Embodiment
First embodiment
First embodiment of the invention has been described the example that has only an authorities conducting the examination on the ministry's authorization leading subscriber.
Authorities conducting the examination on the ministry's authorization adopts national public-key cryptosystem SM2 algorithm (compatible RSA Algorithm Based on Public-Key Cryptographic System).
The public key certificate of authorities conducting the examination on the ministry's authorization for example is:
C=(T,id,e,n,g,G)
The note of each parameter of certificate is:
T: time-varying parameter (enrollment time, effective time)
Id: authorization center office parameter (network address, telephone number, identity, authorities conducting the examination on the ministry's authorization sign)
A: authorities conducting the examination on the ministry's authorization is used the cryptographic algorithm information of DSE arithmetic
K: authorities conducting the examination on the ministry's authorization is used the encryption key of DSE arithmetic
G: authorities conducting the examination on the ministry's authorization management information
S: authorities conducting the examination on the ministry's authorization private key
[e, n, g]: authorities conducting the examination on the ministry's authorization PKI system key
[e, n, g, S]: authorities conducting the examination on the ministry's authorization key certificate
The public key certificate of authorized user i for example is:
GCi (licensing to the authorities conducting the examination on the ministry's authorization public key certificate)=(Ti, idi, ei, nim, Gi)
The parameter note of certificate:
Ti: time-varying parameter (enrollment time, effective time, mandate time)
Idi: customer parameter (network address, telephone number, identity, authorization center sign)
Ei: the public key information that the user uses asymmetric cryptosystem to encrypt
Nim: the public modulus of asymmetric cryptosystem PKI
Gi: authorities conducting the examination on the ministry's authorization anti-counterfeiting information
The private key certificate of authorized user i for example is:
Authorization center authorized user private key certificate: [e, n, g, Si]
The parameter note of certificate:
E, n: authorities conducting the examination on the ministry's authorization PKI
G: authorities conducting the examination on the ministry's authorization key code system primitive element
Si: private key for user
Fig. 1 shows the flow chart according to the verification process of first embodiment of the invention.
At step S100, user i generates the authentication parameter of self.To further specifically describe the generative process of the authentication parameter of user i referring to Fig. 2.
At step S105, user j generates the authentication parameter of self.Come performing step S105 to be similar to flow process shown in Figure 2.
At step S110, user i sends to user j to the authentication parameter of oneself.
At step S115, user j sends to user i to the authentication parameter of oneself.
At step S120, user i authenticated user j.Particularly, user i utilizes the authentication parameter of the user j that is received to come authenticated user j.To further specifically describe the process of user i authenticated user j referring to Fig. 6.
At step S125, user j authenticated user i.Particularly, user j utilizes the authentication parameter of the user i that is received to come authenticated user i.Come performing step S125 to be similar to flow process shown in Figure 6.
At step S130, judge that whether user i, j both sides are by authentication.
Fig. 2 illustrates the flow chart of the implementation procedure of step S105 in the verification process shown in Figure 1, i.e. the flow chart of the authentication information generative process of user i.
At step S200, user i produces a random number R i.
At step S205, generate safe entropy information parameters C Ti.
In the first embodiment of the present invention, safe entropy information parameter is a random number R si.
Random number R i or Rsi can adopt multiple mode to generate, and include but not limited to following mode:
(1) can be respectively on the equipment of oneself value be time (year, month, day, hour, min) information of calculating the zero hour real-time clock (RTC) from device systems;
(2) can be the random number that a randomizer produces;
(3) can be a timestamp t
AWith a current r
ANumber of combinations, that is:
R(i,j)=[t
A||r
A]
Timestamp is made up of an optional generation time and expired time, and this delay that will prevent message transmits.Be used to detect Replay Attack now.Present value must be unique in the effective time of message.
(i) current r
ABe the function of Xi (or Xj), work as t
AMinute indicator at 1~15 minute when regional, the binary string that 5 samplings in the every interval of the binary string of Xi (or Xj) are formed is r
A
(ii) work as t
AMinute indicator at 15~30 minutes when regional, the binary string that 7 samplings in the every interval of the binary string of Xi (or Xj) are formed is r
A
(iii) work as t
AMinute indicator at 30~45 minutes when regional, the binary string that 11 samplings in the every interval of the binary string of Xi (or Xj) are formed is r
A
(iv) work as t
AMinute indicator at 45~60 minutes when regional, the binary string that 13 samplings in the every interval of the binary string of Xi (or Xj) are formed is r
A
(4) can be the mixed number that a computation model generates
At step S210, the utilization logical circuit of can recombinating generates safe entropy mixed number STi.
