WO1999028887A2 - Verfahren zur reduzierung von speicherplatzbedarf für einen elektronischen ersten schlüssel und anordnung zur ver- und entschlüsselung - Google Patents
Verfahren zur reduzierung von speicherplatzbedarf für einen elektronischen ersten schlüssel und anordnung zur ver- und entschlüsselung Download PDFInfo
- Publication number
- WO1999028887A2 WO1999028887A2 PCT/DE1998/003470 DE9803470W WO9928887A2 WO 1999028887 A2 WO1999028887 A2 WO 1999028887A2 DE 9803470 W DE9803470 W DE 9803470W WO 9928887 A2 WO9928887 A2 WO 9928887A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- key
- permutation
- blocks
- identifier
- permutations
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
Definitions
- the invention relates to a method for reducing the storage space requirement for an electronic first key and an arrangement for encryption and decryption.
- a "key” is understood to mean data that are to be kept secret and are to be used in particular in a cryptographic process.
- An "attacker” is an unauthorized person with the goal of getting the key.
- keys are each determined with lengths of several 100 bits.
- a memory area of a computer or portable medium that is protected from an attack that is, a memory area that an attacker cannot read, is usually very small.
- a length of a key of several 100 bits stored in such a protected memory area reduces free memory space within the protected memory area, so that relatively few such keys can be stored together.
- the object of the invention is to provide a method for reducing the storage space requirement for an electronic key and an arrangement for encryption and decryption, the disadvantage described above being avoided.
- a method for reducing the storage space requirement for an electronic first key with a predetermined length is specified, in which the first key contains a number of units corresponding to the predetermined length. Several units are combined into one block.
- the first key is represented by several blocks, and a publicly accessible identifier is created from the first key by determining a permutation of the blocks and storing an index for this permutation as an electronic second key.
- the index identifies the permutation after which the blocks of the first key have been exchanged.
- a first position in the index can contain a number that describes the position to which the first block of the first key has been moved based on the permutation.
- the second position of the index refers to the position (a block corresponds to a position) of the public identifier which represents the second block of the first key, etc.
- the result of continuing this process until all blocks have been assigned is one Permutation number (PERM, see Fig. 3) that uniquely references the first key from the publicly accessible identifier.
- the index can also be a shortened form of the permutation number. If n denotes the number of blocks, then (if all blocks are different in pairs) n! Possibilities to arrange the blocks. Blocks 1 to n can be arranged in different ways. Sorting the possibilities of the arrangement according to a given scheme (e.g. in a table) by size, whereby each block receives a number according to its position, you can determine the index by looking for the entry of the permutation number and its place within the arrangement (with reproducible order) is saved as an index (see example in Fig. 3 and Table 1).
- the reduction in the storage space requirement for the first key results from the fact that only the second key is stored.
- the second key comprises the index and therefore requires significantly less storage space than the first key.
- the storage space requirement for the second key is preferably determined by the number of possible permutations.
- the created identifier can be made publicly accessible, so it does not have to be stored in a protected memory area. An attacker who learns of this identifier, even if he knows the block size, has n! Possibilities (n is the number of blocks) to determine the first key from the identifier. In practice, such an attempt is extremely unlikely to succeed.
- a further development consists in the blocks each comprising an equal number of units. It is also a further development that one of the following units is used: a) number; b) alphanumeric character; c) byte; d) bit.
- the second key is stored in a protected memory area, preferably on a chip card.
- Storage area provides.
- the protected memory area ensures that data contained there cannot be easily read by an attacker. Since the available storage space in the protected storage area is generally small, it is a significant advantage if a key to be stored in the protected storage area is reduced in length without having to accept a reduced security of the cryptographic method.
- Permutation of the blocks is determined by carrying out the following steps: A permutation is randomly determined from all possible permutations, the permutations being created according to a specific scheme and thus an order of the permutations created can be reproduced. The index then determines a place for the permutation within the sequence of the permutations.
- the Blocks swapped and saved as a publicly accessible identifier.
- a third key is determined on the basis of the second key, this third key being equal to the first key.
- the public identifier is divided into blocks, each block comprising several units of the identifier.
- a third key is determined from the identifier and the second key, in that all possible permutations of the blocks, which are reproducibly created in their sequence, and the permutation among the permutations that represents the third key is determined using the second key.
- the index (second key) is used for addressing within the sequence of the permutations, so that the associated permutation with the publicly accessible identifier defines a third key which is the same as the first key.
- the second key is a secret key and is protected
- Memory area e.g. a chip card.
- an arrangement for encryption and decryption is also specified with a medium which has a protected memory area and with a
- Computing unit which is set up in such a way that a first key is shortened in accordance with the steps of the method described above.
