CN1248837A - Personal key encryption method - Google Patents
Personal key encryption method Download PDFInfo
- Publication number
- CN1248837A CN1248837A CN 99119590 CN99119590A CN1248837A CN 1248837 A CN1248837 A CN 1248837A CN 99119590 CN99119590 CN 99119590 CN 99119590 A CN99119590 A CN 99119590A CN 1248837 A CN1248837 A CN 1248837A
- Authority
- CN
- China
- Prior art keywords
- key
- user
- encryption
- encryption method
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
Abstract
The present invention relates to an encryption method for personal key, consisting of a management equipment and several user's equipments, in which key management is implemented by the management equipment,and the encryption and decryption are implemented by user's equipment. The management equipment produces time stamp, personal key of every user, identification code of user and transmission cryptographic key between users, and gives it to user. Then user can utilize personal key, personal identification code and transmission cryptographic key to produce encryption key and decryption key. Said management can reform transmission cryptographic key if it is necessary. Said invention possesses large flexibility in selection of cryptographic key and encryption and decryption modes, can implement safety encryption transmission and encryption broadcast.
Description
The present invention relates to the encryption method in a kind of communication network, native system is made up of a management equipment and some subscriber equipmenies, and wherein key management is finished by management equipment, and encryption and decryption is then finished by the software and hardware of subscriber equipment.
Conventional cryptology uses symmetric-key algorithm (being private key algorithm), as DES, is characterized in that decruption key is identical with encryption key or derives from encryption key easily.In this system, the exposure of encryption key can make system become dangerous.In addition, in a n user's safety system, need n (n-1)/2 key altogether, n key of each user keeping, so to get up be very difficult in Duo key management.
The common key cryptosystem cryptographic algorithm (a kind of asymmetric arithmetic) that uses public-key, wherein decruption key is different with encryption key, is difficult to release another from one, and deciphering and encryption are separable.In a n user's public key cryptosyst, there are n private key and n PKI.Each user need only preserve his private key.Most popular public key algorithm is a RSA Algorithm, and the ECC algorithm is considered to most possibly replace the public key algorithm of RSA.But compare with the symmetric-key algorithm, RSA still is that ECC is too complicated, is difficult to realize on the slow and hardware of speed, therefore, their use is often greatly dropped to cost with efficient.
In the practical application of majority, the distribution of the key algorithm that uses public-key, private key algorithm, i.e. mixed encryption method are then used in the transmission of message.
Along with the fast development of Internet and ecommerce, cryptography is used among commercial and the civilian system more and more.This distribution, key updating and cipher key change that just means key will frequently be carried out, and at this moment, mixed encryption method is just no longer suitable.
The object of the present invention is to provide a kind of safe and effective and extendible multi-user's safety system scheme, it is suitable for most of wired, radio communications, computer network communication and some other communication system that higher data transfer rate and big memory space are provided.
A manager and some users are arranged in the encryption method of the present invention.Be characterized in that the user needs three keys at every turn when sending a piece of news: an individual key G who has only user and administrative center to know
A, this user is to recipient user's transmission key K
AB, and a disclosed recipient's identity code I
BThe user also needs three keys at every turn when receiving a piece of news: individual key G
B, receive key K
BA, the identity code I of transmit leg
AThe user need only preserve the individual key G of oneself, and sending key K can generate and can be disclosed when send message at every turn, can't decrypt because of having only the key of reception not have individual key.The encryption and decryption module is made of key regeneration module and symmetric-key cryptographic algorithm (block cipher or stream cipher algorithm).
There are a lot of advantages in this encryption method in the management of key.The key regeneration module can not use public-key algorithm and finishes, and the system of this means need not ask mould to calculate by complicated index, just reaches high efficiency and low cost when realizing easily.In addition, system has very big flexibility in the selection of key.RSA and ECC algorithm all need to select suitable key or curvilinear equation guaranteeing the fail safe of system, and native system can use any random number as key.Native system has flexibility equally on the encryption and decryption mode.Select one group of user, a user can select a key that information broadcast is organized the user to this, and the user who does not belong to this group then can't decipher the message that is broadcasted.
The present invention also has a lot of advantages in fail safe.At first, under the condition of same key length, the good block cipher of design is safer than RSA or ECC.The second, personalized encryption and decryption makes dishonest user be difficult to cheat other user, and can not threaten the safety of communicating by letter between other user for a certain user's successful attack.The 3rd, the introducing of true random number makes the encryption and decryption key carry individual key information seldom, even encryption and decryption key victim is cracked, individual key remains safe, and the manager can notify the user to upgrade the safety of encryption and decryption key with recovery system.The 4th, because the input of key regeneration module can be random length, user's individual key also can be random length, as long as the safe enough of the algorithm design in the key regeneration module, individual key can reach very high degree of safety.
