TWM449418U - Self-variation type multi-key information transmission security setting device - Google Patents
Self-variation type multi-key information transmission security setting device Download PDFInfo
- Publication number
- TWM449418U TWM449418U TW101222344U TW101222344U TWM449418U TW M449418 U TWM449418 U TW M449418U TW 101222344 U TW101222344 U TW 101222344U TW 101222344 U TW101222344 U TW 101222344U TW M449418 U TWM449418 U TW M449418U
- Authority
- TW
- Taiwan
- Prior art keywords
- unit
- key
- self
- setting device
- list
- Prior art date
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
Description
本創作係有關於一種自主變動式多組金鑰資訊傳輸安全設定裝置,尤指涉及一種使用金鑰清單(Key List)搭配對稱式加密系統(Symmetric Encryption System),特別係指能俾使多單元之無線設施之間及與主機本身之金鑰可供多次性使用者。
This author is about a self-changing multi-group key transmission security setting device, especially a key list using a Symmetric Encryption System, especially for multi-units. The keys between the wireless devices and the host itself are available to multiple users.
由於近年內隨著網際網路澎勃發展,以及漸漸成型之無線網路應用普遍,使得生活週遭都可以遇到網路、資訊等等之資源。基於此,為達到一份文件之資料完整性、私密性、可用性、不可否認性及其存取控制,皆突顯文件流通在網路上其安全性之重要程度。
自從公鑰加密方法出現以來,不同之公鑰加密方法都被提出,其安全性都係建立在極複雜之數學難題上。現在網路上常見之密碼系統可二分為對稱式加密及非對稱式加密,有鑑於目前用在密碼系統(Cryptosystem)上之金鑰皆為一組並為固定式,因此在安全性上有所顧慮,若遭有心人士嘗試破解,當時間越久,則益發容易造成金鑰之破解,以致機密資訊之外流。
上述對稱式加密系統(Symmetric Encryption System),如第16圖所示,係透過加密演算法(Encryption algorithm)將明文做各種不同之取代與置換,而該加密演算法之輸入就係祕密鑰匙(Secret Key),所謂之鑰匙係與明文無關之數值,其係利用鑰匙與明文加密,並可同樣利用該鑰匙將密文解密。換言之,在該對稱式加密系統中,加密與解密都係使用同一把鑰匙(即Secret Key),所以訊息傳送雙方都必須擁有同一把鑰匙,故在此對稱式加密系統中,如何有效地傳送鑰匙到對方手中,而不會遭駭客攔截或竊取,就係一個很重要之課題。
至於在該非對稱式加密系統(Asymmetric Encryption System)中,如第17圖所示,其每個人都可以產生一對金鑰(鑰匙),稱為公開鑰匙(Public Key)與私密鑰匙(Private Key),該私密鑰匙必須被個人好好保管,而在非對稱式之加密系統下,所有參與者都可以取得每個人之公開鑰匙,而該私密鑰匙為個人所擁有,故不在網路上傳輸,而一個訊息用同一個人之公鑰加密,就必須用私鑰解開,反之,用私鑰加密就必須用公鑰解開。
上述對稱式加密系統與非對稱式加密系統之不同在於金鑰與公鑰之傳送。該對稱式加密系統係建立在彼此信任後傳送,而該非對稱式加密系統則必需透過信任之第三方來傳送,於其中,最常見之信任第三方就係認證中心(Certification Authority, CA)。
由於該非對稱式加密系統在網路上極為常見,所以其透過認證中心傳送金鑰之流程也係一個很遠久之發展,自然地也就無人懷疑其流程;然而,對於該對稱式加密系統而言,其加密金鑰與解密金鑰係為相同一把金鑰,因此資訊之傳送方如何在加密之後,將該把加密金鑰以安全之方式傳送給接收方,並如何使雙方能共享該把秘密金鑰,以利其解密,係此密碼系統之一大問題。故,ㄧ般習用者係無法符合使用者於實際使用時若能以一個信任式之區堿網路,配合金鑰清單(Key List)之使用,便可能解決該問題之所需。
In recent years, with the development of the Internet and the widespread use of wireless Internet applications, you can encounter resources such as Internet, information, etc. in your life. Based on this, in order to achieve the data integrity, privacy, usability, non-repudiation and access control of a document, it highlights the importance of the security of the file circulation on the network.
Since the emergence of public key cryptography, different public key cryptography methods have been proposed, and their security is based on extremely complex mathematical problems. Nowadays, the common cryptosystem on the network can be divided into symmetric encryption and asymmetric encryption. In view of the fact that the keys used in the cryptosystem (Cryptosystem) are all fixed and fixed, there are concerns about security. If someone is trying to crack, the longer the time, the easier it is to crack the key, so that confidential information flows.
The Symmetric Encryption System (Symmetric Encryption System), as shown in FIG. 16, performs various substitutions and permutations of the plaintext through an encryption algorithm, and the input of the encryption algorithm is a secret key (Secret). Key), the so-called key is a value that is unrelated to plaintext, which is encrypted with a key and plaintext, and can also be used to decrypt the ciphertext. In other words, in the symmetric encryption system, both the encryption and the decryption use the same key (Secret Key), so both sides of the message transmission must have the same key, so in this symmetric encryption system, how to effectively transmit the key Being in the hands of the other party without being intercepted or stolen by the hackers is a very important issue.
As for the Asymmetric Encryption System, as shown in Fig. 17, each of them can generate a pair of keys (keys) called a public key and a private key. The private key must be kept by the individual, and under the asymmetric encryption system, all participants can obtain the public key of each person, and the private key is owned by the individual, so it is not transmitted on the network, and a message To encrypt with the same person's public key, you must use the private key to unlock. Otherwise, the private key encryption must be solved with the public key.
The difference between the above symmetric encryption system and the asymmetric encryption system lies in the transmission of the key and the public key. The symmetric encryption system is established after mutual trust, and the asymmetric encryption system must be transmitted through a trusted third party. Among them, the most common trusted third party is the Certification Authority (CA).
