WO2005031619A2 - Setup and application of mapping cryptogram and device and method thereof - Google Patents

Description

 Setting and use of mapping password and device method thereof

 The invention belongs to the field of information technology security and relates to information security services: identity authentication, information integrity authentication, and non-repudiation. Background technique

 With the advancement of science and technology and the widespread application of electronic technology, more and more methods and products of information security services are being used. In open communication systems, such as the Internet, many applications are based on public key cryptography.

 Authentication of identity usually includes identity credentials, seal or handwritten signature, user ID and simple password, biometric system

(Fingerprint, iris, etc.), authentication tokens, smart cards, and combination authentication, as well as digital signatures based on public key infrastructure (PKI). Identity credentials and handwritten signatures usually exist in physical form, which is easy to forge, difficult to distinguish, and inconvenient to exchange information; simple passwords are easy to be compromised or stolen; biometrics, authentication tokens, and smart cards are vulnerable to a series of attacks and use The cost is high; the combined authentication method is a combination of a password and an authentication method such as an authentication token, which relatively improves security. Public key infrastructure (PKI) is currently a more feasible solution, but its implementation is relatively complicated. For strict transactions, complicated measures such as adding time stamps are difficult for ordinary people to understand, and there are also hidden security risks in practical applications.

 Information integrity can usually be checked with a message digest code. Data transmitted over the network is usually implemented using digital signatures using public key cryptography, or using Secure Sockets Layer (SSL) or Internet Security Protocol ( IPSec).

 Non-repudiation is usually achieved using digital signature methods using public key cryptography. Current security technologies:

 1. Common simple security measures:

 Commonly used simple security methods include authentication such as identity vouchers, seals, or handwritten signatures. These authentication methods are usually physical authentication, using manual identification, easy to be forged, difficult to distinguish, and inconvenient for information exchange; user ID and simple Passwords and other authentications are easy to lose confidentiality and be impersonated.

 2. Biometric system (fingerprint, iris, etc. authentication).

 High-cost equipment and trusted terminals are required, and information exchange is also not convenient, because after information is transmitted, it is easy to be copied and replaced and becomes untrustworthy.

 3. Magnetic card, authentication token, smart card.

 Magnetic cards are easy to copy. Although they are currently used in large quantities, they are gradually being phased out due to their insufficient security. Various authentication tokens and smart cards are relatively difficult to copy. Various IC cards are now being promoted and used, but they require expensive access equipment and a large number of trusted terminals, and the promotion is slow.

 4. Internet Security Protocol (IPSec).

 The Internet Security Protocol (IPSec) is an information security technology based on the network layer in the Open System Interconnection (OSI) model. Open System Interconnection The OSI model divides the communication model hierarchy into seven layers: physical layer, data link layer, network layer, transport layer, session layer, presentation layer, and application layer. The Internet Security Protocol (IPSec) ensures the confidentiality, integrity, and authenticity of data communications through public IP networks through encryption and authentication at the network layer. The above protocol layers can be used transparently.

 5. Secure Sockets Layer (SSL).

 This is an information security technology based on the transport layer in Internet interconnection. The Secure Sockets Layer (SSL) ensures the confidentiality, integrity, and authenticity of data communications by establishing a secure channel between two parties in a communication. The Secure Sockets Layer (SSL) is now widely used on the Internet.

6. Information security technology based on the application layer. Confirm this (1) Digital signature based on public key infrastructure (PKI).

 The digital signature is obtained by calculating the message digest of the message, and then encrypting the message digest with the private key using the public key cryptosystem. When the digital signature needs to be verified, the digital signature is decrypted with the public key and the message digest obtained from the message is calculated. Compare, if the same, then the verification is correct. Only the person who has the private key can calculate the digital signature through encryption, and realize the data authentication, data integrity, and non-repudiation through the uniqueness of the digital signature. Digital signature applications usually have a public key infrastructure (PKI) and a timestamp service (TSS). Public key infrastructure (PKI) is the management service and process of user certificates for public key cryptosystems. Digital signature is the current actual security standard, and it is an encryption method that is difficult to crack with current calculation methods, speed and time. With the current development of hardware and software, the speed of hardware is constantly accelerating, and distributed computing methods are widely used. After a few years, the digital signature standard will be modified. In theory, digital signatures can be cracked from three aspects: (a) Cryptographic attack methods. The large prime numbers taken by the RSA algorithm are usually within a certain range. As long as the range of prime numbers is traversed by the exhaustive method, the corresponding password can be found. This method is currently not practical.

 (b) Digital signature attack methods. A message digest is calculated for a certain message, because the length of the signature is determined. As long as the message digest is calculated for all digital signatures of a specific length by using the exhaustive method, a "digital signature" that meets the verification requirements can be obtained.

 (C) Digital signature replay attack method. Collect the digital signatures used by users, decrypt them to obtain the message digest code, and keep a piece of information that can be arbitrarily longer than the signature length in the message that needs to be signed, such as the serial number of the product, or other numbers, and constantly change the variable information. The exhaustive method is used to calculate the message digest of the message. Because the message digest algorithm has pseudo-randomness, as long as the variable information is of sufficient length, a message digest can always be found with the same message digest code as the decrypted message. put. Some people may think that it is very difficult to calculate the message summary of a huge number of files, and then find the same summary, but if you add the product number to the end of the file, you can change to calculate the message summary of many small pieces of information. The problem is much simplified!

 In addition, algorithmic attack methods may also exist. Most of the current public key cryptosystems use the RSA algorithm, and its security is based on the difficulty of large number decomposition, but one day, people will find a way to easily decompose the product of two large prime numbers.

 (2) Security / General Internet Mail Extension Service (S / MIME).

 This is a canonical protocol for protecting email security. It describes a protocol for adding cryptographic security services by MIME encapsulating digitally signed and encrypted objects. This protocol is based on digital signature, and its security is basically the same as digital signature.

 (3) Secure Electronic Transactions (SET) c

 Secure electronic transactions are protocols that provide a secure framework for shopping and payment in open network Internet e-commerce transactions. It is based on digital signature technology and introduces and uses double signatures. Because of the use of double signatures, its security is higher than that of single digital signatures (especially difficult to implement replay attacks), but the use is more complicated and currently not widely used.

 7. Combination authentication method.

 The combined authentication method is to combine multiple security methods and use them together to increase the security of use, such as adding digital password authentication while using digital certificates.

In the open-ended network system, network communication is the most open part. At present, the security of data communication is more emphasized, and various high-strength encryption methods are used. However, there is not enough security measures for network terminals to protect against possible hacking. A Trojan program may completely expose your information, passwords may be leaked, certificates may be stolen, and even the software program interface you use looks like The same, but it may have been replaced. For the service provider, a large amount of manpower, material resources, and technology can be invested to support the establishment of a high-security firewall or protocol isolation with the support of a large amount of funds. Even so, it is not 100% secure. For countless customer terminals, it is impossible to have strong funds and strength to build a high-intensity and secure network firewall, and even most customers know little about security. Therefore, in practical applications, how to ensure information security and how to make client terminals and communications used securely and reliably have become important issues for open system security. Technologies close to or related to this solution: 1. Once-dense system.

 The one-time-one-cipher system converts plaintext sequences with equal-length key sequences into equal-length ciphertext sequences. Caesar's replacement method is usually used. Binary data is usually encrypted with an exclusive-OR algorithm. Knowing the ciphertext sequence and the corresponding key sequence Reverts back to plain text sequences of equal length. The one-time-one-cipher system is a theoretically unbreakable cryptographic system, and its plaintext, key, and ciphertext sequence are of equal length. Because the algorithm is public, of the three sequences of plaintext, key, and ciphertext, knowing two of them can derive the third sequence.

 2. Block cipher and stream cipher (serial cipher).

 Block cipher is to encrypt data blocks with a password. It is used periodically for each block cipher. Stream cipher is to use a password to generate a pseudo-random key stream (usually mixed with encrypted data), and then encrypt the data stream.

 3. Elimination of windows and abstracts.

 Message Digest ¾ is an algorithm that combines inputs of any length to produce a pseudo-random output of a fixed length, also known as hashing or hashing.

 4. Message authentication checksum (HMAC) based on one-way hash function (hash function).

 Both parties use the same key, put the message and the key together, calculate the digest with a hash function, and check the digest to verify the integrity of the message. references:

 1. "Cryptographic Engineering Practice Guide"

 Author: (US) Steve Burnett & Stephen Paine

 Translation: Feng Dengguo, Zhou Yongbin, Zhang Zhenfeng

 Publisher: Tsinghua University Press

 2.``Applied Cryptography: Protocols, Algorithms, and C Source Programs ''

 Author: (US) Bruce Schneier

 Translation: Wu Shizhong, Zhu Shixiong, Zhang Wenzheng

 Publishing: Machinery Industry Press

 3. "Cryptography and Computer Network Security"

 Author: Qing Si-Han

 Publication: Tsinghua University Press, Guangxi Science and Technology Press

 The technical problem to be solved by the solution of the present invention is mainly information security services in an open environment, including security identity authentication, security information exchange, ensuring information integrity and non-repudiation. This technology can also be applied to closed environments. The so-called open environment refers to a state in which the information is temporarily hidden or the place passed during the communication process is not hidden, and the outside world can easily obtain the information, easily copy or change it. For example, the Internet, telephone lines, radio communications, and public terminals are all open environments. A closed environment is an environment in which information is not easily exposed, copied, and changed compared to an open environment.

