CN114584321B

CN114584321B - Data information encryption deployment method based on PUF device

Info

Publication number: CN114584321B
Application number: CN202210279619.5A
Authority: CN
Inventors: 张迎飞
Original assignee: Beijing Puanxin Technology Co ltd
Current assignee: Beijing Puanxin Technology Co ltd
Priority date: 2022-03-21
Filing date: 2022-03-21
Publication date: 2024-01-26
Anticipated expiration: 2042-03-21
Also published as: CN114584321A

Abstract

The embodiment of the invention provides a data information encryption deployment method based on a PUF device, which deploys information data needing encryption transmission by using the PUF device as a trust anchor, does not need to carry out a large amount of data calculation by an additional service center and does not need to carry out data transmission by a special line, so that the scheme has the advantages of ensuring the safety by using a physical random number and simultaneously having low cost.

Description

Data information encryption deployment method based on PUF device

Technical Field

The invention relates to the field of integrated circuits, in particular to a data information encryption deployment method based on PUF devices.

Background

The SM9 identification cipher algorithm is an identification cipher algorithm based on bilinear pairs, and is a standard algorithm of public key cipher algorithm in commercial cipher industry in China. The public key of the user of the identification password (Identity-Based Cryptograph, IBC for short) is generated by the unique identification information (such as name, mailbox address, mobile phone number and the like) of the user and the secret stored main password, and the security is not required to be ensured by a third party certificate, so that the management cost of the key and the certificate of the algorithm is lower. In 2008, china standardizes the IBC technology and provides an SM9 cryptographic algorithm.

The theoretical basis and mathematical tool of SM9 cryptographic algorithm are the nature of point group operation of elliptic curve on finite field group and the double linear pair operation characteristic, and its safety is based on the problem of difficulty of double linear pair. As a public key cryptographic algorithm, the SM9 algorithm requires a user to have a public-private key pair, specifically a pair of signed public-private keys and a pair of encrypted public-private keys. The public-private signature key is used for the digital signature algorithm, and the public-private encryption key is used for key encapsulation, public-key encryption algorithm and key exchange.

The public/private keys of the SM9 algorithm are generated by a trusted third party key generation center (KGC, key generation center for short), wherein the public key can be disclosed to the outside, and the private key needs to be stored secret by the user. This means that the process deployed to the user after the private key generation must have a corresponding security guarantee. One current solution is the split anonymous private key distribution scheme SAKI (i.e., separable and Anonymous Identity-based Key Issuing): the two steps of user registration and private key generation are separated and carried out at different places. The Local Registration Authority (LRA) is responsible for user registration, and KGC deploys keys by means of registration information of the LRA after generating public and private keys. As shown in fig. 2, the specific steps are as follows:

1) The user registers in the LRA application in an off-line mode and uses the SM9 encryption algorithm, after the LRA verifies the identity of the user, the one-time password pwd is generated, and the password pwd is safely given to the user. The LRA then transmits the user ID and password pwd to the KGC, which uses the data as credentials for the user to apply for the private key and for generating the key.

2) User with ID randomly selects r epsilon Z _q * As a blind factor, q=h (ID) is calculated from the KGC's public system parameters, H being a public one of a strong hash function, Q ' =rq, t=h (pwd), T ' =r ^-1 T. And (Q ', T') is used as a private key application message and is sent to KGC.

Wherein Z is _q * A multiplication group consisting of all non-zero elements in a finite field containing q elements; q' is the element Q in the addition cyclic group, and r times of self-addition operation are carried out; r is (r) ^-1 A field element c satisfying r·c=1 in the multiplication loop group; t' is the result of the addition of the elliptic curve of T times.

3) After KGC receives the message, the following work is performed:

3.1 First verifying whether e (Q ', T') =e (Q, T) is true, comparing the result of bilinear mapping of Q 'and T' with the result of Q and T to be equal; wherein e is from G ₁ ×G ₂ To G _T Is a bilinear pair of (2); g ₁ And G ₂ Two addition cyclic groups with the order number of prime number N are respectively adopted; g _T Is a multiplication loop group with the order of prime number N.

3.2 S ' =sq ' = srQ, S ' is sent to the user; wherein s is a private key generated by KGC through a random number generator; sQ ' is the element Q ' in the addition cycle group, S times of self-addition operation are carried out, and the operation result is S '.

4) After the user gets S', the following operations are performed

4.1 Verifying e (S ', P) =e (Q', P) _pub ) Whether or not to establish; comparing the results of bilinear mapping of S 'and P with Q' and P _pub Whether the results of (2) are equal; wherein P is G ₂ Is a generator of (1); p (P) _pub For KGC pass P _pub ＝sP ₁ A published master public key, where P ₁ Is G ₁ Is a generator of (1).

