TW490966B - Secure data transmission method and system using hardware protected hidden key and variable passcode - Google Patents

Secure data transmission method and system using hardware protected hidden key and variable passcode Download PDF

Info

Publication number
TW490966B
TW490966B TW88120414A TW88120414A TW490966B TW 490966 B TW490966 B TW 490966B TW 88120414 A TW88120414 A TW 88120414A TW 88120414 A TW88120414 A TW 88120414A TW 490966 B TW490966 B TW 490966B
Authority
TW
Taiwan
Prior art keywords
passcode
key
built
variable
hardware
Prior art date
Application number
TW88120414A
Other languages
Chinese (zh)
Inventor
Jian-Tsz Hou
Original Assignee
Geneticware Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Geneticware Co Ltd filed Critical Geneticware Co Ltd
Priority to TW88120414A priority Critical patent/TW490966B/en
Application granted granted Critical
Publication of TW490966B publication Critical patent/TW490966B/en

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The present invention is a secure data transmission method and system using hardware protected hidden key and variable passcode, which employs a hardware protected hidden key and a variable passcode. The system is composed of a source and a target, a passcode generator for generating the variable passcode, a working key generator based on the hidden key and the variable passcode, and a device for encrypting and decrypting the secure data. The method is to transmit the secure data from a source to a target using the hardware protected hidden key and the variable passcode, which includes the following steps: providing a first hidden key to the source and a second hidden key to the target, and the first and second hidden keys are equal and protected by the hardware; distributing the secure data as a plurality of data blocks; generating a plurality of variable passcodes, in which each passcode corresponds to one data block; using the variable passcode and the first hidden key to generate a plurality of working keys; using the working keys to encrypt the data block, in which each data block is encrypted with a working key generated by a corresponding passcode; transmitting the encrypted data block and the variable passcode from the source to the target; recovering the working key with the variable passcode received by the target and the second hidden key; and, using the recovered working key to decrypt the encrypted data block received by the target.

Description

490966490966

本案為一種使用硬體保護内建金鑰及可變通行碼的保 密資料傳送方法及系統,尤指一種利用一硬體保護之内建 金鑰及一變化之通行碼來内建金鑰及可變通行碼的機密資 料傳送方法及系統。 [背景] 密碼系統係發展用來維護通訊通道間資訊傳輸的隱私 性。一密碼系統係為一可以自傳送端傳送一安全訊息至一 接收端,以至於只有指定的接收端才能還原該訊息二系 統。傳統欲碼糸統可分類為一種,一為私錄密碼系統,另 一為公鑰密碼系統。 圖一為一與私鑰系統有關的對稱密碼系統方塊圖。如 圖一所示’二通訊端各自有密碼器C1,c 2,各別用來加密 發出的資料及解密收到的資料。更明確地說,加密器的作 用是將有關明文的訊息轉換為一己知為密文的加密格式。 加密係由操作或轉變使用密碼金鑰K1的訊息來完成。其他 端則解密該訊息,亦即,利用密碼金鑰K2之反轉操作或轉 變程序來將之從密文轉為明文。通常私鑰密碼系統中,加 密金鑰Kl,K2的内容相同。自從1 9 7 7年,數位加密系統或 所謂的DES係已普遍使用於工業界及政府機關。DES系統係 透過一個轉換及取代的冗長程序來利用一個5 6位元金錄去 加密6 4位元的資料字元。另一對稱密碼系統,I d E A ( International data encrypti〇n a 1 g〇rithm )採用的架 構則類似DES,但是卻利用一個更長的加密金输。 在對稱密碼系統中,金鑰交換係為一重要的課題。其This case is a method and system for transmitting confidential data using a hardware-protected built-in key and a variable passcode, especially a hardware-protected built-in key and a changed passcode to build a built-in key Method and system for transmitting confidential data with variable pass code. [Background] Cryptographic systems are developed to maintain the privacy of information transmission between communication channels. A cryptographic system is a system that can send a secure message from a transmitting end to a receiving end, so that only a specified receiving end can restore the message. Traditional codes can be classified into one type, one is a private recording password system, and the other is a public key password system. Figure 1 is a block diagram of a symmetric cryptosystem related to a private key system. As shown in Figure 1, the two communication terminals each have ciphers C1, c2, which are respectively used to encrypt the transmitted data and decrypt the received data. More specifically, the role of the cipher is to convert information about the plaintext into an encryption format known as ciphertext. Encryption is performed by operating or transforming the message using the cryptographic key K1. The other end decrypts the message, that is, uses the reversal operation or conversion procedure of the cryptographic key K2 to convert it from cipher text to plain text. Generally, in the private key cryptosystem, the contents of the encryption keys K1 and K2 are the same. Since 1977, digital encryption systems or the so-called DES system have been widely used in industry and government agencies. The DES system uses a 56-bit gold record to encrypt 64-bit data characters through a lengthy process of conversion and replacement. Another symmetric cryptosystem, I d E A (International data encrypti a 1 g0rithm) uses a similar architecture to DES, but uses a longer cryptographic gold loss. Key exchange system is an important subject in symmetric cryptosystems. its

