting apparatus is with the receiving equipment exchange PKI separately that needs authentication, and both sides go out shared key by identical algorithm computation then.Both sides exchange be the equipment PKI and encrypt after digital content encryption and decryption key, PKI was exactly disclosed originally, so there is not confidentiality to say; And the encryption and decryption key need be deciphered with the shared key that produces, each receiving equipment was both inequality with the shared key that transmitting apparatus produces, can not just calculate out by PKI, also on channel, do not transmit simultaneously, so the transmission of this encryption and decryption key be safe.
Summary of the invention
The purpose of this method is in the topological structure that solves based on bus-type, and transmitting apparatus is with the problems such as safe transmission of the identification of equipment validity between a plurality of receiving equipments, encryption and decryption key.The key problem of this invention is how to guarantee the legitimacy of both sides' equipment and the safe transmission of encryption and decryption key, and equipment validity is based on and can produces identical shared key, and the safe transmission of encryption key is based on the confidentiality of sharing key.
Suppose in a bus type topological structure, to have transmitting apparatus A and receiving equipment i (i ∈ 1,2 ..., N), the authentication process between them following (seeing Fig. 2 for details):
1, when whole transmission system has the authentication demand, transmitting apparatus and each receiving equipment all will carry out authentication, and the sequencing that transmitting apparatus and a plurality of receiving equipment authenticate can carry out according to certain priority or algorithm.
2, authentication beginning, the transceiver both sides exchange the PKI P of oneself AWith P i
3, the transmitting apparatus A PKI P of receiving equipment i iWith the private key S of oneself ACarry out computing according to certain algorithm, obtain a shared key P Key1Equally, the receiving equipment i PKI P of transmitting apparatus A AWith the private key S of oneself iCarry out computing according to same algorithm, obtain a shared key P Key2
4, transmitting apparatus A is with sharing key P Key1Decruption key Key with digital content 1(decruption key that each receiving equipment obtains at last is identical) and a check code (whether be used for the detected transmission process has error code to produce) are encrypted as M, and send to receiving equipment i.
5, receiving equipment i utilizes and shares key P Key2M is decrypted draws Key 2If share key P Key2With P Key1Identical, then can draw decruption key Key 2=Key 1If share key P Key2With P Key1Difference, the decruption key Key that then draws 2≠ Key 1
If 6 Key that decrypt 2=Key 1, then receiving equipment can correctly decrypt digital content, illustrates that also both sides' equipment all is legal simultaneously.If Key 2≠ Key 1, then illustrating in the transceiver both sides, to have an illegality equipment at least, digital content also just can't correctly transmit.
In above authentication process, transmitting apparatus A will carry out exchange of public keys with each receiving equipment i respectively, thereby produces N different shared key.Transmitting apparatus A will send corresponding receiving equipment to respectively with the encryption and decryption key of this N shared secret key encryption digital content.The final resulting decruption key of each receiving equipment is identical, because transmitting apparatus can only be with an encryption keys digital content, receiving equipment also must come decrypts digital content with identical decruption key.It is key issue that the transceiver both sides can calculate identical shared key, and this not only proves the legitimacy of both sides' equipment, can be used for transmitting simultaneously the encryption and decryption key of digital content again.
The new receiving equipment that inserts also can carry out the transmission of authentication and decruption key according to above flow process in the digital content transport process.The existence of any one illegality equipment can not influence the normal reception and the deciphering of other legitimate device, and just illegality equipment can not correctly be deciphered protected digit content.