4.2)S＝r ^-1 S' =sq, decrypting to obtain private key S; wherein r is ^-1 A field element c satisfying r·c=1 in the multiplication loop group; s is the result of the addition of the elliptic curve of the order of c by S'.

The method constructs a blind signature scheme, and only users with blind factors can recover the real private key, so that the private key can be transmitted in an unsafe channel. The method can effectively protect the security of the private key, but has the problems in practical application:

1) If the attacker knows the identity of the user, dictionary attack can be performed on the password pwd;

2) Since the procedure of sending the password pwd from the LRA to the user needs to ensure extremely high security, the user needs to perform an offline registration with the registration authority, so the application range of the SAKI scheme has a certain limit.

Disclosure of Invention

The embodiment of the invention provides a data information encryption deployment method based on a PUF device, which is applied to the PUF device in the field of integrated circuits, solves the problem of safe transmission in the field of data encryption transmission, particularly solves the problem of violent cracking of encrypted data information by an attacker, and simultaneously solves the problem of safe transmission during the deployment of data information based on a common channel.

In order to achieve the above object, in one aspect, an embodiment of the present invention provides a data information encryption deployment method based on PUF devices, including:

the transmitting end designates a first PUF device; the first PUF device is used for being sent to a receiving end;

the transmitting end determines a first challenge signal and a first response signal according to the information of the first PUF device; the first challenge signal is input to the first PUF device to uniquely obtain the first response signal;

the sending end encrypts first data information to be deployed to the receiving end by using the first response signal to obtain a first ciphertext;

when the receiving end receives the first PUF device, first confirmation information is returned to the sending end;

if the sending end receives the first confirmation information from the receiving end, the first ciphertext and the first challenge signal are sent to the receiving end; the first acknowledgement information indicates that the receiving end has received the first PUF device;

When the receiving end receives the first ciphertext and the first challenge signal, the receiving end inputs the first challenge signal to the first PUF device to obtain a first response signal; and further decrypting the first ciphertext using the first response signal as a key to obtain first data information.

Further, if the transmitting end receives the first acknowledgement information from the receiving end, the transmitting end transmits the first ciphertext and the first challenge signal to the receiving end, specifically:

if the sending end receives the first confirmation information in the appointed first confirmation time, the sending end sends the first ciphertext and the first challenge signal to the receiving end; the first validation time is a specified length of time counted from when the first PUF device is issued.

Further, the method further comprises the following steps:

if the transmitting end does not receive the first confirmation information all the time within the first confirmation time, redeploying the first data information by the following steps:

the transmitting end designates a second PUF device; the second PUF device is configured to send to the receiving end;

the transmitting end determines a second challenge signal and a second response signal according to the information of the second PUF device; the second challenge signal is input to the second PUF device to uniquely obtain the second response signal;

The sending end encrypts first data information to be deployed to the receiving end by using the second response signal to obtain a second ciphertext;

when the receiving end receives the second PUF device, second confirmation information is returned to the sending end;

if the sending end receives the second confirmation information from the receiving end, the second ciphertext and the second challenge signal are sent to the receiving end; the second acknowledgement information indicates that the receiving end has received the second PUF device;

when the receiving end receives the second ciphertext and the second challenge signal, the receiving end inputs the second challenge signal to the second PUF device to obtain a second response signal; and further decrypting the second ciphertext using the second response signal as a key to obtain the first data information.

Further, the transmitting end determines a first challenge signal and a first response signal according to the information of the first PUF device, including:

the method comprises the steps that a sending end selects a first challenge response pair corresponding to information of a first PUF device from a pre-stored challenge response record, takes a challenge signal in the first challenge response pair as a first challenge signal, and takes a response signal in the first challenge response pair as a first response signal;

Wherein the challenge-response record comprises at least one set of challenge-response responses for each of all PUF devices.

Further, the method further comprises the following steps:

the new data information is deployed again according to the following steps:

the receiving end sends a request for redeploying new data information to the sending end; the redeployment new data information request comprises information of the PUF device successfully received by the receiving end;

when the transmitting end receives the new data information redeployment request from the receiving end, obtaining the information of the PUF device which is successfully received from the new data information redeployment request;

the sending end selects a third challenge response corresponding to the information of the PUF device which is successfully received from the challenge response record, takes a challenge signal in the third challenge response pair as a third challenge signal, and takes a response signal in the third challenge response pair as a third response signal;

the sending end encrypts the new data information by using the third response signal to obtain a third ciphertext;

the sending end sends the third ciphertext and the third challenge signal to the receiving end;

When the receiving end receives the third ciphertext and the third challenge signal, the receiving end inputs the third challenge signal to the successfully received PUF device to obtain the third response signal; and further decrypting the third ciphertext using the third response signal as a key to obtain the new data information.