490966490966

需要二通訊端有相同的加密 " 加密金鑰由傳送端產生,且隱;地傳金鑰需保密。通常, 現有的對稱密碼系統並無提 =接收端。然而, 發明說明(2) 复號 88120414 五 U此,金鑰貫際的安全性若网只際安全性的 輕易地解出傳輸的訊息。 右被文協,則饪何人皆可 對稱f生搶碼系統另一缺點在於,如—〆 用在任意二的通訊端間。因為鑰;糸統並無法使 知道才可行。-旦二通訊端互不:;換=二端間互相 則無法確定。為解決上述缺點,牛二=換的隱密性 概念而來的内建金鑰(hldden_key)4系= y二整個系統由二通訊端u組成,其分別 ^ 3 弟一金建金鑰編/解碼器15( codec)及一第二内建金 鑰codec^25。内建金鑰⑶心^巧及25分別有内建金鑰丨丨及 21。通常,二内建金鑰^,2;[的内容為相同。當傳送端輸 入 明文(Plaintext)至第一内建金錄codecl5時,内建金 餘11與適當的通行碼12(passcode)合併,由單向函數13處 理產生編碼金錄1 4 (c 〇 d e i n g k e y)。編碼金鑰1 4係用於 codecl5來對明文加密為密文(ciphertext)。除了密文之 外’ codecl5的輸出還包括通行碼1 2。接收端接收密文及 通行碼1 2之後,與通行碼1 2相同的通行碼2 2及内建金鑰2 1 由單向函數23處理產生編碼金錄24,用來使codec25解密 该密文至原來的明文。通常,編碼金输2 4係同於編碼金餘 14 〇It is required that the two communication ends have the same encryption " The encryption key is generated by the transmitting end and hidden; the ground transmission key needs to be kept secret. Generally, the existing symmetric cryptosystem does not mention the receiving end. However, the description of the invention (2) No. 88120414 5 U. Therefore, if the security of the key is consistent with the security of the Internet, the transmitted message can be easily solved. You are right, everyone can cook. Another disadvantage of the symmetric f-code grabbing system is that, for example, 〆 is used between any two communication terminals. Because of the key, the system cannot make it known. -Once the two communication terminals do not mutually :; change = the two terminals cannot mutually determine. In order to solve the above shortcomings, Niu Er = built-in key (hldden_key) from the concept of privacy of the exchange 4 system = y 2 The entire system consists of two communication terminals u, which are respectively ^ 3 The decoder 15 (codec) and a second built-in key codec ^ 25. The built-in keys KEY and Q25 have built-in keys 丨 丨 and 21, respectively. Generally, the contents of the two built-in keys ^, 2; [are the same. When the transmitting end inputs Plaintext to the first built-in gold record codecl5, the built-in gold balance 11 is combined with the appropriate passcode 12 (passcode), and the one-way function 13 is processed to generate the coded gold record 1 4 (c 〇deingkey). ). The encoding key 14 is used in codecl5 to encrypt the plaintext into ciphertext. In addition to the ciphertext, the output of codecl5 also includes the passcode 1 2. After the receiving end receives the ciphertext and passcode 12, the same passcode 2 2 and built-in key 2 1 as the passcode 12 are processed by the one-way function 23 to generate a coded record 24, which is used by codec25 to decrypt the ciphertext. To the original plaintext. In general, coded gold loss 2 4 is the same as coded gold balance 14 〇

490966 ----i^_88120414 年月日 條正 五、發明說明(3) " ' 7 ’在一密碼系統中隱密地保有一般金錄向來皆為 要的課題。基於前述密碼系統缺點之發現,吾人則希 望Ϊ ^ ~利用硬體保護的内建金鑰及變化的通行碼來傳輸 機^貧料的系統及方法。利用硬體保護内建金鑰及變化之 通行碼來傳輪機密資料的系統及方法係使用到編碼金鑰及 一加密演算法去執行加密/解密的工作,且可提供金鑰交 換之隱密性。 [發明簡要] 本案為^一種使用硬體保護内建金錄及可變通^亍碼的保 密資料傳送系統,係用到一硬體保護之内建金鑰及一變化 之通行碼,包含: 一來源端及一目的端; 一通行碼產生器,藉以產生變化之通行碼; 一根據該内建金錄及該變化之通行碼產生工作金输的 裝置;以及 一加密及解密機密資料之裝置。 硬 中 由一特定的 硬 體保 該内 電路 體保 該工 之單 相對 體保 該通 述之使用 系統,其 如 料傳 只能 所 送 藉 所 資料傳送 一雙 第 所 送 資 且 如 能由490966 ---- i ^ _88120414 Article 5: Description of Invention (3) " '7' It is always a necessary issue to keep the general gold records secretly in a password system. Based on the discovery of the shortcomings of the aforementioned cryptographic system, we hope that the system and method for transmitting machine data using the built-in keys protected by hardware and changing passcodes will be used. The system and method for transmitting confidential data using hardware to protect built-in keys and changing pass codes uses encoding keys and an encryption algorithm to perform encryption / decryption work, and can provide the secret of key exchange Sex. [Brief description of the invention] This case is ^ a secure data transmission system using hardware to protect the built-in gold record and a flexible code, which uses a hardware-protected built-in key and a changed passcode, including: a A source end and a destination end; a passcode generator to generate a changed passcode; a device for generating working money based on the built-in gold record and the changed passcode; and a device for encrypting and decrypting confidential data. A specific hardware is used to protect the internal circuit. The insurance is to cover the work order. The relative to the insurance is to use the system described in the description. If it is passed, it can only send the borrowed data.

述之使用 系統,其 輸入單輸 /輸入及 述之使用 系統,其 中 出 _ 一 硬 中 瘦内建孟錄及可變通行碼的保密 建金鑰係含於一硬體模組内,並 而非由外部路徑來擷取。 護内建金鑰及可變通行碼的保密 作金餘產生裝置包含: 向函數,其係符合一第二輪入不 應之輸出反推之條件。 護内建金鑰及可變通行碼的保密 行碼產生器更包含一隨嬙The use system described above, its input single input / input and the use system described above, where a hard-core thin built-in Menglu and a variable passcode are included in a hardware module, and Not retrieved by external path. The built-in key and the variable pass code are kept confidential. The surplus generating device includes: a directional function, which meets the conditions of a second round of incompatible output inversion. The built-in key and variable passcode are protected.