Particularly, according to safety entropy information parameters C Ti and reorganization logical model computationally secure entropy mixed number STi:
STi=CTi(RELOG)
The processing procedure of step S210 will be described in further detail referring to Fig. 3.
At step S215, calculating parameter Xi, Yi.
According to the first embodiment of the present invention, user i calculates Xi and Yi according to following expression.
Xi=g
E*RiMod n expression formula (1)
Yi=Si*g
STi RiMod n expression formula (2)
The parameter that the public key certificate C that parameter e, n in the above expression formula (1), g are authorities conducting the examination on the ministry's authorization is announced.Parameter S i is the private key of user i.
The CTi that the Xi that step S215 calculates, Yi generate with step S205 is as the authentication parameter of user i.
At step S220, calculate the summary of authentication parameter X i, Yi, CTi.
Step S220 can adopt various existing digest algorithms to extract authentication parameter X i, summary info Xim, the Yim of Yi, CTi, CTim.
For example, can adopt hash function is one a group of fixed length, irreversible and unique Hash Value with data compression.Hash hash algorithm commonly used has MD-5 and SHA-1.User i can specify digest algorithm in advance.For example, can be defined as the part of Ai about the information of the employed digest algorithm of user i.Ai can come forth.
Should be pointed out that in other embodiments above-mentioned steps S220 can be omitted, promptly can disregard and calculate summary info Xim, Yim, CTim.
At the step S105 of Fig. 1, similar with the authenticating identity parameter generative process of user i shown in Figure 2, user j produces the authentication parameter of oneself.
User j produces random number R j, sets up safe entropy information parameters C Tj, and calculates:
STj=CTj(RELOG)
Xj=g
e*Rj?mod?n
Yj=Sj*g
STj?Rj?mod?n
Produce authentication parameter X j, Yj, the CTj of user j thus, and the summary of authentication parameter X j, Yj, CTj.
The implementation process of the step S210 of Fig. 2 is described below in conjunction with Fig. 3-5.
The application number that the present inventor proposed on January 8th, 2002 is 02100030.1, denomination of invention is for describing the design philosophy and the execution mode of the logic of can recombinating in detail in the Chinese patent application of " a kind of logic reorganizable circuit ".Above-mentioned patent application was disclosed on July 23rd, 2003, and publication number is CN1431588, was granted patent by Patent Office of the People's Republic of China on January 12nd, 2007.Above-mentioned patent is contained in this paper by reference.
The application further arrives the password field to the recombinated logic circuit application that above-mentioned patent proposes.Can the recombinate encrypted circuit of logic of use is the cryptologic of can recombinating, its design philosophy is: some is set in the cryptologic circuit can be by the reusable functional part of different cryptographic algorithms, and the visible controllable node of some command interface is set in the inside of reusable component with among reusing connection network between the parts, by changing the control coding of these controllable node, can change the internal structure of reusing parts or annexation each other, thereby realize different Password Operations, mate different cryptographic algorithms.
Any one cryptographic algorithm all is to be formed according to necessarily being linked in sequence by a series of basic operation.If A is a cryptographic algorithm, then A can be expressed as:
A=(op
1,1+op
1,2+...+op
1,m1)*(op
2,1+op
2,2+...+op
2,m2)*...*(op
n,1+op
n,2+...+op
n,mn)
Expression formula (3)
Wherein, op
I, j(j=1,2 ..., m i, i=1,2 ..., n) represent basic Password Operations, "+" expression parallel work-flow relation, " * " expression serial operation relation.
By a large amount of cryptographic algorithms is analyzed and is studied, we find that cryptographic algorithm has a notable attribute: a lot of different cryptographic algorithms have same or analogous basic operation composition, and the frequency that same in other words basic operation composition occurs in algorithms of different is very high.
