CN1688122A - Dynamic distribution managing method for key. etc based on geometric authorization - Google Patents
Dynamic distribution managing method for key. etc based on geometric authorization Download PDFInfo
- Publication number
- CN1688122A CN1688122A CN 200510064235 CN200510064235A CN1688122A CN 1688122 A CN1688122 A CN 1688122A CN 200510064235 CN200510064235 CN 200510064235 CN 200510064235 A CN200510064235 A CN 200510064235A CN 1688122 A CN1688122 A CN 1688122A
- Authority
- CN
- China
- Prior art keywords
- function
- point
- user
- server
- geometric
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
Abstract
In this invention, since the introduction of 2-D more than 2-D space environment, things expressing users are no longer 1-D data but points and functions in the space essentially so, the points and functions will generate thousands of ways of geometrical relations with other points and functions. Therefore, plans put forward at any time are no longer exclusive ones to make attackers to meet with difficulties.
Description
The invention discloses a kind of dynamic assignment and management methods such as key based on geometric authorization.In order to guarantee sensitive information service and the safety of communicating by letter, all to adopt encryption technology usually.Owing to have a large amount of user class, group, so the safety management of key distributes automatically for the Internet bank, stock trader, ecommerce etc., and particular importance especially just seems in the non-safe environment of this non-sealing in the Internet.Usually RSA PKI scheme is generally adopted in the distribution of key, it is generally acknowledged that now 1024 RSA public key encryptions are only safe.Because 1024 RSA public key encryption algorithms expend very much computational resource, therefore aspect microminiaturization, the popularization and application too many obstacle is being arranged.Based on safety management technologies such as keys of the present invention, have safety, fast, to expend computational resource few, and do not fear and attack such as spy out, tackle, pretend to be.Because its algorithm is simple, can hardware minimization, therefore also can use at non-safe user side, specify as follows:
For the ease of understanding, the geometric element representative of consumer in space in the present invention, as some representative of consumer with the N dimension space, or N dimension space bar curve representative of consumer etc. (note: straight line is a kind of special shape of curve).Strictness says that N dimension space bar curve is actually a certain function.
When user's telnet server requirement on the internet provided service, user side was not at first stated the legitimacy of oneself in the present invention.That is to say: the legitimacy data (as common user name, password, dynamic password etc.) that need not initiatively to provide the own identity of representative.But " enquirement " of waiting for server end.In fact this " enquirement " normally sends some point data or function data and calculation requirement by server end to user side.User side calculates these data and the representative point data of own identity or the function data calculation requirement according to server, and result of calculation is returned to server, by server result of calculation is judged.
If result of calculation does not meet the requirement of server, then server is handled according to the disabled user.If result of calculation satisfies the requirement of server, then server is thought validated user, and can judge it is who validated user according to the content of its result of calculation.In order to guarantee reliability, such question and answer mode may be carried out repeatedly.After server is confirmed the concrete identity of validated user, can adopt the last key and the cipher mode of agreement with it to provide service, and encryption transmits next time, and the user login interval scale user's geometric element, cipher mode and key to this user.Service receives user's affirmation, then will adopt new authentication geometric element, cipher mode, key data next time.More than all be to carry out automatically under everything normal condition, need not manual intervention.Therefore validated user only need arrive the mechanism that service is provided and is provided with once, gets final product long-term enjoyment service.Administrative staff again can be not expired for key yet, is busy with getting in touch a large amount of users that need to change keys and worries.
Below we further specify in conjunction with two concrete schemes:
The example of some representative of consumer:
As accompanying drawing 1, this is the example of some representative of consumer on one 2 dimension space.Server has 4 users.It is a m that last user lands the back result
1, m
2, m
3, m
4Represent different users respectively.This moment m
3The user of representative logins the service that requires.Server is never at straight line m
1m
2, m
2m
3, m
3m
4, m
4m
1, m
1m
3, m
2m
4On point in randomly draw 1 P
1, user side to answer the point and the P of representative oneself
1The slope of some line, user side is replied the slope of 2 lines by calculating.In this scheme, because the server principle during distributing user point position whenever, with extraction P
1The same during point.Be that newly assigned point (or the point that extracts) is not on the line that two users are ordered arbitrarily.So different users point and P
1Line has different slopes, so server can judge that this user is a m
3The user of representative.In order to guarantee reliability, server is randomly drawed 1 P again
2, according to the key of last time agreement and cipher mode with P
2Encryption sends the user to, and the user is to P
2Send the result of calculation encryption to server after being decrypted calculating.If the result is correct,, transmit new point, key and cipher mode that user next time logins the interval scale user identity just user's identity obtains confirming that server for encrypting provides service to this user.After confirming, user side comes into force.