490966 修正 案號 88120414 五、發明說明(4) 生器,藉以產生該變化之通行碼。 2所述之使用石更體保tf内建金鑰及可,通行碼的保密 資料傳达糸統,其中該通行碼係根據該機密資料而變化。 所述之使用硬體保護内建金鑰及可變通行碼的保密 二的】ΐ系統’更包含—特徵抽取器,藉以抽取該機密資 料的特徵。 =使:ΪΪ保護内建金输及可變通行碼的保密 Λ ' X ^ '1 ^…μ通行碼產生器產生之變化通行碼係 如所述之使用硬體二内ΐ器取出之特徵之-函數。 資料傳送系、統,更包含 建金鑰及可變通行碼的保密 :暫時儲存元件’ ϋ以 而該通行碼產生裝置係產二十:出之特敛 存於該暫時儲存元件之 雙化之基本通行碼及儲 另外本案更提出’碼。 仃碼的保役貧料傳送方法,自:土鑰及了-通 驟: 建至鑰及、交化之通行碼,其包含下列步 該目鑰π來源端,-第二内建金鍮予 分配該機密資料為複數個資^^且受硬體保護; 塊;|數個交化通订碼’各通行碼對應於一資料區 使用該變化通行碼及該第一 作金输; 内建金鑰以產生複數個490966 Amendment No. 88120414 V. Description of the Invention (4) The generator, to generate the pass code for the change. The security information transmission system using the built-in key and the pass code of Shifeng Sports Security as described in 2 is used, wherein the pass code is changed according to the confidential information. The described use of hardware to protect the confidentiality of the built-in key and the variable passcode. [2] The "system" further includes a feature extractor to extract the features of the confidential information. = Enable: ΪΪProtect the confidentiality of the built-in gold loser and variable passcodes Λ 'X ^' 1 ^ ... μ The change passcode generated by the passcode generator is the feature of using hardware two internal device to take out as described -function. The data transmission system and system also include the security of key and variable pass code: temporary storage element ', and the pass code generating device is produced in twentieth: the special feature is that it is stored in the dualization of the temporary storage element. The basic pass code and the store also proposed 'code in this case. The method for transmitting the serviced data of the security code is from: the local key and the pass-through: the pass code built to the key and the cross link includes the following steps: the source end of the target key,-the second built-in gold key to allocate the The confidential information is a plurality of information ^^ and is protected by hardware; blocks; | several cross-pass subscription codes' each pass code corresponds to a data area using the changed pass code and the first gold input; built-in key To produce plural

490966 修正490966 fix

五、發明說明(5) 藉由纟亥工作金錄加穷-欠, ^ ^ ^ , 在δ亥貪料區塊,各資料區塊係藉由 使用H:碼所產生之工作金鑰來加密; 自該來源端傳輸該加密之資料區塊及該變化 至該目的端; τ馬 藉由該目的端所接收之該變化通行碼及該第二内 餘復原該工作金錄;以及 i 由,亥復原之工作金餘解密該目的端所接收之該加穷 料區塊。 貝 如所述之使用硬體保護内建金餘及可變 貧料傳送方法,其中該工作金餘係由一符合一第二= ,由一第二輸入及一相對應之輸出所反推之條件的雙輸 單輸出之單向函數所產生。 Ί 如所述之使用硬體保護内建金鑰及可 資料傳送方法,其中該通行碼係由__符合— 由-第-輸入及一相對應之輸出所反推之條件心 輸出之單向函數所產生。 輸入早 如所述之使用硬體保護内建金鑰及可變 資料傳送方法,豆中該變化之is仵派尨士 订馬的保费 器所產生。-中h化之通订碼係由-隨機變數產生 如所述之使用硬體保護内建金鑰及可 資料傳送方法,其中每一通行碼係產生來作η =、 碼及_一取自—相對應資料區塊之特徵的一函數。土 I仃 [圖示簡要說明] ° 圖一為傳統私錄密碼系統之方塊圖; Β二 y建金鑰密碼系統之基本方塊圖;V. Description of the invention (5) By adding poor-owing to the work record of Lu Hai, ^ ^ ^, in the δ Hai lust block, each data block is encrypted by using the work key generated by H: code ; Transmitting the encrypted data block and the change from the source to the destination; τ Ma restores the work record by the change pass code and the second surplus received by the destination; and i, The rest of the working money of Hai Hei decrypts the plus block received by the destination. The method of using the hardware to protect the built-in gold balance and variable lean material transmission as described, wherein the working balance is derived from a second input and a second input and a corresponding output Conditional double-input single-output one-way function. Ί Use the hardware to protect the built-in key and data transmission method as described, where the passcode is a one-way one-way conditional output that is inferred by __compliance-by-input-and a corresponding output Function. The input uses the hardware to protect the built-in key and the variable data transmission method as described earlier. This change is generated by sending an order to a horse's premium device. -The generalized ordering code in Chinese is generated by-random variables, as described in the hardware protection built-in key and data transmission method, where each passcode is generated as η =, code and _ one taken from -A function corresponding to the characteristics of the data block.土 I 仃 [Brief description of the icons] ° Figure 1 is a block diagram of a traditional private recording cipher system; Β2 y The basic block diagram of a key cryptosystem;

HiHi

LMJiHU 第9頁 490966 曰 修正 案號 881204U 五、發明說明(6) 圖三為本案較佳實施例一; 圖四為本案圖二較佳實施例— 圖五為本案較佳實施例一之流二科流方塊圖; 圖六為本案較佳實施例二之。“: 圖七為本案圖六較佳實施例二之^ 較佳實施例三之方塊圖…, 圖九為本案較佳實施例三之 圖十(a)⑻分別為本案較佳實施及 序。 j 口您碼碼及解碼程 [圖號說明] 圖一 ·· C1 ’ C 2 :密碼器 12, 22 ··通行碼 U,24 :編碼金鑰 (codec) 1,2 :通訊端LMJiHU, page 9, 490966, Amendment No. 881204U 5. Description of the invention (6) Figure 3 is the preferred embodiment 1 of the case; Figure 4 is the preferred embodiment of figure 2-Figure 5 is the second embodiment of the preferred embodiment 1 Branch flow block diagram; Figure 6 is the second preferred embodiment of the present invention. ": Figure 7 is a block diagram of the preferred embodiment 2 of the sixth embodiment of the present invention ^ Figure 9 is a block diagram of the preferred embodiment 3 of the present invention. Figure 10 (a) (i) is the preferred implementation and sequence of the present invention. J port your code and decoding process [Illustration of figure number] Figure 1 ·· C1 'C 2: Encryptor 12, 22 ·· Pass code U, 24: Codec (Codec) 1,2: Communication terminal