Since the asymmetric encryption system is very common on the network, the process of transmitting the key through the certification center is also a very long-term development, and naturally there is no doubt about its process; however, for the symmetric encryption system, The encryption key and the decryption key are the same key, so how the sender of the information transmits the encryption key to the receiver in a secure manner after encryption, and how to enable the two parties to share the secret The key, in order to facilitate its decryption, is a big problem with this cryptosystem. Therefore, the user can not solve the problem if the user can not use the network of a trusted type in the actual use of the user, with the use of a key list.
本創作之主要目的係在於,克服習知技藝所遭遇之上述問題並提供一種使用金鑰清單搭配對稱式加密系統,俾使多單元之無線設施之間及與主機本身之金鑰可供多次性使用者。
本發明之次要目的係在於,提供一種可在不破壞密碼系統原有架構下,讓安全性更為提高,且不增加額外之計算複雜程度之裝置。
本發明之另一目的係在於,提供一種能達到一份文件之資料完整性、私密性、可用性、不可否認性及其存取控制,使文件可以安全地流通在網路上之裝置。
本發明之再一目的係在於,提供一種使用金鑰清單可節省一次性金鑰傳送之時間之裝置。
為達以上之目的,本創作係一種自主變動式多組金鑰資訊傳輸安全設定裝置,係包括:
一控制機構,係包含有一處理單元,一與該處理單元連接之第一主機、一與該處理單元連接之金鑰清單傳送單元、一與該處理單元連接之密文傳送單元、一與該處理單元連接之第二主機、一與該處理單元連接之更新單元、及一與該處理單元連接之通訊單元,該第一主機係透過一亂數檢測(Random Number Testing)生成至少一組以上之金鑰,並編成一組金鑰清單,當於傳送一資料時,係使用該金鑰清單對該資料進行加密,使其成為密文(Ciphertext),該金鑰清單傳送單元係將該第一主機之金鑰清單以及選定之加密演算法(Encryption algorithm)傳送至該第二主機,該密文傳送單元係將該第一主機之密文傳送至該第二主機,而該第二主機當接收到該密文後,係使用自該第一主機接收到之金鑰清單進行解密,使其成為明文(Plaintext),另該更新單元係進行金鑰清單之更新動作,將原有之金鑰清單透過一演算法,變更成為新金鑰清單;
一接收/傳輸機構,係與該通訊單元交握溝通;以及
一操作機構,係與該接收/傳輸機構交握溝通。
於本創作上述實施例中,該處理單元係可為單晶片、晶圓或邏輯電路。
於本創作上述實施例中,該接收/傳輸機構係以有線網路方式與該通訊單元進行交握溝通。
於本創作上述實施例中,該接收/傳輸機構係以無線網路方式與該通訊單元進行交握溝通。
於本創作上述實施例中,該操作機構係可為行動通訊機構、電腦或PDA。
於本創作上述實施例中,該操作機構係以有線網路方式與該接收/傳輸機構進行交握溝通。
於本創作上述實施例中,該操作機構係以無線網路方式與該接收/傳輸機構進行交握溝通。
於本創作上述實施例中,該操作機構係包含有一輸入單元及一輸出單元。
於本創作上述實施例中,該輸入單元係為一鍵盤。
於本創作上述實施例中,該輸出單元係為一顯示幕。
於本創作上述實施例中,該操作機構係為一觸控式螢幕。
於本創作上述實施例中,該金鑰清單建立單元之亂數檢測係為美國聯邦資訊處理標準公告(Federal Information Processing Standards Publication)之FIPS PUB 140-1,其包括下列測試子單元:
一單一位元測試子單元,係使用亂數產生器產生20000個連續0或1位元,將該20000個連續位元相加總數定義為X,若9654<X<10346,則此項亂數測試通過;
一樸克測試子單元,其與該單一位元測試子單元連接,係使用亂數產生器產生20000個連續位元,將該20000個位元切割成連續5000個4位元整數,該整數之數值範圍為0~15,其中,定義f(i)為整數i出現之次數,而i之範圍為0≤i≤15,其計算式定義為:
若1.03<X<57.4,則此項亂數測試通過;
一位元重複值測試子單元,其與該樸克測試子單元連接,係定義連續20000個亂數位元中所出現連續為1之長度或連續為0之長度,統計累積此數值,不論係1或係0之位元,其位元重複值之長度對統計數值大小皆需符合累積數之範圍,共計包含1與0之12項測試,分別為1與0位元之位元重複值1次、2次、3次、4次、5次及6次以上,若不符合其中一項,則此項亂數測試不通過;以及
一長位元重複值測試子單元,其與該位元重複值測試子單元連接,係定義連續20000個亂數位元中所出現連續為1之長度為34或34以上,或連續為0之長度為34或34以上,統計累積此長位元重複值,共計包含1與0之2項測試,若此兩項統計值其中一項不為0,則此項亂數測試不通過。
於本創作上述實施例中,該金鑰清單更新單元亦可為金鑰清單加密單元,係進行金鑰清單之加密動作,將原有之金鑰清單進行加密後傳送。
於本創作上述實施例中,該金鑰清單傳送單元所選定之加密演算法係為進階加密標準(Advanced Encryption Standard, AES)演算法。
The main purpose of this creation is to overcome the above problems encountered in the prior art and to provide a key list with a symmetric encryption system so that the keys of the multi-unit wireless facilities and the host itself can be used multiple times. Sexual users.
A secondary object of the present invention is to provide a device that allows for increased security without compromising the computational complexity of the cryptographic system without adding additional computational complexity.
Another object of the present invention is to provide a device that achieves the integrity, privacy, usability, non-repudiation and access control of a document so that the file can be safely circulated on the network.
It is still another object of the present invention to provide an apparatus for saving the time of one-time key transfer using a key list.
