TW200803400A - Privacy protection in communication systems - Google Patents
Privacy protection in communication systems Download PDFInfo
- Publication number
- TW200803400A TW200803400A TW96101484A TW96101484A TW200803400A TW 200803400 A TW200803400 A TW 200803400A TW 96101484 A TW96101484 A TW 96101484A TW 96101484 A TW96101484 A TW 96101484A TW 200803400 A TW200803400 A TW 200803400A
- Authority
- TW
- Taiwan
- Prior art keywords
- user
- key
- application
- identification code
- derived
- Prior art date
Links
Abstract
Description
200803400 九、發明說明: 【發明所屬之技術領域】 本發明大體而言係關於通信,且更特定言之,係關於在 通信系統中保護一使用者之隱私。 【先前技術】 由於現代裝置變得能夠與任意應用程式伺服器通信,因 此存在對於該等通信進行鑑認且保護之需要。在非對稱或 公用密鑰系統中,裝置(或”使用者,,)可提交一公用密鑰至 一應用程式伺服器(或"應用程式"),同時將一獨立私用密 鑰保留為機密。在共用或對稱密鑰系統中,使用者可使用 -使用者識別碼與-應用程式進行通信,該使用者識別碼 可能為"匿名",其中該使用者識別碼可不顯露實際使用者 身份。一旦接收到此使用者識別碼,則該應用程式可獲得 一連結至彼使用者識別碼之密鑰以與該使用者進行加密通 信。該密鑰可為該應用程式先前已知的一個密鑰,或其可 提取自-密鑰祠服器(例如—受信於該使用者及該應用程 式之第三方)。 即使在使用"匿名"使用者識別碼時,在此等系統中仍存 在-定方式使得使用者之隱私可能被洩露。舉例而言,若 -使用者與u程式在多個會期上交換相同使用者識別 碼,則該應用程式可能藉由將該使用者之會期彼此連结而 推斷出關於該使用者之隱私資訊。此稱作"連結“㈣ (UnkabiUty attack)"。舉例而言,在一無線網路中,使用 -個識別碼存取若干個基地台可導致—使用者在該網路上 117974.doc 200803400 文到追蹤。或者,若一使用者使用相同使用者識別碼存取 若干個不同應用程式,則一第三方可能藉由被動地竊聽該 應用备式與s亥雄鑰伺服器之間的使用者識別碼之通信,而 確認該使用者已存取哪些應用程式及該使用者何時對其進 行了存取。此潛在顯露關於使用者之偏好之隱私資訊。相 同資訊可由-第三方直接查詢所存取之應用程式而獲得。 【發明内容】200803400 IX. DESCRIPTION OF THE INVENTION: TECHNICAL FIELD OF THE INVENTION The present invention relates generally to communications and, more particularly, to protecting the privacy of a user in a communication system. [Prior Art] Since modern devices become able to communicate with any application server, there is a need to authenticate and protect such communications. In an asymmetric or public key system, the device (or "user,") can submit a public key to an application server (or "application") while retaining a separate private key. In a shared or symmetric key system, the user can communicate with the application using a user ID, which may be "anonymous", where the user ID may not reveal the actual User identity. Upon receipt of the user ID, the application can obtain a key linked to the user ID for encrypted communication with the user. The key can be previously known to the application. a key, or it can be extracted from a --key server (for example, a third party trusted by the user and the application). Even when using the "anonymous" user ID, There is still a way to make the user's privacy be leaked. For example, if the user and the u program exchange the same user ID in multiple sessions, the application may borrow The duration of the user connected to each other with respect to the inferred user's private information referred to herein as ". Coupled "iv (UnkabiUty attack) ". For example, in a wireless network, accessing a number of base stations using an identification code can result in the user tracing on the network. Alternatively, if a user accesses a plurality of different applications using the same user ID, a third party may passively eavesdrop on the communication of the user identification code between the application and the server. And confirm which applications the user has accessed and when the user has accessed them. This potentially reveals privacy information about the user's preferences. The same information can be obtained by a third party directly querying the accessed application. [Summary of the Invention]
本發明之一態樣提供一種用於保護使用者隱私之方法, 該方法包含.基於一密鑰及包含一會期變數之至少一參數 產生-與-使用者相關聯的導出識別石馬;及將該導出識別 碼發送至一應用程式。 本發明之另—態樣提供—種用於在—具有—密鑰飼服器 之系統中進行通信期間保護使用者隱私之方法,該方、、〇 含:自一使用者接收一導出識別碼,該導出識別碼係自二 密鑰及包含-會期變數之至少—參數予以產生。將該 識別碼傳輸至該密鍮伺服器;及自該密鑰伺服器接收與談 使用者相關聯之資訊。 /、μ 本發明之又一態樣提供一種用於保護使用者隱私之方 方法包含:自一使用者接收-導出密输識別竭,, ν出讀識別碼係自一密鑰及包含一會期變數之至小 數予以產生;及自該導出密鑰識㈣識別該密鑰。乂-乡 本發明之又一態樣提供一種用於在一呈一… 之系統中進行通信期間保護使用者隱私:方法=飼服器 含自-請求應用程式接收_導_別碼,該導出識 H7974.doc 200803400 自-密鑰及包含一會期變數之至少一參數予以產生;及自 該導出識別碼識別該使用者。 本發明之又一態樣提供一種用於保護使用者隱私之設 備’該設備包含:—導出識別碼產生器,其用於基於一密 鎗及包含-會期變數之至少—參數產生—與—使用者相: 聯之導出識別碼;—傳輸器,其用於將該導出識別碼發送 至一應用程式。One aspect of the present invention provides a method for protecting user privacy, the method comprising: identifying and identifying a stone horse based on a key and at least one parameter including a duration variable associated with the user; and Send the export identification code to an application. Another aspect of the present invention provides a method for protecting user privacy during communication in a system having a key-storage device, the method comprising: receiving an export identification code from a user The derived identification code is generated from the second key and at least the parameters of the inclusion-memory variable. Transmitting the identification code to the password server; and receiving information associated with the user from the key server. /, μ Another aspect of the present invention provides a method for protecting user privacy, including: receiving and exporting a secret identification from a user, and reading the identification code from a key and including a session The period variable is generated to a decimal number; and the key is identified from the derived key identification (4). Yet another aspect of the present invention provides a method for protecting user privacy during communication in a system in a method: Method = Feeder contains a self-requesting application to receive a _guide code, the export H7974.doc 200803400 A self-key and at least one parameter containing a session variable are generated; and the user is identified from the derived identification code. Yet another aspect of the present invention provides a device for protecting user privacy 'The device includes: - an derived identification code generator for generating at least - a parameter based on a glitch and an inclusion-meeting variable - and - User phase: a derived identification code; a transmitter for transmitting the derived identification code to an application.