Because multiple cryptographic algorithm often has a lot of same or analogous basic operation compositions, the pairing hardware resource of these basic operation compositions just can be shared by multiple different cryptographic algorithm institute, so we just can overlap logical circuit with less circuit scale structure one and realize multiple algorithm.Can the recombinate design considerations of cryptologic that Here it is.For example, suppose implementation algorithm A
1The set of needed hardware resource is EA
1={ e
1, e
2, e
3, e
4, e
5, implementation algorithm A
2The set of needed hardware resource is EA
2={ e
1, e
3, e
6, e
7, implementation algorithm A
3The set of needed hardware resource is EA
3={ e
2, e
4, e
6, e
8, E then
A1, E
A2, E
A3Union be E=E
A1∪ E
A2∪ E
A3={ e
1, e
2, e
3, e
4, e
5, e
6, e
7, e
8; Owing to comprised implementation algorithm A among the E
1, A
2, A
3Required whole hardware resources, so E can realize A
1, A
2, A
3The scale of three different algorithms and E is less than E
A1, E
A2, E
A3The scale sum, i.e. S (E)<S (E
A1)+S (E
A2)+S (E
A3), S (E)=[S (E in fact
A1)+S (E
A2)+S (E
A3)]-S (e
1)-S (e
2)-S (e
3)-S (e
4)-S (e
6).This example explanation, if we will realize the hardware resource of multiple different cryptographic algorithms stack up (promptly asking union) constitute a cover cryptologic circuit, then this cryptologic circuit can be realized above-mentioned multiple different cryptographic algorithm, and reuse parts (by the employed parts of plural algorithm) owing to often exist in the required resource of multiple different cryptographic algorithms, so the scale of this cryptologic circuit generally is less than the summation of above-mentioned multiple different cryptographic algorithm resource requirements.
By data enciphering/deciphering principle and a large amount of typical cryptographic algorithms are analyzed, we find that the employed basic operation composition of cryptographic algorithm is confined to mostly that displacement, displacement, S box replace, a few action types such as device, XOR, feedback shift register are taken advantage of/added to mould.Therefore along with the increase of cryptographic algorithm number n, it is reused parts and reuses number of times and also can get more and more, thereby the growth rate according to the scale of the cryptologic of resource stacking method structure can be more and more slower, can not cause the unlimited expansion of scale because of the increase of algorithm number n.We can imagine, when n was enough big, we only need increase seldom that scale (perhaps not using the increase scale) just can realize n+1 algorithm.For example, in we recombinated password instance system RELOG_DIGG at 4 algorithm design such as DES, IDEA, Gifford, Geffe, need not increase any resource and just can realize FEAL algorithm and PES algorithm, only needing increases mould 232 adders, just can realize former Soviet states encryption standard GOST.In addition, when n is enough big, to comprise a lot of various types of code components commonly used (so-called code component is meant the parts of realizing basic Password Operations) in the cryptologic circuit that the resource stack of n algorithm constitutes, therefore, we can utilize the new cryptographic algorithm of these existing code component exploitations, in this sense, the cryptologic circuit of can recombinating has certain autgmentability.
Therefore, the logic of can recombinating provides a new approach for data encryption, the reconstitutable characteristic of its internal circuit structure makes its architecture have flexibility to a certain degree, has solved architecture and the unmatched problem of different application demand that traditional rigid body architecture is brought preferably.The employing logic of can recombinating can realize multiple different cryptographic algorithm fast, neatly.For example, the crypto chip of can recombinating can change algorithm at any time easily, reveals or is broken so can prevent cryptographic algorithm effectively.In addition, the crypto chip of can recombinating can replace the crypto chip of polylith at special algorithm, thereby greatly reduces the exploitation and the producing cost of crypto chip.This shows that the crypto chip of can recombinating not only has great economic worth, and have extremely important safe meaning.
Fig. 3 illustrates the basic structure block diagram of the recombinated cryptologic circuit 300 of the first embodiment of the present invention.
The recombinated cryptologic circuit 300 of Fig. 3 receives input CTi 301, Control Parameter CTRL 303, and has output STi 302.
The cryptologic of can recombinating circuit 300 inside comprise the set that can be constituted by the reusable functional part of different cryptographic algorithms, are expressed as E={e
1, e
2..., e
m(m ∈ N).CTRL represents the set that parts constituted that some command interface is visible, controlled, CTRL={ctrl
1, ctrl
2..., ctrl
n(n ∈ N).C represents the set that annexation constituted between above-mentioned functions parts or the controllable component, C={R<a, b〉| R<a, b〉be the annexation of a to b, a, b ∈ E ∪ CTRL}.Determined the cryptologic circuit 300 of to recombinate by E, CTRL, C, be designated as RELOG={E, CTRL, C}.E wherein
i∈ E (i=1,2 ..., m) be called reorganization element, ctrl
i∈ CTRL (i=1,2 ..., n) be called controllable node.
