CN114584321A

CN114584321A - Data information encryption deployment method based on PUF device

Info

Publication number: CN114584321A
Application number: CN202210279619.5A
Authority: CN
Inventors: 张迎飞
Original assignee: Beijing Puanxin Technology Co ltd
Current assignee: Beijing Puanxin Technology Co ltd
Priority date: 2022-03-21
Filing date: 2022-03-21
Publication date: 2022-06-03
Anticipated expiration: 2042-03-21
Also published as: CN114584321B

Abstract

The embodiment of the invention provides a data information encryption deployment method based on a PUF device, which deploys information data to be encrypted and transmitted by using the PUF device as a trust anchor without needing to carry out massive data calculation by an additional service center or carrying out data transmission by a special line, so that the scheme has the effect of low cost while ensuring the security by using a physical random number.

Description

Data information encryption deployment method based on PUF device

Technical Field

The invention relates to the field of integrated circuits, in particular to a data information encryption and deployment method based on PUF devices.

Background

The SM9 identity cryptographic algorithm is an identity cryptographic algorithm based on bilinear pairings, and is a standard algorithm of public key cryptographic algorithms in the commercial cryptographic industry of China. The public key of the user for identifying the password (IBC) is generated by the unique identification information (such as name, mailbox address, mobile phone number, etc.) of the user and the secret stored master password, and the security is ensured without a third party certificate, so the management cost of the key and the certificate of the algorithm is low. In 2008, China standardizes the IBC technology and develops the SM9 cryptographic algorithm.

The theoretical basis and mathematical tool of SM9 cryptographic algorithm are the property of point group operation of elliptic curve on finite field group and bilinear pair operation characteristic, and its safety is established on the basis of the difficult-to-solve problem of bilinear pair. As a public key cryptographic algorithm, the SM9 algorithm requires a user to have a public and private key pair, specifically a pair of signature public and private keys and a pair of encryption public and private keys. The signature public and private key is used for a digital signature algorithm, and the encryption public and private key is used for key encapsulation, a public key encryption algorithm and key exchange.

Public/private keys of the SM9 algorithm are generated by a trusted third party Key Generation Center (KGC), where the public key can be made public to the outside and the private key needs to be stored in secret by the user. This means that the process of deployment to the user after the private key is generated must have corresponding security guarantees. One current solution is to separate the Anonymous private Key distribution scheme SAKI (i.e. Separable and Anonymous Identity-based Key Issuing): the two steps of user registration and private key generation are separated and are carried out at different places. The local registration authority (LRA for short) is responsible for user registration, and the KGC deploys the key by means of the registration information of the LRA after generating the public and private keys. As shown in fig. 2, the specific steps are as follows:

1) the user applies for registration at the LRA in an off-line manner using the SM9 encryption algorithm, and after the LRA verifies the user identity, the LRA generates a one-time password pwd and securely hands the password pwd to the user. The LRA then transmits the user ID and password pwd to the KGC, which uses this data as a credential for the user to apply for the private key and to generate the key.

2) Randomly selecting r E Z by user with ID identity_qAs a blind factor, Q ═ H (id) is calculated from the public system parameters of KGC, H is a strong hash function of public Q ═ rQ, T ═ H (pwd), T ═ r^-1And T. And (Q ', T') is used as a private key application message and is sent to the KGC.

Wherein Z is_qA multiplicative group consisting of all non-zero elements in a finite field containing q elements; q' is the element Q in the addition cycle group to carry out r times of self-addition operation; r is^-1A field element c satisfying r · c ═ 1 in the multiplication cycle group; t' is the result of c times elliptic curve addition operations performed on T.

3) After receiving the message, the KGC performs the following operations:

3.1) firstly verifying whether e (Q ', T') is true or not, and comparing whether the result of bilinear mapping of Q 'and T' is equal to the result of Q and T or not; wherein e is from G₁×G₂To G_TBilinear pairs of (c); g₁And G₂Two addition circulation groups with the order of prime number N are respectively arranged; g_TIs a multiplication loop group with the order of prime number N.

3.2) calculating S ' ═ sQ ' ═ srQ, and sending S ' to the user; wherein s is a private key generated by KGC through a random number generator; sQ ' is the element Q ' in the addition cycle group, and S times of self-addition operation are carried out, and the operation result is S '.

4) After the user obtains S', the following operations are carried out

4.1) verification of e (S ', P) ═ e (Q', P)_pub) Whether the result is true; comparing the result of bilinear mapping by S 'and P with Q' and P_pubWhether the results of (1) are equal; wherein P is G₂A generator of (2); p_pubFor KGC by P_pub＝sP₁Published master public key, where P₁Is G₁The generator of (1).

