TW200803400A - Privacy protection in communication systems - Google Patents

Abstract

Methods and apparatus for protecting user privacy in a shared key system. According to one aspect, a user generates a derived identity based on a key and a session variable, and sends the derived identity to an application. In one embodiment, a key server may be used to receive the derived identity from the application, and return a sub-key to the application to use for encrypting communications with the user.

Description

200803400 IX. DESCRIPTION OF THE INVENTION: TECHNICAL FIELD OF THE INVENTION The present invention relates generally to communications and, more particularly, to protecting the privacy of a user in a communication system. [Prior Art] Since modern devices become able to communicate with any application server, there is a need to authenticate and protect such communications. In an asymmetric or public key system, the device (or "user,") can submit a public key to an application server (or "application") while retaining a separate private key. In a shared or symmetric key system, the user can communicate with the application using a user ID, which may be "anonymous", where the user ID may not reveal the actual User identity. Upon receipt of the user ID, the application can obtain a key linked to the user ID for encrypted communication with the user. The key can be previously known to the application. a key, or it can be extracted from a --key server (for example, a third party trusted by the user and the application). Even when using the "anonymous" user ID, There is still a way to make the user's privacy be leaked. For example, if the user and the u program exchange the same user ID in multiple sessions, the application may borrow The duration of the user connected to each other with respect to the inferred user's private information referred to herein as ". Coupled "iv (UnkabiUty attack) ". For example, in a wireless network, accessing a number of base stations using an identification code can result in the user tracing on the network. Alternatively, if a user accesses a plurality of different applications using the same user ID, a third party may passively eavesdrop on the communication of the user identification code between the application and the server. And confirm which applications the user has accessed and when the user has accessed them. This potentially reveals privacy information about the user's preferences. The same information can be obtained by a third party directly querying the accessed application. [Summary of the Invention]

One aspect of the present invention provides a method for protecting user privacy, the method comprising: identifying and identifying a stone horse based on a key and at least one parameter including a duration variable associated with the user; and Send the export identification code to an application. Another aspect of the present invention provides a method for protecting user privacy during communication in a system having a key-storage device, the method comprising: receiving an export identification code from a user The derived identification code is generated from the second key and at least the parameters of the inclusion-memory variable. Transmitting the identification code to the password server; and receiving information associated with the user from the key server. /, μ Another aspect of the present invention provides a method for protecting user privacy, including: receiving and exporting a secret identification from a user, and reading the identification code from a key and including a session The period variable is generated to a decimal number; and the key is identified from the derived key identification (4). Yet another aspect of the present invention provides a method for protecting user privacy during communication in a system in a method: Method = Feeder contains a self-requesting application to receive a _guide code, the export H7974.doc 200803400 A self-key and at least one parameter containing a session variable are generated; and the user is identified from the derived identification code. Yet another aspect of the present invention provides a device for protecting user privacy 'The device includes: - an derived identification code generator for generating at least - a parameter based on a glitch and an inclusion-meeting variable - and - User phase: a derived identification code; a transmitter for transmitting the derived identification code to an application.