Description of drawings
Fig. 1 is the topological structure based on bus-type of the present invention
Fig. 2 is the authentication process based on bus type topological structure of the present invention
Embodiment
When concrete operations realized, all parameters of this algorithm were determined by third party trusty authoritative institution.Open a part of parameter, and another part parameter holds in close confidence, and relevant parameters is set in transmitting apparatus and N receiving equipment goes.For for simplicity, present embodiment has been selected P-192 elliptic curve and some simple parameters on the prime field that NIST recommended for use.
At first by the selected elliptic curve parameter of authoritative trust authority (p, a, b, G, n, h) etc.:
Wherein need disclosed parameter to be:
Elliptic curve equation y 2=x 3-ax-b
P=2 192-2 64-1
a=-3(mod?p)=p-3=2 192-2 64-2 2
b=0x?64210519?E59C80E7?0FA7E9AB?72243049?FEB8DEEC?C146B9B1
The parameter that need hold in close confidence is:
G x=0x?188DA80E?B03090F6?7CBF20EB?43A18800?F4FF0AFD?82FF1012
G y=0x?07192B95?FFC8DA78?631011ED?6B24CDD5?73F977A1?1E794811
n=0x?FFFFFFFF?FFFFFFFF?FFFFFFFF?99DEF836?146BC9B1?B4D22831
h=1
Basic point G should be chosen and be holded in close confidence by authoritative trust authority, chooses the basic point parameter G that NIST recommends herein for the sake of simplicity.
Be that transmitting apparatus and N receiving equipment are chosen N+1 ostensible equipment PKI P by authoritative trust authority then A, P 1, P 2..., P N, and P A, P 1, P 2..., P M ∈ [ 1 , n - 1 ] , Value is P in order to calculate simply herein A=P i=1.Calculate scalar and take advantage of P AG, P iG is as follows:
P AG x=0x?188DA80E?B03090F6?7CBF20EB?43A18800?F4FF0AFD?82FF1012
P AG y=0x?07192B95?FFC8DA78?631011ED?6B24CDD5?73F977A1?1E794811
P iG x=0x?188DA80E?B03090F6?7CBF20EB?43A18800?F4FF0AFD?82FF1012
P iG y=0x?07192B95?FFC8DA78?631011ED?6B24CDD5?73F977A1?1E794811
Scalar is taken advantage of P AG and P 1G is allocated as follows as the private key of equipment: public private key pair P AAnd P AG distributes to transmitting apparatus A, public private key pair P iAnd P iG distributes to receiving equipment i.Wherein, private key P AG and P iG holds in close confidence.The authentication process is as follows:
1, transmitting apparatus A sends P A=1 gives receiving equipment i, and receiving equipment i sends P i=1 gives transmitting apparatus A.At P AWith P iOn the bit wide of value is selected, because P A, P 1 ∈ [ 1 , n - 1 ] , So can be chosen as 96 bits.
2, transmitting apparatus A calculates scalar and takes advantage of P iP AG obtains sharing key P Key1Receiving equipment i calculates scalar and takes advantage of P 1P AG obtains sharing key P Key1Result of calculation is as follows:
P key1x=0x?188DA80E?B03090F6?7CBF20EB?43A18800?F4FF0AFD?82FF1012
P key1y=0x?07192B95?FFC8DA78?631011ED?6B24CDD5?73F977A1?1E794811
P key2x=0x?188DA80E?B03090F6?7CBF20EB?43A18800?F4FF0AFD?82FF1012
P key2y=0x?07192B95?FFC8DA78?631011ED?6B24CDD5?73F977A1?1E794811
3, transmitting apparatus A is with P Key1Be key, utilize ECC or RSA scheduling algorithm the encryption and decryption key K Ey1" 0x5FA8D30B " is converted to ciphertext M with the built-in check word, and sends to receiving equipment i.
4, receiving equipment i utilizes and shares key P Key2Decrypting ciphertext M extracts the built-in check word from the plaintext after the deciphering, see whether it is " 0x5FA8D30B ", if then extract the encryption and decryption key K Ey2If not then can not extract correct decruption key K Ey2
If the 5 encryption and decryption key K that decrypt Ey2With the encryption and decryption key K of making a start Ey1Be identical, the authentication success is described so, both sides' equipment all is legal.In the digital content transmissions process, just can use decruption key K Ey2Be correctly decoded out the digital content of receiving equipment i.
If the encryption and decryption key K that decrypts Ey2With the encryption and decryption key K of making a start Ey1Be inequality, illustrate that so authentication is unsuccessful, the transmission that digital content is can not be between receiving-transmitting sides correct.An illegal receiving equipment can not influence the normal reception and the decoding of other legitimate device; But illegal transmitting apparatus will make whole bus-type topological network work normally.