Kl,K2 :金鑰 圖二·· 11,21 ·内建金輸 13,23 ·早向函數 1 5,2 5 :編碼解碼器 圖三: 3,4 :通訊端 31,41 :内建金鈐 32 :隨機變數產生器 33,43 :通行碼明 34, 44 ·早向函數 35,45 :編碼金鈐 36, 46::編碼解螞器(codec) 37 :分段之: 圖四: 干又 < 貝枓區塊 PC :通行碼 DB :資料區塊 E(DB) ·加在之資料區塊Encoder :編碼哭 Decoder :解碼器 .σσ 第10頁 490966 案號 88120414 年 月 曰 修正 五、發明說明(7) 圖六· 5, 6 :通訊端 51,61 :内建金鑰 52, 6 2 :通行碼 53,63 :單向函數 54 函數 55, 6 5 .編碼金输 56, 6 6 :編碼解碼器 57 :特徵抽取器 圖八: 7 : 來源端 70 : 隨機變數產生器 71 内建金錄 72 :通行碼 73 函數 74 :特徵抽取器 75 單向函數 76 :編碼金錄 77 編碼解碼 78 :分段資料區塊 圖九· 8 : 接收端 81 :内建金鍮 83 函數 84 :特徵抽取器 85 單向函數 86 :編碼金錄 87 編碼解碼 圖十(A) 91 :函數 92, 9 3,9 4,9 5 :資料區塊 96, 9 7,9 8,9 9 :真實通行碼 圖十(B) 101 :函數 102, 1 0 3,1 0 4,1 0 5 ··資料區 1 0 6,1 0 7. 1 0 8. 1 0 9 :真實通行碼 [詳細說明] 實施例一: 圖三為本案實施例一。整個密碼系統包含二通訊端3Kl, K2: Key diagram 2 · 11, 21 · Built-in gold loss 13, 23 · Early direction function 1 5, 2 5: Codec picture 3: 3, 4: Communication end 31, 41: Built-in gold钤 32: Random variable generators 33,43: Pass codes 34, 44 · Early direction function 35,45: Coding code 36, 46 :: Codec 37: Segmentation: Figure 4: Dry Also < Beck block PC: Passcode DB: Data block E (DB) · Added data block Encoder: Encoding Decoder: Decoder. Σσ Page 10 490966 Case No. 88120414 Explanation of the invention (7) Fig. 6 · 5, 6: Communication terminals 51, 61: Built-in keys 52, 6 2: Pass codes 53, 63: One-way functions 54 Functions 55, 6 5. Encoded gold inputs 56, 6 6 : Codec 57: Feature extractor Figure 8: 7: Source 70: Random variable generator 71 Built-in golden record 72: Pass code 73 Function 74: Feature extractor 75 One-way function 76: Code golden record 77 Encoding and decoding 78: Segmented data block diagram 9 · 8: Receiving end 81: Built-in Jinye 83 function 84: Feature extractor 85 One-way function 86: Encoding gold record 87 Encoding and decoding Ten (A) 91: Function 92, 9 3, 9 4, 9 5: Data block 96, 9 7, 9 8, 9 9: Real pass code map Ten (B) 101: Function 102, 1 0 3, 1 0 4,1 0 5 ·· Data area 1 0 6,1 0 7. 1 0 8. 1 0 9: Real pass code [Detailed description] Embodiment 1: Figure 3 is the first embodiment of this case. The entire password system includes two communication terminals 3

第11頁 490966 ----案號88120414_年月日 ^正 五、發明說明(幻 一 及4。對傳送端3而言,首先輸入之資料被分段為幾個連續 的資料區塊37。相對應於每個新的資料區塊,新的通行碼 Μ係由隨機變數產生器32所產生。然後,碼編 内建金錄31 (hidden key )及通行碼33的單向函數處理所 產生 接者’連縯的資料區塊係由編碼解碼器3 6 ( C 〇 d e C ) 利用編碼金鑰3 5來加密。密文隨著相對應的通行碼3 3送至 接收端4。對接收端而言,使用所接收之通行碼“及内建 金鑰41,c〇dec46可以由一般的單向函數程序44產生編碼 金錄45 ’使得接收端的codec46可以利用獲得的編碼金餘 45來解密該密文。通常,内建金鑰3丨及41的内容相同,"同 樣地,工作金鑰35及45也相同。 圖四為本實施例的資料流程圖。如圖四所示,這此標 示DBA,DBB,DBC及DBD的資料區塊係藉由導自隨意產I : 通行碼PCA,PCB,PCC及PCD之碼金鑰來加密。然^加密之 資料區塊,標示E(DBA) ,E(DBB) ,E(DBC)及E(DBD) , ^藉 由導自通行碼之金鑰來解碼。本實施例之詳細步驟,如^ 五所示,係摘要如下:Page 11 490966 ---- Case No. 88120414_Year Month and Five ^ Description of the invention (Magic One and 4. For the transmitting end 3, the first input data is segmented into several consecutive data blocks 37 Corresponding to each new data block, the new pass code M is generated by the random variable generator 32. Then, the code is built with a one-way function processing unit 31 (hidden key) and pass code 33 The data block that generates the receiver's continuous performance is encrypted by the codec 3 6 (Co de C) using the encoding key 35. The cipher text is sent to the receiving end 4 with the corresponding pass code 3 3. As for the receiving end, using the received passcode "and built-in key 41, codec 46 can generate a code record 45 'from a general one-way function program 44 so that the codec 46 at the receiving end can use the obtained code balance 45 to Decrypt the ciphertext. Generally, the contents of the built-in keys 3 丨 and 41 are the same, and the work keys 35 and 45 are also the same. Figure 4 is a data flow chart of this embodiment. As shown in Figure 4, The data blocks marked DBA, DBB, DBC, and DBD are derived from random production I: Passcodes PCA, P CB, PCC and PCD code keys are used to encrypt. Then ^ encrypted data blocks are marked E (DBA), E (DBB), E (DBC) and E (DBD), ^ by the gold derived from the passcode Key to decode. The detailed steps of this embodiment are shown in Figure 5 and summarized as follows:

步驟S1 :在來源端將輸入資料分段為連續的資料區塊 (DBA,DBB,DBC,DBD 等等); A 步驟S2 :在來源端分別隨意地產生一個相對於個別資料區 步驟S3 :在來源端使用該通行碼及内建金鑰以產生該編碼 金鑰,並利用該編碼金鑰去加密該相對應之區料區塊·, 步驟S4 ·從來源端,資料區塊連同該相對應之通行碼一起 傳輸至目的端;Step S1: The input data is segmented into continuous data blocks (DBA, DBB, DBC, DBD, etc.) at the source end; A Step S2: Generate a random one at the source end relative to the individual data area. Step S3: The source uses the passcode and the built-in key to generate the encoding key, and uses the encoding key to encrypt the corresponding data block. Step S4. From the source, the data block and the corresponding block The passcode is transmitted to the destination;

第12頁 490966 ___案號 88120414 五、發明說明(9) 曰 修正Page 12 490966 ___ Case No. 88120414 V. Description of the invention (9)

步驟S 5 ··在目的端使用所接收之通行碼及其内之内八 其還原該編碼金鑰;以及 咬至編 步驟S6 ··在目的端使用區域產生之編碼金鑰去解穷 之資料區塊。 * 接收 :月顯地:根據本案的構想’用於加密程序之編碼金鑰 係隨者母個貝料區塊而有所不同。因此,編碼金輸 的。亦即,其將難於建立編碼金鑰與相對應之明文/贫= 組彼此之間的關連性,乃至於推算出内建金鑰。 山 實施例二: 圖六為本案較佳實施例二之方塊圖。同樣,整個系統 可以分為二個子系統5及6。對傳送端5而言,用來產生編 碼金餘55的真實通行碼係導自一個基本通行碼52及一些 自特徵抽取器57之資料之特徵的函數54。在本實施例;, 基本通打碼5 2係為固定者且建置於來源端。特徵抽取哭5 7 可以抽取輸入資料的特徵,如現在的時間,屬性,定^資 訊’樓案長度及其和檢驗(check sum)。在通訊端5,人5 真實通行碼的内建金鑰5 1係由單向函數5 3處理以產生編石= 金鑰55。進一步說,資料係由codec56利用編碼金鑰55來…、 加密。在通訊端6,與編碼金鑰55 —樣,接收自其他通% 端及内建金錄61之通行碼62係由單向函數63處理以產生編 碼金鑰65,其係用以與c〇dec66合併去解密資料。 很明顯,在實施例2中,真實通行碼隨著輸入之資料 而變化。尤其,真實通行碼可以隨著資料的輸入時間而變 化。因此’編碼金鑰5 5甚至在輸入維持相同時亦可以有所Step S 5 ·· Use the received passcode and the contents within it to restore the encoding key at the destination; and bite into step S6 ·· Use the encoding key generated in the area at the destination to solve the poor data Block. * Receiving: Month obviously: According to the idea of this case, the encoding key used for the encryption process varies with each parent material block. As a result, encoding gold loses. That is, it will be difficult to establish the correlation between the encoding key and the corresponding plaintext / poor = group, and even to calculate the built-in key. Mountain Second Embodiment: Figure 6 is a block diagram of the second preferred embodiment of the present invention. Similarly, the entire system can be divided into two subsystems 5 and 6. For the transmitting end 5, the real pass code used to generate the encoding balance 55 is a function 54 derived from a basic pass code 52 and some features from the data of the feature extractor 57. In this embodiment, the basic pass code 5 2 is fixed and is built on the source side. Feature extraction cry 5 7 You can extract the features of the input data, such as the current time, attributes, fixed length of the information ’building case, and its check sum. At the communication end 5, the built-in key 5 1 of the real passcode of the person 5 is processed by the one-way function 5 3 to generate the stone = key 55. Furthermore, the data is encrypted by the codec56 using the encoding key 55, ... At the communication end 6, like the encoding key 55, the pass code 62 received from the other communication terminal and the built-in gold record 61 is processed by the one-way function 63 to generate the encoding key 65, which is used to communicate with c. dec66 merge to decrypt the data. Obviously, in the second embodiment, the real pass code changes with the input data. In particular, the real passcode can change as the data is entered. So the ‘encoding key 5 5’ can be changed even when the input remains the same

