[go: up one dir, main page]

CN1148035C - User information security device and method in mobile communication system connected to Internet - Google Patents

User information security device and method in mobile communication system connected to Internet

Info

Publication number
CN1148035C
CN1148035C CNB008012245A CN00801224A CN1148035C CN 1148035 C CN1148035 C CN 1148035C CN B008012245 A CNB008012245 A CN B008012245A CN 00801224 A CN00801224 A CN 00801224A CN 1148035 C CN1148035 C CN 1148035C
Authority
CN
China
Prior art keywords
web server
travelling carriage
personal information
service server
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CNB008012245A
Other languages
Chinese (zh)
Other versions
CN1316147A (en
Inventor
崔熹昌
金圣恩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Samsung Electronics Co Ltd
Original Assignee
Samsung Electronics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Samsung Electronics Co Ltd filed Critical Samsung Electronics Co Ltd
Publication of CN1316147A publication Critical patent/CN1316147A/en
Application granted granted Critical
Publication of CN1148035C publication Critical patent/CN1148035C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/04Protocols specially adapted for terminals or networks with limited capabilities; specially adapted for terminal portability
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • H04L69/322Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/329Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

提供一种在通过一个互联网web服务器与web服务器通信的移动通信系统中,用于使从移动台发送的用户秘密信息保密的装置,其中响应于来自移动台和/或web服务器的数据请求选择涉及用户秘密信息的数据,选择的数据被以一个给定的格式加密,加密的数据被直接发送给web服务器和/或移动台,无需业务服务器任何附加的处理操作。

Figure 00801224

Provided is an apparatus for keeping confidential user secret information transmitted from a mobile station in a mobile communication system communicating with a web server through an Internet web server, wherein selection related to The data of the user's secret information, selected data is encrypted in a given format, and the encrypted data is directly sent to the web server and/or mobile station without any additional processing operation by the service server.

Figure 00801224

Description

连接到互联网的移动通信系统中用户信息 保密装置及方法User information security device and method in mobile communication system connected to Internet

技术领域technical field

本发明涉及一种用于在和互联网通信的移动通信系统中的用户信息保密装置和方法。The invention relates to a user information security device and method used in a mobile communication system communicating with the Internet.

背景技术Background technique

在移动通信中,近来的发展已能够使用户通过互联网,使用无线电通信技术实现所谓的电子贸易。为了促进在互联网上的电子贸易,当他或她和互联web(网络)服务器进行连接时,它提供了电子贸易的内容,最重要的事情是防止顾客的个人信息的泄漏。据此,当使用互联网时,安全系统的目的是保密用户的个人信息,以便不受欢迎的用户不会窃取用户的个人信息,例如访问web服务器的口令,具有相关的进行交易的口令的信用卡号等等。In mobile communications, recent developments have enabled users to carry out so-called electronic commerce via the Internet, using radiocommunication technology. In order to promote electronic commerce on the Internet, when he or she is connected with an Internet web (network) server, which provides the contents of electronic commerce, the most important thing is to prevent leakage of customer's personal information. According to this, when using the Internet, the purpose of the security system is to keep the user's personal information secret, so that unwanted users do not steal the user's personal information, such as passwords to access web servers, credit card numbers with associated passwords to conduct transactions etc.

在有线互联网通信中使用用于保护秘密信息的传统的安全系统一般采用安全套接字协议层(Secure Socket Layer)(SSL),它是由美国的NetscapeCompany提议的。SSL系统以一种已知的仅由web服务器可读的方式编码来自顾客的信息。然而,由于下面讨论的原因,SSL系统不适合用于无线或移动互联网通信系统。The traditional security system used for protecting secret information in wired Internet communication generally adopts Secure Socket Layer (Secure Socket Layer) (SSL), which is proposed by Netscape Company of the United States. The SSL system encodes information from the customer in a manner known to be readable only by web servers. However, for reasons discussed below, SSL systems are not suitable for use in wireless or mobile Internet communication systems.

首先,移动台有一个限制的存储容量,在SSL系统中不适合于实现web应用。因此,传统的移动台未被设计为实现这样的web应用。第二,为了进行到互联网web服务器的无线连接,移动台首先必需和相关的互联网业务服务器连接,请求web内容业务。在这种情况下,为了在整个网络中适当地实现和保护个人信息,在web服务器和业务服务器之间的安全系统应该有与在业务服务器和移动台之间的安全系统相同的标准。然而,传统的安全系统不能在它们之间提供相同的标准。如举例说明的例子,图1描述了一个在传统的安全系统中提供的传统的移动通信网系统。如图示,SSL系统被在业务服务器和web服务器之间采用,但是具有不同系统的无线安全系统被在移动台和业务服务器之间采用。因此,整个网络在其之间没有相同的标准。据此,先有技术的安全系统有不同的系统和标准,不适合提供用于用户个人信息的保密装置。First, mobile stations have a limited storage capacity, which is not suitable for implementing web applications in SSL systems. Therefore, conventional mobile stations are not designed to implement such web applications. Second, in order to perform a wireless connection to an Internet web server, the mobile station must first connect to a relevant Internet service server to request a web content service. In this case, in order to properly implement and protect personal information throughout the network, the security system between the web server and the service server should have the same standard as the security system between the service server and the mobile station. However, conventional security systems cannot provide the same standard among them. As an illustrative example, FIG. 1 depicts a conventional mobile communication network system provided in a conventional security system. As shown in the figure, the SSL system is adopted between the service server and the web server, but a wireless security system having a different system is adopted between the mobile station and the service server. Therefore, the entire network does not have the same standard between them. Accordingly, prior art security systems have different systems and standards, and are not suitable for providing a security device for user's personal information.

如上面所述,被设计来用于有线互联网通信系统的传统的安全系统不适合应用于无线互联网通信系统,因此,阻碍了使用移动通信技术通过互联网的电子贸易市场的迅速发展。As described above, conventional security systems designed for wired Internet communication systems are not suitable for wireless Internet communication systems, thus hindering the rapid development of electronic commerce markets through the Internet using mobile communication technology.

发明内容Contents of the invention

本发明的一个目的是,提供一种用于当使用移动互联网通信系统实现电子贸易时,使机密用户信息保密的装置和方法,其中先有技术的系统使用在有线互联网通信中采用的SSL系统。An object of the present invention is to provide an apparatus and method for keeping confidential user information confidential when implementing electronic commerce using a mobile Internet communication system in which a prior art system uses an SSL system employed in wired Internet communication.

本发明的另一个目的是,提供一种用于机密用户信息的保密装置和方法,其使用相同的标准,实现从移动台到web服务器端到端的安全性,以产生在移动台、业务服务器和web服务器之间的数据流。Another object of the present invention is to provide a security device and method for confidential user information, which uses the same standard to achieve end-to-end security from the mobile station to the web server to generate security between the mobile station, the service server and the web server. Data flow between web servers.