Further, the transmitting end designates a first PUF device, specifically:

the transmitting end selects a first PUF device from the PUF devices to be selected.

Further, the sending end encrypts the first data information to be deployed to the receiving end by using the first response signal to obtain a first ciphertext, which specifically includes:

and the sending end performs exclusive OR operation on the first response signal and the first data information to obtain the first ciphertext, or the sending end uses the first response signal as a key of symmetric encryption to encrypt the first data information by using a symmetric encryption algorithm to obtain the first ciphertext.

Further, the sending end is a key generation center; the first data information comprises a first signature private key and a first encryption private key;

before the transmitting end designates the first PUF device, the method further comprises:

The receiving end encrypts the unique identification information of the receiving end by using the system parameters disclosed by the key generation center to obtain a key application request; the system parameters are used for generating a secret key and carrying out encrypted communication between the receiving end and the secret key generation center;

the receiving end sends the key application request to the key generation center;

the key generation center receives the key application request and acquires the unique identification information of the receiving end from the key application request;

the key generation center generates the first signature private key and the first encryption private key according to a designated key generation algorithm and the unique identification information of the receiving end.

Further, the sending end is a local registration mechanism; the first data information includes: a first password;

the receiving end sends a registration application to the local registration mechanism;

the local registration mechanism receives the registration application and acquires the unique identification information of the receiving end from the registration application;

the local registration mechanism generates the first password according to the unique identification information of the receiving end.

The technical scheme has the following beneficial effects: by using the PUF device as a trust anchor, the information data needing encryption transmission is deployed, a large amount of data calculation is not needed by means of an additional service center, and data transmission is not needed by a special line, so that the scheme has the advantage of low cost while ensuring the safety by using the physical random number.

Further, by applying the technical scheme of the invention in the SM9 algorithm public and private key deployment, the security of the SM9 algorithm key distribution process is improved. Specifically, before the digital signature verification algorithm, the public key encryption and decryption algorithm, and the key encapsulation/deblocking algorithm of the SM9 algorithm are executed, a signature public/private key and an encryption public/private key need to be deployed, where the main private key is generated by KGC and remains in KGC, and the signature public/private key and the encryption public/private key are generated by the main private key and the ID and deployed to the corresponding user. Since the security of the SM9 identification cryptographic algorithm depends on the secrecy of the private key, the secrecy of the user private key during deployment is particularly important. By means of the characteristics of unclonability, unpredictability and the like of the entity of the strong PUF device, the security transmission of the trust anchor can be realized by directly deploying the PUF device, and the deployment of the SM9 signature private key and the encryption private key can be realized by the PUF device.

Further, in the SM9 algorithm key distribution process, a password is issued to the registered user by means of an additional service center (local registration authority LRA) at present, so that private key deployment between the user and the key generation center is realized. Because the password cannot be transmitted remotely, the SAKI scheme requires the user to register locally and cannot realize remote deployment. Aiming at such application scenes, the SAKI scheme adopted by the technical scheme of the invention aiming at the scheme of the current private key deployment is improved, the remote deployment of the password can be realized by means of a PUF device, and the SM9 private key deployment of multiple scenes is realized under the system compatible with the SAKI scheme.

Drawings

In order to more clearly illustrate the embodiments of the invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.

Fig. 1 is a flowchart of a PUF device-based data information encryption deployment method according to one embodiment of the present invention;

FIG. 2 is a schematic diagram of a split anonymous private key distribution scheme in the prior art in accordance with an embodiment of the present invention;

fig. 3 is a schematic diagram of deployment of SM9 private keys by a PUF device-based data information encryption deployment method according to one embodiment of the present invention;

fig. 4 is a schematic diagram of deployment of SM9 private keys by another PUF device-based data information encryption deployment method according to an embodiment of the present invention.

Detailed Description

The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.

In one aspect, as shown in fig. 1, an embodiment of the present invention provides a PUF device-based data information encryption deployment method, including:

step S100, a transmitting end designates a first PUF device; the first PUF device is used for being sent to a receiving end;

step S101, the transmitting end determines a first challenge signal and a first response signal according to the information of the first PUF device; the first challenge signal is input to the first PUF device to uniquely obtain the first response signal;

Step S102, the sending end encrypts first data information to be deployed to the receiving end by using the first response signal to obtain a first ciphertext;

step S103, when the receiving end receives the first PUF device, first confirmation information is returned to the sending end;

step S104, if the transmitting end receives the first confirmation information from the receiving end, the first ciphertext and the first challenge signal are transmitted to the receiving end; the first acknowledgement information indicates that the receiving end has received the first PUF device;

step S105, when the receiving end receives the first ciphertext and the first challenge signal, the receiving end inputs the first challenge signal to the first PUF device to obtain a first response signal; and further decrypting the first ciphertext using the first response signal as a key to obtain first data information.