In addition, during a pair of telex network, the encryption and decryption process of both direction all is relatively independent, can change encryption method by changing to send key and receive key by nationality.Like this, the manager just can control the safety of any direction of each channel respectively.
Utilize safe physical package can embody two advantages in addition of the present invention:
First, if deciphering is different from encryption, promptly, message of twice encryption can't draw the message of deciphering, we can encapsulate the encryption and decryption module, the processing procedure in the module can't be read out, like this, transmit leg can't be denied the message that it sends, because there is not other user can encrypt this message.
The second, administrative center can carry out safe physical package to user's individual key and encryption and decryption module, makes the user can not read the information of individual key.At this moment, the manager can send a broadcast encryption key to the broadcaster, sends the broadcasting decruption key to recipients.Recipient's broadcasting decruption key has nothing in common with each other, and because the recipient can not read personal key and decrypting process, they can't obtain the employed key of actual decrypted computing.Therefore, just can prevent that recipients from providing decryption method to other users.An encryption system like this is very suitable for the chargeable service of teletext or cable TV.
The present invention is described in further detail below in conjunction with accompanying drawing.
Fig. 1 is general frame figure of the present invention.
Fig. 2 is the schematic diagram that the manager generates the transmission security key process.
Fig. 3 is the schematic diagram that the user generates the encryption and decryption key.Enciphering and deciphering algorithm among this figure among this figure can be block cipher or stream cipher arbitrarily, K
ABBe encryption key, K
BAIt is decruption key.
Fig. 4 utilizes personal key encryption method to realize the schematic diagram of broadcast enciphering.
Fig. 5 is the schematic diagram that the manager generates the transmission security key process in the broadcast enciphering.
Fig. 6 is the schematic diagram that the user generates the encryption and decryption key in the broadcast enciphering.
Fig. 1 is the general frame figure of personal key encryption method, and system is by manager 1, and user 2 and connection management person 1 and user's 2 open network 3 is formed.In personal key encryption method, manager 1 has hardware or the software of finishing Fig. 2 or Fig. 3 function, and user 2 then can finish function shown in Figure 4.Each user 2 has the unique identity code I of oneself.
If user A wants to add someone's key system, system operator 1 is distributed people's key G by a certain secured fashion to user A earlier
A, this secured fashion can be by a certain escape way, or by credible department authenticated user identity, or use certain IKE.The identity code I of user A
AOpen so that all users that communicate by letter with user A can obtain it in network.
The manager announces a time stamp T in network.After user A and manager had exchanged individual key, the manager issued user A with time stamp T, thought the user that communicates by letter with it and be allowed to communicate by letter with it for each user A, and the manager generates a pair of transmission security key T shown in figure two
R AB, T
S AB, and by public network with T
S ABIssue user A, T
R ABIssue user B.
When the manager thinks that key need upgrade, just produce a new time stamp T, generate all transmission security keys and they are sent to the user by public network.
If user A wants to send an encrypting messages to user B, he is with T, I
BAnd T
S ABSend into encrypting-decrypting module, execution cryptographic operation and the message that will encrypt send to user B by public network.After user B received encrypting messages, he was with T, I
AAnd T
R ABSend into encrypting-decrypting module, carry out decryption oprerations, obtain expressly.
Fig. 2 generates the schematic diagram of transmission security key process for the manager.