A further aspect of the present invention provides a device for protecting user privacy during communication in a system with a sputum feeding device, the device comprising: a receiver for receiving from a user Deriving an identification code, the derived identification code being generated from a key and at least one of a number of session variables; and a transmitter for transmitting the derived user identification code to the key server . Yet another aspect of the present invention provides a device for protecting user privacy, the device comprising: a receiver for receiving a derived key identification code from a user, the derived key identification code being The secret transmission and at least one parameter including a session variable are generated; a processor for identifying the key from the derived key identification code. Yet another aspect of the present invention provides a device for protecting user privacy during communication in a system having a key server, the device comprising: a receiver for receiving a request from a requesting application Deriving an identification code generated from a key and at least one parameter including a session variable; and a processor for identifying the user from the derived identification code. 117974.doc 200803400 Yet another aspect of the present invention provides an apparatus for protecting user privacy during communication with an application, the apparatus comprising: a means for generating an derived identification code; Export the identification code to the component of an application. • A further aspect of the present invention provides a device for protecting user privacy during communication in a system having a key server, the device comprising: a receiver for requesting an application from a request Receiving an export identification code, the derived identification code being generated from a key and at least one parameter including a session variable; a component for identifying the user from the derived identification code; and a transmitter Used to transfer information associated with the user to the requesting application. [Embodiment] In order to protect user privacy, it is required to provide secure communication between a user and an application without exposing the actual identification code of the user to the application or a third party who has eavesdropped on the communication, or The application is not otherwise allowed to determine that different sessions originate from the same user. The invention disclosed herein addresses this need. Referring now to Figure 1, an embodiment of a communication system 100 is shown in which a key server is used to facilitate encrypted communication between a user and an application. The communication system 100 can be any, for example, a voice, data or multimedia system operating under a communication standard and/or protocol, such as WCDMA (Wideband Code Division Multi-Direction), edma2, or Call the Internet Protocol standard or any other suitable standard or agreement. For example, 117974.doc 200803400, embodiments can be used as an enhancement to the Generic Bootstrapping Architecture as specified in various communication standards. (See, for example, "Generic Authentication Architecture (GAA): Generic bootstrapping architecture/^GPP TS 33.220 and "Generic Bootstrapping Architecture (GBA) Framework,"3GPP2 S.S0109-0, version 1.) As illustrated, a user 114 (also referred to as a user device) can access an application 116 in the system 100. The application 116 can be a dedicated server for a particular application (e.g., gamma (Internet Voice Protocol)) or a network element itself in the network. The application i i 6 can also be a software application stored on a server or other device on the network. In one embodiment (not shown), the application port 6 can reside on the same physical device as a key server 126. Each application may have its own dedicated transmitter/receiver circuit (not shown) for communicating with the user 114 and/or the key server 126, or several applications may share a common transmitter/receiver Circuit. It may be noted that an application may include a plurality of entities, for example, the application may be an integrated mobile network comprising a plurality of base stations. In one embodiment, user 114 may pre-store a secret 102 in its memory. The key 1 〇 2 and its fact stored in the user 114 are known to the key server 126. The key 1〇2 may uniquely belong to the user 114 or may uniquely belong to a group of users including the user n4. The key 102 can be used permanently or only for a specific period of time. In an embodiment, the key 102 is only known to the authorized party such as the key server 126 and the 117974.doc -10- 200803400 114. 114 and the key server 126 can cause the following formula to generate a tempJ [D 1 〇 8 (also referred to as an derived identification code): temp F (key, ... (1) in equation (1), p ^, hinder a predetermined algorithm function such as an encrypted hash function, 5, F may be a function of causing one or more parameters to be consecutively connected to one or more of the churning functions, or a plurality of parameters and one or Multiple

The combination of the output of his hash function performs a hash function. In one embodiment, the pre-difference function may be a secure hash algorithm SHA-1. (see