In some embodiments, the sending end is configured to deploy data information to be transmitted in an encrypted manner to the receiving end; the receiving end is used for receiving the data information; the receiving end may also use the data information in a secure manner. The data information includes private keys and/or passwords, etc. that need to be protected from interception by third parties. The PUF device is a novel information security component, wherein the silicon-based PUF device mainly utilizes physical randomness generated by process deviation of a silicon-based integrated circuit in a manufacturing process to extract unique related characteristic information of the PUF device, the characteristic information of different PUF devices is different, and the PUF device cannot be duplicated. The specific use method is that a challenge signal is input to the PUF device, the PUF device can generate a stable and unpredictable response signal, different response signals which can be obtained by inputting different challenge signals are input, and the challenge signal and the response signal have unique one-to-one correspondence. The input Challenge signal and its corresponding output Response signal are called Challenge-Response Pair (CRP for short). PUF devices can be divided into two categories, depending on the number of challenge-response pairs: strong PUF devices and weak PUF devices. Because the process deviation is random and different, even if the same challenge signal is input, the response signals of different chips are different. The inventors have found that if the information is encrypted using the PUF device as a key, it can be ensured that the key is difficult to copy and steal due to the randomness and unpredictability of the PUF device.

The transmitting end may specify the PUF device by from among a plurality of PUF devices prepared in advance; for example, by reading an inventory record and designating PUF devices from the inventory record. The designated PUF device may be sent to the receiving end in various ways, for example, the designated PUF device may be popped up in the field by an automatic terminal device and then sent to the receiving end for storage, or may be sent to the receiving end remotely by an automatic mailing system for storage, or may be sent to the receiving end by manual mailing. The assignment and transmission of the first PUF device can be understood from the foregoing description. The transmitting end determines a first challenge signal and a first response signal according to the information of the first PUF device; the first challenge signal is input to the first PUF device to uniquely obtain a first response signal; based on the characteristics of the PUF device, the PUF device is uncloneable, and a challenge signal input to the PUF device corresponds one-to-one to a response signal derived from the PUF device in response to the input challenge signal. So if the same response signal is to be obtained, the PUF device and the corresponding input challenge signal must be obtained simultaneously. In a specific application, the number of bits of the challenge signal and the response signal can be made large, for example, up to 128 bits, by designing the hardware of the PUF device, so that the challenge signal and the response signal cannot be exhausted in a short time. Thus, the response signal can be used as a secure key. The sending end encrypts first data information to be deployed to the receiving end by using the first response signal to obtain a first ciphertext; specific encryption methods include, but are not limited to, exclusive or, symmetric encryption, etc., and various methods are possible. After designating the PUF device, the transmitting end may transmit the PUF device to the receiving end at any time before step S103. When the receiving end receives the first PUF device, first confirmation information is returned to the transmitting end; thereby ensuring that the PUF device has arrived properly at the receiving end. If the sending end receives the first confirmation information from the receiving end, the sending end sends the first ciphertext and the first challenge signal to the receiving end; the first confirmation information indicates that the receiving end has received the first PUF device; after the first PUF device is confirmed to be correctly received by the receiving end, the first ciphertext and the first challenge signal are sent to the receiving end, so that the condition that the first PUF device, the first ciphertext and the first challenge signal are intercepted by an intermediate person is avoided, and the safety of encrypted information is ensured. Even if the intermediate person intercepts the first ciphertext and the first challenge signal, the intermediate person cannot determine the first response signal because the intermediate person does not have the first PUF device, so even if the first ciphertext and the first challenge signal are transmitted by using a common non-secure channel, the leakage problem of data information cannot be caused, and a special secure transmission channel can not be built to reduce the cost of information transmission. When the receiving end receives the first ciphertext and the first challenge signal, the receiving end inputs the first challenge signal to the first PUF device to obtain a first response signal; further decrypting the first ciphertext using the first response signal as a key to obtain first data information; thus, the encryption deployment of the first data information from the transmitting end to the receiving end is completed.

In some embodiments, to improve the deployment security, the sender may specify that after sending out the PUF device, it must obtain, within a specified validation time, the acknowledgement from the receiver to the acknowledgement information of the PUF device sent by the sender this time. If the validation time is exceeded, the transmitting end can consider that the PUF device transmitted this time has failed. The time length of the first acknowledgement time can be determined by the sending end according to the estimated delivery time; the first confirmation time further improves the safety of the scheme, for example, more time is needed for challenge response of the PUF device due to violent exhaustion, and if the PUF device is intercepted by an intermediate person, the intermediate person does not have enough time to carry out the violent exhaustion due to the limitation of the first confirmation time; the effect of further improving the safety of the scheme is achieved.