Obviously, the function of the cryptologic of can recombinating circuit 300 will be along with the change of the control signal CTRL303 of controllable node and is changed, if the cryptologic of can recombinating RELOG={E, CTRL, the function that C} can realize is represented with FUNC_RELOG, the set of the control signal of its controllable node correspondence is still represented (for the sake of simplicity with CTRL, later be unlikely to cause under the situation about obscuring, we still are called controllable node with the control signal of controllable node correspondence), then FUNC_RELOG is the function of CTRL, is expressed as
FUNC_RELOG=f (CTRL) expression formula (4)
Under the control of Control Parameter CTRL303, the cryptologic of can recombinating circuit 300 can be reassembled as various logic circuitry (or encrypted circuit), thereby with different logical function (or encryption function) input CTi 301 is become output STi 303.
Fig. 4 illustrates a simple examples of the cryptologic of recombinating shown in Figure 3, wherein can realize different logical functions under the control of CTRL.
In circuit shown in Figure 4, AND2 represents 2 inputs and door, and AND3 represents 3 inputs and door, and OR2 represents 2 inputs or door, and NOT represents not gate, and A, B, C, D are 4 input variables, and F is an output variable.Be provided with 2 controllable node in foregoing circuit, its control signal is designated as CTRL1 and CTRL2 respectively.By CTRL1 is composed with different values with CTRL2, just can change the logic function of foregoing circuit, realize different logical functions.Following table has provided when CTRL1 gets different values with CTRL2, the functional relation that foregoing circuit is realized.
Table 1: the function of the logic realization of recombinating shown in Figure 4
According to the definition of the above-mentioned cryptologic of recombinating, this logical circuit of can recombinating can be described as:
RELOG={E, CTRL, C} expression formula (5)
Wherein, E={AND3, NOT, OR2},
CTRL={AND2_1,AND2_2},C={AND3→AND2_1,NOT→AND2_2,AND2_1→OR2,AND2_1→OR2}。
The function that this logical circuit of can recombinating is realized can be expressed as:
Expression formula (6)
Therefore, can apply different logical functions to input according to CTRL.
Fig. 5 illustrates another simple examples of the cryptologic of recombinating shown in Figure 3, wherein can realize having the logical function of different annexations under the control of CTRL.
Fig. 5 (a) has 3 components A, B, C, enter the C parts behind the output process MUX gating of A and B, input as the C parts, wherein MUX is exactly a controllable node, just can realize two kinds of different annexations by control, respectively shown in Fig. 5 (b) and Fig. 5 (c) to this controllable node.
RELOG={E,CTRL,C}
Wherein, E={A, B, C}, CTRL={MUX}, C={A → MUX, B → MUX, MUX → C}.The function that this logical circuit of can recombinating is realized can be expressed as:
RELOG_FUNC=(A*C)+(B*C) expression formula (7)
Wherein, A*C represents that the output of A is connected to the input of C.
Fig. 4-5 only is the simple examples of recombinated cryptologic circuit 300 shown in Figure 3.The cryptologic of can recombinating circuit 300 can be realized much complicated logical circuit, and as the encrypted circuit that optionally uses one of multiple encryption algorithms.The employed basic operation composition of cryptographic algorithm is confined to mostly that displacement, displacement, S box replace, device, XOR, feedback shift register etc. are taken advantage of/added to mould.By in the cryptologic circuit 300 of can recombinating, suitably designing the basic elements of character such as shift unit, permute unit, S box, linear feedback shift register, and the connection network between these parts, can on the single cryptologic circuit 300 of recombinating, realize the combination in any in DES, IDEA, Gifford, Geffe, AES (AES128, AES192, AES256), GOST, CROR, a plurality of cryptographic algorithm such as MD5, SHA1.More contents about the cryptologic of can recombinating can be referring to for example " computer engineering and application " 23 phases in 2007 " restructural cipher processor inside is connected Network Design and analysis ", Qu Yingjie.
Get back to Fig. 2,,, under the control of CTRL parameter 303, can generate safe entropy hybrid parameter STi 302 from safety entropy parameter CTi 301 with different cryptographic algorithm by using recombinated cryptologic circuit 300 shown in Figure 3 at step S210.