- the medium is preferably a portable medium, for example a chip card.
- the protected memory area can be stored both on the medium and within a computer, which is connected, for example, in a network with other computers.
- the protected memory area should be sufficiently secure against unauthorized access. This ensures suitable mechanisms, for example reading the protected
- FIG. 1 shows a sketch which represents a method for reducing the storage space requirement for an electronic first key
- FIG. 2 shows a sketch which represents a method for restoring the first key from the publicly accessible identifier and the second key
- a computing unit 1 shows a method for reducing the storage space requirement for an electronic first key.
- the first key is divided into blocks, the blocks each containing an equal number of units. Such units are preferably numbers, alphanumeric characters, bytes or bits.
- a permutation is randomly determined from all permutations of the blocks that are reproducible in their order. This random permutation is used as a publicly available identifier. From the order of the blocks corresponding to this permutation, it is extremely unlikely that the first key will be restored if the first key is provided with a suitable number of units. The selected permutation has a certain place within the order of all permutations (order reproducible) (see step 103).
- the index is stored as a second key. The second key is stored in a protected memory area.
- step 201 shows steps of a method for restoring the first key from the publicly accessible identifier with the second key.
- a step 201 reproducible permutations of the blocks of the identifier are determined from the identifier.
- a permutation among the permutations is determined as a third key (see step 202).
- the third key is equal to the first key (see step 203). The first key that was mapped in a second key to reduce storage space is thus restored.
- Fig. 3 illustrates the relationships.
- the first key Kl "1234567890” comprises several units UNIT “1", “2", “3”, “4", “5", “6", “7”, “8”, “9”, “0” which are each represented by an alphanumeric character.
- a step 301 the first key K1 is subdivided into blocks BL “1 2", “3 4", “5 6", “7 8", “9 0”, each of which comprises two units EINH.
- a next step 302 determines a random combination of the blocks BL to form an identifier KEN "3478129056", which can be publicly accessible.
- a step 303 represents a permutation number PERM "24153" which uniquely converts the identifier KEN into the first key K1.
- the permutation number PERM maps the identifier KEN to the first key, in that the first digit of the permutation number PERM "2" is the first digit of the identifier KEN "3 4" based on blocks of two units and this block as the second block of the first key Kl identifies. The second digit of the identifier KEN "7 8" is therefore the fourth digit of the first key K1, etc. After complete assignment, the permutation number clearly results in the first key K1 to "1234567890".
- a further assignment results in a representation of the first key K1 that is significantly shortened in relation to the length of the permutation number PERM.
- a place in this order is determined from the permutation number PERM based on the sequence of all permutations that have the same number of digits as the permutation number PERM using table 1.
- Sorting the possible permutations according to size results in a clear order of all permutations (from 0 to n! -L) (see table 1 as a section of the first 47 options).
- the entry is determined in a step 305 which references the permutation number PERM in the table LISTE.
- the 37th entry in Table 1 (LIST in Fig. 3) is equal to the permutation number PERM. Accordingly, the 37th entry, ie the character string “037”, is stored as the second key K2.
- the second key K2 has a significantly reduced length compared to the first key Kl.
- the second key K2 is preferably protected Storage area filed.
- the size of the second key K2 is determined by the number of possible permutations. If n is the number of blocks BL into which the first key K1 is divided, the number of possibilities for "n! Results. Here in the example there are 5 blocks, i.e. 120
- the second key K2 is three digits ("000" to "119") in decimal notation, but only 7 bits in binary notation.
- the first key Kl comprises several 100 bits
- Table 1 mainly serves to illustrate the basic procedure.
- the number of blocks n is usually large, so that the assignment described, indicated by Table 1, is preferably carried out according to a specific scheme. Such a scheme will be explained below.
- T position of the read number from list L 3.
- k k + (T-l) * (n-s)!
- the s-th block of the permuted key is the block of the secret key located at (E + 1) -th position of the list L 5.
- the (E + l) th entry in list L is deleted, subsequent entries move forward by one position
- 3rd R 0 4th 4th block of the permuted key is the 2nd position of the
- the permutation is: 2,4,1,5,3 3 that the identifier K2 can be determined from the PERM permutation and vice versa the PERM permutation can be determined from the identifier K2.
- the LIST block ensures an allocation of the location of the PERM permutation within the set of all permutations of the same length, the permutations being sorted according to size.
- FIG. 1 An arrangement for encryption and decryption is shown in FIG. 1
- a portable medium 401 preferably a chip card, comprises a (conventional) memory area MEM 403 and a protected memory area SEC 402
- Interface IFC 404 data is exchanged between the medium 401 and a computer network 406 via a channel 405.