Whenever in this scheme, server detects that certain user puts the 2nd time or when carrying out plaintext authentication more than 2 times, and promptly the notification authentication user enables standby point and authenticates.As accompanying drawing 1, if m
3The user of some representative can't finish verification process, discovering server m when then it is logined once more under certain conditions
3The point of representative had been logined, but did not finish, and just can inform and enable standby some m
3'.If standby some generation kindred circumstances then enable next standby point, the rest may be inferred, uses up the sealing number of the account up to standby point, or certain point expressly authentication once pass through.
Certainly the calculation requirement of server proposition is not limited in the slope scheme of 2 lines, and as the distance of point-to-point transmission, to the distance of certain curve, intersection point of 2 lines and certain curve or the like all can.
Same user side can authenticate and consult agreement to server conversely.
The example of linear function representative of consumer:
As accompanying drawing 2, this is with the example of straight line L representative of consumer on one 3 dimension space.Suppose to have in the server n user, represent with the straight line that the n bar is different.If wherein k customer requirements login, this moment, server was randomly drawed 1 P in space
1, require client to calculate and represent client's straight line to P
1The distance of point.K user's terminal is r by calculating distance
1Server is received r
1Data after, with the straight line that calculates representative of consumer have several with P
1Point is r for the centre of sphere, radius
1Spheroid tangent.If do not have one tangent, then the registrant is the disabled user.
If be one or more, then server will be selected 1 P
2, make P
2Point arrives and P
1Point is r for the centre of sphere, radius
1The distance of tangent each the bar user straight line of spheroid do not wait, and require user side to calculate the straight line and the P of representative oneself
2The distance of point.Answer according to user side ground, server can be determined L
kThe user of representative.In order to guarantee reliability, server is randomly drawed 1 P again
3, according to the key of last time agreement and cipher mode with P
3Encryption sends the user to, and requires calculated line L
kTo P
3Distance.User's deciphering is to P
3Send the result of calculation encryption to server after calculating.If the result is correct, user's identity obtains confirming.Server for encrypting provides service to this user, and transmitting next time, the user logins interval scale user's new linear function, key and cipher mode.After confirming, user side comes into force.
The expression user identity is data in the existing authentication techniques, from the viewpoint of hyperspace, is one dimension.If the data of expression user identity are one (as passwords), isolate so.If the data of expression user identity are set (as dynamic password), that also is an isoparametric function of one dimension band time.Because at any time, can illustrate that the data of user identity only have one, there are not other selections.In like manner under the one dimension situation, illustrate that these data of user identity and the geometrical relationship of other data only are differences, thus server ask with certain the number differ what and ask it itself is how much not have what essence different.So the scheme of answering only has a kind of possibility.This just constant uniqueness makes that safety can't be guaranteed.As man-in-the-middle attack.
In the present invention because the introducing of two dimension and the above space environment of two dimension, make that the thing of representative of consumer no longer is the data (not being the form of expression that does not have one dimension certainly) of one dimension in essence, but the point in space (combinations of 2 above one-dimensional datas), and function (set of point).So the point and the function of representative of consumer, just point and the function with other produced Protean geometrical relationship.So the scheme (calculation requirement scheme) that any time puts question to is no longer unique, the content that each scheme is putd question to is no longer unique, and the data of user side explanation user identity are no longer unique, and the number of times of Ti Wening is no longer unique simultaneously ..., these are numerous no longer unique just, make the assailant run into a difficult problem.
Let us is further, and in order to reduce the transmission quantity of data, in fact point and function can dynamically produce.
Provide a random number t such as server, user side uses y=f
1(t), x=f
1' (t) produce the first point (y
1, x
1).Use y=f
2(t), x=f
2' (t) produce the second point (y
2, x
2), so the straight line at these 2 places just can be represented user's's this moment identity, carry out geometric authorization.
Again such as the time t that uses by authentication, f
1, f
2Produce point, f
3Produce radius.We get back one and dynamically produce round geometric authorization.It is like that ....
So we just need not put and the encryption of function has transmitted at every turn.But this is a cost to increase the weight of operand, should accept or reject according to the actual conditions of safety, operand, transmission quantity.
It should be noted that: user side is directly answered function data does not at this moment influence its fail safe, because change has taken place the main body of representative of consumer, promptly produces the function of function.
Claims (3)
1, a kind of authentication method---geometric authorization method based on point or function geometrical property.It is characterized by:
The identity of set (function) representative of consumer of a, point (combinations of 2 above one-dimensional datas) or point.