At present, in the field of information security, authentication or encryption methods based on passwords or certificates are commonly used. The characteristics are to facilitate the use and repeated periodic use, which makes the secret and its results easy to cause various attacks, such as theft and password attacks. , Replay attacks, and more. On the other hand, many encryption algorithms use high-strength encryption technology, so that many encryption operations need to be performed on the client terminal. However, due to the openness of the interconnected system, many client terminals cannot be effectively protected, and it is easy for client terminals. Be hacked and become untrustworthy. How to make customer terminals and communications easy, safe, and reliable to use has become an important issue for open system security. At present, the most commonly used security technologies in the Internet are Internet Security Protocol (IPSec), Secure Sockets Layer (SSL), and Public Key Infrastructure (PKI) -based digital signatures. The latter are application-layer-based security technologies. In the open system interconnection OSI model, it resides at a higher level and is more secure than the former two. Other application layer security methods are mostly based on various protocols based on public key infrastructure (PKI) digital signatures. However, any digital signature or protocol that can be authenticated by a third party offline non-real time is not very secure because it can be authenticated offline, It means that the attacker can try authentication for an unlimited number of times, so in theory, the attacker can always use exhaustive methods to find the results that meet the requirements. Frequent use of common passwords brings a lot of hidden dangers. One-time passwords used by one-time password systems have infinite use periods and are very safe to use. However, the amount of passwords is too large and inconvenient to use. A compromise method, which makes it possible to increase the periodicity of password use to achieve safe use without the password being too large? For the protocol that resides at the application layer security, can the security problem caused by the untrusted client terminal be solved by improving the security level? Technical solutions

 Map password method.

 Definition of mapping:

 Let X and Y be two non-empty sets. If there is a rule such that for each element in X, according to the rule, there is a uniquely determined element in Y corresponding to it, then it is called a mapping from X to Y. Referred to as

 /: X → Y

 Mapping is the process by which a variable corresponds to another variable through a certain rule. The starting variable is the independent variable, and the corresponding variable is the dependent variable.

 The mapping password divides the password information into two parts, one of which is a mapping corresponding to the change of the corresponding law, which is called a contingency password, which is recorded as a set ^, and the other part is a password source, which is recorded as a set.

 A new set of information is obtained through the transformation of some elements of the cryptographic source using a certain model or a corresponding rule, and it is recorded as a set! \ / 1. Use the mapping method as

 / „, ■ Μ → Υ

 Note that the above mapping relationship is the mapping of the new model set M to the cryptographic source ya. According to the definition of the mapping, that is, for each determined new model set M element, a unique rule can be found from the cryptographic source Υ The identified elements correspond to them. In other words, the elements of the new set M can correspond to the cryptographic source elements in a multi-law, many-to-one correspondence. The new set M is a new set of cryptographic source sets converted through various rules and multiple types. For example, the new set M can be a new set formed based on a model based on a set of password sources, or a set of new elements generated by various elements of the cryptographic source through one-way hash functions and other rules. The relationship can be written in another form as follows

M = ∑M _i , „,: Y → M _i

 For any one of the independent variables, the corresponding rule combined with the strain code corresponds to a certain logical position in the new set M model, so as to correspond to a certain element in the set M, and then passes a certain rule (usually a single Directional rules, such as one-way hash functions, are combined into a new password. Let the set of independent variables be X and the set of new passwords be N. The mapping can be recorded as follows:

f _B ^L : X → M, f _B X, M, N combined is a composite mapping: f _B : (X, f _B X)) ^ N Through the above two mapping processes, the strain of the mapping password is given The password, the password source, and the given correspondence rule, for any independent variable, a unique new password can be found corresponding to it. This is the mapping password method. The above discussion is a bit complicated, so why not use a combination of independent variables and passwords to generate new passwords through rules such as one-way hash functions? Because of the one-way nature of the one-way hash function, it is also difficult to calculate the original password. But if it is so simple, it will become a direct legal combination between the independent variable, the original password and the new password. On the one hand, the use of the password becomes periodic and integrated, and on the other hand, because the new password is easy to use after use Exposing, the direct law relationship of the original password is easy to guess. Real In fact, as long as the correspondence rule of the mapping cipher method is simplified, the above situation can be obtained.

 The mapping cryptographic relationship is that the independent variable points to or corresponds to the relevant element formed by the corresponding cryptographic source model through some kind of law or algorithm related to the strained cryptography to form new cryptographic information. This correspondence does not directly generate a new password through an algorithm, but only corresponds to the relevant elements of the password source according to a certain preset model, and then combines with a certain rule to form a new password.

 A cryptographic source is a logically ordered collection of cryptographic information elements with pseudo-randomness. Through a set model, each element can be recombined to form new information. The cryptographic source does not have any algorithmic relationship directly with the secret information to be encrypted or the encrypted plain code. Only the new password formed by recombination directly participates in the encryption operation. For the set model, for example, the password source elements can be rearranged according to the number into an ordered arrangement of a certain length, or the password source elements can be arranged into a cube according to the physical model, and so on. There can be various models.

 Contingency passwords are information associated with corresponding laws or algorithms. New password information is not obtained directly from contingency passwords. Contingency passwords are one of the elements of a changing correspondence. The contingency cipher can also be divided into multiple parts according to the multi-layer correspondence. For example, the contingency cipher part is used as a new mapping cipher relationship, which can form multiple correspondences.

 In practical applications, in order to save storage, the contingency password and the password source may have part or all of the same part, that is, part or all of the intersection. Therefore, the response password and the password source are divided according to the purpose of use.

The independent variables of the mapping password relationship can be various variables, random variables, or ordered variables. Take a simple example of a mapped password. The length of the password is 1024 bits, of which the strain password length is 256 bits and the password source is 768 bits. If a new 128-bit password is generated and an ordered arrangement model is used to rearrange by number, then there will be = ^768! = 640 ¹²⁸ a 1 ₅ * ιο ³⁵⁹ different permutations. If the algorithm is better, it has randomness.

⁷⁶⁸ (768-128)! 640! ^L ' ^{J ι υ}

Then the life cycle of the password should be close to / ¾ ² ₈ ⁸ or larger. The independent variable uses a sequence number. Starting from 1, the corresponding algorithm can use a one-way function. In combination with the strain code, a pseudo-random correspondence can be formed. The pseudo-random corresponds to the corresponding number. If the number of uses is less than ¾ ² ₈ ⁸ times, then Its security effect is similar to one-time one-time password (because any algorithm can be broken, so it is not safe to use only one-way function without strain strain password. The longer the strain password, the more likely it is, the corresponding relationship The more complicated it is.), The amount of data that can be encrypted is ¾ ⁸ * 128 bits! But in fact, because there are only 1 and 0 cases for each bit, there must be many identical arrangements in this arrangement. If you use a conservative mapping method, Just for each byte as the mapping element of the password, 1024 bits is 128 bytes, the length of the response password is 256 bits is 32 bytes, the password source is 768 bits is 96 bytes, and the new 128-bit password is 16 bytes. Ordered arrangement model with number rearrangement, a different arrangement, the amount of data that can be encrypted is ₆ ⁶ * 16 bytes!

If the period of use is large enough, as long as the independent variables are not the same, they are not reused, and even how many times they are used will not have much impact on the safety of use. If a one-time encryption system is used, a 1024-bit password can only encrypt 1024-bit data, and after the information is made public, the password will be cracked through the relationship between the ciphertext and the plaintext. However, if the encrypted password method is used and then encrypted, and the same encryption algorithm is used, even if the ciphertext and plaintext are known, only the mapped password can be obtained. The mapped password is a new password based on a one-way function and a strained password. It only contains part of the information related relationship of the original password, or part of the related information of the element, the original password information still cannot be completely cracked.

 Features of the mapped password:

 1. The password is generally longer. The password length can usually be more than 1024 bits or even 1 M or more.

 2. When the password information is used, a new password must be generated using the argument and then encrypted.

3. The original password information does not directly participate in the encryption operation. Only the new password formed by the mapping directly participates in the encryption operation. This makes the original password information difficult to leak. Generally, a new password formed by not all but only part of the original password information forms a relationship with the secret information to be encrypted or the encrypted plain code through some algorithm or rule. In this way, the password information used every time is basically different, which makes it impossible to use ordinary guessing methods to guess the password information.

 5. The password usually has some information (contingency password) related to the logical position of the logical model formed by the partial password (password source), so it is extremely difficult to guess the password information by analyzing the encryption result.

 6. Different independent variables usually correspond to different new passwords, which makes the use cycle of passwords longer.

 Within a certain range of usage times, the new passwords that are available are likely to be different (or different sources), and their use effect can be close to one-time passwords.

 7. The password information element is reused after multiple combinations and changes.

 8. When the corresponding relationship is that the argument directly corresponds to the password information, and the password information is not reused, it is a one-time password. The difference between mapping cryptography and traditional cryptography-

1. Traditional password technology requires short password length and easy to use. The password information of the mapped password is usually relatively long, and is generally more than 1024 bits.

 2. Traditional password technology generally uses passwords directly, but mapping password technology requires independent variable mapping to obtain a new password before use.

 3. Traditional passwords are generally reused periodically. Only one-time password systems use one-time passwords, and the period is infinite, but they are not widely used. The use period of the password information of the mapping password technology is very long, and there is basically no reuse in the period range.

 4. In the traditional cryptographic technology, the clear code is obtained by encrypting the information by using a certain algorithm. All three of these relationships are related. However, in the mapping cipher technology, the information to be encrypted and the encrypted plain code are only related to part of the cipher information through a rule. Similarities and differences between mapping ciphers and stream ciphers (serial ciphers):

 1. Similarities and differences in the use method: Stream cipher is to use a password to generate a pseudo-random key stream (usually mixed with encrypted data), and then encrypt the data stream. As long as the password and encrypted information are determined, the key stream is also determined. Now, the entire encrypted information and process can be determined. However, the mapping password needs to be given an argument to generate a new password, which is then encrypted. The key stream can also be obtained by the ordered arrangement of new passwords obtained from multiple arguments. If encrypted data is used as an independent variable, stream ciphers can also be considered as a special case of mapped ciphers: the cipher model is an overall cipher, with a usage period of 1, there is no strain cipher or the strain cipher is empty.

 2. The password usage period of the stream password is 1, and the password usage period of the mapped password is usually large.

