TW561755B - Certification of transactions - Google Patents
Certification of transactions Download PDFInfo
- Publication number
- TW561755B TW561755B TW090129338A TW90129338A TW561755B TW 561755 B TW561755 B TW 561755B TW 090129338 A TW090129338 A TW 090129338A TW 90129338 A TW90129338 A TW 90129338A TW 561755 B TW561755 B TW 561755B
- Authority
- TW
- Taiwan
- Prior art keywords
- key
- user
- security module
- private
- public
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/258—Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
- H04N21/25808—Management of client data
- H04N21/25816—Management of client data involving client authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/266—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
- H04N21/26613—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing keys in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/41—Structure of client; Structure of client peripherals
- H04N21/418—External card to be used in combination with the client device, e.g. for conditional access
- H04N21/4181—External card to be used in combination with the client device, e.g. for conditional access for conditional access
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/167—Systems rendering the television signal unintelligible and subsequently intelligible
- H04N7/1675—Providing digital key or authorisation information for generation or regeneration of the scrambling sequence
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Multimedia (AREA)
- Databases & Information Systems (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Graphics (AREA)
- Storage Device Security (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Description
—— 年月曰ιϋ kl B7 補充 五、發明説明(1) 【發明所屬之技術領域】 本發明係有關安全交易部份,特別係有關付費電視部 .--:----扣衣-- (請先閱讀背面之注意事項再填寫本頁) 份。 【先前技術】 隨開放資源,諸如網際網路上交通之發展,能確實識 別欲與之通訊之人及使二單位間之資料交換保密之需求快 速升高。 此即何以網路瀏覽器包含S S L式之譯密模組,俾對 由使用者發送至電腦設施之資料譯碼。 在此種構造中,電腦設施發送一認證至使用者位址, 該認證包含該中心之公共鍵。一旦收到此認證,由使用者 所發送之資料由公共鍵譯密,並發送至該中心。此然後僅 能由該中心之私人鍵對此等資料解碼,該鍵秘密保存於該 中心。 即刻需指出此系統具有一第一缺點,即資料僅在一方 向上安全。該中心並不保証使用者是否實爲其人。 經濟部智慧財產局員工消費合作社印製 另一缺點爲由中心所發送之認證可由第三者攔截,以 冒充其人。”中間人”爲熟知之情境。由使用者所發送之 所有資料然後由第三者之私人鍵解碼,及然後由中心之公 共鍵譯密。中心及使用者不看見此闖入,因爲由使用者所 發送之所有資料由第三者竄改。 在相互識別構造中,二交談者具有一公共鍵及一私人 鍵之認證。爲獲得認證,有若干方法’其二例說明於下: 本紙張尺度適用中國國家標準(CMS ) A4規格(2]0X 297公釐) -4 - 561755 ,92 9. 13 A7 B7 五、發明説明(2) (請先閱讀背面之注意事項再填寫本頁) 使用者經由網際網路進出認證當局。於收到一些個人 資料後,此認證當局發送認證至使用者之電子郵箱。需指 出在此階段,該認證包含私人鍵及公共鍵。 使用者親至認證當局,並提出身份証。該人接收一碟 片,含有欲安裝於其電腦中之認證。 雖第一方法具有簡單之優點,但並不保証高度安全。 反之,第二方法提供所有安全保証,但需採取所有步 驟,嚇阻許多使用者。 【發明內容】 本發明之目的在以安全之方法產生及分配認證,不麻 煩使用者,且保証接收者之身份資料。 此目的由鍵中心及至少一使用者單位間之非對稱鍵, 公共及私人鍵之分配方法達成,該方法包括產生含有一公 共鍵及一私人鍵之認證,由輸送鍵對此等認證譯碼,及發 送其至已知使用者之安全模組,該模組包含輸送鍵,用以 對該認證解碼。 經濟部智慧財產局員工消費合作社印製 測試之安全模組,諸如使用者之微處理器之使用可避 免輸送鍵之動態製造之若干交換。 此等安全模組在安全區中具有譯碼裝置及鍵,此特別 保証私人鍵之秘密。 事實上,依據已知之解決辨法,各種鍵通常儲存於電 腦之大量記憶器中,此暗示有受竄改之危險。 本發明系統亦用以安全產生認證。此系統所尋求之目 本紙張尺度適用中國國家標準(CNS ) A4規格(210X 297公釐) -5-