为实现本发明的上述目的的一个方面,本发明提供了一种在移动互联网通信系统中的安全交易期间交换的个人信息的保密系统,包括移动台,业务服务器和web(网络)服务器,其中:移动台,用于存储业务服务器的公共密钥,从业务服务器接收web服务器的凭证,通过使用业务服务器的公共密钥来解密凭证,以便检查凭证的版本,通过使用包括在凭证中的、web服务器的公共密钥,来产生使用于安全交易中的会话密钥,以及通过使用所产生的会话密钥和web服务器的公共密钥,来根据安全性加密/解密个人信息;web服务器,用于向业务服务器提供凭证,产生用于解密在移动台中加密的数据的安全密钥,通过使用安全密钥,来解密被加密到公共密钥的会话密钥,把通过解密的会话密钥在移动台中加密并发送的个人信息进行解密;以及业务服务器,位于移动台和web服务器之间,用于从web服务器接收凭证,当移动台请求安全连接到web服务器时,向移动台发送凭证,以及为在移动台与web服务器之间发送/接收的加密数据提供接口。In order to achieve one aspect of the above object of the present invention, the present invention provides a security system for personal information exchanged during a secure transaction in a mobile Internet communication system, including a mobile station, a service server and a web (network) server, wherein: A mobile station for storing the public key of the service server, receiving the certificate of the web server from the service server, decrypting the certificate by using the public key of the service server, so as to check the version of the certificate, by using the certificate included in the certificate, the web server public key to generate a session key used in secure transactions, and to encrypt/decrypt personal information according to security by using the generated session key and the public key of the web server; The service server provides credentials, generates a security key for decrypting data encrypted in the mobile station, decrypts the session key encrypted to the public key by using the security key, and encrypts the decrypted session key in the mobile station and the personal information sent is decrypted; and the business server, located between the mobile station and the web server, is used to receive the certificate from the web server, and when the mobile station requests a secure connection to the web server, sends the certificate to the mobile station, and for the mobile station Provides an interface for encrypted data sent/received between the station and the web server.

为实现本发明的上述目的的另一个方面,本发明提供了一种在移动互联网通信系统中的安全交易期间交换的个人信息的保密系统,包括:移动台,从业务服务器接收web服务器的公共密钥,通过使用业务服务器的公共密钥,来产生使用于安全交易中的会话密钥,以及通过使用所产生的会话密钥和web服务器的公共密钥,来根据安全性加密/密个人信息;web服务器,用于产生公共密钥,向业务服务器提供公共密钥,产生用于解密在移动台中加密的数据的安全密钥,通过使用安全密钥,来解密被加密到公共密钥的会话密钥,把通过解密的会话密钥在移动台中加密并发送的个人信息进行解密;以及业务服务器,位于移动台和web服务器之间,用于从web服务器接收公共密钥,当移动台请求安全连接到web服务器时,向移动台发送公共密钥,以及为在移动台与web服务器之间发送/接收的加密数据提供接口。In order to achieve another aspect of the above object of the present invention, the present invention provides a security system for personal information exchanged during a secure transaction in a mobile Internet communication system, comprising: a mobile station receiving a public key of a web server from a service server; key, by using the public key of the business server to generate a session key used in secure transactions, and by using the generated session key and the public key of the web server to encrypt/encrypt personal information according to security; The web server is used to generate a public key, provides the public key to the service server, generates a security key for decrypting data encrypted in the mobile station, and decrypts the session key encrypted to the public key by using the security key. key, to decrypt the personal information encrypted and sent in the mobile station through the decrypted session key; and the service server, located between the mobile station and the web server, for receiving the public key from the web server, when the mobile station requests a secure connection When going to the web server, the public key is sent to the mobile station, and an interface is provided for encrypted data sent/received between the mobile station and the web server.

为实现本发明的上述目的的又另一个方面,本发明提供了一种用于经一个业务服务器从与一个web服务器通信的移动通信系统的移动台发送的个人信息的保密方法,包括步骤:当移动台请求安全连接到web服务器时,从业务服务器向移动台发送凭证;接收用于从所述移动台或所述web服务器发送所述个人信息的请求;以一个预定的格式可选择地加密所述个人信息,以传送给所述移动台或web服务器中的一个;和由所述移动台或所述web服务器中的一个解密所述加密的个人信息,而不用由所述业务服务器进行任何干涉。In yet another aspect to achieve the above-mentioned purpose of the present invention, the present invention provides a method for keeping secrets of personal information sent from a mobile station of a mobile communication system communicating with a web server via a service server, comprising the steps of: When the mobile station requests a secure connection to the web server, sending a credential from the service server to the mobile station; receiving a request for sending said personal information from said mobile station or said web server; optionally encrypting said personal information in a predetermined format said personal information for transmission to one of said mobile station or web server; and said encrypted personal information is decrypted by said mobile station or said web server without any intervention by said service server .

为实现本发明的上述目的的又另一个方面,本发明提供了一种用于在具有移动台、业务服务器、与web服务器的移动互联网通信系统中的个人信息保密方法,其中,所述的web服务器用于产生安全密钥和公共密钥,所述的业务服务器位于web服务器与移动台之间,用于从web服务器接收公共密钥,所述的方法包括步骤:当移动台请求到web服务器的安全交易时,从业务服务器向移动台发送公共密钥;通过使用公共密钥,由移动台产生使用于安全交易中的会话密钥,通过使用所产生的会话密钥和公共密钥,来根据安全性加密个人信息,并通过业务服务器向web服务器发送加密的个人信息;以及通过web服务器,把通过业务服务器接收的、加密的个人信息解密到加密的会话密钥,并通过解密的会话密钥将个人信息进行解密。In yet another aspect to achieve the above object of the present invention, the present invention provides a personal information security method used in a mobile Internet communication system having a mobile station, a service server, and a web server, wherein the web The server is used to generate a security key and a public key, the service server is located between the web server and the mobile station, and is used to receive the public key from the web server, and the method includes the steps: when the mobile station requests the web server During the secure transaction, the public key is sent from the service server to the mobile station; by using the public key, the mobile station generates a session key used in the secure transaction, and by using the generated session key and public key, to Encrypt personal information according to security, and send the encrypted personal information to the web server through the business server; key to decrypt personal information.

为实现本发明的上述目的的又另一个方面,本发明提供了一种用于在移动互联网通信系统中发送的数据的保密方法,这种类型的通信系统具有一web服务器、用于和所述web服务器交换数据的一个移动台、和与所述移动台和所述web服务器通信的一个代理业务服务器,该方法包括步骤:由所述移动台请求连接,以经所述业务服务器从所述web服务器接收电子数据;响应于所述移动台的所述请求,由所述web服务器产生一个公共密钥和一个保密密钥;由所述web服务器发送所述公共密钥给所述移动台,以在所述移动台中登记;由所述业务服务器发送一个新的凭证给所述移动台;由所述移动台决定在所述移动台中先前登记的凭证与从所述业务服务器接收的新的凭证是否是一样的;如果所述新的凭证与所述先前登记的凭证是一样的,则由所述移动台使用一个由从所述web服务器接收的所述公共密钥产生的会话密钥来加密个人信息,和加密所述公共密钥,以产生一个对称密钥,和经所述业务服务器发送所述加密的个人信息和所述产生的对称密钥给所述web服务器;和由所述web服务器解密从所述移动台接收的所述对称密钥,以变换回到所述会话密钥,和使用所述变换的会话密钥和所述保密密钥,解密所述加密的个人信息。In yet another aspect to achieve the above object of the present invention, the present invention provides a method for securing data sent in a mobile Internet communication system, this type of communication system has a web server, used for and said a mobile station exchanging data with the web server, and a proxy service server communicating with said mobile station and said web server, the method comprising the steps of: requesting a connection by said mobile station to receive from said web server via said service server server receives electronic data; generates a public key and a secret key by said web server in response to said request of said mobile station; sends said public key to said mobile station by said web server to Register in the mobile station; send a new credential to the mobile station by the service server; decide whether the credential previously registered in the mobile station is the same as the new credential received from the service server by the mobile station are the same; if the new credential is the same as the previously registered credential, a session key generated by the public key received from the web server is used by the mobile station to encrypt a personal information, and encrypt said public key to generate a symmetric key, and send said encrypted personal information and said generated symmetric key to said web server via said business server; and by said web server decrypting the symmetric key received from the mobile station to transform back to the session key, and decrypting the encrypted personal information using the transformed session key and the secret key.