For the above purposes, this creation is a self-changing multi-group key transmission security setting device, which includes:
A control mechanism includes a processing unit, a first host connected to the processing unit, a key list transfer unit connected to the processing unit, a ciphertext transfer unit connected to the processing unit, and a process a second host connected to the unit, an update unit connected to the processing unit, and a communication unit connected to the processing unit, the first host generates at least one set of gold through a random number detection (Random Number Testing) The key is compiled into a list of keys. When the data is transmitted, the data is encrypted by the key list to be Ciphertext, and the key list transmission unit is the first host. The key list and the selected encryption algorithm (Encryption algorithm) are transmitted to the second host, the ciphertext transmitting unit transmits the ciphertext of the first host to the second host, and the second host receives the ciphertext After the ciphertext, the decryption is performed using the list of keys received from the first host to make it plaintext (Plaintext), and the update unit performs a key list. The new action, the original through a list of key algorithms, key changes to become the new list;
A receiving/transmitting mechanism communicates with the communication unit; and an operating mechanism communicates with the receiving/transmitting mechanism.
In the above embodiments of the present creation, the processing unit may be a single wafer, a wafer or a logic circuit.
In the above embodiment of the present creation, the receiving/transmitting mechanism communicates with the communication unit in a wired network manner.
In the above embodiment of the present creation, the receiving/transmitting mechanism communicates with the communication unit in a wireless network manner.
In the above embodiment of the present creation, the operating mechanism may be a mobile communication mechanism, a computer or a PDA.
In the above embodiment of the present creation, the operating mechanism communicates with the receiving/transmitting mechanism in a wired network manner.
In the above embodiment of the present creation, the operating mechanism communicates with the receiving/transmitting mechanism in a wireless network manner.
In the above embodiment of the present creation, the operating mechanism includes an input unit and an output unit.
In the above embodiment of the present creation, the input unit is a keyboard.
In the above embodiment of the present creation, the output unit is a display screen.
In the above embodiment of the present creation, the operating mechanism is a touch screen.
In the above embodiment of the present creation, the random number detection of the key list establishing unit is FIPS PUB 140-1 of the Federal Information Processing Standards Publication, which includes the following test subunits:
A single bit test subunit uses a random number generator to generate 20,000 consecutive 0 or 1 bits, and the total number of 20,000 consecutive bits is defined as X. If 9654 < X < 10346, the random number Pass the test;
a Parker test subunit connected to the single bit test subunit, using a random number generator to generate 20,000 consecutive bits, and cutting the 20000 bits into consecutive 5000 4-bit integers, the integer The value range is 0-15, where f(i) is defined as the number of occurrences of the integer i, and the range of i is 0≤i≤15, and the calculation formula is defined as:
If 1.03<X<57.4, the random number test passes;
A one-bit repeat value test sub-unit, which is connected to the Parker test sub-unit, and defines a length of 1 consecutive or 0 consecutive lengths in consecutive 20,000 random numbers, and the value is accumulated, regardless of the number 1 Or the bit of 0, the length of the bit repeat value must be in the range of the cumulative number for the statistical value, a total of 12 tests including 1 and 0, respectively, 1 and 0 bit repeat value 1 time , 2 times, 3 times, 4 times, 5 times and more than 6 times. If one of the items does not match, the random number test fails; and a long bit repeat value test subunit, which is repeated with the bit The value test subunit connection is defined as the continuous length of 1 in the continuous 20,000 random number bits is 34 or more, or the length of the continuous 0 is 34 or more, and the cumulative value of the long bit is accumulated. Contains 2 tests of 1 and 0. If one of the two statistics is not 0, the random test does not pass.
In the above embodiment, the key list update unit may also be a key list encryption unit, which performs an encryption operation of the key list, encrypts and transmits the original key list.