 3. Stream ciphers use all the password information to participate in the encryption algorithm operation each time, and mapping passwords usually use different password information to participate in the encryption algorithm operation each time. The mapped password has the following characteristics −

1. The password information is divided into two parts according to the purpose: one part is used as the mapping corresponding law change relationship, which is called strain password, which is recorded as set B, and the other part is used as the password source, which is recorded as set ya.

 2. The cryptographic source obtains a new set of information by applying a transformation of a certain model or a corresponding rule, and records it as set M. Use the mapping method as

f _my : M → Y

3. For any one of the independent variables, the corresponding rule combined with the strain code is mapped to a certain logical position in the new set M model, so as to correspond to a certain element in the set M, and then passed a certain rule (usually Is a one-way rule, such as a one-way hash function) is combined into a new password, and the set of independent variables is X, the new password The set of codes is N, and the mapping can be recorded as follows:

f _B ^L : χ → M, :(,)-Ν combined is a composite mapping: f _B : (X, f _B ^L (X)) → N

 4. For the contingency password and password source given the mapping password, and the corresponding correspondence rule, for any independent variable, a unique new password can be found to correspond to it.

 5. The mapping of the independent variables, combined with the corresponding law of the contingency cipher, corresponds to the logical model formed by the cipher source, and then a new cipher is formed by a certain rule. It needs to be used in combination with independent variables.

 6. Each time the information is encrypted, it is only indirectly related to a part of the password information. The password information used for each encryption is almost different.

 7. The cycle of using the entire password information is very long. Map password group

 First, the concept of a numbered cipher group will be explained.

 A password group is composed of one or two or more ordered passwords. A password group can complete an information task, and each password performs a different function.

 Numbered Password Group: Each password group is assigned a number, which can be used to save, use and index this password group.

 In the mapping password, the new password information obtained through the mapping of the arguments is the only determined password group, which is the mapping password group. The password group contains multiple ordered passwords. If the argument is used as the number of the cipher group, the numbered cipher group is obtained from the mapped cipher group.

 One-time numbered password group: When the corresponding relationship is that the argument directly corresponds to a part of the password information to form a password group, and the password information is not reused, a one-time numbered password group is formed, and the argument is the corresponding number.

 Features of one-time numbered cipher groups: The passwords in numbered cipher groups are randomly generated by different random seeds, are random numbers (repeably in fact, should be pseudo-random numbers strictly), and have randomness; Each password can only be used for valid authentication information once. Each password can be registered for the number of uses and can be invalidated based on the number of fault tolerances. The so-called "valid authentication information once" means that after one password or one group of information is authenticated with a password, other passwords cannot be used to authenticate other information, but the authenticated information can be repeatedly calculated and authenticated. Digital signature method based on mapping cipher group:

 Signature characteristics:

 1.Signature is trusted

 2.The signature is unforgeable

 3.Signature is not reusable

 4.Signed documents are immutable

 5.Signature is non-repudiation

 Both manual and digital signatures should meet the characteristics of the above signatures.

 The mapping cipher group digital signature is expressed as follows:

Use the argument to generate a mapped cipher group of sufficient password length, apply the one-way hash function rule, calculate the message digest for the message, and get the mapped cipher group digital signature. The mapped cipher group digital signature is associated with the argument, and the argument is only valid Use once. The password generated by mapping the cipher group has sufficient length means that: for a message digest of a certain length, there are enough collisions in a password space of sufficient password length, so that the collision space is close to or larger than the message digest space, and it is impossible to retrieve the message from the message. Digest codes can be used to reduce the security of passwords through brute force attacks. Mapping cipher group digital signatures have the following characteristics:

 1. Use a one-way hash function and calculate the message digest for the message using the password of the mapped cipher group.

 2. Because the mapping cipher group uses an independent variable, the digital signature is associated with the independent variable. The independent variable is only valid once. That is, after one or a group of information is authenticated with the mapped cipher group generated by the independent variable, it cannot be used again. The mapped cipher group generated by the argument authenticates other information.

 3. The password of the mapping cipher group has sufficient length, that is, the password space is large enough, so that for a message digest of a certain length, there are enough collisions, so that the collision space is close to or larger than the message digest space, and it is impossible to pass the message digest code. Brute force attacks reduce password security.

 4. The digital signature uses a mapped cipher group, and the password information has a long-period characteristic.

5. The algorithm can be used publicly. The public use of the algorithm does not affect the security of the digital signature of the mapped cipher group.

 6. Data integrity certification. The client and the server share the password information of the mapping cipher group in advance, and store it encrypted. The server serves as a trusted institution. The message producer calculates the digital signature of the mapping cipher group for the message, and sends the message, arguments, and digital signature together. After the authenticator receives the information, as long as the digital signature is calculated and compared, if the digital signatures are consistent, the verification can be known. The information is complete and has not been altered, as it is almost impossible for any third party who is not sharing password information to obtain a digital signature that meets the requirements. Therefore, the digital signature of the mapped cipher group cannot be changed or forged.

 7. Digital signatures cannot be reused. Because the mapping cipher group digital signature is associated with the argument, and the argument is only valid once, a mapping cipher group digital signature can only authenticate a message effectively once, and it cannot be used for other authentications. But for the same message, you can generate different digital signatures with different arguments.

8. Third party certification. If both parties to the information exchange are customers, they cannot directly authenticate the trusted information, but they can authenticate through the server after the information exchange. For example, Party A sends a message to Party B, but Party B cannot confirm that the information must be sent by Party A, and it cannot determine whether the message is complete. Therefore, Party A must digitally sign the message and send the message with the digital signature information. After receiving the message, Party B can send an authentication request to the server to send the message. After receiving the request, the server authenticates the information sent by Party A, and then The message is signed with the shared password information with Party B and returned to Party B. After receiving the message and the signed information, Party B verifies the digital signature to determine the reliability of the information. For short messages, you can save them on the service side, but for very long messages, you can generate a message digest code, and then digitally sign the message digest code. In this way, you can change the authentication of long messages to the authentication of short messages. For example, if Party A wants to send a file to Party B, Party A will generate a message digest code for the file, and digitally sign the message digest and send it together. Party B also generates a message digest code for the file, compares the message digest, and verifies the digital signature through the server to prove the integrity of the document and confirms that it was issued by Party A.

 9. Non-repudiation, that is, non-repudiation. The service party is a trusted entity. Based on its reputation, it uses a series of measures and systems to ensure its trustworthiness. The digital signature of any client must be verified by the service party. Once the verification is correct, it can be determined. Is issued by the customer.

10. Similarities and differences with traditional public key infrastructure (PKI) -based digital signatures. Message digests are used in the authentication process, and they all require trusted institutions to implement identity authentication, message integrity authentication, and non-repudiation. The two authentication methods and processes are different. The public key infrastructure (PKI) -based digital signature can be obtained by anyone who obtains the public key for authentication, and the authentication method is offline authentication, which does not require authentication by a third party. Mapping cipher group digital signature Must and can only be authenticated by a trusted service provider, the authentication method is online authentication. The password information of the two is also different. The digital signature of the Public Key Infrastructure (PKI) uses a private key and a public key password. Each time the same password information is used, the usage cycle is 1. The mapping password group digital signature is generally used for a long time. Use different password information each time.

 11. When the mapped cipher group is a one-time numbered cipher group, the digital signature of the mapped cipher group becomes a one-time numbered digital group digital signature.

The digital signature of the one-time numbered cipher group is expressed as follows: One-time digital signature technology calculates the message digest using a one-way hash function based on a one-time password or one-time numbered cipher group with sufficient password length. The message authentication checksum is the message digest. For a message digest of a certain length, In the password space of the password length, there are enough collisions, so that the collision space is close to or larger than the message digest space, and it is impossible to reduce the security of the password from the message digest code through an exhaustive attack.

 Main characteristics of one-time digital signature technology:

 1. Use a one-way hash function to calculate the message digest, which is one-way. You can only use the password to calculate the message digest for the message. It is not possible to calculate the password information from the message digest.

 2. Pseudo-randomness and collision resistance with one-way hash function. The message digest calculated by the one-way hash function is pseudo-random, because a good one-way hash function calculation is a sufficiently chaotic and diffusion process for the message. Every small change in the message or password will cause The result of the message digest caused a huge change, and very different and completely different results were obtained in the message digest. All the changes were pseudo-random, and fewer changes to the message would not easily lead to the same message digest. Impact resistance.

 3. There are enough collisions in the password space used. Because the length of the password is much larger than the length of the message digest, according to the pigeonhole principle, there must be many collisions, that is, there are many different passwords that can generate the same message digest, and the password and message digest have a many-to-one relationship. In this way, the specific password cannot be determined according to the message digest and algorithm. As long as the password length is increased, the collision space can be enlarged. When the collision space is close to or larger than the message digest space, the security of the password will not even be reduced.

 4. One density at a time. The so-called one-time password means that the password can only be used for valid authentication information once. The one-time password usage period is infinite, so that using historical analysis methods or tools to analyze the encryption process or encryption results is useless for guessing password information. The step-by-step binding processing technology refers to that information tasks can be divided into multiple steps, which are respectively associated with different passwords and are completed in order. Its characteristics are:

 1. Each step has a verification of the information associated with the different passwords used in the other steps. In other words, some information (including the message digest) in each step must be related to some passwords, and these passwords have not been used in other steps. Each step must have its own unique password, which is a sign of distinguishing "steps".

 2. Each step of the information task is completed in the agreed order, and the next step can be processed only after the previous step is completed; once each step is completed, the password and corresponding encrypted information used cannot be used for the same or other This is the binding processing.