With reference to Fig. 2, two key production module are arranged in this module: send key production module and receive key production module.When the manager calculates transmission security key, at first with the individual key G of user A
AThe identity identity code I of user B
BWith a time stamp T and an interim true random number C who generates
ABInput as sending key production module obtains sending cipher key T
S AB, with the individual key G of user B
B, user A identity identity code I
AWith time stamp T and same true random number C
ABInput as receiving key production module obtains receiving cipher key T
R AB
Fig. 3 generates the schematic diagram of encryption and decryption key for the user.This module comprises two submodules: encryption key regeneration module and decruption key regeneration module.User A is at first with oneself individual key G
A, user B identity identity code I
BWith time stamp T and transmission cipher key T
S ABInput as the encryption key regeneration module promptly obtains encryption key K
AB, with the individual key G of oneself
A, user B identity identity code I
BWith time stamp T and reception cipher key T
R BAInput as the decruption key regeneration module promptly obtains decruption key K
BACorrespondingly, user B is with the individual key G of oneself
B, user A identity identity code I
AWith time stamp T and transmission cipher key T
S BAInput as the encryption key regeneration module promptly obtains encryption key K
AB, with the individual key G of oneself
B, user A identity identity code I
AWith time stamp T and reception cipher key T
R ABInput as the decruption key regeneration module promptly obtains decruption key K
BA
This key regeneration module has following characteristics: oneself knows that it is easy that transmission security key, identity identity code, time stamp and individual key produce the encryption and decryption key, and it is difficult not having having only transmission security key, identity identity code, time stamp to produce the encryption and decryption key under the situation of individual key.In addition, it also is difficult producing individual key by encryption and decryption key, transmission security key, identity identity code and time stamp, that is, the key regeneration module is irreversible.
Figure 4 shows that the schematic diagram that utilizes personal key encryption method to realize broadcast enciphering.If user A want to one group of user (as user B1, B2 ..., Bn) broadcast enciphering message, he earlier sends a request to the manager, the true random number C that the manager will generate, time stamp T reaches the individual key G of user A
AAs the input that sends key production module, generate the transmission cipher key T of user A
S AB, and send to user A.Simultaneously, the manager is same random number C, time stamp T, the identity code I of user A
A, the individual key G of user Bi
BiAs the input that receives key production module, generate the reception cipher key T of user Bi
R ABi, and send to user Bi.The manager generated the process of transmission security key when Fig. 5 had showed broadcast enciphering.Then, as shown in Figure 6, user A uses this transmission security key T
S AB, time stamp T and individual key G
AEncrypting messages is also broadcasted away, and all user Bi that belong to this group can utilize the reception cipher key T
R ABi, time stamp T and identity code I
AWith individual key G
BiIt is decrypted, but not should the group user then can not.
When broadcast enciphering, administrative center should carry out safe physical package to user's individual key and encryption and decryption module, makes the user can not read the information of individual key.At this moment, the manager sends a broadcast encryption key to the broadcaster, sends the broadcasting decruption key to recipients.Recipient's broadcasting decruption key has nothing in common with each other, and because the recipient can not read personal key and decrypting process, they can't obtain the employed key of actual decrypted computing.Therefore, just can prevent that recipients from providing decryption method to other users.An encryption system like this is very suitable for the chargeable service of teletext or limited TV.
If encrypting messages is encrypted the message that can not obtain deciphering once more, we can encapsulate process shown in the figure four with hardware.If our encapsulation is enough firmly so that can't read any data from this module, and the user can't learn his individual key (for example: finished the exchange of individual key before the user obtains this module) in the individual key exchange process, the user just can't obtain encryption key and decruption key so, thereby just can't deny the encrypting messages that he sends, because other people can't generate this encrypting messages.
The present invention has various utility, with local area network (LAN) and teletext system concrete application of the present invention is described below.
In a local area network (LAN), have an administrative center and some users.The user obtains individual key and is kept at an inside from administrative center to have the chip of defencive function, the enciphering and deciphering algorithm that also has the user in this chip that is saved simultaneously.For the both sides of every pair of requirement and licensed communication, administrative center generates and sends transmission security key for them.Because the generation of decruption key needs recipient's individual key, therefore, the assailant can't obtain cleartext information by the eavesdropping means.The manager can control one-way communication.
Wherein gerentocratic transmission security key generation module can design in the following manner: comprise two hash functions in this module, promptly send hash function and receive hash function.When the manager calculates transmission security key, at first with the individual key G of user A
A, user B identity identity code I
BWith the input of time stamp T, sent key S in advance as the transmission hash function
AB, with the individual key G of user B
B, user A identity identity code I
AWith the input of time stamp T, received key R in advance as the reception hash function
ABThe manager generates a true random number C then
AB, with S
ABAnd C
ABObtain sending cipher key T as the input that sends the key generative process
S AB, with R
ABAnd C
ABObtain receiving cipher key T as the input that receives the key generative process
R ABThe simplest implementation of key generative process is exactly T
S AB=S
ABXOR C
AB, T
R AB=R
ABXOR C
AB
Correspondingly, the process that the user regenerates transmission security key is as follows: also comprise two hash functions in this module, promptly send hash function and receive hash function.User A is at first with oneself individual key G
A, user B identity identity code I
BWith the input of time stamp T, sent key S in advance as the transmission hash function
AB, with the individual key G of oneself
A, user A identity identity code I
BWith the input of time stamp T, received key R in advance as the reception hash function
ABTo send key S in advance then
ABWith the transmission cipher key T
S ABInput as the encryption key generative process promptly obtains encryption key K
AB, will receive key R in advance
BAWith the reception cipher key T
R BAInput as the decruption key generative process promptly obtains decruption key K
BAThe simplest implementation of encryption key generative process and decruption key generative process is that user A is by K
AB=S
ABXOR T
S ABObtain encryption key, user B is by K
BA=R
BAXOR T
R BAObtain decruption key.