B, user side are not at first stated the legitimacy of oneself.
C, user side directly do not show point or the function of representing self usually, but point data or function data that itself and server transmit are calculated according to server requirement, and result of calculation is answered, with as the proof to identity.
D, common server have the calculation requirement scheme more than 2 kinds or 2 kinds.This calculation requirement scheme is based on the geometrical property of point or function, as intersection point, distance, length, angle, volume, area etc.
E, to the arbitrary verification process of validated user, server is putd question to 2 times at least.
F, need not people's intervention usually, authentication is carried out automatically.
2, a kind of dynamic assignment management methods such as key based on geometric authorization.It is characterized by:
Need not intervention how much authentications automatically of people, the key of automatic replacing and distributing user etc.
3, a kind of function dynamically produces the geometric authorization method of function.It is characterized by:
Dynamically produce a little or function by function, representative of consumer be the function that produces function.Except the feature of geometric authorization, produced directly question and answer of function data, and do not influenced its fail safe.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 200510064235 CN1688122A (en) | 2005-04-14 | 2005-04-14 | Dynamic distribution managing method for key. etc based on geometric authorization |
PCT/CN2006/000527 WO2006108341A1 (en) | 2005-04-14 | 2006-03-28 | A method for dynamically allocating and managing the key based on the geometric authentication |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 200510064235 CN1688122A (en) | 2005-04-14 | 2005-04-14 | Dynamic distribution managing method for key. etc based on geometric authorization |
Publications (1)
Publication Number | Publication Date |
---|---|
CN1688122A true CN1688122A (en) | 2005-10-26 |
Family
ID=35306162
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN 200510064235 Pending CN1688122A (en) | 2005-04-14 | 2005-04-14 | Dynamic distribution managing method for key. etc based on geometric authorization |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN1688122A (en) |
WO (1) | WO2006108341A1 (en) |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2714780B1 (en) * | 1993-12-30 | 1996-01-26 | Stern Jacques | Method for authenticating at least one identification device by a verification device. |
JP2004112531A (en) * | 2002-09-19 | 2004-04-08 | Ntt Docomo Inc | Authentication system, authentication method, and authentication server and communication terminal |
JP2004320648A (en) * | 2003-04-18 | 2004-11-11 | G-Ratio Co Ltd | Information management method using electronic signature, and commercial transaction method and system using the method |
-
2005
- 2005-04-14 CN CN 200510064235 patent/CN1688122A/en active Pending
-
2006
- 2006-03-28 WO PCT/CN2006/000527 patent/WO2006108341A1/en not_active Application Discontinuation
Also Published As
Publication number | Publication date |
---|---|
WO2006108341A1 (en) | 2006-10-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Li et al. | A remote password authentication scheme for multiserver architecture using neural networks | |
CN1833398B (en) | Secure data parser method and system | |
EP3698514B1 (en) | System and method for generating and depositing keys for multi-point authentication | |
NZ755192A (en) | Confirming authenticity of a user to a third-party system | |
US8091120B2 (en) | Adaptive authentication methods, systems, devices, and computer program products | |
CN1972189B (en) | Biometrics authentication system | |
CN1902853B (en) | Method and apparatus for verifiable generation of public keys | |
US8930704B2 (en) | Digital signature method and system | |
CN101087193A (en) | New method for using the mobile number bond with account for identity identification | |
CN102782694A (en) | Transaction auditing for data security devices | |
CN102609640A (en) | Secure data parser method and system | |
CN101443775A (en) | Biometric authentication system and method with vulnerability verification | |
WO2014191768A2 (en) | Authentication | |
CN104184588B (en) | The undetachable digital signatures method of identity-based | |
WO2008156772A1 (en) | Token-based system and method for secure authentication to a service provider | |
CN104125230B (en) | A kind of short message certification service system and authentication method | |
KR101862279B1 (en) | System architecture and method for ensuring network information security | |
EP3185465A1 (en) | A method for encrypting data and a method for decrypting data | |
EP3847780A1 (en) | Issuing device and method for issuing and requesting device and method for requesting a digital certificate | |
CN101401094A (en) | Endpoint verification using call signs | |
CN110138736B (en) | Identity authentication method, device and equipment for multiple dynamic random encryption of Internet of things | |
CN103780600B (en) | RSA public key cryptography based off-line electric power transaction information system authorization method | |
CN1688122A (en) | Dynamic distribution managing method for key. etc based on geometric authorization | |
EP2357596A1 (en) | Secure online order confirmation method | |
EP2031539A1 (en) | Encrypting communication method and encrypting communication device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
WD01 | Invention patent application deemed withdrawn after publication |