Federal Information Processing Standard Publication 180 -1 (1995)) and in the formula (1), m represents one or more variables and/or may include, for example, a user identification code, depending on the duration of the meeting, and/or Parameter set for other parameters. A session can represent a set of communications between a user and an application, using the same temp-ID. In one embodiment, m generally includes at least one session variable that is variable each time an temp-ID is exchanged with an application. The variable can be a digital increment using a counter, a timestamp, or an output of a pseudo-random number generator. It should be understood that larger session variables can be used for greater security at a higher cost of execution. In an embodiment, the session variable can be a one-bit 6-bit counter value. Referring again to Figure 1, F and m are known to both the user 4 and the key server 126. In an embodiment, the key server ι26 may pre-calculate and store the temp-ID value based on all possible values of a given key 102 and the parameter m, so if a temp_ID is given, it can be quickly identified for Produced 117974.doc -11 · 200803400 The key 102 was born. 2 illustrates an embodiment of a process or method 200 in which a user 114 can establish secure communication with an application 116 in accordance with the embodiment shown in FIG. First, in step 201, the user 114 calculates 'temp-ID 108 based on the key and parameter set m, and sends the temp-ID 108 to the application 116. • In step 202, once the application 116 receives the temp-ID 108 sent by the user 114, it sends the temp-ID 108 to the cc server 126, as described above, in one embodiment, the Key server 126 has pre-stored a set of temp-IDs and keys in its memory. In step 203, the cryptographic server 126 identifies the key 102 using the temp-ID 108 received from the application 116. As mentioned previously, each key may correspond to a unique user. In this example, the key 102 corresponds to the user 114. Thus, the key server 126 can match the temp-ID 108 to the user 114 as shown in step 203. _ In the step, the key server 126 can further generate a secondary key 238 (also referred to herein as a transaction key) based on the key 1〇2. This generation of the secondary key may use another algorithm function and involve parameters known only to the user 114 and the key ^server 126. In one embodiment, the temp-ID 108 value 'is itself available to generate the associated secondary key. In an alternate embodiment, any number of sub-securities 238 may be generated by taking a hash function of the key 102 (e.g., 8ΗΑ_υ and a suitable sequence number.) In step 204, the key server 126 associates the pair. The key 238 is sent to the application 116. The key server 126 can also send other information about the user 117974.doc 200803400 114 to the application 116. The user 114 can independently according to its known parameters. A secondary secret gun 23 8 (or a traffic key ") is generated. Therefore, under the condition that the secondary key 238 is known to both the application 116 and the user 114, both parties can use the secondary secret 238 to encrypt and Decrypting the data sent between them 24, as shown in step 2〇 5. Referring back to Figure 1, if the user 114 subsequently accesses another application 122, it can be based on the formula (1) as described above. Calculate a temp-ID other than temp-m 108. If the function F is selected such that the relationship between temp-iD 1〇8 and other temp-IDs used by the same user during different sessions is not (four) _, 将 will be difficult for unauthorized parties The intercepted temp-ID is associated with any particular user' to protect the user's identity privacy. In one embodiment, the parameter set for generating the formula (1) * temp - ID may include a correspondence In the manner of an application identifier (aPP-ID) of the accessed application, in this manner, a key server 126 can determine from the ^1(1) 108 the application requesting the user information to the key server 126. The program 116 is actually already accessed by the user 114. In view of security, the key server 126 selects to send only about the app-ID to the application 116 that matches the aPP-ID used to generate temp-m1〇8. The information of the user 114 includes a user identification code and a user specific key. This prevents another application (such as the application 118) that is not accessed by the user 114 from obtaining the information from the key server 126. The information of the user 114. In an embodiment, when a user 114 is not aware of the app_ID of the application that should be accessed by the user 117974.doc -13-200803400, the user 114 may even be requested to generate a Temp one ID. In this case, The user can generate a temp-ID by using a fixed "universal character" or n preset napp_ID instead of an application specific appJD. In this embodiment, the key server can be sorrowful. Identify a temp-ID containing such a "universal character" or "preset" app_ID, and even if the universal character app-ID does not match the app-ID of the requesting application The user-specific material is still provided to an application. Then, once the user has confirmed the app-ID of the application, the user can generate a new temp-ID based on the correct app-iD. In another embodiment of the present invention, if the user The application agrees on a new parameter set m during a session, and by querying a key server, an application can determine a new temp-ID to be used during a subsequent session. To do this, the application can provide the key server with, for example, the new parameter set and the temp-ID initially received from the user. This avoids the user having to transmit a new temp_ID to the application each time a new temp-ID is needed. 3 shows an embodiment of a process or method 300 in which a user 114 can communicate with an application 116 femalely without using a key server. In this embodiment, it is assumed that the user 114 and the application 116 have shared a key K by some sort of key distribution mechanism in the initialization of the communication shown in FIG. In one embodiment, the key fob is a variable known only to authorized users such as the user and the application.

In step 3〇1, the user 114 can generate a Derivedj^^D 117974.doc -14 - 200803400 310 as follows:

Derived—Key—ID=F(K, session variable, other parameters) Equation (7) where F is again a predetermined algorithm function, the duration variable is a variable such as the period of the counter value, and other parameters Any parameters not explicitly recited herein but known to both user 114 and application 116 may be included. As previously noted, a session variable can be changed each time an temp-ID is exchanged with an application, and can be a one-digit increment using a counter, a timestamp, or a pseudo-random number generator. It should be understood that the larger the session variable is, the stronger the security is, and the higher the complexity is. In one embodiment, the session variable can be a 16-bit counter value. In step 302, the user 114 sends the Derived-Key_ID 310 to the application 116. In step 303, the set of DeriVed_Key JD 310 has been pre-computed from all possible values of the key κ, the session variable, and other parameters, and the application ΐ6 stored in the memory in the set is identifiable for generating the received Derived—Key—m 31〇 key κ, duration variable, and associated user 114. Under the condition that both parties know the values of κ, duration variable 331 and other parameters, both parties can calculate a common key as follows.

