CN1688122A - Dynamic distribution managing method for key. etc based on geometric authorization - Google Patents

Dynamic distribution managing method for key. etc based on geometric authorization Download PDF

Info

Publication number
CN1688122A
CN1688122A CN 200510064235 CN200510064235A CN1688122A CN 1688122 A CN1688122 A CN 1688122A CN 200510064235 CN200510064235 CN 200510064235 CN 200510064235 A CN200510064235 A CN 200510064235A CN 1688122 A CN1688122 A CN 1688122A
Authority
CN
China
Prior art keywords
function
point
user
server
geometric
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN 200510064235
Other languages
Chinese (zh)
Inventor
慈孟夫
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN 200510064235 priority Critical patent/CN1688122A/en
Publication of CN1688122A publication Critical patent/CN1688122A/en
Priority to PCT/CN2006/000527 priority patent/WO2006108341A1/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Abstract

In this invention, since the introduction of 2-D more than 2-D space environment, things expressing users are no longer 1-D data but points and functions in the space essentially so, the points and functions will generate thousands of ways of geometrical relations with other points and functions. Therefore, plans put forward at any time are no longer exclusive ones to make attackers to meet with difficulties.

Description

Dynamic assignment management methods such as key based on geometric authorization
The invention discloses a kind of dynamic assignment and management methods such as key based on geometric authorization.In order to guarantee sensitive information service and the safety of communicating by letter, all to adopt encryption technology usually.Owing to have a large amount of user class, group, so the safety management of key distributes automatically for the Internet bank, stock trader, ecommerce etc., and particular importance especially just seems in the non-safe environment of this non-sealing in the Internet.Usually RSA PKI scheme is generally adopted in the distribution of key, it is generally acknowledged that now 1024 RSA public key encryptions are only safe.Because 1024 RSA public key encryption algorithms expend very much computational resource, therefore aspect microminiaturization, the popularization and application too many obstacle is being arranged.Based on safety management technologies such as keys of the present invention, have safety, fast, to expend computational resource few, and do not fear and attack such as spy out, tackle, pretend to be.Because its algorithm is simple, can hardware minimization, therefore also can use at non-safe user side, specify as follows:
For the ease of understanding, the geometric element representative of consumer in space in the present invention, as some representative of consumer with the N dimension space, or N dimension space bar curve representative of consumer etc. (note: straight line is a kind of special shape of curve).Strictness says that N dimension space bar curve is actually a certain function.
When user's telnet server requirement on the internet provided service, user side was not at first stated the legitimacy of oneself in the present invention.That is to say: the legitimacy data (as common user name, password, dynamic password etc.) that need not initiatively to provide the own identity of representative.But " enquirement " of waiting for server end.In fact this " enquirement " normally sends some point data or function data and calculation requirement by server end to user side.User side calculates these data and the representative point data of own identity or the function data calculation requirement according to server, and result of calculation is returned to server, by server result of calculation is judged.
If result of calculation does not meet the requirement of server, then server is handled according to the disabled user.If result of calculation satisfies the requirement of server, then server is thought validated user, and can judge it is who validated user according to the content of its result of calculation.In order to guarantee reliability, such question and answer mode may be carried out repeatedly.After server is confirmed the concrete identity of validated user, can adopt the last key and the cipher mode of agreement with it to provide service, and encryption transmits next time, and the user login interval scale user's geometric element, cipher mode and key to this user.Service receives user's affirmation, then will adopt new authentication geometric element, cipher mode, key data next time.More than all be to carry out automatically under everything normal condition, need not manual intervention.Therefore validated user only need arrive the mechanism that service is provided and is provided with once, gets final product long-term enjoyment service.Administrative staff again can be not expired for key yet, is busy with getting in touch a large amount of users that need to change keys and worries.
Below we further specify in conjunction with two concrete schemes:
The example of some representative of consumer:
As accompanying drawing 1, this is the example of some representative of consumer on one 2 dimension space.Server has 4 users.It is a m that last user lands the back result 1, m 2, m 3, m 4Represent different users respectively.This moment m 3The user of representative logins the service that requires.Server is never at straight line m 1m 2, m 2m 3, m 3m 4, m 4m 1, m 1m 3, m 2m 4On point in randomly draw 1 P 1, user side to answer the point and the P of representative oneself 1The slope of some line, user side is replied the slope of 2 lines by calculating.In this scheme, because the server principle during distributing user point position whenever, with extraction P 1The same during point.Be that newly assigned point (or the point that extracts) is not on the line that two users are ordered arbitrarily.So different users point and P 1Line has different slopes, so server can judge that this user is a m 3The user of representative.In order to guarantee reliability, server is randomly drawed 1 P again 2, according to the key of last time agreement and cipher mode with P 2Encryption sends the user to, and the user is to P 2Send the result of calculation encryption to server after being decrypted calculating.If the result is correct,, transmit new point, key and cipher mode that user next time logins the interval scale user identity just user's identity obtains confirming that server for encrypting provides service to this user.After confirming, user side comes into force.