本发明现在将参考附图仅通过例子更明确的描述。The invention will now be more specifically described, by way of example only, with reference to the accompanying drawings.

附图说明Description of drawings

图1是一个示意图,用于说明具有传统的移动安全系统的传统的移动互联网通信系统;FIG. 1 is a schematic diagram for illustrating a conventional mobile Internet communication system with a conventional mobile security system;

图2是一个类似于图1的示意图,说明按照本发明的一个移动安全系统;Figure 2 is a schematic diagram similar to Figure 1 illustrating a mobile security system according to the present invention;

图3是一个示意图,用于说明在移动互联网通信中按照本发明的安全系统发送一个普通的web文件和秘密数据的过程;和Fig. 3 is a schematic diagram, is used to explain the process that sends a common web document and secret data according to the safety system of the present invention in mobile Internet communication; With

图4是一个流程图,用于说明按照本发明的移动互联网通信使用户信息安全的处理。FIG. 4 is a flowchart for explaining the process of securing user information in mobile Internet communication according to the present invention.

具体实施方式Detailed ways

在下面的描述中,为了解释的目的而不是限制,为了提供一个本发明的准确的理解,提出特定细节,例如特定的结构、接口、技术等等。然而,对那些在本领域内的普通技术人员来说是很明显的,离开这些特定的细节,本发明可能被以另外的实施例实现。为了简洁的目的,已知装置、电路详细和方法的描述被省略,以便不会使不必要的细节使本发明的描述模糊。In the following description, for purposes of explanation rather than limitation, specific details are set forth, such as specific structures, interfaces, techniques, etc., in order to provide a precise understanding of the invention. It will be apparent, however, to those skilled in the art that the present invention may be practiced in other embodiments without these specific details. For the purpose of conciseness, descriptions of known devices, circuit details and methods are omitted so as not to obscure the description of the present invention with unnecessary detail.

为了提供一个保证的标准,声称的消息发送者事实上是真正的消息发送者,数字/电子签名可以使用各种已知的方法加密。按照本发明适合于应用的加密的算法是Riverst-Shamier-Adleman(RSA)公共密钥算法,在目前的电子贸易安全系统中它是最广泛使用的算法。基于素数因子分解,RSA算法既提供加密又提供电子签名(或加密密钥)。即,RSA算法的原理是基于这样的事实,即,更容易计算两个素数“p”和“q”的乘积,但是从乘积“n”中提取出“p”和“q”是困难的,“n”是由“p”和“q”的乘积获得的。也就是说,使用两个密钥,一个是公共密钥,第二个是保密密钥,以便每当使用保密密钥加密时,仅用公共密钥解密,反之亦然。在本发明的实施例中,RSA算法产生公共密钥和保密密钥用于加密/解密一个会话密钥。公共密钥由顾客使用加密会话密钥,然后发送加密的会话密钥送回给服务器。服务器用它的保密密钥解密会话密钥和建立与顾客的安全连接。To provide a standard of assurance that the purported sender of the message is in fact the real sender, the digital/electronic signature can be encrypted using various known methods. An encryption algorithm suitable for use according to the present invention is the Riverst-Shamier-Adleman (RSA) public key algorithm, which is the most widely used algorithm in current electronic commerce security systems. Based on prime factorization, the RSA algorithm provides both encryption and electronic signatures (or encryption keys). That is, the principle of the RSA algorithm is based on the fact that it is easier to calculate the product of two prime numbers "p" and "q", but it is difficult to extract "p" and "q" from the product "n", "n" is obtained by multiplying "p" and "q". That is, use two keys, one public and the second secret, so that whenever you encrypt with the secret key, you only decrypt with the public key, and vice versa. In an embodiment of the present invention, the RSA algorithm generates public and secret keys for encrypting/decrypting a session key. The public key is used by the customer to encrypt the session key and then send the encrypted session key back to the server. The server decrypts the session key with its secret key and establishes a secure connection with the customer.

此外,在本发明的实施例中,用于产生会话密钥的算法使用SEED(种子)对称密钥算法,SEED对称密钥算法是基于韩国数据加密标准和使用由韩国信息安全机构(KISA)开发的用于公共电子贸易的128位块加密算法。SEED对称算法可选的有8、16和32位数据处理,以块加密的方式解密,输入/输出短语(phrase)和输入密钥是128位。它也被设计来保证微分密码分析学(DC)/线性密码分析学(LC),包括快于数据加密标准(DES)三倍的加密/解密速度。它的结构是基于Feistel,和内部函数设计为使用由变换非线性函数获得的查寻表。在本发明中,SEED对称密钥算法应用12轮,以产生会话密钥,通过它加密用户的信息数据。In addition, in the embodiment of the present invention, the algorithm for generating the session key uses the SEED (seed) symmetric key algorithm, which is based on the Korean Data Encryption Standard and uses the symmetric key algorithm developed by the Korean Information Security Agency (KISA). The 128-bit block encryption algorithm for public electronic commerce. The SEED symmetric algorithm has optional 8, 16, and 32-bit data processing, decrypted in block encryption, and the input/output phrase (phrase) and input key are 128 bits. It is also designed to enable differential cryptanalysis (DC)/linear cryptanalysis (LC), including encryption/decryption speeds three times faster than Data Encryption Standard (DES). Its structure is based on Feistel, and the internal functions are designed to use look-up tables obtained by transforming nonlinear functions. In the present invention, the SEED symmetric key algorithm is applied for 12 rounds to generate the session key by which the user's message data is encrypted.

按照本发明,在移动互联网通信中,移动台、互联网业务服务器和web服务器可以如下面描述的那样工作。According to the present invention, in mobile Internet communication, a mobile station, an Internet service server, and a web server can operate as described below.