56WS518 <;Γ :fH A7 B7 五、發明説明(3 ) 的在避免各鍵在產生過程中曝露,同時保持發出時間短, 俾滿足巨大要求。 (請先閱讀背面之注意事項再填寫本頁) 【實施方式】 圖1槪要表示負責產生認證及各鍵之不同模組。諸如 該對私人鍵及公共鍵之產生在密碼模組K P G中依其本身 已知之技術執行。此一模組說明於申請書P C T / I B 〇 〇/〇 1 5 8 9,並根據使用平行工作之大量安全 單位。一旦產生,此等鍵在此同模組中由系統之一服務鍵 直接譯密,並在此形態下發送至鍵資料庫K P S。此服務 鍵對本地儲存之資料在此等機密資料離開安全模組時加以 譯碼或解碼。 此階段甚重要,因爲一對鍵之產生費時數秒,且線上 產生(於要求時)故此太慢,不能滿足使用者。此即何以 產生並儲存成對鍵於資料庫K P S中,供將來使用。 〇F F L線之左部係有關在離線模式中產生該等鍵。 經濟部智慧財產局員工消費合作社印製 於使用者要求時,譯密之鍵發送至C G證書產生模組 ,包含公共鍵之證書。恆爲譯密形態之私人鍵以及該證書 存於C &KD B資料庫中。在發送私人鍵之前,先由該系 統之服務鍵解碼,並由使用者之安全模組之發送鍵譯密。 此鍵可爲安全模組之秘密對稱鍵或公共鍵。此階段在高速 譯碼安全模組內依D C T / B〇〇/ 0 1 5 8 9中所述之 結構執行。 爲將來識別,亦可發送認證當局之證書。 本紙張尺度適用中國國家標準(CNS ) A4規格(210X 297公釐) -6- 561755
五、發明説明(4) 譯密之私人鍵及其證書由網際網路上之資源介面 N - I N 丁以普通方法發送至最後使用者。 (讀先閱讀背面之注意事項再填寫本頁〕 在付費電視之應用中,可使用由C A S模組(有條件 進出系統)所代表之訂戶管理之標準發送形式。 此一證書之發送可在中心或使用單位之發起上執行。 並不認爲使用單位D E C充分安全含有私人鍵。此即 何以私人鍵恆以譯密之形態發送至安全模組S Μ,此僅能 對此訊息解碼。私人鍵然後儲存於此模組之保護記憶器中 ’此通常具有精靈卡之形態。較大之證書通常儲存於解碼 器中,因其並不含有機密資料。 當由使用者發起交易時,由私人鍵在安全模組中製備 簽字。此鍵完全不能由安全模組外部接近。 經濟部智慈財產局員工消費合作社印製 依據一實施例,證書及簽字發送至管理中心。此管理 中心進出C & K D Β證書之資料庫,以確認證書之真實 性,並使用使用者之公共鍵,以對簽字解碼。該中心轉而 發送其證書及其簽字。爲構製後者,該中心使用同一 C & K D Β資料庫中所儲存之譯密形態之其私人鍵。該鍵發 送至簽字模組Ε Μ Ε,此爲安全型式。該鍵然後在此模組 中解碼,以編製該簽字。 簽字及證書然後發送至使用者單位。當建立使用者之 私人鍵時,該中心所發送之證書然後用以對簽字解碼並確 認。 故此確保雙方之真實性。 依據一實施例,該中心之公共鍵保持於使用者之安全 本纸張尺度適用中國國家標準(CNS ) Λ4規格(2]0Χ 297公釐)
五、發明説明(5) 模組中,故不能修改此重要之識別標準。 【圖式簡單說明】 圖1指出本發明之認證及私人鍵之產生系統之構造。 (請先閱讀背面之注意事項再填寫本頁) -裝· d 經濟部智慧財產局員工消費合作社印製 本紙張尺度適用中國國家標準(CNS ) A4規格(2】OX 297公釐) -8-
Claims (1)
- 々、申請專利範圍i (請先聞讀背面之注意事項再填寫本頁) 1·一種產生及分配非對稱公共及私人鍵於鍵產生中 心及至少一使用者單位(D E C )之間之方法,該單位包 含一安全模組(S Μ ),該方法包括·· 在一第一密碼單位(KP G)中產生證書,包含一公 共鍵及一私人鍵; 在第一密碼單位(K P G )中由服務鍵對私人鍵譯碼 ,並儲存該私人鍵於一鍵記憶器(K P S )中; 當發送該等鍵至一使用者單位時,自鍵記憶器( K P S )取出該等鍵,由公共鍵編製該證書; 在密碼安全模組中由服務鍵對對應之私人鍵解碼,並 由使用者之輸送鍵對其譯碼。 2 ·如申請專利範圍第1項所述之方法,其中由使用 者單位(D E C )接收譯密之私人鍵,並發送至安全模組 (S Μ ),含有輸送鍵用以解碼並儲存該私人鍵。 3 ·如申請專利範圍第1項所述之方法,其中包括使 用若干統一密碼單位,以獲得一高速譯碼模組。 4 .如以上申請專利範圍任一項所述之方法,其中包 經濟部智慧財產局員工消費合作社印製 括: 由輸送鍵對該中心之公共鍵譯碼,並發送其至使用者 單位(D E C ); 由使用者單位接收譯密之公共鍵,並發送其至安全模 組(S Μ ); 在安模組(S Μ )內由輸送鍵解碼並儲存該公共鍵。 本紙張尺度適用中國國家樣準(CNS ) Α4規格(21〇Χ297公楚) - 9-
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CH23082000 | 2000-11-28 |
Publications (1)
Publication Number | Publication Date |
---|---|
TW561755B true TW561755B (en) | 2003-11-11 |
Family
ID=4568496
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW090129338A TW561755B (en) | 2000-11-28 | 2001-11-27 | Certification of transactions |
Country Status (15)
Country | Link |
---|---|
EP (1) | EP1348279B1 (zh) |
JP (1) | JP2004538670A (zh) |
KR (1) | KR20040007417A (zh) |
CN (1) | CN1270469C (zh) |
AR (1) | AR031413A1 (zh) |
AT (1) | ATE289720T1 (zh) |
AU (1) | AU2002223963A1 (zh) |
BR (1) | BR0115737A (zh) |
