WO2000049767A1 - Method for creating and preserving an identifier - Google Patents

Method for creating and preserving an identifier Download PDF

Info

Publication number
WO2000049767A1
WO2000049767A1 PCT/FI2000/000124 FI0000124W WO0049767A1 WO 2000049767 A1 WO2000049767 A1 WO 2000049767A1 FI 0000124 W FI0000124 W FI 0000124W WO 0049767 A1 WO0049767 A1 WO 0049767A1
Authority
WO
WIPO (PCT)
Prior art keywords
identifier
hash code
hash
unambiguous
generated
Prior art date
Application number
PCT/FI2000/000124
Other languages
French (fr)
Inventor
Matti Hiltunen
Jukka Liukkonen
Harri Vatanen
Original Assignee
Sonera Smarttrust Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sonera Smarttrust Oy filed Critical Sonera Smarttrust Oy
Priority to CA002363655A priority Critical patent/CA2363655A1/en
Priority to AU26754/00A priority patent/AU2675400A/en
Priority to EP00905104A priority patent/EP1157501A1/en
Publication of WO2000049767A1 publication Critical patent/WO2000049767A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • the present invention relates to telecommunication.
  • the present invention concerns a new type of method for creating a global unambiguous identifier for predetermined data structures.
  • the invention relates to concentrated and reliable storage of identifiers.
  • Encryption is used to prevent transmitted information from getting into the wrong hands in a plain language form.
  • the public and private key method is a means used to achieve this end.
  • the public keys of private persons are often only locally known to other people, and finding out the keys requires a considerable deal of work.
  • the availability of public key pairs must be simple and feasible in hardware- independent environments. These factors make it possible for encryption and signature by the public and private key method to meet the objective aimed at - simplicity and efficiency.
  • the problem at present is the management of key pairs. As queries for keys may have to be made globally in any part of the network, using local data- bases is difficult or almost impossible. Likewise, the key pair has to be provided with unambiguous data allowing the key pair to be associated with the holder of the key. This is another problem which has not yet been properly solved.
  • the object of the present invention is to eliminate the drawbacks referred to above or at least to significantly alleviate them.
  • a specific object of the invention is to dis- close a new type of method whereby the management of encryption keys is converted from a distributed system into a centralized one.
  • a further object of the invention is to disclose a method in which an unambiguous hash code is generated from each key comprised in an encryption procedure and from the juridical person associated with the key. This hash code functions as an identifier by means of which the key pair and the key holder are associated with each other.
  • the method of the invention relates to the creation of a global unambiguous identifier for prede- termined data structures and to the storage of the identifiers created.
  • a juridical name is added to encryption keys, preferably to a public encryption and signing key.
  • a hash code is generated by a function appropriate for the purpose, e.g. a hash function.
  • a function appropriate for the purpose e.g. a hash function.
  • One of such functions is the MD5 (MD, Message Digest) .
  • MD5 MD, Message Digest
  • the hash function works in a way that makes it impossible to deduce from the result the starting values used to generate the hash code.
  • the hash code created works as a reference pointer pointing to the data from which it has been generated. In other words, if a hash code created from information representing a given person is known, then, based on the hash code, it will be possible to unambiguously determine the public keys in use and the juridical person behind the keys.
  • the hash code produced by the hash function may be very long, it is possible to use a given part of the hash code, e.g. the last five bytes, to identify a desired party. Five bytes is sufficient to cover over 1000 billion different identifiers.
  • the hash codes created and the public information from which the hash code has been generated are placed in the custody of a trusted third party (TTP) .
  • TTP trusted third party
  • the hash code of the present invention can be used e.g. as a part of an encrypted short message in a mobile communication system. This part unambiguously tells the receiver of the message whose public keys are needed to decrypt the message.
  • the present invention provides the advantage that the authenticity of information received is recognized locally.
  • the invention does not restrict the structure of the pointer record in any way.