Should be pointed out that in the first embodiment of the present invention CTRL parameter is that user i sets, as the part of user-defined information A i.Particularly, user i can self-defined information Ai.Ai is the information of digest algorithm, selection algorithm and CTRL parameter etc. of algorithm, the use of explanation user i employed DSE arithmetic.For example, user i uses Ai to come the employed digest algorithm of determining step S220.Also for example, user i and authorization center use this information A i to determine the algorithm of private key for user information encryption.Also for example, user i also uses Ai to come the employed CTRL parameter of determining step S205.
Get back to Fig. 1, at step S120, user i authenticated user j is to judge whether user j is validated user.Particularly, user i receives authentication parameter X j, Yj, the CTj of user j, and authentication parameter X j, summary Xjm, the Yjm of Yj, CTj, CTjm.User i uses these parameters that receive to come authenticated user j.
Fig. 6 illustrates the implementation process of the step S120 of Fig. 1.
At step S600, user i utilizes summary Xj m, the Yjm, the CTj m that are received to check authentication parameter X j, Yj, CTj.Particularly, by the information A j of reference user j, user i can know the digest algorithm of user j.User i uses same digest algorithm to calculate authentication parameter X j, summary info Xjm ', the Yjm ' of Yj, CTj, CTjm '.If the summary info Xjm ', the Yjm ' that calculate, CTjm ' are consistent with summary info Xjm, the Yjm, the CTjm that receive, illustrate that then Xj, Yj, CTj are not distorted.Proceed to next step S605.
If checked result is inconsistent, illustrate that then Xj, Yj, CTj information are distorted, user j is not by authentication, and the end verification process.
Should be pointed out that in alternative embodiment the step S220 of Fig. 2 can be omitted, thereby above-mentioned steps S600 can be omitted also, promptly can disregard the calculation summary info, directly enters the processing of S605.
At step S605, user i extracts the CTj of user j, and computationally secure entropy index CKj:
CKj=CTj (RELOG) expression formula (8)
The recombinated cryptologic circuit that uses in step 605 is the circuit identical with recombinated cryptologic circuit shown in Figure 3 300.{ CTRL}303 disposes the cryptologic circuit of can recombinating to use Control Parameter shown in Figure 3.{ CTRL}303 can obtain from the Aj that user j announces Control Parameter.
At step S610, calculate user j and authorize public key certificate GCj '.For example, according to the first embodiment of the present invention, adopt following formula to calculate GCj ':
Xj
CKj/ Y
j eMod n=GCj ' expression formula (9)
At step S615, user i uses step S610 GCj ' that calculates and the public key certificate GCj that user j announces to compare.For example, comprise the idj parameter among the user j certificate GCj, idj comprises the personal information of following user j: network address, telephone number, identity etc.
At step S620, judge whether the information among GCj and the GCj ' is consistent.For example, can judge whether idj among GCj and the GCj ' and the information of idj ' is consistent.If consistent, then the identity of user j has obtained authentication.On the other hand, if information is inconsistent, then user j is not by authentication.
Therefore, even user k fake user j is arranged, because user k does not have the private key Sj of user j, user k can't pass through verification process.
At the step S125 of Fig. 1, user j authenticates user i.The process that user j adopts and process shown in Figure 6 is similar is come authenticated user i.
At the step S130 of Fig. 1, judge that whether user i, j both sides are by authentication.User i, j both sides can carry out subsequent treatment by after the authentication, and the agreement phase that for example enters both sides' key agreement perhaps directly begins transmission information.If either party is not by authentication, then interrupt both parties communication.Control system prompting: disabled user.
The authentication mode that should be pointed out that Fig. 1 is the method that both sides authenticate mutually.Obviously, the present invention also supports the method for folk prescription authentication, i.e. user i authenticated user j, and vice versa.
Second embodiment
The second embodiment of the present invention adopts Fig. 1, Fig. 2, flow chart shown in Figure 6 equally.The difference of second embodiment and first embodiment is step S205 and the step S210 of Fig. 2.
At step S205, the safe entropy information parameters C Ti that user i produces not only comprises random number R si, also comprises user security entropy CSTi, system safety entropy CSKi.Particularly, CTi is shown in following formula:
CTi=CSTi, CSKi, Rsi expression formula (10)
In step S210, adopt above-mentioned safe entropy information parameters C Ti to generate safe entropy hybrid parameter STi.
Fig. 7 shows according to the employed cryptologic circuit 700 of recombinating of the implementation process of the step S210 of second embodiment of the invention.
The cryptologic of can recombinating circuit 700 comprises the user logical circuit Pa that can recombinate of logical circuit Sa and system that can recombinate.