首先,移动电话被提供一个连接web服务器所需的本发明的安全程序,以接收公共密钥和内部产生在安全交易时使用的会话密钥。会话密钥用于加密和解密数据。按照RSA算法和128位SEED算法实现加密。web服务器使用RSA算法产生公共密钥和保密密钥,通过发送公共密钥给移动台,可以使移动台实现安全交易。接收的公共密钥用于产生会话密钥,以加密由移动台发送的数据,移动台使用SEED算法产生会话密钥。然后,web服务器使用保密密钥解密会话密钥,用于加密由移动台发送的数据。也就是说,使用公共密钥加密的数据仅通过使用保密密钥被解密,反之亦然。因此,web服务器使用RSA保密密钥解密使用SEED算法产生的会话密钥,按照128位对称密钥SEED的加密和解密,解密的会话密钥用于解密加密的数据。First, the mobile phone is provided with a security program of the invention required to connect to the web server, to receive the public key and internally generate the session key for use in secure transactions. Session keys are used to encrypt and decrypt data. Encryption is realized according to RSA algorithm and 128-bit SEED algorithm. The web server uses the RSA algorithm to generate a public key and a secret key. By sending the public key to the mobile station, the mobile station can realize secure transactions. The received public key is used to generate a session key to encrypt data sent by the mobile station, and the mobile station uses the SEED algorithm to generate the session key. The web server then uses the secret key to decrypt the session key used to encrypt data sent by the mobile station. That is, data encrypted with the public key can only be decrypted using the secret key, and vice versa. Therefore, the web server uses the RSA secret key to decrypt the session key generated by the SEED algorithm, and according to the encryption and decryption of the 128-bit symmetric key SEED, the decrypted session key is used to decrypt the encrypted data.

按照本发明的实施例,当web服务器产生一对它自己的公共密钥和保密密钥时,在移动台和web服务器之间的数据处理开始。公共密钥被发送给业务服务器,然后在请求时被修正并作为凭证发送给移动台。对此,移动台已被授权使用,通过转发需要的数据,业务服务器担当在移动台和web服务器之间的媒介。然后,移动台存储公共密钥,以内部产生一个会话密钥来加密要发送给web服务器的机密数据。为了产生会话密钥,移动台加密接收的公共密钥,以产生要发送给web服务器的对称密钥。此后,web服务器用它自己的保密密钥解密对称密钥。用解密的对称密钥,web服务器解密从移动台接收的加密的数据。在相反的传送中,web服务器使用从移动台接收的对称密钥加密要被发送给移动台的数据。移动台接下来使用先前发送给web服务器的对称密钥来解密从web服务器接收的加密的数据。在本发明的实施例中,业务服务器被作为代理服务器设置。According to an embodiment of the present invention, data processing between the mobile station and the web server begins when the web server generates a pair of its own public key and secret key. The public key is sent to the service server, which is then amended on request and sent as a certificate to the mobile station. For this, the mobile station is authorized for use, and the service server acts as an intermediary between the mobile station and the web server by forwarding the required data. The mobile station then stores the public key to internally generate a session key to encrypt confidential data to be sent to the web server. To generate the session key, the mobile station encrypts the received public key to generate a symmetric key to be sent to the web server. Thereafter, the web server decrypts the symmetric key with its own secret key. Using the decrypted symmetric key, the web server decrypts the encrypted data received from the mobile station. In the reverse transmission, the web server encrypts the data to be sent to the mobile station using the symmetric key received from the mobile station. The mobile station then decrypts the encrypted data received from the web server using the symmetric key previously sent to the web server. In the embodiment of the present invention, the business server is configured as a proxy server.

在移动互联网通信的每一通路上的数据格式结合附图2描述,其中在移动台、业务服务器和web服务器之间的安全系统使用本发明的移动微安全系统(MMS)。即,在移动台和web服务器之间采用相同的标准MMS。由于在公共密钥被首次发送给移动台时,web服务器的公共密钥是被以web服务器的保密密钥电子标记的,在移动台和移动通信网络之间的路径不会被电脑黑客使用伪造的公共密钥篡改。此外,由移动台加密的数据分组是以128位码的格式,以便电脑黑客不会理解原始文件的内容。进一步,当电脑黑客经互联网从移动网络移动到业务服务器时,它不会窃取数据分组。由于在移动通信网络和业务服务器之间的路径使由移动台加密的数据分组经互联网以128位的格式给业务服务器时,这是可以实现的,因此防止了电脑黑客窃取它的内容。The data format on each path of mobile Internet communication is described in conjunction with accompanying drawing 2, wherein the security system between the mobile station, service server and web server uses the mobile micro security system (MMS) of the present invention. That is, the same standard MMS is used between the mobile station and the web server. Since the public key of the web server is electronically signed with the secret key of the web server when the public key is sent to the mobile station for the first time, the path between the mobile station and the mobile communication network cannot be forged by computer hackers public key tampering. In addition, the data packets encrypted by the mobile station are in a 128-bit coded format so that computer hackers cannot understand the content of the original file. Further, when a computer hacker moves from a mobile network to a service server via the Internet, it does not steal data packets. This is possible because the path between the mobile communication network and the service server is such that the data packets encrypted by the mobile station are given to the service server in 128-bit format via the Internet, thus preventing computer hackers from stealing its content.

此外,通过采用本发明黑客检测系统的防火墙来保护业务服务器的内部网络。业务服务器将加密的数据从移动台简单地传送到web服务器而不在其中进行任何处理操作。另外,通常采用一经其传送128位加密数据的专用线来连接业务服务器和web服务器,从而使黑客难以接入。In addition, the internal network of the service server is protected by using the firewall of the hacker detection system of the present invention. The service server simply transfers the encrypted data from the mobile station to the web server without any processing therein. In addition, a dedicated line through which 128-bit encrypted data is transmitted is usually used to connect the business server and the web server, thereby making it difficult for hackers to access.

进一步,因为web服务器接收由移动台按照128位SEED算法随机产生的对称密钥,按照本发明的电脑窃取检测系统被实现。然后,web服务器使用RSA保密密钥安全地解密从移动台接收的该128位加密数据。以这种方式,移动台的加密数据仅可以由web服务器解密,来自web服务器的加密的数据仅可由移动台解密。后者是可能的,因为web服务器的SEED对称密钥也可以相反的操作被发送给移动台。Further, since the web server receives the symmetric key randomly generated by the mobile station according to the 128-bit SEED algorithm, the computer theft detection system according to the present invention is realized. The web server then securely decrypts the 128-bit encrypted data received from the mobile station using the RSA secret key. In this way, encrypted data of the mobile station can only be decrypted by the web server, and encrypted data from the web server can only be decrypted by the mobile station. The latter is possible because the web server's SEED symmetric key can also be sent to the mobile station in reverse.

在被发送之前,在移动台和web服务器之间进行通信时,在发送前,由会话密钥加密每个消息,在接收端由会话密钥解密,其中从移动台产生的会话密钥使用公共密钥被加密和作为对称密钥产生。为此,移动台被安装安全程序,用于和安全业务服务器连接。安全程序的作用是从web服务器接收公共密钥和接下来在内部产生会话密钥去加密个人信息,并从移动台发送给web服务器。也就是说,按照RSA加密和128位SEED对称密钥,会话密钥用于加密和解密秘密数据。When communicating between the mobile station and the web server before being sent, each message is encrypted by a session key before sending and decrypted at the receiving end by a session key generated from the mobile station using a public The key is encrypted and generated as a symmetric key. For this purpose, the mobile station is installed with a security program for connection with a security service server. The role of the security program is to receive the public key from the web server and then internally generate a session key to encrypt personal information and send it from the mobile station to the web server. That is, session keys are used to encrypt and decrypt secret data in accordance with RSA encryption and 128-bit SEED symmetric keys.