  • Another advantage of the invention is that the unambiguous hash code created constitutes a kind of "fist" by means of which the receiver can easily ascertain who is the sender and which keys are needed to decrypt the information received. LIST OF ILLUSTRATIONS
  • FIG. 1 illustrates a preferred method according to the invention for creating an unambiguous identifier
  • Fig. 2 represents the registration of an identifier according to Fig. 1.
  • Fig. 1 presents an example illustrating the creation of an identifier, e.g. a net identification.
  • encryption is implemented using the public and private key method.
  • the method illustrated in Fig. 1 is designed to create an unambiguous identi- fier for associating a key pair with the holder of the keys.
  • the identifier is created from a public key pair and the juridical name of the holder of the key pair. 'Juridical name' refers to the person who has the right to use the encryption keys.
  • the procedure of creating an identifier is started by first creating a secret and a public encryption key.
  • the identifiers created are recorded by means of a running counter, which is at first reset to zero (3) .
  • the juridical name (4) is associated with the (public) keys created. From the public keys, counter and juridical name, a hash code (5) is generated.
  • the hash code is produced e.g. using the MD5 function (MD, Message Digest) . This is a one-way function, which means that the starting values used to generate the hash code can not be deduced from this function.
  • Part of the hash code e.g. the last five bytes of the hash code, may be used as a reference to the juridical name .
  • a check is performed to establish whether the reference number obtained is already in use (6) .
  • the counter value is incremented by one if the identifier is already in use (7) . Incrementing the counter has the effect that the identifier to be generated next will differ somewhat from the previous identifier attempted. If at this point the counter value exceeds an allowed limit (11), e.g. 2 32 , then the creation of the identifier is started again from the beginning .
  • the reference number just created is reserved in a reference index (8).
  • the reference index is maintained e.g. by a trusted third party. If for some reason the attempt to reserve (9) the reference number failed, then the counter value is incremented by one (7) and action is resumed at step 5 if the counter did not exceed a maximum allowed value. If the maximum value was ex- ceeded (11) , then the creation of the identifier is started from the beginning.
  • X5 index means a database of juridical persons, maintained by a trusted third party.
  • the reference index reference pointer is set to contain a pointer to the juridical person in the X5 index.
  • Fig. 2 illustrates a situation where an iden- tifier thus created is to be registered.
  • 'Card issuer' means e.g. an operator or card manufacturer.
  • 'card' means a subscriber identity module (SIM) as used in mobile stations.
  • the card issuer (CI) sends a request for the registration of an iden- tifier to a certificate authority (CA) (21) .
  • the CA is a so-called trusted third party, which functions as an independent party and is in no way linked with the parties using it.
  • In the custody of or available to the CA is a NIDS (Net ID Server) .
  • the CA sends to the NIDS a request for making a reservation (22) .
  • the NIDS checks whether the same identifier is already in use. If the identifier is not in use, then the NIDS will send the CA information confirming successful reservation (23) .
  • the CA sends a confirmation (24) of successful registration to the card issuer.
  • the card issuer may also verify himself whether a given identifier is already in use or check whether a given identifier was successfully reserved. To carry out a verification, the CI sends to the NIDS a request to check a given NID (25) . As a result, the NIDS sends the card issuer an answer to the inquiry (26) .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A method for creating a global unambiguous identifier for predetermined data structures and for storing identifiers created. In the method, an unambiguous identifier is created from a key and/or keys associated with an encryption and/or signing procedure and/or from key holder information and/or other information. From the identifier, an unambiguous hash code is generated using e.g. a hash function. The hash codes thus generated are stored in a centralized place so that each hash code is unambiguously associated with a given juridical person and a given key pair. The hash code can be used e.g. as a part of encrypted messages sent by a mobile station in a mobile communication system so that the user can infer from the identifier how the message can be decrypted into plain language.