4.2)S＝r^-1S' ═ sQ, and decryption is carried out to obtain a private key S; wherein r is^-1A field element c satisfying r · c ═ 1 in the multiplication cycle group; and S is the result of c times of elliptic curve addition operation of S'.

The method constructs a blind signature scheme, and only a user with a blind factor can recover a real private key, so that the private key can be transmitted in a non-secure channel. The method can effectively protect the security of the private key, but the method still has the following problems in practical application:

1) if the attacker knows the identity of the user, dictionary attack can be carried out on the password pwd;

2) the application range of the SAKI scheme is limited to a certain extent because the process of sending the password pwd to the user by the LRA needs to ensure extremely high security, and the user needs to go to a registration authority for offline registration.

Disclosure of Invention

The embodiment of the invention provides a data information encryption deployment method based on a PUF device, which is applied to the PUF device in the field of integrated circuits, solves the problem of safe transmission in the field of data encryption transmission, particularly solves the problem of brute force of an attacker to crack encrypted data information, and also solves the problem of safe transmission during data information deployment based on a common channel.

To achieve the above object, in one aspect, an embodiment of the present invention provides a data information encryption deployment method based on PUF devices, including:

a transmitting end designates a first PUF device; the first PUF device is used for sending to a receiving end;

the transmitting end determines a first challenge signal and a first response signal according to the information of the first PUF device; the first challenge signal is input to the first PUF device to uniquely derive the first response signal;

the sending end encrypts first data information to be deployed to the receiving end by using the first response signal to obtain a first ciphertext;

when the receiving end receives the first PUF device, first confirmation information is returned to the sending end;

if the sending end receives the first confirmation information from the receiving end, the sending end sends the first ciphertext and the first challenge signal to the receiving end; the first confirmation information indicates that the receiving end has received the first PUF device;

when the receiving end receives the first ciphertext and the first challenge signal, the receiving end inputs the first challenge signal to the first PUF device to obtain a first response signal; and further using the first response signal as a key to decrypt the first ciphertext to obtain the first data information.

Further, if the sending end receives the first acknowledgment information from the receiving end, the sending end sends the first ciphertext and the first challenge signal to the receiving end, specifically:

if the sending end receives the first confirmation information within the appointed first confirmation time, the sending end sends the first ciphertext and the first challenge signal to the receiving end; the first confirmation time is a specified length of time counted from when the first PUF device is issued.

Further, still include:

if the sending end does not receive the first confirmation information within the first confirmation time, redeploying the first data information by the following steps:

the transmitting end designates a second PUF device; the second PUF device is used for sending to the receiving end;

the transmitting end determines a second challenge signal and a second response signal according to the information of the second PUF device; the second challenge signal is input to the second PUF device to uniquely derive the second response signal;

the sending end encrypts first data information to be deployed to the receiving end by using the second response signal to obtain a second ciphertext;

when the receiving end receives the second PUF device, second confirmation information is returned to the sending end;

if the sending end receives second confirmation information from the receiving end, the sending end sends the second ciphertext and the second challenge signal to the receiving end; the second confirmation information indicates that the receiving end has received the second PUF device;

when the receiving end receives the second ciphertext and the second challenge signal, the receiving end inputs the second challenge signal to the second PUF device to obtain a second response signal; and further using the second response signal as a key to decrypt the second ciphertext to obtain the first data information.

Further, the determining, by the sender, a first challenge signal and a first response signal according to the information of the first PUF device includes:

a sending end selects a first challenge response pair corresponding to information of the first PUF device from pre-stored challenge response records, takes a challenge signal in the first challenge response pair as the first challenge signal, and takes a response signal in the first challenge response pair as the first response signal;

wherein the challenge response record includes at least one set of challenge response pairs for each of all PUF devices.

Further, still include:

the new data information is deployed again according to the following steps:

the receiving end sends a new data information redeployment request to the sending end; the new data information re-deployment request comprises information of the PUF device which is successfully received by the receiving end;

when the sending end receives the new data information re-deployment request from the receiving end, obtaining the information of the successfully received PUF device from the new data information re-deployment request;

the sending end selects a third challenge response pair corresponding to the information of the successfully received PUF device from the challenge response record, takes the challenge signal in the third challenge response pair as a third challenge signal, and takes the response signal in the third challenge response pair as a third response signal;

the sending end encrypts the new data information by using the third response signal to obtain a third ciphertext;

the sending end sends the third ciphertext and the third challenge signal to the receiving end;

when the receiving end receives the third ciphertext and the third challenge signal, the receiving end inputs the third challenge signal to the successfully received PUF device to obtain the third response signal; and further using the third response signal as a key to decrypt the third ciphertext to obtain the new data information.