The user logical circuit Sa that can recombinate receives the random number R si of input, according to user security entropy CSTi to can the recombinate configuration of logical circuit Sa of user, output user security entropy mixed number UTi.
The logical circuit Pa that can recombinate of system receives the user security entropy mixed number UTi of input, according to system safety entropy CSKi to can the recombinate configuration of logical circuit Pa of system, output safety entropy mixed number STi.
Safe entropy mixed number STi is used to follow-up authentication calculation of parameter, shown in the step S215 of Fig. 2.
According to another alternative embodiment, safe entropy CST and CSK can be respectively applied for the static coding and the dynamic coding of the logical circuit 700 of can recombinating.
Can the recombinate basic conception of static coding and dynamic coding of logical circuit 700 of at first simple introduction.By a large amount of cryptographic algorithm are analyzed, the inventor finds, have the control of a lot of controllable node to be coded in the algorithm implementation remain unchanged (for example replacing Control Node and S box Control Node), and the control of another part controllable node is coded in and need frequent change (for example read/write register heap Control Node, path Control Node) in the algorithm implementation.According to these characteristics, we are divided into two classes with controllable node, and the controllable node that remains unchanged of will encoding in the algorithm implementation is called static controllable node, will need the frequent controllable node that changes coding to be called dynamic controllable node in the algorithm implementation.For static controllable node, before carrying out, gives algorithm the control that needs coding with special loading instruction, these are coded in the implementation of algorithm and remain unchanged, therefore in the implementation of algorithm, do not need again static controllable node to be controlled, get final product and only need control those dynamic controllable node, saved the space of command word so widely, make every command word can comprise more dynamically control coding, thereby improved the concurrency of operation, accelerated the execution speed of algorithm.
Generally, static controllable node all is the function Control Node, and the path Control Node all is dynamic controllable node.
Fig. 8 is transformed to example with the S box and illustrates that static controllable node and dynamic controllable node combine the situation that control operation is carried out.
In a lot of algorithms, to use the conversion of S box, realize that the conversion of S box then needs to control two class controllable node: Data Source Control Node and transforming function transformation function Control Node.In most of algorithms, the transforming function transformation function of S box is determined, in the implementation of algorithm, will no longer change, but its Data Source but will constantly change in the implementation of algorithm, therefore the transforming function transformation function Control Node with the S box is defined as static controllable node, and its Data Source Control Node is defined as dynamic controllable node, under both combination control, just can realize the conversion of needed S box.
Fig. 8 illustrates the use logic of can recombinating and realizes static controllable node and dynamic controllable node under the situation of S box.
Get back to the step S105 of Fig. 1, identical with the aforesaid operations of user i in the second embodiment of the present invention, user j also sets up safe entropy information parameters C Tj, and uses CTj to calculate the authentication parameter, shown in following expression:
CTj=CSTj, CSKj, Rsj expression formula (11)
STj=CTj (RELOG) expression formula (12)
Xj=g
E*RjMod n expression formula (13)
Yj=Sj*g
STj RjMod n expression formula (14)
Get back to the step S120 of Fig. 1, at second embodiment, user i authenticated user j.
Come performing step S120 based on flow chart shown in Figure 6 equally.At step S605, extract user j safety entropy information parameters C Tj.Shown in expression formula (11): CTj=CSTj, CSKj, Rsj
At step S610, the CTj of use expression formula (11) calculates the public key certificate GCj ' of user j.
The 3rd embodiment
First embodiment, second embodiment have discussed the example of an authorities conducting the examination on the ministry's authorization.The third embodiment of the present invention is discussed the example of three authorities conducting the examination on the ministry's authorizations.
In the 3rd embodiment, support three authorities conducting the examination on the ministry's authorization managed together, user i, j all need to obtain certificates from three authorities conducting the examination on the ministry's authorizations respectively at this moment, but just communication.
Fig. 9 illustrates 3 authorities conducting the examination on the ministry's authorizations: authorization center, administrative center, the managed together user's of network management center schematic diagram.Three certificate granting system fail safes are to be guaranteed by the safety management of the certificate of authority of authorization center, administrative center and network management center.Three authorities conducting the examination on the ministry's authorizations are the supervisor authority information respectively, each other can be respectively and independent mandate.Upgrade when authorizing, authorization message is irrelevant mutually, and during use, authorization message interacts.
The authorization center authorization message comprises: private key for user, safe entropy.