Claims (9)

1, a kind of identity authorization system based on bus type topological structure.It is characterized in that: utilize technological means such as DH cipher key change and digital envelope to realize transceiver both sides' the authentication and the safe transmission of data encrypting and deciphering key.Transceiver produces a shared key by the switching equipment PKI, and the secret key encryption data decryption key is shared in the transmitting apparatus utilization, and the receiving equipment utilization is shared secret key decryption and gone out data decryption key.
2, a kind of identity authorization system based on bus type topological structure according to claim 1 is characterized in that: if transceiver all is legal, then receiving equipment can utilize this decruption key correctly to be decrypted data; Otherwise any one illegal equipment will cause normally carrying out the encryption and decryption of data.
3, a kind of identity authorization system according to claim 2 based on bus type topological structure, it is characterized in that: the public private key pair of transceiver presets, and utilizes the private key of oneself and the pact of method, apparatus is generated a shared key; If transceiver all is legal, then the shared key that generates of both sides is identical, and this is that generating algorithm by public private key pair guarantees.
4, a kind of identity authorization system based on bus type topological structure according to claim 3 is characterized in that: the triggering of authentication is when receiving equipment connecting system or receiving equipment can't correctly be decrypted, and is triggered by receiving equipment.
5, a kind of identity authorization system based on bus type topological structure according to claim 4 is characterized in that: after having only each receiving equipment all successfully to carry out authentication with transmitting apparatus, just can normally carry out encryption and decryption; Each receiving equipment is different with the shared key that the transmitting apparatus authentication is produced.
6, a kind of identity authorization system according to claim 5 based on bus type topological structure, it is characterized in that: transmitting apparatus is before encrypting decruption key, can behind decruption key, add a check code, be used for receiving equipment the decruption key that decrypts is carried out data check.
7, a kind of identity authorization system according to claim 6 based on bus type topological structure, it is characterized in that: the legitimacy of both sides' equipment is to verify by indirect form, promptly by receiving equipment whether correctly data decryption come whether the judgment device both sides all are legal.
8, a kind of identity authorization system according to claim 7 based on bus type topological structure, it is characterized in that: receiving equipment can be initiated the authentication with transmitting apparatus at any time, and other receiving equipments can normally carry out work.
9, a kind of identity authorization system according to claim 8 based on bus type topological structure, it is characterized in that: the decruption key that transmitting apparatus sends to each receiving equipment all is identical, before the data encryption transmission, this decruption key is to be produced according to certain algorithm by transmitting apparatus, and it all is different at every turn.
CN 200710049003 2007-04-29 2007-04-29 Identity authentication system based on bus type topological structure Expired - Fee Related CN101296077B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 200710049003 CN101296077B (en) 2007-04-29 2007-04-29 Identity authentication system based on bus type topological structure

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 200710049003 CN101296077B (en) 2007-04-29 2007-04-29 Identity authentication system based on bus type topological structure

Publications (2)

Publication Number Publication Date
CN101296077A true CN101296077A (en) 2008-10-29
CN101296077B CN101296077B (en) 2012-07-11

Family

ID=40066113

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200710049003 Expired - Fee Related CN101296077B (en) 2007-04-29 2007-04-29 Identity authentication system based on bus type topological structure

Country Status (1)