本發明之又-態樣提供—種用於在—具有—密鍮飼服器 之系統中進行通信期間保護使用者隱私之設備,該設備包 含:-接收器,其用於自一使用者接收一導出識別碼,該 導出識別碼係自一密鑰及包含一會期變數之至少一來數予 以產生;及-傳輸器,其用於將該導出使用者識別碼傳輸 至該密鑰伺服器。 本發明之又一態樣提供一種用於保護使用者隱私之設 備,該設備包含:一接收器,其用於自一使用者接收一導 出密鑰識別碼,該導出密鑰識別碼係自一密输及包含一會 期變數之至少一參數予以產生;一處理器,其用於自該導 出密鑰識別碼識別該密鑰。 本發明之又一態樣提供一種用於在一具有一密鑰伺服器 之系統中進行通信期間保護使用者隱私之設備,該設備包 含:一接收器,其用於自一請求應用程式接收一導出識別 碼,該導出識別碼係自一密鑰及包含一會期變數之至少一 參數予以產生;及一處理器,其用於自該導出識別碼識別 該使用者。 117974.doc 200803400 本發明之又一態樣提供一種用於在與一應用程式進行通 信期間保護使用者隱私之設備,該設備包含:一用於產生 一導出識別碼之構件;一用於將該導出識別碼發送至一應 用程式之構件。 •本發明之又一恶樣提供一種用於在一具有一密鑰伺服器 .之系統中進行通信期間保護使用者隱私之設備,該設備包 含:一接收器,其用於自一請求應用程式接收一導出識別 _ 碼,該導出識別碼係自一密鑰及包含一會期變數之至少一 參數予以產生;一用於自該導出識別碼識別該使用者之構 件;及一傳輸器,其用於將與該使用者相關聯之資訊傳輸 .至該請求應用程式。 【實施方式】 為保護使用者隱私,需要在一使用者與一應用程式之間 提供安全通信,而不將該使用者之實際識別碼顯露給該應 用程式或一竊聽該通信之第三方,或不以其他方式允許該 • 應用程式判定不同會期源自同一使用者。本文所揭示之本 發明解決此需求。 現參看圖1,其展示一通信系統100之一實施例,其中一 -密鑰祠服器用於促進一使用者與一應用程式之間的加密通 .信。 該通信系統100可為任何(例如)操作於一通信標準及/或 協定下之語音、資料或多媒體系統,該通信標準及/或協 定為諸如WCDMA(寬頻碼分多向近接)、edma2刪或叫網 際網路協定)標準或任何其他合適標準或協定。舉例而 117974.doc 200803400 言,實施例可用作對於如各種通信標準中指定之通用引導 架構(Generic Bootstrapping Architecture)之強化。(參閱例 如,"Generic Authentication Architecture (GAA): Generic bootstrapping architecture/^GPP TS 33·220 及"Generic Bootstrapping Architecture (GBA) Framework,"3GPP2 S.S0109-0版本 1。) 如圖1中所說明,一使用者114(亦稱作一使用者裝備)可 在該系統100中存取一應用程式116。該應用程式116可為 網路中一伺服一特定應用程式(例如,γ〇ΙΡ(網際網路語音 協定))之專用伺服器或一網路元件自身。該應用程式i i 6亦 可為一儲存於伺服器或網路上之其他裝置中之軟體應用程 式。在一實施例中(未圖示),該應用程式丨丨6可與一密鑰伺 服器126駐存在同一實體裝置上。各應用程式可具有其自 身用於與該使用者114及/或該密鑰伺服器126通信之專用 發射器/接收器電路(未圖示),或若干應用程式可共用一共 同發射器/接收器電路。可注意到,一應用程式可包括若 干個實體,例如,該應用程式可為一包含多個基地台之整 體行動網路。 在一項實施例中,使用者114可在其記憶體中預儲存一 密输102。該密鑰1〇2及其儲存於該使用者114中之事實對 於該密鑰伺服器126為已知。該密鑰1〇2可唯一屬於使用者 114,或唯一屬於一包括使用者n4之使用者群組。該密鑰 102可永久使用,或僅用於一特定時間週期期間。在一實 施例中,該密鑰102僅對於諸如該密鑰伺服器126及該使用 117974.doc -10- 200803400 者114之經授權方為已知 用一如、只施例中,該使用者114及該密鑰伺服器126可使 下公式產生一tempJ[D 1〇8(亦稱作導出識別碼): temp养F(密鑰,… 式⑴ 在式(1)中,p ^ 、 碍一諸如一加密雜湊函數之預定演算法函 、5、者F可為使一或多個參數連續串連於一或多個雜 溱函數之輪出之函亦可為對多個參數與一或多個其A further aspect of the present invention provides a device for protecting user privacy during communication in a system with a sputum feeding device, the device comprising: a receiver for receiving from a user Deriving an identification code, the derived identification code being generated from a key and at least one of a number of session variables; and a transmitter for transmitting the derived user identification code to the key server . Yet another aspect of the present invention provides a device for protecting user privacy, the device comprising: a receiver for receiving a derived key identification code from a user, the derived key identification code being The secret transmission and at least one parameter including a session variable are generated; a processor for identifying the key from the derived key identification code. Yet another aspect of the present invention provides a device for protecting user privacy during communication in a system having a key server, the device comprising: a receiver for receiving a request from a requesting application Deriving an identification code generated from a key and at least one parameter including a session variable; and a processor for identifying the user from the derived identification code. 117974.doc 200803400 Yet another aspect of the present invention provides an apparatus for protecting user privacy during communication with an application, the apparatus comprising: a means for generating an derived identification code; Export the identification code to the component of an application. • A further aspect of the present invention provides a device for protecting user privacy during communication in a system having a key server, the device comprising: a receiver for requesting an application from a request Receiving an export identification code, the derived identification code being generated from a key and at least one parameter including a session variable; a component for identifying the user from the derived identification code; and a transmitter Used to transfer information associated with the user to the requesting