EP1157501A1 - Method for creating and preserving an identifier - Google Patents

Method for creating and preserving an identifier

Info

Publication number
EP1157501A1
EP1157501A1 EP00905104A EP00905104A EP1157501A1 EP 1157501 A1 EP1157501 A1 EP 1157501A1 EP 00905104 A EP00905104 A EP 00905104A EP 00905104 A EP00905104 A EP 00905104A EP 1157501 A1 EP1157501 A1 EP 1157501A1
Authority
EP
European Patent Office
Prior art keywords
identifier
hash code
hash
unambiguous
generated
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP00905104A
Other languages
German (de)
English (en)
French (fr)
Inventor
Matti Hiltunen
Jukka Liukkonen
Harri Vatanen
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sonera Smarttrust Oy
Original Assignee
Sonera Smarttrust Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sonera Smarttrust Oy filed Critical Sonera Smarttrust Oy
Publication of EP1157501A1 publication Critical patent/EP1157501A1/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • the present invention relates to telecommunication.
  • the present invention concerns a new type of method for creating a global unambiguous identifier for predetermined data structures.
  • the invention relates to concentrated and reliable storage of identifiers.
  • Encryption is used to prevent transmitted information from getting into the wrong hands in a plain language form.
  • the public and private key method is a means used to achieve this end.
  • the public keys of private persons are often only locally known to other people, and finding out the keys requires a considerable deal of work.
  • the availability of public key pairs must be simple and feasible in hardware- independent environments. These factors make it possible for encryption and signature by the public and private key method to meet the objective aimed at - simplicity and efficiency.
  • the problem at present is the management of key pairs. As queries for keys may have to be made globally in any part of the network, using local data- bases is difficult or almost impossible. Likewise, the key pair has to be provided with unambiguous data allowing the key pair to be associated with the holder of the key. This is another problem which has not yet been properly solved.
  • the object of the present invention is to eliminate the drawbacks referred to above or at least to significantly alleviate them.
  • a specific object of the invention is to dis- close a new type of method whereby the management of encryption keys is converted from a distributed system into a centralized one.
  • a further object of the invention is to disclose a method in which an unambiguous hash code is generated from each key comprised in an encryption procedure and from the juridical person associated with the key. This hash code functions as an identifier by means of which the key pair and the key holder are associated with each other.
  • the method of the invention relates to the creation of a global unambiguous identifier for prede- termined data structures and to the storage of the identifiers created.
  • a juridical name is added to encryption keys, preferably to a public encryption and signing key.
  • a hash code is generated by a function appropriate for the purpose, e.g. a hash function.
  • a function appropriate for the purpose e.g. a hash function.
  • One of such functions is the MD5 (MD, Message Digest) .
  • MD5 MD, Message Digest
  • the hash function works in a way that makes it impossible to deduce from the result the starting values used to generate the hash code.
  • the hash code created works as a reference pointer pointing to the data from which it has been generated. In other words, if a hash code created from information representing a given person is known, then, based on the hash code, it will be possible to unambiguously determine the public keys in use and the juridical person behind the keys.
  • the hash code produced by the hash function may be very long, it is possible to use a given part of the hash code, e.g. the last five bytes, to identify a desired party. Five bytes is sufficient to cover over 1000 billion different identifiers.
  • the hash codes created and the public information from which the hash code has been generated are placed in the custody of a trusted third party (TTP) .
  • TTP trusted third party
  • the hash code of the present invention can be used e.g. as a part of an encrypted short message in a mobile communication system. This part unambiguously tells the receiver of the message whose public keys are needed to decrypt the message.
  • the present invention provides the advantage that the authenticity of information received is recognized locally.
  • the invention does not restrict the structure of the pointer record in any way.
  • Another advantage of the invention is that the unambiguous hash code created constitutes a kind of "fist" by means of which the receiver can easily ascertain who is the sender and which keys are needed to decrypt the information received. LIST OF ILLUSTRATIONS
  • FIG. 1 illustrates a preferred method according to the invention for creating an unambiguous identifier
  • Fig. 2 represents the registration of an identifier according to Fig. 1.
  • Fig. 1 presents an example illustrating the creation of an identifier, e.g. a net identification.
  • encryption is implemented using the public and private key method.
  • the method illustrated in Fig. 1 is designed to create an unambiguous identi- fier for associating a key pair with the holder of the keys.
  • the identifier is created from a public key pair and the juridical name of the holder of the key pair. 'Juridical name' refers to the person who has the right to use the encryption keys.
  • the procedure of creating an identifier is started by first creating a secret and a public encryption key.
  • the identifiers created are recorded by means of a running counter, which is at first reset to zero (3) .
  • the juridical name (4) is associated with the (public) keys created. From the public keys, counter and juridical name, a hash code (5) is generated.
  • the hash code is produced e.g. using the MD5 function (MD, Message Digest) . This is a one-way function, which means that the starting values used to generate the hash code can not be deduced from this function.
  • Part of the hash code e.g. the last five bytes of the hash code, may be used as a reference to the juridical name .
  • a check is performed to establish whether the reference number obtained is already in use (6) .
  • the counter value is incremented by one if the identifier is already in use (7) . Incrementing the counter has the effect that the identifier to be generated next will differ somewhat from the previous identifier attempted. If at this point the counter value exceeds an allowed limit (11), e.g. 2 32 , then the creation of the identifier is started again from the beginning .
  • the reference number just created is reserved in a reference index (8).
  • the reference index is maintained e.g. by a trusted third party. If for some reason the attempt to reserve (9) the reference number failed, then the counter value is incremented by one (7) and action is resumed at step 5 if the counter did not exceed a maximum allowed value. If the maximum value was ex- ceeded (11) , then the creation of the identifier is started from the beginning.
  • X5 index means a database of juridical persons, maintained by a trusted third party.
  • the reference index reference pointer is set to contain a pointer to the juridical person in the X5 index.
  • Fig. 2 illustrates a situation where an iden- tifier thus created is to be registered.
  • 'Card issuer' means e.g. an operator or card manufacturer.
  • 'card' means a subscriber identity module (SIM) as used in mobile stations.
  • the card issuer (CI) sends a request for the registration of an iden- tifier to a certificate authority (CA) (21) .
  • the CA is a so-called trusted third party, which functions as an independent party and is in no way linked with the parties using it.
  • In the custody of or available to the CA is a NIDS (Net ID Server) .
  • the CA sends to the NIDS a request for making a reservation (22) .
  • the NIDS checks whether the same identifier is already in use. If the identifier is not in use, then the NIDS will send the CA information confirming successful reservation (23) .
  • the CA sends a confirmation (24) of successful registration to the card issuer.
  • the card issuer may also verify himself whether a given identifier is already in use or check whether a given identifier was successfully reserved. To carry out a verification, the CI sends to the NIDS a request to check a given NID (25) . As a result, the NIDS sends the card issuer an answer to the inquiry (26) .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Mobile Radio Communication Systems (AREA)
EP00905104A 1999-02-17 2000-02-17 Method for creating and preserving an identifier Withdrawn EP1157501A1 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
FI990336A FI990336A (fi) 1999-02-17 1999-02-17 Menetelmä tunnisteen luomiseksi ja säilyttämiseksi
FI990336 1999-02-17
PCT/FI2000/000124 WO2000049767A1 (en) 1999-02-17 2000-02-17 Method for creating and preserving an identifier