图3图示出不用任何加密的一个普通的web文件的传输,和按照本发明的被加密的秘密数据的传输。即,业务服务器在移动台和web服务器之间通过一个代理服务器发送一个普通web文件,在它们之间发送个人数据而不用任何附加的处理操作。如在图3中示出的,由于在无线互联网通信中可发送和处理限量的数据,按照本发明,两个不同的数据传输可操作。因此,只有需要对一个不受欢迎的第三者保密的个人/秘密数据直接在移动台和web服务器之间发送。Figure 3 illustrates the transmission of a normal web document without any encryption, and the transmission of encrypted secret data according to the present invention. That is, the service server transmits an ordinary web document through a proxy server between the mobile station and the web server, and transmits personal data between them without any additional processing operations. As shown in FIG. 3, since a limited amount of data can be transmitted and processed in wireless Internet communication, according to the present invention, two different data transmissions are operable. Therefore, only personal/secret data that needs to be kept secret from an unwanted third party is sent directly between the mobile station and the web server.

按照本发明的实施例,用图4描述当移动台试图和web服务器连接时用户信息的保密过程,其中在步骤310移动台登记业务服务器接收的公共密钥,它是硬敷(hard-coated)在移动台的web浏览器上。业务服务器伴随它的凭证版本信息登记公共密钥、凭证和web服务器的地址,它们是按照相应的由web服务器交付的数据周期地修正的。在步骤312,移动台相应于用户的请求来请求和web页连接,以接收电子文件。这个请求是通过用于请求电子文件可以访问个人/秘密信息的“得到(GET)”命令直接发送给web服务器的。这时,业务服务器不对正被发送给web服务器的GET命令进行任何的附加处理操作,这里,web服务器可以是一个银行服务器、一个股票交易服务器等等。According to the embodiment of the present invention, use Fig. 4 to describe the security process of user information when the mobile station attempts to connect with the web server, wherein in step 310 the mobile station registers the public key received by the service server, which is hard-coated (hard-coated) on the mobile station's web browser. The service server registers the public key, the certificate and the address of the web server along with its certificate version information, which are periodically updated according to the corresponding data delivered by the web server. In step 312, the mobile station requests connection with the web page in response to the user's request to receive the electronic file. This request is sent directly to the web server via a "GET" command for requesting that the electronic file have access to personal/private information. At this time, the business server does not perform any additional processing operations on the GET command being sent to the web server. Here, the web server may be a bank server, a stock trading server, or the like.

在步骤314,当从移动电话接收到请求时,被请求连接的web服务器决定要被加密的数据,然后通过业务服务器将结果通知给移动电话。要被加密的数据包括个人/秘密信息,例如一个口令和一个信用卡号。其它的数据例如用户的注册ID、普通字符信息等等不需要加密,以便加密的数据数量可以减少。这是很有用的,因为和有线互联网通信相比,移动互联网通信要处理的数据的数量是很有限的。在步骤316,业务服务器发送周期地由web服务器修正的目前登记的凭证版本给移动台。凭证版本提供可被用于确认消息源的关于web服务器的主机名、IP地址和公共密钥的更新的信息。然后,移动台决定是否接收的凭证版本和先前登记的版本是一样的。先前登记的版本是由移动台从先前访问的相同的web服务器下载的。如果它们是一样的,用它先前登记的版本实现加密。In step 314, when a request is received from the mobile phone, the web server requested to connect decides the data to be encrypted, and then notifies the mobile phone of the result through the service server. Data to be encrypted includes personal/secret information such as a password and a credit card number. Other data such as user's registration ID, ordinary character information, etc. do not need to be encrypted, so that the amount of encrypted data can be reduced. This is useful because the amount of data to be handled in mobile Internet communications is very limited compared to wired Internet communications. In step 316, the service server sends the currently registered credential version revised periodically by the web server to the mobile station. The credential version provides updated information about the web server's hostname, IP address and public key that can be used to confirm the source of the message. Then, the mobile station decides whether the received certificate version is the same as the previously registered version. The previously registered version is downloaded by the mobile station from the same web server previously accessed. If they are the same, encryption is performed using its previously registered version.

另一方面,如果是不相同的,移动台请求业务服务器发送一个新版本的凭证。这个请求是由“CERT”命令进行的,它是在移动台和业务服务器之间预先安排的用于发送凭证的协议。响应于命令“CERT”,在步骤320,业务服务器发送目前登记的web服务器的凭证。亦即,如果有一个移动台对一个新的凭证版本的请求,具有周期地从web服务器上(内容服务器)下载的更新的信息的业务服务器(或代理服务器)发送一个响应消息,包括报头(header)和正文。在报头中,数字SIGN(由移动台请求的web服务器的公共密钥签名)附于其中,凭证(主机名、IP地址和公共密钥)附于正文部分。On the other hand, if not the same, the mobile station requests the service server to send a new version of the certificate. This request is made by a "CERT" command, which is a pre-arranged protocol between the mobile station and the service server for sending credentials. In response to the command "CERT", at step 320, the service server sends the credentials of the currently registered web server. That is, if there is a mobile station's request for a new certificate version, the service server (or proxy server) with the updated information downloaded from the web server (content server) periodically sends a response message, including the header ) and the text. In the header, the digital SIGN (signed by the public key of the web server requested by the mobile station) is appended, and the credentials (hostname, IP address and public key) are appended in the body part.

在步骤322,移动台接收来自业务服务器的响应消息,由验证在报头中的数字SIGN鉴别凭证的正文。即,移动台检查是否数字SIGN相应于web服务器的公共密钥,也检查是否正文被损坏。如果数字SIGN得到确认,移动台恢复被包含在凭证中的公共密钥,修正其中的其凭证表。在步骤324,使用包含在凭证中的公共密钥,产生会话密钥,用于用户的信息安全传输。如上面所描述的,按照128位SEED算法产生会话密钥,它用于加密由移动台用户发送的个人数据。在步骤326,用户的信息被会话密钥加密实现安全数据。在步骤328,会话被公共密钥加密以产生对称密钥。In step 322, the mobile station receives the response message from the service server, authenticating the text of the voucher by verifying the digital SIGN in the header. That is, the mobile station checks whether the digital SIGN corresponds to the public key of the web server, and also checks whether the text is corrupted. If the digital SIGN is confirmed, the mobile station recovers the public key contained in the certificate and updates its certificate table therein. In step 324, using the public key included in the certificate, a session key is generated for secure transmission of the user's information. As described above, a session key is generated according to the 128-bit SEED algorithm, which is used to encrypt personal data sent by the user of the mobile station. At step 326, the user's information is encrypted with the session key to secure data. At step 328, the session is encrypted with the public key to generate a symmetric key.