Further, the sender specifies a first PUF device, specifically:

the sending end selects a first PUF device from the PUF devices to be selected.

Further, the sending end uses the first response signal to encrypt first data information to be deployed to the receiving end to obtain a first ciphertext, and the method specifically includes:

and the sending end performs exclusive or operation on the first response signal and the first data information to obtain the first ciphertext, or the sending end uses the first response signal as a symmetric encryption key to encrypt the first data information by using a symmetric encryption algorithm to obtain the first ciphertext.

Further, the sending end is a key generation center; the first data information comprises a first signature private key and a first encryption private key;

before the sender specifies a first PUF device, further comprising:

the receiving end uses the system parameters disclosed by the key generation center to encrypt the unique identification information of the receiving end to obtain a key application request; the system parameters are used for generating a key and carrying out encryption communication between the receiving end and the key generation center;

the receiving end sends the key application request to the key generation center;

the key generation center receives the key application request and acquires the unique identification information of the receiving end from the key application request;

and the key generation center generates the first signature private key and the first encryption private key according to a specified key generation algorithm and the unique identification information of the receiving end.

Further, the sending end is a local registration mechanism; the first data information includes: a first password;

before the sender specifies a first PUF device, further comprising:

the receiving end sends a registration application to the local registration mechanism;

the local registration mechanism receives the registration application and acquires the unique identification information of the receiving end from the registration application;

and the local registration mechanism generates the first password according to the unique identification information of the receiving end.

The technical scheme has the following beneficial effects: the PUF device is used as the trust anchor to deploy the information data needing to be encrypted and transmitted, a large amount of data calculation is not needed by an additional service center, and data transmission is not needed by a special line, so that the scheme has the effect of low cost while the safety is ensured by using the physical random number.

Further, by applying the technical scheme of the invention in SM9 algorithm public and private key deployment, the security of the SM9 algorithm key distribution process is improved. Specifically, before executing the digital signature verification algorithm, the public key encryption and decryption algorithm and the key encapsulation/decapsulation algorithm of the SM9 algorithm, a signature public/private key and an encryption public/private key need to be deployed, wherein a master private key is generated by KGC and retained in KGC, and the signature public/private key and the encryption public/private key are generated by the master private key and an ID and deployed to a corresponding user. Since the security of the SM9 identity cryptographic algorithm depends on the secrecy of the private key, the security of the user's private key is particularly important in the deployment process. By means of the characteristics of unclonability, unpredictability and the like of the strong PUF device entity, the secure transmission of the trust anchor can be realized in a mode of directly deploying the PUF device, and the deployment of the SM9 signature private key and the encryption private key is realized through the PUF device.

Further, in the SM9 algorithm key distribution process, the private key deployment between the user and the key generation center is currently implemented by means of an additional service center (local registration authority LRA) issuing a password to the registered user. Since the password cannot be remotely transmitted, the SAKI scheme requires the user to register locally, and remote deployment cannot be achieved. Aiming at the application scenes, the technical scheme of the invention is improved aiming at the SAKI scheme adopted by the current private key deployment scheme, and the password can be remotely deployed by virtue of the PUF device, so that the multi-scene SM9 private key deployment is realized under a system compatible with the SAKI scheme.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the prior art descriptions will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.

Fig. 1 is a flowchart of a PUF device-based data information encryption deployment method according to one embodiment of the present invention;

FIG. 2 is a schematic diagram of a prior art scheme for separating anonymous private key distribution according to an embodiment of the present invention;

fig. 3 is a schematic diagram of a PUF device-based data information encryption deployment method deploying an SM9 private key according to one embodiment of the present invention;

fig. 4 is a schematic diagram of another PUF device-based data information encryption deployment method for deploying an SM9 private key according to one embodiment of the present invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

On one hand, as shown in fig. 1, an embodiment of the present invention provides a data information encryption deployment method based on a PUF device, including:

step S100, a sending end designates a first PUF device; the first PUF device is used for sending to a receiving end;

step S101, the sending end determines a first challenge signal and a first response signal according to the information of the first PUF device; the first challenge signal is input to the first PUF device to uniquely derive the first response signal;

step S102, the sending end uses the first response signal to encrypt first data information to be deployed to the receiving end to obtain a first ciphertext;

step S103, when the receiving end receives the first PUF device, first confirmation information is returned to the sending end;

step S104, if the sending end receives the first confirmation information from the receiving end, the sending end sends the first ciphertext and the first challenge signal to the receiving end; the first confirmation information indicates that the receiving end has received the first PUF device;

step S105, when the receiving end receives the first ciphertext and the first challenge signal, the receiving end inputs the first challenge signal to the first PUF device to obtain a first response signal; and further using the first response signal as a key to decrypt the first ciphertext to obtain the first data information.

