WO1999014890A1

WO1999014890A1 - An identification method for mode series of the open information network

Info

Publication number: WO1999014890A1
Application number: PCT/CN1998/000189
Authority: WO
Inventors: Weiguo Chen
Original assignee: Weiguo Chen
Priority date: 1997-09-17
Filing date: 1998-09-14
Publication date: 1999-03-25
Also published as: CN1222703A; AU9150998A

Abstract

The invention adopts man-made fuzzy which includes the original secret-group, internal-state group and group-deduction to implement the mode to which various final flags actual relates when the mode suffered from sorts of attack. The external can only guess many possibilities that belong to the internal, and the run of the internal which cannot be guessed by the external may generate the only relative external final flag which can be transitional and be identified. It provides a series of methods for actual relative mode: secret-layer mode, filtering-layer mode, authorisation-layer mode, level-layer mode, implicit-layer mode, patch mode. It also provides the method for identifying the object. It has many advantages which include security of identification divisions, confident authentication, better aging, simple and convenient running, convenient usage, high performance-price ratio, simple operation, lower cost and wide and flexible application. The occupation of the information network transmission resource and the increment of the consumer burden during the period used reach the least limitation. It can easily implement some advantages for making existing identification system to be perfect.

Description

Identification method of model series of open information network Technical field

The present invention relates to the construction method of the technical structure of the software and hardware of the identification system in the information network, that is, the method of using the identification device to identify the other party during the operation of the information network, referred to as the identification method, especially related to the identification of the object that the open information network applies to the center for services. The authenticity of the central identity, the first to mark the authenticity of the object identity, the model of the authenticity of each terminal under various attacks, and the perfect method for the security of the existing identity system. Users and their sub-devices are collectively referred to as objects. Center staff and equipment are collectively referred to as the Center. Background technique

The existing simple identification method is as follows: The identification equipment of the identified party is given a code and a password. When it is necessary to identify the authenticity of the identification equipment of the identified party claiming to be a certain code during operation, it depends on the correctness of its password. Common applications include bank terminals (ATMs, POS machines) identifying inserted magnetic stripe credit cards, phone card system hosts identifying phone card users, and Windows NT server security systems identifying visiting workstations.

With the partial opening of the network, the existing further identification method based on the algorithm and the key was published by Dr. S. Weinstein on IEEE in February 1984, as: The identification device of the identified party is awarded a code and an algorithm The key under construction protection can be expressed as y=f(x, _X() ), where ^ is the key. When it is necessary to identify the authenticity of the identification device of the identified party claiming to be a certain code during operation, the identifying party sends out a random number X, and both parties use the agreed algorithm f to combine the random number X with the key X. operation, and the identifying party collects and compares the operating result y that the code should have obtained by both parties, depending on whether the identified party y is correct or not. Identify the inserted smart credit card (IC card), the host of the GSM mobile phone system identifies a mobile phone user, and the host in the bank's computer network identifies the remote visiting attached machine.

Existing methods are applicable to closed or partially open network forms. In today’s more open network form, the sub-standard equipment of the above-mentioned second type of identification method is very easy to be counterfeited, so that counterfeiters use the user’s authorization to invade the network , such as hacker (Hacker) and cracker (Cracker) intrusions in the Internet, counterfeit credit cards, counterfeit devices in mobile communication networks..., the identification problem caused by this information technology failure seriously reduces the security of the network, It hinders the opening process of the information network of human society.

The starting point of the existing network identification security theory is to find a more rigorous algorithm. This lack of understanding has led to the established identification system, which can be counterfeited as long as the element information of the algorithmic network operation rules is mastered. At the same time, the network resource occupied by the identification method becomes larger and larger.

1

Confirm this Contents of the invention

Through in-depth research, it can be found that: The attacks that should be prevented and resisted in the open information network can come from users, usage environment, transmission process, especially the internal personnel of the center. The technical activities carried out to achieve counterfeiting are called intrusive attacks, or attacks for short. If the attack is successful, it is called intrusion. Since the types and intensities of different networks being attacked are usually constrained by the ratio of profit to cost, and the harm of intrusion is different, the ability to prevent and resist attacks in the network depends on the requirements of network construction.

If it is possible to protect the various sign relations in the sign system used to identify the authenticity of sign equipment of the identified party claiming to be a certain code, and the sign relations do not follow the constraints of the algorithm, the sign relations are definite for the inside of the protection interface, and for From the outside of the protection interface, the logo relationship is random, and the network resources can be saved to the maximum, then the logo security can be realized, which is called the starting point of the logo security theory of Mo-Cheng, referred to as Mo-Cai Conception.

One of the purposes of the present invention is to provide a technical method for realizing the modeling concept in a completely open network, that is, to establish an identification method that can effectively defend against various attacks of various degrees, and to realize real correlation, which is called a modeling method.

The second purpose of the present invention is to provide models with different safety levels and different construction difficulties to form a serialization method.

The third purpose of the present invention is that each modular method can be used in the existing networks of various signaling standards, using the structure of the existing identification system after removing the unsafe related structure as a platform, and establishing a modular method as the core structure. The new identification system forms a standardized and generalized feature.

The fourth purpose of the present invention is that after a vicious attack that violates the profit-to-consumption ratio rule during the operation of the low-security-level sign, and an intrusion is caused, an intrusion alarm can be issued during the real related operation.

The fifth purpose of the present invention is to reduce the resources occupied by the modeling method and improve the credit-to-cost ratio.

The sixth purpose of the present invention is that the modeling method has the characteristics of automatic application, especially digital application, which reduces the burden of user identification and improves convenience.

The premise of realizing the above-mentioned purpose is to provide a technical structure construction method of the modular series, and to provide a perfect method for the real related safety degree of the existing identification system. Based on the model for real correlation, it provides a method for object identification.

In order to achieve the above object, the present invention provides a method for identifying the center of the object that the open information network applies for service from the center. In this method, the objects that each have a generalized unique definition and the center have a generalized unique correlation with each other, and the identification constraints are implemented. The method further includes the following steps: the dense layer model uniquely establishes the given; in the process of reading out the target identification operation of the final central knowledge, the dense layer implements the direct source target operation.

In the above method, the dense layer model can be replaced by the filter layer model, and the readout target recognition operation process of the final recognition Among them, the filter layer controls the code layer to implement the indirect source-target operation.

In the above method, the dense layer model can also be replaced by the weight layer model, and during the rest period, the authorization layer controls the source change of the secret layer.

In the above method, the dense layer model can also be replaced by the hierarchical model, and in the rest period, the structure of the authority layer controls the authority layer changes.

In the above method, the dense layer model can also be replaced by the hidden layer model, which embeds the icon and provides the virtual label to the required layer.

In the above method, the dense model can also be replaced by the repair model.

The present invention also provides an object identification method for objects that apply for services from the center through an open information network. In the method, the objects that each have a generalized unique definition are related to each other in a generalized and unique manner with the center, and the method also includes the following steps: The model is used for the only operable correlation between the object and the center in a narrow sense to form a real correlation; there is a final knowledge in the object sub-label device; the final object recognition under the constraints of the recognition is implemented to realize the real using the model series method Identify the center. Theoretical Basis and Basic Definition of Establishing Modular Structural Identification System

Since the theoretical system of the marking method of the present invention is newly created, the following will describe in detail the theoretical basis and basic definitions involved in establishing the marking system, and examine the existing marking methods with the new marking system.

Events generated by objects or objects, and events derived from events or events are collectively referred to as events. Events, objects, collectively referred to as things. All things are distinguishable from each other, which is said to be broadly unique; all things are agreed to have their own marks, and each mark is distinguishable from each other, which is called broadly unique. Based on uniqueness in a broad sense, if there is a thing, there is no other thing that is the same as it, which is called uniqueness in a narrow sense; if there is a sign that a thing is agreed upon, then there is no sign that other things are agreed to be the same, it is called uniqueness in a narrow sense. The broad and narrow meanings of things and signs are unique, respectively collectively referred to as unique things and signs, collectively referred to as unique. There is a certain relationship between two or more things, which is called correlation. Based on the uniqueness, one thing has an agreed mark, and another thing has an agreed relationship with the one thing, so it has the agreed mark, which is called the unique correlation of the mark; based on the unique correlation of the mark, one thing has a corresponding event, and the other thing Therefore, there is the corresponding event, and the corresponding event will cause the change of the agreed sign, which is called the corresponding unique correlation. The sign, the corresponding broad and narrow sense unique correlation, are collectively called the symbol and the corresponding unique correlation, collectively called the unique correlation. Furthermore, based on the unique correlation, if there is another thing between the two things that recognizes the operation of a related symbol of one thing, then there is no identical operation recognition between the other things, which is called authenticity. The mutual unique correlation is called true correlation. Based on the real correlation, they can identify each other as real, which is called mutual identification of real. running between one thing and other things The conclusion of identifying the only sign in the broad and narrow sense is the true identification of one thing on other things; the conclusion of identifying the only sign in the narrow sense (equivalent to identifying the real relationship) by the real related things in other things is The re-authentic identification of the real related things among other things; the authentic identification and the re-authentic identification are called mutual authentic identification. The route formed by the extension of the relationship of possession or establishment, agreement, distribution, and existence between objects and events is called a road. A segment of the road is called Cheng.

The group of symbols and codes with the agreed characteristic information of the object, as an operable digital symbol, is called a symbol, a number, a code, a symbol, a set, and a group, and is divided into: (secret) secret, public (open). The secrets are divided into: the ones generated during the establishment period are called original secrets; the ones produced during the running period are called running secrets; the groups of symbols and codes with the agreed characteristic information of objects produced outside the running period are passed through the internal After hiding, the openness caused by its transparency is eliminated, which is called virtual encryption. Operation and virtual secrets are collectively called environmental secrets.

Fixed public standards, defined, and generalized unique correlation are assigned to objects and centers to form object index numbers, which are used for object numbers, account numbers, data codes, etc.; form center service numbers, which are used for center numbers, name codes, etc.

The exterior can only guess the many possibilities of the interior, and the inner operation that cannot be elusive by the exterior can produce a narrowly uniquely related and changeable exterior end, which is called fuzziness, which is the inner opacity realized by the shielding of a specific process. The masked process is called the modular process, which uniquely establishes a given, and is used for the objects and centers with their respective broad-sense unique definitions to be the only operable correlation in the narrow sense with each other, forming a real correlation.

Index central identification: The identification provided by the central retrieval object, which identifies the generalized unique relationship, is called identification. The final index generated by the two related modules of the object and the center is called the end, which is used for the center to identify whether the object provided with the end has a narrow unique relationship, that is, whether the generalized unique relationship used for the center to identify the object that provides the index number is true, called ultimate awareness. The implementation of inspection and final identification is used to ensure the safety of the identification method and form the authenticity of the identification of the identification: to confirm whether the identification provided by the object is correct, you can realize whether the audit object has unique correlation, and the conclusion is the authenticity of the object by the center identified.