Administrative center's authorization message: safe entropy key
Network management center's authorization message: auxiliary key
For example, at the 3rd embodiment,
Authorization center authorized user private key certificate: [e, n, g, Si];
Administrative center's authorizing secure entropy private key certificate: [e, n, g, Km];
Auxiliary private key certificate is authorized by network management center: [e, n, g, Kn, STi].
The parameter note of above certificate is as follows:
E, n: authorities conducting the examination on the ministry's authorization PKI
G: authorities conducting the examination on the ministry's authorization key code system primitive element
Si: private key for user
Km: safe entropy key
Kn: auxiliary key
STi: safe entropy mixed number
Wherein Km is second office (administrative center) certificate, and Kn is the 3rd office (network management center) certificate.
Figure 10 illustrates the flow chart according to the authentication process of third embodiment of the invention.
At step S1000, user i generates the authentication information Xi of oneself, Yi, CTi.The enforcement of step S1000 can be identical with the implementation process of the step S100 of Fig. 1.
At step S1005, the Kn that user i uses Km that second authorities conducting the examination on the ministry's authorization (administrative center) provides and the 3rd authorities conducting the examination on the ministry's authorization (network management center) to provide comes crypto identity authentication information Xi, Yi, CTi.
Particularly,,, after algorithm Am execution encryption, form message and send as key by Km*Kn.Algorithm Am can be a symmetric encipherment algorithm, and the information A i of user i comprises the information of indication algorithm Am.If both sides Km*Kn is inconsistent, then can't solve correct authentication information, can not be by authentication.For example, adopt following formula:
C
XY=[A
m]
Km*Kn(X
i, Y
i, CT
i) expression formula (15)
Y wherein
i=S
i* g
STi RiMod n has wherein used safe entropy mixed number STi, obtains STi based on CTi by the logical circuit of can recombinating.
Can adopt first embodiment, wherein CTi is random number R si, and uses recombinated logical circuit shown in Figure 3 300 to obtain STi.Perhaps, can adopt second embodiment, wherein CTi's constitutes CTi=(CST
i, CSK
i, R
Si), and adopt recombinated logical circuit shown in Figure 7 700 to obtain STi.
At step S1010, user i is using Km and Kn to encrypt X
i, Y
i, CT
iResulting C
XYSend to user j.
At step S1015, user j receives the authentication information C of the above-mentioned encryption of user i
XYAfterwards, use Km*Kn deciphering Cxy, can obtain X
i, Y
i, CTi.
At step S1020, user j uses the recombinated logical construction of the same executive system agreement of CTi, can obtain same STi, calculates X again
i STi/ Y
i eMod n=GCi.GCi is the mandate public key certificate information of user i.The enforcement of step S1020 can be identical with the implementation process of the step S125 of Fig. 1.
In the 3rd embodiment, the process of user i authenticated user j and process shown in Figure 10 are similar.
Although should be pointed out that the 3rd embodiment is example with 3 authorities conducting the examination on the ministry's authorizations, the invention is not restricted to this.The present invention can be applied to and single authorize system, two mandate system and more than the mandate system of 3 authorities conducting the examination on the ministry's authorizations.A plurality of authorities conducting the examination on the ministry's authorizations are the supervisor authority information respectively, each other can be respectively and independent mandate.Upgrade when authorizing, authorization message is irrelevant mutually, and during use, authorization message interacts.In many ways authorize system to make the secret information of safety communication, can reduce the complexity of secret information management and the fail safe of management respectively by a plurality of system managements.
Although with first, second, third embodiment is that example is introduced inventive concept of the present invention respectively, those skilled in the art can make up the part or all of of above-mentioned first to the 3rd embodiment fully.
Figure 11 shows the structured flowchart of the authenticating device be used to realize above first to the 3rd embodiment.
The authenticating device 1100 of Figure 11 comprises: randomizer 1101, safe entropy parameter generator 1102, the cryptologic of can recombinating circuit 1103, authentication parameter generating apparatus 1104, receiving/transmitting device 1105, authentication parameter calculation apparatus 1106, comparator 1107, memory 1108.
Randomizer 1101 is used to produce random number R i.Randomizer can adopt variety of way to realize, for example utilizes noise to produce, and perhaps utilizes timestamp t
AWith current r
AProduce, shown in the step S205 of Fig. 2.
Safe entropy parameter generation device 1102 is used to produce safe entropy parameter CTi.