Description

METHOD FOR CREATING AND PRESERVING AN IDENTIFIER
FIELD OF THE INVENTION
The present invention relates to telecommunication. In particular, the present invention concerns a new type of method for creating a global unambiguous identifier for predetermined data structures. Moreover, the invention relates to concentrated and reliable storage of identifiers.
BACKGROUND OF THE INVENTION
The volume of data communication is continuously increasing. The increase entails growing demands on the security and reliability of data communication. Many enterprises have their offices scattered around the world. This is one the factors requiring the provision of secure data transmission. Various encryption methods have long been used for data protection. One of these methods is the public and private key method. In the following, reference is made to the public and private key method, but let this be only an example of the method used.
Encryption is used to prevent transmitted information from getting into the wrong hands in a plain language form. The public and private key method is a means used to achieve this end. At present, the public keys of private persons are often only locally known to other people, and finding out the keys requires a considerable deal of work. The availability of public key pairs must be simple and feasible in hardware- independent environments. These factors make it possible for encryption and signature by the public and private key method to meet the objective aimed at - simplicity and efficiency.
The problem at present is the management of key pairs. As queries for keys may have to be made globally in any part of the network, using local data- bases is difficult or almost impossible. Likewise, the key pair has to be provided with unambiguous data allowing the key pair to be associated with the holder of the key. This is another problem which has not yet been properly solved.
The object of the present invention is to eliminate the drawbacks referred to above or at least to significantly alleviate them.
A specific object of the invention is to dis- close a new type of method whereby the management of encryption keys is converted from a distributed system into a centralized one. A further object of the invention is to disclose a method in which an unambiguous hash code is generated from each key comprised in an encryption procedure and from the juridical person associated with the key. This hash code functions as an identifier by means of which the key pair and the key holder are associated with each other.
As for the features characteristic of the present invention, reference is made to the claims.
BRIEF DESCRIPTION OF THE INVENTION
The method of the invention relates to the creation of a global unambiguous identifier for prede- termined data structures and to the storage of the identifiers created. In the method, a juridical name is added to encryption keys, preferably to a public encryption and signing key. In addition to the keys and juridical name, it is possible to add to the structure to be created even other information to ensure that the structure will be unambiguous, i.e. that a corresponding structure has never been created before .
From the structure thus created, a hash code is generated by a function appropriate for the purpose, e.g. a hash function. One of such functions is the MD5 (MD, Message Digest) . The hash function works in a way that makes it impossible to deduce from the result the starting values used to generate the hash code. The hash code created works as a reference pointer pointing to the data from which it has been generated. In other words, if a hash code created from information representing a given person is known, then, based on the hash code, it will be possible to unambiguously determine the public keys in use and the juridical person behind the keys. As the hash code produced by the hash function may be very long, it is possible to use a given part of the hash code, e.g. the last five bytes, to identify a desired party. Five bytes is sufficient to cover over 1000 billion different identifiers. To make the availability of the key pairs as simple as possible, the hash codes created and the public information from which the hash code has been generated are placed in the custody of a trusted third party (TTP) . The hash code of the present invention can be used e.g. as a part of an encrypted short message in a mobile communication system. This part unambiguously tells the receiver of the message whose public keys are needed to decrypt the message. The present invention provides the advantage that the authenticity of information received is recognized locally. If the local data is changed, then the identifier changes as well. Further, the invention does not restrict the structure of the pointer record in any way. Another advantage of the invention is that the unambiguous hash code created constitutes a kind of "fist" by means of which the receiver can easily ascertain who is the sender and which keys are needed to decrypt the information received. LIST OF ILLUSTRATIONS
In the following, the invention will be described in detail by the aid of a few of its embodiments, wherein Fig. 1 illustrates a preferred method according to the invention for creating an unambiguous identifier, and
Fig. 2 represents the registration of an identifier according to Fig. 1. Fig. 1 presents an example illustrating the creation of an identifier, e.g. a net identification. In this example, encryption is implemented using the public and private key method. The method illustrated in Fig. 1 is designed to create an unambiguous identi- fier for associating a key pair with the holder of the keys. In this example, the identifier is created from a public key pair and the juridical name of the holder of the key pair. 'Juridical name' refers to the person who has the right to use the encryption keys. The procedure of creating an identifier is started by first creating a secret and a public encryption key. The identifiers created are recorded by means of a running counter, which is at first reset to zero (3) . The juridical name (4) is associated with the (public) keys created. From the public keys, counter and juridical name, a hash code (5) is generated. The hash code is produced e.g. using the MD5 function (MD, Message Digest) . This is a one-way function, which means that the starting values used to generate the hash code can not be deduced from this function.
Part of the hash code, e.g. the last five bytes of the hash code, may be used as a reference to the juridical name .
Next, a check is performed to establish whether the reference number obtained is already in use (6) . The counter value is incremented by one if the identifier is already in use (7) . Incrementing the counter has the effect that the identifier to be generated next will differ somewhat from the previous identifier attempted. If at this point the counter value exceeds an allowed limit (11), e.g. 232, then the creation of the identifier is started again from the beginning .
If the reference number is free, then the reference number just created is reserved in a reference index (8). The reference index is maintained e.g. by a trusted third party. If for some reason the attempt to reserve (9) the reference number failed, then the counter value is incremented by one (7) and action is resumed at step 5 if the counter did not exceed a maximum allowed value. If the maximum value was ex- ceeded (11) , then the creation of the identifier is started from the beginning.
The counter value and the public keys are saved to an X5 index (10) . X5 index means a database of juridical persons, maintained by a trusted third party. The reference index reference pointer is set to contain a pointer to the juridical person in the X5 index. Thus, the juridical person has now been associated with a given net identification.
Fig. 2 illustrates a situation where an iden- tifier thus created is to be registered. 'Card issuer' (CI) means e.g. an operator or card manufacturer. In this example, 'card' means a subscriber identity module (SIM) as used in mobile stations. The card issuer (CI) sends a request for the registration of an iden- tifier to a certificate authority (CA) (21) . The CA is a so-called trusted third party, which functions as an independent party and is in no way linked with the parties using it. In the custody of or available to the CA is a NIDS (Net ID Server) . The CA sends to the NIDS a request for making a reservation (22) . The NIDS checks whether the same identifier is already in use. If the identifier is not in use, then the NIDS will send the CA information confirming successful reservation (23) . The CA sends a confirmation (24) of successful registration to the card issuer.
The card issuer may also verify himself whether a given identifier is already in use or check whether a given identifier was successfully reserved. To carry out a verification, the CI sends to the NIDS a request to check a given NID (25) . As a result, the NIDS sends the card issuer an answer to the inquiry (26) .
The invention is not restricted to the examples of its embodiments described above, but many variations are possible within the scope of the inventive idea defined in the claims.