竹的66 ^S 88120414 五、發明說明(10) 改、支。換a之,真實通行碼係遞送至通訊同輩,藉以區域 性地還原該編碼金鑰66。本實施例二之詳細步驟如圖七所 示,摘要如下: y驟S1 1 ·在來源端抽取如槽案長度、屬性、輸入時 間、定址等等特徵; 步驟S1 2 ·在來源端計算一基本通行碼及抽取之特徵 的特定函數,以獲得該真實通行碼; 步驟S1 3 :在來源端利用該真實通行碼及該内建金 输’以產生編碼金鑰,且藉由該編碼金鑰加密該相對應之 資料區塊; 步驟S1 4 :從該來源端將該資料區塊連同該相對應之 真實通行碼傳輸至目的端; 步驟S1 5 ·在目的端利用所收到之通行碼及其内之内 建金錄'以退原该編碼金餘; 步驟S1 6 ··在目的端利用該區域產生之編碼金鑰以解 密該接收之資料區塊。 圖八為實施例三之方塊圖。為簡化起見,只有敘述該 來源端7。首先,資料被分段為幾段區塊π,其係進一步 分別輸入至一codec77及一特徵抽取器74。於此同時,通 行碼72係由一隨機變數產生器產生,其係同步於該資料段 落78。然後該通行碼72及所抽取之特徵係由一單向函數73 所處理以產生真實通行碼。與上述實施例一樣,一内建金 錄71及該真實通行碼係由另外的單向函數了 5所處理以產生 編碼金鑰76,其係由該codec77所用,以加密該資料。如66 ^ S 88120414 of bamboo V. Description of invention (10) Modification and support. In other words, the real pass code is delivered to the communication peer, and the encoded key 66 is restored regionally. The detailed steps of the second embodiment are shown in Figure 7, and the summary is as follows: y Step S1 1 · Extract features such as slot length, attributes, input time, addressing, etc. on the source side; Step S1 2 · Calculate a basic on the source side The specific function of the pass code and the extracted features to obtain the real pass code; Step S13: Use the real pass code and the built-in gold input at the source side to generate an encoding key, and encrypt with the encoding key The corresponding data block; step S1 4: transmitting the data block with the corresponding real passcode from the source to the destination; step S1 5 · using the received passcode and its The internal built-in gold record is used to return the original code balance; Step S16 ··· Use the coded key generated in the area at the destination to decrypt the received data block. FIG. 8 is a block diagram of the third embodiment. For simplicity, only the source 7 is described. First, the data is segmented into several blocks π, which are further input to a codec 77 and a feature extractor 74, respectively. At the same time, the pass code 72 is generated by a random variable generator, which is synchronized with the data segment 78. The pass code 72 and the extracted features are then processed by a one-way function 73 to generate a true pass code. As in the above embodiment, a built-in record 71 and the real pass code are processed by another one-way function 5 to generate a coding key 76, which is used by the codec 77 to encrypt the data. Such as

490966 案號 881204U 五、發明說明(11) 產生之真實通 鑰86,其係進 月 曰 修正 樣 與所接 產生該真實通 基本原理。真 特徵抽取器7 4 此’該基本通 數產生器70所 施例二的益處 輸入被調整過 碼金錄8 6來解 行碼係 一步為 收之基 行碼。 貫通行 所抽取 行碼係 產生。 。圖九 的特徵 密該資 為一單向函數85所用,以產生編碼金 —codec87所用,以解密該資料。同 本通行碼合併之特徵抽取器84係用以 本實施例結合實施例一及實施例二的 碼係導自一該基本通行碼7 2及一由— 之輸入資料的特徵預設函數7 3。除 由一同步於該輸入資料區塊之隨機變 結果,本實施例獲得了實施例一及實 為編碼及解碼過程。很明顯,甚至是 ,5亥接收端8都不會還原出原來的編 料。 、 實施例四: 本貫施例與前一個相類。 e ^ 3不同之處在☆,此時料;二:施例四與實施例 在本實施 &lt;列,對岸一資二”塊:被選取再抽取該特徵。 前資料區塊所。“區;:係導自由其先 近的資料區塊一個週期\ 裝置係用以留住最 一週後被取代。於傳於助^σ ; μ、彳政抽取器留住該特徵 他端,其可由一以:】生本通行碼遞送至其 所接收之基本通行石馬 相 庠该接收端係利用 編碼金鑰。圖十(Α)及十(Β)分 ^序,以還原所需之 序。如圖所示,在編碼端,資料;碼及解碼的程 92, 93, 94, 95等等。第—資、&quot; 为段為幾個資料區塊 ·--------二^通仃碼 9 6 來加密。 第15頁 490966490966 Case No. 881204U V. Description of the invention (11) The real pass key 86 generated by the month is modified and connected to the basic principle of generating the real pass. The true feature extractor 7 4 and this basic flux generator 70 are the benefits of the second embodiment. The input is adjusted. The code record 8 6 is used to solve the line code system. The code of the extracted line is generated. . The features of Figure 9 are secretly used by a one-way function 85 to generate the code gold—codec87, to decrypt the data. The feature extractor 84 merged with the pass code is used in this embodiment in combination with the codes of the first and second embodiments to derive a feature preset function 7 3 from a basic pass code 7 2 and a input data of — . Except for a random variation result synchronized with the input data block, this embodiment obtains the first embodiment and the actual encoding and decoding process. Obviously, even the receiver 8 on the 5H will not restore the original material. Embodiment 4 This embodiment is similar to the previous one. e ^ 3 is different at ☆, at this time; Second: Example 4 and Examples are in this implementation <column, the opposite bank is one capital and two "block: selected and then extracted this feature. The former data block." Zone ;: It guides one cycle of its nearest data block \ The device is used to retain it for up to a week and is replaced. Yu Chuanyuzhu ^ σ; μ, the political extractor retains the other end of the feature, which can be delivered to the basic pass Shima Xiang received by:] the birth pass code, the receiving end uses the encoding key . Figures ten (A) and ten (B) are divided in order to restore the required order. As shown in the figure, at the encoding end, the data; the coding and decoding processes are 92, 93, 94, 95, and so on. No.-&quot; is a section of several data blocks. Page 15 490966

