Disclosure of Invention
Aiming at the defects existing in the prior art, the invention provides a method for negotiating an intra-group authentication key in a vehicle-mounted ad hoc network, which comprises the following steps: .
Establishing a dynamic vehicle group according to the China remainder theorem;
The information sender V i in the vehicle group signs the information by using private key information, and the information receiver V j authenticates the identity of the information sender V i by using public key information in the signed information; after the information sender V i and the information receiver V j mutually authenticate the identity, the two communication parties carry out key negotiation according to the semi-swarm of Chebyshev chaotic mapping;
A pseudonym updating mechanism and a private key updating mechanism are adopted to update corresponding pseudonyms and private keys of the vehicle respectively;
The identity of the malicious vehicle is traced through the signature message, and the legal identity of the malicious vehicle is revoked through modifying public key information corresponding to the malicious vehicle.
Preferably, establishing the dynamic vehicle group according to the chinese remainder theorem includes: initializing a trusted center TA; the vehicle-mounted unit OBU and the roadside unit RSU are registered on the TA; the TA builds a dynamic vehicle group according to the registered OBU and RSU by adopting the China remainder theorem.
Further, the process of constructing the dynamic vehicle group is as follows: the trusted center constructs a congruence equation set according to the public key of the vehicle node i and the public key of the roadside unit, and the congruence equation set is expressed as:
where c denotes a system public key, y i (i=1, 2, …, k) denotes a public key of the vehicle node i, y k+1 denotes a public key of the roadside unit, p i (i=1, 2, …, k) denotes a prime number issued by the trust center to the vehicle i, and p k+1 denotes a prime number issued by the trust center to the roadside unit.
Preferably, the process of key negotiation by the two communication parties according to the semi-constellations of Chebyshev chaotic mapping comprises the following steps:
V i selects a time stamp T vi, and calculates B vi and AIDV according to the selected time stamp; transmitting the request message { B vi,Tvi,AIDVi,SIDVj } to the roadside unit RSU i; wherein SIDV j denotes a pseudonym of V j, B vi denotes a first pseudonym-verification-assistance parameter, AIDV i denotes a second pseudonym-verification-assistance parameter;
S2: the RSU i verifies the received request message, and if the verification fails, the request message is refused; if the verification is successful, the RSU i sends { p j,TRi } to V i; where p j represents the prime number of V j and T Ri represents the timestamp sent by RSU i to V i;
S3: v i verifies the message from RSU i and if the verification is passed, sends a key agreement request message to V j; if the verification fails, refusing to receive the message of the RSU i; wherein the key agreement request message includes: first signature of V i Second signature of V i The time segment T vi,Vi sends a time stamp T ij of V j and key negotiation information xi 1;
S4: v j verifies the timestamp in the key negotiation request message, if verification is successful, the prime number request message is sent to RSU i, and if verification fails, the key negotiation request message is refused to be received;
S5: the RSU i verifies the received key negotiation request message, and if the verification fails, the request message is refused; if the verification is successful, the RSU i sends { p i,TRj } to V j; where p i represents the prime number of V i and T Rj represents the current timestamp of the system;
S6: v j verifies the message from RSU i, after the verification is passed, V j authenticates the identity information of V i, and after the authentication is successful, the key negotiation message is sent to V i; otherwise refusing to send key negotiation message;
S7: v i checks the key agreement message of V j, if the check fails, the session key establishment fails, and if the check succeeds, the session key establishment succeeds.
Further, the RSU i verifies the received request message including: judging whether the freshness condition is satisfied, if not, rejecting the request message, and if so, calculating B vi 'according to the prime number p i of V i and the time stamps T vi and AIDV i'; and judging whether B vi' and B vi are equal, if so, verifying successfully, and if not, verifying failed.
Further, the authentication of the identity information of V i by V j includes: calculating a public key y i of the vehicle node i according to the prime number p i of V i, and calculating an equation according to the public key y i of the vehicle node iIf not, V j refuses the key negotiation request of V i, and if so, the identity authentication is successful.
Preferably, the pseudonym update mechanism is: the trusted center TA assigns a pseudonym update seed delta ID j to each registered vehicle; when the vehicle node V i accesses V j the current pseudonymAfter the corresponding prime numbers, the roadside unit RSU sends a pseudonym update request to the TA; TA calculates the next pseudonym/>, corresponding to V j And publishing; recording the corresponding prime numbers p j and l, and recording the corresponding list/>, of the kana prime numbersAnd transmitted to the RSU.