Claims

1. Method for creating a global unambiguous identifier for predetermined data structures and for storing identifiers created, charact eri zed in that the method comprises the steps of: creating an unambiguous identifier from a key and/or keys associated with an encryption and/or signing procedure and/or from key holder information and/or other information; generating from the identifier a hash code which is a reference pointer to the information from which the hash code has been generated; and storing the hash codes thus generated in a centralized place so that each hash code is unambiguously associated with a given juridical person.
2. Method as defined in claim 1, characteri zed in that the hash code is generated using a hash function.
3. Method as defined in claims 1 and 2, a reference pointer consisting of a given part of the hash code is used.
4. Method as defined in claims 1 - 3, characteri zed in that the last five bytes of the hash code are used as a reference pointer.
5. Method as defined in claims 1 - 4, characteri zed in that the encryption method used is the public and private key method.
6. Method as defined in claims 1 - 5, characteri zed in that the hash codes gener- ated are so managed that they are unambiguous.
7. Method as defined in claims 1 - 6, characteri zed in that the hash codes and the public information from which the hash code has been generated are placed in the custody of a trusted third party.
8. Method as defined in claims 1 - 7, characteri zed in that the hash code is used as a part of encrypted messages sent by a mobile station, in such manner that one can infer from the identifier how the message can be decrypted into plain language .
PCT/FI2000/000124 1999-02-17 2000-02-17 Method for creating and preserving an identifier WO2000049767A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
CA002363655A CA2363655A1 (en) 1999-02-17 2000-02-17 Method for creating and preserving an identifier
AU26754/00A AU2675400A (en) 1999-02-17 2000-02-17 Method for creating and preserving an identifier
EP00905104A EP1157501A1 (en) 1999-02-17 2000-02-17 Method for creating and preserving an identifier