 The role of step-by-step binding processing technology-

1. The password space is enhanced for more secure use.

 2. Bind the password group to the information task. The relevant information related to all passwords related to the information task will not be transmitted in one information exchange, and only a part of the password-related information is exchanged in each information exchange. After the information task is bound to the password group, the information associated with the remaining passwords will be sent. Once the password group is bound, it cannot be used for other information tasks. If an attacker wants to attack a password, he must obtain the information associated with all passwords, but when he gets this information, the password group can no longer be used for other purposes, which ensures the security of the information task and password. By binding password groups to information tasks, man-in-the-middle attacks can also be effectively prevented.

3. This information task can be bound with corresponding other information (such as the transaction terminal number). The transaction is carried out step by step. Even if the information of a certain step is intercepted, it still does not affect the overall security of the information task. For example, if someone lost all their documents during a trip, he could call family members or friends at another place to get a password (strictly speaking, it should be a one-time digital signature), and use a teller machine or other terminal (such ATM or terminal only needs to enter the correct one-time digital signature to withdraw money), but at the same time, someone may be tapping and withdrawing money on another ATM, but because the transaction uses step-by-step binding processing technology, it is connected with the terminal ATM For binding, the transaction is carried out in multiple steps. In the first step, ATMs in both places cannot succeed at the same time, such as eavesdropping. A person cannot get the complete password information after the first step is successful, because his family or friends will only tell him the next password information after the previous step is successful. Only the real person may succeed in more than two steps at the same time. So the whole transaction is still safe.

 4, can effectively prevent identity fraud. In the information transaction process, the identity can be identified through the initial steps. If it is a false identity, the remaining secret information will not be sent again to ensure the security of the entire task.

 5. Prevent human error. Divide information tasks into multiple steps that can be completed by multiple customers. Prevents human error. For example, if A transfers funds to B's account, if A completes it, then A may mistake the account; if this task is divided into two steps, after A initiates the transfer transaction, it can be completed only after B confirms, which is avoided. Human error is possible.

 6. It can be used to divide different transactions and use different password groups.

 7. It can prevent the impact on the security caused by the weakness of the algorithm or the appearance of the weak key. Controllable encryption technology method: It refers to the method that the entire encryption process can be controlled or monitored manually. Its process cannot be fully automatic. Its characteristics are:

 1. Password information can only be read by encrypted software or hardware.

 2. The encryption process and content can be controlled or monitored manually. If only the necessary information of the encrypted part can be controlled, it is part of the controllable encryption, such as specifying the number of encryptions, the length of the encrypted data, the specific content of the encryption, or the part of the content that the encryption must include, or the specific content of the specific location of the data, Such as the account number and amount in the transfer. Sometimes partially controlled encryption can meet the needs of practical use. The number of times of encryption must be controlled, all or part of the encrypted content must be controlled or monitored manually, and all or necessary parts of the encrypted content must be confirmed before or after encryption.

 A simple and convenient controllable encryption method is to physically separate information encryption from information transmission.

 The role of controlled encryption methods:

 1. Ensure the security of the password. A controlled encryption method is used, and no one else can read the password content no matter what method is used. Even the customer himself does not have to read the password content, only the encryption body (encrypted software or hardware) refers to the password during encryption. So the password can not be opened at all.

2. Ensure the security of encrypted information. Because the encryption process and content can be controlled, all encrypted information must be generated on demand, and all information must be used as required. To store tens of thousands of information, it is not difficult for the current modern memory, and the one-time digital signature algorithm of the present invention can use a relatively simple algorithm, and it is relatively simple and easy to implement, which makes the password information Encryption of storage and data is made possible in a smaller device or device. The information that needs to be encrypted can be entered by manually pressing keys. If there is a lot of information that needs to be encrypted, you can manually enter the encryption restrictions, such as limiting the number of encryptions, limiting a certain part of the information that needs to be encrypted, or limiting the encrypted information. Length, etc., after locking the restriction conditions, it can be transmitted through other interfaces, such as serial port or USB interface, or even wireless communication, to transmit the remaining encrypted information; the encrypted information or one-time digital signature can also be displayed after Manual transmission, which is also conducive to manual monitoring, or transmitted through other interfaces such as serial port or USB interface, wireless communication interface, to achieve semi-automation, but the entire process can be controlled according to encryption needs, or the information is displayed after encryption. Manual monitoring is in line with the principle of controlled encryption methods, so it is not possible to fully automate the process. We put together the password storage and the encryption algorithm. The device whose encryption process conforms to the principle of the controllable encryption method is called a controllable encryption device. The feature of the controllable encryption device is that the password is stored in the device, and the password can be updated or supplemented. After the password is saved, the password information is no longer directly exchanged outside the device, and only the encrypted software or hardware in the device can read it; The encryption algorithm is implemented in the device, which can extract the password to encrypt or verify the input or locked information; the encryption device has a display device that can display all or part of the encrypted information for manual control or manual monitoring; the number of encryption can be Control, the encryption operation can only be performed after the number of encryptions is controlled on demand; semi-automatic encryption can be achieved after the necessary part of the encrypted content is controlled, or manually entered Full content control; use step-by-step binding processing technology for multi-step tasks, and then proceed to the next step after completing the previous step of encryption or verification. We put together the "" one-time number cipher group storage and one-time digital signature algorithm together, which can calculate and verify the information and verify the one-time digital signature. The device whose encryption process conforms to the principle of controlled encryption method is called one-time digital Signature device. As long as the information security authentication process and one-time digital signature device of the solution of the present invention are used, information authentication can be conveniently and securely implemented, including security identity authentication, and information tasks can be safely and conveniently completed. The one-time digital signature device method has the following characteristics:

 1. The device can store, index and use a large number of one-time numbered password groups by number, and the password groups are stored confidentially. The password information is not necessarily visible, and is usually not visible. Only the encryption process can be used. The password information can be updated and supplemented at any time as needed. After the password group is saved, the password information is no longer directly exchanged outside the device, and only the encrypted software or hardware in the device can read it.

 2. To implement a one-time digital signature algorithm, you can use the one-time number cipher group to calculate information and verify the one-time digital signature according to the cipher group number.

 3. The encryption process conforms to the principle of controlled encryption methods. The encryption operation can only be performed after the number of encryptions is controlled as needed; the encrypted information or encryption conditions can be controlled manually or in whole, and supervision can be performed after encryption.

 4. You can enter the information to be encrypted by manually pressing keys, or you can manually set or enter the encryption restrictions.

 5. After locking all or part of the encrypted information and encryption conditions, it can transmit and verify the information to be encrypted and one-time digital signature information through other interfaces, such as serial port or USB interface, radio communication interface, etc. After encryption, the encryption can be displayed. Information for monitoring.

 6. According to the application of the step-by-step binding processing technology, the calculation and verification of the one-time digital signature of the next step is performed only after the calculation and verification of the one-time digital signature of the previous response is correct, so as to prevent the artificial verification of the previous step that has not yet taken place. Passing the authentication revealed the next secret information.

 7. In order to increase the security of the one-time digital signature device, the device itself has a lock password, which can only be used after unlocking the password.

 8. One-time digital signature device can save customer information at the same time for easy use. 〖Information security technology based on customer security and service security-The current security model is divided according to the Open System Interconnection (OSI) model. For example, Internet Security Protocol (IPSec) is a network layer security information security technology. The Secure Sockets Layer (SSL) is an information security technology based on the transport layer in the Internet interconnection. Digital signatures based on public key infrastructure (PKI) are information security technologies at the application layer. There is no doubt that the above protocols are safe to use in the Open System Interconnection 0SI communication process, but the problem is that the current security scope has exceeded the Open System Interconnection 0SI model, not only the communication process, such as various terminals In the untrustworthy situation, it is futile to keep the communication confidential. In this case, it is unscientific to use the open system interconnection 0SI model to regulate the security model, and it is impossible to achieve security effects. It is necessary to further improve the scope of security. Information security technology based on information security objects is a higher level security technology.

 Customer and service technology model: The two parties that directly exchange security information are divided into customer and service. The client is the party that initiated the request for information exchange, usually the party that requested the service. The service party is a relatively passive response to the request, the party that provides the information exchange, usually the party that provides the information service, and the service party is the trusted subject. Reliable information exchange between individual customers can be carried out by the service provider. Individual customers cannot directly exchange trusted information, but general information can be exchanged. Information reliability can be verified by the service provider. An information task or information event is composed of multiple information exchanges. The event information cannot be repeated, that is, there is no exactly the same information in the same information event.

The concept and characteristics of information security objects: Information security objects are the main body of storage and processing of security information. After the security objects are formed, the security information sent by the objects must be marked with the object security mark, and the security information received and processed by the objects must be With the security sign of the other party, the security information sent or received cannot be forged and changed, and the security information must be marked with an event. Its characteristics are as follows:

 1. The security object stores and keeps its own security information, and the secret information is not directly transmitted to the outside.

 2. The security information sent or received by the security object must bear the security mark of the object. The security information used cannot be forged or changed. The information security mark will not conform to the information being forged or changed. Norms, except for trusted institutions, only this object can correctly generate its own information security mark.

 3. The safety information with safety signs sent or received by the security objects must include event signs. Event signs can be implemented in safety information or in safety signs. Security information can be copied, but it cannot be reused. That is, the security information of one event cannot be reused by another event. This makes it impossible to replay security information for different events. For the same event, it is impossible to replay without the same security information. At first glance, the above characteristics are somewhat similar to general digital signatures, but they have essential differences: General digital signatures only focus on the security of digital information that is signed, and the object of information security is to receive, process and Sending security information is abstracted as a whole. As a security object, it integrates various security elements, such as password information, encryption methods, encryption processes, and so on. All security elements form a subject, which can be used as a box. You It can be kept in a safe place so that it can provide secure information. The advantages of security objects are the simplicity of security, the abstraction and centralization of security elements, so that security features can be separated from other various complex systems. For example, due to the application of open system interconnection, general terminals have become untrustworthy subjects, so we can extract all security elements from the terminals to form a security object. The security object has nothing to do with the communication and terminal used. As long as the security of the information security object is ensured, various communications and terminals can be used safely, even if the communication or terminal is unsafe and untrusted. Applying the concept of information security objects to the widely used public key infrastructure (PKI) -based digital signatures can also be very effective in strengthening security.