Further, the method further comprises the following steps:

In some embodiments, when the first acknowledgement time is exceeded and the transmitting end still cannot obtain the first acknowledgement information of the receiving end, the transmitting end considers that the first PUF device sent this time has failed for safety, and in order to complete the deployment of the data information, the transmitting end reassigns the second PUF device and performs the above steps of redeploying the first data information. The process of redeploying the first data information using the second PUF device in embodiments of the present invention may be understood with reference to the foregoing description of the deployment of the first data information using the first PUF device. In order to further improve the security, if the transmitting end receives the second acknowledgement information from the receiving end, the step of transmitting the second ciphertext and the second challenge signal to the receiving end specifically includes: the sending end receives the second confirmation information in a designated second confirmation time, and then the sending end sends the first ciphertext and the first challenge signal to the receiving end; the second validation time is a specified length of time counted from when the second PUF device is issued.

In some embodiments, the challenge response pairs supported by each of all PUF devices may be pre-stored in a challenge response record; the challenge response record may be accessed based on information of the PUF devices to select a set of challenge-correspondence pairs for the specified PUF devices.

Further, the method further comprises the following steps:

the new data information is deployed again according to the following steps:

In some embodiments, the sender has successfully deployed data information to the receiver, indicating that the receiver already has a PUF device, and the information of this PUF device is recorded in a challenge response record maintained by the sender; when the receiving end requests to deploy new data information again, the receiving end and the transmitting end can multiplex the PUF device successfully received by the receiving end before the receiving end, and no opportunity is needed to re-transmit the PUF device, so that a middle person does not have any opportunity to intercept the PUF device, the response signal is not directly transmitted in the whole deployment period, the response signal is not indirectly transmitted after mathematical transformation, the transmitted challenge signal and the response signal have no mathematical transformation relation, and the response signal is only obtained according to the obtained challenge signal without any opportunity transformation, thereby achieving the effect of safely and quickly deploying new information again, and simultaneously fully utilizing the challenge response of the PUF device and saving the deployment cost. The present embodiment can be understood according to the data information deployment procedure of the foregoing embodiment, and will not be described herein.

Further, the transmitting end designates a first PUF device, specifically:

Further, as shown in fig. 3, a schematic diagram of a private key deployment method for a terminal SM9 algorithm is implemented based on the present solution, where a terminal is a receiving end. The sending end is a key generation center; the first data information comprises a first signature private key and a first encryption private key;

An embodiment of the present invention will be described below based on fig. 3:

as shown in fig. 3, CRPs of the strong PUF devices are distributed to users as trust anchors, and private keys generated by KGC are transmitted in an encrypted manner and deployed to each user. The advantage of a strong PUF is that it contains a very large number of CRPs, cannot traverse all CRPs within a limited attack time, and its response signal (response) is difficult to predict by an external attacker. For example, a challenge signal (challenge) of a strong PUF device has a length of 128 bits, and a response signal has a length of 128 bits, and the PUF device has a space of 2 ¹²⁸ And there is no correlation between different CRPs, it is not possible to obtain all CRPs by traversal in a limited attack time. As long as an attacker cannot possess both this PUF device entity and the corresponding challenge signal, it is difficult to obtain a response signal that is truly used for encryption.

The following describes specific steps of an embodiment of the present invention:

1) The key generation center KGC determines and discloses a set of system parameters including curve identifiers, elliptic curve base domain parameters, equation parameters, etc. for key generation and use of the SM9 algorithm in specific communications.

2) The user initiates a request to KGC or its associated center and uploads a binary identification information ID (i.e. unique identification information) that identifies, such as an email box, an identification card number, a phone number, an ASCII code value or a hash value of a street address, etc. The KGC or its associated center reviews the identity ID (i.e., unique identification information).

3) After the verification is passed, KGC selects two different random numbers ks and ke within the specified range of the system parameters as a signature master private key and an encryption master public key respectively.