In a teletext system, CNN sends TV signal to validated user, obtains TV information for preventing other user, and this signal must be encrypted the back and send.Therefore, validated user should have decipher function, and this decruption key is its distribution by CNN.In addition, CNN will prevent that equally validated user from selling decruption key for certain purpose to the disabled user.Because broadcast enciphering function and individual key characteristic that personal key encryption method had, it can solve these problems in the encryption of teletext well.In this system, CNN as the manager for the user sends individual key, and with individual key and the deciphering module package have in the chip of defencive function an inside.Chip places on the data path, makes the data of transmitting between all CNN and user all pass through this chip.Subsequently, CNN is that validated user distributes transmission security key, and this transmission security key is updated (upgrading once as every month) by the period.The user is if need to receive the TV programme of certain period, just buy the right to use of this period to CNN, CNN is then provided the reception key of this period for it, the user utilizes the TV signal after the individual key that receives in key, the chip and deciphering module can obtain deciphering.Like this, CNN has just been realized the management of charge.Obviously, the reception key that the user also can several periods of single purchase.Be the individual key of its granting owing to have only validated user just to hold CNN, even thereby the TV signal f that can't decrypt encrypted crosses of disabled user he obtained the reception key by certain means.Simultaneously, because individual key and deciphering module are encapsulated in the chip, validated user also can't be revealed it with its sale or by other approach and give the disabled user.Like this, personal key encryption method just when not influencing the teletext basic function, has solved charge protection problem wherein.
Though disclose or disclosed the preferred embodiments of the present invention just to illustrative purposes, but those of ordinary skill of the prior art all is to be understood that: the present invention is not limited to these embodiment, only otherwise deviate from the scope and spirit of the present invention and affiliated claim thereof.
Claims (11)
1. the encryption method in the communication network is made up of a management equipment and some subscriber equipmenies, and it is characterized in that: key management is finished by management equipment, and encryption and decryption is finished by the software and hardware of subscriber equipment.
2. according to the encryption method of claim 1, it is characterized in that: the manager distributes individual key G and announce user's identity code in network to the user by a certain secure way earlier.
3. according to the encryption method of claim 1, it is characterized in that: the manager announces a time stamp T and issues the user in network.
4. according to the encryption method of claim 1, it is characterized in that: it is that every pair of needs and the user that is allowed to communicate by letter generate a pair of transmission security key and send to communicating pair respectively that the manager utilizes the identity code of individual key, receiving-transmitting sides of time stamp, receiving-transmitting sides and an interim true random number that generates.
5. according to the encryption method of claim 1, it is characterized in that: the user sends into time stamp, recipient's identity code, transmission key encrypting module and finishes ciphering process, and the user sends into identity code, the reception key of time stamp, transmit leg deciphering module and finishes decrypting process.
6. according to the encryption method of claim 5, it is characterized in that: said encrypting module comprises an encryption key regeneration module and a ciphering process, and said deciphering module comprises a decruption key regeneration module and a decrypting process,
7. according to the encryption method of claim 5 or 6, it is characterized in that: the individual subscriber key is encapsulated in the encryption and decryption module and participates in the regeneration of encryption and decryption key.
8. according to the encryption method of claim 6 or 7, it is characterized in that: the input parameter setting of key regeneration module has flexibility, can increase some parameter as required, also can leave out some parameter as required.
9. according to the encryption method of claim 1, it is characterized in that: the user can be to one group of users broadcasting encrypting messages, make this organize all with can deciphering this message per family, but not this group membership then can not.
10. according to the encryption method of claim 1, it is characterized in that: the encryption and decryption module can be packed to obtain more security performance, and all recipients' encryption and decryption module then must be packed when broadcast enciphering.