 The security mark can be implemented by digital signature. The concept and characteristics of customer security: Customer security is a security object, and it is the main body of the customer to send, receive, and process security information. After the security of the customer is formed, the security information sent by the customer must be marked with the customer security mark, and the customer receives and processes The safety information must bear the service-side safety mark. However, in practical applications, there is a lot of information that needs to be exchanged without security signs. Such information should be used as little as possible, and it can only be used after it is determined to be safe by human judgment. There are also many methods for manually judging safety inspections, such as full inspections, element inspections, partial inspections, mixed inspections, etc., depending on the safety requirements.

 The concept of service security: Service security is the main body that the service party sends, receives, processes and saves the security information. The security information sent by the service party must be marked with the service security mark, and the security information received and processed must bear the customer's security mark. The service provider does not process information without safety signs. Its characteristics are similar to customer security.

 Customer security and service security are both security objects. There are differences between the two:

 1. Customer safety can handle both safety information and unsafe information, but it needs to be checked and judged manually before it can be converted into safety information. Service Security does not process information that is not accompanied by a safety sign.

 2. Because customers may encounter and process unsafe information, the processing process cannot be fully automated. Service security only handles security information with safety signs, which can realize automatic processing.

 3. Since the service provider is a trusted subject, customer security is the subject that depends on service security. Without service security, there is no customer security. Service security is a trusted entity whose security is built on its reputation.

The security object is an independent subject of security information and does not depend on any communication method or external environment. However, if the security object is invaded or destroyed, the security information may be leaked. Security object based on mapping cipher group digital signature and its information exchange process-if the client logo, password information, generation method of cipher group, mapping cipher group digital signature rule and process are secure All the elements are aggregated together to form an object, and the external information exchange of the object meets the characteristics and requirements of the secure object, and a client secure object based on the digital signature of the mapping cipher group is obtained.

 The client security object based on the digital signature of the mapped cipher group has the following basic characteristics:

 1. Include customer logo, that is, customer number information.

 2. Contains mapping password information.

 3. Password information update method.

 4. Map cipher group method.

 5. Digital signature method for message mapping cipher group.

 6. Digital signature verification method for message mapping cipher group.

 7. Security confirmation methods for non-secure messages.

 8. Message passing or exchange methods. The service security object based on the digital signature of the mapping cipher group has the following basic characteristics −

1. Contains each customer logo, that is, customer number information.

 2. Contains the mapping password information of each customer and the information used by each customer's password argument.

 3. Update method of customer password information.

 4. Map cipher group method.

 5. Digital signature method for message mapping cipher group.

 6. Digital signature verification method for message mapping cipher group.

 7. Message passing or exchange methods.

 8. Customer safety information preservation method.

 9. Other security service attributes (professional service content of the service party).

 10. Other security service methods. The device composed of the above object characteristics is a security object device that maps a digital signature of a cipher group. The specific characteristics of the device method are:

 1. The device stores object information, including object number and password information.

 2. The method of mapping cipher group is installed.

 3. A digital signature method for the message mapping cipher group is installed.

 4. A digital signature verification method for the message mapping cipher group is installed.

 5. The device implements the digital signature and verification process of the message mapping cipher group. Security object information exchange process for mapping cipher group digital signature:

First, the client security object and the service security object share the password information of the mapped cipher group in a direct sharing manner. The password information is a cryptographic sequence with pseudo-random properties generated by the server. Each information task can be divided into multiple information exchange processes. The number of ordered passwords to be included in each password group is determined according to the information exchange number of the most commonly used tasks. For large information tasks, it can be divided into small information tasks.

 When the client security object and the service security object perform security information authentication, the information exchange steps of the information task:

1. When a customer security object needs to make a service request, it usually takes an ordered variable as an independent variable, selects an unused independent variable, and calculates a mapped password group using the password information through a mapping method.

 2. The client security object forms a service request message according to the service requirements.

 3. The client security object calculates a digital signature on the message with the first password of the password group.

 4. The customer sends the security information formed by the customer number, message, argument, and corresponding digital signature to the server.

5. The service security object receives security information from the customer security object.

6. The service security object selects the customer number and independent variables, extracts the customer password information, and calculates and generates the corresponding mapped password. Group.

 7. The service security object uses the same password used by the client to calculate and verify the client and digital signature on the message.

 8. If the digital signature is verified to be correct, the information is credible, and the message is processed and stored accordingly.

 9. The service security object generates a processing result message.

 10. The service security object uses the second password of the cipher group to calculate a digital signature on the resulting message.

 11. The server sends the security message formed by the result message and the corresponding digital signature to the client.

 12. The client security object receives the returned security information from the service security object.

 13. The client security object uses the same password to verify the message and digital signature. If the verification is incorrect, it requests the result information again until it obtains the real result information.

 14. After the client security object verifies that the message is correct, it processes the message.

 15. The above steps complete the process of one response exchange of messages. For information tasks of multiple messages, the above steps 2 to 14 may be repeated accordingly until the information tasks are completed. In the previous various information security technologies, the use of passwords either periodically uses short passwords or one-time passwords with unlimited periods, making the security of periodic passwords difficult to solve or causing huge problems with password information. A secure object method based on the digital signature of the mapped cipher group, the long-term periodicity of the password information is formed, which effectively solves the security of the periodic password, effectively prevents various password-related attack methods, and the password information does not grow massively. The information can meet the needs of practical use within a certain length.

 At present, most of them use high-strength encrypted data information or high-strength encrypted data communication channels to achieve the security of information exchange. However, the security of the client terminal needs to be protected by the client, and the server must also have a highly secure firewall. On the one hand, high-intensity data encryption or communication channels require strong hardware and software support; on the other hand, the security of client terminals and service parties is difficult to guarantee. The solution of the invention can conveniently realize secure information services at various communication terminals, and information can be used without encryption during transmission. It is a security protocol that does not depend on the communication method and communication process and the communication terminal, so that the information is secure. It is completely independent of communication and client terminals to achieve client security. It is a client security protocol. Through simpler client terminals and communication methods, secure client information authentication can be achieved. At the same time, services can be conveniently and cost-effectively provided. The center isolates the protocol from the outside world. The isolation can use a different protocol from the external communication or a custom protocol to isolate the authentication server from external communication. This way, even if an attacker invades all external environments, including communication terminals, communication lines, and The communication server cannot invade the authentication server through a custom protocol, and it is impossible to forge legitimate information that does not meet the user's wishes.

 Mapping cipher group digital signature is an easy-to-use digital signature method. In addition, the concept of a security object not only focuses on the security of information exchange, but also to solve the customer's information security, including the security of exchanged information, the security of customer identity authentication, the security of customer password information, the security of the encryption process, etc., its security and communication methods It has nothing to do with the terminal and provides a feasible way to solve information security. detailed description

Embodiment One: Banking System Transfer Payment Security Solution

 In this scenario, we determined that the bank is the servicer and the trusted party. Companies or individuals dealing with banking are the clients.

First define the password mode. The password mode uses a mapped password group, and the password information uses an ASCII character set with a size of 4096 bits, of which 1024 bits are used as the contingency password and 3072 bits are used as the password source. The mapped password group is an ordered 4 passwords, and the password length of the password group is 128 bits (the password length is related to the digital signature length, and the actual application needs to be adjusted appropriately, usually the password length is twice the digital signature length). In order to increase security, another 128-bit static password is added as a supplementary password, and a 256-bit static password is added as a supplementary secret encryption information. The mapping takes natural numbers as independent variables. The password source model is a 128-bit ordered arrangement of the password source elements in bytes. The number of permutations is approximately l (, we can specify that this is a different self-variation The maximum number of times you can use it (in fact, you don't need to use more than 10 natural numbers, many people have changed their passwords!). Calculate the number of permutations as follows

 If the amount of password information used by each customer's security object is 5k, 1,000 customers are about 5M, and 1 million customers are about 5G. According to this proportion, it is very feasible to establish a service system for large-capacity customers.

 The password mapping rule is: The argument is mixed with a 128-bit supplementary password (such as a product) to obtain a number A. This number is divided by the 1024 number plus 1 to get a number B that is not greater than 1024. A is divided by the remainder of 128 and then Add 1 to get a number C that is not greater than 128. In the strain code, start from the B position, and intercept a length of C. If it exceeds 1024, you can count from the beginning. This way, you can get a code Y1, also from the number pair (B + 1, C + 1) can get the password segment Υ2, the number pair (B + 2, C + 2) can get the password segment Υ3, the number pair (B + 3, C + 3) can get the password segment Υ4 (actually supplement the password And a strained password form a two-level mapping relationship); mixing Υ1 with the static password and the independent variable can get a number K1, the hybrid method can use a one-way hash function to perform a second operation and then connect, if the number of K is greater than 59, then Discarding the high-order part and using K1 as the permutation number to correspond to the password source model, the first password of the mapped cipher group is obtained (for a regular arrangement, each byte position of the password can be calculated), and it can also be obtained He ordered three password. There can be many mapping modes, and the above is just one of the mapping modes.

 Digital signature mode. The digital signature is the Arabic numeral character set, which takes 8 Arabic numerals. The 128-bit password obtained by mapping the cipher group, the added 256-bit static password, and the message are combined to calculate the message digest using a one-way hash function. Generally, a 160-bit message digest can be obtained, and then converted into an 8-digit Arabic number. Get the digital signature of the mapped cipher group.

 Customers can be divided into single-object customers and multi-object customers. For general personal customers, only one customer security object is required, which is a single object customer. For customers such as companies that require multiple customer security objects, such as supermarkets or department stores, the same payment account may require multiple payment counters, or It is the income and expenditure that need to be verified by multiple persons, and multiple customer security objects are required. For multi-object customers, you can set different permissions for the customer objects. For different objects of the same customer, the mapping password information can be the same. The service provider can implement information sharing to save storage space. Two digits can be added after the customer number as the customer's secure object number to identify different objects. Each object is supplemented with a password and Static passwords are different. '.