ί第一資料區塊係由基本通行碼及取自該資料區塊9 2之 ,破=預^函數91所產生的真實通行碼97來加密。同樣, 第二資料區塊9 4係由基本通行碼及取自資料區塊9 3之特徵 的函數91所產生的真實通行碼98來加密。資料區塊95也是 如此。 刀—在肖ΐ碼端,所接收之加密資料區塊係以同樣的方式來 角午密。貢料區塊丨〇 2係由基本通行碼及預定資料的預定函 數1(Η所產生的真實通行碼106來解密。之後,資料區塊 103係由基本通行碼及取自資料區塊1〇 2之特徵的函數ι〇1 所產生的真實通行碼丨〇 7來解密。同樣,資料區塊丨〇 4係由 基^通行碼及取自資料區塊103之特徵的函數101所產生的 真貫通行碼1 〇 8來解密。資料區塊丨〇 5也是如此。在實施例 四丄所傳輸之通行碼(真實通行碼)與編碼金鑰之間的關係 比W —個更為複雜。因此’可預期的是,實施例四能提供 一更強固的密碼系統。 本案得由熟悉本技藝人士,任施匠運而據以實施,仍 不脫如附申請專利範圍所欲保護者。The first data block is encrypted by the basic pass code and the real pass code 97 generated from the data block 92, broken = pre ^ function 91. Similarly, the second data block 94 is encrypted by the basic passcode and the real passcode 98 generated by the function 91 obtained from the characteristics of the data block 93. The same is true for data block 95. Knife—At the end of Xiao's code, the encrypted data block received is the same in the same way. The tribute block 丨 〇2 is decrypted by the basic passcode and the predetermined function 1 (预定) of the real passcode 106 generated. After that, the data block 103 is composed of the basic passcode and the data block 1 The real passcode generated by the function ι〇1 characteristic of 2 is decrypted. Similarly, the data block 〇04 is the true generated by the base pass code and the function 101 obtained from the characteristic of data block 103. The decryption is performed through the line code 108. The same is true for the data block 05. The relationship between the pass code (real pass code) and the encoding key transmitted in the fourth embodiment is more complicated than W. Therefore, 'It can be expected that the fourth embodiment can provide a stronger password system. This case can be implemented by any person skilled in the art who works as a craftsman.

Claims (1)

490966 案號 88120414 、申請專利範圍 x 種使用硬體保護内建金鑰及可變通行碼的保密資料 傳送系統,係用到一硬體保護之内建金鑰及一變化之通行 碼,包含: 一來源端及一目的端; 一特彳政抽取态,藉以自該來源端之一資料區塊抽取一 特徵,該特徵係為該資料區塊之一現在的時間,一屬性, 〆定址資A ’ 一棺案長度及一和檢驗(check sum); 一通行碼產生器,係包含一隨機變數產生器,藉以根 據該特徵抽取器所抽取之特徵,產生一變化之通行碼,該 通行碼係根據該資料區塊而變化,且該變化通行碼係為二 基本通行碼及由該特徵抽取器取出之特徵之一函數; 一工作金鑰產生裝置,係根據該内建金 通行碼產該内建金鍮係含於硬體= S工:ΐ!ί猎由一特定的電路而非由外部路徑來擷取; 係符-至ΐί裝置包含—雙輸入單輸出之單向函數,其 入不能由-第-輸入及-相對應之輸出反 變化:=力解!:密資料之裝置,11以該工作金鑰及該 2.如ϋ碼及解密該資料區塊。 可變通v上第1項所述之使用硬體保護内建撕 —τ 的保选育料傳送系統’更包含: 特徵 傳送方法 一、、2吏用硬體保護内建金鑰及可變通行 碼的保密資料 至一目的端’使用硬體保護之内490966 Case No. 88120414, patent application scope x kinds of confidential data transmission systems using hardware protection of built-in keys and variable pass codes, which use a hardware-protected built-in key and a changed pass code, including: A source end and a destination end; a special government extraction state, by which a feature is extracted from a data block of the source end, the feature is the current time of a data block, an attribute, 'A coffin case length and a check sum; a pass code generator that includes a random variable generator to generate a changing pass code based on the features extracted by the feature extractor, the pass code is It is changed according to the data block, and the changed pass code is a function of two basic pass codes and the features extracted by the feature extractor; a working key generating device generates the internal code according to the built-in gold pass code Jianjin 鍮 is included in the hardware = S worker: ΐ! Ί hunted by a specific circuit rather than by an external path; Coupling-to ΐ ΐ device contains-one-way function of dual input single output, its input cannot By -Input and-Corresponding output change: = force solution! : Device for confidential data, 11 with the work key and the 2. such as code and decrypt the data block. The optional breeding material transfer system using hardware to protect the built-in tear as described in item 1 above on v can also include: Feature transmission methods 1, 2 to protect the built-in key with hardware and variable access Code of confidential information to a destination 'using hardware protection 第17頁 1 存7L件,藉以儲存從前一資料區塊取出之一 490966 _案號88120414_年月日__ 六、申請專利範圍 建金鑰及變化之通行碼,其包含下列步驟: 提供一第一内建金鑰予該來源端,一第二内建金鑰予 該目的端,該第一及第二内建金鑰係相等且受硬體保護; 分配該機密資料為複數個資料區塊; 產生複數個變化通行碼,各通行碼對應於一資料區 塊, 使用該變化通行碼及該第一内建金鑰以產生複數個工 作金錄,該工作金输係由一符合一第二輸入不能由一第一 輸入及一相對應之輸出所反推之條件的雙輸入單輸出之單 向函數所產生; 措由該工作金錄加密该貢料區塊’各貢料區塊係措由 使用一對應之通行碼所產生之工作金錄來加密,該通行碼 係由一符合一第二輸入不能由一第一輸入及一相對應之輸 出所反推之條件的雙輸入單輸出之單向函數所產生; 自該來源端傳輸該加密之資料區塊及該變化之通行碼 至該目的端; 藉由該目的端所接收之該變化通行碼及該第二内建金 鑰來復原該工作金鑰;以及 由該復原之工作金鑰解密該目的端所接收之該加密資 料區塊。 4 ·如申請專利範圍第3項所述之使用硬體保護内建金鑰及 可變通行碼的保密資料傳送方法,其中該變化之通行碼係 由一隨機變數產生器所產生。 5 ·如申請專利範圍第3項所述之使用硬體保護内建金鑰及 可變通行碼的保密資料傳送方法,其中每一通行碼係產生Page 17 1 Store 7L pieces to store one from the previous data block. 490966 _Case No. 88120414_Year Month Day__ VI. Passport for applying for a patent key to build a key and change, which includes the following steps: Provide a A first built-in key to the source end, a second built-in key to the destination end, the first and second built-in keys are equal and protected by the hardware; allocating the confidential data into a plurality of data areas Block; generating a plurality of change passcodes, each passcode corresponding to a data block, using the change passcode and the first built-in key to generate a plurality of work records, the work loss is determined by a The two inputs cannot be generated by a one-way function of two inputs and one output with the conditions inferred by a first input and a corresponding output; measures are used to encrypt the tribute block by the work record. The method is encrypted by using a work record generated by a corresponding pass code, which is a dual input single output that meets a condition that a second input cannot be deduced by a first input and a corresponding output One-way function Transmitting the encrypted data block and the changed passcode from the source to the destination; recovering the work key by the changed passcode and the second built-in key received by the destination; and The recovered work key is used to decrypt the encrypted data block received by the destination. 4 · The method for transmitting secure data using the hardware-protected built-in key and a variable passcode as described in item 3 of the scope of the patent application, wherein the changed passcode is generated by a random variable generator. 5 · The secure data transmission method using hardware to protect the built-in key and variable passcode as described in item 3 of the scope of the patent application, where each passcode is generated 第18頁 490966 l _案號88120414_年月曰 修正_ 六、申請專利範圍 來作為一基本通行碼及一取自一相對應資料區塊之特徵的 一函數。 6 ·如申請專利範圍第3項所述之使用硬體保護内建金鑰及 可變通行碼的保密資料傳送方法,其中該基本通行碼係由 一隨機變數產生器所產生。 7 ·如申請專利範圍第3項所述之使用硬體保護内建金鑰及 可變通行碼的保密資料傳送方法,其中每一通行碼係產生 來作為一基本通行碼及一取自前一資料區塊之特徵的一函 數。 8 ·如申請專利範圍第7項所述之使用硬體保護内建金錄及 可變通行碼的保密資料傳送方法,其中該基本通行碼係由 一隨機變數產生器所產生。Page 18 490966 l _Case No. 88120414_ Year Month Revision_ VI. Patent Application Range As a function of a basic pass code and a feature taken from a corresponding data block. 6. The method for transmitting secure data using a hardware-protected built-in key and a variable passcode as described in item 3 of the scope of the patent application, wherein the basic passcode is generated by a random variable generator. 7 · The secure data transmission method using hardware to protect the built-in key and variable passcode as described in item 3 of the scope of the patent application, where each passcode is generated as a basic passcode and one is taken from the previous one A function of the characteristics of a data block. 8. The secure data transmission method using hardware to protect the built-in gold record and variable passcode as described in item 7 of the scope of the patent application, wherein the basic passcode is generated by a random variable generator. 第19頁Page 19
TW88120414A 1999-11-23 1999-11-23 Secure data transmission method and system using hardware protected hidden key and variable passcode TW490966B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW88120414A TW490966B (en) 1999-11-23 1999-11-23 Secure data transmission method and system using hardware protected hidden key and variable passcode