- the computer network 406 comprises a plurality of computers which are connected to one another and communicate with one another. Data for the operation of the portable medium 401 are preferably available distributed in the computer network RN 406.
- the protected memory area 402 is designed to be unreadable.
- the data of the protected memory area 402 is used on the basis of a computing unit which is accommodated on the portable medium 401 or in the computer network 406. As a result, a comparison operation can indicate whether or not a comparison of an entry with a key in the protected memory area 402 was successful.
- a computing unit 501 is shown in FIG.
- the arithmetic unit 501 comprises a processor CPU 502, a memory 503 and an input / output interface 504, which is used in different ways via an interface 505 led out of the arithmetic unit 501: an output on a monitor 507 is visible via a graphics interface and / or printed out on a printer 508. A Input takes place via a mouse 509 or a keyboard 510.
- the computing unit 501 also has a bus 506, which ensures the connection of memory 503, processor 502 and input / output interface 504. It is also possible to connect additional components to bus 506: additional memory, hard disk, etc.
Abstract
Description
Claims
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CA002312358A CA2312358A1 (en) | 1997-12-01 | 1998-11-25 | Method for reducing memory space requirement for an electronic first key, and arrangement for encryption and decryption |
EP98966766A EP1034527A2 (de) | 1997-12-01 | 1998-11-25 | Verfahren zur reduzierung von speicherplatzbedarf für einen elektronischen ersten schlüssel und anordnung zur ver- und entschlüsselung |
JP2000523655A JP2001525624A (ja) | 1997-12-01 | 1998-11-25 | 第1の電子鍵用の所要メモリロケーションを低減する方法及び暗号化及び暗号解読用の装置 |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE19753274.8 | 1997-12-01 | ||
DE19753274 | 1997-12-01 | ||
DE19801776 | 1998-01-19 | ||
DE19801776.6 | 1998-01-19 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO1999028887A2 true WO1999028887A2 (de) | 1999-06-10 |
WO1999028887A3 WO1999028887A3 (de) | 1999-07-29 |
Family
ID=26042074
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/DE1998/003470 WO1999028887A2 (de) | 1997-12-01 | 1998-11-25 | Verfahren zur reduzierung von speicherplatzbedarf für einen elektronischen ersten schlüssel und anordnung zur ver- und entschlüsselung |
Country Status (4)
Country | Link |
---|---|
EP (1) | EP1034527A2 (de) |
JP (1) | JP2001525624A (de) |
CA (1) | CA2312358A1 (de) |
WO (1) | WO1999028887A2 (de) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2003048943A2 (de) * | 2001-11-28 | 2003-06-12 | Infineon Technologies Ag | Speicher für die zentraleinheit einer rechenanlage, rechenanlage und verfahren zum synchronisieren eines speichers mit dem hauptspeicher einer rechenanlage |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5003596A (en) * | 1989-08-17 | 1991-03-26 | Cryptech, Inc. | Method of cryptographically transforming electronic digital data from one form to another |
US5097504A (en) * | 1986-03-19 | 1992-03-17 | Infoscript | Method and device for qualitative saving of digitized data |
EP0636963A2 (de) * | 1993-07-30 | 1995-02-01 | International Business Machines Corporation | Authentifizierungseinrichtung unter Verwendung von einmalig benutzbaren Kennworter |
WO1997005720A2 (en) * | 1995-07-27 | 1997-02-13 | Nextlevel Systems, Inc. | Cryptographic system with concealed work factor |
-
1998
- 1998-11-25 WO PCT/DE1998/003470 patent/WO1999028887A2/de not_active Application Discontinuation
- 1998-11-25 JP JP2000523655A patent/JP2001525624A/ja not_active Withdrawn
- 1998-11-25 EP EP98966766A patent/EP1034527A2/de not_active Withdrawn
- 1998-11-25 CA CA002312358A patent/CA2312358A1/en not_active Abandoned
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5097504A (en) * | 1986-03-19 | 1992-03-17 | Infoscript | Method and device for qualitative saving of digitized data |
US5003596A (en) * | 1989-08-17 | 1991-03-26 | Cryptech, Inc. | Method of cryptographically transforming electronic digital data from one form to another |
EP0636963A2 (de) * | 1993-07-30 | 1995-02-01 | International Business Machines Corporation | Authentifizierungseinrichtung unter Verwendung von einmalig benutzbaren Kennworter |
WO1997005720A2 (en) * | 1995-07-27 | 1997-02-13 | Nextlevel Systems, Inc. | Cryptographic system with concealed work factor |