In some embodiments, the sending end is configured to deploy data information to be transmitted in an encrypted manner to the receiving end; the receiving end is used for receiving the data information; the receiving end may also use the data information in a secure manner. The data information includes private keys and/or passwords and the like which need to be prevented from being intercepted by a third party. The PUF device is a novel information security component, wherein the silicon-based PUF device mainly utilizes the physical randomness generated by the process deviation of a silicon-based integrated circuit in the manufacturing process to extract the characteristic information uniquely related to the PUF device, the characteristic information of different PUF devices is different, and the PUF device cannot be copied. The specific use method is that a challenge signal is input to the PUF device, the PUF device can generate a stable and unpredictable response signal, different response signals can be obtained by inputting different challenge signals, and the challenge signal and the response signal have unique one-to-one correspondence. The input Challenge signal and the Response signal corresponding to the input Challenge signal are called Challenge-Response Pair (CRP). Depending on the number of challenge-response pairs, PUF devices can be divided into two categories: strong PUF devices and weak PUF devices. Since the process variations are random and different, the response signals of different chips are different even though the same challenge signal is input. The inventors have found that due to the randomness and unpredictability of PUF devices, it can be guaranteed that a key is difficult to copy and steal if information is encrypted using a PUF device as a key.

A transmitting end can specify a PUF device from a plurality of PUF devices prepared in advance; for example by reading an inventory record and specifying a PUF device from the inventory record. The designated PUF device can be sent to the receiving end in various ways, for example, the designated PUF device can be popped up on site through an automatic terminal device and then sent to the receiving end for storage, or can be sent to the receiving end remotely through an automatic mailing system in a warehouse, or can be sent to the receiving end in a manual mailing mode. The designation and transmission of the first PUF device can be understood in light of the foregoing description. The sending end determines a first challenge signal and a first response signal according to the information of the first PUF device; the first challenge signal is input to the first PUF device to uniquely obtain a first response signal; the PUF device is not reproducible according to characteristics of the PUF device, and a challenge signal input to the PUF device and a response signal of the PUF device obtained in response to the input challenge signal are in one-to-one correspondence. So that the same response signal is obtained, the PUF device and the challenge signal corresponding to the input must be obtained simultaneously. In a specific application, the hardware of the PUF device may be designed to make the bits of the challenge signal and the response signal large, for example, 128 bits, so that the challenge signal and the response signal cannot be exhausted in a short time. The response signal can therefore be used as a secure key. The sending end encrypts first data information to be deployed to the receiving end by using the first response signal to obtain a first ciphertext; specific encryption methods include, but are not limited to, exclusive or, symmetric encryption, etc., and there may be a variety of specific encryption methods. After the PUF device is specified by the sender, the PUF device may be sent to the receiver at any time before step S103. When the receiving end receives the first PUF device, first confirmation information is returned to the sending end; thereby ensuring that the PUF device has arrived correctly at the receiving end. If the sending end receives the first confirmation information from the receiving end, the first ciphertext and the first challenge signal are sent to the receiving end; the first confirmation information indicates that the receiving end has received the first PUF device; after the fact that the first PUF device is correctly received by the receiving end is confirmed, the first ciphertext and the first challenge signal are sent to the receiving end, the situation that the first PUF device, the first ciphertext and the first challenge signal are intercepted by a man-in-the-middle is avoided, and the safety of encrypted information is guaranteed. Even if the man-in-the-middle intercepts the first ciphertext and the first challenge signal, the man-in-the-middle cannot determine the first response signal because the man-in-the-middle does not have the first PUF device, so that even if the first ciphertext and the first challenge signal are transmitted by using a common non-secure channel, the problem of data information leakage cannot be caused, and a special secure transmission channel cannot be built to reduce the cost of information transmission. When the receiving end receives the first ciphertext and the first challenge signal, the receiving end inputs the first challenge signal to the first PUF device to obtain a first response signal; the first response signal is further used as a key to decrypt the first ciphertext to obtain first data information; thereby completing the encrypted deployment of the first data information from the sending end to the receiving end.

In some embodiments, to improve the security of deployment, the sender may specify that, after issuing the PUF device, the sender must obtain, within a specified acknowledgement time, acknowledgement information of the receiver to the PUF device sent by the sender this time. If the confirmation time is exceeded, the sending end can consider that the PUF device sent at this time is failed. The time length of the first confirmation time can be determined by the sending end according to the estimated delivery time; the first confirmation time further improves the safety of the scheme, for example, the challenge response pair of the PUF device needs more time due to violent exhaustion, and after the PUF device is intercepted by a middleman, the middleman does not have enough time for violent exhaustion due to the limitation of the first confirmation time; the effect of further improving the safety of the scheme is achieved.