Marked object identification: The object applies for a service to the center of the agreed service number, 'obtains a response, and identifies a generalized unique relationship, which is called application identification. The object identifies whether the center that provides the terminal has a narrow unique relationship, and whether the generalized unique relationship used to identify the center that provides the service number is true is called terminal object identification. Implement application and final object identification, which is used to ensure the security of the applied service method, and form the authenticity of the marked object identification: confirm whether the terminal provided by the center is correct, and then realize whether the audit center has unique correlation. The conclusion is that the object is related to the center true identification.

Tag object identification implements anti-trap, such as intrusion using central emulation of branch exchange. Since the final object recognition is based on the real-related execution of the read-out target recognition task, the specific method is the interface mirroring of the execution of the read-out target recognition task based on the real-related final central knowledge. substituted, so implicit in other discourses go.

Inspection and application are collectively referred to as primary consciousness; final center and object consciousness are collectively referred to as final consciousness; primary and final consciousness are collectively referred to as identification. The existing cryptographic methods and modules related to the final central identification are: single cryptographic method (the aforementioned simple identification method), clear and residual modulus (the aforementioned further identification method based on algorithms and keys, developed by S.Weinstein published by Dr.

Shielding a single unit structure to store a single code, forming an unsafe unique correlation of a single code state, also known as a single correlation, the internal operation is the target of the encryption writing unit and the reading unit, and the inner target formed by the secret code is a single identification (identification The real) mark, called single secret mark method.

Shielding a single fixed element structure stores a single fixed original code and executes the public structure of the algorithm, forming an unsafe real relationship within a single fixed internal state. The internal status and external correlation of the basis for reading the target are: a single register structure registers a unique random number that is dynamically inserted from the outside during the same use period, and the construction of the execution algorithm reads the encrypted token during the same use period, and operates with the random number to generate a single The variable constructs the stored single-run key and provides the status of the single-mode run key. The inner target formed by a single run key in the read variable is a single identification, providing final knowledge. The internal original secret code and the dynamic embedded external information code of the model can produce the recognizable external end of the generalized unique correlation and change through the operation of the algorithm construction, and the incomplete original dense group and internal state group that cannot be grasped externally. Externally transparent random numbers and a single internal condition determine a single benchmark condition for the operation of the model, referred to as the transparent model.

A single encryption method and a clear model cannot defend against attacks. Attacks of various types and intensities will cause unsafe related victims, resulting in the failure of the logo center defense intrusion. It is implemented like this:

The identification of a single encrypted label method can be intercepted, recorded, and stolen, and can be directly decrypted. The random number and identification mark of the clear model are intercepted and recorded during the transmission process, and the corresponding inverse operation is performed according to the same algorithm disclosed in the protocol, which can generate the original encrypted mark, remove the opaque shield, and intrude into the model; or through the information flow An intrusion module that imitates or steals the original code. All of these can lead to the misappropriation of a certain and its single, original secret mark to establish the banditry relationship of the object, destroying the only authenticity of the mark under the guarantee of insecurity, and leading to the untrue identity of the mark center. true identification.

The present invention provides a series of methods for modeling the real correlation:

1. Dense layer model.

2. Filter layer model.

3. Weight layer model.

4. Hierarchical models.

5. Hidden layer model. It provides a perfect method for the real-related security degree of the existing identification system, in which all repairs and upgrades are based on the application of the model system method from the perspective of perfection.

Based on the model for real correlation, a method for labeling object identification is provided.

This series of models is implemented as follows:

The internal and external interfaces of the model are physically shielded, and the information in the process is based on the situation. After the data is run, the only relevant changes and identifiable internal targets are generated, which is called the internal environment. After establishment, the data filtering channel rejects non-target access, and the target is a kind of internal and external interface data specification. The internal environment of the model of the present invention is composed of the original dense group, the internal state group and the group deduction. (Refer to the discussion in Figure 2 in the embodiment section to understand the meaning of the internal environment more thoroughly.)

The code group that generates the original code is called code group generation; the original code compression or deletion of non-characteristic information in each code group is called code group processing; dense. Arranging the order of the elements in each set is called sorting. The sets are sorted to produce clusters. The set and group of dense labels are referred to as dense and group respectively.

Functional units that carry, transmit, control, and process information are collectively referred to as structures, and are divided into internal and external structures. The external structure is on the platform of the open information network, and the system realizes the support of the present invention by the existing identification (central) identification system technology.

The internal structure is divided into layers according to the functional area: each layer is buildable for the internal structure, that is, the corresponding functional unit parts of the internal structure are divided into corresponding layers. Each layer can dynamically insert external information codes and be accessible to each other.

The internal structure part of the module that carries, directly wraps dense groups, and works in real time during use is called the dense layer, or the real-time layer. According to the working period, the internal structural parts of the non-confidential label layer in the model are divided into: the use period also participates in the work in real time, also known as the real-time layer; the rest period participates, the work is carried out after being off-network, and it does not occupy information network transmission resources , does not increase the burden on users during the service period, and is called the background layer. Or according to the nature of the work, it can be divided into: closely related to the code layer, called the related layer; only the background provides data exchange inside and outside the model, called the hidden layer. The context-related layer that performs filtering and internal target tasks is called the internal target layer; the background-related layer that performs the status update task of the governed layer is called the weight layer. The right layer is divided into: authorization, level right layer.

The layer contains the data group and can generate the source of each setting relationship data unit after reading and running, which is called the source. The part of the system hardware structure that makes up the source is called the source structure; the source structure that does not accommodate the data group is called the empty source. In the system structure formed by the functional units in the layer according to the form of hardware and software, the part in which the source structure and the operation of the related original secret data group can produce unique transition data is called the operating structure in the layer. The source and the structure running in the layer are collectively called the structure in the layer. The storage unit of the data unit in the source is called a unit; the setting order distinguishes each unique code of each unit in the unit set, called a title. (Refer to the discussion in Figures 4-6 in the embodiment section, which helps to distinguish the difference between the memory and the source.) The stored data units are divided into: mark, instruction; the default sources are respectively called (some) source, instruction table . In the characteristic process of a stable event in the internal structure, the definite events that are condensed by removing the time factor are collectively referred to as the situation, and can be divided into: those formed by the existence of information are called information conditions; those formed by the sorting of symbols are called sorting Status; The information related to operation formed by structural hardware is called the hardware status; The internal source structure of each layer stores its own data group, which is called the stored data status; The internal source structure of each layer stores its own instruction table, which is called the structural status; Each layer The internal static data driven by each structure is called the real-time processing status; the above-mentioned statuses are accessed, formed according to the basis and characteristic description, called the running status. Each situation in each layer is distinguished according to its correlation with the identifiable internal target: the cognizable state is melted into the internal target; the non-recognizable state exists independently of the internal target.

The properties of each original encrypted data unit during the operation period are called attributes, which are reflected in the attribute status of the relevant codes or encrypted symbols and symbol codes. When reading the specified (number) status of the encrypted label layer, the internal structure of the layer removes the specified status and forms the other directly based on the determined status, which is called the reference status, which is divided into: number group hardware status, dense group status. The state of storing the original dense group in the source is called the full source, which is the first base state formed.

In the encrypted label layer, the finite source of the operating structure and dynamic insertion of external information coding generates the finite element of the specified number and related code attribute status when reading the source, forming the unique correlation of the reading element. Under the conditions of the reference condition, the implementation leads to the unique correlation of the inner target formed by reading the secret mark taken. Designated number status is the necessary status of sources in each module, and the group consistency of each designated number status accompanied by designated related code attribute status, and designated number status with the change of designated related code attribute status is the default necessary rule in each module. The baseline, the specified state, collectively called the source state, and the only relation of their respective transitions, are the recognizable states of the model.

The command state is a real-time processing state formed by the running structure, and the only correlation of its change is the unrecognizable state of the model. The instruction state is formed by the imitation of the cryptogram layer reading in the relevant layer according to the source state.

The status of instructions in the inner target layer is called the background filtering status. The status of the operating secret data unit attribute is determined by the background operation in the layer, and the direct effect in the inner target is determined by the status of the operating secret data unit attribute. The encrypted token string causes the filtered transition to run encrypted target data stored in the data filtering channel.

The stored original dense group fixed source is called solid source; the stored dense group’s changing source is called variable source; the stored original dense group is used for emergency fixed and variable sources and is called backup source; Modules can also have backup sources.

The instruction status in the authorization layer is called the background direct status. The environment dense group data is determined through inter-layer operation, and the input source is stored to generate the environmental dense group status. The direct role in the recognizable status is reflected by the environmental dense group status.

The instruction status in the hierarchical level is called the background indirect status. The instruction based on the source change of the encrypted label layer is determined by the inter-layer operation to change into the environmental encryption instruction data, which is stored in the instruction table to generate the environmental encryption structure status. Its status in the recognizable status The indirect effect is reflected by the state of environmental dense structure resulting in the state of environmental dense group. Its direct effect is reflected by the dense structure of the environment.

Each use period, the characteristic information of the unique trajectory related to the operation of the object network is called image. information encoding group The finished mark is called the image mark. The virtual secret information code needed to implement internal state changes has a standard format, which is called a virtual (secret) standard, which is taken from a group of pixels of different usage periods.

The buried layer manages the dynamically registered icons, stores and replaces the icons into the pixel by specifying the status of the number, and latently becomes the icons transmitted in different times of use, forming the status of the image group, which is the image group formed by each icon in each Simulation of the dense group state of the dense mark layer in the resting period. Under the conditions of image reference conditions, the limited source of the operation structure and dynamic setting of the image target in the layer generates the limited elements of the specified customer number and related code attribute status when reading the source, forming the only correlation of each element read, which is specified by the encrypted label layer The situation is simulated each time. The image group, designated customer number, and related code attribute status form a single hidden status, which is the imitation of the source status of the encrypted label layer for each use period; the sorting and stepping of the status of the designated customer number leads to the orderly generation of each single hidden status , forming multiple burial conditions; single and multiple burial conditions of the inner target layer function imitation, real-time filtering, resulting in a composite burial situation; each composite burial situation generates a group of burial conditions in an orderly manner. Each hidden state is a kind of operating state, and its change is uniquely related, and it is a state that is unknown to the model, called the background virtual state. Provide virtual markers to the required layer according to the buried status, replacing the image markers directly and dynamically placed in the same period of use; provide virtual marker groups to the required layers, replacing the original secret group provided by the backup source. Each situation formed by the provided virtual target data is determined through inter-layer operation, and its direct role in the identifiable situation is reflected by the virtual dense inner target, group, structure, and specified situation in each layer.

