[go: up one dir, main page]

CN101931535A - An Adaptive Data Encryption and Authentication Method Without Authentication Center - Google Patents

An Adaptive Data Encryption and Authentication Method Without Authentication Center Download PDF

Info

Publication number
CN101931535A
CN101931535A CN 201010268510 CN201010268510A CN101931535A CN 101931535 A CN101931535 A CN 101931535A CN 201010268510 CN201010268510 CN 201010268510 CN 201010268510 A CN201010268510 A CN 201010268510A CN 101931535 A CN101931535 A CN 101931535A
Authority
CN
China
Prior art keywords
key
sender
message
distribution center
parameters
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN 201010268510
Other languages
Chinese (zh)
Inventor
肖攸安
刘泉
周祖德
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan University of Technology WUT
Original Assignee
Wuhan University of Technology WUT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan University of Technology WUT filed Critical Wuhan University of Technology WUT
Priority to CN 201010268510 priority Critical patent/CN101931535A/en
Publication of CN101931535A publication Critical patent/CN101931535A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

本发明公开了一种无需认证中心的自适应数据加密及认证方法,包括步骤:(1)确定系统参数;(2)信息收发双方注册;(3)发送者对拟发送给接收者的明文消息进行数据加密和认证保护操作;(4)接收者对收到的数据报文进行解读和验证操作。步骤(3)通过计算密钥参数、计算签名参数、对明文消息仅进行数据加密时输出等于零的电子签名,仅进行电子签名时输出等于明文消息的加密密文,两者同时进行时计算电子签名,对明文消息和电子签名的组合进行加密操作、将密文,签名参数和电子签名组合在一起,形成并发送数据报文来实现。本方法可自适应地对明文消息进行数据加密和内容完整性认证,能避免现有方法采用认证中心以及多个功能部件带来的问题。

Figure 201010268510

The invention discloses an adaptive data encryption and authentication method without an authentication center, comprising the steps of: (1) determining system parameters; (2) registering both sending and receiving parties of information; Perform data encryption and authentication protection operations; (4) The receiver interprets and verifies the received data message. Step (3) By calculating key parameters, calculating signature parameters, outputting an electronic signature equal to zero when only performing data encryption on plaintext messages, outputting an encrypted ciphertext equal to plaintext messages when only performing electronic signatures, and calculating electronic signatures when both are performed simultaneously , Encrypt the combination of plaintext message and electronic signature, combine ciphertext, signature parameters and electronic signature, form and send data message to achieve. The method can self-adaptively carry out data encryption and content integrity authentication on the plaintext message, and can avoid the problems caused by using the authentication center and multiple functional components in the existing method.

Figure 201010268510

Description

一种无需认证中心的自适应数据加密及认证方法 An Adaptive Data Encryption and Authentication Method Without Authentication Center

技术领域technical field

本发明属于电子商务、电子政务、信息安全等领域中数据保护技术,特别涉及一种无需认证中心的自适应数据加密及认证方法。The invention belongs to data protection technology in the fields of e-commerce, e-government, information security and the like, and in particular relates to an adaptive data encryption and authentication method without an authentication center.

背景技术Background technique

在电子商务系统、电子政务系统、信息安全系统、网络通信系统等与信息相关的各个领域中,数据加密技术与电子签名技术是极其基本的两种数据保护技术。其中,数据加密技术保护的是数据的机密性,它通过将数据经过加密密钥及数据加密算法,转换成无意义的密文,避免数据被未经授权者访问。而电子签名技术则对数据的完整性和来源进行认证,完整地模拟了现实生活中的手写签名的功能,具有身份认证、来源鉴别、抗抵赖、抗伪造等能力,确保数据电文的真实性、安全性、可靠性和合法性,因而对于保障信息系统的正常运作具有十分重大的意义。在许多国家,包括我国在内,电子签名都得到了法律上的承认。In various fields related to information such as e-commerce system, e-government system, information security system, network communication system, etc., data encryption technology and electronic signature technology are two extremely basic data protection technologies. Among them, data encryption technology protects the confidentiality of data. It converts data into meaningless ciphertext through encryption keys and data encryption algorithms to prevent data from being accessed by unauthorized persons. The electronic signature technology authenticates the integrity and source of the data, completely simulating the function of a handwritten signature in real life, and has the capabilities of identity authentication, source identification, non-repudiation, and anti-counterfeiting, ensuring the authenticity of data messages, Security, reliability and legality, so it is of great significance to ensure the normal operation of information systems. In many countries, including our country, electronic signatures have been legally recognized.

随着数据加密、电子签名等技术的推广和应用,在实际应用中,人们经常会碰到如下三种情况的操作:With the promotion and application of technologies such as data encryption and electronic signature, in practical applications, people often encounter the following three operations:

(i)仅仅对数据进行加密保护操作;(i) Only encrypt and protect data;

(ii)仅仅对数据进行电子签名操作;(ii) electronically sign data only;

(iii)同时对数据进行加密保护和电子签名操作。(iii) Perform encryption protection and electronic signature operations on data at the same time.

在现有的应用系统中,为了满足这三种情况的应用需求,通常需要准备加密保护和电子签名等多个独立的功能部件,这虽然分别满足了上述三种不同需求,但增加了应用系统所消耗的空间资源,无法满足嵌入式环境、移动通信、无线通信等时间和空间资源受限环境中的应用需求。In the existing application system, in order to meet the application requirements of these three situations, it is usually necessary to prepare multiple independent functional components such as encryption protection and electronic signature, which respectively meet the above three different requirements, but increases the application system The consumed space resources cannot meet the application requirements in time and space resource-constrained environments such as embedded environments, mobile communications, and wireless communications.

另外,在上述三种情况的实际操作过程中,由于采用了电子签名、密钥分配和数据加密等技术,因此强烈依赖于一个可信第三方机构作为认证中心,在电子签名、密钥分配和数据加密的认证过程中需要由验证者和认证中心通过实时交互来完成相关认证,因此带来了较大的计算负担、通信负担和数据膨胀,不仅大大加重了系统的工作负担,降低了系统的工作效率,无法满足实际应用的需要,严重地限制了相关技术的推广和应用。In addition, in the actual operation process of the above three cases, due to the use of technologies such as electronic signature, key distribution and data encryption, it is strongly dependent on a trusted third-party organization as the certification center, in the electronic signature, key distribution and data encryption. In the authentication process of data encryption, the verifier and the authentication center need to complete the relevant authentication through real-time interaction, which brings a large calculation burden, communication burden, and data expansion, which not only greatly increases the workload of the system, but also reduces the system. Work efficiency cannot meet the needs of practical applications, which seriously limits the promotion and application of related technologies.