Preferably, the private key update mechanism is: v i private key at t vi time segment isThe private key of V i is/>, within t vi +1 time slicesWhen the private key corresponding to the t vi +1 time slices is generated, the OBU i deletes the private key of the t vi time slice immediately; if t vi =l, the key of the t vi +1 time segment output by the vehicle node V i is a null string; when the time segment of V i expires, V i reselects private key x' i,0 and recalculates the corresponding public key y i, and TA updates system public key c based on the recalculated public key y i.
Preferably, the process of canceling the legal identity of the malicious vehicle by modifying the public key information corresponding to the malicious vehicle is as follows: when V i issues a malicious message within the coverage of RSU i, RSU i obtains p i used by V i in sending the malicious message; finding the current pseudonym generated by the trusted center TA for V i in the pseudonym and prime number list lambda SIDV,p to obtain the current pseudonym SIDV i of V i; transmitting the pseudonyms SIDV i and p i to the TA, and judging the real identity of the vehicle corresponding to the pseudonym by the TA through the l corresponding to the equation H 0(IDVi||δsk)=SIDVi、pi and the pseudonym update seed delta ID i; based on the true identity of the vehicle to which the pseudonym corresponds, the TA will revoke the legitimate identity of V i within the group.
Further, the modification of the public key information corresponding to the malicious vehicle includes: the public key information y i corresponding to the V i is modified into another random number y' i, other vehicle node information is kept unchanged, and the system public key c is updated.
The beneficial effects of the invention are as follows: according to the invention, the problems of rapid movement of the vehicle and rapid change of the topology of the vehicle in the VANET system are considered, a dynamic vehicle group is established by utilizing the China remainder theorem, and the rapid change of the topology of the VANET network is adapted; aiming at the problem that communication on a network which is re-disclosed by a vehicle in VANET is easily subjected to a series of attacks such as eavesdropping, tampering and imitation, key negotiation is carried out by utilizing the semi-swarm through Chebyshev chaotic mapping, and the communication information is encrypted by using the negotiated key so as to complete secure communication on the public network; the corresponding pseudonym and private key of the vehicle are updated by adopting a pseudonym updating scheme and a private key updating scheme, so that the identity privacy safety of the vehicle is effectively protected; for the problem of malicious vehicles in the vehicle group, the identity of the malicious vehicles is traced by utilizing signature information of the malicious vehicles, and legal identities of the malicious vehicles are revoked by modifying public key information corresponding to the malicious vehicles; the BAN logical model is utilized to formalize the semantic security of the authentication key negotiation scheme, so that the security communication can be ensured under the condition of malicious attack, and the economic benefit is good.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The invention provides a method for negotiating an intra-group authentication key in a vehicle-mounted ad hoc network, as shown in fig. 1, the method comprises the following steps: establishing a dynamic vehicle group according to the China remainder theorem; the information sender V i in the vehicle group signs the information by using private key information, and the information receiver V j authenticates the identity of the information sender V i by using public key information in the signed information; after the information sender V i and the information receiver V j mutually authenticate the identity, the two communication parties carry out key negotiation according to the semi-swarm of Chebyshev chaotic mapping; a pseudonym updating mechanism and a private key updating mechanism are adopted to update corresponding pseudonyms and private keys of the vehicle respectively; the identity of the malicious vehicle is traced through the signature message, and the legal identity of the malicious vehicle is revoked through modifying public key information corresponding to the malicious vehicle.
As shown in fig. 2, the vehicle-mounted ad hoc network system includes: the system comprises a roadside unit RSU, a mobile automobile TV and a trusted authority TA, wherein wired communication is adopted between the TA and the RSU, and wireless communication is adopted between the TV and between the TV and the RSU.
The TA (trusted center) establishes a dynamic vehicle session group with registered vehicles and RSUs (roadside units) using the chinese remainder theorem. The specific process is as follows:
TA initialization phase:
the TA is responsible for system initialization and defines two one-way hash functions And l i is the bit width of the hash function output. For chebyshev chaotic mapping, TA selects the public parameter x, the large prime number n, and the system private key δ sk.