When reading each element, the situation in each layer is different, and the internal structure of each layer that is off-networked by both parties generates changes in the original static data through the operation of the layer and between layers according to the rules within and between layers. After going through the process of dynamic data, Then form new static data; each new static data drives their respective structures, leading to the formation of changes in each state, which is called internal state change. Dynamically placed icons participate in internal state changes, which is called internal and external correlation. Internal state change and internal and external correlation are called state change, which can be divided into: number change, attribute change, source change, structure change, and buried change.

The assigned status is managed and invoked by the secret label layer, and people are dynamically placed to participate in the modification of its operation. In the formed number group, the assigned number and the related code attribute status change, referred to as number change.

The state of the command is managed and invoked by the inner target layer, and dynamically inserted to participate in the trimming of its operation. In the formed code string, the status of the code and symbol attribute (data unit attribute) changes, referred to as attribute change. '

The command status is managed and invoked by the authorization layer, and people are dynamically placed to participate in the modification of its operation, resulting in the change of the dense group status in the source of change to form the benchmark status change, referred to as the source change.

The instruction status is managed and invoked by the authority layer, and dynamically inserted to participate in the modification of its operation. The resulting background direct status is directly changed by the underlying basic status to form a structural change in the authorization layer, referred to as a structural change. The base state is the imitation of the base state in the relevant layers.

The buried status is managed and invoked by the hidden layer, and dynamically inserted to participate in the modification of its operation, resulting in the change of the image group status in the image source, which is the change of the imaging reference status, the status change of the designated customer number and the related code attribute, referred to as the buried change. Each state in each layer undergoes state change to update its respective state, which is called state update, and the state before and after the state change is called the original state and the new state, respectively. During the validity period, the conditions in each layer are continuously updated, and the conditions and changes are related to a cycle to form a dynamic set of conditions and sort them, called the internal condition group.

Under the constraints of the generalized unique correlation, the agreed data operation in the original dense group and the internal state group leads to the change and determination of the state, and the change and the identifiable narrow uniquely relevant internal target are called group deduction.

A model whose internal environment is composed of a dense layer is called a dense layer model; a model composed of a dense layer and an inner target layer is called a filter layer model; a model consisting of a dense layer and an authorization layer or a dense layer and an inner target The model composed of layer and authorization layer is respectively called the model of the second layer or the third layer of authority, and they are all called the model of the authority layer; it consists of the secret label layer, the authorization layer and the hierarchical authority layer or the secret label layer, the inner target layer, and the authorization layer. The model composed of layer and hierarchical layer is called the model of three-level layer or four-level layer respectively, and they are all called layer-level model; or cryptographic layer, authorization layer and hidden layer or cryptographic layer, inner target layer, authorization layer and buried layer or cryptographic layer, authorization layer, hierarchy layer and buried layer or cryptographic layer, inner target layer, The model composed of authorization layer, hierarchical weight layer and hidden layer is called two hidden layer or three filter hidden layer or three weight hidden layer or four filter hidden layer or four weight hidden layer or five hidden layer. Hidden layer model. The encryption layer is a necessary layer in the internal environment.

Repair the hidden layer and the inner target layer at the target entry and exit of the existing clear residual model, and then shield them; patch the dense label layer on the bus of the existing clear residual model, and the original element setting number can be merged Incorporate human resources; Repair the structure of the instruction status provided by the authorization layer and the authority layer on the structure of the execution algorithm of the existing clear model, and transform the instruction system constructed by the original execution algorithm into an authorization layer, authority level The fully compatible instruction system of the layer constitutes the authorization layer and the hierarchy layer.

The above-mentioned repair utilizes the existing sub-standards, the clear model structure of the central equipment, and the support platform to realize the improvement of the real-related safety degree of the existing clear model identification system under the utilization of existing resources, referred to as repair. The model formed by repairing is called repairing model.

The internal environment of the model formed by repairing is that the source in each model code layer above the dense layer is simplified to elements, and the operation structure in the authorization layer is simplified to the execution algorithm structure, so as to improve the clear model structure, operation complexity, and repairability Improve the overall cost-effectiveness of the repaired model compared to the exposed residual model; lose the real-related safety of each process above the dense layer, reduce the complexity of the structure, and the internal environment does not reach the internal environment of each model. called partial repair.

The in-process environment formed by repairing reaches the in-process environment of each process, which is called full repair.

Utilize the sub-standards of the existing identification system, the structure of the central equipment, and the supporting platform, and implement each model to replace the single secret label method and the clear and residual model respectively, so as to realize the real-related security of the existing identification system under the utilization of existing resources The improvement of upgradeability is referred to as upgrade. Repair, upgrade, collectively perfect.

The modules formed by the above-mentioned repairs and upgraded can fully comply with the existing network working agreement of the single secret label method and the identification system of the clear and residual model, which is the standardization, generalization and serialization of the single secret label method and the clear and residual model really Repair and upgrade structures related to security. After applying repair and upgrading the structure, the existing single secret label method and the use period network of the residual model identification system will not change in real time, and the rest period will be added to participate in the background work. Construction and application of fully compatible existing identification systems work in real time during the service period of the network, which is called fully compatible repair and upgrade.

The advantages of the present invention are:

Modular series, safe and perfect, marking object identification method, under the security protection of the modulus, each mark is safe, so the authenticity makes the authentication reliable; because the time for real-time layer number change is very short, it is time-sensitive and can be used in various In network application, compared with the existing logo, it costs the same network operation resources, and the security is greatly improved, so the operation is simple; even if the user manually participates in the operation in the layer, it is also very simple and convenient, reflecting the convenience of use and high cost performance; Since the existing technical basis provides the material basis for implementing the model, the implementation is simple and the cost is low; in all networks, it is applicable to various signaling systems, reflecting a wide range of applications and flexible applications; Occupying information network transmission resources and Increase the user burden during the use period to a minimum, and it is easy to realize the improvement of the existing identification system. Figure overview

Fig. 1 indicates the notes of the specific graphic symbols of each schematic diagram of the present invention;

Figure 2 indicates all the relationships between the objects and the central two-side models that are uniquely related to each other;

Figure 3 indicates the identification system in the networking environment of the open information network. After the initial recognition is completed in a certain period of establishment or use, a two-way information transmission channel across the interface is established between an object and the two-way model supported by the external structure of the center;

Figure 4 indicates the structure of the mark, set, group and source that make up the original secret;

Figure 5 indicates the image;

Figure 6 indicates the source of the image group;

Figure 7 indicates the network structure diagram of 'OIN-DXP';

Figure 8 indicates the "'OI card' with 'scratch'" manufactured using the dense layer process of the version 101 structure; Figure 9 indicates the flow of user phone authentication;

Figure 10 indicates the network structure block diagram of 'OIN-DH';

Figure 11 indicates the flow of telephone mutual authentication;

Figure 12 indicates the flow of telephone currency settlement between users;

Figure 13 indicates the network structure diagram of 'OI (Sh)';

Figure 14 indicates the flow of Internet mutual authentication;

Figure 15 indicates the Internet mutual authentication e-commerce structure; Figure 16 indicates the Internet user registration process;

Figure 17 indicates the process of Internet goods exhibition and sale;

Figure 18 indicates the Internet proxy sale transaction flow. Preferred Embodiments of the Invention

Firstly, referring to FIG. 1-FIG. 6, the basis of the general embodiment is given in detail.

Figure 1 indicates annotations of specific graphical symbols for each schematic diagram of the invention in this series. Among them, the number 1 indicates space-time and interface; the number 2 indicates the relationship between various systems and parts; the number 3 indicates the uniquely related setting (completely consistent) between the two models; the number 4 indicates saving; the number 5 indicates fixed; the number 6 Indicates confirmation; label 7 indicates multi-channel; label 8 indicates projection, projection; label 9 indicates two-way code transmission channel, bus; label 10 indicates two-way entrance of interface; label 1 1 indicates open interface two-way code transmission channel, bus entrance set; label 12 indicates that the two-way entrance of the two-way interface forms a two-way code transmission channel and bus; label 13 indicates that the relevant pyramid and the lower layer are the foundation of the upper layer; label 14 indicates the part and system coded as n; label 15 indicates four-dimensional space coordinates objects in the system.

Figure 2 indicates the overall relationship between the object and the central two-side model that is mutually uniquely related to each other. Among them, the label 16 indicates the original secret group; the label 17 indicates the internal status group; the label 18 indicates the internal operation of the implementation.

Figure 3 indicates the identification system in the networking environment of the open information network. After a certain period of establishment or use is completed, a two-way information transmission channel through the interface is established between an object and the two-way model supported by the external structure of the center. Among them, the number 19 indicates the dense group; the number 20 indicates the internal structure; the number 21 indicates the module; the number 22 indicates the sub-standard equipment of the auditee; the number 23 indicates the object. The number 24 represents the final identification of the auditing party; the number 25 represents the data generation of the dynamic input, also known as the composition image label; the number 26 represents the identification management system; the number 27 represents the artificial seat; the number 28 represents information processing; Reference numeral 30 denotes the center.

Figure 4 indicates the structure of the target, set, group, and source that make up the original cipher. ^The label 31 represents the information set; the label 32 represents a plurality of original dense; the label 33 represents the element group; the label 35 represents the beginning number; the label 36 represents the end number; The dense group; the structure composed of the meta group 33, the number group 34 and the original dense group 37 is collectively called the source; the hardware structure composed of the meta group 33 and the number group 34 is collectively called the source structure.

Figure 5 indicates the image. Wherein the label 38 represents the A object; the label 39 represents the B object.

It is assumed that a reference system is established, which is composed of a three-dimensional space coordinate system and a time coordinate system.

Set the three-dimensional space coordinate system to select the Cartesian coordinate system. The coordinates of the frame of reference XYZT are expressed as (X, y, z, t). Objects A and B establish an information transmission channel through the open information network until a certain time t in the process of removal, the coordinate set A i = { xa , ya , ζ a , ta } of object A for this i run, and object B's The coordinate set B i = { X b , yb , zb , tb } , A i UB i = { xa , xb , ya , yb , za , zb , ta = tb } of the i running is called the A and B coordinate image. Convert the elements of the A and B coordinate image into code and process to form the A and B icon.

At the same time t, the coordinate set A i or B i of the i running of the object is called the A or B coordinate image. The elements of the A or B coordinate image are generated and processed as image code to form a non-uniform image.

A and B, A or B coordinate image corresponds to the only relevant open information network port identification data to replace the spatial coordinates, called the related image, and the code is generated and processed to form the related icon.

A and B-like or non-unlike corresponding uniquely correlated randomly selected values are called random related images, code generation, and composed of random related icons, which are reflected in the extraction.

Eight parallel 13, non-union, correlation, and random correlation icons are called icons, each of which is a type of icon. Based on the corresponding only relevant external information coding, it is a kind of icon.