application. [Embodiment] In order to protect user privacy, it is required to provide secure communication between a user and an application without exposing the actual identification code of the user to the application or a third party who has eavesdropped on the communication, or The application is not otherwise allowed to determine that different sessions originate from the same user. The invention disclosed herein addresses this need. Referring now to Figure 1, an embodiment of a communication system 100 is shown in which a key server is used to facilitate encrypted communication between a user and an application. The communication system 100 can be any, for example, a voice, data or multimedia system operating under a communication standard and/or protocol, such as WCDMA (Wideband Code Division Multi-Direction), edma2, or Call the Internet Protocol standard or any other suitable standard or agreement. For example, 117974.doc 200803400, embodiments can be used as an enhancement to the Generic Bootstrapping Architecture as specified in various communication standards. (See, for example, "Generic Authentication Architecture (GAA): Generic bootstrapping architecture/^GPP TS 33.220 and "Generic Bootstrapping Architecture (GBA) Framework,"3GPP2 S.S0109-0, version 1.) As illustrated, a user 114 (also referred to as a user device) can access an application 116 in the system 100. The application 116 can be a dedicated server for a particular application (e.g., gamma (Internet Voice Protocol)) or a network element itself in the network. The application i i 6 can also be a software application stored on a server or other device on the network. In one embodiment (not shown), the application port 6 can reside on the same physical device as a key server 126. Each application may have its own dedicated transmitter/receiver circuit (not shown) for communicating with the user 114 and/or the key server 126, or several applications may share a common transmitter/receiver Circuit. It may be noted that an application may include a plurality of entities, for example, the application may be an integrated mobile network comprising a plurality of base stations. In one embodiment, user 114 may pre-store a secret 102 in its memory. The key 1 〇 2 and its fact stored in the user 114 are known to the key server 126. The key 1〇2 may uniquely belong to the user 114 or may uniquely belong to a group of users including the user n4. The key 102 can be used permanently or only for a specific period of time. In an embodiment, the key 102 is only known to the authorized party such as the key server 126 and the 117974.doc -10- 200803400 114. 114 and the key server 126 can cause the following formula to generate a tempJ [D 1 〇 8 (also referred to as an derived identification code): temp F (key, ... (1) in equation (1), p ^, hinder a predetermined algorithm function such as an encrypted hash function, 5, F may be a function of causing one or more parameters to be consecutively connected to one or more of the churning functions, or a plurality of parameters and one or Multiple
他雜凑函數之輸出的組合執行一雜湊之函數。在一實施例 中w亥預疋凟异法函數可為安全雜湊演算法SHA-1。(參閱The combination of the output of his hash function performs a hash function. In one embodiment, the pre-difference function may be a secure hash algorithm SHA-1. (see
Federal Information Processing Standard Publication 180 -1(1995)) 〇 且在式(1)中,m表示一可包括(舉例而言)一使用者識別 碼、視會期而定之一或多個變數及/或其他參數之參數 集。一會期可表示一使用者與一應用程式之間的一組通 信,其中使用同一個temp一ID。在一實施例中,m大體而 言包括至少一個會期變數,其在每次與一應用程式交換 temp一ID時可變。該變數可為一數位遞增使用計數器、一 時間戳記或一偽隨機數產生器之輸出。應瞭解,更大的會 期變數可用於更強的安全性,而代價為更高的執行複雜 度。在一實施例中,該會期變數可為一丨6位元計數器值。 再次參看圖1,F及m對於該使用者Π4及該密鑰伺服器 126均為已知。在一項實施例中,該密鑰伺服器ι26可基於 一給定密鑰102及參數m之所有可能值預先計算且儲存 temp一ID值,因此若給定一 temp_ID,則可快速識別用於產 117974.doc -11 · 200803400 生其之密鑰102。 圖2說明一其中使用者114可根據圖1中所示實施例建立 與應用程式116之安全通信的過程或方法200的實施例。首 先’在步驟201中,使用者114根據密鑰及參數集m計算 ‘ temp—ID 108,且將該temp一ID 108發送至應用程式116。 • 在步驟202中,一旦應用程式116接收到由使用者114發 送之temp一ID 108,則其將該temp—ID 108發送至密錄伺服 器 126 〇 如前述,在一項實施例中,該密鑰伺服器126已在其記 憶體中預儲存一組temp一ID及密鑰。