Whenever in this scheme, server detects that certain user puts the 2nd time or when carrying out plaintext authentication more than 2 times, and promptly the notification authentication user enables standby point and authenticates.As accompanying drawing 1, if m 3The user of some representative can't finish verification process, discovering server m when then it is logined once more under certain conditions 3The point of representative had been logined, but did not finish, and just can inform and enable standby some m 3'.If standby some generation kindred circumstances then enable next standby point, the rest may be inferred, uses up the sealing number of the account up to standby point, or certain point expressly authentication once pass through.
Certainly the calculation requirement of server proposition is not limited in the slope scheme of 2 lines, and as the distance of point-to-point transmission, to the distance of certain curve, intersection point of 2 lines and certain curve or the like all can.
Same user side can authenticate and consult agreement to server conversely.
The example of linear function representative of consumer:
As accompanying drawing 2, this is with the example of straight line L representative of consumer on one 3 dimension space.Suppose to have in the server n user, represent with the straight line that the n bar is different.If wherein k customer requirements login, this moment, server was randomly drawed 1 P in space 1, require client to calculate and represent client's straight line to P 1The distance of point.K user's terminal is r by calculating distance 1Server is received r 1Data after, with the straight line that calculates representative of consumer have several with P 1Point is r for the centre of sphere, radius 1Spheroid tangent.If do not have one tangent, then the registrant is the disabled user.
If be one or more, then server will be selected 1 P 2, make P 2Point arrives and P 1Point is r for the centre of sphere, radius 1The distance of tangent each the bar user straight line of spheroid do not wait, and require user side to calculate the straight line and the P of representative oneself 2The distance of point.Answer according to user side ground, server can be determined L kThe user of representative.In order to guarantee reliability, server is randomly drawed 1 P again 3, according to the key of last time agreement and cipher mode with P 3Encryption sends the user to, and requires calculated line L kTo P 3Distance.User's deciphering is to P 3Send the result of calculation encryption to server after calculating.If the result is correct, user's identity obtains confirming.Server for encrypting provides service to this user, and transmitting next time, the user logins interval scale user's new linear function, key and cipher mode.After confirming, user side comes into force.
The expression user identity is data in the existing authentication techniques, from the viewpoint of hyperspace, is one dimension.If the data of expression user identity are one (as passwords), isolate so.If the data of expression user identity are set (as dynamic password), that also is an isoparametric function of one dimension band time.Because at any time, can illustrate that the data of user identity only have one, there are not other selections.In like manner under the one dimension situation, illustrate that these data of user identity and the geometrical relationship of other data only are differences, thus server ask with certain the number differ what and ask it itself is how much not have what essence different.So the scheme of answering only has a kind of possibility.This just constant uniqueness makes that safety can't be guaranteed.As man-in-the-middle attack.
In the present invention because the introducing of two dimension and the above space environment of two dimension, make that the thing of representative of consumer no longer is the data (not being the form of expression that does not have one dimension certainly) of one dimension in essence, but the point in space (combinations of 2 above one-dimensional datas), and function (set of point).So the point and the function of representative of consumer, just point and the function with other produced Protean geometrical relationship.So the scheme (calculation requirement scheme) that any time puts question to is no longer unique, the content that each scheme is putd question to is no longer unique, and the data of user side explanation user identity are no longer unique, and the number of times of Ti Wening is no longer unique simultaneously ..., these are numerous no longer unique just, make the assailant run into a difficult problem.
Let us is further, and in order to reduce the transmission quantity of data, in fact point and function can dynamically produce.
Provide a random number t such as server, user side uses y=f 1(t), x=f 1' (t) produce the first point (y 1, x 1).Use y=f 2(t), x=f 2' (t) produce the second point (y 2, x 2), so the straight line at these 2 places just can be represented user's's this moment identity, carry out geometric authorization.
Again such as the time t that uses by authentication, f 1, f 2Produce point, f 3Produce radius.We get back one and dynamically produce round geometric authorization.It is like that ....
So we just need not put and the encryption of function has transmitted at every turn.But this is a cost to increase the weight of operand, should accept or reject according to the actual conditions of safety, operand, transmission quantity.
It should be noted that: user side is directly answered function data does not at this moment influence its fail safe, because change has taken place the main body of representative of consumer, promptly produces the function of function.