Figure 6 indicates the sources constituting the image group. Wherein the label 40 represents the first image; the label 41 represents the last image; the label 42 represents the n (6) image of the first image group; the structure composed of the first image 40 to the last image 41 is called the whole group 43 ; The first image mark 40 to the n (6th) image mark 42 is the first image group structure formed dynamically, which is called the initial state 44 of each image group; the label 45 represents the pixel group; the label 46 represents the initial number, and the label 47 represents The last number, the first number 46 to the last number 47 form the own number group 48 and the customer number group 49.

1. (Model Series) Identification System

The technical basis for realizing the functional unit is microelectronic circuit, computer hardware platform, system software, application software and networking technology, and mechanism of mechatronics. The engineering composition of the identification system is the orderly operation of each functional unit in the networking environment of the open information network, and the realization of the joint network of each device of the corresponding system. The realization of its module 21 is the electrical element of the technical basis, and tasks are performed according to the working principle of the module. In the realization of the model, the existing physical defense attack technology is adopted.

On the platform of the open information network, the system realizes the composition of the respective empty models between the object and the center, which is called the composition of both parties. Respectively realize the establishable or established model of both parties between each object and the center, and realize the networked three-dimensional distribution of the system, which is called the model system.

The whole relationship between the object and the central model is the only relative setting, called imitation, and can be divided into three kinds of relationships between the two sides: the original dense group 16 , the inner state group Π, and the implementation inner operation 18 . The three relationships of the two models are respectively It is completely consistent, called the same imitation, and the purpose is to make it easy to understand.

Define the search system, model 21 system, and realize the final recognition of the network connection with other systems of the open information network.

The logo management system 26 is a management system for establishing the model process, the establishment period, and the object 23 related affairs processing and composition icon 25 type setting of the entry interruption period and termination period. The manual seat 27 is the interface between the identity management system 26 and the staff of the center 30.

Form the original dense group, pre-set each module and its corresponding unique related icon type, store transaction information, and form information processing 28.

The identification management system 26 , artificial seats 27 , and information processing 28 form an identification management system.

2. Operation of the labeling system

Run, divided into: set image type, model run.

Model operation is divided into: establish model and use operation.

Establish model, divided into: full source, set. Part of the software and data that have vacancies in the internal structure are called empty models, which are divided into: empty source, empty state group, and empty group deduced software.

Use run, divided into: status update, read target. Status update is divided into: internal status change, internal and external correlation.

The center’s logo management system 26, artificial seat 27, and information processing 28 interfaces are managed and called for transmission and operation, which are divided into: pre-setting the software for group deduction in the operation structure of the layer, and the required internal status group Π data, It is used to fill the vacancy of the operation structure in the layer, which is called preset; assigning the original dense group 16, the internal state group 17, and the group deduction 18 to the model 21, which is called the distribution model data; the pre-set models are respectively composed of icons 25 The type is called the pre-image type. '

The transmission between the center composition image 25 and the logo management system 26, the artificial seat 27, and the information processing 28 interface, the person composition image 25 direction, the data insertion of the pre-image type, and the operation of the composition image ^ 25's construction memory image type , forming a set like type.

The center's identification management system 26, artificial seats 27, information processing 28 and both parties' secret groups 19, internal structure 20, and models 21 realize networked operation, and are divided into: 19 directions for entering secret groups, and model data that has been formed and distributed (Original dense group and pre-set data) are placed into the empty module, and the operation of the encrypted source and storage settings in the module respectively forms the full source and setting of the module; out of the dense group 19 directions, return the relevant code during operation Run out of instructions.

The dense group 19, internal structure 20, and model 21 of both parties and the final knowledge 24 of the central auditing party output the secret group 19 to realize the target recognition. The operations implemented between the 19 and 20 interfaces of both parties are divided into: 19 directions of entering the secret group, which is to write the transferred original secret group and the environmental secret group data generated by the internal state change into the internal secret of the module according to the order of the secret code and number The operation of the source structure of the target layer is called the dense source; the direction of the dense group 19 is the operation of the dense group in the source to directly form the target in the model according to the specified situation of the dense target layer, which is called the direct source target.

The operation implemented between the internal structure 20 and the model 21 interface of both parties is divided into '. Entering the secret group 19 direction, inputting the original secret group and preset data, dynamically inserted icons and work instructions. Out of the dense group 19 directions, the dense tags obtained directly from the source target form the in-module target; after reading and filtering the data unit attribute status of the inner target layer, it changes into the running dense inner target and indirectly forms the operation of the target in the modal, called indirect Source target; Return related code consumption instructions to the identification management system and output work instructions. The work order is necessary for the model to execute the task, and the nature of its network protocol is implicit to the working principle of the model, which is hidden in other discussions.

The operation of the internal structure 20 of the two parties is as follows: the preset data is placed in the network operation of the empty model, and the transferred preset data is carried out according to the agreement, and the operation of the layer storage is implemented, which is called the storage setting. In the use and operation of the Internet, it is the operation of depositing the transferred image data according to the agreement, which is called deposit. During the use period, after reading the target identification, the operation instruction is completed according to the identification system, and the in-process status of both parties offline is updated.

The two-way information transmission between the object model 21 and the sub-target device 22, and the central model 21 and the target device 29 interface is divided into: 19 directions for entering the secret group, inserting data into the model, and forming an external target entry filter channel , the opaque operation of entering and shielding is called transfer; the 19 directions of exiting dense group are the final return of the internal target and consumption, and the operation of entering and exiting the filter channel, opaque exiting the shielding, and forming a transparent external target. called transfer out. In, out, called conversion. Inner and outer targets, referred to as targets.

The operation division between the model 21 of the two parties and the final knowledge 24 of the reviewer is divided into: the model of the object passes through the source target, transfers out, the outer target is transmitted to the object, and the input network to the central final knowledge forms the final operation, which is called the object target end . The movement of the central model through the source target, transfer out, and the outer target is transmitted to the final consciousness, which is called the central target terminal.

The final knowledge 24 of the auditing party operates as follows: the final center Η of the central object forms a final knowledge, confirms whether the final object of the object is correct, and realizes whether the audit object is true.

The source target, transfer-out, target end, and end consciousness of both sides are each part of the inner and outer operation of the readout target, respectively collectively called the readout and the target, and collectively called the readout target.

The transmission between the final knowledge 24 of the reviewer in the center and the identification management system 26, the artificial seat 27, and the information processing 28 shows the direction of the final knowledge 24 of the reviewer, and the final knowledge of the object is a false signal notification.

The operation of forming the icon 25 is as follows: In the operation of setting the image type, it is the operation of storing the pre-image type data in the structure implemented according to the agreement, which is called the image storage type. The external structure extracts the relevant tracks running in the network environment of the object, and the obtained The unique characteristic information parameters are converted into information codes, the non-characteristic information codes are compressed, and digital machine codes are formed as a single whole determined by the standard specification, which is called a composition image standard.

The image between the modules 21 of both parties and the interface of the composition image 25 is transmitted to the models of both parties, which is called the distribution image. The internal structures 20, modules 21, and the central composition image 25 enter the dense group 19 directions to realize the composition, distribution, transfer, and storage of the image, which is called dynamic placement.

3. Detailed explanation of the structure of the original cipher, set, group, and source

Information set 3 1 is a symbol set and a machine code set.

The elements in the symbol set are randomly extracted multiple times, assembled into the original encrypted symbol subset, and sorted into symbol groups; the symbol groups are converted into code groups. The elements { 0 , 1 } of the machine code set are randomly extracted multiple times, and sorted into code groups; the original encrypted symbol group corresponds to the code group or code group to form a certain digital machine code as a single whole, which is called the generation method. Original code. The original dense code set is synthesized into each original dense group 32 and sorted to generate the original dense group 16, which is called a comprehensive group.

Randomly extract subgroups in the information group, and replace them with randomly selected information in each group divided into a single whole according to the standard specification; or randomly add information to form each group of the standard specification in each group of a single whole divided according to the random contraction specification; or Randomly delete information from each group that divides a single whole according to the standard specification to form each group of the standard specification; or divide each group of a single whole according to the standard specification and then randomly delete some groups and then sort them randomly; it is called the processing method. The original dense group 16 is generated, which is called the analysis group.

The initial number in number group 34 is called the beginning number 35; the last number is called the last number 36. The code of the data unit and number in the meta storage is formed by the correlation of the meta number, which is called the correlation code. Each element number forms a unique setting, which is called element number set, resulting in a standard group, element group 33, number group 34, and code group, called group. Element groups, number groups, form source structures 33-36.

4. The combination of Fig. 3, Fig. 5 and Fig. 6 illustrates the dynamic placement of icon data.

Composition of the operation of the icon 25, the generated icon data is transmitted to the image group source of the internal structure 20 in the model 21 of both parties. -

5 - Establish model details

The establishment of the model process determines the law of full source and number change in the secret label layer and specifies the start number of delivery, whether attribute changes are generated according to the management and call of the inner target layer, and whether the order and symbols are generated according to the management and call of the authorization layer. Code change, whether to generate structural changes according to the management and call of the hierarchical level, whether to hide the image mark in the hidden layer and provide virtual mark to other layers, form the agreement of the internal environment and the first designated number data of the transfer structure (original secret number data), and determine the initial state. The state in the model is called the initial state.

6. Use the running base During the operation period, each layer implements the operation of state update according to the predetermined initial state, and the internal structure of each layer implements the operation of number, attribute, sorting, symbol, structure, and hidden state change according to the rules within and between layers. , form their own new situation, can produce the only relative change and recognizable external end.

When the number of the number group reaches the end number, a signal of the end of the operation of the number group model is given, called the end return, which is used to reset the transfer structure to form the status of the specified start number, inter-layer application or related affairs of the identification system management model. When the user is authorized to confirm the end of each use, a signal for the end of the number is given, called the use return, which is used for redundant reading of target identification and fault tolerance and inter-layer application. When the user is extracted and finished, the use of the number in the number group is deducted, and when the attribute of the undetermined number is constructed and inquired, the consumption of the number is indicated; otherwise, the use of the number is indicated, called consumption return, used to determine the correlation The code property is consistent with the transformed group. Under the consumption return method, until the use of the number group is deducted to zero, a signal of the end of the operation of the number group consumption is given, and the return is completed, which is used to reset the consumption return structure to form the initial attribute status (use), inter-layer application or identification system Manage related affairs of the model. In the weight layer model, the source variable operation end signal is given, which is called life return; in the hierarchical model process, the structural variable operation end signal is given, which is called second life return. The above-mentioned returns are called returns.

Attribute change and source change, the data units affected by the source are divided according to the following specifications: shape, divided into: line, solid, hollow block; curvature, divided into: straight, folded, curved; length, divided into: continuous, intermittent ; Orientation, divided into: horizontal, vertical, oblique, center, symmetrical. See Figure 4. The division specification determines the code length of a certain data unit and its position in the dense group.