RSU and OBU (on board unit) registration phase:
1) Registration of OBU i
As shown in fig. 3, assume that there is a vehicle cluster in which there are now k vehicle members { V 1,V2,…,Vk }. On identity registration, the OBU i on V i sends the real identity IDV i of the vehicle V i to the TA over a secure channel by the vehicle node V i. After the TA receives the message, the pseudonym SIDV i=H0(IDVi||δsk for V i is computed) and published throughout the system. TA selects one large prime number p i (i=1, 2, …, k), p i≠pj when i=j is satisfied, and there are two large prime numbers in (0-p i -1). TA selection system common parameter g, g is the primitive root of the exponential operation, also is all multiplication groupsIs a generator of (1). The TA sends { SIDV i,pi } to V i over the secure channel.
V i after receiving { SIDV i,pi } from TA, randomly selecting its own initial cipherCalculate the public key of V i V i sends { y i } to TA over the secure channel. The TA divides the effective time of the public keys of the vehicles in the vehicle group into L time segments, during which the public key y i of the vehicle nodes remains unchanged. When L time segments have elapsed, V i reselects private key x' i,0 and recalculates public key y i, and TA also updates system public key c.
2) Registration of RSU i
As shown in fig. 4, the registration procedure of RSU i is similar to that of OBU i, the true identity IDR i is sent to TA via secure channel, TA calculates the pseudonym SIDR i=H0(IDRi||δsk of RSU i), and assigns RSU i a large prime number p k+1.RSUi to select private keyAnd calculates a corresponding public key y k+1 to return to the TA.
TA build group
The TA builds a set of congruence equations from y i (i=1, 2, …, k) received from k vehicle nodes and y k+1 from RSU i:
Wherein c is a system public key, and the congruence equation set can be calculated by using the Chinese remainder theorem
Wherein p=p 1p2…pk+1,Representation/>The inverse of the modulo p i; TA calculates SP i=H1(SIDVi||pi) and sends { SIDV i,pi } to registered RSU i.RSUi to generate a list of V i pseudonyms and prime numbers corresponding to lambda SIDV,p based on { SIDV i,pi } received.
And the two communication parties rapidly authenticate the identity of the message sender by using the signature information, and carry out key negotiation through the semi-swarm of Chebyshev chaotic mapping. The algorithm flow is shown in fig. 5, and the specific process of the algorithm is as follows:
V i selects a time stamp T vi, and calculates B vi and AIDV according to the selected time stamp; transmitting the request message { B vi,Tvi,AIDVi,SIDVj } to the roadside unit RSU i; wherein SIDV j represents the pseudonym of V j, and the calculation formulas of B vi and AIDV i are respectively:
Bvi=H1(SIDVi||pi||Tvi)
Wherein B vi represents a first pseudonym verification auxiliary parameter, AIDV i represents a second pseudonym verification auxiliary parameter, H 1 () represents a hash function, and l represents a connector;
S2: the RSU i verifies the received request message, and the verification process is as follows: after the RSU i receives the message, it first checks the freshness of T vi by (T iR-Tvi) < Δt, where Δt represents the effective time difference between the two time stamps specified by the system, and T iR represents the time stamp sent by V i to the RSU; if the verification fails, rejecting the request message; if verification is successful, calculate By determining whether equation B' vi=H1(SIDV'i||pi||Tvi)=Bvi holds true, the validity of the identity of the message requester is determined and only the members within the group can pass the verification. Rejecting the request message if the equation is not true; if the equation is true, RSU i sends { p j,TRi } to V i.
S3: v i verifies the message from RSU i and sends a key agreement request message to V j; the verification process is as follows: after V i receives { p j,TRi }, firstly checking the freshness of a time stamp T Ri by (T vRi-TRi) < Δt, wherein T vRi is the current time stamp of the system; by equation SP j=H1(SIDVj||pj) is established to determine the correctness of the message from RSU i. If not, rejecting the message, if so, V i selecting current timestamp T ij, selecting random number alpha, calculating xi 1≡Tα(x)modn;Vi to sign the key negotiation request, and randomly selecting Representing an integer set of prime numbers p i less than V i, determining a time segment t vi, calculating a first signature/>, of V i And a second signature/>, of V i V i issues a key agreement request message/>Sent to V j.