本发明中所用到的相关术语说明如下:The relevant terms used in the present invention are described as follows:

根据我国的《电子签名法》的定义,所谓的电子签名,是指数据电文中以电子形式所含、所附用于识别签名人身份并表明签名人认可其中内容的数据。而数据电文,则是指以电子、光学、电磁或者类似手段生成、发送、接收或者储存的信息。According to the definition of my country's "Electronic Signature Law", the so-called electronic signature refers to the data contained in electronic form in the data message and attached to identify the identity of the signatory and indicate that the signatory approves the content. Data messages refer to information generated, sent, received or stored by electronic, optical, electromagnetic or similar means.

认证中心指的是根据《电子签名法》第十七条设立的、由当事各方均认可的第三方可信的、提供相关电子认证服务的电子认证服务机构,它能提供符合《电子签名法》第二十一条所规定电子签名证书。The certification center refers to an electronic certification service agency established in accordance with Article 17 of the "Electronic Signature Law" that is recognized by all parties and is a credible third party that provides relevant electronic certification services. The electronic signature certificate stipulated in Article 21 of the Law.

密钥分发中心指的是用于和用户合作产生用户公钥及其身份证明文书的机构。The key distribution center refers to the organization used to cooperate with users to generate user public keys and identity certification documents.

发明内容Contents of the invention

本发明的目的是提供无需认证中心的自适应数据加密及认证方法,在满足电子签名、数据加密多种应用需求的前提下,不增加应用系统消耗的空间资源,满足嵌入式环境、移动通信、无线通信等时间和空间资源受限环境中的应用需求,并且在实现数据加密及认证过程中,无需依赖于可信第三方机构作为认证中心,无需验证者和认证中心通过实时交互来完成相关认证,减少计算负担、通信负担和数据膨胀,减轻系统的工作负担,提高系统的工作效率。The purpose of the present invention is to provide an adaptive data encryption and authentication method that does not require an authentication center. Under the premise of meeting the various application requirements of electronic signature and data encryption, without increasing the space resources consumed by the application system, it can meet the requirements of embedded environment, mobile communication, Application requirements in time and space resource-constrained environments such as wireless communication, and in the process of implementing data encryption and authentication, there is no need to rely on a trusted third-party organization as the authentication center, and there is no need for the verifier and the authentication center to complete relevant authentication through real-time interaction , reduce the calculation burden, communication burden and data expansion, reduce the workload of the system, and improve the work efficiency of the system.

为了实现上述目的,本发明提供了一种无需认证中心的自适应数据加密及认证方法,包括如下步骤:(1)确定系统参数:选定大整数p,椭圆曲线E(GF(p)):y2=x3+ax+b(mod p)是定义在有限域GF(p)上的一条安全椭圆曲线,在椭圆曲线E上随机选取一基点G,设n=#E(GF(p))是椭圆曲线E的阶,q是n的一个大素数因子,密钥分发中心的私钥为SKSA,其中SKSA为小于q-1的随机正整数,则密钥分发中心的公钥为PKSA=SKSA×G;(2)信息收发双方注册:信息收发双方用户分别执行用户注册协议,与密钥分发中心交互,获得各自的私钥和公钥;(3)发送者对拟发送给接收者的明文消息进行数据加密和认证保护操作,其中所述步骤(3)具体为:(31)发送者随机选取一个小于数q-1的正整数k,根据接收者的公钥、接收者的身份证明文书、以及密钥分发中心的公钥计算密钥参数;(32)发送者根据正整数k以及基点G计算签名参数;(33)若仅对明文消息进行数据加密操作,则输出等于零的电子签名;若仅对明文消息进行电子签名认证保护操作,则直接输出等于明文消息的加密密文;若不仅对明文消息进行数据加密操作,而且对明文消息进行电子签名认证保护操作,则发送者采用杂凑摘要算法Hash,计算电子签名,对明文消息进行电子签名认证保护操作,并采用杂凑摘要算法和数据加密算法,对明文消息和电子签名的组合进行加密操作;(34)发送者将密文,签名参数和电子签名组合在一起,形成数据报文,将数据报文发送给接收者。In order to achieve the above object, the present invention provides a kind of self-adaptive data encryption and authentication method without authentication center, comprises the following steps: (1) determine system parameter: select large integer p, elliptic curve E (GF (p)): y 2 =x 3 +ax+b(mod p) is a safe elliptic curve defined on the finite field GF(p), randomly select a base point G on the elliptic curve E, set n=#E(GF(p) ) is the order of the elliptic curve E, q is a large prime factor of n, the private key of the key distribution center is SK SA , where SK SA is a random positive integer less than q-1, then the public key of the key distribution center is PK SA = SK SA × G; (2) Registration of information sending and receiving parties: users of both information sending and receiving parties respectively execute the user registration agreement, interact with the key distribution center, and obtain their respective private keys and public keys; Carry out data encryption and authentication protection operations to the receiver's plaintext message, wherein the step (3) is specifically: (31) the sender randomly selects a positive integer k less than the number q-1, and according to the receiver's public key, receiving (32) The sender calculates the signature parameters according to the positive integer k and the base point G; (33) If the data encryption operation is only performed on the plaintext message, the output The electronic signature equal to zero; if only the electronic signature authentication protection operation is performed on the plaintext message, then the encrypted ciphertext equal to the plaintext message is directly output; if not only the data encryption operation is performed on the plaintext message, but also the electronic signature authentication protection operation is performed on the plaintext message, then The sender uses the hash digest algorithm Hash to calculate the electronic signature, conducts electronic signature authentication and protection operations on the plaintext message, and uses the hash digest algorithm and data encryption algorithm to encrypt the combination of the plaintext message and the electronic signature; (34) the sender will The ciphertext, signature parameters and electronic signature are combined to form a data message, and the data message is sent to the receiver.