Next, referring to Fig. 1-Fig. 6, a general embodiment is given in detail.

1 - Cryptography layer

Under the constraint of the reference condition, the operation structure in the encrypted label layer provides the specified condition group according to the setting agreement, manages and calls the specified condition, forms the unique correlation of the read element, and implements the read target recognition. The specific method of performing the task:

By default, the encryption layer adopts the group consistency of determining the status of each designated number with the status of the designated related code attribute, and the change of the number status is accompanied by the change of the designated related code’s attribute status. , use to stay. '

Let the solid source model be n (l).

According to the marking system, the information code is re-determined and the information code is re-determined as the preparation for the operation of the next use period, which is called pre-preparation; as the preparation for the operation of a subsequent use period according to the agreement, it is called prepare. The information code provided by the operation of a certain period of use is obtained, and it is weighed as the purpose specified by the operation of the period of use.

Starting from the initial number, according to the ordering of the number group, the undetermined number data in the number group is generated, transferred, closed in the secret mark layer, and the relevant internal conditions in the cambium layer change; open outside the secret mark layer, the cambium layer inter-correlation internal state change, internal-external correlation: The operation data of the specified number generated by the random selection of the center is called extraction, which is divided into: the number randomly drawn by the center, regardless of the attributes of the number generated by the number group in the module, is transmitted to the module to form a dynamic input. Weighing pumping. The center randomly selects the used and reserved numbers in the number group, plus the product of the drawn number multiplied by the number modulus n (l), and the resulting sum is used as the replacement of the centrally randomly drawn number, which is called sum pumping. The center randomly extracts the numbers in the number group and sub-number group respectively, and transmits them to the model program to form a dynamic insertion, respectively title and sub-drawing.

In the module process, counting, summing, and virtual standard module counting are performed with the number model n (l), and the undetermined number data in the number group are generated, and the number is counted. In the module, the number, sub-plot and virtual target data are the undetermined number data, which can be called.

For reserved and delivered consumption, pending number data is new number data; for calculated and acquired consumption, construct access return structure, query related code attributes of pending numbers, and related code attribute status has higher priority than number status: all The extracted number is used, and the pending number data is the new number data; the extracted number has been consumed, which is called the pending number, and is handed over to the first available number by the two models sequentially, so as to realize the generation of new number data.

Pre-preparation, pick-and-delivery, pre-preparation (number, sum drawing and virtual bid) calculation, pre-preparation (number, sub-drawing and virtual bid) acquisition, taking (number, sum drawing and virtual bid) calculation, taking (number , sub-extraction and virtual standard) are obtained, each of which is a law of number data change based on number change, which is called change. The new structure is based on the more regular operation to generate the designated new number data; the new number data drives the update structure to limit the readability of the only relevant element in the source, forming a new status of the specified number.

The relative code attributes of all numbers of the first number modulo n ( l) of the dense layer model process are left before, consumed, is the real related period, and is called the former real related period; The stochastic true correlation period is called the pre-stochastic true correlation period. Thereafter, they are all related to unsafe realities.

2. Inner target layer

Under the constraints of basic conditions, the internal structure of the inner target layer provides command status groups, manages and invokes command status according to the setting agreement; informs the encrypted label layer to read the encrypted label string according to the instruction agreement, and determines the attribute status group of the operation encrypted data unit; according to the instruction agreement Form the target data within the operation density and implement the indirect source target. The specific method of performing the task:

Set the initial state to determine the application (the available return can be extended to the time before the start of the source target) to file an application, the inner target layer management and call instruction state (it is the encryption layer management and call designation state, and the imitation of the implementation of the read), and the read instruction is used To form a real-time processing structure.

The properties of the data unit to be used are divided into: the original can be used, called, its status, called status. After the identification system ends the operation instruction, the use is still reserved and will continue to be used when it is designated. Consumption status; end the operation command and end the use, it will still be reserved and dormant, after being activated, it can continue to be used when it is assigned a number, it is called latent, and its status is called latent status. Each instruction randomly agrees on the data unit division attribute to be acted upon. According to the amount of data to be manipulated in the fixed source as stipulated in the instruction, the instruction encryption layer is subject to the control and work requirements of the selection structure: from the specified number to the new state, the encryption string of the code length equal to the amount of data to be manipulated is continuously delivered.

According to the data unit division of the command agreement, from the initial data unit, select the data unit used by the command agreement and the reserved attribute, and arrange each symbol code in order to form the target data in the operation secret, drive the data filtering channel to register, and implement the indirect source target. The law of the independent attributes of the data units in the amount of data being acted on is called pick. The selection structure is based on the selection rule, and each new usage and retention attribute data unit is specified in the affected data volume generated by the selection operation; the new usage and retention attribute data unit drives the target registration, forming a new status of the symbol attribute in the specified data volume.

3. Authorization layer

Under the constraints of basic conditions, the authorization layer provides instruction status groups, manages and invokes command status according to the setting agreement; implements management and invokes the encryption label layer according to each instruction agreement to generate the environment encryption group and symbol status group; implements the environment encryption according to the instruction agreement Determine this baseline condition. The specific method of performing the task:

Let the modulus of variable source number be n (2).

After determining the initial status and confirming that the modulus of the encrypted label layer is n (2) times, the end-of-life return of the designated number status is submitted, and the authorization layer obtains the user return after the end of the use period, and instructs the encrypted label layer to obey the control of the configuration and calculation structure Requirements for work: Stop providing read-out target operation, register the specified original status, and start source change operation to participate in the work of setting and calculation.

According to the instruction agreement, the authorization layer manages and invokes the encrypted label layer to generate encrypted group data changes, which are divided into: sorting (group) data changes and symbol code data changes. The laws of data change are: set and calculate.

The original secret group stored in the full source in the backup and variable source, the original data range in the group is agreed, the data unit corresponds to the data volume and other code lengths, each original data unit is replaced by the original data unit, and the replacement forms the environmental encryption sorting of each original The data unit is replaced by the data unit in the agreed range to form the new data of the environment, which is called the classical position.

The range of the original data within the agreed group', each original data unit corresponds to a new data unit with a code length equal to the data volume, the original and new data units are divided differently, and the new data unit is called the shadow of the original data unit. Implement the classical configuration to form new environmental data, replace the original data units with shadows, and form new data units of environmental classification, and replace the data units within the agreed range to form new environmental data, which is called shadow data.

For the original data within the agreed range, more than one original data unit is operated, and the obtained function is agreed to be a new data unit, and each new data unit is replaced by the original data unit, forming an environment dense sorting of each new data unit, within the agreed The range data unit is calculated and replaced to form the new data of the environment, which is called calculation. The difference from shadow setting is that the new data unit used to replace the original data unit is not the existing division selection but generated by calculation.

According to the source correlation used for setting and calculation, it is divided into: the dense group data transformation of the closed source data is called the internal source correlation; the dense group data transformation of the open source external data is called the external source correlation. According to the data correlation used for setting the correlation outside the source and calculating the correlation between inside and outside the source, it can be divided into: the data obtained in a certain storage area of a certain source is the result of setting the data in a certain storage area of other sources, which is called external; it is the original storage data and The calculation result of data in a certain storage area of the source is called internal dyeing; the result of calculation between the original stored data and data not of the source is called external dyeing; the result of calculation of data in other storage areas of the source is called internal cleaning; right or wrong The result of the data operation of the source is called external cleaning; the result of calculation between data in other storage areas of the source and data other than the source is called internal and external cleaning.

According to the dense correlation of setting and calculation, it can be divided into: the dense group data change determined by the instruction status is called the formation environment dense group; the dense group data change determined by the instruction and the hidden status is called the formation virtual dense group.

According to the dense correlation generated by the source of the setting and calculation function, it can be divided into: the original dense group in the backup and variable sources is changed by the dense group to form the environmental dense group, which is called the initial change; the environmental dense group is changed by the dense group, or the environmental dense group is formed , called continuous change.

According to the configuration and calculation rules, the configuration and calculation structure implement the new dense group data generated by the configuration and calculation operation, manage and call the encryption level write-driven variable source structure, and the only relevant storage in the source forms a new dense group status, which are called sorting variables, The code change is called the state change or the source change of the secret group. Rank change, also known as group change. The environmental dense group status and the attribute status are mutually prioritized.

After the operation of the source change is completed, the environment dense group situation is generated, the authorization layer gives a lifetime return signal, and the encryption layer finishes the work of setting and calculation, withdraws from participating in the source change, and restores the original situation; Knowledge runs.

4. Hierarchy

Under the constraints of the basic conditions, the hierarchical authority layer provides command status groups, management and call command status according to the setting agreement; implements management and call command tables in the authorization layer to generate the encryption group and symbol status of the encryption layer environment according to the command agreement, Generate the environment encryption structure status group of the authorization layer; implement the basic status of the environment encryption generation structure according to the instruction agreement. The specific method of executing the task is the same as the formation of the authorization layer, the real-time processing structure and the setting and calculation rules. The difference is that the initial state, the final return of the linear instruction table in the authorization layer or the end return of the random number distribution instruction table is the application. , after the authorization layer gets the lifetime return signal of the secondary source variable, it instructs the authorization layer to obey the control and work requirements of the configuration and calculation structure: when the authorization layer starts to construct the variable and run it, stop providing management and calling the generation source of the encryption layer Change, register and specify the original situation, participate in the work of setting and calculating, and start to construct and run the change. (The cryptographic layer does not stop providing the read-out target operation.) According to the agreement, the authority layer produces structural changes in the management and call authorization layer. The data object of setting and calculation is the specification based on the division data unit in the operand address of each instruction that generates the encryption layer environment encryption group and symbol status in the authorization layer. The generated specification data may have deviations, which need to be related by both parties. The only fix.

The operation code of each instruction, the address of the operand, and the table of specifications based on which the data unit in the address is divided are collectively called the instruction table.

When the structure change operation is completed, the environmental security structure is generated, the authority layer gives the secondary return signal, and the authorization layer ends the setting, Calculation work, withdrawal from participating in the construction change, and restoration of the original state; determined the basic state of the instruction list based on it, and can continue to provide management and call the source change of the encryption layer.

5. Buried layer

According to the setting agreement, the operating structure in the buried layer provides the specified status group, manages and calls the status of the designated account and customer number; implements the agreed pixel acquisition according to the status of each designated account number, and generates the image group status group; under the constraints of sending element acquisition , Designate the status of this number and implement the environmental encryption to determine the image benchmark status; According to the status of each designated customer number, implement the agreed reading image source to take virtual markers and generate hidden status groups; Provide virtual markers and virtual marker groups according to the agreed status of designated customer numbers For the desired layer, replace the transparent icon, fixed the original dense group. The specific method of executing the task is that the code of the specified number status is equivalent to the code layer code, the difference is:

Determine the initial status to determine the autonomy of the image group status, and the buried status is under the jurisdiction of the replacement of the dynamic image markers provided by the buried layer with the virtual markers provided by the buried layer, and the replacement of the original dense group with the virtual markers provided by the buried layer. Accept customer update, read image source and take virtual label method instructions.