Further, still include:

the sender specifies a second PUF device; the second PUF device is used for sending to the receiving end;

In some embodiments, when the sender still cannot obtain the first confirmation information of the receiver after the first confirmation time, for security, the sender considers that the first PUF device sent this time has failed, and to complete the deployment of the data information, the sender reassigns the second PUF device and performs the above step of redeploying the first data information. The process of re-deploying the first data information using the second PUF device in embodiments of the present invention may be understood with reference to the foregoing description of deploying the first data information using the first PUF device. In order to further improve the security, if the sending end receives a second acknowledgment message from the receiving end, the step of sending the second ciphertext and the second challenge signal to the receiving end specifically includes: if the sending end receives the second confirmation information within the appointed second confirmation time, the sending end sends the first ciphertext and the first challenge signal to the receiving end; the second confirmation time is a specified length of time counted from when the second PUF device is issued.

the method comprises the steps that a sending end selects a first challenge response pair corresponding to information of a first PUF device from pre-stored challenge response records, takes a challenge signal in the first challenge response pair as a first challenge signal, and takes a response signal in the first challenge response pair as a first response signal;

In some embodiments, the challenge-response pairs supported by each of all PUF devices may be stored in advance in a challenge-response record; the challenge-response record may be accessed based on information of the PUF devices to select a set of corresponding pairs of challenges for a given PUF device.

Further, still include:

the new data information is deployed again according to the following steps:

when the sending end receives the new data information re-deployment request from the receiving end, the information of the successfully received PUF device is obtained from the new data information re-deployment request;

In some embodiments, the sender deploys data information to the receiver successfully once, which indicates that the receiver already owns the PUF device, and the information of the PUF device is recorded in a challenge response record maintained by the sender; when the receiving end requests to re-deploy new data information, the receiving end and the sending end can multiplex PUF devices which are successfully received by the receiving end before, the PUF devices do not need to be re-transmitted, so that a middleman does not have any chance to intercept the PUF devices, a response signal is not directly transmitted in the whole deployment period, the response signal is not indirectly transmitted after being subjected to mathematical transformation, a mathematical transformation relation does not exist between the transmitted challenge signal and the response signal, the response signal is obtained only according to the obtained challenge signal without any chance transformation, the effect of safely and quickly re-deploying new information is achieved, and meanwhile, the deployment cost is also saved by fully utilizing the challenge response of the PUF devices. The present embodiment can be understood according to the data information deployment process of the foregoing embodiments, and details are not described herein.

Further, the sender specifies a first PUF device, specifically:

the sending end selects a first PUF device from the PUF devices to be selected.

Further, as shown in fig. 3, a schematic diagram of a private key deployment method based on the terminal SM9 algorithm is shown, where the terminal is a receiving terminal. The sending end is a key generation center; the first data information comprises a first signature private key and a first encryption private key;

before the sender specifies a first PUF device, further comprising:

An embodiment of the present invention is explained below based on fig. 3:

as shown in fig. 3, CRP of the strong PUF device is distributed to users as a trust anchor, and private keys generated by KGC are encrypted and transmitted respectively and deployed to each user. An advantage of a strong PUF is that it contains a very high number of CRPs, cannot traverse all CRPs for a limited attack time, and its response signal (response) is difficult to predict by an external attacker. For example, the length of the challenge signal (challenge) of a strong PUF device is 128 bits, and the length of the response signal is 128 bits, and both the space of the challenge signal and the space of the response signal of the PUF device are 2¹²⁸And the different CRPs have no relevance, and it is impossible to obtain all CRPs in a traversal mode within a limited attack time. As long as an attacker cannot possess this PUF device entity and the corresponding challenge signal at the same time, it is difficult to obtain a response signal that is truly used for encryption.

The following describes specific steps of an embodiment of the present invention:

1) the key generation center KGC determines and discloses the set of system parameters, including curve identifiers, elliptic curve base domain parameters, equation parameters, etc., for key generation and use of the SM9 algorithm in a particular communication.

2) The user initiates a request to the KGC or its association center and uploads a binary identification information ID (i.e. unique identification information) that can determine the identity, such as an email box, an identity card number, a telephone number, an ASCII code value or a hash value of a street address, etc. The KGC or its association center audits the identity ID (i.e., the unique identification information).

3) After the verification is passed, the KGC selects two different random numbers ks and ke within a specified range of system parameters to be respectively used as a signature main private key and an encryption main public key.