Publications (1)

Publication Number Publication Date
EP1157501A1 true EP1157501A1 (en) 2001-11-28

Family

ID=8553826

Family Applications (1)

Application Number Title Priority Date Filing Date
EP00905104A Withdrawn EP1157501A1 (en) 1999-02-17 2000-02-17 Method for creating and preserving an identifier

Country Status (5)

Country Link
EP (1) EP1157501A1 (fi)
AU (1) AU2675400A (fi)
CA (1) CA2363655A1 (fi)
FI (1) FI990336A (fi)
WO (1) WO2000049767A1 (fi)

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0682832A4 (en) * 1993-11-08 1996-03-13 Hughes Aircraft Co PROTOCOL FOR PROTECTED DISTRIBUTION OF AUTHENTICATION AND CODING ELEMENTS.
US5666416A (en) * 1995-10-24 1997-09-09 Micali; Silvio Certificate revocation system
EP0869637A3 (en) * 1997-04-02 2000-12-06 Arcanvs Digital certification system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO0049767A1 *

Also Published As

Publication number Publication date
WO2000049767A1 (en) 2000-08-24
CA2363655A1 (en) 2000-08-24
FI990336A (fi) 2000-08-18
AU2675400A (en) 2000-09-04
FI990336A0 (fi) 1999-02-17

Similar Documents

Publication Publication Date Title
CN108768988B (zh) 区块链访问控制方法、设备及计算机可读存储介质
US7020778B1 (en) Method for issuing an electronic identity
US6741851B1 (en) Method for protecting data stored in lost mobile terminal and recording medium therefor
EP1622301B1 (en) Methods and system for providing a public key fingerprint list in a PK system
US9544297B2 (en) Method for secured data processing
JP2001507528A (ja) ルート・キーが危機にさらされた時の回復
CN111600869B (zh) 一种基于生物特征的验证码认证方法及系统
WO2000070427A1 (en) Method and device for authenticating a program code
CN104753674A (zh) 一种应用身份的验证方法和设备
CN112565294B (zh) 一种基于区块链电子签名的身份认证方法
JP2001177513A (ja) 通信システムにおける認証方法、センタ装置、認証プログラムを記録した記録媒体
RU2289218C2 (ru) Система и способ управления мобильным терминалом с использованием цифровой подписи
JPH05503816A (ja) 電話通信システムにおける加入者の真正証明および保護のための方法
WO2022242572A1 (zh) 一种个人数字身份管理系统与方法
CN109981637B (zh) 一种基于区块链的物联网多源交叉复合认证方法
JPH11265349A (ja) コンピュータシステムならびに同システムに適用される機密保護方法、送受信ログ管理方法、相互の確認方法および公開鍵世代管理方法
CN112634040B (zh) 一种数据处理方法及装置
CN108768650A (zh) 一种基于生物特征的短信验证系统
JP2004013560A (ja) 認証システム、通信端末及びサーバ
US6401203B1 (en) Method for automatic handling of certificate and key-based processes
CN109492434A (zh) 一种电子凭据的安全操作方法和系统
EP1157501A1 (en) Method for creating and preserving an identifier
US20050066057A1 (en) Method and arrangement in a communications network
CN112035891A (zh) 一种去中心化电子合同证明平台
JP3660306B2 (ja) ユーザ認証システム、ユーザ認証方法、ユーザ認証プログラム、及び、コンピュータ読取可能な記録媒体

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20010827

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE

AX Request for extension of the european patent

Free format text: AL;LT;LV;MK;RO;SI

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20030902