11. the encryption method according to claim 1 is characterized in that: the user need only secret preserve the individual key of himself, and transmission security key and identity code can openly be deposited.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 99119590 CN1248837A (en) | 1999-09-08 | 1999-09-08 | Personal key encryption method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 99119590 CN1248837A (en) | 1999-09-08 | 1999-09-08 | Personal key encryption method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1248837A true CN1248837A (en) | 2000-03-29 |
Family
ID=5280978
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 99119590 Pending CN1248837A (en) | 1999-09-08 | 1999-09-08 | Personal key encryption method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1248837A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1973569B (en) * | 2004-06-21 | 2010-09-22 | 艾斯奥托公司 | Method for securing an authentication and key agreement protocol |
| CN102111416A (en) * | 2011-02-28 | 2011-06-29 | 南京邮电大学 | Real time data encryption transmission method for voice over internet protocol (VoIP) |
| CN101068143B (en) * | 2007-02-12 | 2012-04-11 | 中兴通讯股份有限公司 | Network equipment identification method |
| CN101568070B (en) * | 2008-04-23 | 2012-11-28 | 中兴通讯股份有限公司 | Mobile terminal management system and method |
| CN103081396A (en) * | 2010-08-24 | 2013-05-01 | 三菱电机株式会社 | Communication terminal, communication system, communication method and communication program |
-
1999
- 1999-09-08 CN CN 99119590 patent/CN1248837A/en active Pending
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1973569B (en) * | 2004-06-21 | 2010-09-22 | 艾斯奥托公司 | Method for securing an authentication and key agreement protocol |
| CN101068143B (en) * | 2007-02-12 | 2012-04-11 | 中兴通讯股份有限公司 | Network equipment identification method |
| CN101568070B (en) * | 2008-04-23 | 2012-11-28 | 中兴通讯股份有限公司 | Mobile terminal management system and method |
| CN103081396A (en) * | 2010-08-24 | 2013-05-01 | 三菱电机株式会社 | Communication terminal, communication system, communication method and communication program |
| CN103081396B (en) * | 2010-08-24 | 2016-08-10 | 三菱电机株式会社 | Communication terminal, communication system and communication means |
| CN102111416A (en) * | 2011-02-28 | 2011-06-29 | 南京邮电大学 | Real time data encryption transmission method for voice over internet protocol (VoIP) |
| CN102111416B (en) * | 2011-02-28 | 2013-07-03 | 南京邮电大学 | Real time data encryption transmission method for voice over internet protocol (VoIP) |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Niu et al. | An anonymous key agreement protocol based on chaotic maps | |
| JP2883243B2 (en) | Remote party authentication / encryption key distribution method | |
| CN1146185C (en) | Protecting information in system | |
| US7263619B1 (en) | Method and system for encrypting electronic message using secure ad hoc encryption key | |
| JPH06350598A (en) | Mutual verification/ciphering key delivery system | |
| KR100670017B1 (en) | Method for broadcast encryption based on the combination | |
| CN1148453A (en) | Method for providing blink access to an encryption key | |
| CN101170404B (en) | Method for secret key configuration based on specified group | |
| CN111277412B (en) | Data security sharing system and method based on block chain key distribution | |
| CN1504026A (en) | Method for providing security on powerline-modem network | |
| CN107682152B (en) | Group key negotiation method based on symmetric cipher | |
| CN1292185A (en) | Method and apparatus for conveying private message to selected members | |
| CN111416712B (en) | Quantum secret communication identity authentication system and method based on multiple mobile devices | |
| CN113612608A (en) | Method and system for realizing cluster encryption of dual-mode interphone based on public network | |
| CN114205090B (en) | Safe file sharing method and system based on cryptographic algorithm | |
| JPH10107832A (en) | Cipher multi-address mail system | |
| CN111656728B (en) | Device, system and method for secure data communication | |
| CN103384233B (en) | A kind of methods, devices and systems for acting on behalf of conversion | |
| CN107317675A (en) | A kind of broadcast encryption method of transmittable personal information | |
| CN1248837A (en) | Personal key encryption method | |
| CN101179345A (en) | Method of encrypting and decrypting condition receiving system | |
| CN115603902A (en) | SM9 anonymous broadcast encryption method for CCA security | |
| CN111934887B (en) | Multi-receiver signcryption method based on interpolation polynomial | |
| JP2002539489A (en) | Voice and data encryption method using encryption key split combiner | |
| KR20130096575A (en) | Apparatus and method for distributing group key based on public-key |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C06 | Publication | ||
| PB01 | Publication |