 Customer security object elements and settings. Customer security objects include the following basic elements:

 1. Customer object number, which uniquely identifies the customer security object.

 2. Customer password information. Includes 4096-bit mapped password information, 128-bit supplementary password, and 256-bit static password.

3. The next unused ordered argument.

 4. Password information update method.

 5. Map password method as described above.

 6. Calculate the mapping cipher group digital signature method for the message.

 7. Digital signature method for message authentication mapping cipher group.

 8. Information transmission or exchange methods. Objects need to exchange information with the outside world, and various interfaces can be used.

 9. Security confirmation method for non-secure messages. The security object needs to manually confirm the received message without digital signature, which can be displayed on the monitor and then manually confirmed.

 10. Message generation method to be signed. The message can consist of numbers and a small number of symbols. It can usually be entered using the keypad, or it can be confirmed by the non-secure information of the previous item. Service security object elements and settings. Customer security objects include the following basic elements:

 1. All customer account information. Including customer number, account number, account funds, etc.

2. Information of all customer security objects. Includes customer security object number, password information, next unused order Arguments and so on.

 3. if password generation method. It is randomly generated by the service security object and has pseudo-randomness.

 4. Customer security object information update method.

 5. Map password method as described above.

 6. Calculate the mapping cipher group digital signature method for the message.

 7. Digital signature method for message authentication mapping cipher group.

 8. Security information preservation method. Record customer security object transaction information.

 9. Transfer transaction method.

 10. Security message generation method.

 11. Information transmission or exchange methods. In practical applications, specific transactions that are not related to security, such as account funds and transfer transaction methods, can be separated from service security objects and processed by different functional objects. In this example, for simplicity and convenience, it is added to the service security object for processing.

 Security isolation of security objects. Setting a security object does not make it safe. It is also necessary to implement security isolation for the security object to separate the security object from the unsafe environment and implement information exchange with security information, so that the security object can ensure the security state. Because the security object does not depend on any communication method, isolation can usually be isolated using a custom communication protocol, or various other protocols, but it is necessary to ensure that other dangerous or destructive processes are blocked. The most secure method It is even possible to use physical isolation and use manual transmission of information.

 Password sharing method. The password information can be shared directly. Customers can directly share passwords after authenticating their identity at the bank. The password information is randomly generated by the service security object, which is pseudo-random. Safe transaction mode.

 Peer-to-Peer Transfer Mode. A transfers 100 yuan to the B account. The transfer process is as follows:

 1. A customer security object (hereinafter referred to as A) selects the next unused argument and calculates the mapping password group.

2. A forms a signed message with the funds transfer transaction code, B's account number and amount, and uses the first serial number password to calculate a digital signature for the message.

 3. A transmits the arguments, messages, and digital signature to the service security object (hereinafter referred to as S). Because all the information is in the form of the Arabic numeral character set, it can be easily transmitted using various tools: Internet, telephone, SMS, fax, etc. It can even be transmitted manually, as long as the tools can transmit the Arabic numeral information.

4. After S receives the transaction message sent by A, S extracts the information of A and calculates the mapping cipher group to verify the transaction message of A. If the verification is incorrect, it returns an error message of A. After three errors of the same argument, The argument is invalidated.

 5. S verifies that the transaction information of A is correct, transfers 100 yuan of A's funds, and deducts 100 yuan from the account of A. If it succeeds, the result flag is 1, otherwise it is 0.

 6. S generates a result message, calculates a digital signature on the message with a second serial number password, saves the result and digital signature, and returns the result message and digital signature to A, or leaves it to A for inquiry.

 7. A receives the preliminary transaction result information returned by S, checks the digital signature with the same password, and checks whether the information is correct. If it is incorrect, he reapplies to S for transaction result information until the correct transaction result is obtained.

8. If the transaction fails, A suspends or restarts the transaction. If successful, A recalculates the digital signature M1 on the transaction message with the third serial number password. 9. A notifies B's customer of the transaction and hands digital signature M1 to B.

 10. Client B security object (hereinafter referred to as B) selects the next unused argument and calculates the mapping password group.

 1 1. B forms a signed message with the transaction code and amount of funds transferred, and uses the first serial number password to calculate a digital signature M2 on the message.

 12. B sends the argument, the incoming message, and the digital signature M2, and A's digital signature M1, to the service security object S together.

 13. After receiving the transaction message sent by B, S extracts the information of A and B respectively, and calculates the mapping cipher group, verifies the digital signature M2 of the transaction message of B, and verifies the digital signature M1 of the transaction message of A.

 14. S verifies that all transaction messages are correct, and transfers 100 yuan of funds to B's account (and can freeze the amount of 100 yuan and leave it for a period of time, such as unfreezing it one day later). If it succeeds, the result flag is 1, and the failure is 0. Regardless of the result, the corresponding password can no longer be used.

 15. S generates result messages of B and B respectively. Calculate a digital signature for the result A message with the password of the fourth serial number of A, calculate a digital signature for the result message B with the password of the second serial number of B, save the result and digital signature, and return the result information to B, or leave it to A and B for inquiry.

 16. A and B can query the final transaction result information and verify the digital signature of the message until the real information is obtained.

 17. According to the digital signature of the final result, both A and B can know exactly whether the transaction result is successful or failed. The transaction process is complete.

 Both A and B need to submit transaction information and digital signatures to prevent human error from transferring the account. At the same time, both parties cannot deny the fact that the transfer result is successful or failed, and the use of multiple passwords can prevent the occurrence of weak passwords. Semi-automatic payment transfer mode. If you are shopping in a mall, it is too much trouble to follow the above transfer mode! In fact, customers in similar shopping malls are relatively good customers. We can add a transfer mode to allow two submissions of messages and signatures to be submitted at one time, but the transaction funds must be periodically frozen, which can simplify it. The transaction process, but security is still guaranteed. In addition, a special communication channel between customers needs to be established to realize the semi-automatic payment process-A pays 100 yuan to B's merchant account.

 The customer security object A needs to sign the information during the transfer transaction mainly including the transaction code, the counterparty's account number and the transaction amount, and the customer security object B needs the signature information during the funds transfer transaction to be the transaction code and amount. What both parties need to verify is the digital signature of the resulting message.

 1. Customer's security object A is in the locked automatic transaction state: Select the next unused argument to calculate the mapping password group. The transaction code is the automatic transfer out of the transaction code. The transaction amount can be set or not. If set The amount is based on the set amount. It is waiting to receive the account and amount information transmitted by the other party through the dedicated communication channel.

2. The client's security object B sends the account number and payment amount information to A through the dedicated communication channel.

 3. The payment information received by customer security object A, if the amount has been set, the amount is compared. If the amount does not match, an incorrect amount is sent and returned to B; if the amount is not set, the received amount shall prevail; if the information is correct A automatically calculates a digital signature on the payment information using the first and third passwords.

 4. The customer security object A automatically sends the payment information to the service security object (hereinafter referred to as S) through the communication system of B.

 5. After S receives the automatic payment information, it extracts A's information and verifies the signature of the information to ensure correctness.

6. After the information is correct, S executes a transfer transaction, and transfers 100 yuan from account A to account B, and at the same time freezes the transfer of funds from B. The processing result is 1 and the failure is 0. 7. S calculates a digital signature for the transaction result information of A and B respectively. For B, the next unused argument is automatically selected for use, and the transaction result information is saved and returned to A and 8.

 8. A and B receive the transaction result information and verify the transaction result information.

 9. A and B retain the transaction result information, which can be displayed on the monitor, pending manual confirmation, and the transaction is completed. Embodiment 2: Security transaction solution for banking system

 In this scenario, we determined that the bank is the servicer and the trusted party. Why do we deposit money in the bank, but get a paper or a plastic card from the bank? It is because we trust the bank, which is based on two reasons: 1) the bank's system guarantees the safety of customers' funds; 2) the creditworthiness of the bank also gives us the same guarantee. Here, we assume that these two reasons still hold and exist. The other parties involved in banking are customers and service demanders. The customer must open a customer number at the bank and link the customer's account number.

 One-time numbered password group settings used by the customer. The character set of the password is set to Arabic numerals, so that almost any communication method can be used. One-time digital signatures use 8 numeric characters. Each password in the password group uses 16 numbers. It can be set according to the step-by-step steps required by the transaction. The number of passwords in a password group. Generally, transactions can be divided into two steps or three steps. Each step requires two passwords for response, two passwords are required to determine the password group in two steps, and six passwords are required for the password group in three steps. The password returned in the event of an error is obtained by incrementally changing the last response password. If the balance of the account needs to be verified at the same time, a password is added to each password group, and the number of passwords in the password group can be determined as required. When a customer applies for a one-time numbered password group, the bank collects multiple random seeds to randomly generate a one-time numbered password group for the customer. After the customer passes the identity authentication to the bank's service point, he uses direct key exchange with Customers directly share multiple one-time numbered password groups, and the bank encrypts the one-time numbered password groups with high-strength encryption and stores them in the database. When customers need services, they are dispatched and decrypted for use. The customer saves the one-time serial number password group in the one-time digital signature device, and can use the one-time digital signature device to perform one-time digital signature and authentication of the information at any time.

 Setting of the one-time digital signature algorithm. The algorithm can use the MD5 or SHA-1 algorithm to generate a digest code under the ASCII character set, and then convert the ASCII characters to integers and divide by 10 to take the remainder to convert to the Arabic numeral character set. According to certain rules, a number of 8 characters in length The formal summary, for example, takes the last 8 Arabic numerals as a one-time digital signature, and the algorithm is public and cannot be cracked.