CA (1) | CA2427705A1 (zh) |
DE (1) | DE60109061T2 (zh) |
ES (1) | ES2237622T3 (zh) |
MY (1) | MY136236A (zh) |
PT (1) | PT1348279E (zh) |
TW (1) | TW561755B (zh) |
WO (1) | WO2002045336A1 (zh) |
Families Citing this family (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2004054208A1 (en) * | 2002-12-06 | 2004-06-24 | Australia And New Zealand Banking Group Limited | Transferring secret information |
US7433473B2 (en) * | 2004-09-10 | 2008-10-07 | Nagracard S.A. | Data transmission method between a broadcasting center and a multimedia unit |
CN101116284B (zh) * | 2004-12-17 | 2012-11-14 | 艾利森电话股份有限公司 | 无线电通信网络中的防克隆相互鉴权的方法、身份模块、服务器以及系统 |
KR100704627B1 (ko) * | 2005-04-25 | 2007-04-09 | 삼성전자주식회사 | 보안 서비스 제공 장치 및 방법 |
DE102006044322A1 (de) * | 2006-09-18 | 2008-03-27 | Bundesdruckerei Gmbh | Verfahren zur Personalisierung von Dokumenten, kryptographisches System, Personalisierungssystem und Dokument |
JP5053032B2 (ja) * | 2007-10-16 | 2012-10-17 | 株式会社バッファロー | データ管理装置、データ管理方法およびデータ管理プログラム |
CN101282211B (zh) * | 2008-05-09 | 2011-07-06 | 西安西电捷通无线网络通信股份有限公司 | 一种密钥分配方法 |
CN103269326A (zh) * | 2012-12-22 | 2013-08-28 | 潘铁军 | 一种面向泛在网的安全设备、多应用系统和安全方法 |
CN108701308B (zh) * | 2016-03-30 | 2022-03-25 | 科因普拉格株式会社 | 用于基于区块链发布公共证书的系统、及使用该系统的用于基于区块链发布公共证书的方法 |
KR20200127201A (ko) * | 2018-03-02 | 2020-11-10 | 닛토덴코 가부시키가이샤 | 컴퓨터 간의 데이터 통신을 보안하기 위한 시스템 및 방법 |
US11546176B2 (en) * | 2020-08-26 | 2023-01-03 | Rockwell Collins, Inc. | System and method for authentication and cryptographic ignition of remote devices |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5680456A (en) * | 1995-03-31 | 1997-10-21 | Pitney Bowes Inc. | Method of manufacturing generic meters in a key management system |
SE514105C2 (sv) * | 1999-05-07 | 2001-01-08 | Ericsson Telefon Ab L M | Säker distribution och skydd av krypteringsnyckelinformation |
-
2001
- 2001-11-27 PT PT01999075T patent/PT1348279E/pt unknown
- 2001-11-27 AU AU2002223963A patent/AU2002223963A1/en not_active Abandoned
- 2001-11-27 AT AT01999075T patent/ATE289720T1/de not_active IP Right Cessation
- 2001-11-27 CA CA002427705A patent/CA2427705A1/en not_active Abandoned
- 2001-11-27 DE DE60109061T patent/DE60109061T2/de not_active Expired - Lifetime
- 2001-11-27 JP JP2002546353A patent/JP2004538670A/ja active Pending
- 2001-11-27 EP EP01999075A patent/EP1348279B1/fr not_active Expired - Lifetime
- 2001-11-27 KR KR10-2003-7007045A patent/KR20040007417A/ko not_active Application Discontinuation
- 2001-11-27 ES ES01999075T patent/ES2237622T3/es not_active Expired - Lifetime
- 2001-11-27 BR BR0115737-0A patent/BR0115737A/pt not_active IP Right Cessation
- 2001-11-27 WO PCT/IB2001/002269 patent/WO2002045336A1/fr active IP Right Grant
- 2001-11-27 CN CNB018195989A patent/CN1270469C/zh not_active Expired - Lifetime