在步驟203中,該密錄 祠服器126使用自該應用程式116接收之temp一ID 108識別 密鑰102。如先前所提及,各密鑰可對應於一唯一使用 者。在此實例中,密鑰102對應於使用者114。因此,該密 鑰伺服器126可將temp—ID 108與使用者114進行匹配,如 步驟2 0 3中所示。 _ 在步驟中,該密鑰伺服器126可基於密鑰1〇2進一步 產生一副密鑰238(本文中亦稱作訊務密鑰)。此產生副密鑰 可使用另一演算法函數且涉及僅對於該使用者114及密鑰 ^ 伺服器126已知之參數。在一項實施例中,temp 一 ID 108值 ' 本身可用於產生相關副密鑰。在一替代實施例中,藉由採 取該密鑰102之雜湊函數(例如,8ΗΑ_υ與一合適序號,可 產生任何數量之副密餘238。 在步驟204中,該密鑰伺服器126將該副密鑰238發送至 該應用程式116。該密鑰伺服器126亦可將關於該使用者 117974.doc 200803400 114之其他資訊發送至該應用程式116。 該使用者114可根據其已知之參數獨立地產生副密鎗23 8 (或訊務密鑰")。因此,在該副密鑰238對於該應用程式 116及該使用者114均已知之條件下,雙方可使用該副密錄 238加密且解密在其間發送之資料24〇,如步驟2〇5中所 示。 返回參看圖1,若該使用者114接著對另一應用程式122 進行存取,則可根據如上所述之式(1)計算一除temp—m 108之外的temp—ID。若將函數F選擇為使得temp-iD 1〇8與 其他由同一使用者在不同會期期間使用之temp—ID之間的 關係不可㈣被_,貞彳對於未經授權方而言將難以將所 攔截之temp一ID與任何特定使用者聯繫起來’從而保護使 用者之識別碼隱私。 在一項實施例中,用於產生式(1)*temp — ID之參數集瓜 可包括一對應於所存取之應用程式之應用程式識別碼 (aPP—ID)。以此方式,一密鑰伺服器126可自該^叫一⑴ 108判斷向該密鑰伺服器126請求使用者資訊之應用程式 116實際上是否已經該使用者114存取。鑒於安全性,該密 鑰伺服器126選擇僅向app—ID與用於產生temp一m 1〇8之 aPP 一 ID匹配之應用程式116發送關於該使用者114的資訊, 包括使用者識別碼及使用者特定密鑰。此防止另一未經該 使用者114存取之應用程式(諸如應用程式118)自該密鑰伺 服器126獲得關於該使用者114的資訊。 在一實施例中,當一使用者114尚不知曉其將存取之應 117974.doc -13- 200803400 用程式的app_ID時,該使用者114甚至可被請求以產生一 temp一ID。在此情況下,然而該使用者可藉由使用一固 定”萬用字元”或n預設napp_ID替代一應用程式特定appJD 而產生一 temp-ID。在此實施例中,該密鑰伺服器可經組 悲以辨識一含有此種"萬用字元"或"預設"app_ID之 temp—ID,且即使在該萬用字元app—ID與該請求應用程式 之app—ID不匹配之狀況下,仍向一應用程式提供使用者特 定資料。隨後,一旦該使用者已確認該應用程式之 app—ID,則該使用者可基於正確的app—iD產生一新的 temp—ID 〇 在本發明之另一實施例中,若該使用者與該應用程式在 一會期期間對一新的參數集m,達成一致,則藉由查詢一密 鑰伺服器,一應用程式可判定一將在一後續會期期間使用 之新的temp 一 ID。為進行此操作,該應用程式可向該密鑰 伺服器提供(舉例而言)該新的參數集以及初始自該使用 者接收之temp一ID。此避免該使用者在每次需要使用一新 的temp 一 ID時,必須向該應用程式傳輸一新的temp_ID。 圖3展示一其中在不使用一密鑰伺服器之條件下,使用 者114可女全地與一應用程式116進行通信之過程或方法 300的實施例。在此實施例中,假定在初始化圖3中所示之 通信之丽,該使用者114與應用程式116已經由某種密鑰散 發機制共用一密鑰K。在一實施例中,該密鑰尺為僅對於 諸如該使用者及該應用程式之經授權方已知的變數。Federal Information Processing Standard Publication 180 -1 (1995)) and in the formula (1), m represents one or more variables and/or may include, for example, a user identification code, depending on the duration of the meeting, and/or Parameter set for other parameters. A session can represent a set of communications between a user and an application, using the same temp-ID. In one embodiment, m generally includes at least one session variable that is variable each time an temp-ID is exchanged with an application. The variable can be a digital increment using a counter, a timestamp, or an output of a pseudo-random number generator. It should be understood that larger session variables can be used for greater security at a higher cost of execution. In an embodiment, the session variable can be a one-bit 6-bit counter value. Referring again to Figure 1, F and m are known to both the user 4 and the key server 126. In an embodiment, the key server ι26 may pre-calculate and store the temp-ID value based on all possible values of a given key 102 and the parameter m, so if a temp_ID is given, it can be quickly identified for Produced 117974.doc -11 · 200803400 The key 102 was born. 2 illustrates an embodiment of a process or method 200 in which a user 114 can establish secure communication with an application 116 in accordance with the embodiment shown in FIG. First, in step 201, the user 114 calculates 'temp-ID 108 based on the key and parameter set m, and sends the temp-ID 108 to the application 116. • In step 202, once the application 116 receives the temp-ID 108 sent by the user 114, it sends the temp-ID 108 to the cc server 126, as described above, in one embodiment, the Key server 126 has pre-stored a set of temp-IDs and keys in its memory. In step 203, the cryptographic server 126 identifies the key 102 using the temp-ID 108 received from the application 116. As mentioned previously, each key may correspond to a unique user. In this example, the key 102 corresponds to the user 114. Thus, the key server 126 can match the temp-ID 108 to the user 114 as shown in step 203. _ In the step, the key server 126 can further generate a secondary key 238 (also referred to herein as a transaction key) based on the key 1〇2. This generation of the secondary