4) KGC calculates a signature private key ds (corresponding to the first signature private key) and an encryption private key de (corresponding to the first encryption private key) using the IDs (i.e., unique identification information) and ks, ke and system parameters according to the following formulas (1) - (6);

signature process:

t ₁ ＝H ₁ (ID _A ||hid,N)+ks (1)

t ₂ ＝ks×t ₁ ^-1 modN (2)

ds＝[t ₂ ]P ₁ (3)

encryption process:

t ₁ ＝H ₁ (ID _A ||hid,N)+ke (4)

t ₂ ＝ke×t ₁ ^-1 (5)

de＝[t ₂ ]P ₂ (6)

wherein H is ₁ Is a cryptographic function derived from a cryptographic hash algorithm; ID (identity) _A For the identification of user a, the public key of user a can be uniquely determined; the ' y ' represents that the bit strings or character strings before and after the ' y ' are spliced, for example, x and y are bit strings or character strings, and the ' x ' y ' represents that the bit strings or character strings recorded in the ' x ' and the ' y ' are spliced; his is a private key generation function identifier expressed in one byte, selected and disclosed by KGC; n is cyclic group G ₁ 、G ₂ And G _T Is greater than 2 ¹⁹¹ Prime numbers of (2); ks, ke is KGC, and the value range is [1, N-1 ]]Respectively used as a signature main private key and an encryption main private key; t is t ₁ ^-1 For satisfying t in a multiplicative cyclic group ₁ A field element c where c=1 holds; modN is a modulo operation, i.e., the remainder obtained by dividing N is taken as a result; t is t ₂ For ks and t ₁ The result of the product modulo N; p (P) ₁ For cycle group G ₁ Is a generator of (1); [ t ] ₂ ]P ₁ To generate the meta-P ₁ Go through t ₂ The result of the elliptic curve addition.

5) The KGC stores part of the challenge-response (C, R) of the PUF device, where C represents the challenge signal, R represents the response signal, and ds 'and de' are obtained by encrypting the private keys ds and de with the response signal R (where ds 'and de' correspond to the first ciphertext). Encryption can be achieved by means of exclusive or of the response signal of the PUF with the private key; or based on the response signal of the PUF, encrypting the private key by using a symmetric encryption algorithm.

6) KGC deploys PUF device entities to users in either a posted or mailed form, and users send acknowledgement signals to the KGC after receiving the PUF devices (i.e., acknowledgement information indicating that the user has received the PUF devices sent by the KGC to the user).

7) After the user confirms the receipt of the PUF device within the validity period (corresponding to a specified length of time counted from when the PUF device is sent from the KGC), the KGC sends (ds ', de', C) to the user. If no user confirmation is received within the validity period, the KGC redeploys the PUF device, and repeats steps 5) and 6).

8) After receiving (ds ', de', C), the user inputs C into the PUF device to obtain R, and decrypts de 'and ds' by using R to obtain a signature private key ds and an encryption private key de.

The user sends an application to KGC by means of the procedure of this embodiment, and after obtaining the signature public/private key of the SM9 algorithm, the SM9 digital signature algorithm may be used. The digital signature algorithm can prove the identity of the sender of verification information by digital signature and verification. The specific process is as follows: the signer holds an identity ID and a signature private key, wherein the signature private key is one of user private keys generated by KGC through the ID. The signer makes the private key of the signature sign the data, and after the verifier receives the information, the verifier generates the public key by using the identification ID of the signer, decrypts the information, performs signature verification, and verifies the identity of the sender and the authenticity and the integrity of the sent information.

The encryption public/private key deployed by the user via the procedure of this embodiment can be used for SM9 algorithm key encapsulation: the encapsulator generates and encrypts a key, sends it to the target user, and only the target user can decrypt it and use it as a key for the next session. The specific process is as follows: the encapsulator generates and encrypts a secret key by using the identification ID of the target user, sends the secret key to the opposite party, and the target user receives the secret key and then uses the decryption private key to perform decapsulation.

The embodiment of the invention has the following technical effects: and part or all of the CRPs of the KGC storage PUF device encrypt the private key by means of unpredictable characteristics of the CRPs, and decrypt the private key data at the user side after the PUF device entity is deployed, so that the private key data is deployed. Compared with a direct plaintext transmission or other private key deployment method, the PUF device is a trust anchor, and the deployment of the PUF device does not need to carry out a large amount of data calculation by an additional service center or special lines for data transmission, so that the scheme has the characteristics of low cost while ensuring the safety by using physical random numbers. The challenge-response for encryption and decryption is stored only in the KGC server before the PUF device is received by the user. Even if the PUF device entity is intercepted during transmission, the attacker traverses the response signal R really used for encryption with a very small probability in a limited time. And because the relation between the challenge signal and the response signal of the PUF device cannot be predicted, the transmission of (ds ', de', C) has lower safety requirement on the channel, the on-line deployment of the private key can be realized, and the transmission of the PUF device and the transmission of the encrypted private key data information can be realized without a special safety postal or communication network through a common way, thereby achieving the effect of reducing the transmission cost while ensuring the safe transmission of the data information.