The icon formed and distributed for the first time within a period of validity is called the first icon; the icon formed and distributed last is called the last icon.

When the first image is marked, icon elements are added in each period of use, and multiple icons are dynamically assembled to form a dynamic image set; when the first image is marked, icon elements are added to the last icon in each period of use, and the dynamic collection forms a complete set; the dynamic image set is like The sub-image set of the whole set; according to n (6) as the finite set basis, the sub-image set of icon elements is dynamically replaced, called the image set, which is sorted into image groups.

In the module, the only unit that stores image objects is called the image object storage unit, referred to as the registration unit; the unit group contains the source structure of the image group, which is called the image source structure. Let its modulus be n (6).

The role of Jiyuan is to dynamically register and transmit the image objects during the use period, and the rest period is agreed to be used to implement the prediction and acquisition, brushing, image dyeing, internal and external image cleaning or image source storage of the image objects, and provide internal and external related status changes and images. The icon stored by the source was last used to transfer. The role of the image source is to accept the operation structure management in the layer and call the limited pixels of the specified account and customer number status, store the dynamically registered images during the rest period, and provide backup for the images transmitted during the latent use period, and participate in the flow, Take the virtual mark for pumping, touching and re-changing.

During the use period, the pixels are stored in the pixels; in the rest period, after the hidden layer takes the end of the use period, it stores and replaces the icons into the pixels. All are claimed.

According to the function of the number, the state of designated number in the buried layer can be divided into: one state of designated number is used for the acquisition of pixels, and the image source number group managed by it forms the own number group; the other state of designated number is used for reading image source Take the virtual standard, and the image source number group under its management forms a customer number group.

The status of the designated number of the buried layer is distinguished according to the time sequence of the same use period: the status of the designated number first, and then Specifying the status of the customer number is called the customer; specifying the status of the customer number first, and then specifying the status of the own number is called the customer. When n (6) > n (2), this guest, the established model has pre-stored the secret code in each number pixel of n (6) minus n (2) after the empty image source; guest book, after n (6 ) Minus n (2) Each number of pixels plus 1 has a secret code stored in advance.

The rule of account data change based on the change of book and customer numbers is divided into: book change and customer change. This is more convenient to use delivery, and the customer is the agreement set according to the virtual standards required by each layer.

According to the recursive law, the data transformation operation of this update structure will generate the designated new account data, and drive the update structure to limit the only relevant element in the image source to form a new status of the specified account. The source structure of the image is specified by the meta-generation of this number, and the image is set to run for n (6) times. Only when the new status of the original number disappears, it becomes like a standard status.

The standard status of each image of the empty image source is superimposed on the full image source to form the initial status of the imaging group.

When n (6) > n (2), the state of each image is superimposed on the encrypted image source to form an image group that is similar to the initial state.

After the image source is full, the image source assigned the status of this number will be generated, forming a new status of the image group.

The image standard, image group initial and similar initial, image group new state are called image group state.

Customer change, according to the agreed implementation, is divided into: flow, draw, touch, re-change.

The customer update is delivered simultaneously with the original update, and it is said to be fully stocked.

The difference between the guest shift and the original shift is different (not the previous) number, and the difference between the designated post number between the guest shift and the original shift is m, (the modulo is n (6) continuous counting, m≠0 and < n (6)- l), called m single flow.

Customers are more calculated and obtained, referred to as pumping.

The calculation and acquisition of the virtual target is obtained by reading the image source of the new status of the specified customer number in the customer flow, referred to as touch.

The customer update structure generates the designated new customer number data through the operation of the number data change according to the customer update rules, and drives the customer update structure to limit the only relevant elements in the image source to form a new status of the specified customer number. Under the constraints of the image group condition, a single buried condition of the virtual target is formed, which can be divided into:

The new customer number data of the full single stream forms the status of the full single stream image group: - the icon of each pixel has been latent for n (6) minus 1 operation, used for n (6) times, and is formed by the readout unit Virtual standard circulation.

The new customer number data of the standby m single stream forms the status of the standby m single stream image group: the icon of each pixel has been latent for m minus 1 operation, and is used for the m number, and the readout unit forms a virtual standard circulation.

The extracted new customer number data forms an abstract group status.

The data of the new customer numbers touched form the status of the touch image group.

According to the single buried status, the read pixel takes out the virtual mark and transmits it to other implementing jurisdiction layers, forming a background to provide the exchange of virtual marks inside and outside the model. Generate the designated new customer number data according to flow, pumping and touch operation, form the initial status of the designated customer number, and then change and run the data of each delivery customer number to generate the remaining designated new customer number data to form the remaining status of the designated customer number, direct delivery Weigh and update the status until the end status of the designated customer number is formed. The data of each delivery number based on flow, pumping and touch is changed, and the weighing is changed. Under the constraints of the image group state, the re-update state provides each virtual standard state, forming multiple hidden states of the virtual standard group.

The status of the specified customer number in the single hidden situation, and the situation from the beginning to the end of the specified customer number in the multi-buried situation implement the selection function imitation according to the agreement, take the data units for each icon and attribute, arrange the symbols in sequence, and provide In order to take the virtual standard state equivalently, it is called the compound buried state.

Each compound buried condition forms an equivalent operation condition of a virtual standard group, which is called the group (composite) buried condition.

Single, multiple, compound, and group buried conditions are called buried conditions.

The structure in the buried layer is operated according to the law of burial, and new data are generated in an orderly manner; each new data drives the structure in the buried layer in an orderly manner, forming a new state of burial.

The related code properties of the buried layer are completely the same as those of the cryptographic layer, and the above discussion is hidden.

6. Implement the patch

According to the difference between the specific methods of performing tasks of the above-mentioned layers and the specific methods of performing tasks of existing Ming residual models, implement repairing.

The partial repair module of non-secret level repair shall submit the corresponding application equivalent to each return to each jurisdiction layer and structure after the read variables of each service period are over and before the read target operation. The respective background layers of the two parties can also be simplified to a real-time layer, and the uniquely relevant internal sequence data and symbol data changes in real-time during the use and rest periods respectively generate environmental secret internal target data and target status.

The engineering composition of the present invention can be used as an equivalent change of overlapping, crossing, simplification, and combination of some or all of functions, structures, layers, data, conditions, and changes.

For example, in the inner target layer, the amount of data to be manipulated can involve all the sources of the governed layer, and each metadata unit is equivalent to a secret code. '

For example, authorization layer, setting, computing, and the scope of the affected source can involve the image source, replacing the implementation of the challenge function imitation; single and multiple hidden conditions, providing the same equivalent virtual standard, group equivalent composite, and group hidden conditions .

For example, multiple sources in a model are controlled by a single structure.

For example, the operating structure in the virtual layer: when different layers have the same partial operating structure in the layer, the physical structure is built in a certain layer, and the functional structure is built in other layers; structure, forming a real-time processing structure. For example, the selection structure of the use period and the rest period are the real-time processing structures for the inner target layer and the buried layer respectively, and the setting structure is common to the right and buried layers, and the single update structure provides the assigned new numbers in each layer. data, specified status.

For example, the weight layer can be built into multiple levels.

For example, the right layer of a model controls more governed layers related to both parties through data transmission.

For example, in the inner target layer, the instruction stipulates that the data unit is divided into secret codes, which are also used to change the solid source model, and can notify the secret code layer of the number of retransmission numbers required by the attributes, which is simplified to real-time direct source targets during the use period; agreed When submitting an application based on the attribute status, the selected instruction list can also be governed by authorization and hierarchy.

For example, the classical setting can be simplified as a random linear sequence switching: the simplified convention of random setting, the secret code contained in the element specified by the nth (2) number is the initial number, the original secret group is set sequentially, and the secret code contained in each element is re- Definitely, the original dense group formed by the random linear sequence switching is called the random linear sequence switching, and the environment dense group formed is called the linear sequence reset sequence group.

For example, external or external dyeing or internal and external cleaning or external cleaning can be simplified as brushing or image dyeing or internal image cleaning or external image cleaning: the data obtained from a certain storage area of a certain source during each rest period is the dynamically inserted icon or image The result of replacing the function calculated with the original storage data, or the function calculated with the data in other storage areas of the source, or the function calculated with the data other than the source.

And some well-known technologies can be used, such as the modeling system of data protection technology, the establishment of networking between the two parties, dynamic placement, target reading, and transmission of work instructions; use of information and time redundancy to deal with information operations and operations and errors in transmission; use the remaining redundancy to deal with equipment failures.

These are equally valid.

The modular implementations discussed above are general examples in the signage system. In order to more easily understand the construction method of this pioneering software and hardware technology structure, the following discusses several specific engineering embodiments of applying general embodiments with reference to FIGS. 7-18. '

1. 'OIN-DXP', version 201.

Network of 'User Registration for Any Account, Phone Authentication Transfer to Electronic Credit and Ticketing', abbreviated as 'OIN-DXP'. Identification method: Dense layer model, specified related code attribute status: consumption, change: pick-up and delivery, specified number status, direct source-target, transfer-out, and final transmission drive are manually implemented by the user to replace the internal structure, and the user manually implements the internal structure To run, the technical structure is called version 201.

The network structure of 'OIN-DXP' has the characteristics of connecting telephone communication network, CRS airline ticketing network, and bank computer network into an open network environment.

After the customer of any account registers, he becomes an 'OIN-DXP' user and obtains a "'OIN-DXP' version 101 card", referred to as 'OIN card' in this example. Figure 8 indicates "'OIN card' with 'scratch'" manufactured using the dense layer process of version 201 structure. Among them, the reference number 66 represents the solid source, the reference number 67 represents the yuan, the reference number 68 represents the original code, the reference number 69 represents the number, the reference number 70 represents the consumption and the model interface material, and the reference number 71 represents the manual implementation of the user to replace the internal structure and the manual operation of the user. The inner target area after implementing the inner run. Manual operation by the user to implement internal operation means: When the service lady answers 'please report the verification number', use the 'OIN card' to select from the scraped 'scratched surface' to the unscraped 'scraped surface' in order of number '('Scrape' can only be scraped off in order of numbers), gently scrape off 'Scrape' with fingernails, and correctly report the 'Verification Number' revealed under 'Scratch', and realize the 'specified related code attribute Status: Consumption, Change: Requirements for the technical structure of pick-up and delivery.