- 2001-11-27 AR ARP010105497A patent/AR031413A1/es active IP Right Grant
- 2001-11-27 TW TW090129338A patent/TW561755B/zh active
- 2001-11-28 MY MYPI20015434A patent/MY136236A/en unknown
Also Published As
Publication number | Publication date |
---|---|
CA2427705A1 (en) | 2002-06-06 |
DE60109061D1 (de) | 2005-03-31 |
CN1270469C (zh) | 2006-08-16 |
MY136236A (en) | 2008-08-29 |
ES2237622T3 (es) | 2005-08-01 |
ATE289720T1 (de) | 2005-03-15 |
JP2004538670A (ja) | 2004-12-24 |
KR20040007417A (ko) | 2004-01-24 |
WO2002045336A1 (fr) | 2002-06-06 |
BR0115737A (pt) | 2004-01-13 |
DE60109061T2 (de) | 2006-01-12 |
AR031413A1 (es) | 2003-09-24 |
EP1348279A1 (fr) | 2003-10-01 |
CN1478342A (zh) | 2004-02-25 |
AU2002223963A1 (en) | 2002-06-11 |
PT1348279E (pt) | 2005-06-30 |
EP1348279B1 (fr) | 2005-02-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20200026834A1 (en) | Blockchain identity safe and authentication system | |
US7293176B2 (en) | Strong mutual authentication of devices | |
US7475250B2 (en) | Assignment of user certificates/private keys in token enabled public key infrastructure system | |
JP5190036B2 (ja) | 認証された文書の電子的送信、格納および検索システムおよび方法 | |
CN1689297B (zh) | 使用密钥基防止未经授权分发和使用电子密钥的方法 | |
US6892300B2 (en) | Secure communication system and method of operation for conducting electronic commerce using remote vault agents interacting with a vault controller | |
JP4638990B2 (ja) | 暗号鍵情報の安全な配布と保護 | |
CN112313683A (zh) | 离线存储系统及使用方法 | |
US20070162961A1 (en) | Identification authentication methods and systems | |
KR20220002874A (ko) | 자격증명 서비스 제공자를 통한 자격증명 검증 및 발행 | |
CN108023893A (zh) | 一种区块链数据认证系统的方法 | |
US10992683B2 (en) | System and method for authenticating, storing, retrieving, and verifying documents | |
GB2385955A (en) | Key certification using certificate chains | |
TW561755B (en) | Certification of transactions | |
CN114666168B (zh) | 去中心化身份凭证验证方法、装置,以及,电子设备 | |
EP3814964A1 (en) | Apparatus and method for providing authentication, non-repudiation, governed access and twin resolution for data utilizing a data control signature | |
Griffin | Telebiometric authentication objects | |
US20220005039A1 (en) | Delegation method and delegation request managing method | |
JP2005502269A (ja) | デジタル証明書を作成するための方法及び装置 | |
Husain et al. | An enriched information security framework from various attacks in the IoT | |
US20080101615A1 (en) | Certification of transactions | |
Hsu et al. | Intranet security framework based on short-lived certificates | |
CN103188212A (zh) | 电子钱包的安全管理方法及服务终端、电子钱包系统 | |
JPH09223210A (ja) | 携帯可能情報記憶媒体及びそれを用いた認証方法、認証システム | |
CN107682156A (zh) | 一种基于sm9算法的加密通信方法及装置 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
GD4A | Issue of patent certificate for granted invention patent |