在本发明的一个实施例中,所述方法还包括步骤:(4)接收者对收到的数据报文进行解读和验证操作,具体为:(41)接收者根据自身的私钥、以及收到的数据报文中的签名参数,计算密钥参数;(42)若收到的数据报文中的密文等于明文消息,则直接输出等于密文的明文消息;若收到的数据报文中的电子签名等于零,或者接收者只需进行消息解密操作,则直接输出明文消息;否则,接收者根据密钥参数,采用杂凑摘要算法和数据解密算法,解密收到的数据报文中的密文,得到明文消息和原始签名,并从明文消息和电子签名中析出原始签名;(43)若原始签名与收到的数据报文中的电子签名不同,则说明解密得到的明文无效;否则,接收者检验收到的数据报文中的签名参数和电子签名与解密数据报文得到的明文消息是否一致,如果一致,说明收到的数据报文有效,予以接受;否则,说明收到的数据报文无效,直接拒绝。In one embodiment of the present invention, the method further includes the step of: (4) the receiver performs an interpretation and verification operation on the received data message, specifically: (41) the receiver according to its own private key, and the receiver (42) If the ciphertext in the received data message is equal to the plaintext message, then directly output the plaintext message equal to the ciphertext; if the received data message The electronic signature in is equal to zero, or the receiver only needs to perform the message decryption operation, and then directly output the plaintext message; otherwise, the receiver uses the hash digest algorithm and data decryption algorithm according to the key parameters to decrypt the encrypted data in the received data message. text, get the plaintext message and original signature, and extract the original signature from the plaintext message and electronic signature; (43) If the original signature is different from the electronic signature in the received data message, it means that the decrypted plaintext is invalid; otherwise, The receiver checks whether the signature parameters and electronic signature in the received data message are consistent with the plaintext message obtained by decrypting the data message. If they are consistent, it means that the received data message is valid and accepted; otherwise, it means that the received data message The message is invalid and rejected directly.

在本发明的另一实施例中,所述步骤(2)中信息发送者获取自身的私钥、公钥的步骤具体为:(21)发送者随机选取一个小于q-1的正整数ka,根据正整数ka以及基点G计算注册参数,并将注册参数发送给密钥分发中心;(22)密钥分发中心收到发送者本人提交的注册参数后,随机选取一个小于q-1的正整数k0,根据正整数k0、注册参数以及基点G计算发送者的公钥;(23)密钥分发中心根据发送者的公钥、发送者的个人身份信息、密钥分发中心分配的发送者的身份证明文书序列号、以及密钥分发中心的自身标识信息,生成发送者的身份证明文书;(24)密钥分发中心根据自身的私钥、发送者的身份证明文书、正整数k、以及大素数因子q,采用杂凑摘要算法,计算验证参数,将验证参数和发送者的身份证明文书组成密钥参数,将密钥参数发送给发送者;(25)发送者收到由密钥分发中心发送的密钥参数后,检验密钥参数是否由密钥分发中心发送且在传输过程未被篡改;(26)当检验结果为密钥参数由密钥分发中心发送,但在传输过程被篡改时,发送者要求密钥分发中心重新发送密钥参数;(27)当检验结果为密钥参数由密钥分发中心发送,且在传输过程未被篡改时,发送者根据收到的密钥参数,计算自身的私钥,其中,信息接收者通过与上述信息发送者获取自身的私钥、公钥相同的步骤获取自身的私钥、公钥。In another embodiment of the present invention, the step (2) in which the information sender obtains its own private key and public key is specifically as follows: (21) The sender randomly selects a positive integer k a smaller than q-1 , calculate the registration parameters according to the positive integer k a and the base point G, and send the registration parameters to the key distribution center; (22) After receiving the registration parameters submitted by the sender himself, the key distribution center randomly selects one less than q-1 A positive integer k0, calculate the sender’s public key according to the positive integer k0, registration parameters and base point G; (23) The key distribution center assigns the sender’s public key according to the sender’s public key, the sender’s personal identity information, and the key distribution center (24) The key distribution center generates the sender’s identity certificate based on its own private key, the sender’s identity certificate, positive integer k, and The large prime factor q uses the hash digest algorithm to calculate the verification parameters, and the verification parameters and the sender's identity certificate form the key parameters, and send the key parameters to the sender; (25) the sender receives the key parameters from the key distribution center After sending the key parameters, check whether the key parameters are sent by the key distribution center and have not been tampered with during the transmission process; (26) when the verification result is that the key parameters are sent by the key distribution center, but , the sender requires the key distribution center to resend the key parameters; (27) When the verification result is that the key parameters are sent by the key distribution center and have not been tampered with during transmission, the sender, according to the received key parameters, Calculate its own private key, wherein the information receiver obtains its own private key and public key through the same steps as the information sender obtains its own private key and public key.

与现有技术相比,本发明无需认证中心的自适应数据加密及认证方法基于有限域上的椭圆曲线离散对数问题的求解困难性,通过将发送者身份和接收者身份有机结合在一起,无需可信认证中心,仅采用上述步骤S3即可完成对明文消息m的数据加密和内容完整性认证的功能,且能依据系统的电子签名、数据加密以及同时执行“电子签名+数据加密”等各种应用需求、自适应地提供不同的功能,这一方面将原有多个独立的功能部件实现不同的应用需求用一个加密签名部件来实现,不增加应用系统所消耗的空间资源,满足嵌入式环境、移动通信、无线通信等时间和空间资源受限环境中的应用需求,另一方面无需第三方可信认证中心的帮助,避免了现有方法采用认证中心带来的计算负担、通信负担和数据膨胀,本方法减轻了系统的工作负担,提高了系统的工作效率,操作简单、运行高效,能够抵抗各种已知的各种攻击方案,安全性很高,能确保数据电文的机密性、真实性、安全性、可靠性和合法性,可以广泛应用于计算机、通信网络、智能卡、手机等各种软硬件环境,以及电子商务系统、电子政务系统、信息安全系统、网络通信系统等各个领域,具有很好的应用前景。Compared with the prior art, the self-adaptive data encryption and authentication method of the present invention, which does not require an authentication center, is based on the difficulty of solving the elliptic curve discrete logarithm problem on a finite field. Without the need of a trusted certification center, the functions of data encryption and content integrity authentication of the plaintext message m can be completed by only using the above step S3, and can be based on the system's electronic signature, data encryption, and simultaneous execution of "electronic signature + data encryption", etc. Adaptively provide different functions for various application requirements. On the one hand, the original multiple independent functional components can be used to realize different application requirements with one encrypted signature component, which does not increase the space resources consumed by the application system and satisfies the requirement of embedding application requirements in environments with limited time and space resources such as mobile communication, wireless communication, etc., and on the other hand, it does not need the help of a third-party trusted certification center, which avoids the calculation burden and communication burden brought by the existing method of using the certification center and data expansion, this method reduces the workload of the system, improves the work efficiency of the system, is simple to operate, runs efficiently, can resist various known attack schemes, has high security, and can ensure the confidentiality of data messages , authenticity, security, reliability and legality, and can be widely used in various software and hardware environments such as computers, communication networks, smart cards, and mobile phones, as well as e-commerce systems, e-government systems, information security systems, network communication systems, etc. field, has a good application prospect.

通过以下的描述并结合附图,本发明将变得更加清晰,这些附图用于解释本发明的实施例。The present invention will become clearer through the following description in conjunction with the accompanying drawings, which are used to explain the embodiments of the present invention.

附图说明Description of drawings

图1为本发明无需认证中心的自适应数据加密及认证方法的流程图。FIG. 1 is a flow chart of the self-adaptive data encryption and authentication method without an authentication center in the present invention.

图2为图1所示无需认证中心的自适应数据加密及认证方法中数据加密和认证保护操作的流程图。FIG. 2 is a flow chart of data encryption and authentication protection operations in the adaptive data encryption and authentication method shown in FIG. 1 without an authentication center.

具体实施方式Detailed ways

现在参考附图描述本发明的实施例,附图中类似的元件标号代表类似的元件。Embodiments of the present invention will now be described with reference to the drawings, in which like reference numerals represent like elements.

本实施例无需认证中心的自适应数据加密及认证方法包括如下步骤:In this embodiment, the adaptive data encryption and authentication method without an authentication center includes the following steps:

步骤S1,确定系统参数:选定大整数p,椭圆曲线E(GF(p)):y2=x3+ax+b(modp)是定义在有限域GF(p)上的一条安全椭圆曲线,在椭圆曲线E上随机选取一基点G,设n=#E(GF(p))是椭圆曲线E的阶,q是n的一个大素数因子,密钥分发中心SA的私钥为SKSA,其中SKSA为小于q-1的随机正整数,则密钥分发中心的公钥PKSA=SKSA×G;Step S1, determine the system parameters: select a large integer p, the elliptic curve E(GF(p)): y 2 =x 3 +ax+b(modp) is a safe elliptic curve defined on the finite field GF(p) , randomly select a base point G on the elliptic curve E, let n=#E(GF(p)) be the order of the elliptic curve E, q be a large prime factor of n, and the private key of the key distribution center SA is SK SA , where SK SA is a random positive integer less than q-1, then the public key PK SA of the key distribution center = SK SA × G;

步骤S2,信息收发双方,即信息发送者A和信息接受者B,分别执行用户注册协议,与密钥分发中心SA交互,获得自身的私钥SKA、公钥PKA和私钥SKB、公钥PKBStep S2, the sending and receiving parties of the information, that is, the information sender A and the information receiver B, respectively execute the user registration protocol, interact with the key distribution center SA, and obtain their own private key SK A , public key PK A and private key SK B , public key PK B ;

步骤S3,发送者A对拟发送给接收者B的明文消息m进行数据加密和认证保护操作,具体为:Step S3, the sender A performs data encryption and authentication protection operations on the plaintext message m to be sent to the receiver B, specifically:

步骤S31,发送者A随机选取一个小于数q-1的正整数k,根据接收者B的公钥PKB、接收者B的身份证明文书IDB、以及密钥分发中心SA的公钥PKSA计算密钥参数K,其中密钥参数K的计算公式为K=k×Hash(IDB)×PKSA+k×PKB;;Step S31, the sender A randomly selects a positive integer k less than the number q-1, according to the public key PK B of the receiver B, the identity certification document ID B of the receiver B, and the public key PK SA of the key distribution center SA Calculating the key parameter K, wherein the calculation formula of the key parameter K is K=k×Hash(ID B )×PK SA +k×PK B ;

步骤S32,发送者A根据正整数k以及基点G计算签名参数R,其中签名参数R的计算公式为R=k×G;Step S32, the sender A calculates the signature parameter R according to the positive integer k and the base point G, where the calculation formula of the signature parameter R is R=k×G;

步骤S33,若仅对明文消息m进行数据加密操作,则输出电子签名s=0;若仅对明文消息m进行电子签名认证保护操作,则直接输出加密密文c=m;若不仅对明文消息m进行数据加密操作,而且对明文消息m进行电子签名认证保护操作,则发送者A采用系统事先约定的杂凑摘要算法Hash(),对明文消息m进行电子签名认证保护操作,计算电子签名s,电子签名s的计算公式为s=(Hash(m,R)×R×SKA+k)mod q,并采用系统事先约定的杂凑摘要算法Hash()和数据加密算法Enc(),对明文消息m和电子签名s的组合(m,s)进行加密操作,计算加密密文c,加密密文c的计算公式为c=Enc(Hash(K),(m,s)),如下图;Step S33, if the data encryption operation is only performed on the plaintext message m, then output the electronic signature s=0; if only the electronic signature authentication protection operation is performed on the plaintext message m, then directly output the encrypted ciphertext c=m; if not only the plaintext message m m performs data encryption operations, and performs electronic signature authentication and protection operations on plaintext message m, then sender A uses the hash digest algorithm Hash() agreed in advance by the system to perform electronic signature authentication and protection operations on plaintext message m, and calculates electronic signature s, The calculation formula of the electronic signature s is s=(Hash(m, R)×R×SK A +k)mod q, and the hash digest algorithm Hash() and the data encryption algorithm Enc() agreed by the system in advance are used to process the plaintext message The combination (m, s) of m and electronic signature s performs an encryption operation to calculate the encrypted ciphertext c. The calculation formula of the encrypted ciphertext c is c=Enc(Hash(K), (m, s)), as shown in the figure below;

步骤S34,发送者A将密文c,签名参数R和电子签名s组合在一起,形成数据报文M=(c,R,s),将数据报文M=(c,R,s)发送给接收者B。Step S34, the sender A combines the ciphertext c, the signature parameter R and the electronic signature s to form a data message M=(c, R, s), and sends the data message M=(c, R, s) to recipient B.

由上述技术方案可知,本实施例无需认证中心的自适应数据加密及认证方法基于有限域上的椭圆曲线离散对数问题的求解困难性,通过将发送者身份和接收者身份有机结合在一起,无需可信认证中心,仅采用上述步骤S3即可完成对明文消息m的数据加密和内容完整性认证的功能,且能依据系统的电子签名、数据加密以及同时执行“电子签名+数据加密”等各种应用需求、自适应地提供不同的功能,这一方面将原有多个独立的功能部件实现不同的应用需求用一个加密签名部件来实现,不增加应用系统所消耗的空间资源,满足嵌入式环境、移动通信、无线通信等时间和空间资源受限环境中的应用需求,另一方面无需第三方可信认证中心的帮助,避免了现有方法采用认证中心带来的计算负担、通信负担和数据膨胀,本方法减轻了系统的工作负担,提高了系统的工作效率,操作简单、运行高效,能够抵抗各种已知的各种攻击方案,安全性很高,能确保数据电文的机密性、真实性、安全性、可靠性和合法性,可以广泛应用于计算机、通信网络、智能卡、手机等各种软硬件环境,以及电子商务系统、电子政务系统、信息安全系统、网络通信系统等各个领域,具有很好的应用前景。It can be seen from the above technical solution that the self-adaptive data encryption and authentication method in this embodiment without the need for an authentication center is based on the difficulty of solving the elliptic curve discrete logarithm problem over a finite field, and by organically combining the identity of the sender and the identity of the receiver, Without the need of a trusted certification center, the functions of data encryption and content integrity authentication of the plaintext message m can be completed by only using the above step S3, and can be based on the system's electronic signature, data encryption, and simultaneous execution of "electronic signature + data encryption", etc. Adaptively provide different functions for various application requirements. On the one hand, the original multiple independent functional components can be used to realize different application requirements with one encrypted signature component, which does not increase the space resources consumed by the application system and satisfies the requirement of embedding application requirements in environments with limited time and space resources such as mobile communication, wireless communication, etc., and on the other hand, it does not need the help of a third-party trusted certification center, which avoids the calculation burden and communication burden brought by the existing method of using the certification center and data expansion, this method reduces the workload of the system, improves the work efficiency of the system, is simple to operate, runs efficiently, can resist various known attack schemes, has high security, and can ensure the confidentiality of data messages , authenticity, security, reliability and legality, and can be widely used in various software and hardware environments such as computers, communication networks, smart cards, and mobile phones, as well as e-commerce systems, e-government systems, information security systems, network communication systems, etc. field, has a good application prospect.

本方法还包括步骤:The method also includes the steps of:

步骤S4,接收者B收到的数据报文M=(c,R,s)后,对数据报文M=(c,R,s)进行解读和验证操作,具体为:Step S4, after receiving the data message M=(c, R, s), the receiver B interprets and verifies the data message M=(c, R, s), specifically:

步骤S41,接收者B根据自身的私钥SKB,以及收到的数据报文M=(c,R,s)中的签名参数R,计算密钥参数K’,其中密钥参数K’的计算公式为:K’=SKB×R;Step S41, the recipient B calculates the key parameter K' according to its own private key SK B and the signature parameter R in the received data message M=(c, R, s), where the key parameter K' The calculation formula is: K'=SK B ×R;

步骤S42,若收到的数据报文M=(c,R,s)中的密文c等于明文消息m,即用户A仅进行了电子签名认证保护操作,则直接输出明文消息m=c,结束;若收到的数据报文M=(c,R,s)中的电子签名s等于0,即用户A仅进行了数据加密保护操作,或者接收者B只需进行消息解密操作,则直接输出明文消息m,结束;否则(即用户同时进行电子签名认证保护操作和数据加密保护操作),接收者B根据密钥参数K’,采用系统事先约定的杂凑摘要算法Hash()和数据解密算法Dec(),解密收到的数据报文M=(c,R,s)中的密文c,得到明文消息m和原始签名s’,其中密文c的解密公式为:(m,s’)=Dec(Hash(K’),c);Step S42, if the ciphertext c in the received data message M=(c, R, s) is equal to the plaintext message m, that is, the user A has only performed the electronic signature authentication protection operation, then directly output the plaintext message m=c, End; if the electronic signature s in the received data message M=(c, R, s) is equal to 0, that is, the user A has only performed the data encryption protection operation, or the receiver B only needs to perform the message decryption operation, then directly Output plaintext message m, end; otherwise (that is, the user performs electronic signature authentication protection operation and data encryption protection operation at the same time), receiver B uses the hash digest algorithm Hash() and data decryption algorithm agreed in advance by the system according to the key parameter K' Dec(), decrypt the ciphertext c in the received data message M=(c, R, s), and obtain the plaintext message m and the original signature s', wherein the decryption formula of the ciphertext c is: (m, s' ) = Dec(Hash(K'), c);

步骤S43,若原始签名s’和收到的数据报文M=(c,R,s)中的电子签名s不同,则说明解密得到的明文无效,操作中止,结束;否则,接收者B检验数据报文M=(c,R,s)中的签名参数R和电子签名s与解密数据报文M=(c,R,s)得到的明文消息m是否一致,具体检验公式为:s×G=Hash(m,R)×Hash(IDA)×R×PKSA+Hash(m,R)×R×PKA+R,如果一致(即等式成立),说明收到的数据报文M=(c,R,s)有效,予以接受;如果不一致(即等式不成立),说明收到的数据报文M=(c,R,s)无效,直接拒绝。Step S43, if the original signature s' is different from the electronic signature s in the received data message M=(c, R, s), it means that the plaintext obtained by decryption is invalid, and the operation is terminated and terminated; otherwise, receiver B checks Whether the signature parameter R and the electronic signature s in the data message M=(c, R, s) are consistent with the plaintext message m obtained by decrypting the data message M=(c, R, s), the specific inspection formula is: s× G=Hash(m, R)×Hash(ID A )×R×PK SA +Hash(m, R)×R×PK A +R, if they are consistent (that is, the equation is established), it means that the received data message If M=(c, R, s) is valid, it is accepted; if it is inconsistent (that is, the equation is not established), it means that the received data message M=(c, R, s) is invalid, and it is rejected directly.

由上可知,步骤S4配合步骤S3对数据报文进行解读和验证工作,验证时同样能根据所收到的报文情况,自适应的提供不同的功能解读和验证工作,无需第三方可信认证中心的帮助。It can be seen from the above that step S4 cooperates with step S3 to interpret and verify the data message. During the verification, it can also adaptively provide different functional interpretation and verification work according to the received message, without third-party trusted certification Center for help.

在本实施例中,所述步骤S2中信息发送者A获取自身的私钥SKA、公钥PKA的步骤具体为:In this embodiment, the steps for the information sender A to obtain its own private key SK A and public key PK A in the step S2 are as follows:

步骤S21,发送者A随机选取一个小于q-1的正整数ka,根据正整数ka以及基点G计算注册参数KA,并将注册参数KA发送给密钥分发中心SA,其中注册参数KA的计算公式为:KA=ka×G,;Step S21, the sender A randomly selects a positive integer k a smaller than q-1, calculates the registration parameter K A according to the positive integer k a and the base point G, and sends the registration parameter K A to the key distribution center SA, where the registration parameter The calculation formula of K A is: K A =k a ×G,;

步骤S22,密钥分发中心SA收到发送者A本人提交的注册参数KA后,随机选取一个小于q-1的正整数k0,根据正整数k0、注册参数KA以及基点G计算发送者A的公钥PKA,其中公钥PKA的计算公式为:PKA=k×G+KAStep S22, after receiving the registration parameter K A submitted by the sender A, the key distribution center SA randomly selects a positive integer k0 less than q-1, and calculates the sender A according to the positive integer k0, the registration parameter K A and the base point G public key PK A , where the calculation formula of the public key PK A is: PK A =k×G+K A ;

步骤S23,密钥分发中心SA根据发送者A的公钥PKA、发送者A提交的个人身份信息idA、密钥分发中心SA分配的发送者A的身份证明文书序列号snA、以及密钥分发中心SA的自身标识信息IDSA(自身标识信息IDSA为依据X.509标准规定的用于标识密钥分发中心SA的信息,如密钥分发中心SA的名称、编号、有效期等),生成发送者A的身份证明文书IDA,即IDA=(PKA,idA,snA,IDSA),其中生成方式为按X.509标准的规定将公钥PKA、个人身份信息idA、身份证明文书序列号sn、标识信息IDSA组合拼接在一起;Step S23, the key distribution center SA according to the sender A's public key PK A , the personal identity information id A submitted by the sender A, the sender A's identification document serial number sn A assigned by the key distribution center SA, and the password The self-identification information ID SA of the key distribution center SA (the self-identification information ID SA is information used to identify the key distribution center SA according to the X.509 standard, such as the name, number, and validity period of the key distribution center SA), Generate sender A’s identity certification document ID A , that is, ID A = (PK A , id A , sn A , ID SA ), wherein the generation method is to combine the public key PK A , personal identity information id A. The serial number sn of the identity certificate document and the identification information ID SA are spliced together;

步骤S24,密钥分发中心SA根据自身的私钥SKSA、发送者A的身份证明文书IDA、正整数k、以及大素数因子q,采用系统事先约定的杂凑摘要算法Hash(),计算验证参数sa,将验证参数sa和发送者A的身份证明文书IDA组成密钥参数(IDA,sa),将密钥参数(IDA,sa)发送给发送者A,其中验证参数sa的计算公式为:sa=(Hash(IDA)×k+SKSA)mod q;Step S24, the key distribution center SA uses the hash abstract algorithm Hash() agreed in advance by the system to calculate and verify the Parameter s a , the key parameter (ID A , s a ) is composed of the verification parameter s a and the ID A of the sender A, and the key parameter (ID A , s a ) is sent to the sender A, where the verification The calculation formula of parameter s a is: s a =(Hash(ID A )×k+SK SA )mod q;

步骤S25,发送者A收到由密钥分发中心SA发送的密钥参数(IDA,sa)后,检验密钥参数(IDA,sa)是否由密钥分发中心SA发送且在传输过程未被篡改(即认证密钥参数(IDA,sa)的真实性和完整性),其中检验过程是从密钥参数(IDA,sa)析出自身的公钥PKA和验证参数sa,并依据密钥分发中心SA的公钥PKSA,验证等式sa×G=Hash(IDA)×(PKA-KA)+PKSA是否成立,其中“析出”是将步骤S23的组合拼接方式进行分割实现的;Step S25, after the sender A receives the key parameter (ID A , s a ) sent by the key distribution center SA, it checks whether the key parameter (ID A , s a ) is sent by the key distribution center SA and is being transmitted The process has not been tampered with (that is, the authenticity and integrity of the authentication key parameters (ID A , s a )), where the verification process is to extract its own public key PK A and verification parameters from the key parameters (ID A , s a ) s a , and according to the public key PK SA of the key distribution center SA, verify whether the equation s a ×G=Hash(ID A )×(PK A -K A )+PK SA is valid, where "extraction" is the step S23 combined splicing method to achieve segmentation;

步骤S26,当验证结果为密钥参数(IDA,sa)由密钥分发中心SA发送,但在传输过程被篡改(即等式不成立)时,发送者A要求密钥分发中心SA重新发送密钥参数(IDA,sa);Step S26, when the verification result is that the key parameter (ID A , s a ) is sent by the key distribution center SA, but the transmission process is tampered (that is, the equation does not hold), the sender A requires the key distribution center SA to resend keyparam(ID A , s a );

步骤S27,当验证结果为密钥参数(IDA,sa)由密钥分发中心SA发送,且在传输过程未被篡改(即等式成立)时,发送者A根据收到的密钥参数(IDA,sa),计算自身的私钥SKA,其中私钥SKA的计算公式为:SKA=sa+Hash(IDA)×kaStep S27, when the verification result is that the key parameter (ID A , s a ) is sent by the key distribution center SA, and the transmission process has not been tampered with (that is, the equation is established), the sender A according to the received key parameter (ID A , s a ), calculate its own private key SK A , where the formula for calculating the private key SK A is: SK A =s a +Hash(ID A )×k a ;

其中,信息接收者B通过与上述信息发送者A获取自身的私钥SKA、公钥PKA相同的步骤获取自身的私钥SKB、公钥PKBWherein, the information receiver B obtains its own private key SK B and public key PK B through the same steps as the information sender A obtains its own private key SK A and public key PKA .