Further, as shown in fig. 4, another private key deployment method for the terminal SM9 algorithm is implemented based on the scheme, and the sending end is a local registration mechanism; the first data information includes: a first password;

An embodiment of the present invention is described below with reference to fig. 4:

the scheme for distributing SAKI by separating anonymous private keys is a scheme for deploying private keys of the SM9 algorithm at present, and in the embodiment of the invention, a PUF device is utilized to carry out encryption transmission on a trust anchor (password) in the SAKI scheme, so that the SAKI scheme is compatible, and meanwhile, the multi-scene private key deployment is realized, and the specific steps are as follows:

1) The user applies for registration and uploads ID information (corresponding to unique identification information) to a local registration authority (Local Registration Authority, LRA for short) by either an online or offline method.

2) The LRA reviews the user identity ID (equivalent to unique identification information) and generates the one-time password pwd.

3) After the verification is passed, the LRA must safely give the password pwd to the user, and execute the existing SAKI scheme for the user applying for registration offline; for users applying for enrollment on-line, the LRA may pre-store part of the challenge-response pairs (C, R) of the PUF devices, and select one of the challenge-response pairs of a given one of the PUF devices, and encrypt the password pwd using the response signal R in the challenge-response pair to obtain pwd '=xor (R, pwd) (where xor represents that an exclusive or operation is performed between R and pwd, and pwd' corresponds to ciphertext).

4) LRA presents PUF device entities to a user in the form of a postal presentation or mailing.

5) After receiving the PUF device, the user sends a confirmation message to the LRA.

6) And (C, pwd') after the LRA obtains the confirmation information of the user within the valid time limit (equivalent to the time of a designated length counted from the time of issuing the PUF device from the LRA). If the LRA does not obtain the confirmation information of the user within the effective time limit, the user is not normally informed of the PUF device, and the steps 3), 4) and 5) are repeated by replacing a new PUF device.

7) After receiving (C, pwd '), the user inputs C into the received PUF device to obtain a response signal R, and decrypts pwd' by exclusive OR operation using the response signal R to obtain pwd.

8) And the user obtains an application message (Q ', T') through the ID and pwd according to the requirement of the SAKI scheme, and applies for the private key from the KGC. The KGC sends S 'to the user, who decrypts S' to obtain the actual private key S.

The user sends an application to the LRA by means of the procedure of this embodiment, and after obtaining the signature public/private key of the SM9 algorithm, the SM9 digital signature algorithm can be used. The digital signature algorithm can prove the identity of the sender of verification information by digital signature and verification. The specific process is as follows: the signer holds an identity ID and a signature private key, wherein the signature private key is one of user private keys generated by KGC through the ID. The signer makes the private key of the signature sign the data, and after the verifier receives the information, the verifier generates the public key by using the identification ID of the signer, decrypts the information, performs signature verification, and verifies the identity of the sender and the authenticity and the integrity of the sent information.

The embodiment of the invention has the following technical effects: and (3) enabling the LRA to store part or all CRPs of the PUF device, encrypting the password of the SAKI scheme by means of unpredictable characteristics of the CRPs, obtaining the PUF device entity by a user end registered on line, and then decrypting to obtain the password text, thereby realizing the on-line deployment of the password. The process makes up the defect that the SAKI scheme can only register locally, and users registering online can register LRAs and obtain passwords safely by obtaining PUF device entities. The password from the LRA is encrypted and transmitted by using the PUF device, so that the security requirement on a password transmission channel can be reduced, a user is allowed to apply for registration and obtain a one-time password in an online mode, the limitation that the original SAKI scheme needs to deliver the password to the user offline can be improved, and a secret key deployment system compatible with the SAKI scheme capable of being deployed remotely is established.

It should be understood that the specific order or hierarchy of steps in the processes disclosed are examples of exemplary approaches. Based on design preferences, it is understood that the specific order or hierarchy of steps in the processes may be rearranged without departing from the scope of the present disclosure. The accompanying method claims present elements of the various steps in a sample order, and are not meant to be limited to the specific order or hierarchy presented.

In the foregoing detailed description, various features are grouped together in a single embodiment for the purpose of streamlining the disclosure. This method of disclosure is not to be interpreted as reflecting an intention that the claimed embodiments of the subject matter require more features than are expressly recited in each claim. Rather, as the following claims reflect, invention lies in less than all features of a single disclosed embodiment. Thus the following claims are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate preferred embodiment of this invention.