4) The KGC calculates a signature private key ds (equivalent to a first signature private key) and an encryption private key de (equivalent to a first encryption private key) using the ID (i.e., unique identification information) and ks, ke and system parameters according to the following equations (1) to (6);

and (3) signature process:

t₁＝H₁(ID_A||hid,N)+ks (1)

t₂＝ks×t₁ ^-1modN (2)

ds＝[t₂]P₁ (3)

and (3) encryption process:

t₁＝H₁(ID_A||hid,N)+ke (4)

t₂＝ke×t₁ ^-1 (5)

de＝[t₂]P₂ (6)

wherein H₁Is a cryptographic function derived from a cryptographic hash algorithm; ID_AFor the identification of user A, the user can be uniquely determinedA public key; the method includes the steps that | | | represents splicing of bit strings or character strings before and after the string, for example, x and y are bit strings or character strings, and x | | | y represents splicing of the bit strings or character strings recorded in x and y; hid is a private key generation function identifier expressed by one byte, and is selected and disclosed by KGC; n is a cyclic group G₁、G₂And G_TOf order greater than 2¹⁹¹The prime number of (c); ks, ke is KGC yielding a value range of [1, N-1%]The random numbers are respectively used as a signature main private key and an encryption main private key; t is t₁ ^-1For satisfying t in multiplication cycle group₁A field element c in which c is 1; mod N is a modular operation, namely the remainder obtained by dividing by N is used as a result; t is t₂Is ks and t₁Multiplying the result of the product modulo N; p₁Is a circulating group G₁A generator of (2); [ t ] of₂]P₁To generate a primitive P₁Is carried out t₂The result of elliptic curve addition.

5) The KGC stores a portion of a challenge-response pair (C, R) of the PUF device, where C represents the challenge signal and R represents the response signal, and the private keys ds and de are encrypted with the response signal R to obtain ds 'and de' (where ds 'and de' correspond to the first ciphertext). Encryption can be realized by means of XOR of the response signal of the PUF and a private key; or based on the response signal of the PUF, the private key is encrypted using a symmetric encryption algorithm.

6) The KGC deploys the entity of the PUF device to the user in an on-the-fly or post-delivery manner, and the user sends a confirmation signal to the KGC after receiving the PUF device (i.e., confirmation information indicating that the user has received the PUF device sent to the user by the KGC).

7) After the user confirms that the PUF device is received within the validity time limit (which is equivalent to the time of a specified length counted from the moment when the KGC sends the PUF device), the KGC sends (ds ', de', C) to the user. If the confirmation information of the user is not received within the effective time limit, the KGC redeploys the PUF device and repeats the steps 5) and 6).

8) And after the user receives (ds ', de', C), inputting C into the PUF device to obtain R, and decrypting de 'and ds' by using R to obtain a signature private key ds and an encryption private key de.

The user sends an application to the KGC by means of the process of the present embodiment, and after obtaining the signature public/private key of the SM9 algorithm, the SM9 digital signature algorithm can be used. The digital signature algorithm can prove the identity of the sender of the verification message by means of a digital signature and a signature verification. The specific process is as follows: the signer holds an identity ID and a private signature key, and the private signature key is one of user private keys generated by the KGC through the ID. The signer makes the private signature key sign the data, after the verifier receives the information, the public key is generated by the ID of the signer, the information is decrypted, the signature is verified, and the identity of the sender and the authenticity and integrity of the sent information are verified.

The encrypted public/private key deployed by the user via the process of this embodiment can be used for SM9 algorithm key encapsulation: the encapsulator generates and encrypts a key that is sent to the target user, only the target user can decrypt it and use it as the key for the next session. The specific process is as follows: and the packager generates and encrypts a secret key by using the identification ID of the target user, sends the secret key to the opposite side, and the target user unpacks the secret key by using the decryption private key after receiving the secret key.

The embodiment of the invention has the following technical effects: the KGC stores part or all CRPs of the PUF device, encrypts a private key by means of the unpredictable characteristics of the CRPs, and decrypts the private key at a user side after the entity of the PUF device is deployed to achieve deployment of private key data. Compared with a method of direct plaintext transmission or other private key deployment, the PUF device is a trust anchor, and the deployment does not need to be carried out by means of an extra service center for mass data calculation or a special line for data transmission, so that the scheme has the characteristic of low cost while the security is ensured by using the physical random number. The challenge response pair for encryption and decryption is stored only in the server of the KGC before the PUF device is received by the user. Even if the PUF device entity is intercepted during transmission, an attacker has only a very small probability of traversing the response signal R that is actually used for encryption within a limited time. And because the relation between the challenge signal and the response signal of the PUF device cannot be predicted, the transmission of (ds ', de', C) has lower requirement on the safety of the channel, the online deployment of the private key can be realized, and the sending of the PUF device and the sending of the encrypted private key data information can be realized through a common way without a special safe post or a communication network, so that the effects of ensuring the safe transmission of the data information and reducing the transmission cost are achieved.