在步骤330,由使用公共密钥加密会话密钥获得的对称密钥以及由会话密钥加密的数据经业务服务器被发送给web服务器,当然,业务服务器不对正发送给web服务器的数据进行任何另外的操作,然后,在步骤332,web服务器使用保密密钥解密包含在从移动台接收的用户信息中的对称密钥,以产生一个会话密钥。在步骤334,web服务器使用产生的会话密钥解密用户信息,即,由移动台加密的安全数据,以便可恢复原始数据,从而原始数据可被web服务器处理。In step 330, the symmetric key obtained by using the public key to encrypt the session key and the data encrypted by the session key are sent to the web server via the service server, of course, the service server does not perform any additional processing on the data being sent to the web server Then, in step 332, the web server uses the secret key to decrypt the symmetric key contained in the user information received from the mobile station to generate a session key. In step 334, the web server decrypts the user information, ie, the security data encrypted by the mobile station, using the generated session key, so that the original data can be restored so that the original data can be processed by the web server.

同时,在步骤320,使用散列函数产生一个散列值(即,消息文摘5(MD5))。MD5是用于加密的功能协议,其中如果结果与凭证相符,则认为数据传输已正常完成而没有任何外部的电脑黑客。对凭证的内容产生128位散列值(即,128位字母序列),用业务服务器的保密密钥加密,然后添加到凭证中。当移动台接收凭证时,移动台取加密的散列值,用业务服务器的公共密钥解密它。然后,为校验凭证还未被窃取,移动台再次产生凭证散列值且将它与解密的散列值比较,如果两者匹配,凭证是有效的。据此,一个安全的散列值用于认证消息,保证从业务服务器发送的数据在途中未被窃取,然后,校验web服务器的公共密钥有效,并执行步骤324。Meanwhile, at step 320, a hash value (ie, Message Digest 5 (MD5)) is generated using a hash function. MD5 is a functional protocol used for encryption, wherein if the result matches the certificate, the data transmission is considered to have been completed normally without any external computer hacking. A 128-bit hash value (that is, a sequence of 128-bit letters) is generated for the content of the certificate, encrypted with the secret key of the service server, and then added to the certificate. When the mobile station receives the certificate, the mobile station takes the encrypted hash value and decrypts it with the service server's public key. Then, to verify that the credential has not been stolen, the mobile station again generates the credential hash value and compares it with the decrypted hash value, if the two match, the credential is valid. Accordingly, a secure hash value is used to authenticate the message, ensuring that the data sent from the service server is not stolen on the way, and then, verify that the public key of the web server is valid, and execute step 324 .

虽然先前的描述涉及从移动台发送给web服务器的用户信息,它也适用于需要安全性的用户信息的相反的传输。在这种情况下,移动台同样可以使用公共密钥和保密密钥解密来自web服务器的加密的信息。Although the previous description referred to the transmission of user information from the mobile station to the web server, it also applies to the reverse transmission of user information requiring security. In this case, the mobile station can also decrypt the encrypted information from the web server using the public key and the secret key.

此外,用于移动台和web服务器的安全交易应用程序被如下面所描述的那样准备。Additionally, secure transaction applications for mobile stations and web servers are prepared as described below.

首先,用于通过加密/解密保护用户信息的HTML文件被准备和上载给web服务器。通过使用在互联网协议中定义的类属性,由互联网搜索引擎区分需要加密/解密的HTML文件和普通HTML文件。这可通过指定类为安全指示符“SCURE”来实现,它表示要被加密的相应字段。First, an HTML file for protecting user information by encryption/decryption is prepared and uploaded to the web server. HTML files requiring encryption/decryption are distinguished from normal HTML files by Internet search engines by using class attributes defined in the Internet Protocol. This is achieved by specifying the class as the security indicator "SCURE", which indicates the corresponding field to be encrypted.

因此,本发明提供一个装置,用于在移动互联网中保密用于电子贸易的用户信息。Therefore, the present invention provides a device for securing user information for electronic commerce in the mobile Internet.

虽然本发明连同实施例伴随附图已加以描述,对那些在本领域中的普通技术人员来说是很清楚,可以进行各种变化和修改而不脱离本发明的宗旨。Although the present invention has been described in conjunction with the accompanying drawings, it will be apparent to those skilled in the art that various changes and modifications can be made without departing from the spirit of the present invention.

Claims (18)