If the transaction can be divided into two steps, each password can be tolerated 3 times (three times if it is incorrect if used incorrectly), then the chance of each transaction being completely guessed is (3/10 ⁸ ) * (3/10 ⁸ ) = 9 / 10 ¹⁶ * 1/10 ¹⁵ , which is one-fifth of 10, and set the client to be locked after 10 consecutive password signature errors. The chance of successfully impersonating the client's signature is 1/10 ^{1 5} * 10 = 1/10 ¹⁴ . The security can reach (10 ¹⁴ — 1) / 10 ¹⁴ , which is already quite secure, and the need to improve the security can also increase the length of the one-time digital signature, or increase the steps of the transaction.

 We can agree on the method of signature of information according to different types of transaction business.

 According to the transaction process and requirements, the following three transaction authentications are listed to design the signature method of transaction information:

 1. Customer authentication.

 2. Fund transfer transactions.

 3. Other information certification.

 Identity authentication is a two-step process:

 (1) Initiating identity authentication;

 (2) Confirm identity authentication.

Two replies can securely confirm the identity of the customer, so each password group requires two pairs of passwords, and each pair of passwords responds correctly once. When the client initiates an identity authentication request, the message is first-time digitally signed with the first password of the first pair of passwords of a certain number. The agreed message must include the transaction code for identity authentication. Number, message, the number of the one-time number cipher group and the signature are sent to the bank service side together, and after the bank verifies, the bank answers with the second password signature of the first pair of passwords. The second pair of passwords is used for the same authentication when confirming the identity. In addition, a password that is specifically used for responding when an error occurs is needed. This password can be obtained by converting the last correct response password, because when an error occurs, the last correct response password is not used. In the response, if the same message is all signed, the message only needs to be transmitted once, and only the signature can be transmitted in each response.

 Assuming that funds are transferred from account A of customer A to account b of customer B, the fund transfer can be divided into three steps:

(1) Client A's account a transfers (or freezes) funds;

 (2) Client B's account b is transferred in (or transferred from frozen account a and then transferred to account b) funds, and at the same time, the funds are frozen;

 (3) Unfreeze the frozen funds transferred to account b.

 Each step requires that the customer A who owns the transfer account a verify and sign the transfer information. The transfer information that needs to be signed includes the transaction code, the transfer account number, and the transfer funds. The first step is submitted by the customer A. The information submitted is provided by the customer. Number, transfer information that needs to be signed (including transaction code, transfer account number and transfer funds), cipher group number, corresponding one-time digital signature; but signatures after the second step can be submitted by customer A who owns transfer account a Alternatively, client A can pass the signature to client B who has transferred account b, and then client B submits it to the bank server for verification. The benefit of the latter is that it will not cause funds to be transferred to the wrong account. Adding the signature verification of customer B when submitting to achieve multi-signature authentication is more secure, and customer B cannot deny the fact that he knows that the funds were transferred to his account. So for the transferee of a complete fund transfer transaction, at least three pairs of passwords are required for the one-time numbered password group, but some transfer transactions can automatically unfreeze the funds after a certain period of time (such as one day later) after completing the second step, so two Steps can also complete the transfer transaction. In addition, the verification of the account balance should be added after completing the transfer, so an additional password is needed to verify the account balance. Therefore, the transfer transaction password group is set to three pairs plus one total of seven passwords, and two pairs plus one total of five passwords can also be used. It can be set as required. If a third party review is required, the third party can perform a one-time digital signature review and verification of the transaction after the first transfer, and the next transfer operation can only be performed after the review is correct.

 Other information authentication, such as loan authentication, repayment authentication, account balance authentication, etc., are similar to identity authentication, except that the authenticated information is the agreed information, transaction code, loan account number, loan amount, etc. The steps are all right, usually a cipher group with two pairs of passwords is used.

 In addition, in order to increase security, protect the use of one-time numbered password groups, and prevent denial of service attacks, customers need to apply for a login password and use it during login to enhance security. For transactions with large amounts or higher security requirements, You can add measures for post-transaction reporting, such as phone notifications, SMS notifications, email notifications, and so on.

 By setting the above, you can get many banking applications, such as phone banking, online banking, short message banking, digital payment settlement, pure digital public authentication withdrawal, etc. Some service applications are listed below:

 1. Telephone banking.

 After logging in with the login password, customers can use buttons and voice for general information exchange, such as ordinary information query, but for important information exchange, they need to be authenticated by a one-time digital signature. In addition to the general traditional information inquiry, contracted account transfers, and other contracted transactions, telephone banking can also conduct the following transactions −

(1) Transfer any account in the system. This is a bank account transfer within the bank's own system. A one-time digital signature of the transaction code, transfer account number, and transfer amount is required when transferring.

 (2) Transfer outside the system. This is an account transfer from a bank to another bank. Usually, the system transfer needs to provide the transfer account number, transfer line number, transfer account number, transfer account name, and transfer amount, but it is difficult to provide the account name by phone, so you can call Phone to manual service, ask the bank staff to enter the relevant information, and sign the transaction code, transfer line number, account number, and transfer amount, and submit it, and then use the automatic telephone service for secondary signature confirmation.

 (3) Telephone remittance. The same as outside the system, but the signature is the payee ID number and amount information.

(4) Instant payment by phone. Instant payment is actually an instant transfer transaction, but requires both the payer and payee to open a customer number at the bank. The payer submits a payment request by performing a one-time digital signature on the transaction code, transferred account number, and amount, and then pays The person then performs a second signature as a confirmation signature, and delivers the confirmation signature to the payee. The payer logs on to the telephone banking service and confirms the payer's second signature and adds his own account and amount signatures, so that both parties can confirm the success or failure of the payment, and it is impossible to deny the transaction.

2. Online banking.

 With the solution of the present invention, a network bank can be constructed at low cost and with high security. As long as the bank WEB server and the authentication server are isolated by using protocols, a high degree of security can be achieved. Even if the intruder invades the web server, he cannot reach the authentication server because protocol isolation is implemented between the two servers, such as a custom protocol isolation of the serial port. Even if the intruder controls the web server, the web server can be modified arbitrarily. All information, but it is still impossible to impersonate or break the authentication relationship. Of course, the web server can also add a firewall to improve security. Because the solution of the present invention is based on customer security and does not rely on any customer communication terminal, there is no security threat to customers when using any communication terminal. In addition, since the solution of the present invention does not provide a security function, a secure communication channel formed by a Secure Sockets Layer (SSL) can be applied between the WEB server and the client terminal to increase security and security functions. Internet banking can almost safely implement most banking services except cash, such as information inquiry, transfer, remittance, payment, loan, payment settlement and so on.

 3. Digital payment settlement.

 Payment settlement is the process of transfer transactions. General electronic payment settlement requires high-strength encryption equipment, such as POS machines that use credit cards (or magnetic cards), which requires high-cost purchase of equipment and merchants with a certain degree of credibility, and the increase in interconnection between banks In many aspects, it also increases a lot of costs, and credit card information and passwords are also easy to leak. With the digital payment settlement of the solution of the present invention, as long as the customer provides a one-time digital signature and a second confirmation signature on the payment information, it can be achieved by any communication method for transmitting digital information. Because payment information and one-time digital signatures are both Arabic digital character information, it is extremely convenient to use telephone or Internet communication. One-time digital signature information is not afraid of being stolen and can be used publicly. Any communication method that can transmit Arabic digital character information can be used. Used to achieve payment settlement. In addition, the payment information or payment conditions that need to be encrypted can be locked in a one-time digital signature device. At this time, the locked payment information can only be encrypted and signed with a one-time number password group, and can be automatically used with a simple device. The payment information and the corresponding one-time digital signature are transmitted from the interface to the bank, thereby realizing semi-automatic payment settlement. Digital payment settlement can also be used for online shopping payment. When shopping online, the shopper first submits payment information and a one-time digital signature to indicate the payment intention, and then receives a second one-time digital signature to confirm the payment when the goods are received to achieve settlement. Pay. The digital payment settlement using the scheme of the present invention can truly realize secure and reliable real-time payment settlement at any place and at any time. Since the requirements of the used terminal and communication equipment are relatively simple, it can be widely used at low cost and in a wide range. The name of digital payment settlement more accurately reflects the essence of the application and is different from the traditional traditional electronic payment settlement.

 4. Pure digital public authentication withdrawal.

 The withdrawal process is divided into two steps. In the first step, the customer submits the withdrawal information and a one-time digital signature. At this time, the withdrawal account is bound with the withdrawal account number, the withdrawal amount, and the withdrawal terminal information. The bank authenticates the client's identity and withdrawal information. Confirm the withdrawal information by step, and you can get the corresponding cash after completing the withdrawal correctly. With the solution of the present invention, in addition to the one-time digital signature verification directly performed by the person, you can also call and verify information through family or friends. When you are away, you can call your family or friends to obtain withdrawal information and the corresponding one-time digital signature, submit it on a teller machine or a withdrawal terminal, and then obtain the cash after confirming the second signature. If someone intercepts all information at the same time and operates on another terminal, but because the same signature can only be successfully submitted on one terminal, if the eavesdropper submits successfully, it is impossible to obtain a second confirmation signature, and it is impossible Get cash. Embodiment 3: Security trading solutions for open environment securities trading

 We have determined that the securities party is the service party and the participating buyers and sellers are the client parties. In fact, the securities party has always been a reliable service provider that provides buying and selling transactions. This solution only provides a more convenient and safe way for transactions.

Securities trading is characterized by strong real-time performance and high security requirements. Based on these characteristics, we require securities transactions to be submitted at one time. In order to increase security, strict identity authentication is required before the transactions. According to the above requirements, we set up one-time numbered password groups. Each group of password groups has one pair or two passwords. One-time numbered password groups can be used. For identity verification, it can also be used for trading. For ease of use, we can set the character set of the password to Arabic numerals, so that almost any communication method can be used. One-time digital signatures use 8 numeric characters, and each password in the password group uses 16 numeric characters. The algorithm can use MD5 or SHA-1 to generate a digest code and then convert the digest into a form of Arabic numeral characters of corresponding length as a one-time digital signature.