下面举例说明本实施例的几个参数,验证本实施例无需认证中心的自适应数据加密及认证方法能实现数据加密及认证功能。The following examples illustrate several parameters of this embodiment, and verify that this embodiment can realize data encryption and authentication functions without an adaptive data encryption and authentication method of an authentication center.

在步骤S1中,随机选定192位大素数p,椭圆曲线E(GF(p)):y2=x3+ax+b(modp)是定义在有限域GF(p)上的一条安全椭圆曲线,其上随机选取的基点为G=(x,y),椭圆曲线E的阶为n=#E(GF(p)),q是n的一个大素数因子。其中,In step S1, a 192-bit large prime number p is randomly selected, and the elliptic curve E(GF(p)): y 2 =x 3 +ax+b(modp) is a secure ellipse defined on the finite field GF(p) The curve, on which the base point randomly selected is G=(x, y), the order of the elliptic curve E is n=#E(GF(p)), and q is a large prime factor of n. in,

p=p =

62771017353866807638357894232076664160839087003903249612796277101735386680763835789423207666416083908700390324961279

a=a=

592616546630905635115220920655548752905575269097021663719592616546630905635115220920655548752905575269097021663719

b=b=

48042338952808993883199731079611900484537027962292681880144804233895280899388319973107961190048453702796229268188014

n=n =

165186887773333704311468142720121385129365739211127201127165186887773333704311468142720121385129365739211127201127

q=q=

165186887773333704311468142720121385129365739211127201127165186887773333704311468142720121385129365739211127201127

x=x =

767497456867608967492675205059054232203172713727662547906767497456867608967492675205059054232203172713727662547906

y=y=

773339505718536040565224929606618157393578012863049959916773339505718536040565224929606618157393578012863049959916

在步骤S2、S3、S4中,系统约定使用SHA-256算法作为约定的杂凑摘要算法Hash(),AES-256算法作为数据加密算法Enc()和Dec()。In steps S2, S3, and S4, the system agrees to use the SHA-256 algorithm as the agreed hash digest algorithm Hash(), and the AES-256 algorithm as the data encryption algorithms Enc() and Dec().

以上结合最佳实施例对本发明进行了描述,但本发明并不局限于以上揭示的实施例,而应当涵盖各种根据本发明的本质进行的修改、等效组合。The present invention has been described above in conjunction with the best embodiments, but the present invention is not limited to the above-disclosed embodiments, but should cover various modifications and equivalent combinations made according to the essence of the present invention.

Claims (3)

1. A self-adaptive data encryption and authentication method without an authentication center comprises the following steps:
(1) determining system parameters: selecting the large integer p, elliptic curve E (gf (p)): y is2=x3+ ax + b (modp) is a secure elliptic curve defined in the finite field gf (p), a base point G is randomly selected from the elliptic curve E, n ═ E (gf (p)) is the order of the elliptic curve E, q is a large prime factor of n, and the private key of the key distribution center is SKSAWhere SKSAIs a random positive integer less than q-1, the public key of the key distribution center is PKSA=SKSA×G;
(2) Registration of both information transmitting and receiving parties: the users of the information transceiver and the user registration protocol are respectively executed, and interact with the key distribution center to obtain respective private key and public key;
(3) the sender carries out data encryption and authentication protection operation on a plaintext message to be sent to a receiver, wherein the step (3) is specifically as follows:
(31) a sender randomly selects a positive integer k less than the number q-1, and key parameters are calculated according to a public key of a receiver, an identification document of the receiver and a public key of a key distribution center;
(32) the sender calculates a signature parameter according to the positive integer k and the base point G;
(33) if only the data encryption operation is carried out on the plaintext message, outputting an electronic signature equal to zero; if only the electronic signature authentication protection operation is carried out on the plaintext message, directly outputting an encrypted ciphertext equal to the plaintext message; if not only the data encryption operation is carried out on the plaintext message, but also the electronic signature authentication protection operation is carried out on the plaintext message, the sender adopts a Hash digest algorithm Hash to calculate the electronic signature, carries out the electronic signature authentication protection operation on the plaintext message, and adopts the Hash digest algorithm and the data encryption algorithm to carry out the encryption operation on the combination of the plaintext message and the electronic signature;
(34) the sender combines the ciphertext, the signature parameters and the electronic signature together to form a data message, and the data message is sent to the receiver.
2. The authentication-centric-free adaptive data encryption and authentication method according to claim 1, further comprising the steps of:
(4) the receiver performs reading and verifying operations on the received data message, specifically:
(41) the receiver calculates the key parameter according to the private key of the receiver and the signature parameter in the received data message;
(42) if the ciphertext in the received data message is equal to the plaintext message, directly outputting the plaintext message equal to the ciphertext; if the electronic signature in the received data message is equal to zero or the receiver only needs to perform message decryption operation, the plaintext message is directly output; otherwise, the receiver decrypts the ciphertext in the received data message by adopting a hash digest algorithm and a data decryption algorithm according to the key parameter to obtain a plaintext message and an original signature, and separates the original signature from the plaintext message and the electronic signature;
(43) if the original signature is different from the electronic signature in the received data message, the plaintext obtained by decryption is invalid; otherwise, the receiver checks whether the signature parameter and the electronic signature in the received data message are consistent with the plaintext message obtained by decrypting the data message, if so, the received data message is valid and is accepted; otherwise, the received data message is invalid and is directly rejected.
3. The adaptive data encryption and authentication method without an authentication center as claimed in claim 1, wherein the step of the information sender obtaining its own private key and public key in the step (2) is specifically:
(21) the sender randomly selects a positive integer k less than q-1aAccording to a positive integer kaThe base point G calculates the registration parameters and sends the registration parameters to the key distribution center;
(22) after receiving the registration parameters submitted by the sender, the key distribution center randomly selects a positive integer k0 smaller than q-1, and calculates the public key of the sender according to the positive integer k0, the registration parameters and the base point G;
(23) the key distribution center generates an identification document of the sender according to the public key of the sender, the personal identification information of the sender, the identification document serial number of the sender distributed by the key distribution center and the self identification information of the key distribution center;
(24) the key distribution center calculates verification parameters by adopting a hash digest algorithm according to a private key of the key distribution center, an identity certificate of a sender, a positive integer k and a large prime factor q, the verification parameters and the identity certificate of the sender form key parameters, and the key parameters are sent to the sender;
(25) after receiving the key parameters sent by the key distribution center, the sender checks whether the key parameters are sent by the key distribution center and are not tampered in the transmission process;
(26) when the verification result is that the key parameter is sent by the key distribution center, but the key parameter is tampered in the transmission process, the sender requires the key distribution center to resend the key parameter;
(27) when the verification result is that the key parameter is sent by the key distribution center and is not tampered in the transmission process, the sender calculates the own private key according to the received key parameter,
the information receiver obtains the private key and the public key of the information receiver through the same steps as the steps of obtaining the private key and the public key of the information receiver by the information sender.
CN 201010268510 2010-08-31 2010-08-31 An Adaptive Data Encryption and Authentication Method Without Authentication Center Pending CN101931535A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 201010268510 CN101931535A (en) 2010-08-31 2010-08-31 An Adaptive Data Encryption and Authentication Method Without Authentication Center