Further, as shown in fig. 4, a schematic diagram of another private key deployment method for a terminal SM9 algorithm is implemented based on this scheme, where the sending end is a local registration mechanism; the first data information includes: a first password;

before the sender specifies a first PUF device, further comprising:

An embodiment of the present invention is described below with reference to fig. 4:

the scheme of separating anonymous private key distribution SAKI is a scheme of current SM9 algorithm private key deployment, in the embodiment of the invention, a PUF device is used for carrying out encryption transmission on a trust anchor (password) in the SAKI scheme, multi-scene private key deployment is realized while the SAKI scheme is compatible, and the specific steps are as follows:

1) the user applies for Registration and uploads ID information (equivalent to unique identification information) to a Local Registration Authority (LRA) through either an online or offline manner.

2) The LRA verifies the user identity ID (equivalent to the unique identification information) and generates a one-time password pwd.

3) After the verification is passed, the LRA must safely give the password pwd to the user, and execute the current existing SAKI scheme for the user applying for registration offline; for a user applying for registration on the line, the LRA may store part of the challenge-response pairs (C, R) of the PUF devices in advance, select one of the challenge-response pairs of a specified PUF device, and encrypt the password pwd using the response signal R in the challenge-response pair to obtain pwd '═ xor (R, pwd) (where xor indicates that an exclusive-or operation is performed between R and pwd, and pwd' corresponds to a ciphertext).

4) The LRA presents the PUF device entity to the user in an on-the-fly or mailing format.

5) The user sends a confirmation message to the LRA after receiving the PUF device.

6) After the LRA obtains the user's confirmation information within the validity time limit (corresponding to the time of the specified length from the time when the PUF device is issued by the LRA), the (C, pwd') is sent to the user. And if the LRA does not obtain the confirmation information of the user within the effective time limit, the user does not normally receive the PUF device, and the steps 3), 4) and 5) are repeated by replacing a new PUF device.

7) And after the user receives (C, pwd '), inputting C into the received PUF device to obtain a response signal R, and decrypting pwd' by using the response signal R through an exclusive-or operation to obtain pwd.

8) And the user obtains an application message (Q ', T') through the ID and the pwd according to the requirements of the SAKI scheme, and applies for the private key from the KGC. KGC sends S 'to the user, and the user decrypts S' to obtain a real private key S.

The user sends an application to the LRA by means of the process of the present embodiment, and after obtaining the signature public/private key of the SM9 algorithm, the SM9 digital signature algorithm can be used. The digital signature algorithm can prove the identity of the sender of the verification message by means of a digital signature and a signature verification. The specific process is as follows: the signer holds an identity ID and a signature private key, and the signature private key is one of user private keys generated by the KGC through the ID. The signer makes the private signature key sign data, after the verifier receives the information, the public key is generated by the ID of the signer, the information is decrypted, the signature is verified, and the identity of the sender and the authenticity and integrity of the sent information are verified.

The encrypted public/private key deployed by the user via the process of this embodiment can be used for SM9 algorithm key encapsulation: the encapsulator generates and encrypts a key that is sent to the target user, and only the target user can decrypt and use it as the key for the next session. The specific process is as follows: and the packager generates and encrypts a secret key by using the identification ID of the target user, sends the secret key to the opposite side, and the target user unpacks the secret key by using the decryption private key after receiving the secret key.

The embodiment of the invention has the following technical effects: the method comprises the steps that the LRA stores part or all CRP of the PUF device, the password of the SAKI scheme is encrypted by means of the unpredictable characteristic of the CRP, and the user side registered on line obtains the entity of the PUF device and then decrypts the entity to obtain the password original text, so that the password is deployed on line. The process makes up the defect that the SAKI scheme can only register locally, and users who register on line can also register LRA and safely obtain passwords by obtaining PUF device entities. The PUF device is used for encrypting and transmitting the password from the LRA, the safety requirement on a password transmission channel can be lowered, and a user is allowed to apply for registration and obtain a one-time password in an online mode, so that the limitation that the original SAKI scheme needs to deliver the password to the user offline can be improved, and a remotely-deployable private key deployment system compatible with the SAKI scheme is established.

It should be understood that the specific order or hierarchy of steps in the processes disclosed is an example of exemplary approaches. Based upon design preferences, it is understood that the specific order or hierarchy of steps in the processes may be rearranged without departing from the scope of the present disclosure. The accompanying method claims present elements of the various steps in a sample order, and are not intended to be limited to the specific order or hierarchy presented.

In the foregoing detailed description, various features are grouped together in a single embodiment for the purpose of streamlining the disclosure. This method of disclosure is not to be interpreted as reflecting an intention that the claimed embodiments of the subject matter require more features than are expressly recited in each claim. Rather, as the following claims reflect, invention lies in less than all features of a single disclosed embodiment. Thus, the following claims are hereby expressly incorporated into the detailed description, with each claim standing on its own as a separate preferred embodiment of the invention.