key may use another algorithm function and involve parameters known only to the user 114 and the key ^server 126. In one embodiment, the temp-ID 108 value 'is itself available to generate the associated secondary key. In an alternate embodiment, any number of sub-securities 238 may be generated by taking a hash function of the key 102 (e.g., 8ΗΑ_υ and a suitable sequence number.) In step 204, the key server 126 associates the pair. The key 238 is sent to the application 116. The key server 126 can also send other information about the user 117974.doc 200803400 114 to the application 116. The user 114 can independently according to its known parameters. A secondary secret gun 23 8 (or a traffic key ") is generated. Therefore, under the condition that the secondary key 238 is known to both the application 116 and the user 114, both parties can use the secondary secret 238 to encrypt and Decrypting the data sent between them 24, as shown in step 2〇 5. Referring back to Figure 1, if the user 114 subsequently accesses another application 122, it can be based on the formula (1) as described above. Calculate a temp-ID other than temp-m 108. If the function F is selected such that the relationship between temp-iD 1〇8 and other temp-IDs used by the same user during different sessions is not (four) _, 将 will be difficult for unauthorized parties The intercepted temp-ID is associated with any particular user' to protect the user's identity privacy. In one embodiment, the parameter set for generating the formula (1) * temp - ID may include a correspondence In the manner of an application identifier (aPP-ID) of the accessed application, in this manner, a key server 126 can determine from the ^1(1) 108 the application requesting the user information to the key server 126. The program 116 is actually already accessed by the user 114. In view of security, the key server 126 selects to send only about the app-ID to the application 116 that matches the aPP-ID used to generate temp-m1〇8. The information of the user 114 includes a user identification code and a user specific key. This prevents another application (such as the application 118) that is not accessed by the user 114 from obtaining the information from the key server 126. The information of the user 114. In an embodiment, when a user 114 is not aware of the app_ID of the application that should be accessed by the user 117974.doc -13-200803400, the user 114 may even be requested to generate a Temp one ID. In this case, The user can generate a temp-ID by using a fixed "universal character" or n preset napp_ID instead of an application specific appJD. In this embodiment, the key server can be sorrowful. Identify a temp-ID containing such a "universal character" or "preset" app_ID, and even if the universal character app-ID does not match the app-ID of the requesting application The user-specific material is still provided to an application. Then, once the user has confirmed the app-ID of the application, the user can generate a new temp-ID based on the correct app-iD. In another embodiment of the present invention, if the user The application agrees on a new parameter set m during a session, and by querying a key server, an application can determine a new temp-ID to be used during a subsequent session. To do this, the application can provide the key server with, for example, the new parameter set and the temp-ID initially received from the user. This avoids the user having to transmit a new temp_ID to the application each time a new temp-ID is needed. 3 shows an embodiment of a process or method 300 in which a user 114 can communicate with an application 116 femalely without using a key server. In this embodiment, it is assumed that the user 114 and the application 116 have shared a key K by some sort of key distribution mechanism in the initialization of the communication shown in FIG. In one embodiment, the key fob is a variable known only to authorized users such as the user and the application.