In the above embodiment of the present creation, the encryption algorithm selected by the key list transmission unit is an Advanced Encryption Standard (AES) algorithm.
請參閱『第1圖~第7圖』所示,係分別為本創作之基本架構示意圖、本創作亂數檢測單元之架構示意圖、本創作之金鑰清單建立示意圖、本創作之金鑰清單傳送示意圖、本創作之密文傳送示意圖、本創作之密文解密示意圖、以及本創作之金鑰清單更新示意圖。如圖所示:本創作係一種自主變動式多組金鑰資訊傳輸安全設定裝置,係使用金鑰清單(Key List)搭配對稱式加密系統(Symmetric Encryption System),俾使多單元之無線設施之間及與主機本身之一次性使用之金鑰可轉變為多次性使用者。本裝置至少包含有一控制機構1、一接收/傳輸機構2以及一操作機構3所構成。
上述所提之控制機構1係包含有一處理單元10,一與該處理單元10連接之第一主機11、一與該處理單元10連接之金鑰清單傳送單元12、一與該處理單元10連接之密文傳送單元13、一與該處理單元10連接之第二主機14、一與該處理單元10連接之金鑰清單更新單元15、及一與該處理單元10連接之通訊單元16。其中,該處理單元10係可為單晶片、晶圓或邏輯電路;該第一主機11係透過一亂數檢測(Random Number Testing)單元111生成至少一組以上之金鑰,並編成一組金鑰清單4,如第2圖所示。當於傳送一資料時,係使用該金鑰清單4對該資料進行加密,使其成為密文(Ciphertext);該金鑰清單傳送單元12係將該第一主機11之金鑰清單4以及選定之加密演算法(Encryption algorithm)傳送至該第二主機14,如第3圖所示;該密文傳送單元13係將該第一主機11之密文傳送至該第二主機14,如第4圖所示;而該第二主機14當接收到該密文後,係使用自該第一主機11接收到之金鑰清單4進行解密,使其成為明文(Plaintext),如第5圖所示;另該金鑰清單更新單元15係進行金鑰清單之更新動作,將原有之金鑰清單4透過一演算法,變更成為新金鑰清單4a,如第6圖所示。
該接收/傳輸機構2係以有線網路或無線網路之方式與該通訊單元16進行交握溝通(今本創作係以無線網路為實施例)。
該操作機構3係以有線網路或無線網路之方式與該接收/傳輸機構2進行交握溝通(今本創作係以無線網路為實施例),且該操作機構3至少包含有一輸入單元31及一輸出單元32,其中該輸入單元31係為一鍵盤,該輸出單元32係為一顯示幕,另該操作機構2亦可為一觸控式螢幕(圖未示)。於一具體實施例中,該操作機構2係可為行動通訊機構、電腦或PDA。如是,藉由上述之裝置構成一全新之自主變動式多組金鑰資訊傳輸安全設定裝置。
上述亂數檢測單元111為FIPS PUB 140-1,係美國聯邦資訊處理標準公告(Federal Information Processing Standards Publication)對密碼系統之秘密安全規定(Security Requirements for Cryptographic Modules),其包括一單一位元測試子單元1111、一樸克測試子單元1112、一位元重複值測試子單元1113、以及一長位元重複值測試子單元1114所組成,其中:
該單一位元測試子單元1111係使用亂數產生器產生20000個連續0或1位元,將該20000個連續位元相加總數定義為X,若9654<X<10346,則此項亂數測試通過。
該樸克測試子單元1112係使用亂數產生器產生20000個連續位元,將該20000個位元切割成連續5000個4位元整數,該整數之數值範圍為0~15,其中,定義f(i)為整數i出現之次數,而i之範圍為0≤i≤15,其計算式定義為:
若1.03<X<57.4,則此項亂數測試通過。
該位元重複值測試子單元113係定義連續20000個亂數位元中所出現連續為1之長度或連續為0之長度,統計累積此數值,不論係1或係0之位元,其位元重複值之長度對統計數值大小皆需符合表1所示累積數之範圍(採用習知技術之「使用邏輯映射之渾沌串流密碼之研究),共計包含1與0之12項測試,分別為1與0位元之位元重複值1次、2次、3次、4次、5次及6次以上,若不符合其中一項,則此項亂數測試不通過。
該長位元重複值測試子單元114係定義連續20000個亂數位元中所出現連續為1之長度為34或34以上,或連續為0之長度為34或34以上,統計累積此長位元重複值,共計包含1與0之2項測試,若此兩項統計值其中一項不為0,則此項亂數測試不通過。
總計此FIPS PUB 140-1之亂數檢測共計16項,需16項全部通過才算通過。
有鑑於密碼系統之金鑰管理及傳送一直係長久以來存在之大問題,故在本創作中係提供兩種單元解決。其一係金鑰清單加密單元;其二則為金鑰清單更新單元,即第1圖所示。
使用前者單元係將原有之金鑰清單進行加密後傳送。該單元係進行兩次之密碼系統加解密,基於進行過加密之動作,因此當第三方竊取到此密文時,係必須透過破解之方式才可得到想要之資訊。其中,由於此方法係採用兩次密碼系統進行演算,使其複雜之運算能力再提升一個層次,故較適用於運算能力較強之運算處理器,相較之下有使用範圍之限制。
使用後者單元係將金鑰清單作演算法之變化,使其跟原始之金鑰清單不相同,而使用新之金鑰清單進行加解密之過程。假設,今天同樣之情況下,甲乙兩方之條件相同,都具有同樣演算法、同樣加解密方法及同樣金鑰清單,再假設今天使用之演算法為輸出之值係輸入之值加上1,則金鑰所產生之變化情形如表2所示。藉此,可讓被竊取之金鑰清單成為一無效之清單。
請參閱『第8圖~第10圖』所示,係分別為本創作之單一位元測試子單元進行亂數檢測示意圖、本創作之樸克測試子單元進行亂數檢測示意圖、及本創作之位元重複值測試子單元進行亂數檢測示意圖。如圖所示:於一較佳實施例中,係使用Matlab數學軟體進行亂數檢測之實驗。
如第8圖所示,係以金鑰清單建立單元之單一位元測試子單元進行亂數檢測之比較實驗,其結果為9856,顯示通過9654<X<10346之條件。
如第9圖所示,係以金鑰清單建立單元之樸克測試子單元進行亂數檢測之比較實驗,其結果為11.4048,顯示通過1.03<X<57.4之條件。
如第10圖所示,係以金鑰清單建立單元之位元重複測試子單元進行亂數檢測之比較實驗,其數據表示第一、二列分別為1位元與0位元之位元重複值,第一行為重複值1次、第二行為重複值2次、第三行為重複值3次、第四行為重複值4次、第五行為重複值5次以及第六行為重複值6次以上。經各項結果顯示,符合表1之條件。
請進一步參閱『第11圖~第15圖』所示,係分別為本創作進行AES加密之明文選擇示意圖、本創作進行AES加密之金鑰清單示意圖、本創作進行AES加密之密文取得示意圖、本創作進行AES解密之明文取得示意圖及本創作進行金鑰清單變化之新金鑰清單取得示意圖。如圖所示:本實施例接著進入加解密階段,使用之加密演算法係以進階加密標準(Advanced Encryption Standard, AES)演算法為例。首先,明文選擇為「YDU」,如第11圖所示;然後生成金鑰清單,本實施例以0~255隨機選取10個亂數,進而組成金鑰清單,並隨機從10個亂數中選取一個作為加密金鑰,如第12圖所示;將明文「YDU」加密後取得密文,如第13圖所示;利用密文及金鑰清單之傳遞,進行解密之動作,取得明文「YDU」,如第14圖所示;最後執行金鑰清單變化之動作,將原有之金鑰清單配上演算法,得到新金鑰清單,如第15圖所示。
本創作之自主變動式多組金鑰資訊傳輸安全設定裝置經上述測試證實,係可達到一份文件之資料完整性、私密性、可用性、不可否認性及其存取控制,使文件可以安全地流通在網路上。
據此,本創作係提出一種可在不破壞密碼系統原有架構下,讓安全性更為提高,且不增加額外之計算複雜程度之裝置。主要係將金鑰清單配合演算法以使原使用之金鑰可以在伺服器上主動改變,且能一次產生多組,進而讓金鑰清單在密碼系統上之使用壽命更加延長,因此使用該金鑰清單係可省掉一次性金鑰傳送之時間,除了可節省原本之時間,亦可不破壞原本對稱式加密系統之架構。當每次欲進行資料傳輸時,只需更新演算法,即可藉演算法使金鑰產生變化而更新金鑰清單,俾以增加每次被破解之難度。
在本文中,「金鑰清單」一語係將原本使用一組之金鑰,事先生成超過一組之金鑰,編成清單,意指在於原本每次需要使用時都必需要傳送一次金鑰,若使用該金鑰清單之觀念,則傳送一次即可使用很久甚至可以用上一輩子。惟在金鑰清單生成之前必需先經過亂數之檢測。
綜上所述,本創作係一種自主變動式多組金鑰資訊傳輸安全設定裝置,可有效改善習用之種種缺點,係將金鑰清單配合演算法以使原使用之金鑰可以在伺服器上主動改變,且能一次產生多組,進而讓金鑰清單在密碼系統上之使用壽命更加延長,每次進行資料傳輸時,只需更新演算法,即可藉演算法使金鑰產生變化而更新金鑰清單,俾以增加每次被破解之難度,而達到一份文件之資料完整性、私密性、可用性、不可否認性及其存取控制,使文件可以安全地流通在網路上,進而使本創作之産生能更進步、更實用、更符合使用者之所須,確已符合新型專利申請之要件,爰依法提出專利申請。
惟以上所述者,僅為本創作之較佳實施例而已,當不能以此限定本創作實施之範圍;故,凡依本創作申請專利範圍及新型說明書內容所作之簡單的等效變化與修飾,皆應仍屬本創作專利涵蓋之範圍內。
Please refer to the "Figure 1 to Figure 7" for the basic architecture diagram of the creation, the schematic diagram of the creation of the random number detection unit, the schematic diagram of the key list of the creation, and the key list transmission of the creation. The schematic diagram, the ciphertext transmission diagram of the creation, the ciphertext decryption diagram of the creation, and the update diagram of the key list of the creation. As shown in the figure: This creation is a self-changing multi-group key transmission security setting device, which uses a Key List with a Symmetric Encryption System to enable multi-unit wireless facilities. The one-time use key between the user and the host itself can be converted into multiple users. The device comprises at least a control mechanism 1, a receiving/transmitting mechanism 2 and an operating mechanism 3.