The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. To those skilled in the art; various modifications to these embodiments will be readily apparent, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the disclosure. Thus, the present disclosure is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

What has been described above includes examples of one or more embodiments. It is, of course, not possible to describe every conceivable combination of components or methodologies for purposes of describing the aforementioned embodiments, but one of ordinary skill in the art may recognize that many further combinations and permutations of various embodiments are possible. Accordingly, the embodiments described herein are intended to embrace all such alterations, modifications and variations that fall within the scope of the appended claims. Furthermore, to the extent that the term "includes" is used in either the detailed description or the claims, such term is intended to be inclusive in a manner similar to the term "comprising" as "comprising: as interpreted by the use of "in the claims as a conjunction. Furthermore, any use of the term "or" in the specification of the claims is intended to mean a "non-exclusive or".

Those of skill in the art will further appreciate that the various illustrative logical blocks, units, and steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both. To clearly illustrate the interchangeability of hardware and software, various illustrative components, elements, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as hardware or software depends upon the particular application and design requirements of the overall system. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present embodiments.

The various illustrative logical blocks, or elements, described in connection with the embodiments disclosed herein may be implemented or performed with a general purpose processor, a digital signal processor, an Application Specific Integrated Circuit (ASIC), a field programmable gate array or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof designed to perform the functions described herein. A general-purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. A processor may also be implemented as a combination of computing devices, e.g., a digital signal processor and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a digital signal processor core, or any other similar configuration.

The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may be stored in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art. For example, a storage medium may be coupled to the processor such the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an ASIC, which may be located in a user terminal. In the alternative, the processor and the storage medium may reside in different components in a user terminal.

In one or more exemplary designs, the functions described above in connection with the embodiments of the invention may be implemented in hardware, software, firmware, or any combination of the three. If implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium. Computer-readable media includes both computer storage media and communication media that facilitate transfer of a computer program from one place to another. Storage media may be any available media that can be accessed by a general purpose or special purpose computer. For example, such computer-readable media can include, but is not limited to, RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to carry or store program code in the form of instructions or data structures and which can be read by a general-purpose or special-purpose computer, or a general-purpose or special-purpose processor. Additionally, any connection is properly termed a computer-readable medium, and, thus, is included if the software is transmitted from a website, server, or other remote source via a coaxial cable, fiber optic cable, twisted pair, Digital Subscriber Line (DSL), or wirelessly, e.g., infrared, radio, and microwave. Such discs (disk) and disks (disc) include compact disks, laser disks, optical disks, DVDs, floppy disks and blu-ray disks where disks usually reproduce data magnetically, while disks usually reproduce data optically with lasers. Combinations of the above may also be included in the computer-readable medium.

The above-mentioned embodiments are intended to illustrate the objects, technical solutions and advantages of the present invention in further detail, and it should be understood that the above-mentioned embodiments are merely exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims

1. A data information encryption deployment method based on PUF devices is characterized by comprising the following steps:

2. The PUF-device-based data information encryption deployment method according to claim 1, wherein if the sending end receives the first confirmation information from the receiving end, the sending end sends the first ciphertext and the first challenge signal to the receiving end, specifically:

3. The PUF-device-based data information encryption deployment method of claim 2, further comprising:

4. The PUF-device-based data information encryption deployment method of claim 1, wherein the determining, by the sender, a first challenge signal and a first response signal from the information of the first PUF device comprises:

5. The PUF-device-based data information encryption deployment method of claim 4, further comprising:

the new data information is deployed again according to the following steps:

when the receiving end receives the third ciphertext and the third challenge signal, the receiving end inputs the third challenge signal to the successfully received PUF device to obtain a third response signal; and further using the third response signal as a key to decrypt the third ciphertext to obtain the new data information.

6. The PUF-device-based data information encryption deployment method according to claim 1, wherein the sender specifies a first PUF device, specifically:

the sending end selects a first PUF device from the PUF devices to be selected.

7. The PUF device-based data information encryption deployment method of claim 1, wherein the sending end encrypts, using the first response signal, first data information to be deployed to the receiving end to obtain a first ciphertext, specifically:

8. The PUF device-based data information encryption deployment method according to claim 1, wherein the sender is a key generation center; the first data information comprises a first signature private key and a first encryption private key;

before the sender specifies a first PUF device, further comprising:

9. The PUF device-based data information encryption deployment method according to claim 1, wherein the sender is a local registry; the first data information includes: a first password;

before the sender specifies a first PUF device, further comprising: