WO2008133521A1 - Procede de signature et de cryptage de donnees numeriques - Google Patents

Procede de signature et de cryptage de donnees numeriques Download PDF

Info

Publication number
WO2008133521A1
WO2008133521A1 PCT/NO2007/000149 NO2007000149W WO2008133521A1 WO 2008133521 A1 WO2008133521 A1 WO 2008133521A1 NO 2007000149 W NO2007000149 W NO 2007000149W WO 2008133521 A1 WO2008133521 A1 WO 2008133521A1
Authority
WO
WIPO (PCT)
Prior art keywords
message
combined
ciphertext
block
hash value
Prior art date
Application number
PCT/NO2007/000149
Other languages
English (en)
Inventor
Tønnes BREKNE
Øyvind GRINDE
Original Assignee
Conax As
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Conax As filed Critical Conax As
Priority to PCT/NO2007/000149 priority Critical patent/WO2008133521A1/fr
Publication of WO2008133521A1 publication Critical patent/WO2008133521A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Definitions

  • Present invention relates to a method for digital signing and/or encryption of documents primarily for digital signing and/or encryption of small electronic documents such as for smart card systems, television broadcast systems, Short Message Service (SMS), Multimedia Message Service (MMS), etc.
  • SMS Short Message Service
  • MMS Multimedia Message Service
  • the objective of present invention is to overcome the problems with the prior art by combining the signature and message when signing.
  • PKI Public Key Infrastructure
  • the session key and the message are combined. This is achieved with the methods according to present invention as they are defined by the features of the claims.
  • figure 1 shows a typical communication link between two points
  • figure 2 shows how the signing process works
  • figure 3 shows how the signature verification is carried out
  • figure 4 shows how the encryption process works
  • figure 5 shows how the decryption process works.
  • a message which can be text, a picture, audio, video, software, bit stream, etc., being sent from a sender 101 to a recipient 103 is to be signed by sender 101.
  • the message 201 is passed through a hash function 204 to generate the hash value 207 as
  • the message 201 is split 203 into at least one part 205 not to be combined with the hash value, and at least one part 206 to be combined with the hash value.
  • the hash value 207 is combined 208 with the at least one part of the message 206 to obtain a full signature block 209.
  • the signature block 209 is signed 210 with the private part of the signature key 202, resulting in the signedQ block 211.
  • the at least one part of the message not combined with the hash value 205 is combined 212 with signed block 211 to obtain the signed message 213.
  • a signed message sent from a sender 101 to a recipient 103 is to be verified bys recipient 103.
  • the signed message 301 is split 303 into the at least one part of the message not in the signed block 308 and the signed block 304.
  • the signed block 304 and the public part of the signature key pair 302 are used to recover 305 the signature block 306.
  • the signature block 306 is split 307 into the at least one part of the message 309 combined with the hash value, and the hash value 310.
  • the at least one part of theQ message 308 not in the signed block is combined 311 with the at least one part 309 previously combined with the hash value, to produce the recovered message 312.
  • the recovered message 312 is passed through the hash function 313 to obtain a calculated hash 314.
  • the recovered hash 310 and the calculated hash 314 are compared 315. If they are equal, the signature verification has succeeded, and the recovered message 312 5 is output 316, if not the signature verification has failed 317.
  • a message to be sent from a sender 101 to a recipient 103 is to be encrypted by sender 101.
  • the message 401 is encrypted 404 using the session key 402, to produce0 the ciphertext 405.
  • the ciphertext 405 is split 406 into at least one part 407 not to be combined with the session key, and at least one part 408 to be combined with the session key.
  • the at least one part of the ciphertext to be combined with the session key 408, is combined 409 with the session key 402 to produce the block to be asymmetrically encrypted 410.
  • the block to be asymmetrically encrypted 410 is 5 asymmetrically encrypted 411 with the public key 403 to produce the asymmetrically encrypted block 412.
  • the at least one part of the ciphertext 407 not combined with the session key 402 is combined 413 with the asymmetrically encrypted block 412 to produce the complete ciphertext 414.
  • a ciphertext message sent from a sender 101 to a recipient 103 is to be decrypted by recipient 103.
  • a complete ciphertext 501 is split 503 into the at least one part of the ciphertext 508 not in the asymmetrically encrypted block and the asymmetrically encrypted block 504.
  • the asymmetrically encrypted block 504 is decrypted 505 using the private key 502 to recover the block 506.
  • the block 506 is split 507 into the part of the ciphertext 509 combined with the session key, and the session key 510.
  • the parts of the ciphertext 508 and 509 are combined 511 to produce the ciphertext 512.
  • the ciphertext 512 is decrypted 513 using the session key 510 resulting in the message 514.
  • the signature and encryption methods can be combined. It is possible to encrypt a message and then sign it, or to sign a message and then encrypt it. Although the advantages of present invention are most easily noticed in the context of small messages, the invention is also fully applicable to signing and encrypting long messages. As indicated above the data signed and/or encrypted need not be a message intended for transmission per se, but can be any digital data. Methods defined in present invention are not limited to using hash values, but may for example use: keyed hash values, also known as Message
  • MACs Authentication Codes
  • keys various management data related to the message or the communication it represents, auditing data, anonymization data, etc.
  • the invention seems to be particularly advantageous when signing and/or encrypting short messages that are limited to a small total length (such as 1120 bits for SMS messages).
  • Some possible embodiments are cryptographically strong signature systems and/or cryptographically strong asymmetric encryption for, but not limited to: o Short Message Service (SMS) messages, where this is not practical without present invention; o Multimedia Messaging Service (MMS) messages, where present invention saves precious transmission capacity; o DVB transport packages and similar broadcast scenarios, where present invention makes possible the use of strong signatures and asymmetric cryptography; o offline smart card payment and smart card based payment transactions in general, which is another example of a system where total message length is very limited, and where strong cryptographical security is important; o cryptographically protected networking protocols, where a moderate packet/window size is employed, so that space is saved on signed packets/transmission units

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)

Abstract

L'invention concerne un procédé de signature numérique de document, consistant à appliquer premièrement une fonction de hachage sur le document pour générer la valeur de hachage, ladite valeur et une partie du texte en clair étant combinées avant d'être signées. L'invention concerne également un procédé correspondant de vérification de documents signés par la mise en œuvre de ce procédé de signature. L'invention concerne encore un procédé de cryptage de document, dans lequel une clé symétrique et une partie du document crypté symétriquement sont combinées avant d'être cryptées au moyen de la clé publique d'une paire de clés asymétriques. L'invention concerne enfin un procédé correspondant de décryptage de documents cryptés par la mise en œuvre de ce procédé de cryptage.
PCT/NO2007/000149 2007-04-26 2007-04-26 Procede de signature et de cryptage de donnees numeriques WO2008133521A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/NO2007/000149 WO2008133521A1 (fr) 2007-04-26 2007-04-26 Procede de signature et de cryptage de donnees numeriques

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/NO2007/000149 WO2008133521A1 (fr) 2007-04-26 2007-04-26 Procede de signature et de cryptage de donnees numeriques

Publications (1)

Publication Number Publication Date
WO2008133521A1 true WO2008133521A1 (fr) 2008-11-06

Family

ID=39925881

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/NO2007/000149 WO2008133521A1 (fr) 2007-04-26 2007-04-26 Procede de signature et de cryptage de donnees numeriques

Country Status (1)

Country Link
WO (1) WO2008133521A1 (fr)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103946856A (zh) * 2013-09-30 2014-07-23 华为技术有限公司 加解密处理方法、装置和设备
CN103971245A (zh) * 2014-01-30 2014-08-06 四川谦泰仁投资管理有限公司 一种用于商品电子防伪的组合加密系统
CN104052606A (zh) * 2014-06-20 2014-09-17 北京邮电大学 数字签名、签名认证装置以及数字签名方法
CN105848119A (zh) * 2016-03-22 2016-08-10 赵莉莉 提供短信接收确认显示的方法、移动终端、服务器和系统
GB2541975A (en) * 2015-09-01 2017-03-08 Wistron Neweb Corp Data protection device and data protection method thereof
CN113595727A (zh) * 2021-09-26 2021-11-02 南京慧链和信数字信息科技研究院有限公司 一种基于密钥分存与硬件绑定的密钥安全系统

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1083700A2 (fr) * 1999-09-07 2001-03-14 Certicom Corp. Procédé de signature numérique hybride
JP2005012466A (ja) * 2003-06-18 2005-01-13 Denso Corp メッセージ認証方法及びメッセージ認証システム
WO2005043326A2 (fr) * 2003-10-31 2005-05-12 Docomo Communications Laboratories Usa, Inc. Mecanismes de cryptage et de signature utilisant des mises en correspondance de messages afin de reduire la taille desdits messages
US20060078125A1 (en) * 2004-10-08 2006-04-13 Philip Cacayorin Devices and methods for implementing cryptographic scrambling

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1083700A2 (fr) * 1999-09-07 2001-03-14 Certicom Corp. Procédé de signature numérique hybride
JP2005012466A (ja) * 2003-06-18 2005-01-13 Denso Corp メッセージ認証方法及びメッセージ認証システム
WO2005043326A2 (fr) * 2003-10-31 2005-05-12 Docomo Communications Laboratories Usa, Inc. Mecanismes de cryptage et de signature utilisant des mises en correspondance de messages afin de reduire la taille desdits messages
US20060078125A1 (en) * 2004-10-08 2006-04-13 Philip Cacayorin Devices and methods for implementing cryptographic scrambling

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103946856A (zh) * 2013-09-30 2014-07-23 华为技术有限公司 加解密处理方法、装置和设备
EP2879327A4 (fr) * 2013-09-30 2015-06-03 Huawei Tech Co Ltd Procédé, appareil et dispositif de traitement de chiffrement et de déchiffrement
CN103971245A (zh) * 2014-01-30 2014-08-06 四川谦泰仁投资管理有限公司 一种用于商品电子防伪的组合加密系统
CN103971245B (zh) * 2014-01-30 2017-06-27 四川谦泰仁投资管理有限公司 一种用于商品电子防伪的组合加密系统
CN104052606A (zh) * 2014-06-20 2014-09-17 北京邮电大学 数字签名、签名认证装置以及数字签名方法
CN104052606B (zh) * 2014-06-20 2017-05-24 北京邮电大学 数字签名、签名认证装置以及数字签名方法
GB2541975A (en) * 2015-09-01 2017-03-08 Wistron Neweb Corp Data protection device and data protection method thereof
GB2541975B (en) * 2015-09-01 2019-08-28 Wistron Neweb Corp Data protection device and data protection method thereof
CN105848119A (zh) * 2016-03-22 2016-08-10 赵莉莉 提供短信接收确认显示的方法、移动终端、服务器和系统
CN113595727A (zh) * 2021-09-26 2021-11-02 南京慧链和信数字信息科技研究院有限公司 一种基于密钥分存与硬件绑定的密钥安全系统
CN113595727B (zh) * 2021-09-26 2021-12-21 南京慧链和信数字信息科技研究院有限公司 一种基于密钥分存与硬件绑定的密钥安全系统

Similar Documents

Publication Publication Date Title
CN109743171B (zh) 一种解决多方数字签名、时间戳及加密的密钥串联方法
CA2698000C (fr) Signatures avec recuperation de message confidentiel
US6396926B1 (en) Scheme for fast realization of encrytion, decryption and authentication
US8688998B2 (en) Resilent cryptographic scheme
US20120096274A1 (en) Authenticated encryption for digital signatures with message recovery
CN110113150B (zh) 基于无证书环境的可否认认证的加密方法和系统
CA2373787C (fr) Authentification automatique du chainage de textes cryptes
US11888832B2 (en) System and method to improve user authentication for enhanced security of cryptographically protected communication sessions
US7894608B2 (en) Secure approach to send data from one system to another
CN109104271A (zh) 一种数字签名的方法、装置和系统
WO2008133521A1 (fr) Procede de signature et de cryptage de donnees numeriques
CN111049738B (zh) 基于混合加密的电子邮件数据安全保护方法
WO2014205571A1 (fr) Protocole de signature
WO2013039659A1 (fr) Schémas de chiffrement hybrides
CN113837756A (zh) 一种电子发票验证方法和系统
CN111641494A (zh) 全球区块链的实现方法及装置
KR100323799B1 (ko) 안전성이 증명가능한 타원곡선 공개키 암호화 시스템
Dũng Variant of OTP Cipher with Symmetric Key Solution
Kandul et al. Steganography with cryptography in android
TWI242966B (en) Security transmitting method and system of digital medical information
JPS62216447A (ja) メツセ−ジ認証通信方式
CN113014531B (zh) 一种应用于电子邮件数据加密传输的方法
JP3862397B2 (ja) 情報通信システム
CN113676329A (zh) 一种基于ecdsa算法的电子公文交换加密方法
CN111698219A (zh) 基于材料光谱特征的区块链分类帐实现方法及装置

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07747610

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07747610

Country of ref document: EP

Kind code of ref document: A1