在步驟3〇1中,使用者114可如下產生一Derivedj^^D 117974.doc -14 - 200803400 310 :In step 3〇1, the user 114 can generate a Derivedj^^D 117974.doc -14 - 200803400 310 as follows:
Derived—Key—ID=F(K,會期變數,其他參數)式⑺ 其中,F再次為一預定演算法函數,會期變數為一諸如一 計數器值之視會期而定之變數,而其他參數可包括任何本 文未明確列舉、但對於使用者114及應用程式116兩者皆為 已知的參數。如先前所註解,一會期變數可在每次與一應 用程式交換一 temp—ID時發生變化,且可為一數位遞增使 用計數器、一時間戳記或一偽隨機數產生器之輪出。應瞭 解’使用愈大規模的會期變數,安全性愈強,而代價為執 行複雜度愈高。在一實施例中,該會期變數可為一 16位元 計數器值。 在步驟302中,使用者114向該應用程式116發送該 Derived一Key—ID 310。在步驟303中,已由密鑰κ、會期變 數及其他參數之所有可能值預先計算出DeriVed_Key JD 310之集且將此集儲存於記憶體中的應用程式ιΐ6可識別用 於產生所接收之Derived—Key—m 31〇的密鑰κ、會期變數 及相關使用者114。在雙方均已知κ、會期變數331及其他 參數之值的條件下,雙方可如下計算一共同密鑰Derived—Key—ID=F(K, session variable, other parameters) Equation (7) where F is again a predetermined algorithm function, the duration variable is a variable such as the period of the counter value, and other parameters Any parameters not explicitly recited herein but known to both user 114 and application 116 may be included. As previously noted, a session variable can be changed each time an temp-ID is exchanged with an application, and can be a one-digit increment using a counter, a timestamp, or a pseudo-random number generator. It should be understood that the larger the session variable is, the stronger the security is, and the higher the complexity is. In one embodiment, the session variable can be a 16-bit counter value. In step 302, the user 114 sends the Derived-Key_ID 310 to the application 116. In step 303, the set of DeriVed_Key JD 310 has been pre-computed from all possible values of the key κ, the session variable, and other parameters, and the application ΐ6 stored in the memory in the set is identifiable for generating the received Derived—Key—m 31〇 key κ, duration variable, and associated user 114. Under the condition that both parties know the values of κ, duration variable 331 and other parameters, both parties can calculate a common key as follows.
Derived Κ 332 :Derived Κ 332 :
DenVed-K=G(K,會期變數,其他參數) 式(3) 其中,G為另一預定演算法函數,而會期變數μ〗對應於式 (2)中用於產生Denved—key—ID 31〇之會期變數。可注意 到’該函數G可經選擇為相同於先前參考圖2所述之用以產 生剎狯鑰238之函數。如步驟304中所示,現可使用該 117974.doc -15- 200803400DenVed-K=G(K, duration variable, other parameters) Equation (3) where G is another predetermined algorithm function, and the duration variable μ corresponds to the method used in Equation (2) to generate Denved—key— ID 31 is the duration variable. It can be noted that the function G can be selected to be identical to the function previously described with reference to Figure 2 for generating the brake key 238. As shown in step 304, the 117974.doc -15- 200803400 can now be used.
DerivecLK 332進行安全通信以發送且接收經加密資料 340 〇 在本發明之又一實施例中,若該使用者與該應用程式在 一會期期間對於一新的參數集m’達成一致,則該應用程式 可使用式(3)判定將由該使用者在一後續會期期間使用之新 的temp—ID。此將提供對於一第三方之連結能力襲擊之保 護。舉例而言,一使用者可在與一行動網路中之不同基地DerivecLK 332 performs secure communication to send and receive encrypted data 340. In still another embodiment of the present invention, if the user agrees with the application for a new parameter set m' during a session, then The application can use equation (3) to determine the new temp-ID that will be used by the user during a subsequent session. This will provide protection against a third party's ability to connect. For example, a user can be in a different base from a mobile network.
台的會期期間,改變其temp—ID以避免受到一第三方竊聽 者之追蹤。 可注意到,儘管以上實施例係描述於共用密鑰或對稱加 密系統之情形下,但使用者重複使用相同公用密鑰之公用 密鑰或非對稱加密系統亦易受到連結能力襲擊。本發明之 態樣亦可適用於根據一視會期而定之變數及/或應用程式 改變私用密鑰,且因此改變公用密鑰。然而可注意到,^ 公用检鑰系統中,每次改變一公用/私用密鑰對所需註冊 及憑證簽發過程之開鎖可導致同—公用/私用密錄對較佳 用於一整個延長的時間週期上。 根據一實施例,在該密鑰伺服器126及該使用者U4中 每一者中的記憶體可為揮發性或非揮發性類型,例如磁= 硬驅動機或RAM(隨機存取記憶體)電路。作為替代,詨二 憶體亦可由其他電路類型製成,例如EEpR〇M〈電子可擦: 程式唯讀記憶體)、EpR〇M(電性可程式唯讀記憶體)1 ROM(唯讀記憶體)、ASIC(特殊應帛程式㈣電⑻、磁 碟、光碟及技術中熟知之其他類型。 117974.doc -16- 200803400 應注意’本發明可作為一過程或方法而體現或可編碼為 此項技術中已知之任何電腦可讀媒體上執行的電腦可讀指 令。此處,術語,,電腦可讀媒體"意指參與提供指令至任何 處理器(例如圖1中所示之密鑰伺服器126及使用者114中之 處理|§)的任何媒體。此種媒體可為儲存類型且可為揮發 性或非揮發性儲存媒體之形式,舉例而言,如之前亦描述 於對該密鑰伺服器126及該使用者114中之記憶體的描述 中。此種媒體亦可為傳輸類型且可包括同軸電纟覽、銅線、 光纜及載運聲或電磁波之空中介面,該等波可載運可由機 器或電腦讀取之信號。 熟習此項技術者將瞭解,可使用各種不同技術及技藝中 之任一者表示資訊及信號。舉例而言,可在以上描述之全 文中引用之資料、指令、命令、資訊、信號、位元、符號 及曰B片可由電壓、電流、電磁波、磁場或磁性顆粒、光場 或光學顆粒或其任一組合表示。 熟習此項技術者將進一步瞭解,結合本文所揭示之實施 例而描述之各種說明性邏輯塊、模組、電路及演算法步驟 可實施為電子硬體、電腦軟體或二者之組合。為清楚說明 硬體與軟體之此互換性,以上已大體按照其功能性對各種 說明性組件、區塊、模組、電路及步驟進行描述。此功能 性建構為硬體抑或軟體係視特定應用程式及施加於整個系 統上之設計限制而定。熟習此項技術者可以變化方式針對 各特定應用程式實施所描述之功能性,但此等實施決策不 應解譯為致使脫離本發明之範疇。 117974.doc •17- 200803400 結合本文所揭示之實施例而描述之各種說明性邏輯塊、 杈組及電路可連同一通用處理器、一數位信號處理器 (DSP)、一特殊應用程式積體電路(ASIC)、一場可程式閘 陣列(FPGA)或其他可程式邏輯裝置、離散閘或電晶體邏 ▲ 輯、離散硬體組件或經設計以實施本文所描述之功能之其 • 任一組合而執行或實施。一通用處理器可為一微處理器, 但替代地,該處理器可為任一習知處理器、控制器、微控 _ 制器或狀態機。一處理器亦可實施為計算裝置之組合,例 如’ DSP與一微處理器之組合、複數個微處理器、一或多 個與一 DSP核結合之微處理器或任一其他此種組態。 結合本文所揭示之實施例而描述之方法或演算法之步驟 可直接體現於硬體、由一處理器執行之軟體模組或該二者 之一組合中。一軟體模組可駐存於RAM記憶體、快閃記憶 體、ROM記憶體、EPR〇]VUi憶體、EEpR〇M記憶體、暫存 器、硬碟、可移動碟、CD_ROM或此項技術中已知之任何 • 其他形式的儲存媒體中。一例示性儲存媒體耦接至該處理 器,使得該處理器可自該儲存媒體讀取資訊且將資訊寫入 儲存媒體中。替代地,該儲存媒體可整合至該處理器。該 ‘ 4理器及該儲存媒體可駐存在一 ASIC中。該八批可駐存 在一使用者終端機中。替代地,該處理器及該儲存媒體可 作為離散組件駐存於一使用者終端機中。 提供對所揭示之實施例之先前描述以使任一熟習此項技 術者能夠製造或使用本發明。彼等熟習此項技術者將顯而 易見對此等實施例之各種修改,且本文所定義之通用原則 117974.doc -18- 200803400 可適用於其他實施例而不脫離本發明之精神或範疇。