 The client goes to the securities party to open a customer number and applies for a one-time numbering password group. The security party randomly generates a one-time numbering password group and shares it directly with the customer. The security party encrypts the one-time numbering password group and saves it in the database. When the customer needs service Schedule it for use. The customer saves the password in the one-time digital signature device, and can perform one-time digital signature and authentication on the information after unlocking the one-time digital signature device at any time. In addition, the client needs to apply for a login password, which is used during login to enhance security.

 Each time the client uses the service, he must log in to the securities service party through communication (using the phone or the Internet, etc.) and use the login password for authentication. This is weak authentication and can be used for general inquiry transactions. If a sale transaction is required, a one-time numbered password set must also be used for strict identity authentication. In strict identity authentication, a one-time numbered password group can be used to perform a one-time digital signature on a piece of digital information (including the identity authentication transaction code). The signature can be passed before it is confirmed.

 When trading, you must use a one-time serial number password group to digitally sign the one-time transaction code, security code, and price. In addition to submitting securities information for trading, you must also provide the serial number and one-time serial number password group. Digital signature information. After receiving the securities trading transaction information, one-time serial number password group and one-time digital signature information, the securities party verifies the one-time digital signature of the customer. If it is correct, it submits the transaction and returns the correct information to the customer and A correct one-time digital signature, otherwise an error message and a failed one-time digital signature are returned.

 Using this solution is conducive to improving transaction security, and it is simpler and more convenient to implement various transaction methods. For example, the telephone transaction method can be implemented securely and reliably, and the network transaction method is also more simple and secure. This solution is conducive to the implementation of protocol isolation, as long as a custom protocol is passed between the WEB server (or other server connected to the client terminal) and the authentication server. With isolation, a high degree of security can be achieved. Since the solution of the present invention does not provide a security function, a secure socket protocol layer (SSL) secure communication channel may be applied between the WEB server and the client to increase security and security functions, and also between the WEB server and the externally connected network. A firewall can be used for added security.

Claims

A method for setting and using a password is a method for mapping a password, which is characterized in that:

 The password information is divided into two parts according to the purpose: one part is used as the mapping of the corresponding law change relationship, which is called contingency cipher, which is recorded as set B, and the other part is used as the password source, which is recorded as set ya; the password source is applied by some model or some correspondence. A new set of information is obtained through the transformation of the rule, and it is denoted as set M. The mapping method is used to describe any independent variable, which corresponds to a logical position in the new set M model by combining the corresponding rule of the strain code, so that Corresponds to a certain element in the set M, and then combines them into a new password through a certain rule. Let the set of independent variables be X and the set of new passwords be! \ !. The mapping can be recorded as follows:

f _B ^L : X → M, f _B- . {X, M) → N combined is a composite mapping: f _B .- (X, f _B ^L (X)) → N;

 For the strained password and password source given the mapped password, and the corresponding correspondence rule, for any independent variable, a unique new password can be found to correspond to it; the mapping of the independent variable combined with the correspondence of the strained password The law corresponds to the logical model formed by the password source, and then a new password is formed by a certain law; it needs to be used in combination with independent variables; each time information is encrypted, it is only indirectly related to a part of the password information; the password used for each encryption The information is almost different. Method for mapping cipher groups: According to the method for mapping ciphers according to claim 1, the new password information obtained by mapping the independent variables is the only cipher group determined, which is the mapping cipher group, which is characterized in that the cipher group contains one or more ordered The password is generated by the mapped password method, and the password group is associated with the mapped argument. Method for digitally signing a mapped cipher group: Use the argument to generate the mapped cipher group according to claim 2, apply the one-way hash function rule, calculate the message digest for the message, and obtain a digital signature for the mapped cipher group, which is characterized by:

Use a one-way hash function and use the password of the mapped cipher group to calculate the message digest for the message; Use the independent variable to map the cipher group, so that the digital signature is associated with the independent variable. The independent variable is used only once, that is, the mapping generated by the independent variable After a cipher group authenticates one or a group of information, it is no longer possible to use the mapped cipher group generated by the argument to authenticate other information; the password of the mapped cipher group has a sufficient length, that is, the password space is large enough, so that for a message of a specific length Abstract, there are enough collisions, so that the collision space is close to or larger than the message digest space, and it is impossible to reduce the security of the password from the message digest code through an exhaustive attack; the digital signature uses a mapped cipher group, and the password information has the use of Long cycle characteristics. Method of information security object: The security object is a subject for storing and processing security information. After the security object is formed, the security information sent by the object must be marked with the object security mark, and the security information received and processed by the object must bear the security mark of the other party. The security information sent or received cannot be forged and changed. At the same time, the security information must be marked with an event. Its characteristics are as follows: The security object stores and keeps its own security information, and the secret information is not directly transmitted to the outside. The security object sends or receives it. The security information must be marked with an object security mark, so that the security information cannot be forged or changed. After the information is forged or the information is changed, the security mark of the information will not conform to the specifications. This object can correctly generate its own information security signs; security objects sent or received with security signs The security information must include the event flag. The event flag can be implemented in the security information or in the security flag. The security information can be copied, but cannot be reused, that is, the security information of an event cannot be changed. Another event is used repeatedly; this makes it impossible to replay security information for different events; and it is impossible to replay the same event without the same security information. A secure object method based on a digital signature of a mapped cipher group: The information security object described in claim 4 uses the digital signature method of a mapped cipher group according to claim 3 as a security mark of security information, which is characterized by including an object mark, That is, object number information; contains object password information; contains mapping cipher group method; digital signature method for message mapping cipher group; digital signature verification method for message mapping cipher group; external information exchange of the object is in accordance with the information security object of claim 4 Characteristics. An information security device method, according to the mapping cipher group digital signature method of claim 3 and claim 5 based on the security object method of mapping cipher group digital signature, the information security device is characterized in that the device stores object information, including: Object number and password information; the method of mapping cipher group is used; the digital signature and verification process of message mapping cipher group is implemented. 7. The password setting and using method according to claim 1, when the mapping rule is the simplest, it is a numbered password group, characterized in that-the password group consists of one password or two or more ordered passwords; each password group There is a number, which is used to save, index, query, and use password groups; each customer has multiple password groups at the same time, and must be distinguished by different numbers; all passwords are generated by collecting random information and have randomness Strictly speaking, it is a pseudo-random number, and each password has a different random seed; a password group can record the number of times and use status of each password. A one-time numbered password group method: The numbered password group method according to claim 7, and each password of the password group can only be used for valid authentication information once, characterized in that each password of the numbered password group can only be valid After the authentication information is used to authenticate a group of information with one password, the password cannot be used to authenticate other information. A one-time numbered cipher group digital signature method: The method for mapping a cipher group digital signature according to claim 3, wherein the mapped cipher group is the one-time numbered cipher group according to claim 8, using a one-way hash function, A one-time password is used to calculate the digest with the message, and this digest is used as a one-time digital signature to verify the integrity of the message. It is characterized by using a one-way hash function to calculate the message digest together with the one-time password as a one-time number. Signature; the so-called one-time password means that the password can only be used to effectively authenticate the information once; for a digest code space of a certain length, use a password space of sufficient password length so that there are enough collisions in the used password space, making The space composed of the colliding passwords is close to or larger than the message digest space, and it is impossible to reduce the security of the password from the message digest code through an exhaustive attack. 0. The one-time digital signature method according to claim 9, characterized in that the one-time number password set of claim 8 is used instead of the one-time password as the password used for the one-time digital signature, and the one-time digital signature is made Associated with the number of a one-time numbered password group. 1. An information authentication process method: Step-by-step binding processing technology, which is characterized by:

For each information task, it can be divided into two or more steps to complete. The step sign is that each step has a different password from the other steps used to generate the verification of the information associated with the step. Complete in order, the previous step can be completed before the next step. 2. Controllable encryption technology method, which is characterized by:

 After the password information is saved, only the encrypted software or hardware can read it; the encryption process and the encrypted content can be manually controlled, or can be partially controlled manually as required. The process cannot be fully automatic, and the number of encryption must be performed. Manual control. Encrypted content must be fully or partially subject to manual control or supervision. Encrypted content must be confirmed in whole or in part before or after encryption.

13. An encryption device method, according to claim 12, the controllable encryption technology method is used to construct a controllable encryption device, characterized in that-the password is stored in the device, and the password can be updated or supplemented. After the password is saved, the password information is not Direct exchange is performed outside the device, only the software or hardware encrypted in the device can be read; the encryption algorithm is implemented in the device, and the password can be extracted to encrypt or verify the input or locked information; the encryption device with a display device can Display all or part of the encrypted information for manual control or manual monitoring; the number of encryptions can be controlled, and the encryption operation can only be performed after the number of encryptions is controlled as needed. 14. The encryption device method according to claim 13, and using the step-by-step binding processing technology of claim 11, characterized in that-the encryption device stores more than two passwords, each step using a different password; the encryption device according to For the established steps and procedures, the information encryption and verification of the next step can be performed only after the information of the previous step is correctly encrypted or verified, and the corresponding password is effectively used, and the password used in this step can be enabled.

15. A method of a one-time digital signature device, according to the encryption device method of claim 14, wherein the password uses the one-time numbered password set of claim 8 and the encryption algorithm uses the one-time digital signature method of claim 4. The algorithm is characterized by:

 The device can save multiple sets of one-time numbered password groups, and save, index and use one-time numbering according to the number. Password groups, and one-time numbered password groups can be updated and supplemented at any time; once the one-time numbered password groups are saved, they are no longer with the device. For direct information exchange, only the use of encrypted software or hardware in the device is provided; the signing device implements a one-time digital signature algorithm, which can calculate and verify the one-time digital signature on the input information; multi-step signatures are performed in a predetermined order and only completed The one-time digital signature calculation or verification of the previous step is performed before the signature operation of the next step.