S4: v j verifies the timestamp T ij in the key agreement request message; the verification process is as follows: after V j receives the message, T rj is the system current timestamp by (T rj-Tij) < Δt check for freshness of T ij. If the verification fails, the key negotiation request message is refused to be received, and if the verification is successful, the generated timestamp T vj;Vj sends the prime number request message { B vj,Tvj,AIDVj,SIDVi } to the RSUs i;Bvj and AIDV j according to the calculation formulas:
Bvj=H1(SIDVj||pj||Tvj)
S5: the RSU i verifies the received key agreement request message; the verification process is as follows: after the RSU i receives the message, it first checks the freshness of the timestamp T vj by (T jR-Tvj) < Δt, T jR being the system current timestamp. If the verification fails, rejecting the request message; if verification is successful, calculate The validity of the identity of the sender of the message is judged by calculating whether equation B' vj=H1(SIDV'j||pj||Tvj)=Bvj holds. Rejecting the request message if the equation is not true; if the equation is true, RSU i sends { p i,TRj } to V j.
S6: v j verifies the message from RSU i, after the verification is passed, V j authenticates the identity of V i, and after the authentication is successful, the key agreement message is sent to V i; otherwise refusing to send key negotiation message; the verification process is as follows: v j determines the freshness of the timestamp T Rj by (T vRj-TRj) < Δt, T Rj being the system current timestamp. By calculating equation SP i=H1(SIDVi||pi) to determine the correctness of the prime numbers from RSU i. After passing the verification, the identity information of the V i is authenticated, and the authentication process is as follows: calculation y i≡c(modpi), judgment equation(Modp i) whether or not this is true. If the equation is not satisfied, rejecting the key agreement request from V i, failing authentication; if the equation is satisfied, the authentication is successful, V j randomly selects beta and a timestamp T ji, calculates ξ2≡Tβ(x)modn,sk≡Tβ(ξ1)modn,Mij=H1(sk||ξ1||ξ2),/>V j signs the Key agreement message, randomly selects/> An integer set representing a prime number p j less than V j, determining a time segment t vj, calculatingAnd/>V j sends key agreement messageV i.
S7: v i checks the key agreement message of V j, if the check fails, the session key establishment fails, if the check succeeds, the session key establishment succeeds; the inspection process comprises the following steps: v i first verifies the timestamp T ji by (T ri-Tji) < Δt, T ri is the system current timestamp. After the time stamp passes, the identity of V j is authenticated again, namely the judgment is madeWhether or not it is. If not, authentication fails, if yes, sk '≡t α(ξ2) mod n and M' ij=H1(sk'||ξ1||ξ2) are calculated, and equation/>Whether or not to establish; if not, the session key negotiation fails; if so, the session key negotiation between V i,Vj is successful, and the session key is sk≡T α(Tβ(x))modn=Tβ(Tα (x)) mod n.
The identity privacy security of the vehicle can be effectively protected by adopting a pseudonym updating and private key updating mechanism, and if the same pseudonym and private key are always used, an attacker can threaten the privacy security of the vehicle by collecting signature messages corresponding to the pseudonym; the process of updating the corresponding pseudonym and private key of the vehicle by adopting a pseudonym updating mechanism and a private key updating mechanism is as follows:
Private key update mechanism: v i private key at t vi time segment is The private key of V i is/>, within t vi +1 time slicesWhen the private key corresponding to the t vi +1 time slices is generated, the OBU i deletes the private key of the t vi time slice immediately. If t vi =l, the key of the t vi +1 time slice output by the vehicle node V i is a null string. When the time period of V i expires, V i reselects private key x' i,0 and recalculates the corresponding public key y i, and TA also updates system public key c.
Pseudonym update mechanism: the TA assigns each registered vehicle a pseudonym update seed δID i or δID j when the vehicle node V i accesses V j the current pseudonymAfter the corresponding prime numbers, the RSU sends a pseudonym update request to the TA, and the TA calculates the next pseudonym/>, corresponding to V j And publishes, records the corresponding prime numbers p j and l. Then the kana prime number corresponding list/>And transmitted to the RSU.