因此 本發明並未意欲限於本文所展示之實施例,而是應符合與 本文所揭示之原則及新穎特徵一致之最廣泛的範疇。雖然 已描述例示性實施例,但熟習此項技術者應瞭解,可在其 中作出此等及其他形式或細節上之改變而不偏離本發明之 範疇及精神。 【圖式簡單說明】 圖1展示其中一密鑰伺服器用於促進一使用者與一應用 程式之間的加密通信之本發明之一實施例。 圖2說明一其中使用者可根據圖1中所示之實施例建立與 一應用程式之安全通信的過程或方法之實施例。 【主要元件符號說明】 100 通信系統 102 密鑰 108 導出識別碼 114 使用者 116 應用程式 118 應用程式 122 應用程式 126 费输伺服器 238 訊務密鑰 240 資料 圖3展示一其中使用者可在不使用一密鑰伺服器之條件 下女全地與一應用程式通信的過程或方法之實施例。 117974.doc -19- 200803400During the session of the station, its temp-ID is changed to avoid being tracked by a third party eavesdropper. It may be noted that although the above embodiments are described in the case of a shared key or symmetric encryption system, the public key or asymmetric encryption system in which the user reuses the same public key is also vulnerable to the connection capability attack. Aspects of the invention may also be adapted to vary the private key, and thus the public key, based on variables and/or applications depending on the duration of the session. However, it can be noted that in the public key system, each time a public/private key pair is changed, the required registration and the unlocking process of the voucher issuing process may result in the same-public/private secret record pair being preferably used for an entire extension. On the time period. According to an embodiment, the memory in each of the key server 126 and the user U4 may be of a volatile or non-volatile type, such as magnetic = hard drive or RAM (random access memory). Circuit. As an alternative, the second memory can also be made of other circuit types, such as EEpR〇M<Electronic Erasable: Program-Read Only Memory), EpR〇M (Electrically Programmable Read Only Memory) 1 ROM (Read Only Memory) Body, ASIC (special application (4) electric (8), disk, optical disc and other types well known in the art. 117974.doc -16- 200803400 It should be noted that 'the invention may be embodied as a process or method or may be coded for this purpose Computer readable instructions executed on any computer readable medium known in the art. Here, the term, computer readable medium "intended to participate in providing instructions to any processor (eg, the key servo shown in Figure 1) Any medium of processing 126 and user 114. The medium may be of a storage type and may be in the form of a volatile or non-volatile storage medium, for example, as previously described in the key. The server 126 and the description of the memory in the user 114. The medium may also be of a transmission type and may include a coaxial cable, a copper wire, a fiber optic cable, and an air interface for carrying sound or electromagnetic waves, which may be carried. Can be machine or computer Obtaining the signal. Those skilled in the art will appreciate that information and signals may be represented using any of a variety of different technologies and techniques. For example, the materials, instructions, commands, information, etc., which may be referenced throughout the above description, The signals, bits, symbols, and 曰B slices may be represented by voltages, currents, electromagnetic waves, magnetic fields or magnetic particles, light fields, or optical particles, or any combination thereof. It will be further appreciated by those skilled in the art, in conjunction with the embodiments disclosed herein. The various illustrative logic blocks, modules, circuits, and algorithm steps described may be implemented as electronic hardware, computer software, or a combination of both. To clearly illustrate the interchangeability of hardware and software, the above has generally been in accordance with its function. Sexual descriptions of various illustrative components, blocks, modules, circuits, and steps. This functionality is structured as a hardware or soft system depending on the particular application and design constraints imposed on the overall system. Those skilled in the art The described functionality may be implemented in a varying manner for each particular application, but such implementation decisions should not be interpreted as causing departure from the 117974.doc • 17- 200803400 Various illustrative logic blocks, groups and circuits described in connection with the embodiments disclosed herein may be coupled to a general purpose processor, a digital signal processor (DSP), a special application. An integrated circuit (ASIC), a programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any of the functions designed to implement the functions described herein. Executed or implemented in combination. A general purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. Implemented as a combination of computing devices, such as 'a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other such configuration. The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in a hardware, a software module executed by a processor, or a combination of the two. A software module can reside in RAM memory, flash memory, ROM memory, EPR〇VUi memory, EEpR〇M memory, scratchpad, hard