The control mechanism 1 mentioned above comprises a processing unit 10, a first host 11 connected to the processing unit 10, a key list transfer unit 12 connected to the processing unit 10, and a processing unit 10 connected thereto. The ciphertext transmitting unit 13, a second host 14 connected to the processing unit 10, a key list updating unit 15 connected to the processing unit 10, and a communication unit 16 connected to the processing unit 10. The processing unit 10 can be a single chip, a wafer or a logic circuit. The first host 11 generates at least one set of keys through a random number testing unit 111 and compiles a set of gold. Key list 4, as shown in Figure 2. When transmitting a data, the data is encrypted using the key list 4 to make it a Ciphertext; the key list transmitting unit 12 is to select the key list 4 of the first host 11 and select The encryption algorithm (Encryption algorithm) is transmitted to the second host 14, as shown in FIG. 3; the ciphertext transmitting unit 13 transmits the ciphertext of the first host 11 to the second host 14, such as the fourth The second host 14 receives the ciphertext and decrypts it using the key list 4 received from the first host 11 to make it plaintext (Plaintext), as shown in FIG. The key list update unit 15 performs an update operation of the key list, and changes the original key list 4 to a new key list 4a by an algorithm, as shown in FIG.
The receiving/transmitting mechanism 2 communicates with the communication unit 16 in the form of a wired network or a wireless network (the present invention uses a wireless network as an embodiment).
The operating mechanism 3 communicates with the receiving/transmitting mechanism 2 in the form of a wired network or a wireless network (the present invention uses a wireless network as an embodiment), and the operating mechanism 3 includes at least one input unit. And an output unit 32, wherein the input unit 31 is a keyboard, and the output unit 32 is a display screen. The operating mechanism 2 can also be a touch screen (not shown). In a specific embodiment, the operating mechanism 2 can be a mobile communication device, a computer or a PDA. If so, a new self-changing multi-group key information transmission security setting device is constructed by the above device.
The above-mentioned random number detecting unit 111 is FIPS PUB 140-1, which is a Security Information for Standards Publications (Security Information for Cryptographic Modules), which includes a single bit tester. The unit 1111, a hack test subunit 1112, a one-bit repeat value test sub-unit 1113, and a long-bit repeat value test sub-unit 1114, wherein:
The single bit test subunit 1111 uses a random number generator to generate 20,000 consecutive 0 or 1 bits, and defines the total number of 20,000 consecutive bits to be X. If 9654 < X < 10346, the random number The test passed.
The Parker test sub-unit 1112 uses a random number generator to generate 20,000 consecutive bits, and cuts the 20,000 bits into consecutive 5000 4-bit integers, the integer value ranging from 0 to 15, wherein f is defined (i) is the number of occurrences of the integer i, and the range of i is 0 ≤ i ≤ 15, and the calculation formula is defined as:
If 1.03 < X < 57.4, the random number test passes.
The bit repeat value test sub-unit 113 defines a length of 1 consecutive or 0 consecutive lengths in consecutive 20,000 random number bits, and the value is accumulated statistically, regardless of the bit of the system 1 or the system 0, the bit thereof The length of the repeated value must be in accordance with the range of the cumulative number shown in Table 1 (using the study of the chaotic stream cipher using logical mapping), which includes 12 tests of 1 and 0, respectively. The 1 and 0 bit bits are repeated once, twice, 3 times, 4 times, 5 times, and 6 times. If one of them is not met, the random number test will not pass.
The long bit repeat value test sub-unit 114 defines that the length of consecutive 1s in consecutive 20,000 random numbers is 34 or more, or the length of continuous 0 is 34 or more, and the long bit is statistically accumulated. The duplicate value contains a total of 1 and 0 of the test. If one of the two statistics is not 0, the random test does not pass.
In total, the FIPS PUB 140-1 has a total of 16 random numbers, and 16 items are all passed.
In view of the long-standing problems in the key management and transmission of cryptosystems, two unit solutions are provided in this creation. One is the key list encryption unit; the other is the key list update unit, which is shown in Figure 1.