Referring to Figure 7, when a user 50 needs to purchase an airplane ticket, he or she enters into a pan-communication network 53 composed of communication networks such as PSTN, A, B, G, CT-2, etc. through any fixed telephone route 51 or mobile telephone route 52, and passes In step 72 (see FIG. 9 ), dial the 'OIN-DXP' central service number, and switch to the converging terminal 54. When the call-in prompt on a certain artificial seat 55, the OIN-DXP center service lady 57A off-hook, and the off-hook signal makes the transaction process voice recorder 56 start working.

The OIN-DXP center service lady 57A and the user 50 first carry out telephone authentication, and the service lady 57A inputs the data reported by the user into the OIN-DXP center (collection terminal manual connection system) computer 58. Here, the OIN-DXP center (collection terminal manual connection system) computer 58 is a name for network integration, which includes functions equivalent to the center 30, and is a computer and electronic information system with identification system and ticket service functions.

Figure 9 shows the flow of user phone authentication. details as follows:

In step 73, a response is made. The service lady replied 'OIN-DXP Center, please report the account number'.

In step 74, report 'account number'. User reports 'Account'.

In step 75, a response is made. If the account number reported by mistake does not exist, the OIN-DXP center computer 58 will display 'account number does not exist', and the service lady replies 'I'm sorry, the account number you reported does not exist, please re-report', and re-reports 'account number'. It has to be right the second time. If an error is reported at the desk, the waitress will answer 'Sorry, the account number you reported still does not exist, please confirm and then dial', the 'OIN-DXP' center hangs up.

If the correct or incorrect account number exists, the waitress will reply 'please report the verification number'.

In step 76, scrape off the 'scratch' and report the revealed 'verification number'. Use the 'OIN card' to select from the scratched 'scratch' to the unscratched 'scratch' ('scratch' can only be scraped in the order of number), gently scrape with your fingernails Go to 'Scrape', you must correctly report the 'Verification Number' displayed under 'Scrape'. Can be fault-tolerant twice.

In step 77, a response is made. If the error is reported three times, the waitress replies 'Sorry, you are not authorized to use this Account', hang up.

If it is correct, the service lady will answer 'what service do you need', indicating that the user has completed the phone authentication.

Thereafter, the service lady 57A operates the CRS terminal 59, and deducts Γ the required air ticket for the user 50 through the CRS local host 60 and enters it into the OIN-DXP central computer 58. After the service lady 57A said ' hang up please', hang up, and the hang up signal makes the transaction process voice recorder 56 finish work. At this point, the foreground transaction of the agreement is completed.

What needs to be explained is: the so-called "authentication" is a popular term, that is, to achieve authenticity through identification. The so-called 'account number' is a popular term, that is, it can retrieve the necessary information recorded when the user registers in the 'OIN-DXP' center.

The so-called "scratch surface" is a popular name, that is, the interface material between the consumption and the mold process. It is named because it is a tight covering and can be gently scraped off with a fingernail when needed.

The so-called 'verification number' is a popular term, namely final.

Referring to Figure 7 again, the OIN-DXP center needs to complete the protocol background transactions as follows.

The OIN-DXP central computer 58 prints out the 'first receipt'. The service lady 57A operates the receipt fax machine 61 at the center, and transmits the 'first receipt' to the receipt fax machine 62 at the bank.

After the bank receives the order, the staff member 57B inputs the relevant data into the OIN-DXP bank computer 63, and after completing the authentication of the OIN-DXP central computer 58, operates the bank terminal 64, and freezes the OIN-DXP required by the user through the bank host 65. The fare of the purchased air ticket is input into the OIN-DXP bank computer 63 . The OIN-DXP bank computer 63 prints out the 'second slip'. The worker 57B operates the bill fax machine 62 at the bank, and returns the 'second slip' to the central bill fax machine 61.

After receiving the receipt, the service lady 57A will input the relevant data into the OIN-DXP central computer 58, and after completing the authentication of the OIN-DXP bank computer 63, the OIN-DXP central computer 58 will print out the 'Ticket Collection Form' and the airline ticket, and store them With the terminal hall 'OIN-DXP Redemption Office'.

Before boarding the plane, the user redeems the ticket at the 'OIN-DXP Redemption Office' with his ID card, and signs the 'Ticket Collection Form'. The service lady 57A inputs the relevant data of the 'ticket ticket' into the OIN-DXP central computer 58, and the OIN-DXP central computer 58 prints out the 'fourth receipt'. The service lady 57A operates the receipt fax machine 61 at the center, and transmits the 'fourth receipt' to the bank receipt fax machine 62.

After the bank receives the order, the staff member 57B enters the relevant data into the OIN-DXP bank computer 63, and after completing the authentication of the OIN-DXP central computer 58, operates the bank terminal 64, and transfers the frozen user to purchase the air ticket through the bank host 65 The money is transferred to the OIN-DXP account.

2 · 'OIN-DH', version 6.113. 'User registration of any account, phone authentication transfer to electronic money (credit and settlement)' network, abbreviated

'OIN-DH'. Identification method: two-hidden layer model, specify the relevant code attribute status: consumption, change: advance, model operation constraints automatically identify the network protocol running, this technical structure is called version 6.113.

The network structure of 'OLN-DH' has the characteristics of connecting telephone communication network and bank computer network into an open network environment. The network structure of 'OIN-DH' has the ability to convert merchants who must have POS into merchants as users, and convert ATM cash withdrawals into cash and credit transactions between users.

After registration, customers of any account become 'OIN-DH' users and get "'OIN-DH' version 6.113 card" (referred to as 'OIN electronic card' in this example).

(1) Referring to Figures 10-12, the flow of telephone currency settlement in which the paying user 78 needs to pay a sum of money to the receiving user 87 will be described below.

The payment user completes the foreground operations as follows.

In step 99, payment user data entry is performed. The payment user 78 operates his own 'OIN electronic card', turns on the power, correctly enters the PIN, and inputs the payment amount and the account number of the receiving user according to the screen prompts.

In step 100, off-hook execution. Insert the 'OIN electronic card' into the 'OIN-DH' port of the receiving user's phone or the 'OIN-DH' port of your own mobile phone, and press the 'OIN-DH, payment key.

In step 101, the paying user waits for a reply, and in step 102, the receiving user waits for a notification. Paying user 'OIN Electronic Card' shows 'Working'.

Referring now to FIG. 11 , it describes the process of automatically completing background operations for network joining.

At step 88, dial the 'OIN-DH' center. 'OI electronic card' controls the payee's phone to use DTMF signaling or his own mobile phone to use digital signaling (hereinafter referred to as signaling), and enters such as PSTN, A, The pan-communication network 83 composed of B, G, CT-2 and other communication networks automatically dials the 'OIN-DH' service number and switches to the 'OIN-DH' host 84.

In step 89, a response is made. The 'OIN-DH' host 84 iM follows the instruction of the 'OIN electronic card' of the paying user 78 through the corresponding incoming fixed-line phone routing 80 or the paying user's incoming mobile phone routing 82 (hereinafter referred to as the communication routing), and starts the work of mutual authentication process.

In step 90, the object is confirmed. The 'OIN electronic card' control signaling passes through the routing, reports its own setting, and responds in step 91. The 'OIN-DH' host 84 receives signaling via the route. If the object of the error report does not exist, the 'OIN-DH' host 84 control signaling responds with 'report error' through routing. It has to be right the second time. If an error is reported again, the 'OIN-DH' host 84 control signaling responds 'still error' through the route, and then hangs up. If a correct or error object exists, the 'OIN-DH' host 84 controls the signaling by routing the response 'terminated'.

In step 92, report object end. The 'OIN electronic card' controls the signaling through routing and reports its own terminal. Fault tolerance N times. - In step 93, answer. If an error is reported N times, the 'OIN-DH' host 84 control signaling responds 'no right' through the route, and then hangs up. If correct, respond 'correct' and announce your end. Fault tolerance N times.

At step 94, the receiving center is terminated. The 'OIN electronic card' receives the final signaling of the 'OIN-DH' host 84 through the router.

In step 95, reply. If an error is reported for N times, the control signaling responds 'no right' through the routing, and then hangs up. If it is correct, respond with 'correct', and transmit the packaged payment amount and receiving user account data control signaling to the 'OIN-DH' host 84 through routing.

In step 96, icons are assigned. After the 'OIN-DH' host 84 receives it through the router, it reports the image. In step 97, the mutual identification is ended. After the 'OI electronic card' receives the image signaling from the 'OIN-DH' host 84 through the router, it will instruct to end the mutual identification.

In step 98, work on the background layer. 'OIN electronic card' and 'OIN-DH' host 84 carry out image labeling work.

'OIN-DH' host 84 and bank computer 85, after completing mutual authentication, the bank computer unpacks the packaged payment user account number, payment amount, and recipient user account data, completes the transfer, and notifies 'OIN-DH' host.

Network automatic background operation and user foreground operation are as follows.

In step 103, check is performed. The 'OIN-DH' host 84 notifies the paying user 78 and the receiving user 87 of the packaged payment through the corresponding incoming fixed-line phone routing 80 or the paying user's incoming mobile phone routing 82 and the receiving user's incoming mobile phone routing 86. User account number, payment amount, receiving user account number, transfer completion data. The 'OIN electronic cards' of the paying user 78 and the receiving user 87 both display 'paying user account number, payment amount, receiving user account number, transfer completed', and both parties check.

In step 104, the payment is completed. Both parties check that it is correct and complete the telephone currency settlement. If there is a discrepancy in one of the four items of "paying user account number, payment amount, receiving user account number, and transfer completion" displayed by the 'OI electronic card' of the paying user 78 and the receiving user 87, and restart step 99. The difference is that in step 100, change "press the 'OIN-DH' payment key" to "press the 'OIN-DH' repayment key".

(2) The paying user 78 needs to obtain a sum of cash from the receiving user 87, and transfer the same amount from his account to Flow of telephone money settlement of the receiving user 87.

Basically the same as (1), the difference lies in:

The paying user receives cash from the receiving user, not the goods.

3 - 'OIN(Sh)' , version 6.114.

'Provide authentication and e-commerce for registered users with physical access and online account opening on the Internet platform', referred to as 'OIN(Sh)'. Identification method: two-hidden layer model, specify the relevant code attribute status: consumption, change: advance, model operation constraints automatically identify the network protocol running, the center is built on the Inrtemet platform and uses the information work cluster as a supporting environment, this technology The structure is called version 6.114.

The most notable feature of 'OIN(Sh)' network structure is the thoroughness of information processing. This is determined by the technical structure of the center built on the Inrtemet platform and using the information work cluster as the supporting environment.

Customers who have a device with physical access to Inrtemet and open an account in Inrtemet Internet Banking, become 'OIN(Sh)' users after registering through the 'OIN(Sh)' center (Online Business Center 105), and get "'OIN(Sh)' version 6.1 14 cards" (abbreviated as 'OIN electronic card' in this example).

A device that physically accesses Inrtemet under the direction of the 'OIN Electronic Card' becomes an authenticated device that accesses Inrtemet.