disk, removable disk, CD_ROM or this technology Any of the other known storage media. An exemplary storage medium is coupled to the processor such that the processor can read information from the storage medium and write the information to the storage medium. Alternatively, the storage medium can be integrated into the processor. The '4 processor and the storage medium can reside in an ASIC. The eight batches can reside in a user terminal. Alternatively, the processor and the storage medium can reside as discrete components in a user terminal. The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the invention. Various modifications to these embodiments will be apparent to those skilled in the art, and the general principles 117974.doc -18-200803400 as defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Therefore, the present invention is not intended to be limited to the embodiments shown herein, but rather the broadest scope of the principles and novel features disclosed herein. Having described the exemplary embodiments, it is to be understood that those skilled in the art can BRIEF DESCRIPTION OF THE DRAWINGS Figure 1 shows an embodiment of the present invention in which a key server is used to facilitate encrypted communication between a user and an application. 2 illustrates an embodiment of a process or method in which a user can establish secure communication with an application in accordance with the embodiment illustrated in FIG. 1. [Main component symbol description] 100 Communication system 102 Key 108 Export identification code 114 User 116 Application 118 Application 122 Application 126 Fee server 238 Message key 240 Data Figure 3 shows a user who can An embodiment of a process or method for communicating with an application entirely under the condition of a key server. 117974.doc -19- 200803400
310 Derived—Key—ID 332 共同密鑰Derived 340 經加密資料 -20- 117974.doc310 Derived—Key—ID 332 Common Key Derived 340 Encrypted Data -20- 117974.doc
Claims (1)
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US75897106P | 2006-01-13 | 2006-01-13 | |
US76277106P | 2006-01-27 | 2006-01-27 |
Publications (1)
Publication Number | Publication Date |
---|---|
TW200803400A true TW200803400A (en) | 2008-01-01 |
Family
ID=42126733
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW96101484A TW200803400A (en) | 2006-01-13 | 2007-01-15 | Privacy protection in communication systems |
Country Status (2)
Country | Link |
---|---|
RU (1) | RU2408991C2 (en) |
TW (1) | TW200803400A (en) |
-
2007
- 2007-01-12 RU RU2008133206/09A patent/RU2408991C2/en not_active IP Right Cessation
- 2007-01-15 TW TW96101484A patent/TW200803400A/en unknown
Also Published As
Publication number | Publication date |
---|---|
RU2408991C2 (en) | 2011-01-10 |
RU2008133206A (en) | 2010-02-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10327142B2 (en) | Secure short message service (SMS) communications | |
US10454674B1 (en) | System, method, and device of authenticated encryption of messages | |
TWI394466B (en) | Secure bootstrapping for wireless communications | |
EP2082525B1 (en) | Method and apparatus for mutual authentication | |
US6229894B1 (en) | Method and apparatus for access to user-specific encryption information | |
US8788807B2 (en) | Privacy protection in communication systems | |
JP5345675B2 (en) | Network helper for authentication between token and verifier | |
US8229112B2 (en) | Decipherable searchable encryption method, system for such an encryption | |
WO2017097041A1 (en) | Data transmission method and device | |
ES2250771T3 (en) | PROCEDURES TO CHANGE A REMOTE COMMUNICATIONS PASSWORD. | |
JP2004180310A (en) | Method for setting and managing confidence model between chip card and radio terminal | |
US7620186B2 (en) | Method for establishing an encrypted communication by means of keys | |
TW200537959A (en) | Method and apparatus for authentication in wireless communications | |
CN108199844A (en) | Method for supporting off-line SM9 algorithm key first application downloading | |
KR100668446B1 (en) | Safe --method for transferring digital certificate | |
CN106788997A (en) | A kind of real-time multimedia encryption method based on id password | |
US9876774B2 (en) | Communication security system and method | |
CN116528230A (en) | Verification code processing method, mobile terminal and trusted service system | |
CN101420687A (en) | Identity verification method based on mobile terminal payment | |
JP4615128B2 (en) | Voice and data encryption method using encryption key split combiner | |
WO2021129012A1 (en) | Privacy information transmission method, apparatus, computer device and computer-readable medium | |
US20080119166A1 (en) | Method for secure transmission of third party content to cdma1x user for broadcast and multicast services | |
TW201426597A (en) | A user management method and system based on group | |
TW200803400A (en) | Privacy protection in communication systems | |
TWI745026B (en) | Authentication system and method |