The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. As will be apparent to those skilled in the art; various modifications to these embodiments will be readily apparent, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the disclosure. Thus, the present disclosure is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

The foregoing description includes examples of one or more embodiments. It is, of course, not possible to describe every conceivable combination of components or methodologies for purposes of describing the aforementioned embodiments, but one of ordinary skill in the art may recognize that many further combinations and permutations of various embodiments are possible. Accordingly, the embodiments described herein are intended to embrace all such alterations, modifications and variations that fall within the scope of the appended claims. Furthermore, as used in the specification or claims, the term "comprising" is intended to be inclusive in a manner similar to the term "comprising," as "comprising: "as interpreted in the claims as a joinder word. Furthermore, any use of the term "or" in the specification of the claims is intended to mean "non-exclusive or".

Those of skill in the art will further appreciate that the various illustrative logical blocks (illustrativelogical block), units, and steps described in connection with the embodiments of the invention may be implemented by electronic hardware, computer software, or combinations of both. To clearly illustrate this interchangeability of hardware and software, various illustrative components (elements), units, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as hardware or software depends upon the particular application and design requirements of the overall system. Those skilled in the art may implement the described functionality in varying ways for each particular application, but such implementation is not to be understood as beyond the scope of the embodiments of the present invention.

The various illustrative logical blocks or units described in the embodiments of the invention may be implemented or performed with a general purpose processor, a digital signal processor, an Application Specific Integrated Circuit (ASIC), a field programmable gate array or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof designed to perform the functions described. A general purpose processor may be a microprocessor, but in the alternative, the general purpose processor may be any conventional processor, controller, microcontroller, or state machine. A processor may also be implemented as a combination of computing devices, e.g., a digital signal processor and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a digital signal processor core, or any other similar configuration.

The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may be stored in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art. In an example, a storage medium may be coupled to the processor such that the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an ASIC, which may reside in a user terminal. In the alternative, the processor and the storage medium may reside as distinct components in a user terminal.

In one or more exemplary designs, the above-described functions of embodiments of the present invention may be implemented in hardware, software, firmware, or any combination of the three. If implemented in software, the functions may be stored on a computer-readable medium or transmitted as one or more instructions or code on the computer-readable medium. Computer readable media includes both computer storage media and communication media that facilitate transfer of computer programs from one place to another. A storage media may be any available media that can be accessed by a general purpose or special purpose computer. For example, such computer-readable media may include, but is not limited to, RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium that may be used to carry or store program code in the form of instructions or data structures and other data structures that may be read by a general or special purpose computer, or a general or special purpose processor. Further, any connection is properly termed a computer-readable medium, e.g., if the software is transmitted from a website, server, or other remote source via a coaxial cable, fiber optic cable, twisted pair, digital Subscriber Line (DSL), or wireless such as infrared, radio, and microwave, and is also included in the definition of computer-readable medium. The disks (disks) and disks (disks) include compact disks, laser disks, optical disks, DVDs, floppy disks, and blu-ray discs where disks usually reproduce data magnetically, while disks usually reproduce data optically with lasers. Combinations of the above may also be included within the computer-readable media.

The foregoing description of the embodiments has been provided for the purpose of illustrating the general principles of the invention, and is not meant to limit the scope of the invention, but to limit the invention to the particular embodiments, and any modifications, equivalents, improvements, etc. that fall within the spirit and principles of the invention are intended to be included within the scope of the invention.

Claims

1. The data information encryption deployment method based on the PUF device is characterized by comprising the following steps of:

2. The PUF device-based data information encryption deployment method of claim 1, wherein if the transmitting end receives the first acknowledgement information from the receiving end, the transmitting end transmits the first ciphertext and the first challenge signal to the receiving end, specifically:

3. The PUF device-based data information encryption deployment method of claim 2, further comprising:

4. The PUF device-based data information encryption deployment method of claim 1, wherein the transmitting end determines a first challenge signal and a first response signal from the information of the first PUF device, comprising:

5. The PUF device-based data information encryption deployment method of claim 4, further comprising:

the new data information is deployed again according to the following steps:

6. The PUF device-based data information encryption deployment method of claim 1, wherein the transmitting end specifies a first PUF device, specifically:

7. The PUF device-based data information encryption deployment method of claim 1, wherein the transmitting end encrypts the first data information to be deployed to the receiving end by using the first response signal to obtain a first ciphertext, specifically:

the sending end uses the first response signal and the first data information to execute exclusive OR operation to obtain the first ciphertext, or uses the first response signal as a key for symmetric encryption and uses a symmetric encryption algorithm to encrypt the first data information to obtain the first ciphertext.

8. The PUF device-based data information encryption deployment method of claim 1, wherein the transmitting end is a key generation center; the first data information comprises a first signature private key and a first encryption private key;

9. The PUF device-based data information encryption deployment method of claim 1, wherein the transmitting end is a local enrolment authority; the first data information includes: a first password;