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FI990336 1999-02-17
FI990336A FI990336A (en) 1999-02-17 1999-02-17 Procedure for forming an identifier and storing it

Publications (1)

Publication Number Publication Date
WO2000049767A1 true WO2000049767A1 (en) 2000-08-24

Family

ID=8553826

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FI2000/000124 WO2000049767A1 (en) 1999-02-17 2000-02-17 Method for creating and preserving an identifier

Country Status (5)

Country Link
EP (1) EP1157501A1 (en)
AU (1) AU2675400A (en)
CA (1) CA2363655A1 (en)
FI (1) FI990336A (en)
WO (1) WO2000049767A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5666416A (en) * 1995-10-24 1997-09-09 Micali; Silvio Certificate revocation system
EP0869637A2 (en) * 1997-04-02 1998-10-07 Arcanvs Digital certification system
US5825300A (en) * 1993-11-08 1998-10-20 Hughes Aircraft Company Method of protected distribution of keying and certificate material

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5825300A (en) * 1993-11-08 1998-10-20 Hughes Aircraft Company Method of protected distribution of keying and certificate material
US5666416A (en) * 1995-10-24 1997-09-09 Micali; Silvio Certificate revocation system
EP0869637A2 (en) * 1997-04-02 1998-10-07 Arcanvs Digital certification system

Also Published As

Publication number Publication date
FI990336A (en) 2000-08-18
FI990336A0 (en) 1999-02-17
AU2675400A (en) 2000-09-04
CA2363655A1 (en) 2000-08-24
EP1157501A1 (en) 2001-11-28

Similar Documents

Publication Publication Date Title
CN108768988B (en) Block chain access control method, block chain access control equipment and computer readable storage medium
US7020778B1 (en) Method for issuing an electronic identity
US6741851B1 (en) Method for protecting data stored in lost mobile terminal and recording medium therefor
EP1622301B1 (en) Methods and system for providing a public key fingerprint list in a PK system
US9544297B2 (en) Method for secured data processing
CN110868301B (en) Identity authentication system and method based on state cryptographic algorithm
CN100512201C (en) Method for dealing inserted-requested message of business in groups
JP2001507528A (en) Recovery when the root key is in danger
CN111600869B (en) Verification code authentication method and system based on biological characteristics
WO2000070427A1 (en) Method and device for authenticating a program code
CN104753674A (en) Application identity authentication method and device
CN112565294B (en) Identity authentication method based on block chain electronic signature
JP2001177513A (en) Authenticating method in communication system, center equipment, and recording medium with authentication program recorded thereon
RU2289218C2 (en) System and method for controlling mobile terminal using digital signature
JPH05503816A (en) Method for authenticating and protecting subscribers in telephone communication systems
WO2022242572A1 (en) Personal digital identity management system and method
CN109981637B (en) Multi-source cross composite authentication method for Internet of things based on block chain
JPH11265349A (en) Computer system and secret protection method, transmitting/receiving log management method, mutual checking method, and a disclosed key generation management method to be applied to its system
CN112634040B (en) Data processing method and device
CN108768650A (en) A kind of short-message verification system based on biological characteristic
US6401203B1 (en) Method for automatic handling of certificate and key-based processes
CN109492434A (en) A kind of method for safely carrying out and system of electronics authority
JP4058035B2 (en) Public key infrastructure system and public key infrastructure method
EP1157501A1 (en) Method for creating and preserving an identifier
US20050066057A1 (en) Method and arrangement in a communications network

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
ENP Entry into the national phase

Ref document number: 2363655

Country of ref document: CA

Ref country code: CA

Ref document number: 2363655

Kind code of ref document: A

Format of ref document f/p: F

WWE Wipo information: entry into national phase

Ref document number: 2000905104

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2000905104

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

WWW Wipo information: withdrawn in national office

Ref document number: 2000905104

Country of ref document: EP