Derived Κ 332 :

DenVed-K=G(K, duration variable, other parameters) Equation (3) where G is another predetermined algorithm function, and the duration variable μ corresponds to the method used in Equation (2) to generate Denved—key— ID 31 is the duration variable. It can be noted that the function G can be selected to be identical to the function previously described with reference to Figure 2 for generating the brake key 238. As shown in step 304, the 117974.doc -15- 200803400 can now be used.

DerivecLK 332 performs secure communication to send and receive encrypted data 340. In still another embodiment of the present invention, if the user agrees with the application for a new parameter set m' during a session, then The application can use equation (3) to determine the new temp-ID that will be used by the user during a subsequent session. This will provide protection against a third party's ability to connect. For example, a user can be in a different base from a mobile network.

During the session of the station, its temp-ID is changed to avoid being tracked by a third party eavesdropper. It may be noted that although the above embodiments are described in the case of a shared key or symmetric encryption system, the public key or asymmetric encryption system in which the user reuses the same public key is also vulnerable to the connection capability attack. Aspects of the invention may also be adapted to vary the private key, and thus the public key, based on variables and/or applications depending on the duration of the session. However, it can be noted that in the public key system, each time a public/private key pair is changed, the required registration and the unlocking process of the voucher issuing process may result in the same-public/private secret record pair being preferably used for an entire extension. On the time period. According to an embodiment, the memory in each of the key server 126 and the user U4 may be of a volatile or non-volatile type, such as magnetic = hard drive or RAM (random access memory). Circuit. As an alternative, the second memory can also be made of other circuit types, such as EEpR〇M<Electronic Erasable: Program-Read Only Memory), EpR〇M (Electrically Programmable Read Only Memory) 1 ROM (Read Only Memory) Body, ASIC (special application (4) electric (8), disk, optical disc and other types well known in the art. 117974.doc -16- 200803400 It should be noted that 'the invention may be embodied as a process or method or may be coded for this purpose Computer readable instructions executed on any computer readable medium known in the art. Here, the term, computer readable medium &quot;intended to participate in providing instructions to any processor (eg, the key servo shown in Figure 1) Any medium of processing 126 and user 114. The medium may be of a storage type and may be in the form of a volatile or non-volatile storage medium, for example, as previously described in the key. The server 126 and the description of the memory in the user 114. The medium may also be of a transmission type and may include a coaxial cable, a copper wire, a fiber optic cable, and an air interface for carrying sound or electromagnetic waves, which may be carried. Can be machine or computer Obtaining the signal. Those skilled in the art will appreciate that information and signals may be represented using any of a variety of different technologies and techniques. For example, the materials, instructions, commands, information, etc., which may be referenced throughout the above description, The signals, bits, symbols, and 曰B slices may be represented by voltages, currents, electromagnetic waves, magnetic fields or magnetic particles, light fields, or optical particles, or any combination thereof. It will be further appreciated by those skilled in the art, in conjunction with the embodiments disclosed herein. The various illustrative logic blocks, modules, circuits, and algorithm steps described may be implemented as electronic hardware, computer software, or a combination of both. To clearly illustrate the interchangeability of hardware and software, the above has generally been in accordance with its function. Sexual descriptions of various illustrative components, blocks, modules, circuits, and steps. This functionality is structured as a hardware or soft system depending on the particular application and design constraints imposed on the overall system. Those skilled in the art The described functionality may be implemented in a varying manner for each particular application, but such implementation decisions should not be interpreted as causing departure from the 117974.doc • 17- 200803400 Various illustrative logic blocks, groups and circuits described in connection with the embodiments disclosed herein may be coupled to a general purpose processor, a digital signal processor (DSP), a special application. An integrated circuit (ASIC), a programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any of the functions designed to implement the functions described herein. Executed or implemented in combination. A general purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. Implemented as a combination of computing devices, such as 'a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other such configuration. The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in a hardware, a software module executed by a processor, or a combination of the two. A software module can reside in RAM memory, flash memory, ROM memory, EPR〇VUi memory, EEpR〇M memory, scratchpad, hard disk, removable disk, CD_ROM or this technology Any of the other known storage media. An exemplary storage medium is coupled to the processor such that the processor can read information from the storage medium and write the information to the storage medium. Alternatively, the storage medium can be integrated into the processor. The '4 processor and the storage medium can reside in an ASIC. The eight batches can reside in a user terminal. Alternatively, the processor and the storage medium can reside as discrete components in a user terminal. The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the invention. Various modifications to these embodiments will be apparent to those skilled in the art, and the general principles 117974.doc -18-200803400 as defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Therefore, the present invention is not intended to be limited to the embodiments shown herein, but rather the broadest scope of the principles and novel features disclosed herein. Having described the exemplary embodiments, it is to be understood that those skilled in the art can BRIEF DESCRIPTION OF THE DRAWINGS Figure 1 shows an embodiment of the present invention in which a key server is used to facilitate encrypted communication between a user and an application. 2 illustrates an embodiment of a process or method in which a user can establish secure communication with an application in accordance with the embodiment illustrated in FIG. 1. [Main component symbol description] 100 Communication system 102 Key 108 Export identification code 114 User 116 Application 118 Application 122 Application 126 Fee server 238 Message key 240 Data Figure 3 shows a user who can An embodiment of a process or method for communicating with an application entirely under the condition of a key server. 117974.doc -19- 200803400