The former unit is used to encrypt the original key list and transmit it. The unit performs two encryption and decryption of the cryptosystem, based on the act of encrypting. Therefore, when a third party steals the ciphertext, the information must be obtained by cracking. Among them, because this method uses two cryptosystems to calculate, so that its complex computing power can be upgraded to a higher level, it is more suitable for the computing processor with stronger computing power, and there is a limitation of the scope of use.
The latter unit is used to change the key list algorithm so that it is different from the original key list, and the new key list is used for encryption and decryption. Suppose, in the same situation today, the conditions of both parties are the same, with the same algorithm, the same encryption and decryption method and the same key list, and then assume that the algorithm used today is the input value of the output value plus 1, The change caused by the key is shown in Table 2. In this way, the list of stolen keys can be made an invalid list.
Please refer to the figure "8th to 10th", which is a schematic diagram of the random number detection for the single bit test subunit of the creation, the random number detection of the Parker test subunit of the creation, and the creation of the present The bit repeat value test subunit performs a random number detection diagram. As shown in the figure: In a preferred embodiment, the experiment of random number detection is performed using Matlab mathematical software.
As shown in Fig. 8, a comparison experiment of random number detection is performed by a single bit test subunit of the key list creation unit, and the result is 9856, showing the condition of passing 9654 < X < 10346.
As shown in Fig. 9, the comparison experiment of random number detection is performed by the Parker test subunit of the key list creation unit, and the result is 11.4048, which shows the condition of passing 1.03 < X < 57.4.
As shown in Fig. 10, the comparison test of the random number detection by the bit repeating test subunit of the key list building unit is performed, and the data indicates that the first and second columns are duplicates of 1-bit and 0-bit bits, respectively. Value, first behavior repeated value 1 time, second behavior repeated value 2 times, third behavior repeated value 3 times, fourth behavior repeated value 4 times, fifth behavior repeated value 5 times, and sixth behavior repeated value 6 times or more . According to the results, the conditions in Table 1 are met.
Please refer to the "11th to 15th" diagrams, which are the schematic diagrams for clear text selection of AES encryption for this creation, the key list of AES encryption for this creation, and the ciphertext acquisition for AES encryption. This creation is a schematic diagram of the clear text acquisition of AES decryption and the new key list of the creation of the key list change. As shown in the figure: This embodiment then enters the encryption and decryption phase, and the encryption algorithm used is based on the Advanced Encryption Standard (AES) algorithm. First, the plaintext is selected as "YDU", as shown in Fig. 11; then, the key list is generated. In this embodiment, 10 random numbers are randomly selected from 0 to 255, thereby composing a list of keys, and randomly from 10 random numbers. Select one as the encryption key, as shown in Figure 12; encrypt the plaintext "YDU" to obtain the ciphertext, as shown in Figure 13; use the ciphertext and key list to perform the decryption action to obtain the plain text "YDU", as shown in Figure 14; finally perform the action of changing the key list, and assign the original key list to the algorithm to get a new key list, as shown in Figure 15.
The self-changing multi-group key information transmission security setting device of the creation is confirmed by the above test, and the data integrity, privacy, usability, non-repudiation and access control of a document can be achieved, so that the file can be safely Circulated on the Internet.
Accordingly, the author proposes a device that allows security to be improved without damaging the original architecture of the cryptosystem without adding additional computational complexity. Mainly, the key list is matched with the algorithm so that the original used key can be actively changed on the server, and multiple groups can be generated at one time, so that the service life of the key list is further extended on the cryptosystem, so the gold is used. The key list can save the time of one-time key transfer, in addition to saving the original time, or destroying the architecture of the original symmetric encryption system. Whenever you want to transfer data, you only need to update the algorithm, you can use the algorithm to make the key change and update the key list, so as to increase the difficulty of each crack.
In this article, the term "key list" will use a set of keys to generate more than one set of keys in advance, and make a list, which means that the key must be transmitted once every time you need to use it. If you use the concept of the key list, it can be used once for a long time or even for a lifetime. However, it is necessary to pass the random number detection before the key list is generated.
In summary, this creation is a self-changing multi-group key transmission security setting device, which can effectively improve various shortcomings of the application. The key list is matched with the algorithm so that the original used key can be on the server. Actively change, and can generate multiple groups at a time, so that the service life of the key list is further extended on the cryptosystem. Each time data transmission is performed, only the algorithm is updated, and the algorithm can be used to make the key change and update. The list of keys, in order to increase the difficulty of each crack, to achieve a document of data integrity, privacy, usability, non-repudiation and access control, so that documents can be safely circulated on the network, thereby enabling The creation of this creation can be more progressive, more practical, and more in line with the needs of the user. It has indeed met the requirements of the new patent application, and has filed a patent application according to law.
However, the above descriptions are only preferred embodiments of the present invention, and the scope of the present invention cannot be limited by this; therefore, the simple equivalent changes and modifications made by the scope of the patent application and the contents of the new manual are All should remain within the scope of this creation patent.