When the system discovers that the malicious vehicle performs malicious behaviors in the vehicle group, the TA performs identity tracing on the identity of the malicious vehicle according to the signature message in the message issued by the malicious vehicle, and the malicious vehicle does not have legal identity in the vehicle group by modifying large prime numbers allocated to the malicious vehicle. The algorithm flow is shown in fig. 6, and the specific process is as follows:
When a registered vehicle node V i issues a malicious message within a vehicle group, the TA can trace back and revoke its legitimate identity. When V i issues a malicious message within the coverage of RSU i, RSU i first obtains p i used by V i in sending the malicious message, and then finds the current pseudonym generated by TA for V i in pseudonym and prime list λ SIDV,p. After the current pseudonym SIDV i of V i is obtained, pseudonyms SIDV i and p i are sent to the TA. The TA determines the true identity of the vehicle to which the pseudonym corresponds by the i corresponding to equation H 0(IDVi||δsk)=SIDVi、pi and the pseudonym update seed δid i. After acquiring the true identity of V i, the TA will revoke the legitimate identity of V i within the group. In addition, when a registered legitimate vehicle node V j leaves the vehicle node group established by the TA, the TA will also revoke the identity of V j. The TA revokes the legal identity of the group member V i in the group, only needs to modify the public key information y i corresponding to V i to another random number y' i, other vehicle node information remains unchanged, and then updates the system public key c. V i is revoked at this point and its key will not be able to generate valid key agreement information.
The invention uses BAN logic model to prove the semantic safety of the scheme, the model flow chart is shown in figure 7, and the specific model is described as follows:
1) BAN logical symbol
In the security proving process for the present protocol, the following BAN logical symbols are used:
① P≡x: p believes that message X is authentic.
②P finds a message containing X.
③ P| -X: p has sent a message containing X for a certain period of time.
④P has jurisdiction of message X.
⑤ # (X): message X is fresh.
⑥ (X, Y): x and Y are part of a message (X, Y).
⑦〈X〉Y : Message X is encrypted using key Y.
⑧K is a key shared by P and Q.
2) BAN logic rules
The protocol security is formalized here using 4 BAN logic rules R1-R4:
① Meaning of information (Message-meaning) rule:
R1: r1 represents the key K shared between entities P and Q if P believes that K encrypts message X, P believes that Q sent X.
② Random number proof (Nonce-verification) rule:
R2: R2 represents that if P believes that X is fresh and P believes that Q has sent X, then P believes that Q is believing X.
③ Jurisdiction (Jurisdiction) rules:
R3: r3 represents that if P believes Q has jurisdiction over X and P believes Q is believing X, then P will believes X.
④ Freshness (FRESHNESS) rule:
R4: R4 represents that if a portion (X) of the P-belief message (X, Y) is fresh, then the P-belief (X, Y) is also fresh.
3) Establishing two scheme proving targets
To demonstrate that the intra-group vehicle node mutual authentication key scheme is secure, two security targets, gol 1 and gol 2, need to be implemented.
Gol 1: v j|≡ξ1.Vj believes the key agreement information from V i.
Gold 2: v i|≡ξ2.Vi believes the key agreement information from V j.
4) Idealized protocol form
Converting the generalized form of the 3.3 authentication key agreement protocol flow into an idealized form:
①
②
③
④
⑤
⑥
5) The premise assumption is that
Prior to security proving the protocol, the following assumptions need to be made for the BAN logic:
P1:
P2:
P3:
P4:
P5:
P6:
P7:
P8:
P9:
P10:
P11:
P12:
6) Scheme security certification
By analyzing the security in the form of an idealized scheme, two security certification targets, goal1 and Goal2, are obtained.
①According to P1: /(I)And Message-meaning rule R1: /(I)RSU i|≡Vi|~{Bvi,AIDVi can be obtained. When the timestamp T vi passes the verification, there is an RSU i|≡#(Tvi). Again according to FRESHNESS rule R4: and the Nonce-verification rule R3: /(I) The RSU i|≡Vi|≡{Bvi,AIDVi can be obtained. Finally according to Jurisdiction rule R2: /(I)And P7: After the RSUs i|≡{Bvi,AIDVi}.Bvi and AIDV i are obtained and pass the test, the RSU i sends the prime number p j corresponding to SIDV j to V i.