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 201010268510 CN101931535A (en) 2010-08-31 2010-08-31 An Adaptive Data Encryption and Authentication Method Without Authentication Center

Publications (1)

Publication Number Publication Date
CN101931535A true CN101931535A (en) 2010-12-29

Family

ID=43370471

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 201010268510 Pending CN101931535A (en) 2010-08-31 2010-08-31 An Adaptive Data Encryption and Authentication Method Without Authentication Center

Country Status (1)

Country Link
CN (1) CN101931535A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107040550A (en) * 2017-06-09 2017-08-11 成都轻车快马网络科技有限公司 Data ciphering method during instant messaging
CN107426175A (en) * 2017-06-09 2017-12-01 成都轻车快马网络科技有限公司 The real-time encrypted transmission method of data
CN107659405A (en) * 2017-11-01 2018-02-02 南京国电南自电网自动化有限公司 The encrypting and decrypting method that data communicate between a kind of transformer station boss station
CN110717188A (en) * 2019-09-29 2020-01-21 武汉海昌信息技术有限公司 Document reading and amending safety method based on asymmetric encryption technology
WO2021120683A1 (en) * 2019-12-16 2021-06-24 苏宁云计算有限公司 Method and apparatus for secure communication based on identity authentication
CN114448714A (en) * 2022-02-25 2022-05-06 百果园技术(新加坡)有限公司 Data encryption and decryption method, device, equipment and storage medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1472914A (en) * 2003-06-27 2004-02-04 武汉理工大学 An Efficient and Quick Public Key Encryption Method
CN101267296A (en) * 2008-04-25 2008-09-17 武汉理工大学 An Efficient Authorized Electronic Signature Method Without Certification Center

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1472914A (en) * 2003-06-27 2004-02-04 武汉理工大学 An Efficient and Quick Public Key Encryption Method
CN101267296A (en) * 2008-04-25 2008-09-17 武汉理工大学 An Efficient Authorized Electronic Signature Method Without Certification Center

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107040550A (en) * 2017-06-09 2017-08-11 成都轻车快马网络科技有限公司 Data ciphering method during instant messaging
CN107426175A (en) * 2017-06-09 2017-12-01 成都轻车快马网络科技有限公司 The real-time encrypted transmission method of data
CN107659405A (en) * 2017-11-01 2018-02-02 南京国电南自电网自动化有限公司 The encrypting and decrypting method that data communicate between a kind of transformer station boss station
CN107659405B (en) * 2017-11-01 2019-11-22 南京国电南自电网自动化有限公司 The encrypting and decrypting method of data communication between a kind of substation boss station
CN110717188A (en) * 2019-09-29 2020-01-21 武汉海昌信息技术有限公司 Document reading and amending safety method based on asymmetric encryption technology
WO2021120683A1 (en) * 2019-12-16 2021-06-24 苏宁云计算有限公司 Method and apparatus for secure communication based on identity authentication
CN114448714A (en) * 2022-02-25 2022-05-06 百果园技术(新加坡)有限公司 Data encryption and decryption method, device, equipment and storage medium
CN114448714B (en) * 2022-02-25 2024-02-13 百果园技术(新加坡)有限公司 Data encryption and decryption method, device, equipment and storage medium

Similar Documents

Publication Publication Date Title
CN101931536B (en) Method for encrypting and authenticating efficient data without authentication center
US9853816B2 (en) Credential validation
US20200304316A1 (en) Implicitly Certified Digital Signatures
USH2270H1 (en) Open protocol for authentication and key establishment with privacy
CN103684794B (en) A kind of communication data encipher-decipher method based on the AES of DES, RSA, SHA 1
CA2838322C (en) Secure implicit certificate chaining
US20020038420A1 (en) Method for efficient public key based certification for mobile and desktop environments
CN107679847B (en) A mobile transaction privacy protection method based on near field communication two-way identity authentication
WO2007125877A1 (en) Communication device and communication system
CN101247605A (en) Short information enciphering and endorsement method, mobile terminal and short information ciphering system
WO2015161689A1 (en) Data processing method based on negotiation key
WO2015158172A1 (en) User identity identification card
CN100592684C (en) An Efficient Authorized Electronic Signature Method Without Certification Center
CN114900304B (en) Digital signature method and apparatus, electronic device, and computer-readable storage medium
CN101931535A (en) An Adaptive Data Encryption and Authentication Method Without Authentication Center
CN111970114A (en) File encryption method, system, server and storage medium
WO2015109958A1 (en) Data processing method based on negotiation key, and mobile phone
WO2015158173A1 (en) Agreement key-based data processing method
JP4840575B2 (en) Terminal device, certificate issuing device, certificate issuing system, certificate acquisition method and certificate issuing method
CN113468582A (en) Anti-quantum computing encryption communication method
CN106375327A (en) A Proxy Key Confusion Electronic Voting System and Method Against Malicious Attacks
CN111091362A (en) Mobile transaction privacy protection method based on near field communication bidirectional identity authentication
KR20120093594A (en) Transaction protection system and method using connection of certificate and opt generated by keystream
Sharma et al. A novel approach for improving security by digital signature and image steganography
Al-juaifari Secure SMS Mobile Transaction with Peer to Peer Authentication Design for Mobile Government

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C12 Rejection of a patent application after its publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20101229