When realizing the first embodiment of the present invention, CTi is a random number R si, and therefore safe entropy parameter generation device 1102 can be implemented as a randomizer.
When realizing the second embodiment of the present invention, CTi comprises random number R si, user security entropy CSTi, system safety entropy CSKi.
The cryptologic of can recombinating circuit 1103 can be under the control of Control Parameter CTRL, based on the CTi of input, output safety entropy mixed number STi.
According to the first embodiment of the present invention, the cryptologic of can recombinating circuit 1103 selects one of a plurality of cryptographic algorithm to encrypt the Rsi of input under the control of Control Parameter CTRL, then output safety entropy mixed number STi.
According to a second embodiment of the present invention, the cryptologic circuit 1103 of can recombinating comprises user's logical circuit and system logical circuit of can recombinating of can recombinating.User security entropy CSTi and system safety entropy CSKi are respectively applied for the configuration user of logical circuit 1103 logical circuit and the system logical circuit of can recombinating of can recombinating of can recombinating.
According to alternative embodiment of the present invention, user security entropy CSTi and system safety entropy CSKi are respectively applied for configuration can the recombinate static coding and the dynamic coding of logical circuit 1103.
Authentication parameter generating apparatus 1104 generates the first authentication parameter of the first user i based on described random number R i, safe entropy parameter CTi, safe entropy mixed number STi.
For example, the step S215 of employing Fig. 2 generates the authentication parameter of user i.Shown in expression formula (1), (2):
Xi=g
e*Ri?mod?n
Yi=Si*g
STi?Ri?mod?n
The CTi that Xi, Yi generate with safety entropy parameter generation device 1102 is as the authentication parameter of user i.
R-T unit 1105 is used for the first authentication parameter of the first user i is sent to second user authentication device, and the second authentication parameter that receives the second user j from second user authentication device.In addition, R-T unit 1105 can also receive out of Memory from authorities conducting the examination on the ministry's authorization, for example the public key certificate GCj of second user announcement.Should be pointed out that R-T unit 1105 can obtain any available information, and be not limited to the above data that list.
Authentication information calculation element 1106 is used for calculating the public key certificate GCj ' of the second user j from the second authentication parameter that receives.The authentication information calculation element can adopt step S600 shown in Figure 6, S615, S610 to calculate the authentication information GCj ' of user j.Shown in expression formula (9),
Xj
CKj/Y
j e?mod?n=GCj’
Comparison means 1107 is used for the public key certificate GCj that the public key certificate GCj ' that comparison authentication information calculation element 1106 calculates and second user announce, whether consistent, to authenticate second user if checking both.
Memory 1108 is used to store the public key certificate GCi that is distributed for user i by first authorities conducting the examination on the ministry's authorization, and described public key certificate GCi comprises the customer parameter idi of user i at least.Should be pointed out that memory 1108 can store any available information, and be not limited to the above data that list.For example, memory 1108 can be stored any data that authorities conducting the examination on the ministry's authorization sends, and can also store any data that receive from other user authentication device.
Should be pointed out that above method and apparatus of the present invention not only can be applied to user's authentication, can also be applied to cipher key change, key agreement, public keys calculating between the user etc.
The application number that the present inventor proposed on January 8th, 2002 is 02100030.1, denomination of invention is for describing the design philosophy and the execution mode of the logic of can recombinating in detail in the Chinese patent application of " a kind of logic reorganizable circuit ".Above-mentioned patent application was disclosed on July 23rd, 2003, and publication number is CN1431588, was granted patent by Patent Office of the People's Republic of China on January 12nd, 2007.Above-mentioned patent is contained in this paper by reference.
Should be pointed out that and to realize method and system of the present invention in many ways.For example, can realize method and apparatus of the present invention by any combination of software, hardware, firmware or software, hardware, firmware.The said sequence that is used for the step of described method only is in order to describe, and the step of method of the present invention is not limited to above specifically described order, unless otherwise specify.In addition, in certain embodiments, can be the program that is recorded in the recording medium also with the invention process, these programs comprise the machine readable instructions that is used to realize the method according to this invention.Thereby the present invention also covers the recording medium that storage is used to carry out the program of the method according to this invention.
Though specific embodiments more of the present invention are had been described in detail by example, it should be appreciated by those skilled in the art that above example only is in order to describe, rather than in order to limit the scope of the invention.It should be appreciated by those skilled in the art, can under situation about not departing from the scope of the present invention with spirit, above embodiment be made amendment.Scope of the present invention is limited by claims.