1‧‧‧控制機構
10‧‧‧處理單元
11‧‧‧第一主機
111‧‧‧亂數檢測單元
1111‧‧‧單一位元測試子單元
1112‧‧‧樸克測試子單元
1113‧‧‧位元重複值測試子單元
1114‧‧‧長位元重複值測試子單元
12‧‧‧金鑰清單傳送單元
13‧‧‧密文傳送單元
14‧‧‧第二主機
15‧‧‧金鑰清單更新單元
16‧‧‧通訊單元
2‧‧‧接收/傳輸機構
3‧‧‧操作機構
31‧‧‧輸入單元
32‧‧‧輸出單元
4、4a‧‧‧金鑰清單1‧‧‧Control agency 10‧‧‧Processing unit 11‧‧‧First host 111‧‧‧ Random number detection unit 1111‧‧‧ Single bit test subunit 1112‧‧‧Puque test subunit 1113‧‧ Bit Repeat Value Test Subunit 1114‧‧‧Long Bit Repeat Value Test Subunit 12.‧‧ Key Key Transfer Unit 13‧‧‧Cipher Transfer Unit 14‧‧‧Second Host 15‧‧‧ Key List Update unit 16‧‧‧Communication unit 2‧‧‧Receiving/transporting mechanism 3‧‧‧Operating mechanism 31‧‧‧ Input unit 32‧‧‧ Output unit 4, 4a‧‧‧ key list
第1圖,係本創作之基本架構示意圖。
第2圖,係本創作亂數檢測單元之架構示意圖。
第3圖,係本創作之金鑰清單建立示意圖。
第4圖,係本創作之金鑰清單傳送示意圖。
第5圖,係本創作之密文傳送示意圖
第6圖,係本創作之密文解密示意圖。
第7圖,係本創作之金鑰清單更新示意圖。
第8圖,係本創作之單一位元測試子單元進行亂數檢測示意圖。
第9圖,係本創作之樸克測試子單元進行亂數檢測示意圖。
第10圖,係本創作之位元重複值測試子單元進行亂數檢測示意圖。
第11圖,係本創作進行AES加密之明文選擇示意圖。
第12圖,係本創作進行AES加密之金鑰清單示意圖。
第13圖,係本創作進行AES加密之密文取得示意圖。
第14圖,係本創作進行AES解密之明文取得示意圖。
第15圖,係本創作進行金鑰清單變化之新金鑰清單取得示意圖。
第16圖,係習用對稱式加密系統示意圖。
第17圖,係習用非對稱式加密系統示意圖。
Figure 1 is a schematic diagram of the basic structure of this creation.
Figure 2 is a schematic diagram of the architecture of the random number detection unit.
Figure 3 is a schematic diagram of the creation of a key list for this creation.
Figure 4 is a schematic diagram of the key list transfer of this creation.
Figure 5 is a schematic diagram of the ciphertext transmission of the present invention, which is a schematic diagram of the ciphertext decryption of the present creation.
Figure 7 is a schematic diagram of the update of the key list of the creation.
Figure 8 is a schematic diagram of random number detection by a single bit test subunit of the present creation.
Figure 9 is a schematic diagram of random number detection by the Parker test subunit of the present creation.
Figure 10 is a schematic diagram of the random number detection subunit of the present invention for random number detection.
Figure 11 is a schematic diagram of the plain text selection for AES encryption in this creation.
Figure 12 is a schematic diagram of the key list of AES encryption in this creation.
Figure 13 is a schematic diagram of the ciphertext obtained by AES encryption in this creation.
Figure 14 is a schematic diagram of the plaintext obtained by AES decryption.
Figure 15 is a schematic diagram of the new key list for the change of the key list in this creation.
Figure 16 is a schematic diagram of a conventional symmetric encryption system.
Figure 17, is a schematic diagram of a conventional asymmetric encryption system.
1‧‧‧控制機構 1‧‧‧Control agency
10‧‧‧處理單元 10‧‧‧Processing unit
11‧‧‧第一主機 11‧‧‧First host
111‧‧‧亂數檢測單元 111‧‧‧ Random number detection unit
12‧‧‧金鑰清單傳送單元 12‧‧‧Key List Transfer Unit
13‧‧‧密文傳送單元 13‧‧‧ ciphertext transmission unit
14‧‧‧第二主機 14‧‧‧Second host
15‧‧‧金鑰清單更新單元 15‧‧‧Key List Update Unit
16‧‧‧通訊單元 16‧‧‧Communication unit
2‧‧‧接收/傳輸機構 2‧‧‧Receiving/transporting agency
3‧‧‧操作機構 3‧‧‧Operator
31‧‧‧輸入單元 31‧‧‧ Input unit
32‧‧‧輸出單元 32‧‧‧Output unit
Claims (14)
一控制機構,係包含有一處理單元,一與該處理單元連接之第一主機、一與該處理單元連接之金鑰清單傳送單元、一與該處理單元連接之密文傳送單元、一與該處理單元連接之第二主機、一與該處理單元連接之金鑰清單更新單元、及一與該處理單元連接之通訊單元,該第一主機係透過一亂數檢測(Random Number Testing)生成至少一組以上之金鑰,並編成一組金鑰清單,當於傳送一資料時,係使用該金鑰清單對該資料進行加密,使其成為密文(Ciphertext),該金鑰清單傳送單元係將該第一主機之金鑰清單以及選定之加密演算法(Encryption algorithm)傳送至該第二主機,該密文傳送單元係將該第一主機之密文傳送至該第二主機,而該第二主機當接收到該密文後,係使用自該第一主機接收到之金鑰清單進行解密,使其成為明文(Plaintext),另該金鑰清單更新單元係進行金鑰清單之更新動作,將原有之金鑰清單透過一演算法,變更成為新金鑰清單;
一接收/傳輸機構,係與該通訊單元交握溝通;以及
一操作機構,係與該接收/傳輸機構交握溝通。The invention relates to a self-changing multi-group key information transmission security setting device, which provides a multi-unit wireless facility and a key to the host itself for multiple users, including:
A control mechanism includes a processing unit, a first host connected to the processing unit, a key list transfer unit connected to the processing unit, a ciphertext transfer unit connected to the processing unit, and a process a second host connected to the unit, a key list update unit connected to the processing unit, and a communication unit connected to the processing unit, wherein the first host generates at least one group through a random number detection (Random Number Testing) The above key is compiled into a list of keys. When transmitting a data, the data is encrypted using the key list to make it a ciphertext, and the key list transmission unit The first host key list and the selected encryption algorithm are transmitted to the second host, and the ciphertext transmitting unit transmits the ciphertext of the first host to the second host, and the second host After receiving the ciphertext, the system uses the list of keys received from the first host to decrypt it, so that it becomes plaintext, and the key list update unit Updated list of the key action, the original through a list of key algorithms, key changes to become the new list;
A receiving/transmitting mechanism communicates with the communication unit; and an operating mechanism communicates with the receiving/transmitting mechanism.