If Inrtemet's accessible equipment cancels the authentication of the visitor, it has the ability to access Inrtemet's accessible equipment and be accessed, which is called physical access. Under the premise of physical access, the ability to access Inrtemet's equipment that is open to the public but requires authentication of visitors through authentication is called authenticated access.

The flow of Internet mutual authentication is completely equivalent to the flow of "telephone mutual authentication without considering the routing of control signaling". In other words, the control signaling is a feature of physical access on the Internet platform through routing, and this feature of the process of telephone mutual authentication is deleted, which is the process of Internet mutual authentication.

Figure 14 shows the flow of Internet mutual authentication. The block 114 calls the center, the block 115 executes the response, the block 116 reports the target, the block 117 executes the response, the block 118 reports the object clock, the block 119 executes the response 119, and the block 120 receives At the end of the center, the block 121 replies, the block 122 allocates icons, the block 123 ends the mutual identification, and the block 124 performs background layer work.

In this example, the visits between the main units of the 'OIN(Sh)' network structure are mutual authentication visits. The identity of the visitor is equivalent to the 'OIN-DH' user, and its sub-label device is equivalent to the 'OIN Electronic Card' of 'OIN-DH'; the identity of the interviewee is equivalent to the 'OIN-DH' center, and its identification device is Host equivalent to 'OIN-DH'. Mutual authentication access realizes the access between main units under the security protection of preventing and resisting attacks, that is, realizes the security of each step of e-commerce, thereby realizing the security of e-commerce. Figure 15 shows the Internet mutual authentication e-commerce structure. It includes: user registration 125 , merchandise exhibition 126 , and proxy transaction 127 .

(1) Referring to Figures 13 and 16, describe the Internet user registration process.

At step 128, the client makes an application. The customer fills in the application documents (including the customer's nationality, residence, name, physical access ability, online account opening bank certificate, account number), and submits to the network business center 105 through Internet mutual authentication of the online account opening bank (application party bank) in the bank group 113.

In step 129, a contract is signed. The network business center 105 agrees that the customer joins, signs the 'OIN(Sh)' contract, and forwards the 'OI(Sh)' contract to the applicant party through Internet mutual authentication to the applicant party. The applicant client signs the 'OIN(Sh)' contract, and submits to the network business center 105 through the Internet mutual authentication of the applicant party.

In step 130, an 'OIN Electronic Card' is issued. The network business center 105 receives the 'OI (Sh)' contract, and transfers the 'OIN electronic card' to the applicant client through Internet mutual authentication to the applicant party.

The customer receives the 'OIN electronic card', completes the registration, and becomes a user.

(2) Referring to Figures 13 and 17, describe the process of Internet goods exhibition and sale.

In step 131, file materials are prepared. In the user group 112, the users (seller users) who need to sell goods on the 'OIN(Sh)' fill out the 'OIN(Sh)' exhibition goods contract and prepare the information on the goods on display.

At step 132, a commit is performed. Documents are submitted to the network business center 105 through Internet mutual authentication. The network business center 105 agrees with the seller user 'OIN(Sh)' to sell the goods contract, and submits the signed contract to the seller user through Internet mutual authentication.

In step 133, an insurance letter of credit for goods on display is issued. After the seller user receives the contract that the network business center 105 agrees to sell, it notifies the account opening bank (the seller's party bank) in the bank group 113 through Internet mutual authentication to issue the insurance letter of credit for the goods on display.

The seller's party submits the insurance letter of credit issued by the exhibited goods to the network business center through Internet mutual authentication

105.

In step 134, the network business center and the seller reach a goods exhibition contract. After the network business center 105 receives the letter of credit issued by the seller's party, the 'OIN(Sh)' exhibition goods contract becomes effective. The network business center 105 notifies the seller that the user contract becomes effective through Internet mutual authentication.

The 'OIN(Sh)' exhibition goods contract is submitted to the contract management center 109 for record. The insurance letter of credit for exhibited goods shall be submitted to 108 of the Letter of Credit Management Center for recordation.

In step 135, the goods are displayed. After the 'OIN(Sh)' exhibition goods contract becomes effective, the network business center 105 will provide the goods exhibition center 107 with information on the exhibition goods for sale in 'OIN(Sh)'. (3) Referring to Figures 13 and 18, describe the proxy sale transaction process.

In step 136, the user browses the display center. It is open and does not require authentication.

In step 137, the user confirms the purchase list. The user (buyer user) in the user group 112 fills in the list of goods purchased by oneself (having the document attribute of the contract for purchasing goods at the same time).

In step 138, the buyer user notifies the bank to issue the letter of credit. The buyer's user notifies the account opening bank (buyer's party bank) in the bank group 113 to issue the letter of credit through Internet mutual authentication.

In step 139, the network business center receives the buyer's goods list and the bank issues a letter of credit. The buyer user submits the purchased goods list to the network business center 105 through Internet mutual authentication. The buyer's party submits the letter of credit for the purchase of goods to the network business center 105 through Internet mutual authentication.

In step 140, the network business center and the buyer reach a consignment contract. After the network business center 105 receives the list of purchased goods and the letter of credit for purchased goods, the 'OIN(Sh)' contract for purchased goods becomes effective. The network business center 105 notifies both the buyer and the seller that the contract to purchase the goods is effective through Internet mutual authentication.

'OIN(Sh)' The goods purchase contract is submitted to the contract management center 109 for record. The letter of credit for the purchase of goods is submitted to the letter of credit management center 108 for recordation. Notify the transaction execution center 110 .

In step 141, a transaction check is performed. The transaction execution center 110 checks the execution status through Internet mutual authentication according to the 'OIN(Sh)' purchase contract.

In step 142, payment is made. After the execution of the goods purchase contract is correct, the letter of credit for the purchase of goods will be submitted to the seller's party through Internet mutual authentication.

Claims

claims

1. A method for identifying the center of an object that an open information network applies for services to the center, each of which has a broadly unique definition of the object and the center has a generalized unique correlation with each other, and implements the final center recognition under the constraints of inspection and identification to identify the object, which is characterized in that , also includes the following steps:

The dense layer model uniquely establishes the given;

During the read-target run of the final core, the cryptogram layer implements a direct source-target run.

2. The method according to claim 1, characterized in that, the dense layer model is replaced by the filter layer model, and during the target reading process of the final center recognition, the filter layer controls the dense layer to implement indirect source target operation .

3. The method according to claim 1, wherein the dense layer model is replaced by the weight layer model, and during the rest period, the authorization layer controls the source change of the dense layer.

4. The method according to claim 1, characterized in that, the dense layer model is replaced by the hierarchical model, and during the rest period, the structure of the hierarchical control authorization layer changes.

5. The method according to claim 1, wherein the dense layer model is replaced by a hidden layer model, and the hidden layer hides the icon and provides the virtual mark to the required layer.

6. The method according to claim 1, wherein the dense layer mold is replaced by a repair mold.

7. A method for identifying objects on an open information network that applies for services from a center, each having a broad-sense unique relationship between the objects and the center, which is characterized in that it also includes the following steps:

The modular model is used for the only operable relationship between the object and the center in a narrow sense;

There is a final knowledge built in the object sub-label device;

Implement the final object identification under the constraints of identification, and realize the real identification center using the model series method.

8. The method according to claim 1, 2, 3, 4, 5, further comprising the following steps: '

The encryption label layer provides the original encryption group and the specified status group;

Under the constraint of returning, construct management and call the specified situation;

Under the constraints of the base state, the element is read according to the specified state.

9. The method according to claims 2, 3, 4, and 5, further comprising the following steps: the inner target layer provides an instruction status group under the constraint of the basic status;

Under the constraint of return, select structure management and call instruction status;

Notify the governed layer to read the encrypted string according to the agreement of each instruction, and determine the attribute status group of the environmental encrypted data unit; According to the command agreement, the environment confidential target data is formed.

10. The method according to claims 3, 4, and 5, further comprising the following steps: the authorization layer provides an instruction status group under the constraints of the basic status;

Under the constraint of the code layer modulo n (2) times of specifying the situation and returning to the end, set and calculate the structure management and call instruction state;

Under the constraints of the use return at the end of the use period, implement management and call the encryption label layer according to the agreement of each instruction to generate an environment encryption group status group;

The baseline situation is determined according to the implementation environment of the instruction agreement.

11. The method according to claims 4 and 5, further comprising the following steps:

Under the constraints of the basic conditions, the hierarchy layer provides instruction status groups;

Under the constraints of the last instructions of the authorization layer, set and calculate the structure management and call instruction status;

Under the lifetime return constraints of this sub-source change, implement management and call the instruction table in the authorization layer to generate the environment encryption group status group in the authorization layer according to the agreement of each instruction, and generate the environment encryption configuration status group in the authorization layer;

According to the instruction agreement, the implementation environment is encrypted to determine the basic situation.

12. The method according to claim 5, further comprising the following steps:

The buried layer provides a specified group of conditions;

Respectively under the constraints of the user return and customer update method instructions at the end of the use period, the operation structure management and call status of the specified account and customer number in the layer;

According to the status of each designated local number, the agreed pixel acquisition is carried out, and the status group of the group of images is generated;

Under the constraints of Jiyuanhuo, specify the status of this number to implement the environmental code to determine the benchmark status of the image;

According to the status of each designated customer number, the agreed reading image source is used to take the virtual mark, and a hidden status group is generated;

Provide virtual labels and virtual label groups to the required layers according to the agreement on the status of the designated customer number, replacing the transparent image labels and fixed original secret groups. -

13. The method according to claim 8, characterized in that, the change of the assigned number status of the configuration operation is based on the rule of the number data change.

14. The method according to claim 8, characterized in that, the rule of attribute data transition based on the attribute status change of the specified correlation code used by default in the construction operation is changed.

15. The method according to claim 9, characterized in that, the rule of attribute data transition based on which the attribute status of the environmental confidential data unit of the construction and operation is changed is selected.

16. The method according to claim 10, characterized in that, setting and calculating the operating environment of the dense group The law of dense group data transition based on the situation change is: set, calculate.

17. The method according to claim 11, characterized in that, the change rule of the specification data based on the environment and structural conditions of the configuration and operation of the configuration and calculation is as follows: configuration, calculation; the generated specification data may have deviations, and both parties are required Relevant only fixes.

18. The method according to claim 12, characterized in that, the orderly generation of data transitions according to the buried status of the operating structure in the layer is as follows: local update, guest update, pixel acquisition, and image source reading.

19. The method according to claim 6, characterized in that, under the utilization of existing resources, the repair of the authenticity-related security degree of the existing identification system is: partial repair.

20. The method according to claim 7, wherein the terminal knowledge of the object replaces the terminal knowledge of the center, and the specific method for performing the terminal object recognition task and the specific method for performing the terminal center recognition task are in an interface mirroring relationship.