Country Link
CN (1) CN101296077B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101826960A (en) * 2010-04-16 2010-09-08 中国电子科技集团公司第二十八研究所 Checking method of real-time transmission encryption and decryption data
WO2010145281A1 (en) * 2009-10-26 2010-12-23 中兴通讯股份有限公司 Method and apparatus for data transmitting
CN102710421A (en) * 2012-06-14 2012-10-03 深圳市中联创新自控系统有限公司 Matched communication method
CN104796262A (en) * 2015-04-27 2015-07-22 上海青橙实业有限公司 Data encryption method and terminal system
CN114124378A (en) * 2021-11-26 2022-03-01 北京神经元网络技术有限公司 AUTBUS bus-based communication method, system, device and medium

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1108041C (en) * 1999-12-01 2003-05-07 陈永川 Digital signature method using elliptic curve encryption algorithm
CN100452695C (en) * 2002-11-29 2009-01-14 北京华大信安科技有限公司 Elliptic curve encryption and decryption method and apparatus

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010145281A1 (en) * 2009-10-26 2010-12-23 中兴通讯股份有限公司 Method and apparatus for data transmitting
CN101707767B (en) * 2009-10-26 2012-09-26 中兴通讯股份有限公司 Data transmission method and devices
CN101826960A (en) * 2010-04-16 2010-09-08 中国电子科技集团公司第二十八研究所 Checking method of real-time transmission encryption and decryption data
CN102710421A (en) * 2012-06-14 2012-10-03 深圳市中联创新自控系统有限公司 Matched communication method
CN104796262A (en) * 2015-04-27 2015-07-22 上海青橙实业有限公司 Data encryption method and terminal system
CN104796262B (en) * 2015-04-27 2018-05-04 上海青橙实业有限公司 Data ciphering method and terminal system
CN114124378A (en) * 2021-11-26 2022-03-01 北京神经元网络技术有限公司 AUTBUS bus-based communication method, system, device and medium
CN114124378B (en) * 2021-11-26 2024-03-08 北京神经元网络技术有限公司 AUTBUS bus-based communication method, system, equipment and medium

Also Published As

Publication number Publication date
CN101296077B (en) 2012-07-11

Similar Documents

Publication Publication Date Title
US11323276B2 (en) Mutual authentication of confidential communication
US10015159B2 (en) Terminal authentication system, server device, and terminal authentication method
CN108199835B (en) Multi-party combined private key decryption method
WO2018236908A1 (en) Secure communications providing forward secrecy
EP2334008A1 (en) A system and method for designing secure client-server communication protocols based on certificateless public key infrastructure
CN102394749B (en) Line protection method, system, information safety equipment and application equipment for data transmission
CN101296075B (en) Identity authentication system based on elliptic curve
US11870891B2 (en) Certificateless public key encryption using pairings
KR20170035665A (en) Apparatus and method for exchanging encryption key
WO2012072704A1 (en) Key transport protocol
CN111614621B (en) Internet of things communication method and system
JP6548172B2 (en) Terminal authentication system, server device, and terminal authentication method
KR101516114B1 (en) Certificate-based proxy re-encryption method and its system
CN103678174A (en) Data safety method, storage device and data safety system
JP2020530726A (en) NFC tag authentication to remote servers with applications that protect supply chain asset management
KR20160020866A (en) Method and system for providing service encryption in closed type network
CN111147257A (en) Identity authentication and information confidentiality method, monitoring center and remote terminal unit
CN101296077B (en) Identity authentication system based on bus type topological structure
US20220038267A1 (en) Methods and devices for secured identity-based encryption systems with two trusted centers
CN111526131B (en) Anti-quantum-computation electronic official document transmission method and system based on secret sharing and quantum communication service station
KR20170087120A (en) Certificateless public key encryption system and receiving terminal
EP3361670B1 (en) Multi-ttp-based method and device for verifying validity of identity of entity
JP4976794B2 (en) Station service system and security communication method
CN114342315B (en) Symmetric key generation, authentication and communication between multiple entities in a network
WO2010076899A1 (en) Broadcast encryption system, sender apparatus, user apparatus, encapsulation/decapsulation method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20120711

Termination date: 20160429