②And the same applies to P2:/>And R1, V i|≡RSUi|~pj can be obtained. When the timestamp T Ri passes the test, there is V i|≡#(TRi). From R4 and R3, V i|≡RSUi|≡pj can be derived. Finally according to R2 and P8: /(I)V i|≡pj can be obtained. When V i obtains the prime numbers corresponding to V j, a signature authentication key agreement message is sent to V j.
③According to P5: /(I)And R1, RSU i|≡Vj|~{Bvj,AIDVj can be obtained. After the time stamp T vj is checked, there is RSU i|≡#(Tvj). Based on R4 and R3, RSU i|≡Vj|≡{Bvj,AIDVj can be obtained. Finally according to R2 and P10: /(I)After the RSUs i|≡{Bvj,AIDVj}.Bvj and AIDV j are obtained and pass the test, the RSU i sends the prime number p i corresponding to SIDV i to V j.
④According to P6:/>And R1, V j|≡RSUi|~pi can be obtained. When the timestamp T Rj passes the test, there is V j|≡#(TRj). From R4 and R3, V j|≡RSUi|≡pi can be derived. Finally according to R2 and P11: /(I)V i|≡pj can be obtained. When V j obtains the prime numbers corresponding to V i, the signature information from V i is verified, and after verification, the signature key negotiation message is sent to V i.
⑤According to P4: /(I)And R1, can obtainAfter the time stamp T ij passes the test, there is V j|≡#(Tij). From R4 and R3, one can obtainThen according to R2 and P9: /(I)Obtain/>When signed message from V i/>And/>Upon verification, the protocol completes V j's authentication of V i and V j believes that V i's key agreement message ζ 1, V j|≡ξ1. Thus, the target gold 1 is completed. V j selects the random number β, calculates ζ 2=Tβ (x) mod n and the session key sk≡t β(ξ1)modn≡Tβ·α (x) mod n. And finally, sending a signature authentication key negotiation message to the V i.
⑥According to P3: /(I)And R1, can obtainWhen the timestamp T ji is verified as fresh, V i|#(Tji). From R4 and R3, one can obtain/>Then according to R2 and P12: /(I)ObtainingWhen signature information from V j/>And/>By verification, delta is also verified, V i believes that the session key message ζ 2 from V j, V i|≡ξ2. Here, the target gold 2 is completed. Finally V i calculates the session key sk≡t α(ξ2)modn≡Tα·β (x) mod n.
The proving process of Goal1 and Goal2 can show that the scheme provided by the invention can effectively realize the safety proving of mutual authentication key negotiation of members in a group. By utilizing the BAN logic model, all messages involved in the scheme are simulated, two targets for completing the security certification of the scheme are established, and the verification of the message source, the verification of the message freshness and the verification of the message source credibility are completed on the premise of reasonable assumption. Finally, two preset targets are proved according to the model rules, and formal proof of the scheme is completed.
The invention considers the problems of rapid movement of the vehicle and rapid change of the topology of the vehicle in the VANET system, establishes a dynamic vehicle group by utilizing the China remainder theorem, and adapts to the rapid change of the topology of the VANET network; aiming at the problem that communication on a network which is re-disclosed by a vehicle in VANET is easily subjected to a series of attacks such as eavesdropping, tampering and imitation, key negotiation is carried out by utilizing the semi-swarm through Chebyshev chaotic mapping, and the communication information is encrypted by using the negotiated key so as to complete secure communication on the public network; the corresponding pseudonym and private key of the vehicle are updated by adopting a pseudonym updating scheme and a private key updating scheme, so that the identity privacy safety of the vehicle is effectively protected; for the problem of malicious vehicles in the vehicle group, the identity of the malicious vehicles is traced by utilizing signature information of the malicious vehicles, and legal identities of the malicious vehicles are revoked by modifying public key information corresponding to the malicious vehicles; the BAN logical model is utilized to formalize the semantic security of the authentication key negotiation scheme, so that the security communication can be ensured under the condition of malicious attack, and the economic benefit is good.
While the foregoing is directed to embodiments, aspects and advantages of the present invention, other and further details of the invention may be had by the foregoing description, it will be understood that the foregoing embodiments are merely exemplary of the invention, and that any changes, substitutions, alterations, etc. which may be made herein without departing from the spirit and principles of the invention.