一單一位元測試子單元,係使用亂數產生器產生20000個連續0或1位元,將該20000個連續位元相加總數定義為X,若9654<X<10346,則此項亂數測試通過;
一樸克測試子單元,係使用亂數產生器產生20000個連續位元,將該20000個位元切割成連續5000個4位元整數,該整數之數值範圍為0~15,其中,定義f(i)為整數i出現之次數,而i之範圍為0≤i≤15,其計算式定義為:
,
若1.03<X<57.4,則此項亂數測試通過;
一位元重複值測試子單元,係定義連續20000個亂數位元中所出現連續為1之長度或連續為0之長度,統計累積此數值,不論係1或係0之位元,其位元重複值之長度對統計數值大小皆需符合累積數之範圍,共計包含1與0之12項測試,分別為1與0位元之位元重複值1次、2次、3次、4次、5次及6次以上,若不符合其中一項,則此項亂數測試不通過;以及
一長位元重複值測試子單元,係定義連續20000個亂數位元中所出現連續為1之長度為34或34以上,或連續為0之長度為34或34以上,統計累積此長位元重複值,共計包含1與0之2項測試,若此兩項統計值其中一項不為0,則此項亂數測試不通過。The self-changing multi-group key information transmission security setting device according to claim 1 of the patent application scope, wherein the random number detection system is FIPS PUB 140-1 of the Federal Information Processing Standards Publication (Federal Information Processing Standards Publication). , which includes the following test subunits:
A single bit test subunit uses a random number generator to generate 20,000 consecutive 0 or 1 bits, and the total number of 20,000 consecutive bits is defined as X. If 9654 < X < 10346, the random number Pass the test;
A Parker test subunit uses a random number generator to generate 20,000 consecutive bits, and the 20,000 bits are cut into contiguous 5000 4-bit integers, the integer value ranging from 0 to 15, wherein f (i) is the number of occurrences of the integer i, and the range of i is 0 ≤ i ≤ 15, and the calculation formula is defined as:
,
If 1.03<X<57.4, the random number test passes;
A one-bit repeat value test sub-unit defines the length of consecutive 1s or consecutive 0s in consecutive 20,000 random numbers, and the value is accumulated by statistics, regardless of the bit of system 1 or system 0. The length of the repeated value must be in the range of the cumulative number for the statistical value. The total number of tests including 1 and 0 is 12, and the repeat value of the 1 and 0 bits is 1 time, 2 times, 3 times, 4 times. 5 times and more than 6 times, if this one is not met, the random number test does not pass; and a long bit repeat value test subunit defines the length of consecutive 1 in consecutive 20,000 random numbers. If the length is 34 or more, or the length of the continuous 0 is 34 or more, the cumulative value of the long bit is cumulatively accumulated, and the total of 1 and 0 are tested. If one of the two statistics is not 0, Then the random number test does not pass.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW101222344U TWM449418U (en) | 2012-11-19 | 2012-11-19 | Self-variation type multi-key information transmission security setting device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW101222344U TWM449418U (en) | 2012-11-19 | 2012-11-19 | Self-variation type multi-key information transmission security setting device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| TWM449418U true TWM449418U (en) | 2013-03-21 |
Family
ID=48472856
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| TW101222344U TWM449418U (en) | 2012-11-19 | 2012-11-19 | Self-variation type multi-key information transmission security setting device |
Country Status (1)
| Country | Link |
|---|---|
| TW (1) | TWM449418U (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110785812B (en) * | 2017-06-09 | 2023-12-01 | 欧普有限责任公司 | Data security device with analog component |
-
2012
- 2012-11-19 TW TW101222344U patent/TWM449418U/en not_active IP Right Cessation
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110785812B (en) * | 2017-06-09 | 2023-12-01 | 欧普有限责任公司 | Data security device with analog component |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Maqsood et al. | Cryptography: a comparative analysis for modern techniques | |
| Timothy et al. | A hybrid cryptography algorithm for cloud computing security | |
| AU2010266760B2 (en) | Method for generating an encryption/decryption key | |
| JP2017063432A (en) | System and method for designing secure client-server communication protocols based on certificateless public key infrastructure | |
| Rege et al. | Bluetooth communication using hybrid encryption algorithm based on AES and RSA | |
| CN105306194A (en) | Multiple encryption method and multiple encryption system for encrypting file and/or communication protocol | |
| Olumide et al. | A hybrid encryption model for secure cloud computing | |
| Sekar et al. | Comparative study of encryption algorithm over big data in cloud systems | |
| CN101867471A (en) | Irrational number based DES authentication encryption algorithm | |
| CN114499857A (en) | Method for realizing data correctness and consistency in big data quantum encryption and decryption | |
| CN108599941A (en) | Random asymmetries expand byte encryption of communicated data method | |
| CN106973061B (en) | AES outgoing file encryption method based on reversible logic circuit | |
| CN111488618B (en) | Block chain-based one-time pad encryption method, device and storage medium | |
| TWM449418U (en) | Self-variation type multi-key information transmission security setting device | |
| Sakthipriya et al. | Image Security Using Triple DES and DES Algorithms | |
| CN107276759A (en) | A kind of efficient Threshold cryptosystem scheme | |
| Wang et al. | Adaptive RSA encryption algorithm for smart grid | |
| CN111131158A (en) | Single byte symmetric encryption and decryption method, device and readable medium | |
| Kakarla et al. | FPGA implementation of hybrid encryption algorithm based on triple DES and RSA in bluetooth communication | |
| Mohamed | Wireless Communication Systems: Confidentiality: Encryption and Decryption | |
| Molotkov | How many sessions of quantum key distribution are allowed from the first launch to the next restart of the system? | |
| Yang et al. | A new secure quantum key expansion scheme | |
| Owolabi et al. | Improved Data Security System Using Hybrid Cryptosystem | |
| Singh et al. | An Improved Algorithm for Designing Secure Point-to-Point Wireless Environment | |
| Wagaj et al. | Implementation of RC4 stream cipher using FPGA |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| MM4K | Annulment or lapse of a utility model due to non-payment of fees |