1. the secrecy system of the personal information that exchanges during the Secure Transaction in the mobile Internet communication system comprises travelling carriage, and service server and Web (network) server is characterized in that, wherein:
Travelling carriage, the public keys that is used for the storage service server, receive the voucher of web server from service server, decipher voucher by the public keys that uses service server, so that check the version of voucher, be included in public keys in the voucher, the web server by use, produce the session key that is used in the Secure Transaction, and, come according to fail safe encrypt/decrypt personal information by using the session key produced and the public keys of web server;
The web server, be used for providing voucher to service server, generation is used for deciphering the safe key in the travelling carriage ciphered data, by key safe in utilization, come decrypt encrypted to arrive the session key of public keys, the session key personal information of encrypting and transmitting in travelling carriage by deciphering is decrypted; And
Service server, between travelling carriage and web server, be used for receiving voucher, when travelling carriage request safety is connected to the web server from the web server, send voucher to travelling carriage, and provide interface for the enciphered data of transmission/reception between travelling carriage and web server.
2. the system as claimed in claim 1 is characterized in that, wherein, when detecting the safety indication that comprises the predetermined class attribute in data, just is defined as the situation that travelling carriage request safety is connected to the web server.
3. system as claimed in claim 2, it is characterized in that, the encrypt/decrypt of wherein said data realizes according to Riverst-Shamier-Adleman (RSA) public key algorithm RSA Algorithm and SEED symmetric key algorithm, and described SEED symmetric key algorithm is based on by Korea S's data encryption standard of Korea S information security mechanism (KISA) exploitation.
4. the secrecy system of the personal information that exchanges during the Secure Transaction in the mobile Internet communication system is characterized in that, comprising:
Travelling carriage, receive the public keys of web server from service server, by using the public keys of service server, produce the session key that is used in the Secure Transaction, and, come according to fail safe encrypt/decrypt personal information by using the session key produced and the public keys of web server;
The web server, be used to produce public keys, provide public keys to service server, generation is used for deciphering the safe key in the travelling carriage ciphered data, by key safe in utilization, come decrypt encrypted to arrive the session key of public keys, the session key personal information of encrypting and transmitting in travelling carriage by deciphering is decrypted; And
Service server, between travelling carriage and web server, be used for receiving public keys, when travelling carriage request safety is connected to the web server from the web server, send public keys to travelling carriage, and provide interface for the enciphered data of transmission/reception between travelling carriage and web server.
5. system as claimed in claim 4 is characterized in that, also comprises a service server, is used for directly sending the personal information of described encryption between described travelling carriage and described web server, and need not carries out other interference by described service server.
6. system as claimed in claim 4, it is characterized in that, wherein the encrypt/decrypt of the described personal information of being undertaken by described session key is realized according to Riverst-Shamier-Adleman (RSA) public key algorithm RSA Algorithm and SEED symmetric key algorithm, and described SEED symmetric key algorithm is based on by Korea S's data encryption standard of Korea S information security mechanism (KISA) exploitation.
7. a time slot scrambling that is used for the personal information that sends from the travelling carriage with the mobile communication system of a web server communication through a service server is characterized in that, comprises step:
When travelling carriage request safety is connected to the web server, send voucher to travelling carriage from service server;
Reception is used for sending from described travelling carriage or described web server the request of described personal information;
Selectively encrypt described personal information with a predetermined form, to send in described travelling carriage or the web server to; With
By the personal information of one in described travelling carriage or the described web server described encryption of deciphering, and need not carry out any interference by described service server.
8. method as claimed in claim 7 is characterized in that, and is further comprising the steps of, after receiving the described request that sends described personal information, sends a voucher to described travelling carriage from described Internet service server.
9. method as claimed in claim 8, it is characterized in that, wherein said service server is registered the voucher of the described web server that will be sent to described travelling carriage in advance, when being connected with described web server with the described travelling carriage request of box lunch, the voucher that is stored in the previous registration in the described travelling carriage is updated.
10. method as claimed in claim 7 is characterized in that, wherein according to the generic attribute of the described request of the described personal information of transmission of being undertaken by described travelling carriage or described web server, and described data of encrypt/decrypt selectively.
11. method as claimed in claim 7, it is characterized in that, wherein the described encrypt/decrypt of the described personal information of being undertaken by described travelling carriage or described web server is realized according to Riverst-Shamier-Adleman (RSA) public key algorithm RSA Algorithm and SEED symmetric key algorithm, and described SEED symmetric key algorithm is based on by Korea S's data encryption standard of Korea S information security mechanism (KISA) exploitation.
12. one kind be used for have travelling carriage, service server, with personal information privacy's method of the mobile Internet communication system of web server, wherein, described web server is used to produce safe key and public keys, described service server is between web server and travelling carriage, be used for receiving public keys from the web server, it is characterized in that described method comprises step:
When the Secure Transaction of web server is arrived in the travelling carriage request, send public keys to travelling carriage from service server;
By using public keys, produce the session key that is used in the Secure Transaction by travelling carriage, by using session key and the public keys that is produced, come to encrypt personal information, and send the personal information of encrypting to the web server by service server according to fail safe; And
By the web server, the personal information that receives by service server, encrypt is deciphered encrypted session key, and personal information is decrypted by the session key of deciphering.
13. method as claimed in claim 12, it is characterized in that, also comprise the steps, between described travelling carriage and described web server, send the personal information of described encryption by described service server, and need not carry out other interference by described service server.
14. method as claimed in claim 12, it is characterized in that, wherein adopt the described encrypt/decrypt of the described personal information that described session key carries out to realize according to Riverst-Shamier-Adleman (RSA) public key algorithm RSA Algorithm and SEED symmetric key algorithm, described SEED symmetric key algorithm is based on by Korea S's data encryption standard of Korea S information security mechanism (KISA) exploitation.
15. time slot scrambling that is used for the data that send in the mobile Internet communication system, such communication system has a web server, be used for travelling carriage of described web server exchange data and with an agent service server of described travelling carriage and described web server communication, it is characterized in that the method comprising the steps of:
Connect by described travelling carriage request, to receive electronic data from described web server through described service server;
In response to the described request of described travelling carriage, produce a public keys and a privacy key by described web server;
Send described public keys to described travelling carriage by described web server, in described travelling carriage, to register;
Send a new voucher to described travelling carriage by described service server;
Whether the voucher by described travelling carriage decision previous registration in described travelling carriage is the same with the new voucher that receives from described service server;
If described new voucher is the same with the voucher of described previous registration, then use a session key that produces by the described public keys that receives from described web server to encrypt personal information by described travelling carriage, with the described public keys of encryption, to produce a symmetric key and to send the symmetric key of the personal information of described encryption and described generation to described web server through described service server; With
The described symmetric key that is received from described travelling carriage by the deciphering of described web server is got back to described session key and is used the session key and the described privacy key of described conversion with conversion, deciphers the personal information of described encryption.
16. method as claimed in claim 15 is characterized in that, also comprise the steps, if the described new voucher and the voucher of described previous registration are different, then by described travelling carriage from the described new voucher of described service server request.
17. method as claimed in claim 15 is characterized in that, also comprises step, is used the data that send to described travelling carriage from the described symmetric key encryption of described travelling carriage reception by described web server; Send described enciphered data to described travelling carriage and, use the described symmetric key before sent to described web server by travelling carriage, the described ciphered data that deciphering receives from described web server.
18. method as claimed in claim 15, it is characterized in that, wherein adopt the described encrypt/decrypt of the described personal information that described session key carries out to realize according to Riverst-Shamier-Adleman (RSA) public key algorithm RSA Algorithm and SEED symmetric key algorithm, described SEED symmetric key algorithm is based on by Korea S's data encryption standard of Korea S information security mechanism (KISA) exploitation.
CNB008012245A 1999-06-29 2000-06-29 User information security device and method in mobile communication system connected to Internet Expired - Fee Related CN1148035C (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR1019990025510A KR20010004791A (en) 1999-06-29 1999-06-29 Apparatus for securing user's informaton and method thereof in mobile communication system connecting with internet
KR1999/25510 1999-06-29

Publications (2)

Publication Number Publication Date
CN1316147A CN1316147A (en) 2001-10-03
CN1148035C true CN1148035C (en) 2004-04-28

Family

ID=19597296

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB008012245A Expired - Fee Related CN1148035C (en) 1999-06-29 2000-06-29 User information security device and method in mobile communication system connected to Internet

Country Status (8)

Country Link
EP (1) EP1101331A4 (en)
JP (1) JP2003503901A (en)
KR (1) KR20010004791A (en)
CN (1) CN1148035C (en)
BR (1) BR0006860A (en)
IL (1) IL141692A0 (en)
TR (1) TR200100592T1 (en)
WO (1) WO2001001644A1 (en)