310 Derived—Key—ID 332 Common Key Derived 340 Encrypted Data -20- 117974.doc

Claims (1)

200803400 X. Patent Application Range: 1. A method for protecting user privacy, comprising: deriving an identification code associated with a user based on a key and at least a parameter generation comprising a session variable; / Send the export identifier to an application. 2. The method of claim 1, further comprising: generating a transaction key; and communicating with the application using the transaction key. 3. The method of claim 1, wherein the use is for at least two sessions of communication. ~ The same - the application enters the method of item 1, wherein the user has a private period of at least two sessions of communication. 5. If the method of claim i is used, the value of 6 is - "the period variable contains the counter value. 6. If the method of item 1 is not specified, the period of the period is 7 W period, and the variable contains - time stamp. 7. The method of claim 1, wherein the preparation _ love narration - the output of the human life., "eight numbers contain a pseudo-random number of production 8 · as the eye of the item 5 eve *., , , and &quot; The tensor value contains an increment counter ^ 'This output is different for each session. The method of item 1 wherein the at least one parameter includes an application identifier associated with the application communicated by the user. 10: The method of claim 9, wherein the application identifier comprises one million = application identifier, which is used when the application identifier of the application communicated by the j user is unknown to the user of the μ 4 117974.doc 200803400 U. The method of claim 1, wherein the generating the derived identification code based on the at least one parameter comprises: applying a hash function to the at least one parameter. 12. The method of claim 1, wherein the generating the identification based on the at least one parameter The code includes: causing at least one of the at least one parameter to be concatenated to an output of a hash function applied to at least one of the plurality of Φ JU majority. For use in a system having a key server A method of protecting user privacy during communication, the method comprising: Receiving an export identification code from the user, the derived identification code being generated from a key and at least one parameter including a session variable; transmitting the derived identification code to the key server; and from the key The feeder receives information associated with the user. 14. The method of claim 13 is poor, 隹 * 10,000 hits further includes using the information to communicate with the user. Person = the method of item 14 wherein the information packet *, (1) and 5 导出 密 密 密 密 密 密 密 密 密 密 The request for the derived key from the key feeder is based on at least the at least one of the parameters. The method of claim 13, wherein the derived identification code is generated from the at least _ parameter by applying a hash function to the at least one parameter. 18. The method of claim 13, 19 wherein the method of claim 13 wherein the session variable comprises a counter value. Wherein the at least one parameter further comprises an application identifier associated with the application requested by the user 灰 _ b 0 II7974.doc 200803400 20. The method of claim 19, wherein the key server system It is configured such that if the application identifier does not match an application identifier associated with a requesting application, the information is not provided. 21. The method of claim 13, further comprising: communicating with the user information relating to a subsequent communication session of the user; transmitting the information associated with the subsequent communication session to The key server receives from the key server and associates with the user to enable other information to communicate with the user during a subsequent communication session with the user. 22. A method for protecting user privacy, comprising: a self-user receiving-exporting a key identification code, the derived secret identification code being from a key and at least one parameter including a session variable Generate; and &quot; The secret is identified from the derived key identification code. 23. The method of claim 22, wherein at least one of the generated ones derives an encrypted communication of the user. The step includes, based on the at least one parameter, and using the derived key to perform a counter value that is incremented before or after the square letter period of the item 22, as in the method of claim 24, further comprising: Communicate with the user after the follow-up of one of the users, and the information associated with the user; and 117974.doc 200803400, use the information and follow-up communication with the user During the period, 5 Hai users communicate. 