Non-Patent Citations (1)
Title |
---|
See also references of EP1034527A2 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2003048943A2 (de) * | 2001-11-28 | 2003-06-12 | Infineon Technologies Ag | Speicher für die zentraleinheit einer rechenanlage, rechenanlage und verfahren zum synchronisieren eines speichers mit dem hauptspeicher einer rechenanlage |
WO2003048943A3 (de) * | 2001-11-28 | 2004-04-08 | Infineon Technologies Ag | Speicher für die zentraleinheit einer rechenanlage, rechenanlage und verfahren zum synchronisieren eines speichers mit dem hauptspeicher einer rechenanlage |
US7181576B2 (en) | 2001-11-28 | 2007-02-20 | Infineon Technologies Ag | Method for synchronizing a cache memory with a main memory |
Also Published As
Publication number | Publication date |
---|---|
WO1999028887A3 (de) | 1999-07-29 |
JP2001525624A (ja) | 2001-12-11 |
CA2312358A1 (en) | 1999-06-10 |
EP1034527A2 (de) | 2000-09-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1246043B1 (de) | Verfahren zur Übertragung von Daten über einen Datenbus | |
DE19839847A1 (de) | Speichern von Datenobjekten im Speicher einer Chipkarte | |
DE3827172A1 (de) | Einrichtung zur identifizierung von nachrichten | |
WO2004097734A2 (de) | Verfahren zur verarbeitung von daten | |
DE69722085T2 (de) | Verfahren und Vorrichtung zur Komprimierung und Dekomprimierung von Botschaften | |
DE19621768B4 (de) | Telefon mit Aufnahmevorrichtung für eine Telefonspeicherkarte und Verfahren zum Übertragen von Daten einer Telefonspeicherkarte | |
DE3523237A1 (de) | Anordnung zum sichern des transports von chipkarten | |
DE3809795C2 (de) | ||
DE69729685T2 (de) | Verfahren zur Verdeckung eines Geheimcodes in einer Rechnerbeglaubigungsvorrichtung | |
WO2018122269A1 (de) | Bitsequenzbasiertes datenklassifikationssystem | |
DE69629540T2 (de) | Verfahren und Gerät zum Sortieren von Elementen | |
EP1637956A1 (de) | Erzeugung anonymisierter Datensätze zum Testen und Entwickeln von Anwendungen | |
WO2000056005A2 (de) | Anonymisierungsverfahren | |
DE10124139A1 (de) | Verfahren und Vorrichtung zur Sicherung der Datenübertragung zwischen einem Zentralprozessor und einem Speicher | |
DE60114299T2 (de) | Verfahren und Vorrichtung zum Übersetzen von IP Telekommunikationsnetzwerkadressen mit einem gesteuerten undichten Speicher | |
DE19962902A1 (de) | Vorrichtung zum Passwort-geschützten Handhaben eines elektronischen Dokuments | |
WO2001059548A2 (de) | Vorrichtung zum zugriffsgeschützten behandeln elektronischer daten | |
WO1999028887A2 (de) | Verfahren zur reduzierung von speicherplatzbedarf für einen elektronischen ersten schlüssel und anordnung zur ver- und entschlüsselung | |
DE3514660A1 (de) | Elektronisches schliesssystem mit mehreren schloessern und schluesseln | |
DE10323755B3 (de) | Verfahren zum Bereitstellen und Abrufen von Dokumenten über ein Computer-Netzwerk | |
DE60315435T2 (de) | Verfahren zur ermöglichung einer kommunikation zwischen mindestens zwei kommunikationsgeräten | |
EP1382174A2 (de) | Verfahren zur steuerung der übertragung elektronischer daten | |
DE3615255C2 (de) | ||
DE60126583T2 (de) | Verfahren und Vorrichtung zur automatischen Chiffrierung/Dechiffrierung in einem sicheren Kommunikationssystem | |
DE10113828A1 (de) | Prozessor zum sicheren Verarbeiten von Daten unter Verwendung einer Datensicherheitsmarke und/oder von Befehlen unter Verwendung einer Befehlssicherheitsmarke |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): CA JP US |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE |
|
AK | Designated states |
Kind code of ref document: A3 Designated state(s): CA JP US |
|
AL | Designated countries for regional patents |
Kind code of ref document: A3 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
WWE | Wipo information: entry into national phase |
Ref document number: 1998966766 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: 2312358 Country of ref document: CA Ref country code: CA Ref document number: 2312358 Kind code of ref document: A Format of ref document f/p: F |
|
WWE | Wipo information: entry into national phase |
Ref document number: 09555715 Country of ref document: US |
|
WWP | Wipo information: published in national office |
Ref document number: 1998966766 Country of ref document: EP |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 1998966766 Country of ref document: EP |