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW88120414A TW490966B (en) 1999-11-23 1999-11-23 Secure data transmission method and system using hardware protected hidden key and variable passcode

Publications (1)

Publication Number Publication Date
TW490966B true TW490966B (en) 2002-06-11

Family

ID=21643111

Family Applications (1)

Application Number Title Priority Date Filing Date
TW88120414A TW490966B (en) 1999-11-23 1999-11-23 Secure data transmission method and system using hardware protected hidden key and variable passcode

Country Status (1)

Country Link
TW (1) TW490966B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7548623B2 (en) 2004-04-27 2009-06-16 Nec Electronics Corporation Communication system, communication device, and communication method

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7548623B2 (en) 2004-04-27 2009-06-16 Nec Electronics Corporation Communication system, communication device, and communication method

Similar Documents

Publication Publication Date Title
Panda Performance analysis of encryption algorithms for security
US7809134B2 (en) Method for encrypting information and device for realization of the method
KR100563108B1 (en) Ic card and cryptographic communication method between ic cards
US7254232B2 (en) Method and system for selecting encryption keys from a plurality of encryption keys
KR100259179B1 (en) Process of communication cryptograph
WO1990009009A1 (en) Data carrier and data communication apparatus using the same
WO2016173724A1 (en) Encryption system, encryption key wallet and method
JP2001251287A (en) Confidential transmitting method using hardware protection inside secret key and variable pass code
JP2000059355A (en) Enciphering processing system
JP2001211154A (en) Secret key generating method, ciphering method, and cipher communication method
Sultana et al. Keyless lightweight encipher using homomorphic and binomial coefficients for smart computing applications
CN114567427A (en) Block chain concealed data segmented transmission method
Erondu et al. An encryption and decryption model for data security using vigenere with advanced encryption standard
JP4703805B2 (en) ENCRYPTION DEVICE, ENCRYPTION METHOD, DECRYPTION DEVICE, DECRYPTION METHOD, AND COMMUNICATION SYSTEM
JP2642433B2 (en) Encryption key generation device
TW490966B (en) Secure data transmission method and system using hardware protected hidden key and variable passcode
JPH01225251A (en) Secret key delivering system
Gupta et al. Enhancement of security using B-RSA algorithm
KR100388059B1 (en) Data encryption system and its method using asymmetric key encryption algorithm
KR20000072516A (en) end-to-end data encryption/decryption method and device for mobile data communication
Odlyzko Public key cryptography
Kuppuswamy et al. Enrichment of security through cryptographic public key algorithm based on block cipher
JPH07336328A (en) Cipher device
CN108718235A (en) A kind of stream encryption and decryption method
TW510107B (en) A coding system and method of secure data transmission

Legal Events

Date Code Title Description
GD4A Issue of patent certificate for granted invention patent
MM4A Annulment or lapse of patent due to non-payment of fees