26. A method for protecting user privacy during communication in a system with a key server, the method comprising: receiving from a requesting application - exporting a 3 code - the derived identification code is - at least one parameter of the key and the inclusion-memory variable is generated; and the user is identified from the identification code. 27. The method of claim 26, further comprising transmitting information associated with the user to the requesting application. 28. The method of claim 27, wherein the information comprises a secondary secret record for encrypting and decrypting data communicated between the requesting application and the user. 29. The method of claim 26, wherein The session variable contains a counter value. The method of claim 26, wherein the at least one parameter comprises an authorized application identification code associated with an authorized application in communication with the user. 31. The method of claim 30, further comprising, if the authorized application identifier does not match the application identifier of the requesting application, transmitting the information associated with the user to the request The application 32 includes a device for protecting user privacy, comprising: an export identifier generator, configured to generate a user associated with a user based on a key and at least one parameter including a session variable Derived identification code; 117974.doc 200803400 A transmitter for transmitting the derived identification code to an application. 33. The device of claim 32, further comprising a key generator for generating a key, wherein the device communicates with the application using the generated key. 34. The device of claim 32, wherein the device communicates with the same application for at least two sessions. 35. The device of claim 32, wherein the user communicates with a different application for at least two sessions at each session. 36. A device for protecting user privacy during communication in a system having a key server, the device comprising: a receiver for receiving an export identification code from a user, The derived identification code is generated from a password and at least one clip number including a session variable; and a transmitter for transmitting the derived user identification code to the key server. 37. The device of claim 36, wherein the receiver is further configured to receive information associated with the user from the key server; and the device uses the information to communicate with the user. 3 8 · A device for protecting user privacy, comprising: a receiver for receiving from the user-exporting (four) identification code, the derived key identification code is from a key and includes a At least one parameter of the period variable is generated; a processor for identifying the key from the derived secret identifier. 117974.doc 200803400 39. The device of claim 38, wherein the device is based on the at least one parameter generator, the generator key, wherein the device uses the guide king to pay out at the _# Communicate with the user. 40. A device for protecting the privacy of a user in a system with a key server, the damage comprising: ~ one receiver, which is used for self-study The application seeks to receive an export identification stone horse associated with a user, and the tomb identification code is from a key and At least one parameter including a period variable is generated; and a processor for identifying the user from the derived identification code. The device of claim 40, further comprising a __transporter for transmitting information associated with the user to the requesting application 0 42 - for use in an application A device for protecting user privacy during communication, the device comprising: means for generating an export identification code; means for transmitting the derived identification code to an application. 43. The device of claim 42, further comprising a component for generating a key wherein the device communicates with the application using the generated key. 44. A device for protecting user privacy during communication in a system having a key server, the device comprising: a receiver for receiving an export identification code from a requesting application, the exporting The identification code is generated from a key and at least one parameter including a session variable; 117974.doc -6 - 200803400 means for identifying the user from the derived identification code; and a transmitter for Information associated with the user is transmitted to the requesting application. 117974.doc