Families Citing this family (38)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100368069B1 (en) * 2000-07-06 2003-01-15 주식회사 케이티프리텔 Communication method apt to impose fee using security protocol
US7374906B2 (en) 2000-11-08 2008-05-20 Surface Logix, Inc. Biological assays using gradients formed in microfluidic systems
US7033821B2 (en) 2000-11-08 2006-04-25 Surface Logix, Inc. Device for monitoring cell motility in real-time
US6893851B2 (en) 2000-11-08 2005-05-17 Surface Logix, Inc. Method for arraying biomolecules and for monitoring cell motility in real-time
US7326563B2 (en) 2000-11-08 2008-02-05 Surface Logix, Inc. Device and method for monitoring leukocyte migration
US7033819B2 (en) 2000-11-08 2006-04-25 Surface Logix, Inc. System for monitoring cell motility in real-time
US6864065B2 (en) 2000-11-08 2005-03-08 Surface Logix, Inc. Assays for monitoring cell motility in real-time
JP3593979B2 (en) * 2001-01-11 2004-11-24 富士ゼロックス株式会社 Server and client with usage right control, service providing method and usage right certifying method
TWI224455B (en) * 2001-01-19 2004-11-21 Mitake Data Co Ltd End-to-end encryption procedure and module of M-commerce WAP data transport layer
CN1504057A (en) * 2001-03-16 2004-06-09 高通股份有限公司 Method and equipment for providing secuve processing and data storage for wireless communication device
EP1410296A2 (en) 2001-06-12 2004-04-21 Research In Motion Limited Method for processing encoded messages for exchange with a mobile data communication device
WO2002101580A1 (en) 2001-06-12 2002-12-19 Research In Motion Limited Certificate management and transfer system and method
US7254712B2 (en) 2001-06-12 2007-08-07 Research In Motion Limited System and method for compressing secure e-mail for exchange with a mobile data communication device
JP4552366B2 (en) * 2001-07-09 2010-09-29 日本電気株式会社 Mobile portable terminal, position search system, position search method and program thereof
EP1410601B1 (en) 2001-07-10 2017-02-08 BlackBerry Limited System and method for secure message key caching in a mobile communication device
CN1138366C (en) * 2001-07-12 2004-02-11 华为技术有限公司 Network suitable for mobile communication system terminal encryption and its realization method
DE60229645D1 (en) 2001-08-06 2008-12-11 Research In Motion Ltd METHOD AND DEVICE FOR PROCESSING CODED MESSAGES
US20030161472A1 (en) * 2002-02-27 2003-08-28 Tong Chi Hung Server-assisted public-key cryptographic method
KR100458255B1 (en) * 2002-07-26 2004-11-26 학교법인 성균관대학 Methode for key distribution using proxy server
CN1191696C (en) 2002-11-06 2005-03-02 西安西电捷通无线网络通信有限公司 Sefe access of movable terminal in radio local area network and secrete data communication method in radio link
TW200423677A (en) 2003-04-01 2004-11-01 Matsushita Electric Ind Co Ltd Communication apparatus and authentication apparatus
JP4576210B2 (en) * 2003-12-16 2010-11-04 株式会社リコー Certificate transfer device, certificate transfer system, certificate transfer method, program, and recording medium
US9094429B2 (en) 2004-08-10 2015-07-28 Blackberry Limited Server verification of secure electronic messages
CN101208952B (en) * 2005-06-23 2011-06-15 汤姆森特许公司 System and method for multimedia visit equipment registration
CN101052034A (en) * 2006-04-19 2007-10-10 华为技术有限公司 Method and system for transmitting network event journal protocol message
US7814161B2 (en) 2006-06-23 2010-10-12 Research In Motion Limited System and method for handling electronic mail mismatches
JP2008028868A (en) * 2006-07-24 2008-02-07 Nomura Research Institute Ltd Communication proxy system and communication proxy device
EP1984849B1 (en) * 2007-02-23 2014-09-10 KoreaCenter.Com Co., Ltd. System and method of transmitting/receiving security data
KR100867130B1 (en) 2007-02-23 2008-11-06 (주)코리아센터닷컴 System and method of transmitting/receiving security data
SG147345A1 (en) * 2007-05-03 2008-11-28 Ezypay Pte Ltd System and method for secured data transfer over a network from a mobile device
CN101052001B (en) * 2007-05-16 2012-04-18 杭州看吧科技有限公司 System and method for secure sharing of P2P network information
US8638941B2 (en) * 2008-05-15 2014-01-28 Red Hat, Inc. Distributing keypairs between network appliances, servers, and other network assets
US8375211B2 (en) 2009-04-21 2013-02-12 International Business Machines Corporation Optimization of signing soap body element
CN103716349A (en) * 2012-09-29 2014-04-09 西门子公司 Medical image file transmission system, medical image file transmission method and server
JP2014143568A (en) * 2013-01-24 2014-08-07 Canon Inc Authentication system and authenticator conversion apparatus
JP2014161043A (en) * 2014-04-01 2014-09-04 Thomson Licensing Multimedia access device registration system and method
CN104539654A (en) * 2014-12-05 2015-04-22 江苏大学 Personal data filling system solving method based on privacy protection
CN109359472B (en) * 2018-09-19 2021-06-25 腾讯科技(深圳)有限公司 Data encryption and decryption processing method and device and related equipment

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5325419A (en) * 1993-01-04 1994-06-28 Ameritech Corporation Wireless digital personal communications system having voice/data/image two-way calling and intercell hand-off
US5455863A (en) * 1993-06-29 1995-10-03 Motorola, Inc. Method and apparatus for efficient real-time authentication and encryption in a communication system
US5371794A (en) * 1993-11-02 1994-12-06 Sun Microsystems, Inc. Method and apparatus for privacy and authentication in wireless networks
US6009173A (en) * 1997-01-31 1999-12-28 Motorola, Inc. Encryption and decryption method and apparatus
FI113119B (en) * 1997-09-15 2004-02-27 Nokia Corp Procedure for performing secure transmissions in telecommunications networks
JP2003502719A (en) * 1997-10-14 2003-01-21 マイクロソフト コーポレイション System and method for discovering security devices
FI105253B (en) * 1997-11-11 2000-06-30 Sonera Oyj Generation of start value
FI974341A (en) * 1997-11-26 1999-05-27 Nokia Telecommunications Oy Data protection for data connections

Also Published As

Publication number Publication date
EP1101331A4 (en) 2005-07-06
KR20010004791A (en) 2001-01-15
IL141692A0 (en) 2002-03-10
BR0006860A (en) 2001-07-10
EP1101331A1 (en) 2001-05-23
JP2003503901A (en) 2003-01-28
CN1316147A (en) 2001-10-03
WO2001001644A1 (en) 2001-01-04
TR200100592T1 (en) 2001-07-23

Similar Documents

Publication Publication Date Title
CN1148035C (en) User information security device and method in mobile communication system connected to Internet
JP3982848B2 (en) Security level control device and network communication system
US20030196084A1 (en) System and method for secure wireless communications using PKI
US20030084292A1 (en) Using atomic messaging to increase the security of transferring data across a network
JP2017063432A (en) System and method for designing secure client-server communication protocols based on certificateless public key infrastructure
US20110154036A1 (en) Method For Implementing Encryption And Transmission of Information and System Thereof
CN1234662A (en) Enciphered ignition treatment method and apparatus thereof
AU2003202511A1 (en) Methods for authenticating potential members invited to join a group
JP2005510184A (en) Key management protocol and authentication system for secure Internet protocol rights management architecture
US20020021804A1 (en) System and method for data encryption
US20060053288A1 (en) Interface method and device for the on-line exchange of content data in a secure manner
CN111224968B (en) Secure communication method for randomly selecting transfer server
US20020184501A1 (en) Method and system for establishing secure data transmission in a data communications network notably using an optical media key encrypted environment (omkee)
US11824979B1 (en) System and method of securing a server using elliptic curve cryptography
Sun et al. The mobile payment based on public-key security technology
Khu-Smith et al. Enhancing the security of cookies
GB2395304A (en) A digital locking system for physical and digital items using a location based indication for unlocking
WO2002005481A1 (en) Three-way encryption/decryption system
US12261946B2 (en) System and method of creating symmetric keys using elliptic curve cryptography
JPH09130376A (en) User password authentication method
Jeelani An insight of ssl security attacks
US20040064690A1 (en) Methods for applying for crypto-keys from a network system
JPH09326789A (en) Opposite party verification method and system in communication between portable radio terminal equipments
CHOUHAN et al. Privacy Preservation and Data Security on Internet Using Mutual SSL
CN118369887A (en) Secure data transmission

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
REG Reference to a national code

Ref country code: HK

Ref legal event code: WD

Ref document number: 1037072

Country of ref document: HK

C19 Lapse of patent right due to non-payment of the annual fee
CF01 Termination of patent right due to non-payment of annual fee