Claims (3)

1, a kind of authentication method---geometric authorization method based on point or function geometrical property.It is characterized by:
The identity of set (function) representative of consumer of a, point (combinations of 2 above one-dimensional datas) or point.
B, user side are not at first stated the legitimacy of oneself.
C, user side directly do not show point or the function of representing self usually, but point data or function data that itself and server transmit are calculated according to server requirement, and result of calculation is answered, with as the proof to identity.
D, common server have the calculation requirement scheme more than 2 kinds or 2 kinds.This calculation requirement scheme is based on the geometrical property of point or function, as intersection point, distance, length, angle, volume, area etc.
E, to the arbitrary verification process of validated user, server is putd question to 2 times at least.
F, need not people's intervention usually, authentication is carried out automatically.
2, a kind of dynamic assignment management methods such as key based on geometric authorization.It is characterized by:
Need not intervention how much authentications automatically of people, the key of automatic replacing and distributing user etc.
3, a kind of function dynamically produces the geometric authorization method of function.It is characterized by:
Dynamically produce a little or function by function, representative of consumer be the function that produces function.Except the feature of geometric authorization, produced directly question and answer of function data, and do not influenced its fail safe.
CN 200510064235 2005-04-14 2005-04-14 Dynamic distribution managing method for key. etc based on geometric authorization Pending CN1688122A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN 200510064235 CN1688122A (en) 2005-04-14 2005-04-14 Dynamic distribution managing method for key. etc based on geometric authorization
PCT/CN2006/000527 WO2006108341A1 (en) 2005-04-14 2006-03-28 A method for dynamically allocating and managing the key based on the geometric authentication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 200510064235 CN1688122A (en) 2005-04-14 2005-04-14 Dynamic distribution managing method for key. etc based on geometric authorization

Publications (1)

Publication Number Publication Date
CN1688122A true CN1688122A (en) 2005-10-26

Family

ID=35306162

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200510064235 Pending CN1688122A (en) 2005-04-14 2005-04-14 Dynamic distribution managing method for key. etc based on geometric authorization

Country Status (2)

Country Link
CN (1) CN1688122A (en)
WO (1) WO2006108341A1 (en)

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2714780B1 (en) * 1993-12-30 1996-01-26 Stern Jacques Method for authenticating at least one identification device by a verification device.
JP2004112531A (en) * 2002-09-19 2004-04-08 Ntt Docomo Inc Authentication system, authentication method, and authentication server and communication terminal
JP2004320648A (en) * 2003-04-18 2004-11-11 G-Ratio Co Ltd Information management method using electronic signature, and commercial transaction method and system using the method

Also Published As

Publication number Publication date
WO2006108341A1 (en) 2006-10-19

Similar Documents

Publication Publication Date Title
Li et al. A remote password authentication scheme for multiserver architecture using neural networks
CN1833398B (en) Secure data parser method and system
EP3698514B1 (en) System and method for generating and depositing keys for multi-point authentication
NZ755192A (en) Confirming authenticity of a user to a third-party system
US8091120B2 (en) Adaptive authentication methods, systems, devices, and computer program products
CN1972189B (en) Biometrics authentication system
CN1902853B (en) Method and apparatus for verifiable generation of public keys
US8930704B2 (en) Digital signature method and system
CN101087193A (en) New method for using the mobile number bond with account for identity identification
CN102782694A (en) Transaction auditing for data security devices
CN102609640A (en) Secure data parser method and system
CN101443775A (en) Biometric authentication system and method with vulnerability verification
WO2014191768A2 (en) Authentication
CN104184588B (en) The undetachable digital signatures method of identity-based
WO2008156772A1 (en) Token-based system and method for secure authentication to a service provider
CN104125230B (en) A kind of short message certification service system and authentication method
KR101862279B1 (en) System architecture and method for ensuring network information security
EP3185465A1 (en) A method for encrypting data and a method for decrypting data
EP3847780A1 (en) Issuing device and method for issuing and requesting device and method for requesting a digital certificate
CN101401094A (en) Endpoint verification using call signs
CN110138736B (en) Identity authentication method, device and equipment for multiple dynamic random encryption of Internet of things
CN103780600B (en) RSA public key cryptography based off-line electric power transaction information system authorization method
CN1688122A (en) Dynamic distribution managing method for key. etc based on geometric authorization
EP2357596A1 (en) Secure online order confirmation method
EP2031539A1 (en) Encrypting communication method and encrypting communication device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication